Tuesday 28 July 2015

Configuring the Relying Party Trust between Office 365 and ADFS 3.0

If you currently have an ADFS infrastructure built the next step is to configure the relationship between Office 365 and your ADFS infrastructure. This is done with the following PowerShell commands.

PowerShell Remoting should be enabled and allowed on both the ADFS and WAP servers.
Enable-PSRemoting

You then must connect to the Office 365 tenancy, using this command. It is best to enter Global Administrator credentials that use the .onmicrosoft.com suffix. Refer to this blog post to see why;


Connect-MsolService

This then points to the ADFS server context, this should be the FQDN of the ADFS server if you are using a single server setup. If not it should be set to the server farm name, in which the appropriate DNS records should be configured.

Set-MsolADFSContext -Computer adfs.ryanbetts.co.uk

This command actually converts the Office 365 tenancy to use the ADFS for authentication.
Convert-MsolDomainToFederated -DomainName edin-networks.com

You can test that the settings have been applied correctly using this command.

Get-MsolDomain


You can also see that there is a Microsoft Office 365 Identity Platform under the Relying Party Trusts under your ADFS servers.