Office 365 SSO

This article is still in progress, please check back for more content shortly

Office 365 SSO has long been a pipe dream of many companies but historically has always been either too difficult or too expensive to implement. Not any more, as Microsoft have now made this avaialble to all customer for free, see here. Let’s look at how we can easily achieve this.

This article is for you if

  • You are wanting to setup Office 365 SSO but aren’t sure exactly how to do this
  • Your users want to use Office 365 SSO
  • You are frustrated at having to login to Office 365 each time you want to check your emails
  • You plan to move users data to OneDrive and want do this automatically via Group Policy
  • You plan to move on premise central file shares to SharePoint and want to re-map these automatically for users via Group Policy
  • You are moving to Office 365 from another cloud service provider and need a good tutorial on how to get the best from seamless single sign on
  • You want to learn how to configure Azure AD Connect for Office 365 SSO
  • Your manager has asked you to setup Office 365 SSO but you don’t want to look incompetent and say you don’t know how

Once configured your users machines should work as demoed in the video below.

Configure your users UPN Suffixes to match your Azure AD tenant domain

office 365 sso
From Server Manager, click Tools, Active Directory Domains and Trusts
office 365 sso
Right Click Active Directory Domains and Trusts, Click Properties
office 365 sso
Enter the Domain Name you use with your Office 365 email accounts, click Add then click Ok
office 365 sso
Go back to Server Manager and click Tools, Active Directory Users and Computers
office 365 sso
For each of the users you are going to Sync and want to have SSO enabled right click them and select Properties. You can also do this in bulk with multiple users at once.
office 365 sso
Click onto the Account tab and then from the drop down menu select the newly added domain name. Click Ok.

Configure your Domain Controller for Azure Active Directory password hash sync and seamless single sign-on using the Azure AD Connector

You can download the connector here

Once downloaded, install and run Azure AD Connect and enter an Office 365 Admin credential.

2022 09 16 12 19 06 Purston Infant School PUR HV 01 2

Click Add Directory and add your local domain and provide credentials when requested; it should then show a green tick circle.

2022 09 16 12 19 21 Purston Infant School PUR HV 01 1

Select the OUs you wish to sync to Office 365 and select just the users and groups OUs you wish to sync.

2022 09 16 12 19 39 Purston Infant School PUR HV 01 1

Select Password hash synchronization to hash your user’s passwords into Office 365. Unlike other connectors, this does not require a password reset for users.

2022 09 16 12 19 51 Purston Infant School PUR HV 01 1

Click Enter credential for Enabling single sign-on. It should go to a green circle tick again.

2022 09 16 12 20 00 Purston Infant School PUR HV 01 1

Click Configure. The wizard will run and create the required AzureAD computer account in AD Computers used to run SSSO.

2022 09 16 12 20 21 Purston Infant School PUR HV 01 1

Copy the OneDrive ADMX and ADML templates from the Windows test machine to your Domain Controller’s SYSVOL folder

You can find the ADMX files here – C:\Program Files\Microsoft OneDrive\OneDriveVersionNumber\adm

Remember to change OneDriveVersionNumber to the version you are on

Configure the Azure Active Directory single sign-on Group Policy

You can do this by setting the below policies.

1

Test seamless single sign-on to Office 365

You can create your custom SSSO URLs using this wizard here. Ensure that when logged onto an AD account, you can go to one of these links and it auto logs in.

For example, outlook would be – https://outlook.com/owa/theictguy.co.uk

Configure the OneDrive Group Policy for seamless single sign-on, to silently move your user’s Known Folders to OneDrive and always to use OneDrive Files On-Demand as default

2
3
4

Test OneDrive seamless single sign-on from the Windows test machine and confirm the Known Folders auto-redirect

As before, when testing SSSO, login to an AD account and ensure that once OneDrive has logged in automatically the Desktop, Documents and Pictures should auto-redirect withing a few seconds. This is dependant on the specification of the machine and Internet speeds.

