When provisioning a new user in Active Roles, the basic outline below is followed:
1) The new user gets created in the On-Prem Active Directory;
2) On successful creation of the On-Prem AD User object, the Azure user is then also created by AR;
3) In Federated/Synchronized Identity environments, the On-Prem User’s objectId is read and used to set Azure AD User’s immutableId property. (The native sync tool also does exactly the same);
4) Once the user in Azure AD is created the Azure object’s id is also taken and set into an AR virtual attribute (edsvaAzureObjectId) so that AR can identify and talk to Azure AD object;
5) Exchange online cmdlets are used to update the exchange online properties of the Azure AD user (with Exchange mailbox);
6) The Azure AD user properties are updated using graph API calls.
Please refer to the Active Roles 7.2 - Azure Active Directory and Office 365 Administrator Guide for additional technical documentation on Configuring /Managing Hybrid AD user, Azure AD tenant, Azure Application , Office365 Licensing management, Azure AD User deprovision, Undo Deprovision etc….
Active Roles 7.2 - Azure Active Directory and Office 365 Administrator Guide