Oct 03 2018 09:52 AM
Hello,
If you start a new full-cloud O365 tenant with Azure AD and Azure ADDS using just the Cloud Identity authentication model, can you later upgrade to using ADFS for authentication?
Thank you in advance!
Phillip Toynton
Oct 03 2018 11:50 AM
If you have on-prem Active Directory, it would be easier for you to set up Azure AD Connect and sync the users that way. If you don't set up AD FS, you would log in the same way as if the users were created directly in the cloud.
Then you could later set up AD FS and reap all the benefits from that.
It's completely feasible to create the users directly in Office 365, then synchronize the users and set up AD FS but it's much easier to just start off with Azure AD Connect in the first place.
Oct 03 2018 01:28 PM
Hi Robert,
Thank you for the reply. We're actually planning on moving away from a hybrid environment and we're actively working on not having any on-prem AD servers in-house.
We've been in a hybrid environment for over 4 years and our business model has never needed and/or wanted to use the SSO capabilities with ADFS authentication model.
What I want to know is IF we go to full O365 cloud and use Azure to ONLY host a newly created DC (and a fault tolerance DC), and use Cloud Identity for authentication, can we later (6 months? a year? 5 years?) add ADFS, AD Sync and AD Connect? There is a strong desire to simplify our infrastructure.
Phil
Oct 03 2018 03:18 PM
Oct 04 2018 07:34 AM
Hi Robert,
Again - thank you so much for responding.
"Any users created on-prem will be deleted in Azure AD if you stop the sync from AD."
But what if I first import them into a O365 environment?
We're looking to create a new PDC in Azure (with another for fault tolerance). My understanding is that if we don't need SSO, we don't have to setup the AD sync / AD Connect or the ADFS farm. We can just use Cloud Identity to manage our users.
Is this not true?
Thank you,
Phil
Oct 04 2018 11:26 PM