I already had this infra working.
On Premises: MS Dynamics CRM IFD + ADFS + ADDS
On Cloud: Azure AD
My problem is now we can only create account in on-premises and sync to AAD once the Azure Domain is federated. Then only those user can log-in to our CRM.
I would like to have like that we can create account on Azure AD that not necessarily to sync back to on-premises AD.
Is there any way to do this?
or
Is there any way to use Azure AD only to authenticate on-premises CRM website?
You should definitively look and try Azure Application Proxy that enable to publish applications that are running on-premises using Azure AD as a pre-authentication.
more information :
Publish applications using Azure AD Application Proxy : https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-proxy-publish/
How to provide secure remote access to on-premises applications https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-proxy-get-started/
yes, there are two ways. You can either connect it directly with Azure AD, however this is going to limit some functionality in Dynamics 365 (like usage of mobile apps) and it is not officially supported by Microsoft. The options is quite complex, I am going to direct you to an article I recently published about this.
Second option is to use Azure AD as a Claims Provider Trust in ADFS so you don't have to use your Active Directory as an Claims Provider in ADFS for users. There will be an article coming out soon about this.