The Microsoft 365 cloud environment benefits from an extensive monitoring and security infrastructure. Using machine learning and human intelligence that looks across worldwide traffic can rapidly detect attacks and allow you to reconfigure almost in real time. None of the following scenarios apply to my org, and I’m ready to move forward with my migration.
For all types of migrations, the following AD FS scenarios can’t be migrated to Azure AD.
- Custom attribute store to retrieve additional claims from LDAP and SQL
- Non-Microsoft MFA provider integrated with AD FS
Non-Microsoft Mobile Device Management (MDM) integrated with AD FS
- Non-persistent virtual desktop infrastructure (VDI) with Windows 11
Windows Hello for Business in certificate authentication mode
- Azure AD Cloud Sync with hybrid Azure AD join
Dual-federation (for example, Azure commercial and Azure China 21Vianet) - Sign-in with SamAccountName or EmployeeID
For staged rollouts (migrating a small group), the following configurations are unsupported.
What to expect
- Legacy authentication, such as POP3 and SMTP
- Nested groups, dynamic groups, and groups that contain contact objects
If your application includes the “domain_hint” attribute - Windows 10 version 1903 or older for both hybrid Azure AD join or Azure AD join if user has a non-routable UPN
What to expect
To get custom guidance for migrating to Azure AD, you’ll first answer a few questions about your Active Directory Federation Services (AD FS) infrastructure. Then implement either pass-through authentication (PTA) or password hash sync (PHS) to give users a streamlined experience while accessing your org’s apps
Use the full tool here