Azure AD Connect Federated Sign-in and ADFS

Question

Hi.

I have a setup with ADFS 4.0 and Azure AD connect, but my AAD Connect is not managing my ADFS servers and the user sign-in is not set to Federation with ADFS. When Azure AD connect was installed it was it was installed with "Do not configure" on user Sign-in method as all of this was setup manually before.

Everything is working just fine as it is, but I would like to use AAD connect to update my ADFS claim rules and manage my ADFS servers. To be able to do this I will need to change the user sign-in method to federated sign-in and I am a bit worried about doing that. What are the potential issues I might get into by doing this? I have quite a few federated domain just to let you know.

I am also quiet worried about letting AAD connect update my claim rules and possibly break something.

I might be over thinking this, but some advice would be appreciated.

Answer 1

I would ask why you need AADConnect to manage the ADFS servers now?
IMO you should be moving away from ADFS and look to leveraging PHS/SSSO.
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/plan-migrate-adfs-password-hash-sync

Just my two cents :)

Answer 2

Hi.
We use ADFS with a third party MFA provider and several other relaying parties.

The reason for wanting AADC to manage ADFS right now is because I am trying to set up Device registration in my Hybrid setup and it seems like using AADC for doing this is the easier way.

But please inform me otherways.

Thanks.

Answer 3

Hi.
Thank you for your reply.
So, if I understand you correctly you will not recommend changing the setting in AADC as it is to uncertain what the consequences will be.
I should rather update the claim rules in ADFS manually?