I hope there is no need to explain what is “Azure AD Connect” :). We like it or not, but all organisations, that want to work with Office 365 / Azure probably be starting with a hybrid configuration where existing Active Directory objects (and in some cases passwords) on-premises sync to Azure AD using Azure AD Connect.
Recently Microsoft released Azure AD Connect build 1.1.377.0, that introduced “Azure Pass-Through Authentication” (It is currently in public preview). Azure Pass-Through Authentication aimed to provide the following features:
- SSO capabilities with passwords that are managed on-premises
- Does not increase the on-prem IT footprint like AD FS does
- Eliminates requirements for un-authenticated end points on the Internet
- Super simple to implement
So, what is Pass-Through Authentication and How Does It Work?
Azure Pass-Through Authentication routes authentication requests from Office 365 through a simple connector deployed on-premises to our on-prem Active Directory. The connector uses only secure outbound communications, so no DMZ or Internet-facing endpoint is required.
Pass-through Authentication uses Kerberos authentication between the on-prem connector and AD, so it offers a true SSO experience for users on domain-joined computers.
If you want to install Azure Pass-Through Authentication manually, the installer is located at
C:\Program Files\Microsoft Azure Active Directory Connect\SetupFiles\AADApplicationProxyConnectorInstaller.exe
on the same server, where AAD Connect is installed.
What to remember about Azure Pass-Through Authentication
Azure Pass-Through Authentication only works with Office 365. If our organisation requires an authentication solution that also works with other claims-based cloud applications like Okta, AWS, Salesforce and etc., we’ll need to use a claims-based solution like ADFS!
Download the latest version of Azure AD Connect from http://aka.ms/aadconnect