You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/hybrid/choose-ad-authn.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -65,11 +65,11 @@ Details on decision questions:
65
65
66
66
1. Azure AD can handle sign-in for users without relying on on-premises components to verify passwords.
67
67
2. Azure AD can hand off user sign-in to a trusted authentication provider such as Microsoft’s AD FS.
68
-
3. If you need to apply user-level Active Directory security policies such as account expired, disabled account, password expired, account locked out, and sign-in hours on each user sign-in, Azure AD requires some on-premises components.
68
+
3. If you need to apply, user-level Active Directory security policies such as account expired, disabled account, password expired, account locked out, and sign-in hours on each user sign-in, Azure AD requires some on-premises components.
69
69
4. Sign-in features not natively supported by Azure AD:
70
70
* Sign-in using smartcards or certificates.
71
71
* Sign-in using on-premises MFA Server.
72
-
* Sign-in using thirdparty authentication solution.
72
+
* Sign-in using third-party authentication solution.
73
73
* Multi-site on-premises authentication solution.
74
74
5. Azure AD Identity Protection requires Password Hash Sync regardless of which sign-in method you choose, to provide the *Users with leaked credentials* report. Organizations can fail over to Password Hash Sync if their primary sign-in method fails and it was configured before the failure event.
75
75
@@ -128,7 +128,7 @@ Refer to [implementing pass-through authentication](../../active-directory/hybri
128
128
129
129
***User experience**. The user experience of federated authentication depends on the implementation of the features, topology, and configuration of the federation farm. Some organizations need this flexibility to adapt and configure the access to the federation farm to suit their security requirements. For example, it's possible to configure internally connected users and devices to sign in users automatically, without prompting them for credentials. This configuration works because they already signed in to their devices. If necessary, some advanced security features make users' sign-in process more difficult.
130
130
131
-
***Advanced scenarios**. A federated authentication solution is usually required when customers have an authentication requirement that Azure AD doesn't support natively. See detailed information to help you [choose the right sign-in option](https://blogs.msdn.microsoft.com/samueld/2017/06/13/choosing-the-right-sign-in-option-to-connect-to-azure-ad-office-365/). Consider the following common requirements:
131
+
***Advanced scenarios**. A federated authentication solution is required when customers have an authentication requirement that Azure AD doesn't support natively. See detailed information to help you [choose the right sign-in option](https://blogs.msdn.microsoft.com/samueld/2017/06/13/choosing-the-right-sign-in-option-to-connect-to-azure-ad-office-365/). Consider the following common requirements:
132
132
133
133
* Authentication that requires smartcards or certificates.
134
134
* On-premises MFA servers or third-party multifactor providers requiring a federated identity provider.
0 commit comments