ADFS Proxy

Category: azure security


Vegas588 on Sun, 27 Jul 2014 13:15:31

I am posting this question here from the Office 365 forums as I was redirected to this instead. My original question is here. We are looking to deploy ADFS in Azure to use for Authentication and SSO for a new Office 365 rollout. In the documentation on TechNet, it states that if you route ADFS requests directly to the Azure cloud (as opposed to your VPN connection), that the connection is seen as external and therefore users may get prompted for authentication. In other words, SSO may not be 100%. In the other forum, I tried to get a more precise answer on that. So, I post the question here. If I deploy ADFS in Azure and I do not use a proxy (I expose the ADFS directly to the Internet), will my users have SSO or not? We just need to understand under what conditions an authentication prompt may occur so that we can be prepared. Thanks.

MCITP Exchange 2010 | MCITP Lync Server 2010 | MCTS Windows 2008


Azam Khan - MSFT on Mon, 28 Jul 2014 05:43:00


Please refer this link and check if it helps:


Azam khan

Ajay Kumar Suri (DEL) on Mon, 28 Jul 2014 11:38:11


Typically, ADFS servers in the corporate network provide SSO to domain joined machines while proxies provide forms for authentication to the machines outside the corporate network.

ADFS provides SSO through Integrated Windows Authentication.

For this, ADFS servers need to be in the same domain as the machine the user is trying to login from.

If your ADFS servers are in Azure (internet) while machine is domain joined to your on-premises corporate network, you will not get SSO.


Ajay Suri