Last but not least, cost also has an impact on the design of the Hybrid Identity. AD DS services doesn't cost you extra as they come with the Windows Server operating system. Azure AD is a managed service and it comes with a cost. There is a free version of Azure AD, but that has very limited features. Therefore, when you are proposing the design, you need to consider licensing costs as well. Most of the identity protection and data protection features of Azure AD are only available under Azure AD P1 and P2. We can't protect diamonds and paperclips in the same way without them. If the organization wants to drop features because of the cost, make sure that they understand the damage it can do.
In this section, we looked at things we need to consider when we're designing a Hybrid Identity. In Chapter 15, Active Directory Security Best Practices, and Chapter 17, Azure Active Directory Hybrid Setup, I will be demonstrating how to implement the services/features that were discussed in here.