Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions

Getting Started with Cloud User Identity (Active Directory) for Office 365

No items found.
Office 365 user identity managment

Moving to Office 365? The user experience is bound to shift, with one of the biggest changes coming to the login process.

Each workstation might previously have had Office software installed locally, so once users signed in, they were free to launch and work on Word or answer e-mails in Outlook. With Office 365, you’ll have to configure user identity settings in a specific way to replicate this — or you can go the cloud-only route and have them sign-in again online in order to access these programs.

Here are some of the factors you’ll have to consider when setting up user identity management in Office 365.

SSO or no?

The “double login” question is one of the first you’ll need to address. Is it OK if users log into their workstation and then have to enter another set of credentials online to access Office apps and e-mail? Are you comfortable managing multiple sets of credentials for each user?

If you already have Active Directory Federation Services configured locally, you can use that to authenticate Single Sign On (SSO) with O365. With ADFS, you can configure local user accounts on your Windows servers and then sync them to O365. However if you don’t already have an ADFS server, you’ll need to setup and configure one

Another option to connect on-premise Active Directory accounts to a new O365 deployment is to use the Azure Active Directory Connect tool

This software scans and uploads your AD to the cloud and is ideal for hybrid implementations where you may need to move users to and from cloud services. It also includes encryption during the transfer process. Azure Active Directory Connect does not implement SSO, however — users will still need to enter their username and password (which are the same as their workstation credentials) a second time on the O365 login page.

Cloud-only option

Finally, you can set up and administrate your user credentials entirely via O365. This cloud identity option is simple as far as initial deployment, but you are stuck with the Azure Active Directory password policy, so you might not meet a more strict corporate security standard if you have one.

This requires additional management on your part and on the user side as well, as they will each be in charge of managing their own cloud account. Unless you have a small workforce that is comfortable with technology, this option is not ideal. In this case, cloud credentials may be completely different from workstation credentials, and the user will have to login twice.

Third party software can also be used to provide a more seamless SSO for your users, with one set of credentials used for all software rather than just Windows and Office.

Two-step verification

Multi-factor authentication may be a good policy to implement with cloud-based tools like O365. There is a native multi-factor authentication option for Office 365 that will send users a code via phone call, text message, or application notification on a mobile device. This is to help ensure that the user logging in is in fact the correct individual. Read more about multifactor authentication for O365 here, but note that desktop client software will not be usable by default — you must enable an “app password” first.


Ultimately, the route you choose for identity management in Office 365 will likely depend on how dependent you are on any existing Active Directory on your premises. If you aren’t sure how to begin, contact us today for ongoing assistance with managing your O365 environment and users.

Recent Blog Posts

lunavi logo alternate white and yellow
Lunavi Proves Commitment to Channel Partners, Customers with CRN Elite 150

While industry recognition such as the MSP 501 is validating, the most rewarding part of my work in the channel is hearing from partners and their clients about the success they have with these types of engagements.

Learn more
lunavi logo alternate white and yellow
More Than Just Another Partnership, the Azure Expert MSP Is a Unique Source of Pride

As a founder and leader at Lunavi, I’ve seen our organization achieve a lot of big things. That said, achieving the distinction of Azure Expert MSP stands out.

Learn more
lunavi logo alternate white and yellow
What You Should Know About the SolarWinds Nation-State Hack

A supply chain attack on SolarWinds software has led to numerous security breaches. Learn how Lunavi is responding and what you should know about the hack.

Learn more