locked
Skype for Business client & Azure AD Pass Through Authentication + MFA RRS feed

  • Question

  • Hi,

    I would like to implement Azure AD Pass Through Authentication With SSO  and move away from ADFS.

    Current setup is ADFS on Windows server 2016  with Cloud only MFA.

    I have red in following article :  Unsupported scenarios  : https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication-current-limitations

    User sign-ins to Skype for Business client applications, including Skype for Business 2016.

    But as far  I understand what is written, users will not have  SSO, but they will need to provide user name and password (and click remember me) and externally with MFA when I configure conditional acce4ss.

    Is that correct, or it is totally not supported without  ADFS.

    Thx,

    Borut


    BlatniS

    Monday, December 11, 2017 10:16 AM

Answers

  • Azure AD Connect Pass Through with SSO is more secure than Password Sync with SSO.

    Sign-in Experiences:

    The next time you login to Office365 Portal or access Office365 services through web browser, you don't need to type your password anymore; just type user email address and press Tab key in password box, it will automatically sign you in.

    For rich client like Outlook and SFB, you can check "remember me" or "save password", so that you don't have to type every time. 

    Logging into Office365 through web browser:
    • SSO works only when your desktop is in the LAN where your PC/Laptop is connected to the Domain.
      • It means you have to type username and password when you are out of Office network ( not connected to DC)



    Monday, December 11, 2017 12:13 PM

All replies

  • Azure AD Connect Pass Through with SSO is more secure than Password Sync with SSO.

    Sign-in Experiences:

    The next time you login to Office365 Portal or access Office365 services through web browser, you don't need to type your password anymore; just type user email address and press Tab key in password box, it will automatically sign you in.

    For rich client like Outlook and SFB, you can check "remember me" or "save password", so that you don't have to type every time. 

    Logging into Office365 through web browser:
    • SSO works only when your desktop is in the LAN where your PC/Laptop is connected to the Domain.
      • It means you have to type username and password when you are out of Office network ( not connected to DC)



    Monday, December 11, 2017 12:13 PM
  • Can You please suggest while using pass through authentication if my outlook client is 2010 ,2013 & my Lync client will be 2013 Or Skype for business without any modern authentication will it cause any issues.

    Can you please elaborate client wise limitations for using pass through authentications for going to o365 from exchange 2013 on premise.

    Sunday, May 6, 2018 12:16 PM