Enable Multi-Factor Authentication to Microsoft Office 365

To enable single sign-on to Office 365, perform the following tasks:

Enabling Directory Synchronization in Office 365

  1. 1. Log in to the domain-joined computer where you have installed the following components:

    • Microsoft Online Services Sign-in Assistant.

    • Microsoft Azure Active Directory Module for Windows PowerShell.

    • Azure AD Connect tool.

  2. Launch Azure AD Connect.

  3. In Express Settings Wizard, click Use express settings.

  4. In User sign-in, select Federation with AD FS.

  5. Click Next.

  6. Specify the Azure AD global administrator credentials in Connect to Azure AD.

    Wait to connect to Microsoft Online

  7. Click Add Directory.

  8. Select Create new AD account.

  9. Specify the enterprise credentials and click OK.

  10. In Domain/OU Filtering, select the following and click Next.

    1. Select Sync selected domains and OUs.

    2. Select only O365.

  11. In Credentials, specify the domain administrator credentials and click Next.

  12. In AD FS Farm, perform the following steps and click Next:

    1. Click Browse and select the SSL certificate file from the local drive.

    2. Specify the password for certificate.

  13. In Federation server, add the server where to install AD FS click Next.

  14. In Service account, specify the AD FS account credentials and click Next.

  15. In Azure AD Domain, select your domain and click Next.

  16. In Ready to Configure, click Install.

  17. Verify the Active Directory synchronization.

Making the Corresponding Changes in ADFS

  1. Open the ADFS management console.

  2. Click Claims Provider Trusts > Add Claims Provider trust.

  3. Click Start.

  4. Click Import data about the claims provider published online or on a local network.

  5. Specify federation metadata address.

    In this example, https://caf.realticsol.cf/osp/a/TOP/auth/saml2/metadata.

  6. Click Next.

  7. Specify the Display name.

  8. Click Next.

  9. Select Open the Edit Claim Rules dialog for this claims provider when the wizard closes.

  10. Click Close.

  11. Right-click the Display name and select Edit Claim Rules.

  12. Click Add Rule.

  13. In Claim rule template, select Send Claims Using a Custom.

  14. Click Next.

  15. Specify the Claim rule name.

  16. Paste the following in Custom rule:

    c:[Type == "netbiosName"] => issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);

  17. Click OK.