Office 365 SSO – A Step-by-Step setup guide

This article is still in progress, please check back for more content shortly

Office 365 SSO has long been a pipe dream of many companies but historically has always been either too difficult or too expensive to implement. Not any more, as Microsoft have now made this avaialble to all customer for free, see here. Let’s look at how we can easily achieve this.

This article is for you if

  • You are wanting to setup Office 365 SSO but aren’t sure exactly how to do this
  • Your users want to use Office 365 SSO
  • You are frustrated at having to login to Office 365 each time you want to check your emails
  • You plan to move users data to OneDrive and want do this automatically via Group Policy
  • You plan to move on premise central file shares to SharePoint and want to re-map these automatically for users via Group Policy
  • You are moving to Office 365 from another cloud service provider and need a good tutorial on how to get the best from seamless single sign on
  • You want to learn how to configure Azure AD Connect for Office 365 SSO
  • Your manager has asked you to setup Office 365 SSO but you don’t want to look incompetent and say you don’t know how

Once configured your users machines should work as demoed in the video below.

Configure your users UPN Suffixes to match your Azure AD tenant domain

office 365 sso
From Server Manager, click Tools, Active Directory Domains and Trusts
office 365 sso
Right Click Active Directory Domains and Trusts, Click Properties
office 365 sso
Enter the Domain Name you use with your Office 365 email accounts, click Add then click Ok
office 365 sso
Go back to Server Manager and click Tools, Active Directory Users and Computers
office 365 sso
For each of the users you are going to Sync and want to have SSO enabled right click them and select Properties. You can also do this in bulk with multiple users at once.
office 365 sso
Click onto the Account tab and then from the drop down menu select the newly added domain name. Click Ok.

Configure your Domain Controller for Azure Active Directory pass-thorough authentication and seamless single sign on using the Azure AD Connector

Configure the Azure Active Directory single sign on Group Policy and assign it to the Windows 10 test machine

Test seamless single sign on to Office 365 on the Windows 10 test machine

Copy the OneDrive ADMX and ADML templates from the Windows 10 test machine to your Domain Controller’s SYSVOL folder

Configure the OneDrive Group Policy for seamless single sign on, to silently move your users Known Folders to OneDrive and to always use OneDrive Files On-Demand as default

Test OneDrive seamless single sign on from the Windows 10 test machine and confirm the Known Folders auto redirect

Configure the map SharePoint Sites Group Policy to automatically connect a site via OneDrive

2020 06 11 07 36 37 Windowb

To Map a SharePoint site to OneDrive on Demand you can can configure the Group Policy at User Configuration -> Administrative Templates -> OneDrive -> Configure team site libraries to sync automatically

You will need to populate this with the Name of the SharePoint Site you want to map and the ID; for example –

Name: Staff Shared

(tenantId=xxx&siteId=xxx&webId=xxx&listId=xxx&webUrl=httpsxxx&version=1)

Test the map SharePoint Sites Group Policy from the Windows 10 test machine and confirm the SharePoint site is connected

Resources used in this Step-by-Step guide include –

OneDrive OnDemand SSO

Azure AD Connect – Completed-Export-Errors – Permission-Issue

Azure Active Directory Seamless Single Sign-On: Quick start

Find your Microsoft 365 organization ID

Configure team site libraries to sync automatically

Convert synced team site files to online-only files

OneDrive | Update for GPO team site libraries to sync automatically

Use Group Policy to control OneDrive sync settings

If you found this article helpful, would you consider buying me a Coffee?