Phishing-Resistant MFA - Hybrid Infrastructure

Hybrid Active Directory environments unlock the many capabilities of cloud based tools for end users, while allowing for traditional management and infrastructure of on-premises tools. This arrangement is becoming more and more popular due to its flexibility and ability to expand upon existing infrastructure investments. When making the choice to roll out phishing resistant MFA, a Hybrid Active Directory offers flexibility and helps solve for a mixed bag of use cases.


What exactly do you mean when you say “Hybrid”?

Hybrid means a lot of different things in different contexts. To avoid confusion, we are aligning
our use of the term hybrid to Microsoft’s definition of “Hybrid Identity.”

Learn more about Hybrid Identity here!


While Hybrid offers various attractive opportunities due to its flexibility, there are many different ways it can be interacted with. Choose from the following list of common scenarios or reach out to our pre-sales solutions teams for a more in depth conversation regarding your specific scenario.

I leverage a Hybrid Infrastructure with Active Directory Federation Services

  • AD FS - Active Directory Federation Services allows entities to bridge on-premise Active Directories with cloud native applications. Generally this was a deployment model that was leveraged when legacy directories were needed to have authentication against cloud tools, like Office 365. In these configurations, the AD FS tool acts as a RP (relying party.)

I leverage a Hybrid Infrastructure without Active Directory Federation Services

  • AD FS is generally put in place when bridging legacy Hybrid AD architectures with other Microsoft cloud provided tools, such as Office 365. If the AD was built initially as a Hybrid directory then this may be the model in place.