Skip to main content
 

Decommission ADFS Infrastructure for M365 Authentication

  • SPONSOR(S):  John Mack
  • DEPT OR DIVISION: ITS IT Infrastructure
  • PROJECT MANAGER:  Richard Hill
  • STATUS: Completed

When UNC migrated to Microsoft 365, we implemented an on-premises infrastructure called “Active Directory Federation Services” (ADFS) to support authentication into Microsoft 365. ADFS addressed security concerns around syncing passwords into the Azure Active Directory Cloud service, but it also created an on-premises dependency for Microsoft 365 and technical debt.

Note: Technical debt can be defined as “incomplete configurations or deployments of technology that have been on the books, but due to lack of resources or time, have been lingering and if resolved will either improve service, save staff time, reduce cost, or allow for the decommissioning of aged infrastructure or services.”

This past summer the ITS cloud team and ITS identity management teams did an evaluation to see if we needed the ADFS infrastructure and concluded we do not need it anymore. The goal of this project is to remove the ADFS on-premises infrastructure and rely on Azure Active Directory authentication for Microsoft 365. Once the ADFS infrastructure is turned off, campus will authenticate directly to Azure through the Microsoft portal.