Mitsui said goodbye to ADFS using Azure AD staged rollout
Published Dec 17 2019 10:30 AM 29.4K Views



I love it when customers meet their business goals using newly available identity capabilities! This post in the ‘Voice of the Customer’ series is such a story. Mr. Ichinose, IT Manager Mitsui & Co and Mr. Saze, Project Manager, Mitsui Knowledge Industry, describe how Azure Active Directory (Azure AD) staged rollout simplified the transition from Active Directory Federation Services to Azure AD authentication. Mitsui & Co. is a company with offices and customers all over the globe. If you are curious about how a large company transitioned users from a legacy system to Azure AD with ZERO support calls, this post is for you.



Minimize user disruption with Azure AD staged rollout

By Mr. Ichinose, IT Manager, Mitsui & Co. and Mr. Saze, Project Manager, Mitsui Knowledge Industry



We believe that a successful transition to cloud-based services hinges on a well-designed identity strategy. The cloud can empower creativity and productivity. But only if authentication is secure and services are easy to access. In our roles as the IT Manager at Mitsui and Project Manager at Mitsui Knowledge Industry, we needed to migrate user authentication off Active Directory Federation Services to support our digital transformation goals. Azure AD staged rollout simplified the process for users and IT administrators.


Mitsui & Co., headquartered in Japan, is a global company that invests in businesses across several product lines in 66 countries and regions. Like many multinational companies founded in the 20th century, the company’s business processes are built on legacy systems and assets. Mitsui Knowledge Industries is a 100% subsidiary of Mitsui & Co that supports IT infrastructure, planning and implementation of digital transformation initiatives for its parent company. We selected Azure AD based cloud authentication for the following reasons:


Cloud authentication is more secure than federated authentication.

High availability and disaster recovery offered by Microsoft Azure

Cost reductions associated with eliminating Active Directory Federation Services servers and proxy servers.


A thoughtful migration plan resulted in zero support calls

Azure AD Staged rollout gave us the tools to implement a well-planned cutover. Once we set up modern authentication and Conditional Access, we created a test environment and split our users into groups. We tested our implementation of Azure AD with small groups. We evaluated how each step affected users and made changes as we went. This process simplified testing for our IT administrators.


When we rolled out the new authentication model to larger groups, our users also benefited from the early testing process. We did not invest in any education before we began this initiative, but because we took a slow deliberate approach, users were able to transition to Azure AD authentication easily. In fact, we received zero support calls.


Figure 1 shows Azure AD Staged Rollout enabled in Azure AD ConnectFigure 1 shows Azure AD Staged Rollout enabled in Azure AD Connect


Azure AD accelerated SaaS Integration

When we selected cloud authentication, we expected to reduce costs, improve high availability, and remove burdensome server management from our IT administrators. These goals were realized. One benefit that we didn’t anticipate: it is now much easier to integrate Software as a Service (SaaS) apps. Before the migration, we integrated four apps over six years. Since moving to Azure AD we’ve onboarded 20 apps in six months! A huge productivity gain.


Figure 2: Azure AD supports more than 2,800 pre-integrated software as a service (SaaS) applications.Figure 2: Azure AD supports more than 2,800 pre-integrated software as a service (SaaS) applications.



Next up: Shifting to a Zero Trust model

Our partners in the Microsoft Identity PM team were instrumental in helping us migrate from Active Directory Federation Services to Azure AD. We work with a lot of vendors, and the Microsoft Identity PM team is special. It is rare for a partner to be so involved from start to finish. Together we have enabled single sign-on, conditional access policies, and privileged identity management to better secure our identities.


Moving forward, we are collaborating with Microsoft to move towards passworldess and eventually a Zero Trust model. These initiatives include:

  • Password policy modernization
  • Self-service password reset
  • Passwordless implementation across the organization



Learn more

I hope the Mitsui & Co. story inspired you to investigate Azure AD staged rollout. If you are looking for other tips from our customers, take a look at the other stories in the ‘Voice of the Customer’ series.


Version history
Last update:
‎Jul 24 2020 01:26 AM
Updated by: