Impact to Azure AD joined windows 10 computers after integrating ADFS with Azure AD?

1
votes

I have configured an ADFS server and I am in the process of integrating ADFS with Azure AD so that users can sign into Office 365 with on-prem AD credentials and I think it's pretty straight forward to make this work.

Where I am struggling at the moment is to identify the impact to our computers. All computers are purely Azure AD joined windows 10 computers and users use Windows Hello PIN to sing into it at the moment. I am hoping that after integrating Azure AD with ADFS that users will be able to sign in to their computers with their On-Prem Active Directory password and hence get a claims token from the ADFS server such that they can access any application configured for SSO seamlessly without entering their credentials once they are signed into their computers.

Can someone please let me know if there is anyway that I can test the impact of this change exclusively with a test user account by syncing only one domain user credentials using Azure AD connect / ADFS? Or is this a change that will impact all users in a organisation? If it affects all users / computers, can someone please let me know if they have done something like this and what could the potential impact be?

Thank you in advance.

1
azurewindows-10azure-active-directoryadfswindows-10-desktop

1 Answers

0
votes

I guess I can answer this question myself after making the change:

1.Impact of the change: This is done at a domain level , so it impacts all the users.

2. Windows Hello PIN users impact: It doesn't impact these users, they can continue to user Windows Hello PIN facility. However, users can login with their email address and AD password after the change

3. Do users get a claims token after logging on to their computers?: No, after logging into their PC's they will again need to sign into the AD FS portal. I didn't use Azure SSO option on AD FS configuration.