1. Authenticate using Microsoft Online IDs
Authentication by using Online IDs is mainly appropriate for small businesses which either do not have an Active Directory on-premises or they have an AD but willing to decommission it after migrating to Office 365.
The advantage of this is that it is easy to deploy and does not require any on-premises servers. However from end-user experience point of view, users will be prompted for username and password when try to access Online Services and they will end up with two sets of IDs – one to access corporate network and one to access Office 365.
Authentication for users is handled in the cloud.
From the IT management point of view, as there are two different identities to manage, maintaining and resetting passwords is required for both on-premises and cloud based AD which doubles the administration time and effort.
2. Authenticate using Federated corporate IDs
Users continue to authenticate on-premises and have only one set of credential to access both corporate network and Office 365 services.
This is a perfect solution for medium/large organizations to provide Single Sign-on (SSO) for end-users. IT management is also easier as password policy and password resets are all managed on-premises.
The main drawback is that it requires on-premises servers to enable identity federation and also more on-premises infrastructure required to provide high availability of federation server on-premises.