Hi We are currently using ADFS but we are looking to change it to pass Through Authentication. How to perform this migration and would there be a downtime and risk on doing this.
Hi We are currently using ADFS but we are looking to change it to pass Through Authentication. How to perform this migration and would there be a downtime and risk on doing this.
Hi @bizcntradmin-7120 · Thank you for reaching out.
For this purpose, you need to run Azure AD Connect wizard and select Pass-through authentication (PTA) under User Sign-in as highlighted below. A PTA agent will be installed on the AD Connect server, you may install another agent on any domain joined machine for fault tolerance.

How to perform this migration?
1. Enable pass-through authentication. Please refer to https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-quick-start
2. Disable Federation with ADFS by using Convert-MsolDomainToStandard cmdlet.
3. (Optional) Enable Password Hash Synchronization (PHS) as backup option for Pass-through Authentication (PTA). Refer to https://docs.microsoft.com/en-us/answers/questions/10981/azure-active-directory-sign-in-disaster-recovery.html
Would there be a downtime and risk on doing this?
Although there won't be a downtime and not much risk involved, I would still recommend you to schedule a downtime window for this activity. Just in case, if anything goes wrong (due to network/firewall/other restrictions), you can revert the changes.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
22 people are following this question.