Here’s why you need to deploy Azure AD FS with Multi-Factor Authentication

By May 10, 2018Azure, Security

Active Directory Federation Services (AD FS) provides access control and single sign-on across a wide variety of applications including Office365, cloud-based SaaS applications, and applications on the corporate network.

identity secured with azure

This is beneficial:

For the IT Organisation

It enables you to provide sign-on and access control to both modern and legacy applications, on-premises and in the cloud, based on the same set of credentials and policies.

For the User

It provides a seamless sign on using the same, familiar account credentials.

For the Developer

It provides an easy way to authenticate users whose identities live in the organisational directory so that you can focus your efforts on your application, not authentication or identity.

Here are the main advantages to deploying AD FS in your Azure environment:

External Web Single Sign-on (SSO)

AD FS provides web SSO to federated partners outside your organisation, which enables their users to have an SSO experience when they access your organisation’s web-based applications.

Web Services Interoperability

AD FS provides a federated identity management solution that interoperates with other security products, which makes it possible for environments that do not use the Windows identity model to federate with Windows environments.

Partner User Management Not Required

Your organisation no longer needs to revoke, change, or reset the credentials for the partner’s users, since the credentials are managed by the partner organisation as the federated partner’s Identity Provider (IP) sends claims that reflect its users’ identity, groups, and attribute data. Additionally, if a partnership needs to be terminated, it can be performed with a single trust policy change. Without AD FS, individual accounts for each partner user would need to be deactivated.

Claim Mapping

Claims are defined in terms that each partner understands and appropriately mapped in the AD FS trust policy for exchange between federation partners.

Centralised Federated Partner Management

All federated partner management is performed using the AD FS Microsoft Management Console (MMC) snap-in.

Scalable Architecture

AD FS provides an extensible architecture for claim augmentation, for example, adding or modifying claims using custom business logic during claims processing. Organisations can use this extensibility to modify AD FS to finely support their business policies.

High Availability

Azure Availability Sets ensure you have a highly-available infrastructure.


With Azure Geo-Redundancy, you can be assured that your infrastructure is highly-available across the globe.

If you are ready to implement your Hybrid Identity Security with Evros, email your Account Manager for your free Microsoft Azure AD FS consultation today.