Forum Discussion

Newlife's avatar
Newlife
Brass Contributor
Mar 18, 2020

Questions on on-prem ADFS migration to Azure MFA

Hi Experts,  One of our customer currently has the below environment:   Currently we’ve on-prem Windows 2016 ADFS – SSO installed. Conditional access has been enabled for External users. Hybrid...
Questions on on-prem ADFS migration to Azure MFA
Newlife's avatar
Newlife
Brass Contributor
Mar 30, 2020

Michael Tang - Thank you very much Michael for your inputs. 

 

Here, the context is customer would like to get rid of ADFS and only use Azure AD SSO with Azure MFA.

 

Please advise. Many thanks in advance. 

Michael Tang's avatar
Michael Tang
Brass Contributor
Mar 31, 2020

Newlife 

 

In a nut shell.

Decide if you want to sync passwords or use pass-thru authentication for Azure AD Authentication.  If your organization doesn't want to store password hashes in cloud use PTA.

 

If it's PHS, I would first start by enabling Password Hash Sync in Azure AD Connect Sync Optional Features. 

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tutorial-phs-backup

 

Once you verify you have Password Hash Sync working properly in the portal.

You can run Azure AD Connect again and change the sign-in options, to PHS and convert from federated to managed authentication.

 

Depending on the number of objects you sync, It could be quick or take a bit of time to convert. 

 

I would take a look through this.

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/

 

 

 

Resources