Identity models and authentication in Microsoft Teams
Microsoft Teams support all the identity models that are available with Office 365. Supported identity models include:
Cloud Identity: In this model, a user is created and managed in Office 365 and stored in Azure Active Directory, and the password is verified by Azure Active Directory.
Synchronized Identity: In this model, the user identity is managed in an on-premises server, and the accounts and password hashes are synchronized to the cloud. The user enters the same password on-premises as they do in the cloud, and at sign-in the password is verified by Azure Active Directory. This model uses the Microsoft Azure Active Directory Connect Tool.
Federated Identity: This model requires a synchronized identity with the user password is verified by the on-premises identity provider. With this model, the password hash does not need to be synchronized to Azure AD, and Active Directory Federation Services (ADFS) or a third-party identity provider is used to authenticate users against the on-premises Active Directory.
Depending on your organization’s decisions of which identity model to implement and use, the implementation requirements may vary. Refer to the requirements table below to ensure that your deployment meets these prerequisites. If you have already deployed Office 365 and have already implemented the identity and authentication method, you may skip these steps.
|Identity Model||Deployment Checklist||Additional Information|
Refer to Choosing a sign-in model for Office 365 and Understanding Office 365 identity and Azure Active Directory guides for additional details.
Office 365 plans support Multi-Factor Authentication (MFA) that increases the security of user logins to Office 365 services. With MFA for Office 365, users are required to acknowledge a phone call, text message, or an app notification on their smartphone after correctly entering their password. Only after this second authentication factor has been satisfied, can a user sign in.
Multi Factor authentication is supported with any Office 365 plan that includes Microsoft Teams. The Office 365 subscription plans that include Microsoft Teams are discussed later in the Licensing section below.
Once the users are enrolled for MFA, the next time a user signs in, they see a message that asks them to set up their second authentication factor. Supported authentication methods are:
|Tenant Type||Available MFA Second Factor options||Notes|
|Cloud Only||MFA for Office 365
||Plan for multi-factor authentication for Office 365 Deployments|
|Hybrid setup (Synchronized or Federated Identity model)||
||Note: Additional MFA solutions are available with Azure AD Identity Provider Compatibility Docs|