If you’re a follower of this blog you’ll probably recall that we announced pass-through authentication and seamless single sign-on in Azure AD at the end of last year. These features make it easy and fast to deliver world class end user sign-in experiences with Azure AD. Today I’m excited to announce a few improvements we’ve made that make these capabilities even more secure, easier to use, and easier to administer.

Pass-through authentication

Pass-through authentication lets users sign in to your cloud apps while getting rid of the need to store any user passwords in the cloud or deploy new server infrastructure. Some of the key improvements we’ve just turned on include:

Security: We’ve improved user sign-on security with public key / private key encryption between Azure AD and on-premises agents. That’s in addition to secure HTTPS, which is always used to transfer usernames and passwords.

Usability: We now support using any attribute, configured as Alternate ID in Azure AD Connect, as the username.

Easier deployment: Now you only need to open two ports to deploy pass-through authentication—the standard ports 80 and 443.

Read the entire article here, New Enhancements to the Azure AD Pass Through Authentication Preview are live! – Enterprise Mobility and Security Blog

via the fine folks at Microsoft.