Federated Identities
Start course

Microsoft 365 offers Enterprise Mobility & Security (EMS), Windows 10, and Office 365 to enhance business productivity and security. Because Microsoft 365 offers a variety of services and features, not everything is in the same place. Therefore, we need to navigate within different portals, and familiarity with “what is where” gets really important over time.

In this course, we will have a look at some of the most common tasks to be performed by Microsoft 365 administrators related to Azure AD identities, how to secure your environment by assigning the correct permissions to your users, and how to reduce administrative overhead. We’ll do various tasks in different ways by using the Microsoft 365 Admin Center, the Azure portal, and even use Windows PowerShell for automating bulk actions.

Choosing the right type of identity for your current infrastructure is the first step for any successful Microsoft 365 deployment.

Learning Objectives

  • Plan Azure AD Identities
  • Manage Users and Groups
  • Manage User Access with Access Reviews
  • Manage Passwords and Password Policies
  • Implement Self-Service Password Reset (SSPR)
  • Manage Product Licenses

Intended Audience

  • People preparing for Microsoft’s MS-100 exam
  • Microsoft 365 Administrators


  • Experience with Microsoft 365
  • Experience with the Azure portal
  • Experience with PowerShell

The last identity model we have is federated identities. And again, we have two available options. 

The first one is Federation with Active Directory Federation Services, also known as ADFS. The directory objects are synchronized from on-premises to the cloud, users and groups are managed on-premises, and this provides the single sign-on, or SSO. So your users will not need to sign in again in the cloud. By using federated identities, you have the possibility to add additional authentication requirements. Maybe your users are using a smart card. 

The second option is federation with a third-party identity provider. We have the same. The directory objects are synchronized from on-premises to the cloud. Users and groups are managed on-premises by the third-party identity provider. And the sign-on experience is provided by this third-party solution. One thing you have to be careful of, though, is to make sure that your third-party provider is supported by Azure AD.

About the Author

Veronique is a SharePoint and Office 365 consultant for an IT company based in Glasgow, UK. She loves photography, the outdoors, and long walks with her two dogs! You can follow Veronique on Twitter @veronicageek or read her blog at