Ok, after digging around and talking to Microsoft Office 365 support I’ve discovered how to make this all work. I had to drive into Azure Active Directory and Device management, more on that in another blog. By default you are allowed to log PC’s into Office 365 via AAD domain join. Once you do this you will be prompted to verify that you own the PC, and then to add a pin to use in place of a password.
The first things you will notice once logged in is your start menu will be personalized and the native Mail application will be configured with your Office 365 account.
Once you open Internet Options and add *.office.com and *.Microsoft.com (this one isn’t absolutely necessary, but still…) to your trusted sites list.
Now the single sign on magic can begin. If you now logon to https://portal.office.com or https://outlook.office.com you will notice that you are automatically logged into these sites without having to provide additional credentials…very cool.
Rich clients like Outlook and Skype for Business still need some configuration. These applications are still more tailored for On-premise versions of Exchange and Skype for Business and these local DNS records. You still need to configure these applications manually.
Skype for Business
Overall I am fairly happy with the process, and playing with all of this let me stumble more deeply into Azure Active Directory which opens up a bunch of new options.