Is it possible to use ADFS Authentication with a Microsoft Exchange 2016 Server? Sure!
A customer asked me that question a few days ago; they have mailboxes on premises and on Exchange Online. ADFS cloud to provide a great way to bring the same login experience to both.
Here are two GIST Files that configured everything for them 😉
The files above are part of my configuration script, but the only part missing is all the central connection stuff. I used one script that connects to all envolved systems via Remote PowerShell and excecute everything a one big script.
During a Windows 10 Pilot a customer told me, that on Windows 10 Systems the ADFS didn’t work as expected when they use EDGE.
Intranet Users with EDGE get the regular SSO Page like every external user.
With a few tweaks, I could solve that and now the Single-Sign-On via ADFS works like on Internet Explorer:
Code should be documented enough inline, so the GIST is the documentation 😉
After a bit more testing, I found that the old ‘-WIASupportedUserAgents’ wasn’t the best guess. I fixed that and mobile devices now get the Forms based login instead of the Auth Pop-Up.
Here is the Change: Set-ADFSProperties -WIASupportedUserAgents @('MSIE 6.0', 'MSIE 7.0', 'MSIE 8.0', 'MSIE 9.0', 'MSIE 10.0', 'Trident/7.0', 'MSIPC', 'Windows Rights Management Client', 'Windows NT 10.0; WOW64; Trident/7.0', 'Edge/1', 'Mozilla/5.0 (Windows NT')
And you might also want to consider this: Set-AdfsGlobalAuthenticationPolicy -PrimaryIntranetAuthenticationProvider @( 'WindowsAuthentication', 'FormsAuthentication' ) -WindowsIntegratedFallbackEnabled $true
Tested with ADFS on Windows Server 2012R2 and on Server 2016.