Let’s be honest — ADFS isn’t exactly a hot topic anymore. Most new deployments are cloud-first, and Microsoft’s pretty loud about Entra ID being the future. But for certain setups? ADFS still quietly holds the line.
It’s one of those systems that, if it’s already in place and running smoothly, nobody wants to touch — and maybe for good reason.
Quick Recap: What Does ADFS Actually Do?
At a basic level, ADFS lets someone sign in using their regular Windows account and access third-party services without logging in again. It issues a secure “token” behind the scenes — a digital badge that other systems recognize and trust.
This is super useful when you’re working with external vendors, partner portals, or legacy apps that need identity federation. ADFS acts as your in-house gatekeeper, handing out those badges to approved users.
Why It’s Still Relevant in Some Setups
Not everything runs in the cloud. Plenty of teams still deal with:
– Old apps that expect SAML or WS-Fed
– Compliance rules that say identity data must stay in-house
– Smartcard or PKI-based login setups where Entra ID hits limits
– Highly customized rules around who can access what, and when
Basically: when you need full control and have the patience to configure it, ADFS still gets the job done.
Where It Gets Frustrating
Let’s not sugarcoat it:
– Setting up ADFS isn’t fun. Certificates, proxies, network rules, redundancy — all of it takes real planning.
– If it goes down, access to everything federated goes with it. Monitoring matters.
– No built-in fancy stuff like “block this login if the device looks sketchy.” That’s more of a cloud ID thing.
It’s powerful — but not exactly plug-and-play.
What’s Changed Since the Old Days?
Not much, honestly. But there are some quieter upgrades:
– TLS 1.3 and better encryption defaults
– Cleaner support for biometrics via domain-joined devices
– Slight improvements to performance and token handling
– More documentation on hybrid setups (finally)
Still, if you’re chasing modern features like real-time access policies, ADFS is probably not the tool for that.
Should You Use It in 2025?
| Your Situation | ADFS? | Cloud ID? |
| Using smartcards or PKI logins | Yes | No |
| Legacy apps with SAML only | Yes | Maybe |
| 100% SaaS + M365 | No | Yes |
| Need deep claim logic/custom rules | Yes | Not easily |
| Want something easy to deploy/manage | No | Definitely |
Final Thoughts
ADFS isn’t flashy, and it’s not the future — but it still solves real problems in the right places. If you’ve already got it and it’s not broken, you don’t have to rip it out. But if you’re starting fresh, or want something lighter and easier to scale, cloud identity is the way forward.
The key is knowing when to let it go — and when to let it quietly keep doing its job in the background.