Single Sign On

Former Employee

Is your organization headed towards single-sign on? Check out this new documentation on Azure Active Directory Seamless Single Sign-On.


Here are a few highlights:

  • Seamless SSO is an opportunistic feature. If it fails for any reason, the user sign-in experience goes back to its regular behavior – (i.e., the user needs to enter their password on the sign-in page)
7 Replies
This tech has been amazing since deploying it. If the apps would better use it for auto login we would be set. Like during password changes outlook still seems to have some odd side effects. But overall not having to login every time people visit office 365 apps is nice and works flawlessly so far.

Hi Christopher,


Have you considered removing the requirement to reset passwords for users that have MFA enabled?


NIST have release guidance regarding not enforcing password resets; only initiating if an event requires this (password forgotten, password phished.....).



been thinking about that honestly. I use MFA and all my 365 admins do and the app approval works great, especially with Apple watch =). But things like requiring apppasswords to sync contacts with your iphone etc. are kind of a deal breaker. Hoping they somehow make the Outlook app sync the contacts to the phone, until then MFA is kind of problematic.
The Outlook app pushes the contacts to your devices contact list since latest updates:
Feature is worthless. It's a manual export to your local contacts it needs to sync just like the active sync contacts do built into the device.
Serious? The article talks about a one-way sync from Outlook to you devices contacts.

Yeah, serious, I've tried it, it sucks. All it does is imports your contacts. To update your contacts you have to turn it off (delete all your contacts) and then turn it back on. It's no way shape or form a real sync. Not to mention compared to activesync built into the phone you do not get your photos etc. either on your contacts. It's very lacking currently.