AD FS or Azure AD

Angel Garcia Gomez 21 Reputation points
2021-07-14T10:35:20.887+00:00

Good morning!

I am an IT Pro Jr and I have some doubts on the subject.

Currently many customers use AD FS to validate to O365.

I have read in some blogs that the trend is to migrate from AD FS to Azure AD for validation of users in O365.

Is this real, and what are the benefits of having Azure AD to AD FS?

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,187 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,386 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Pierre Audonnet - MSFT 10,166 Reputation points Microsoft Employee
    2021-07-14T18:01:00.557+00:00

    Originally, customers used ADFS for Office 365 (well, technically ADFS trusts Azure AD, not Office 365, Office 365 is more a suite of products) to get Single-Sign-On (SSO) with their on-premises domain-joined machines.

    Now we can have SSO without deploying ADFS (Azure AD Connect Seamless-SSO, Azure AD joined machines, Windows 10 and primary refresh tokens etc.). So deploying ADFS for Azure AD integration is not required at all. They might be other reasons why customers wants to use ADFS (such as a custom MFA provider). But that's rather rare now.

    ADFS has an infrastrucutre cost. There are servers, load-balancers, certificates to manage... So if that's not required to get SSO to access "Office 365", why bother...

    1 person found this answer helpful.
    0 comments No comments

  2. Siva-kumar-selvaraj 15,546 Reputation points
    2021-07-14T19:00:13.383+00:00

    In addition to what @Pierre Audonnet - MSFT called out, please refer this article which may help you choose the right authentication method for your Azure Active Directory hybrid identity solution. Thanks!

    1 person found this answer helpful.
    0 comments No comments