We're debating whether to eliminate our ADFS environment since most of our SSO setups have shifted to Azure Enterprise Apps over the last five years. Currently, we rely on Mimecast for email access during potential Microsoft outages, but this doesn't resolve the larger issue: so many of our services depend on Microsoft's authentication. Senior management is insisting we keep ADFS for this reason, and I'm wondering how others handle such discussions. Is maintaining ADFS really necessary? If we can access email through Mimecast, would employees even be able to work effectively without access to other critical services? Also, can anyone share insights on what specifically would fail during a significant MS outage? I'm concerned about everything tied to MS365 and associated authentication services, but I'm hoping they might have some segments that could prevent a total shutdown.
6 Answers
When Microsoft has a major outage, you're right that it impacts a lot of people. It’s not just your problem; you can pass the blame to the provider. With SaaS, it's nice to deflect those higher-up complaints. Just remember, you're not alone in this!
For those thinking about switching because of MS outages, be cautious. Have you tried getting users to access Mimecast? If it's poorly configured, it might negate any savings you'd achieve from switching! Microsoft’s downtime might be brief, and they often fix issues on the fly, so it’s a nuanced conversation about the risks involved with their services.
Haha, I get that! At the end of the day, even a few hours of outage isn't the end of the world, especially if it’s accounted for in your planning.
Mimecast does pose a risk as it's a single point of failure. It's also faced outages before. If it goes down, then your emails could be in limbo without access to Exchange. It’s a gamble, really.
Totally! Sometimes it might be better just to set up a direct routing to EXO, even if it means dealing with spam. Having steps in place for such outages is crucial.
You really need to evaluate if your ADFS setup is more reliable than Microsoft Entra, especially if you're considering a switch to managed services. A backup IDP isn't a bad idea, but weigh the likelihood of outages against the effort of maintaining such a system. If you're a large organization, sure, but smaller ones might just need to accept the occasional hiccup.
If you're planning to fall back to ADFS, make sure to understand the dependencies. Switching might disrupt your apps if they trust Entra more than ADFS. Not an easy trade-off.
The truth is, if MS experiences a significant outage, it's likely that many services will be down, including Mimecast’s dependency on Exchange. In those cases, even if you can access some emails, the rest of the systems will probably still be offline. Continuity plans like separate cloud instances can mitigate some of the chaos during an MS outage, though that requires upfront planning.
That’s smooth! Having a backup plan with a small cloud instance really does help, especially if it can be activated quickly for essential personnel.
Exactly! Sometimes, just being able to say 'Not my problem' makes the tough days a bit easier.