Microsoft O365 with Shib IDP

Hong Ye hy93 at
Tue Nov 3 17:55:20 UTC 2020

Thanks Rob! That’s very helpful.


From: users <users-bounces at> on behalf of Rob Gorrell via users <users at>
Reply-To: Shib Users <users at>
Date: Tuesday, November 3, 2020 at 12:11 PM
To: Shib Users <users at>
Cc: Rob Gorrell <rwgorrel at>
Subject: Re: Microsoft O365 with Shib IDP

UW captured a pretty good comparison:
2FA options analysis for O365/AAD - Microsoft Infrastructure - UW-IT Wiki (<>
but the short of it is, yes, there will be certain things you give up (especially in the endpoint device arena) available to local auth/ADFS that aren't possible with SAML federation. This is one of the reasons we moved from Shibboleth federation with Azure to password hash sync.


On Tue, Nov 3, 2020 at 11:04 AM Hong Ye <hy93 at<mailto:hy93 at>> wrote:

We are considering switching O365 login from ADFS to Shibboleth IDP. We don’t know if this change will break authentication to Microsoft Intune and Microsoft Mobile device management. Does anyone have experience with that?

Hong Ye
Identity Management
Cornell University
For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at<mailto:users-unsubscribe at>

Robert W. Gorrell
IT Manager, Identity and Access Management
University of NC at Greensboro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list