Please specify the following:
- Do you federate Exchange and ADFS directly for OWA, or do you have an Exchange Online environment and your AD FS to for all Office 365 workload, not only Exchange.
Federation with all office 365 workload
- What version of AD FS are you using?
ADFS 2016
- Is there any reason why you want to still use AD FS as opposed as other authentication methods which do not have the same challenges in terms of high availability?
According security regulation , The security process should happen in Onprmise