I’ve heard from several folks that they see users authenticating against Office 365 via an on-premise ADFS infrastructure are prompted for credentials when accessing an Office 365 service such as the Office 365 portal, OWA or SharePoint even though the respective client machine is domain-joined and the user is logged in with his AD credentials.
This is NOT expected, but if it’s a browser-based app, its important you remember to add the federation service FQDN (i.e. sts.domain.com) to the local intranet zone in Internet Explorer. Yes the “Local intranet” zone and NOT “Trusted sites”.
This will eliminate the annoying credential prompt and provide the user with a seamless SSO experience.
If he has the respected permissions, the user can add the FQDN to the “Local intranet” zone himself or you as an administrator can push it out via a group policy.
There can be other issues that are causing the credential prompt. If this is the case I recommend you take a look at: http://support.microsoft.com/kb/2530569
Until later,
Henrik Walther