Remove 365 ADFS SSO \ Single Sign On Prompt during login Enable Pass Thru
When ADFS prompts users to login when it's supposed to be using pass thru security / integrated security
it can annoy people. If you have a fresh install of ADFS with dns configured correctly you only have to
trust the site in a gpo on your intranet.
GPO / Internet Explorer Trust
Add the FQDN of the External DNS name for the ADFS, This is also the one used on the ADFS Certificate.
Example:
ADD INTRA - NET Trusted Sites: FS.Company.com
DNS
external:
Make sure the External DNS Resolves to the ip of either the ADFSPROXY ( IF you have one ) or the NAT to the internal ADFS server.
This FQDN MUST match the certificate(s) on the servers.
Example:
FS.Company.com -> 204.204.224.221
Internal:
The internal should have either a subdomain (Dual Home), or Internal Primary Zone defined
to redirect internal users to the internal IP of the ADFS server.
Examples:
FS.Company.com -> 172.111.222.333