cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Moving authenication from ADFS to Azure AD

Jason Benway
Iron Contributor

‎Jan 03 2017 01:56 PM - last edited on ‎Jul 24 2020 02:51 AM by

‎Jan 03 2017 01:56 PM - last edited on ‎Jul 24 2020 02:51 AM by

Moving authenication from ADFS to Azure AD

Currently we have hybrid exchange (exchange 2010), skype for business (lync 2013), Azure AD Connect w/ password sync, and ADFS V2.1

 

From an user experience if the user is off prem, not on VPN when they hit a o365 webpage it asks for their UPN, then redirects to the ADFS proxy site which they must log onto, then they can access o365 resources.

 

My understanding is if we used Azure AD with password sync, the first o365 page they hit they would enter both UPN and password then go directly to the o365 resource cutting down on a perserved double step.

 

If this is all correct, what is the down side of using Azure AD for authenication? Any issues with the hybrid configs? Can we still get 'pass-through' when on prem and connected to the domain controllers from a workstation? Does it require the paid version of Azure AD?

 

Thanks,jb

6,298 Views
1 Like
2 Replies
Reply
2 Replies
Vasil Michev

‎Jan 03 2017 10:46 PM

‎Jan 03 2017 10:46 PM

Re: Moving authenication from ADFS to Azure AD

Biggest downside is you dont get SSO. And you have less control over the auth process. But with PTA nearing GA, you might as well consider switching to it: https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/introducing-azuread-pass-through-a...

3 Likes
Reply
Jasjit Chopra

‎Jan 04 2017 05:07 AM

‎Jan 04 2017 05:07 AM

Re: Moving authenication from ADFS to Azure AD

@Jason Benway Also i have tried this with my already deployed WIndows 10 domain joined machines - Add them to Azure AD for seamless authentication for on prem and cloud resources with SSO. When I join my Win 10 machine to Azure AD accessing any O365 does not even require any username or password - logs you in straight.

 

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-azureadjoin-devices-group-p...

 

This only works with Windows 10 though. PTA might be your best choice for seemless authentication in your scenario.

3 Likes
Reply