Applies to: Office 365, Microsoft Server 2008 - 2012
This is a pros / cons comparison around using ADFS with Single SignOn (SSO) and at the time the newly released Password Sync with the new DirSync tool. The below table is based on research using the following Microsoft white paper “Office365-Single Sign-On-with-AD-FS2.0-v1.0a”
So here is the Table that compares the end user experience using ADFS and DirSync with Password Sync enabled:
| Access Method | ADFS | DirSync w/ Password | Verdict |
| Outlook 2010/2013 | Prompted for credentials on first connection (and at each password change) with checkbox to remember them. | Prompted for credentials on first connection (and at each password change) with checkbox to remember them. | Draw, both have the same experience |
| ActiveSync, POP, IMAP | Prompted for credentials on first connection (and at each password change) with checkbox to remember them. | Prompted for credentials on first connection (and at each password change) with checkbox to remember them. | Draw, both have the same experience |
| MS Online Portal, SharePoint Online, Office Web Apps | Internal: Pop up offers click to sign in with no credentials required (External Forms Based Prompted) | Prompted for credentials on first connection (and at each password change) with checkbox to remember them | Better experience for ADFS while internal to company network, draw when external |
| OWA | Internal: Seamless (External Forms Based Prompted) | Prompted for credentials on first connection (and at each password change) with checkbox to remember them | Better experience for ADFS while internal to company network, draw when external |
| Lync 2010/2013 | Seamless (with Sign on Assistance installed for Lync 2010) | Prompted for credentials on first connection (and at each password change) with checkbox to remember them. | Better experience for ADFS |
As you can see above, overall for an end user experience when the user is internal to the company network ADFS offers a better experience. But when you take into account the additional administrative and server overhead needed to implement ADFS and SSO, I still would recommend Password Sync to a company. This is especially relevant to small companies who are moving to Office 365 to remove on-premises servers and resources from their environment. The caveat to this would be if a company already has ADFS deployed for another reason, federation with a partner or other SaaS provider, then using ADFS for Office 365 makes sense.
I will always lead with Password Sync versus ADFS and SSO. I just think with the cloud movement removing reliance on on-premises infrastructure for authentication is the right move. Now with Password Sync companies can reduce the sever footprint on-premises and fully ensure that if on-premises infrastructure goes dark that user can still access and authenticate to Office 365 resources.
