Link to home
Create AccountLog in
Avatar of pramod1
pramod1Flag for United States of America

asked on

Azure Active directory, office 365,,ADFS

We are setting up hybrid configuration wizard for on premise exchange 2016 users migration to office 365

Do we need to set up ADFS with relying party trusts as well as we are setting up azure AD connect formerly Dirsync

Do we need both ADFS and azure AD connect both at same time?
ASKER CERTIFIED SOLUTION
Avatar of Hayes Jupe
Hayes Jupe
Flag of Australia image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
ADConnect is very useful/necessary for an Exchange hybrid migration.

ADFS is totally independent of the Exchange hybrid migration.

ADFS is now very rarely installed by (new) customers. They commonly define PHS or PTA.
ADFS is used by customers that still have this infrastructure.


ADFS is now very rarely installed by (new) customers. They commonly define PHS or PTA

i think that's going a little far IMO.... PTS is much more common than a few years ago - but for the enterprise and surprisingly, schools, ADFS is still quite common. A contributing factor to this is that ADFS doesn't have to only be used for SSO to O365, it can facilitate SSO to anything that supports it - which is a big plus for ADFS (again, if you have that requirement)
Nearly applications defined in ADFS can now be defined in the same way in AzureAD, even custom application based on SAML.

ADFS needs 4 Windows servers (2 for the farm ADFS, and 2 for the WAP-ADFSproxy), and a valid public certificate.
=> Many customers prefer to avoid.

Although we have ADFS Farms (Multiple forests), we do not use it with Office 365. For us, it added another layer of complexity we did not need. You enter your login credential and are redirected to ADFS, where you enter your name and password.  We use Password Hash Sync although Pass Thru Authentication works also. Just login credential and password.

  As others have said, Before PHS and PTA, ADFS was the SSO method of choice and is still an option but newer installations of AADConnect seldom use them unless there is an overriding reason, security or otherwise, for it.
Avatar of pramod1

ASKER

my last question,  if we are done synchronizing users and no longer have on premises active directory infrastructure neither need Azure AD connect , how do users logs in to applications, do we need to install VDI
in azure tenant for each users , lets say we have 70,000 users migrated through Password hash sync
we dont have ADDS on premise?
EXPERT CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of pramod1

ASKER

i am talking if no ADFS as well nothing on prem, so what u said workstations need to be registered in azure AD ?
EXPERT CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
EXPERT CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.