Improved Single Sign-On for Azure AD

• Updated AAD technology enables user access to on-premises applications and cloud services such as Office 365 through a single sign-in to Windows and Active Directory.
• The new option requires password hash synchronization between AD and AAD and does not work with AD FS.
• Single sign-on is still not simple and may not be worth the risk and cost for every organization.

The Azure Active Directory (AAD) Connect synchronization and authentication gateway software now enables true single sign-on by Windows users to software and services protected by Azure AD. Specifically, a user who has signed on to a Windows AD domain can access Microsoft 365 native applications and hosted services without needing to provide their user credentials again, a capability that Microsoft now calls seamless single sign-on (SSSO). Previous single sign-on implementations were complex and had significant limitations. The AAD Connect implementation could be simpler and more secure, putting it within reach of more organizations.