We have a new directory in place; we can start adding users and assigning them access rights. But there is a good chance that we already have an identity solution in an on-premises environment and that users already have one identity in place. Providing users with an additional identity can cause issues and confusion. Users will have problems detecting when to use which account, and if the same or a similar account is created, users will start typing in the password for the wrong account...

Fortunately, with AAD, we can use Azure AD Connect, and that will allow us to sync accounts from on-premises AD to Azure and allow users to use the same account for everything. This will make things easier for everyone; users will not have to think about which account they will use (as it's the same account) and admins will have less issues to resolve (less accounts to manage and less users blocking their account with wrong password attempts). 

Additionally, with Azure AD Connect, we can implement single sign-on (SSO), which will allow users to access Azure and on-premises resources with the single sign-in process. The user is asked to enter their credentials once, and the same credentials are used to access everything that the user has access to.

In order to start syncing with the local AD, we need to go to the Azure AD Connect blade in AAD. Here, we can see the current sync status. If sync isn't enabled yet, you will also have the download link for the Azure AD Connect client, as you can see here: