Azure AD Connect, ADFS and M365 domains

%3CLINGO-SUB%20id%3D%22lingo-sub-2990818%22%20slang%3D%22en-US%22%3EAzure%20AD%20Connect%2C%20ADFS%20and%20M365%20domains%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2990818%22%20slang%3D%22en-US%22%3E%3CP%3EDoes%20each%20domain%20verified%20in%20M365%20needs%20to%20be%20federated%20and%20setup%20in%20ADFS%20for%20authentication%3F%26nbsp%3B%20Scenario%2C%20Company%20A%20has%20one%20domain%20contoso.com%20that%20is%20verified%20in%20M365.%20Azure%20AD%20Connect%20and%20ADFS%20is%20in%20place%20and%20all%20users%20with%20contoso.com%20based%20UPNs%2Femails%20are%20authenticated%20using%20ADFS.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECompany%20A%20has%20purchased%20another%20domain%20fabrikam.com%20and%20now%20requires%20this%20domain%20to%20be%20verified%20in%20M365%20and%20to%20be%20used%20for%20subset%20of%20company%20A%20users.%20This%20means%20steps%20for%20onboarding%20the%20domain%20are%3A%3C%2FP%3E%3CP%3E1.%20Add%20fabrikam.com%20to%20M365%20and%20verify%20it%2C%3C%2FP%3E%3CP%3E2.%20Add%20fabrikam.com%20as%20a%20domain%20suffix%20to%20on-premises%20AD%2C%3C%2FP%3E%3CP%3E3.%20Chane%20UPN%20and%20primary%20SMTP%20address%20of%20subset%20of%20users%20and%20let%20these%20users%20sync%2C%3C%2FP%3E%3CP%3E4.%20Users%20with%20fabrikam.com%20domain%20based%20UPNs%20will%20be%20authenticated%20by%20Azure%20AD%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWould%20the%20above%20steps%20are%20all%20that%20would%20be%20required%20to%20get%20the%20subset%20of%20users%20to%20use%20the%20fabrikam.com%20domain%20and%20keep%20logging-in%20to%20M365%20workloads%20without%20ADFS.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2990818%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eadfs%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%20Connect%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDomain%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Frequent Contributor

Does each domain verified in M365 needs to be federated and setup in ADFS for authentication?  Scenario, Company A has one domain contoso.com that is verified in M365. Azure AD Connect and ADFS is in place and all users with contoso.com based UPNs/emails are authenticated using ADFS.

 

Company A has purchased another domain fabrikam.com and now requires this domain to be verified in M365 and to be used for subset of company A users. This means steps for onboarding the domain are:

1. Add fabrikam.com to M365 and verify it,

2. Add fabrikam.com as a domain suffix to on-premises AD,

3. Change UPN and primary SMTP address of subset of users and let these users sync,

4. Users with fabrikam.com domain based UPNs will be authenticated by Azure AD

 

Are the above steps all that would be required to get the subset of users to use the fabrikam.com domain and keep logging-in to M365 workloads without ADFS?

 

0 Replies