Applies to: Nerdio for Azure (NFA) and Nerdio Private Cloud (NPC) customers
In case of a federated domain, when a user logs into Microsoft 365, their authentication request is forwarded to the ADFS server, which is the DC01 domain controller. This allows for a single place to control all authentication requests. If you disable an account or change password, these changes take effect immediately and you don’t have to wait until a synchronization of Microsoft Entra Connect is complete. ADFS allows Single Sign On and a slightly better user experience since the user has to sign in fewer times.
If you have a managed domain, then authentication happens on the Microsoft site. The password must be synched up via Microsoft Entra Connect, using something called "password hash synchronization".
Microsoft Entra Connect can be running irrespective of whether you have federated the domain or not. Microsoft Entra Connect is how the user information gets from AD to Microsoft Entra ID. In small environments we typically see people use managed, not federated domains.
To convert the domain from federated back to managed requires power shell scripting and there is no automation in the NAP to help you with this. Here are the commands you’ll need to use: https://docs.microsoft.com/en-us/powershell/module/msonline/convert-msoldomaintostandard?view=azureadps-1.0.
Note: NFA Core account doesn't support federation as there is no ADFS server in NFA Core account.
Comments (0 comments)