Share via

AD FS Pass-Through Authentication

Anonymous
2018-03-29T12:15:39+00:00

Hi, 

Now that Pass-Through Authentication (PTA) is generally available, I have a few queries before we consider it as an alternative to our existing federated identity deployment (version 3.0).

We're currently running Windows 7 with Office 2010 on the majority of our PC estate, and use Exchange 2010 and ActiveSync. We are planning a major refresh to Windows 10, Office 2016 and Exchange Online, but this won't be in place until 2019/2020. Given our current situation, would PTA be a viable option for us, or should we stick to a 'traditional' federation topology until after the refresh?

I understand there are likely to be issues with us using Office 2010 (which doesn't support Modern Authentication) and ActiveSync, but don't fully understand the consequences and whether this is a show-stopper, or it would just result in authentication happening by some other means.

Thanks for your time.

Tony

Microsoft 365 and Office | Subscription, account, billing | For home | Windows

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

Anonymous
2018-03-29T17:28:50+00:00

Hi TMitchell74,

Please be noted that AD FS Pass Through Authentication is not supported in Office 2010 that doesn't support Modern Authentication. That is to say, this feature is not available for your current situation (Office 2010) but for Office 2013/2016 that supports Modern Authentication. The whole process of AD FS Pass Through Authentication is the authentication of the user identity.

For more information, you can refer to https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication-current-limitations (Unsupported scenarios). 

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication-how-it-works

Regards,

Alan

Was this answer helpful?

1 person found this answer helpful.
0 comments

4 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2018-04-04T15:13:46+00:00

    Okay, thanks Alan.

    Was this answer helpful?

    0 comments
  2. Anonymous
    2018-04-04T06:25:38+00:00

    Hi TMitchell74,

    Ok, never mind. 

    As ATP is for pass through the authentication (password), so it should work without prompt for credential. Anyway, here I should emphasize that ATP doesn't support for Office 2010 so that the confusion can be avoided for other customers who read this post. 

    Regards,

    Alan

    Was this answer helpful?

    0 comments
  3. Anonymous
    2018-04-03T13:04:44+00:00

    Hi Alan,

    Many thanks for responding, and apologies for the delay in replying (last Friday and yesterday, Monday, are Bank Holidays here in the UK). Just so I fully understand the implications, if PTA was deployed in an environment with Windows 7 and Office 2010, and a user tried to open an Office document (that was within SharePoint online lets say), they would be prompted for credentials (i.e. no SSO)? Or would it just not work at all?

    Thanks

    Tony

    Was this answer helpful?

    0 comments
  4. Anonymous
    2018-03-31T17:59:27+00:00

    Hi TMitchell74,

    If anything is unclear, please feel free to let me know.

    Regards,

    Alan

    Was this answer helpful?

    0 comments