Configure the map SharePoint Sites Group Policy to connect a site via OneDrive automatically

To Map a SharePoint site to OneDrive on Demand, you can configure the Group Policy at User Configuration -> Administrative Templates -> OneDrive -> Configure team site libraries to sync automatically

2022 09 16 11 27 55 Purston Infant School PUR HV 01

You will need to populate this with the Name of the SharePoint Site you want to map and the ID; for example –

Name: Staff Shared

(tenantId=xxx&siteId=xxx&webId=xxx&listId=xxx&webUrl=httpsxxx&version=1)

You can get the tenant ID by clicking on Sync and then Copy Site ID.

2022 09 16 11 24 37 ALAMO BUSINESS SYSTEMS LTD Documents All Documents and 7 more pages Work

Force the SharePoint library to auto-connect immediately indeed of waiting 8 hours as per Microsofts documentation

You can do this by setting the following Registry Key on login.

Hive HKEY_CURRENT_USER
Key path SOFTWARE\Microsoft\OneDrive\Accounts\Business1
Value name TimerAutoMount
Value type REG_QWORD
Value data 0x1 (1)

2022 09 16 11 26 08 Purston Infant School PUR HV 01

Test the map SharePoint Sites Group Policy from the Windows test machine and confirm the SharePoint site is connected

As before, when testing folder auto redirection, the Shared Drive should auto map within a few seconds when using the above Reg fix.

2022 09 16 12 37 17 Downloads

Upload Shared Drives and users’ Home Directories

Login to Office 365 Admin Center and click SharePoint under Admin centres

2022 09 16 11 40 38 Home Microsoft 365 admin center and 2 more pages Work Microsoft​ Edge

Click Migration

2022 09 16 11 34 08 SharePoint admin center and 1 more page Work Microsoft​ Edge

Click Get Started under File Shared

2022 09 16 11 34 13 SharePoint admin center and 1 more page Work Microsoft​ Edge

Choose Download agent and install the agent onto your file servers

2022 09 16 11 34 20 SharePoint admin center and 1 more page Work Microsoft​ Edge

Click Migrations

2022 09 16 11 34 30 SharePoint admin center and 1 more page Work Microsoft​ Edge

Click Add Task

2022 09 16 11 34 35 SharePoint admin center and 1 more page Work Microsoft​ Edge

Decide if you wish to upload a single share or multiple via CSV. For this guide, we will run with a single share.

2022 09 16 11 34 40 SharePoint admin center and 1 more page Work Microsoft​ Edge

Enter your source; this must be a share stored on the same network that the agent has access to.

2022 09 16 11 34 54 SharePoint admin center and 1 more page Work Microsoft​ Edge

Select your destination, for this part of the guide we will select SharePoint

2022 09 16 11 35 00 SharePoint admin center and 1 more page Work Microsoft​ Edge

Enter the URL of the destination SharePoint site.

2022 09 16 11 35 13 SharePoint admin center and 1 more page Work Microsoft​ Edge

Select either the root Documents folder or any other subfolder. You can also create a new folder here too.

2022 09 16 11 35 29 SharePoint admin center and 1 more page Work Microsoft​ Edge

Give your task a name and select to either Run now or Run later.

2022 09 16 11 35 43 SharePoint admin center and 1 more page Work Microsoft​ Edge

Suggest that the below setting is also enabled to replace invalid characters when uploading.

2022 09 16 11 35 57 SharePoint admin center and 1 more page Work Microsoft​ Edge

This setting also to not upload hidden files

2022 09 16 11 36 02 SharePoint admin center and 1 more page Work Microsoft​ Edge

Now click Run, the job will queue and upload the file share.

2022 09 16 11 39 26

Resources used in this Step-by-Step guide include –

OneDrive OnDemand SSO

Azure AD Connect – Completed-Export-Errors – Permission-Issue

Azure Active Directory Seamless Single Sign-On: Quick start

Find your Microsoft 365 organization ID

Configure team site libraries to sync automatically

Convert synced team site files to online-only files

OneDrive | Update for GPO team site libraries to sync automatically

Use Group Policy to control OneDrive sync settings

Found priceless insights in this blog? Support the author’s creativity – buy them a coffee!

1 thought on “Office 365 SSO / SharePoint / OneDrive Migration – A Step-by-Step setup guide

Leave a Reply

Your email address will not be published. Required fields are marked *