Office 365 migration: should I use ADFS


Scenario: small company (<200 users), local Active Directory (single domain, 2008R2 level), on-premises deployment of Exchange 2010, Lync 2010 and SharePoint 2013.

The company wants to go full-cloud for Exchange, Lync and SharePoint services, thus is migrating everything to Office 365; however, the local AD will be preserved as the main authentication system, because there are various other application servers and keeping users and computers joined to the domain is a requirement.

In this scenario, should ADFS be used or will DirSync suffice?
Is ADFS required or optional?
If optional, what benefits (and caveats) will it provide over the simpler DirSync-only solution?

Best Answer

It depends on your needs, if you need to provide SSO to your environment you should deploy ADFS. On the other side if you only want your users use their AD password to log on Office365 you should user DirSync.

In the fomer scenario the authorization is performed by your AD environment and trusted by Office 365. In the DirSync scenario is actually Office365 which will perform the authentication instead of your local AD.

Since your AD will be the main authentication system I cannot see a real reason to deploy ADFS instead of using only DirSync.

Related Topic