cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

ADFS to Azure AD migration with staged rollout

Rajtoor
Copper Contributor

‎Aug 26 2021 07:26 AM - last edited on ‎Jan 14 2022 03:54 PM by

‎Aug 26 2021 07:26 AM - last edited on ‎Jan 14 2022 03:54 PM by

ADFS to Azure AD migration with staged rollout

We have currently ADFS setup for authentication to office.com and we want to migrate to Azure AD.

I have tested staged rollout for some users and it working for users in the group, and they are not getting anymore redirected to on-prem ADFS. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-staged-rollout

 

But could not figure out how to fully migrate all users to Azure AD. Should I add all users to this staged rollout group?

What I understood was that it is just as temporary group until migration is complete?

Should there not be a process of creating an O365 app and configure SAML just like any other application, and then configure O365 to use Azure AD.

What about other applications using ADFS, do they also get effected by adding user to the migration group?

1,761 Views
0 Likes
3 Replies
Reply
3 Replies
best response confirmed by Rajtoor (Copper Contributor)
pvanberlo

‎Aug 26 2021 07:48 AM

‎Aug 26 2021 07:48 AM

Solution

Re: ADFS to Azure AD migration with staged rollout

@Rajtoor If you've tested migrating from ADFS to Azure AD using staged rollout and all seems to work fine, the last step is to convert the domains from federated to managed, as described here. This will basically remove the federation completely for anyone signing in through those domains.

 

Office 365 does not need to be added as a SAML app, however, if there's other apps you want to provide SSO to using Azure AD, you will have to add those applications into Azure AD and setup SAML (or an other method).

0 Likes
Reply
Rajtoor

‎Aug 26 2021 12:09 PM

‎Aug 26 2021 12:09 PM

Re: ADFS to Azure AD migration with staged rollout

@pvanberlo is there a way to do it per application, like just doing it for Office 365
0 Likes
Reply
pvanberlo

‎Aug 26 2021 12:13 PM

‎Aug 26 2021 12:13 PM

Re: ADFS to Azure AD migration with staged rollout

The problem you’ll face is that it’s the domain that forces federation or not. As long as you do not turn it into a managed domain, in your case it will keep trying to federate with ADFS (except for the users part of staged roll-out). So no. You can’t do this per app unfortunately.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Rajtoor (Copper Contributor)
pvanberlo

‎Aug 26 2021 07:48 AM

‎Aug 26 2021 07:48 AM

Solution

Re: ADFS to Azure AD migration with staged rollout

@Rajtoor If you've tested migrating from ADFS to Azure AD using staged rollout and all seems to work fine, the last step is to convert the domains from federated to managed, as described here. This will basically remove the federation completely for anyone signing in through those domains.

 

Office 365 does not need to be added as a SAML app, however, if there's other apps you want to provide SSO to using Azure AD, you will have to add those applications into Azure AD and setup SAML (or an other method).

View solution in original post

0 Likes
Reply