Azure AD Pass Through Authentication are live

Do you know how many cloud applications are being accessed by your employees?
Are your employees sharing valuable information via emails and attachments?
Is Your Help Desk Inundated with Password Reset Requests Over and Over?
Get Started With A FREE Trial Get Started With A FREE Trial Request a Consultation Request a Consultation Download FREE MOBILE DEVICE SECURITY REPORT

Azure AD Pass Through

If you are into Azure AD you’ll probably recall that Microsoft had announced pass-through authentication and seamless single sign-on in Azure AD at the end of last year. These features make it easy and fast to deliver world class end user sign-in experiences with Azure AD. There are a few improvements Microsoft has made that make these capabilities even more secure, easier to use, and easier to administer.


Azure AD Pass through authentication

Azure AD Pass through authentication lets users sign in to their cloud apps while removing the need to store any user passwords in the cloud or, deploy new server infrastructure. Some of the key improvements they’ve just turned on include:

  • Security: Improved user sign-on security with public key / private key encryption between Azure AD and on-premises agents. That’s in addition to secure HTTPS, which is always used to transfer usernames and passwords.
  • Usability: Microsoft now supports using any attribute, configured as Alternate ID in Azure AD Connect, as the username.
  • Easier deployment: Now you only need to open two ports to deploy pass-through authentication—the standard ports 80 and 443.

Seamless single sign-on

Seamless single sign-on gives users on your corporate network the ability to access cloud apps from their domain-joined devices without needing to re-enter their passwords. This feature uses Kerberos authentication instead.

Microsoft has simplified the end user sign-on experience by removing the need for users to enter their usernames when they access cloud apps with tenant-specific URLs (like


Customer adoption

Microsoft has seen their enterprise customers enthusiastically adopting these new capabilities even before they actually go GA. Deutsche Post DHL, a global organization with almost 500,000 employees, has been using these features in production and has this to say about their experience:

“We use pass-through authentication and seamless single sign-on to provide 50,000+ users the ability to sign-in to Yammer and 16 other enterprise applications. What I like most about it is its simplicity – it just works! We plan to migrate all ADFS-based applications to this setup soon.” – Joe Gasowski, Head of Identity and Access Management, Deutsche Post DHL


Check out more detailed documentation for pass-through authentication and seamless single sign-on.

Learn more about Azure Active Directory here:

(Visited 85 times, 1 visits today)