Jan 03 2017
- last edited on
Jul 24 2020
Currently we have hybrid exchange (exchange 2010), skype for business (lync 2013), Azure AD Connect w/ password sync, and ADFS V2.1
From an user experience if the user is off prem, not on VPN when they hit a o365 webpage it asks for their UPN, then redirects to the ADFS proxy site which they must log onto, then they can access o365 resources.
My understanding is if we used Azure AD with password sync, the first o365 page they hit they would enter both UPN and password then go directly to the o365 resource cutting down on a perserved double step.
If this is all correct, what is the down side of using Azure AD for authenication? Any issues with the hybrid configs? Can we still get 'pass-through' when on prem and connected to the domain controllers from a workstation? Does it require the paid version of Azure AD?
Jan 03 2017 10:46 PM
Biggest downside is you dont get SSO. And you have less control over the auth process. But with PTA nearing GA, you might as well consider switching to it: https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/introducing-azuread-pass-through-a...
Jan 04 2017 05:07 AM
@Jason Benway Also i have tried this with my already deployed WIndows 10 domain joined machines - Add them to Azure AD for seamless authentication for on prem and cloud resources with SSO. When I join my Win 10 machine to Azure AD accessing any O365 does not even require any username or password - logs you in straight.
This only works with Windows 10 though. PTA might be your best choice for seemless authentication in your scenario.