Skip to content

Enterprise Mobility + Security


Howdy folks,

If you’re a follower of this blog you’ll probably recall that we announced pass-through authentication and seamless single sign-on in Azure AD at the end of last year. These features make it easy and fast to deliver world class end user sign-in experiences with Azure AD. Today I’m excited to announce a few improvements we’ve made that make these capabilities even more secure, easier to use, and easier to administer.

Pass-through authentication

Pass-through authentication lets users sign in to your cloud apps while getting rid of the need to store any user passwords in the cloud or deploy new server infrastructure. Some of the key improvements we’ve just turned on include:

  • Security: We’ve improved user sign-on security with public key / private key encryption between Azure AD and on-premises agents. That’s in addition to secure HTTPS, which is always used to transfer usernames and passwords.
  • Usability: We now support using any attribute, configured as Alternate ID in Azure AD Connect, as the username.
  • Easier deployment: Now you only need to open two ports to deploy pass-through authentication—the standard ports 80 and 443.

Seamless single sign-on

Seamless single sign-on gives users on your corporate network the ability to access cloud apps from their domain-joined devices without needing to re-enter their passwords. This feature uses Kerberos authentication instead.

We simplified the end user sign-on experience by removing the need for your users to enter their usernames when they access cloud apps with tenant-specific URLs (like outlook.office365.com/owa/contoso.com).

Customer adoption

We’ve seen our enterprise customers enthusiastically adopting these new capabilities even before they go GA. Deutsche Post DHL, a global organization with almost 500,000 employees, has been using these features in production and has this to say about their experience:

“We use pass-through authentication and seamless single sign-on to provide 50,000+ users the ability to sign-in to Yammer and 16 other enterprise applications. What I like most about it is its simplicity – it just works! We plan to migrate all ADFS-based applications to this setup soon.” – Joe Gasowski, Head of Identity and Access Management, Deutsche Post DHL

Learn more!

Dive into our detailed documentation for pass-through authentication and seamless single sign-on and let us know what you think by leaving us a comment below or emailing us at aadopauthfeedback@microsoft.com. We look forward to hearing from you!

Best regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division