Forum Discussion
ADFS and SSO for Exchange Online
Our organization was able to solve this problem and I documented the solution over on https://social.technet.microsoft.com/Forums/en-US/79c2050b-9977-4524-83a5-eb47d86e2f96/bypass-adfs-sso-url-side-door-into-portalofficecom?forum=ADFS ("https://social.technet.microsoft.com/Forums/en-US/79c2050b-9977-4524-83a5-eb47d86e2f96/bypass-adfs-...) Stephen Bell
Thank you again for your replies, I appreciate you taking the time.
I believe I understand exactly what you are saying regarding SSO / realm selection.
Currently, I am not seeing any realm selection when I open IE/Edge and browse to https://outlook.office.com -- without domain hint. This should send me to the external, Microsoft login page. Once I enter my email address, because my domain is federated, I would be redirected to my company login page - which in this instance is INTRANET, as these shared devices are on my internal network and DNS resolves the sts.mycompany.com to our ADFS server, not our WAP.
As for modern auth, yes, I believe it is enabled. I will check further to confirm. I guess I always thought of modern auth being for outlook only, not thinking about the implications with the other Office Pro Plus applications. These machines I am working with do not have Outlook currently installed.
Thanks again!
Steve
Our organization was able to solve this problem and I documented the solution over on https://social.technet.microsoft.com/Forums/en-US/79c2050b-9977-4524-83a5-eb47d86e2f96/bypass-adfs-sso-url-side-door-into-portalofficecom?forum=ADFS ("https://social.technet.microsoft.com/Forums/en-US/79c2050b-9977-4524-83a5-eb47d86e2f96/bypass-adfs-...) Stephen Bell
Interesting approach. A few months ago, due to some password spray attacks we disabled our ADFS and went back to O365 authentication. Given that we were only ADFS to gain conditional access functionality, which is part of EMS now.
Thank you for sharing!