I'm worried about the security and performance aspects of Hybrid Identity Pass-through Authentication (PTA) since it relies on connections over the Internet. Can anyone help me explain this setup to enterprise management teams and provide justifications for its safety?
3 Answers
Isn't it a bit unsettling? But think about it: if you're using cloud services like Microsoft 365, you're already accessing data online. So, is PTA authentication over the Internet really worse than accessing your sensitive information directly from the cloud?
If you're really worried, you could skip PTA and just use password hash synchronization instead. That way, users can log in directly with Entra without needing to involve the on-prem setup. Just keep in mind, if your on-prem system goes down, no one can access cloud services since they rely on your AD servers for verification.
Exactly! Switching to password hash sync can streamline the process and avoid those Internet concerns.
Actually, PTA is built to be secure. It sends requests encapsulated in TLS. The PTA agents make outbound connections to your cloud setup, pulling auth requests from your tenant’s endpoints. Your Active Directory remains protected because the cloud doesn’t access it directly.
True! Almost all Internet traffic is secured with TLS. Sure, there’s always a risk, like a compromised private key, but you have to weigh that against the convenience.