Remove 365 ADFS SSO \ Single Sign On Prompt during login Enable Pass Thru

When ADFS prompts users to login when it's supposed to be using pass thru security / integrated security

it can annoy people. If you have a fresh install of ADFS with dns configured correctly you only have to

trust the site in a gpo on your intranet.

GPO / Internet Explorer Trust

Add the FQDN of the External DNS name for the ADFS, This is also the one used on the ADFS Certificate.

Example:

ADD INTRA - NET Trusted Sites: FS.Company.com

DNS

external:

Make sure the External DNS Resolves to the ip of either the ADFSPROXY ( IF you have one ) or the NAT to the internal ADFS server.

This FQDN MUST match the certificate(s) on the servers.

Example:

FS.Company.com -> 204.204.224.221

Internal:

The internal should have either a subdomain (Dual Home), or Internal Primary Zone defined

to redirect internal users to the internal IP of the ADFS server.

Examples:

FS.Company.com -> 172.111.222.333