Azure AD Connect can be used to implement hybrid identity. (Yes) Azure AD Connect is the specific Microsoft tool designed to meet and accomplish hybrid identity goals. It facilitates the synchronization of identity data between an on-premises Active Directory Domain Services (AD DS) environment and Azure Active Directory (Azure AD), which is the core mechanism of a hybrid identity solution.

Hybrid identity requires the implementation of two Microsoft 365 tenants. (No) A standard hybrid identity implementation involves connecting a single on-premises AD DS forest to a single Azure AD tenant. While more complex multi-tenant configurations are possible, they are not a requirement for establishing a hybrid identity. The fundamental model is one on-premises directory linked to one cloud directory.

Hybrid identity refers to the synchronization of Active Directory Domain Services (AD DS) and Azure Active Directory (Azure AD). (Yes) This statement provides the fundamental definition of hybrid identity. It is the practice of creating a common user identity by connecting and synchronizing an on-premises directory (AD DS) with a cloud-based directory (Azure AD). This allows users to use a single set of credentials to access resources in both environments.

Microsoft Entra documentation, "What is hybrid identity with Azure Active Directory?," Microsoft Learn. Retrieved October 13, 2025.

Reference for Statements 1 & 3: Under the section "What is Azure AD Connect?", it states, "Azure AD Connect is the Microsoft tool designed to meet and accomplish your hybrid identity goals... The tool provides the following features: ... Password hash synchronization ... Pass-through authentication ... Federation integration ... Synchronization." This confirms Azure AD Connect as the implementation tool and synchronization as the core concept.

Microsoft Entra documentation, "Topologies for Azure AD Connect," Microsoft Learn. Retrieved October 13, 2025.

Reference for Statement 2: The section "Single forest, single Azure AD tenant" describes the most common and simplest topology: "The most common topology is a single on-premises forest, with one or multiple domains, and a single Azure AD tenant." This explicitly contradicts the notion that two tenants are required.