web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / Dynamics 365 F&O O...
Finance | Project Operations, Human Resources, ...
Suggested Answer

Dynamics 365 F&O On-Premises + Cloud (Azure Auth)

(0) ShareShare
ReportReport
Posted on by jjordan354 10

Hello!

We are migrating from AX 2012 to D365 Finance and Operations.  Our desired is a dual deployment model, 90% of the deployment will used against the traditional D365 Cloud Application and the other 10% will be deployed via on-premise services.  The 10% is simply a business justification that requires us to run a portion of D365 on-premise.  We currently use ADConnect to sync all on-premise users to Azure, so identities are already available in Azure/O365 for authentication.  Given the dual deployment of Cloud + On-prem, the D365 F+O on-premise documents indicates AD FS is required, but also support AD Trusts?   Can someone help me understand the technical justification/requirement for Active Directory Federation Services (AD FS) with respect to this dual deployment scenario (Mainly for the on-premise requirement)?  Users will only be accessing D365 on-premise via an internal network only (Not exposed to the internet).

I have the same question (1)
  • Suggested answer
    André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 301,171 Super User 2025 Season 2 on at

    Hi jjordan354,

    Dynamics 365 is a web application which is using the concept of claims users which was there in AX 2012 to authenticate the users. This would require AD FS for on-premise applications where on cloud deployments can authenticate the users via Azure AD.

  • Suggested answer
    Komi Siabi Profile Picture
    Komi Siabi 13,109 Most Valuable Professional on at

    Hello Just like André said,

    The on-premises application works with AD FS. To interact with LCS, you must also configure Azure Active Directory (AAD). To complete the deployment and configure the LCS Local agent, you will need AAD. If you do not already have an AAD tenant, you can get one for free by using one of the options provided by AAD.

    learn.microsoft.com/.../setup-deploy-on-premises-pu12

    And AD FS is a must before you start the On-premise application deployment.

    learn.microsoft.com/.../setup-deploy-on-premises-pu12

  • jjordan354 Profile Picture
    jjordan354 10 on at

    Thank you for the replies.  I'm still a bit shaky on the actual requirements for AD FS with respect to on-premise.  I understand you need an identity source to authenticate to D365.  AAD can be one of those sources if you are authenticating to D365 cloud.  In reviewing the D365 F+O documentation it also mentions Active Directory trusts are supported, which seems to imply that AD FS wouldn't be required as you could use local authentication instead?

    The only context AD FS against on-premise D365 F+O makes sense is the following scenario:

    -Users are provisioned/synced to AAD and can authenticate to D365 cloud natively without AD FS  (Meaning the user navigates here -  https://home.dynamics.com.  AKA an office.com application)

    -Inside of the AAD tenant, a published Azure application is created targeting the AD FS server via SAML logon/reply URLs.  Whatever users/group you apply against the Azure published application has access

    Based on above, an AAD user can authenticate with the same credential to D365 cloud or on-prem via two distinct application URLs  (Office.com  or XXXADFSXXX URL).  Do I have this right???

    Perhaps I am reading too far into the details or assembling the puzzle pieces in the incorrect order here.  I'm simply not seeing this AD FS requirement accurately depicted in the D365 F+O on-prem requirements.

  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 301,171 Super User 2025 Season 2 on at

    Hi jjordan354,

    There might be a dozen ways to create cloud applications and have user authentication in various different ways. Microsoft did only implement AD FS for Dynamics 365 F&O for on-premise deployments. They may have reasons to do it only in the current way. It might be related to security concerns or have a single method of authenticating the users if you open the application to be accessed from anywhere on the internet or only locally.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 467 Super User 2025 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 420 Most Valuable Professional

#3
BillurSamdancioglu Profile Picture

BillurSamdancioglu 241 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP

Product updates

Dynamics 365 release plans