Azure AD Pass-Through Authentication and Seamless Single Sign-on

I hope there is no need to explain what is “Azure AD Connect” :). We like it or not, but all organisations, that want to work with Office 365 / Azure probably be starting with a hybrid configuration where existing Active Directory objects (and in some cases passwords) on-premises sync to Azure AD using Azure AD Connect.

Recently Microsoft released Azure AD Connect build 1.1.377.0, that introduced “Azure Pass-Through Authentication” (It is currently in public preview). Azure Pass-Through Authentication aimed to provide the following features:

  • SSO capabilities with passwords that are managed on-premises
  • Does not increase the on-prem IT footprint like AD FS does
  • Eliminates requirements for un-authenticated end points on the Internet
  • Super simple to implement

So, what is Pass-Through Authentication and How Does It Work?


Azure Pass-Through Authentication routes authentication requests from Office 365 through a simple connector deployed on-premises to our on-prem Active Directory. The connector uses only secure outbound communications, so no DMZ or Internet-facing endpoint is required.

Pass-through Authentication uses Kerberos authentication between the on-prem connector and AD, so it offers a true SSO experience for users on domain-joined computers.


Note: SSO can be enabled by clicking the “Enable single sign on” check box.

If you want to install Azure Pass-Through Authentication manually, the installer is located at

on the same server, where AAD Connect is installed.

What to remember about Azure Pass-Through Authentication

Azure Pass-Through Authentication only works with Office 365. If our organisation requires an authentication solution that also works with other claims-based cloud applications like Okta, AWS, Salesforce and etc., we’ll need to use a claims-based solution like ADFS!

P.S.
Download the latest version of Azure AD Connect from http://aka.ms/aadconnect

Written by Misha Hanin

Trusted Business & Technology Advisor, Solutions Managing Director & Senior Solutions Architect at iRangers International Inc. with more than 25 years of experience in the field of information technology, infrastructure analysis and design, implementing innovative and leading technologies for International companies around the globe in public and private sectors.

Over the years I was able to develop very strong technical and engineering skills which helped me to earn trusted advisor status with our clients. As one of the nearly 500 trained Microsoft Certified Masters (MCM) in The World (during 10 years existence of MCM program, just about 500 people in The World participated in this very intensive training), I have a winning track record in building and bringing projects to operational and measurable success.

I am honored to have been awarded Microsoft Most Valuable Professional (MVP). This award is given to "exceptional, independent community leaders who share their passion, technical expertise, and real-world knowledge of Microsoft products with others."