I would like to eliminate ADFS and manage authentication, authorization, SSO and access control in a single operation with AAD.
In considering the work steps, could you please answer the following questions?
■Assumptions
・On-Prep AD and Azure AD Object Sync with AADC
・Password hash synchronization configured
・ADFS exists and users are federated authenticated
・ADFS and each application with SSO configured
・ADFS claim rules enforce access control
■Work steps I'm thinking of
- Creating Conditional Access
- Changing Federated Authentication to Managed Authentication
- Removing claim rules on ADFS
- Migrating SSO settings for each app from ADFS to Azure AD
■My questions
(1)When is Conditional Access applied between the step 1 and 4?
(2)When does ADFS claim rules stop to be applied between the step 1 and 4?