Publishing Office365

Publishing your external Office 365 in TAC is easy and quick. Publishing Office365 requires an ADFS server to be in your network to provide transparent login to external domain. Setting up an ADFS server is not covered in this guide. Nevertheless, this guide will get through how Of-fice365 integrates and authenticates with ADFS.

Once you have the ADFS server ready in your local domain, you will need to integrate Of-fice365 with ADFS and AD user sync into Office365.

Office 365 SSO requires an internet-resolvable domain name to use as the suffix in each user’s username, though, if your Active Directory domain name doesn’t meet this requirement, you can make things work by giving users an alternate User Principal Name (UPN) that matches any public domain name you own.

Let’s assume your public domain name is, but your inside-the-firewall Active Directo-ry domain is abc.local. You can’t resolve abc.local via internet servers; therefore you won’t be able to with Office 365 DNS servers. That said, you can use federation to set each user’s UPN to a publicly resolvable domain name and let them log in as

While each user’s UPN might look like an e-mail address, it has nothing to do with SMTP or Session Initiation Protocol. This change merely maps your users’ Active Directory accounts with an external address that Office 365 can understand.

Launch “Active Directory domains and trusts”. Right-Click the top-level in the hierarchy of “Active Directory domains and trusts” then go to properties. In the box titled Alternative UPN suffixes, enter your publicly-resolvable domain name and click Add. Then launch Active Direc-tory Users and Computers and view the properties of a user account. Under its Account tab, you can now set the User logon name to that publicly resolvable domain name. Do this for each Office 365-enabled user. They’ll be using this as their Office 365 username in a minute.

To publish Office 365 in TAC:

1. Click on the site and click Add under application section.

2. Select Microsoft Office 365 under Cloud in Add New Application window. Click Next.

3. In the Application Name window, provide a friendly name under Application Name field.


4. Click Next.

5. In the Cloud Single SignOn window, configure how users authenticate and connect to the cloud application.


Here, as explained in Section 2.1.3 in this guide, you will need to define your on-promise ADFS server to federate user credentials between your local AD to cloud. You will need to add the ADFS server before you start this wizard in order to select the ADFS server from the dropdown.

Also, it is important to understand what application in Office365 you wish to publish. If you wish to publish OWA365, you may need to generate RelayState URL. If you wish to publish SharePoint 365, the RelayState URL would be different.

Read more about RelayState here:

6. Click Next.

7. Under the security window, select Authorize All Users to authenticate all users.

Note: If you select the Authorize All Users checkbox, it will provide access to all valid users except users that have Deny Attribute set on Users and Device Management con-sole. Please see Users and Device Management for more details.


8. Click Next.

9. Under the application link, you can provide a name for the application. The URL shows how the application link is rendered in the portal. You can select an icon for how the application appears in the portal.


10. Click Next.

11. Click Finish to complete the Add Application wizard.