Azure Active directory, office 365,,ADFS
We are setting up hybrid configuration wizard for on premise exchange 2016 users migration to office 365
Do we need to set up ADFS with relying party trusts as well as we are setting up azure AD connect formerly Dirsync
Do we need both ADFS and azure AD connect both at same time?
Do we need to set up ADFS with relying party trusts as well as we are setting up azure AD connect formerly Dirsync
Do we need both ADFS and azure AD connect both at same time?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ADFS is now very rarely installed by (new) customers. They commonly define PHS or PTA
i think that's going a little far IMO.... PTS is much more common than a few years ago - but for the enterprise and surprisingly, schools, ADFS is still quite common. A contributing factor to this is that ADFS doesn't have to only be used for SSO to O365, it can facilitate SSO to anything that supports it - which is a big plus for ADFS (again, if you have that requirement)
Nearly applications defined in ADFS can now be defined in the same way in AzureAD, even custom application based on SAML.
ADFS needs 4 Windows servers (2 for the farm ADFS, and 2 for the WAP-ADFSproxy), and a valid public certificate.
=> Many customers prefer to avoid.
ADFS needs 4 Windows servers (2 for the farm ADFS, and 2 for the WAP-ADFSproxy), and a valid public certificate.
=> Many customers prefer to avoid.
Although we have ADFS Farms (Multiple forests), we do not use it with Office 365. For us, it added another layer of complexity we did not need. You enter your login credential and are redirected to ADFS, where you enter your name and password. We use Password Hash Sync although Pass Thru Authentication works also. Just login credential and password.
As others have said, Before PHS and PTA, ADFS was the SSO method of choice and is still an option but newer installations of AADConnect seldom use them unless there is an overriding reason, security or otherwise, for it.
As others have said, Before PHS and PTA, ADFS was the SSO method of choice and is still an option but newer installations of AADConnect seldom use them unless there is an overriding reason, security or otherwise, for it.
ASKER
my last question, if we are done synchronizing users and no longer have on premises active directory infrastructure neither need Azure AD connect , how do users logs in to applications, do we need to install VDI
in azure tenant for each users , lets say we have 70,000 users migrated through Password hash sync
we dont have ADDS on premise?
in azure tenant for each users , lets say we have 70,000 users migrated through Password hash sync
we dont have ADDS on premise?
EXPERT CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i am talking if no ADFS as well nothing on prem, so what u said workstations need to be registered in azure AD ?
EXPERT CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
EXPERT CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ADFS is totally independent of the Exchange hybrid migration.
ADFS is now very rarely installed by (new) customers. They commonly define PHS or PTA.
ADFS is used by customers that still have this infrastructure.