Active Directory Federation Services (ADFS) allows your school/organisation to use your own Active Directory to authenticate users. While Azure AD Connect (formerly DirSync) seems to give this functionality, it is actually a copy of the usernames and passwords in Azure AD which authenticates the user onto the site rather than your own AD server.
The main benefit of having ADFS setup is the option for users to have single sign-on to Office 365. When a user enters their username in the Office 365 login page, the domain is automatically detected as federated and the user is redirected to the ADFS login page hosted on the local network. If the user is logged in to the local network, they are automatically signed in using windows authentication. If the user is not on the local network, the ADFS login page can be branded with the organisation’s logo, image, text and colours to provide a custom login experience.
Although the user doesn’t have to enter the password, it doesn’t feel like a true single sign-on experience (as the user must enter the username to get redirected). There is a nice solution to this, you can use some custom links to automatically redirect the user so no credentials are required when logged into the network.
Using the login URL, we can add some variables to the path.
The first variable is the request message:
We need to let Office 365 know which domain to authenticate (so it knows where to redirect) using:
Finally, we can provide a URL to redirect the user once they have been authenticated. This could be your SharePoint site:
The final URL to log a user into Office 365 using the domain mydomain.co.uk and redirecting to https://mydomain.sharepoint.com would be: