ADFS enables SSO for Office365, as long as the user has an account in both ActiveDirectory and Office365. When SSO is implemented, authentication occurs through a security token rather than through a user directly authenticating to Office 365. Therefore, user accountsare created onpremises in ActiveDirectory, which DirSync then synchronizes to Office365. By synchronizing users and policy settings to WindowsAzureActiveDirectory, DirSync maintains the object source of authority on the onpremises Active Directory, and ensures that the same objects, attributes, and settings are also available when the federation service accesses these objects from Office365.