Forum Discussion
Moving authenication from ADFS to Azure AD
Currently we have hybrid exchange (exchange 2010), skype for business (lync 2013), Azure AD Connect w/ password sync, and ADFS V2.1
From an user experience if the user is off prem, not on VPN when they hit a o365 webpage it asks for their UPN, then redirects to the ADFS proxy site which they must log onto, then they can access o365 resources.
My understanding is if we used Azure AD with password sync, the first o365 page they hit they would enter both UPN and password then go directly to the o365 resource cutting down on a perserved double step.
If this is all correct, what is the down side of using Azure AD for authenication? Any issues with the hybrid configs? Can we still get 'pass-through' when on prem and connected to the domain controllers from a workstation? Does it require the paid version of Azure AD?
Thanks,jb
2 Replies
Jason Benway Also i have tried this with my already deployed WIndows 10 domain joined machines - Add them to Azure AD for seamless authentication for on prem and cloud resources with SSO. When I join my Win 10 machine to Azure AD accessing any O365 does not even require any username or password - logs you in straight.
This only works with Windows 10 though. PTA might be your best choice for seemless authentication in your scenario.
Biggest downside is you dont get SSO. And you have less control over the auth process. But with PTA nearing GA, you might as well consider switching to it: https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/introducing-azuread-pass-through-authentication-and-seamless-single-sign-on/
