SOLVED
Home

AD+ADFS+AAD

%3CLINGO-SUB%20id%3D%22lingo-sub-167692%22%20slang%3D%22en-US%22%3EAD%2BADFS%2BAAD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-167692%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECan%20anyone%20enlighten%20me%20about%20AD%2C%20ADFS%20%26amp%3B%20AAD%20-%20and%20how%20you%20have%20%22moved%22%20your%20users%20into%20O365%3F%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHave%20you%20synced%20all%20accounts%20from%20AD%20to%20AAD%20-%20or%20have%20you%20%22prepared%22%20the%20users%20first%20in%20AD%20e.g.%20by%20setting%20a%20extension%20attribute%20and%20then%20on%20ADFS%20configured%20a%20filter%20so%20only%20these%20users%20gets%20into%20the%20AAD%20-%20or%3F%26nbsp%3B%20%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-167692%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAAD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eadfs%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-167712%22%20slang%3D%22en-US%22%3ERe%3A%20AD%2BADFS%2BAAD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-167712%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20really%20depends%20on%20what%20you%20are%20trying%20to%20achieve%2C%20if%20you'd%20like%20some%20consensus%20on%20how%20it's%20done%20generally%2C%20this%20is%20a%20great%20article%20if%20you%20haven't%20seen%20it%20already%20-%20%3CA%20href%3D%22https%3A%2F%2Fcloudblogs.microsoft.com%2Fenterprisemobility%2F2017%2F11%2F13%2Fhow-organizations-are-connecting-their-on-premises-identities-to-azure-ad%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EHow%20organizations%20are%20connecting%20their%20on-premises%20identities%20to%20Azure%20AD%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconnect%2Factive-directory-aadconnect-pass-through-authentication%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20AD%20Pass-Through%20Authentication%3C%2FA%3E%20is%20a%20phenomenal%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconnect%2Factive-directory-aadconnect-user-signin%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Esign-in%20option%3C%2FA%3E%20along%20with%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconnect%2Factive-directory-aadconnect-sso%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ESeamless%20Single%20Sign-On%3C%2FA%3E%2C%20offering%20many%20of%20what%20were%20traditionally%26nbsp%3Bonly%20available%20with%20AD%20FS%20and%20without%20the%20infrastructure%20downsides.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWIth%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconnect%2Factive-directory-aadconnectsync-configure-filtering%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20AD%20Connect%20filtering%20options%3C%2FA%3E%2C%20there%20is%20a%20lot%20of%20scope%20to%20onboard%20in%20whatever%20way%20works%20for%20a%20given%20situation.%20These%20include%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconnect%2Factive-directory-aadconnectsync-configure-filtering%23group-based-filtering%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EGroup-based%20filtering%3C%2FA%3E%20and%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconnect%2Factive-directory-aadconnect-get-started-custom%23domain-and-ou-filtering%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EDomain%20and%20OU%20filtering%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Taen keren
Regular Contributor

Hi 

 

Can anyone enlighten me about AD, ADFS & AAD - and how you have "moved" your users into O365? 

 

Have you synced all accounts from AD to AAD - or have you "prepared" the users first in AD e.g. by setting a extension attribute and then on ADFS configured a filter so only these users gets into the AAD - or?   

1 Reply
Solution

It really depends on what you are trying to achieve, if you'd like some consensus on how it's done generally, this is a great article if you haven't seen it already - How organizations are connecting their on-premises identities to Azure AD.

 

Azure AD Pass-Through Authentication is a phenomenal sign-in option along with Seamless Single Sign-On, offering many of what were traditionally only available with AD FS and without the infrastructure downsides. 

 

WIth the Azure AD Connect filtering options, there is a lot of scope to onboard in whatever way works for a given situation. These include Group-based filtering and Domain and OU filtering.