This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 32%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EW%3C/text%3E%3C/svg%3E)
We are using an on premise ADFS server with RSA integration for authenticating on O365. We used the Azure Active directory connector to configure this with the ‘Federation with AD FS’ option.
Part of our RSA tokens and licensing will expire the next few month. We would like to gradually migrate to just Microsoft MFA authentication and configure this per user or group.
I can’t seem to configure authentication to O365 to both ADFS and standard O365 authentication. At least not with the Azure Active directory connector. Does anyone have any idea how we can fix this?
Note that you don't have to change the sign-in method either. You can stay federated for everyone for now. And you can configure Azure MFA as a MFA provider in ADFS and use custom rules to assign MFA method based on group membership (requires ADFS on Windows Server 2019).
Indeed, I can attest that this method works well!
I would look at the staged rollout rather than changing the Sign in at this point:
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-staged-rollout#:~:text=Staged%20rollout%20allows%20you%20to,before%20cutting%20over%20your%20domains.
@Andy David - MVP @Pierre Audonnet - MSFT : This should work. Especially using the current ADSF server with Azure MFA will help me to phase out RSA token authentication short term. I will have to upgrade my ADFS server 2012 R2 to server 2019 but that's no problem. I will work on this the next few weeks.
thank you very much.!