This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Skype for Business client & Azure AD Pass Through Authentication + MFA

Question
0

Sign in to vote

Hi,

I would like to implement Azure AD Pass Through Authentication With SSO and move away from ADFS.

Current setup is ADFS on Windows server 2016 with Cloud only MFA.

I have red in following article : Unsupported scenarios : https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication-current-limitations

User sign-ins to Skype for Business client applications, including Skype for Business 2016.

But as far I understand what is written, users will not have SSO, but they will need to provide user name and password (and click remember me) and externally with MFA when I configure conditional acce4ss.

Is that correct, or it is totally not supported without ADFS.

Thx,

Borut

BlatniS

Monday, December 11, 2017 10:16 AM

Answers

0

Sign in to vote
Azure AD Connect Pass Through with SSO is more secure than Password Sync with SSO.

Sign-in Experiences:

The next time you login to Office365 Portal or access Office365 services through web browser, you don't need to type your password anymore; just type user email address and press Tab key in password box, it will automatically sign you in.

For rich client like Outlook and SFB, you can check "remember me" or "save password", so that you don't have to type every time.

Logging into Office365 through web browser:

SSO works only when your desktop is in the LAN where your PC/Laptop is connected to the Domain.

It means you have to type username and password when you are out of Office network ( not connected to DC)
- Edited by ThettNaing Monday, December 11, 2017 12:43 PM
- Proposed as answer by Leon-LuMicrosoft contingent staff Tuesday, December 12, 2017 8:13 AM
- Marked as answer by Borut2009 Tuesday, December 12, 2017 12:58 PM
Monday, December 11, 2017 12:13 PM

All replies

0

Sign in to vote
Azure AD Connect Pass Through with SSO is more secure than Password Sync with SSO.

Sign-in Experiences:

The next time you login to Office365 Portal or access Office365 services through web browser, you don't need to type your password anymore; just type user email address and press Tab key in password box, it will automatically sign you in.

For rich client like Outlook and SFB, you can check "remember me" or "save password", so that you don't have to type every time.

Logging into Office365 through web browser:

SSO works only when your desktop is in the LAN where your PC/Laptop is connected to the Domain.

It means you have to type username and password when you are out of Office network ( not connected to DC)
- Edited by ThettNaing Monday, December 11, 2017 12:43 PM
- Proposed as answer by Leon-LuMicrosoft contingent staff Tuesday, December 12, 2017 8:13 AM
- Marked as answer by Borut2009 Tuesday, December 12, 2017 12:58 PM
Monday, December 11, 2017 12:13 PM
0

Sign in to vote

Can You please suggest while using pass through authentication if my outlook client is 2010 ,2013 & my Lync client will be 2013 Or Skype for business without any modern authentication will it cause any issues.

Can you please elaborate client wise limitations for using pass through authentications for going to o365 from exchange 2013 on premise.

Sunday, May 6, 2018 12:16 PM