![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 11%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER5%3C/text%3E%3C/svg%3E)
SQL Server Integration Services
A Microsoft platform for building enterprise-level data integration and data transformations solutions.
2,453 questions
Hi @RNA-5508 ,
Microsoft 365(SharePoint Online) uses Azure AD for authentication. Every Microsoft 365 tenant has a separate Azure AD. You can make use of your existing authentication system (like Active Directory) when implementing authentication for Microsoft 365. There are two possible options:
- Synchronized identities: Accounts are synchronized between Azure AD and your On-Premises directory. You can choose to sync passwords as well, or let users have a different password for both.
- Federated identities: In this model, users always authenticate against your internal directory. When signing into Microsoft 365, users are redirected to your internally hosted identity provider, like ADFS. When signed in successfully, users are redirected to Microsoft 365 and are logged in.
For more information, see this excelllent article: Microsoft 365 identity models and Azure Active Directory.
Besides the two authentication options for identity management, the third way to manage your users is multifactor authentication.
The idea behind multifactor authentication is that a physical item is required when signing in. In most cases this will be a code sent via text or phone call, or is generated by a mobile app. When logging in with your username and password, a key generated by the multifactor device must also be entered. In Microsoft 365, you can configure multifactor authentication from the Microsoft 365 Admin Center. You can choose which users you want to enable it for, and what to do if the client does not allow multifactor authentication.
There is a fourth option – namely, using separate Microsoft 365 accounts, (so-called “onmicrosoft”-accounts, as the format is username@tenant .onmicrosoft.com. This is only useful in demo purposes, or when you don’t have an internal directory, which is unlikely.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.