I have been running ADFS since we moved to O365. Since 2016 we have also had an Azure Tenant. I have reached a point where I no longer want to maintain ADFS or create Claims for APPS to Auth against. I would like to know if in fact AZure AD can do SSO in the same fashion that ADFS does
where my users login from Local LAN and access any o365 resource enter an email and nothing else.
This video is for the understanding of Pass through authentication with seamless SSO. Please click on the below mentioned link to check more details as per Microsoft. https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso-how-it-works Also do check the ...
Vouching for this reply/solution as well - we went through the same transition and never looked back! Azure AD (if you're premium, so E3 or AADP Plan1) and do Seamless SSO with GPOs, Password Hash Sync and (pass through authentication) for synchronizing your AD to AzureAD. Works like a charm, and no more hassle of ADFS farm to manage! Also gets to centrally take advantage of AzureAD being the single control plane for identity on other non-microsoft products (basically all SaaS platforms that support SAML) and use any Azure AD conditional access rules to control access as well, such as MFA or requiring Intune enrollment, etc.
We currently are on E3 and AADP P1 but moving to P2 for Identity protection. Currently Syncing Local AD to Azure, but the SAAS is my prime reason for moving. I dont want to be stuck with features on ADFS on 2016 etc then having to upgrade the infrastructure to get additional features whatever those are.