Start Free TrialLog in
Avatar of pramod1
pramod1Flag for United States of America

asked on 

Azure Active directory, office 365,,ADFS

We are setting up hybrid configuration wizard for on premise exchange 2016 users migration to office 365

Do we need to set up ADFS with relying party trusts as well as we are setting up azure AD connect formerly Dirsync

Do we need both ADFS and azure AD connect both at same time?
Microsoft 365Active DirectoryAzure
Avatar of undefined
Last Comment
DEMAN-BARCELO (MVP) Thierry
ASKER CERTIFIED SOLUTION
Avatar of Hayes Jupe
Hayes Jupe
Flag of Australia image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of DEMAN-BARCELO (MVP) Thierry
DEMAN-BARCELO (MVP) Thierry
Flag of France image
ADConnect is very useful/necessary for an Exchange hybrid migration.

ADFS is totally independent of the Exchange hybrid migration.

ADFS is now very rarely installed by (new) customers. They commonly define PHS or PTA.
ADFS is used by customers that still have this infrastructure.


Avatar of Hayes Jupe
Hayes Jupe
Flag of Australia image
ADFS is now very rarely installed by (new) customers. They commonly define PHS or PTA

i think that's going a little far IMO.... PTS is much more common than a few years ago - but for the enterprise and surprisingly, schools, ADFS is still quite common. A contributing factor to this is that ADFS doesn't have to only be used for SSO to O365, it can facilitate SSO to anything that supports it - which is a big plus for ADFS (again, if you have that requirement)
Avatar of DEMAN-BARCELO (MVP) Thierry
DEMAN-BARCELO (MVP) Thierry
Flag of France image
Nearly applications defined in ADFS can now be defined in the same way in AzureAD, even custom application based on SAML.

ADFS needs 4 Windows servers (2 for the farm ADFS, and 2 for the WAP-ADFSproxy), and a valid public certificate.
=> Many customers prefer to avoid.

Avatar of Jeff Glover
Jeff Glover
Flag of United States of America image
Although we have ADFS Farms (Multiple forests), we do not use it with Office 365. For us, it added another layer of complexity we did not need. You enter your login credential and are redirected to ADFS, where you enter your name and password.  We use Password Hash Sync although Pass Thru Authentication works also. Just login credential and password.

  As others have said, Before PHS and PTA, ADFS was the SSO method of choice and is still an option but newer installations of AADConnect seldom use them unless there is an overriding reason, security or otherwise, for it.
Avatar of pramod1
pramod1
Flag of United States of America image

ASKER

my last question,  if we are done synchronizing users and no longer have on premises active directory infrastructure neither need Azure AD connect , how do users logs in to applications, do we need to install VDI
in azure tenant for each users , lets say we have 70,000 users migrated through Password hash sync
we dont have ADDS on premise?
EXPERT CERTIFIED SOLUTION
Avatar of Jeff Glover
Jeff Glover
Flag of United States of America image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of pramod1
pramod1
Flag of United States of America image

ASKER

i am talking if no ADFS as well nothing on prem, so what u said workstations need to be registered in azure AD ?
EXPERT CERTIFIED SOLUTION
Avatar of Jeff Glover
Jeff Glover
Flag of United States of America image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
EXPERT CERTIFIED SOLUTION
Avatar of DEMAN-BARCELO (MVP) Thierry
DEMAN-BARCELO (MVP) Thierry
Flag of France image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Active Directory
Active Directory

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

86K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts

  • "Invaluable tool for our organization"

    Josh Regalski

  • "Your help has saved me hundreds of hours of internet surfing."

    @fblack61

  • "Just a dang good service!"

    @golferski

  • "Worth every penny."

    Steve Hougom

  • "It’s been a life saver."

    Maria Halt

  • "Best support site I’ve seen!"

    Bob Schneider

  • "I would be lost without them."

    @fblack61

  • "Saved my job multiple times."

    Walt Forbes

  • "I love this site."

    Maria Duwe

  • "Friendly respectful help."

    Andrew Kowtalo

  • "Such top-notch experts."

    @magento

  • "The best money I have ever spent."

    @rwheeler23

  • "Beyond any comprehensible value"

    George Morris

  • "Invaluable tool for our organization"

    Josh Regalski

Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo
© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent