SlideShare ist ein Scribd-Unternehmen logo

Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group

EPC Group
EPC Group

Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group

Technologie
1 von 40
Understanding Office 365’s Identity Solutions: Deep Dive
Office 365 (and Azure) Identity Solutions • Individual / Small Business • • • • • No Integration Required No Single Sign On User logon Via Portal No Servers on Premise Medium Sized Business • • • • • No Integration Dirsync Tool – Perfect for Provisioning large groups of Users No Single Sign On User Login Via Portal No Servers on Premise ADFS & Dirsync Large Business • • • • • Deploy Dirsync Implement ADFS Users Login with WAD Credentials Complex Server Infrastructure on Prem Deployed as Part of a Hybrid Solution Full Single Sign On (SSO Dirsync (Provision Only) Hybrid
Access Control Challenges Secure Access for a Wide Array of Devices High Availability Role Based Access Control Customer and Partner Access to Data
Support Organizational Size Matters The One Man Band Small Business Medium Size Business Enterprise
The Four Pillars of Identity
Planning a Move to the Cloud? • Influencing Factors: • • • • • • • Service Trials Size of Organization Time Constraints Complexity of Customers Current Environment Physical Locations Current Identity Infrastructure. Current IT Infrastructure. Internal / Outsourced / Hosted
Planning a Move to the Cloud? • Influencing Factors: • • • • • • • • Software / Hardware Issues Network Bandwidth Issues Security Issues Legal & Compliance Issues Vendor Service Level Agreement (SLA) High Availability / Backup Issues Resource Issues. Staff, Budget, etc! Risk Analysis of Moving into the Cloud!
Current Identity Solution • No Centralized Identity Solution • • • • Typical of a One Man Company No Servers on Premises Uses POP Email, Web Browser or Mobile Device The Small Business • • • • • • Typically 5 to 25 Employees Perhaps uses a Small Business Server on Premises Are already Active Directory Users Probably use Exchange Email Adopt Small Scale SharePoint Usage Probably outsource IT Support to External Consultant
Current Identity Solution • Medium to Enterprise level Organization • • • • • • 100s or 1000s of Users More Complex Active Directory Infrastructure More Complex Infrastructure, Trust Relationships etc. Probably use Exchange Email, Lotus Notes or Other On-Site Email Solution Probably uses Multi Factor Authentication In house IT Support
Identity Solutions for Office 365 • Separate credential from onpremises credential • Authentication occurs via cloud directory service • Password policy is stored in Office 365 • Does not require on-premises server deployment • Same credential as on-premises credential • Authentication occurs via onpremises directory service • Password policy is stored onpremises • Requires on-premises DirSync server • Requires on-premises ADFS server
Identity Architecture and Integration Options 1. No Integration 2. Directory Data Only 3. Directory and Single sign-on (SSO) Windows Azure Active Directory EPC Group customer premises Active Directory Federation Server 2.0 IdP AD Admin Portal/ PowerShell MS Online Directory Sync Provisioning platform Office 365 Desktop Setup SharePoint Online Authentication platform Trust IdP Directory Store Exchange Online Lync Online Office Subscription Services
Understanding Identities Cloud Identity Cloud Identity + DirSync Federated Identity  Large enterprise organizations with Active Directory on-premises  Does not require on-premises server  “Source of Authority” is on-premises deployment  Enables coexistence Scenario  Smaller organizations with or without  Medium to Large organizations with on-premises Active Directory Active Directory on-premises  Single Sign-On experience Benefits  “Source of Authority” is on-premises  2 Factor Authentication options  Enables coexistence  No Single Sign-On  No 2 Factor Authentication options Limitations  No Single Sign-On  No 2 Factor Authentication options  Two sets of credentials to manage  Two sets of credentials to manage  Different password policies  Different password policies  Requires on-premises DirSync server deployment  Requires on-premises ADFS server deployment in high availability scenario  Requires on-premises DirSync server deployment
Understanding Identities Cloud Identity Federated Identity Federated Identity (domain joined computer) (non-domain joined computer) Microsoft Outlook® 2010 on Windows® 7 Sign in each session Sign in each session Sign in each session Outlook 2007 on Windows 7 Sign in each session Sign in each session Sign in each session Outlook 2010 or Outlook 2007 on Windows Vista® or Windows XP Sign in each session Sign in each session Sign in each session Exchange ActiveSync® Sign in each session Sign in each session Sign in each session POP, IMAP, Microsoft Outlook for Mac 2011 Sign in each session Sign in each session Sign in each session Web Experiences: Office 365 Portal / Outlook Web App / SharePoint Online / Office Web Apps Sign in each browser session No Prompt Sign in each browser session Sign in each SharePoint Online session Sign in each SharePoint Online Session Sign in each SharePoint Online Session Lync Online Sign in each session No prompt Sign in each session Outlook for Mac 2011 Sign in each session Sign in each session Sign in each session Office 2010 or Office 2007 using SharePoint Online
Make the Solutions Workable • • • • • • • Must be Tailored to Customer Requirements Cost Effective Avoid Ego Driven Design Bloat! Take into Account Future Growth Current / Future Migration Plans Local / National Legal / Compliance Issues Cross Platform Integration
Understanding Identities • Two types of Domains • Managed Domain • Federated Domain • Domain ownership must be verified • Must use publicly registered namespace (i.e. cannot use *.local, etc.) • Options for adding new domains: • Microsoft Online Portal • Microsoft Online Services Module for Windows PowerShell
Understanding Identities • Microsoft Online Portal • Active Directory tools • Exchange Management Tools • Identity management solutions • Microsoft Online Services Module for Windows PowerShell • Remote PowerShell
Windows Active Directory
Windows Active Directory • • • • • • • • • Directory service implemented on MS domain networks Introduced in Windows 2000 DCs authenticate and authorise users and computers in a domain Assigns and enforces security policies Deployed in a single domain nor as part of a larger forest Can be expanded through Trust Relationships Has both physical & logical attributes Only one instance per domain Active Directory uses LDAP, Kerberos, and DNS
WAD: Potential Issues • • • • As a number of trust limitations in respect to size & complexity Designed primarily to manage in-house networks Protocol limitations i.e. LDAP Customer security concerns about WAD data in cloud (closed attributes) • Does not natively support new cloud based protocols • Solution: Extend AD attributes into cloud…
Windows Azure Active Directory
Windows Azure Active Directory
What is Windows Azure Active Directory? • Customized Version of ADLDS / ADAM • Every Office 365 Customer is an Azure • • • • AD Tennant Designed primarily to meet the needs of cloud applications Extends Customers Active Directory into the cloud Think of it as a Fish on a Hook! Identity as a service: essential part of Platform as a Service
Relationship to Windows Server AD • On-premises and cloud Active Directory managed as one • Directory information synchronized to cloud, made available to cloud apps via roles-based access control • Federated authentication enables single sign on to cloud applications
WAAD Vs WAD! • While enterprises work to consolidate identity system on- premises, cloud apps are fragmenting identity… again
Azure Active Directory Design Principles The cloud design point demands capabilities that are not part of current-day Windows Server Active Directory • Maximize device & platform reach • http/web/REST based protocols • Multi-tenancy • Customer owns directory, not Microsoft • Optimize for availability, consistent performance, scale • Keep it simple
To Federate or Not Too Federate?
Protocols to Connect to Windows Azure AD Protocol Purpose Details REST/HTTP directory access Create, Read, Update, Delete directory objects and relationships Compatible with OData V3 Authenticate with OAuth 2.0 OAuth 2.0 Service to service authentication Delegated access JWT token format Open ID Connect Web application authentication Rich client authentication Under investigation JWT token format SAML 2.0 Web application authentication SAML 2.0 token format WS-Federation 1.3 Web application authentication SAML 1.1 token format SAML 2.0 token format JWT token format
Deploying ADFS
ADFS 2.0 & SSO Requirements • • • • • • • • Windows Server 2008 or Windows Server 2008 R2 Windows Server 2012 (2.1) PowerShell V3 Web Server (IIS) .Net 3.5 SP1 Windows Identity Foundation Publicly registered domain name SSL Certificate for Hybrid Deployment
Understanding SAML Authentication Into the Cloud Customer Microsoft Online Services Active Directory AD FS 2.0 Logon (SAML 1.1) Token UPN:user@contoso.com ServerUser ID: ABC123 Source Authentication platform Auth Token UPN:user@contoso.com Unique ID: 254729 ` Client (joined to CorpNet) Exchange Online or SharePoint Online
Walkthrough Access Control Using ADFS Client Endpoints
ADFS Claim Types • Launch ADFS 2.0 • • • • Management Console, browse to Claims Provider Trusts, and Edit Claim Rules… Add new rule Select “Pass through or filter an incoming claim” template Provide rule name and type Repeat for all 5 claim types
Issuance Authorization Rule • Launch ADFS 2.0 Management Console, browse to Relying Party Trusts, and Edit Claim Rules… • Add new Issuance Authorization Rule • Select “Send claims using a custom rule” template • Add rule name and custom rule syntax
Cloud Provisioning
WAAD Provisioning • Manual • Simple Web based user interface • Bulk import of user • Best for small customers • Scriptable • PowerShell module for windows • Programmable New REST based API • Limited attribute set/object types • Automated • Directory Synchronization with delta • Full fidelity of attributes and object types • Optimized for large object sets
What is Dirsync? (Azure Active Directory Sync Tool ) • Enables Simple & Rich Coexistence • Provisions objects in Office 365 with same email addresses as the objects in the on-premises environment • Provides a unified Global Address List experience between on-premises and Office 365 • Objects hidden from the GAL on-premises are also hidden from the GAL in Office 365 • Enables coexistence for Exchange • Works in both simple and hybrid deployment scenarios • Enabler for mail routing between on-premises and Office 365 with a shared domain namespace • Enables coexistence for Microsoft Lync
Dirsync Implementation Options 1 Way Sync from AD to Cloud • Provisions users, DLs, Security Groups and contacts • Can move to 2 Way Sync later • on-premises master for all objects and properties 2 Way Sync from AD to Cloud and Cloud to AD • Required for Hybrid Deployments e.g. co-existence • • • • with Exchange online and Exchange on-premises Cannot move back to 1 way sync Cloud becomes master for certain properties (safe senders, mail co-existence, UM) Password Sync Option Password Syncing is 1 way. Users that have Password Sync enabled are required to change their passwords on premises in an AD connected machine.
Dirsync Password Synchronization • No longer requires ADFS to provide SSO • Does not sync plaintext passwords • Dirsync syncs hashes of hashes of your user's passwords greatly reducing the risk of a password leaking • You don't need to install any new software on your DCs or reboot DCs • Users don't need to change passwords • Password Syncing is 1 way. Users that have Password Sync enabled are required to change their passwords on premises in an AD connected machine. • “In my opinion not as secure as ADFS”
Dirsync: Synchronization Schedule • Default is Every 3 Hours • “Start-OnlineCoexistenceSync” cmdlet can manually force a manual sync • Synchronization can be re-scheduled here! 1. First navigate to the following directory on your DirSync Server. C:Program 2. 3. 4. 5. FilesMicrosoft Online Directory Sync Locate service executable that is used to run the DirSync scheduleLocate the following lines within the Microsoft.Online.DirSync.Scheduler.exe.config file: <add key="SyncTimeInterval" value="3:00:0" /> Edit the time within this file to reduce the sync schedule; for example to reduce the time to every 30 minutes use the following values: <add key="SyncTimeInterval" value="0:30:0" /> Finally open the Services console (Start>Run>Services.msc) and restart the Microsoft Online Services Directory Synchronization Service. 39
• • • • • • • • • Best Bets and Next Choose Correct 365 Solution Steps Product V.s. Service Clean House SSO or not to SSO? Read the Planning Guides Region V.s. Compliance! Get your DNS Correct Watch out for Expiring SSL Certs Beware the Deleted Domain Issue

Empfohlen

SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFS
Natallia Makarevich
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)
Jay Simcox
 
AD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveAD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep Dive
Granikos GmbH & Co. KG
 
Ad fs
Ad fsAd fs
Ad fs
Iván Sanchez Vera
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfs
amitchachra
 
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
Scott Hoag
 
OWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.pptOWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.ppt
webhostingguy
 
Adfs azure
Adfs azureAdfs azure
Adfs azure
Jethro Seghers
 

Empfohlen

SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFS
Natallia Makarevich
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)
Jay Simcox
 
AD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveAD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep Dive
Granikos GmbH & Co. KG
 
Ad fs
Ad fsAd fs
Ad fs
Iván Sanchez Vera
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfs
amitchachra
 
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
Scott Hoag
 
OWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.pptOWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.ppt
webhostingguy
 
Adfs azure
Adfs azureAdfs azure
Adfs azure
Jethro Seghers
 
Active Directory Self-Service Suite Overview
Active Directory Self-Service Suite OverviewActive Directory Self-Service Suite Overview
Active Directory Self-Service Suite Overview
EmpowerID
 
AD FS Workshop | Part 1 | Quick Overview
AD FS Workshop | Part 1 | Quick OverviewAD FS Workshop | Part 1 | Quick Overview
AD FS Workshop | Part 1 | Quick Overview
Granikos GmbH & Co. KG
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxford
guestd9aa5
 
Okta docs
Okta docsOkta docs
Okta docs
Sam Bauch
 
OFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudyOFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case Study
Sreenivasa Setty
 
Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010
Steve Sofian
 
Swivel Secure, ADFS and Office 365
Swivel Secure, ADFS and Office 365Swivel Secure, ADFS and Office 365
Swivel Secure, ADFS and Office 365
Icomm Technologies
 
Iam f42 a
Iam f42 aIam f42 a
Iam f42 a
SelectedPresentations
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
Danny Jessee
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims Auth
Kashif Imran
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
SPC Adriatics
 
Azure AD Options
Azure AD OptionsAzure AD Options
Azure AD Options
Prem Kumar
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connect
Derek Binkley
 
Saml in cloud
Saml in cloudSaml in cloud
Saml in cloud
Nagraj Rao
 
Office 365 Identity Management options
Office 365 Identity Management options Office 365 Identity Management options
Office 365 Identity Management options
Microsoft TechNet - Belgium and Luxembourg
 
Deploy and Configure an Enterprise Root CA & Subordinate CA in Windows Server...
Deploy and Configure an Enterprise Root CA & Subordinate CA in Windows Server...Deploy and Configure an Enterprise Root CA & Subordinate CA in Windows Server...
Deploy and Configure an Enterprise Root CA & Subordinate CA in Windows Server...
Md. Abdul Barek
 
Single Sign On Considerations
Single Sign On ConsiderationsSingle Sign On Considerations
Single Sign On Considerations
Venkat Gattamaneni
 
Office 365 api vs share point app model
Office 365 api vs share point app modelOffice 365 api vs share point app model
Office 365 api vs share point app model
BIWUG
 
Claims-Based Identity, Facebook, and the Cloud
Claims-Based Identity, Facebook, and the CloudClaims-Based Identity, Facebook, and the Cloud
Claims-Based Identity, Facebook, and the Cloud
Danny Jessee
 
SAML and Liferay
SAML and LiferaySAML and Liferay
SAML and Liferay
Mika Koivisto
 
Troubleshooting Skype for Business
Troubleshooting Skype for BusinessTroubleshooting Skype for Business
Troubleshooting Skype for Business
Shane Hoey
 
Office Track: Lync & Skype Federation v2 Deep Dive - Johan Delimon
Office Track: Lync & Skype Federation v2 Deep Dive - Johan DelimonOffice Track: Lync & Skype Federation v2 Deep Dive - Johan Delimon
Office Track: Lync & Skype Federation v2 Deep Dive - Johan Delimon
ITProceed
 

Weitere ähnliche Inhalte

Was ist angesagt?

Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxford
guestd9aa5
 
Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010
Steve Sofian
 

Was ist angesagt? (20)

Active Directory Self-Service Suite Overview
Active Directory Self-Service Suite OverviewActive Directory Self-Service Suite Overview
Active Directory Self-Service Suite Overview
 
AD FS Workshop | Part 1 | Quick Overview
AD FS Workshop | Part 1 | Quick OverviewAD FS Workshop | Part 1 | Quick Overview
AD FS Workshop | Part 1 | Quick Overview
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxford
 
Okta docs
Okta docsOkta docs
Okta docs
 
OFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudyOFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case Study
 
Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010
 
Swivel Secure, ADFS and Office 365
Swivel Secure, ADFS and Office 365Swivel Secure, ADFS and Office 365
Swivel Secure, ADFS and Office 365
 
Iam f42 a
Iam f42 aIam f42 a
Iam f42 a
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims Auth
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
 
Azure AD Options
Azure AD OptionsAzure AD Options
Azure AD Options
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connect
 
Saml in cloud
Saml in cloudSaml in cloud
Saml in cloud
 
Office 365 Identity Management options
Office 365 Identity Management options Office 365 Identity Management options
Office 365 Identity Management options
 
Deploy and Configure an Enterprise Root CA & Subordinate CA in Windows Server...
Deploy and Configure an Enterprise Root CA & Subordinate CA in Windows Server...Deploy and Configure an Enterprise Root CA & Subordinate CA in Windows Server...
Deploy and Configure an Enterprise Root CA & Subordinate CA in Windows Server...
 
Single Sign On Considerations
Single Sign On ConsiderationsSingle Sign On Considerations
Single Sign On Considerations
 
Office 365 api vs share point app model
Office 365 api vs share point app modelOffice 365 api vs share point app model
Office 365 api vs share point app model
 
Claims-Based Identity, Facebook, and the Cloud
Claims-Based Identity, Facebook, and the CloudClaims-Based Identity, Facebook, and the Cloud
Claims-Based Identity, Facebook, and the Cloud
 
SAML and Liferay
SAML and LiferaySAML and Liferay
SAML and Liferay
 

Andere mochten auch

Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...
AntonioMaio2
 
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Nordic Infrastructure Conference
 
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioHybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio
AntonioMaio2
 

Andere mochten auch (14)

Troubleshooting Skype for Business
Troubleshooting Skype for BusinessTroubleshooting Skype for Business
Troubleshooting Skype for Business
 
Office Track: Lync & Skype Federation v2 Deep Dive - Johan Delimon
Office Track: Lync & Skype Federation v2 Deep Dive - Johan DelimonOffice Track: Lync & Skype Federation v2 Deep Dive - Johan Delimon
Office Track: Lync & Skype Federation v2 Deep Dive - Johan Delimon
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...
 
Post to a blog in sp 2010 epc
Post to a blog in sp 2010 epcPost to a blog in sp 2010 epc
Post to a blog in sp 2010 epc
 
Lync & Skype Interop V2 Deep Dive - By Johan Delimon
Lync & Skype Interop V2 Deep Dive - By Johan DelimonLync & Skype Interop V2 Deep Dive - By Johan Delimon
Lync & Skype Interop V2 Deep Dive - By Johan Delimon
 
Sydney UC User Group - May 2016
Sydney UC User Group - May 2016Sydney UC User Group - May 2016
Sydney UC User Group - May 2016
 
Collaboration with skype for business and outlook 2015
Collaboration with skype for business and outlook 2015Collaboration with skype for business and outlook 2015
Collaboration with skype for business and outlook 2015
 
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
 
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
 
Understanding Identity Management with Office 365
Understanding Identity Management with Office 365Understanding Identity Management with Office 365
Understanding Identity Management with Office 365
 
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
 
SAML and Other Types of Federation for Your Enterprise
SAML and Other Types of Federation for Your EnterpriseSAML and Other Types of Federation for Your Enterprise
SAML and Other Types of Federation for Your Enterprise
 
Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...Brian Desmond - Identity and directory synchronization with office 365 and wi...
Brian Desmond - Identity and directory synchronization with office 365 and wi...
 
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioHybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio
 

Ähnlich wie Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group

Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the Cloud
Chris Dufour
 
1. Day 1 - Office 365 Trainning
1. Day 1 - Office 365 Trainning1. Day 1 - Office 365 Trainning
1. Day 1 - Office 365 Trainning
Huy Pham
 
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO
Huy Pham
 
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
WinWire Technologies Inc
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
uberbaum
 
How AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloudHow AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloud
LDAPCon
 
Using Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesUsing Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management Challenges
Michael Collier
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
Jethro Seghers
 

Ähnlich wie Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group (20)

Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision it SharePoint Extranet Webinar Series - Federation and Office 365Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision it SharePoint Extranet Webinar Series - Federation and Office 365
 
O365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to followO365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to follow
 
Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the Cloud
 
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
 
Office 365: Do’s and Don’ts, Lessons learned from the field
Office 365: Do’s and Don’ts, Lessons learned from the fieldOffice 365: Do’s and Don’ts, Lessons learned from the field
Office 365: Do’s and Don’ts, Lessons learned from the field
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
 
1. Day 1 - Office 365 Trainning
1. Day 1 - Office 365 Trainning1. Day 1 - Office 365 Trainning
1. Day 1 - Office 365 Trainning
 
Envision it Webinar - Extranet Identity Management and Authentication for Sha...
Envision it Webinar - Extranet Identity Management and Authentication for Sha...Envision it Webinar - Extranet Identity Management and Authentication for Sha...
Envision it Webinar - Extranet Identity Management and Authentication for Sha...
 
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO
 
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
 
Best practices When Migrating to Office 365
Best practices When Migrating to Office 365Best practices When Migrating to Office 365
Best practices When Migrating to Office 365
 
How AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloudHow AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloud
 
Multiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oidMultiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oid
 
Using Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesUsing Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management Challenges
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
#spsuk: Understanding the Office 365 Architecture
#spsuk: Understanding the Office 365 Architecture#spsuk: Understanding the Office 365 Architecture
#spsuk: Understanding the Office 365 Architecture
 
SharePoint 2013 Admin in the Hybrid World
SharePoint 2013 Admin in the Hybrid WorldSharePoint 2013 Admin in the Hybrid World
SharePoint 2013 Admin in the Hybrid World
 
Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015
 

Mehr von EPC Group

Power BI vs Tableau - An Overview from EPC Group.pptx
Power BI vs Tableau - An Overview from EPC Group.pptxPower BI vs Tableau - An Overview from EPC Group.pptx
Power BI vs Tableau - An Overview from EPC Group.pptx
EPC Group
 
Windows Server 2012 Deep-Dive - EPC Group
Windows Server 2012 Deep-Dive - EPC GroupWindows Server 2012 Deep-Dive - EPC Group
Windows Server 2012 Deep-Dive - EPC Group
EPC Group
 
Understanding Windows Azure’s Active Directory (AD) and PowerShell Tools
Understanding Windows Azure’s Active Directory (AD) and PowerShell ToolsUnderstanding Windows Azure’s Active Directory (AD) and PowerShell Tools
Understanding Windows Azure’s Active Directory (AD) and PowerShell Tools
EPC Group
 
PowerShell with SharePoint 2013 and Office 365 - EPC Group
PowerShell with SharePoint 2013 and Office 365 - EPC GroupPowerShell with SharePoint 2013 and Office 365 - EPC Group
PowerShell with SharePoint 2013 and Office 365 - EPC Group
EPC Group
 
About EPC Group.net - EPC Group Overview
About EPC Group.net - EPC Group OverviewAbout EPC Group.net - EPC Group Overview
About EPC Group.net - EPC Group Overview
EPC Group
 

Mehr von EPC Group (20)

Power BI vs Tableau - An Overview from EPC Group.pptx
Power BI vs Tableau - An Overview from EPC Group.pptxPower BI vs Tableau - An Overview from EPC Group.pptx
Power BI vs Tableau - An Overview from EPC Group.pptx
 
EPC Group Intune Practice and Capabilities Overview
EPC Group Intune Practice and Capabilities OverviewEPC Group Intune Practice and Capabilities Overview
EPC Group Intune Practice and Capabilities Overview
 
Pop the Hood on Microsoft Teams - EPC Group
Pop the Hood on Microsoft Teams - EPC GroupPop the Hood on Microsoft Teams - EPC Group
Pop the Hood on Microsoft Teams - EPC Group
 
Windows Server 2012 Deep-Dive - EPC Group
Windows Server 2012 Deep-Dive - EPC GroupWindows Server 2012 Deep-Dive - EPC Group
Windows Server 2012 Deep-Dive - EPC Group
 
Understanding Windows Azure’s Active Directory (AD) and PowerShell Tools
Understanding Windows Azure’s Active Directory (AD) and PowerShell ToolsUnderstanding Windows Azure’s Active Directory (AD) and PowerShell Tools
Understanding Windows Azure’s Active Directory (AD) and PowerShell Tools
 
PowerShell with SharePoint 2013 and Office 365 - EPC Group
PowerShell with SharePoint 2013 and Office 365 - EPC GroupPowerShell with SharePoint 2013 and Office 365 - EPC Group
PowerShell with SharePoint 2013 and Office 365 - EPC Group
 
System Center 2012 SP1 - Overview - EPC Group
System Center 2012 SP1 - Overview - EPC GroupSystem Center 2012 SP1 - Overview - EPC Group
System Center 2012 SP1 - Overview - EPC Group
 
Windows Azure Pack Enabling Virtual Machines - IaaS & Virtual Machine Role - ...
Windows Azure Pack Enabling Virtual Machines - IaaS & Virtual Machine Role - ...Windows Azure Pack Enabling Virtual Machines - IaaS & Virtual Machine Role - ...
Windows Azure Pack Enabling Virtual Machines - IaaS & Virtual Machine Role - ...
 
Lync 2013 - Audio - Quick Reference - 2 Page Reference - EPC Group
Lync 2013 - Audio - Quick Reference - 2 Page Reference - EPC GroupLync 2013 - Audio - Quick Reference - 2 Page Reference - EPC Group
Lync 2013 - Audio - Quick Reference - 2 Page Reference - EPC Group
 
Lync 2013 - Sharing and Collaboration - Quick Reference 2 Pager
Lync 2013 - Sharing and Collaboration - Quick Reference 2 PagerLync 2013 - Sharing and Collaboration - Quick Reference 2 Pager
Lync 2013 - Sharing and Collaboration - Quick Reference 2 Pager
 
Windows Server 2012 Deep-Dive - EPC Group
Windows Server 2012 Deep-Dive - EPC GroupWindows Server 2012 Deep-Dive - EPC Group
Windows Server 2012 Deep-Dive - EPC Group
 
Hyper-V’s Virtualization Enhancements - EPC Group
Hyper-V’s Virtualization Enhancements - EPC GroupHyper-V’s Virtualization Enhancements - EPC Group
Hyper-V’s Virtualization Enhancements - EPC Group
 
High Level Overview of Windows Azure - EPC Group
High Level Overview of Windows Azure - EPC GroupHigh Level Overview of Windows Azure - EPC Group
High Level Overview of Windows Azure - EPC Group
 
SharePoint 2013 and Office 365 External Sharing
SharePoint 2013 and Office 365 External SharingSharePoint 2013 and Office 365 External Sharing
SharePoint 2013 and Office 365 External Sharing
 
BizTalk Server 2010 - Invoking Restful Services - EPC Group
BizTalk Server 2010 - Invoking Restful Services - EPC GroupBizTalk Server 2010 - Invoking Restful Services - EPC Group
BizTalk Server 2010 - Invoking Restful Services - EPC Group
 
BizTalk Sever 2010 - Basic Principles of Maps - EPC Group
BizTalk Sever 2010 - Basic Principles of Maps - EPC GroupBizTalk Sever 2010 - Basic Principles of Maps - EPC Group
BizTalk Sever 2010 - Basic Principles of Maps - EPC Group
 
EPC Group and Continental Airlines ECM Case Study - SharePoint 2007 Global Study
EPC Group and Continental Airlines ECM Case Study - SharePoint 2007 Global StudyEPC Group and Continental Airlines ECM Case Study - SharePoint 2007 Global Study
EPC Group and Continental Airlines ECM Case Study - SharePoint 2007 Global Study
 
Driving End User Adoption in SharePoint 2013 & 2010 - EPC Group
Driving End User Adoption in SharePoint 2013 & 2010 - EPC GroupDriving End User Adoption in SharePoint 2013 & 2010 - EPC Group
Driving End User Adoption in SharePoint 2013 & 2010 - EPC Group
 
Join EPC Group's Monthly Newsletter
Join EPC Group's Monthly NewsletterJoin EPC Group's Monthly Newsletter
Join EPC Group's Monthly Newsletter
 
About EPC Group.net - EPC Group Overview
About EPC Group.net - EPC Group OverviewAbout EPC Group.net - EPC Group Overview
About EPC Group.net - EPC Group Overview
 

Kürzlich hochgeladen

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Kürzlich hochgeladen (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group

  • 2. Office 365 (and Azure) Identity Solutions • Individual / Small Business • • • • • No Integration Required No Single Sign On User logon Via Portal No Servers on Premise Medium Sized Business • • • • • No Integration Dirsync Tool – Perfect for Provisioning large groups of Users No Single Sign On User Login Via Portal No Servers on Premise ADFS & Dirsync Large Business • • • • • Deploy Dirsync Implement ADFS Users Login with WAD Credentials Complex Server Infrastructure on Prem Deployed as Part of a Hybrid Solution Full Single Sign On (SSO Dirsync (Provision Only) Hybrid
  • 3. Access Control Challenges Secure Access for a Wide Array of Devices High Availability Role Based Access Control Customer and Partner Access to Data
  • 4. Support Organizational Size Matters The One Man Band Small Business Medium Size Business Enterprise
  • 5. The Four Pillars of Identity
  • 6. Planning a Move to the Cloud? • Influencing Factors: • • • • • • • Service Trials Size of Organization Time Constraints Complexity of Customers Current Environment Physical Locations Current Identity Infrastructure. Current IT Infrastructure. Internal / Outsourced / Hosted
  • 7. Planning a Move to the Cloud? • Influencing Factors: • • • • • • • • Software / Hardware Issues Network Bandwidth Issues Security Issues Legal & Compliance Issues Vendor Service Level Agreement (SLA) High Availability / Backup Issues Resource Issues. Staff, Budget, etc! Risk Analysis of Moving into the Cloud!
  • 8. Current Identity Solution • No Centralized Identity Solution • • • • Typical of a One Man Company No Servers on Premises Uses POP Email, Web Browser or Mobile Device The Small Business • • • • • • Typically 5 to 25 Employees Perhaps uses a Small Business Server on Premises Are already Active Directory Users Probably use Exchange Email Adopt Small Scale SharePoint Usage Probably outsource IT Support to External Consultant
  • 9. Current Identity Solution • Medium to Enterprise level Organization • • • • • • 100s or 1000s of Users More Complex Active Directory Infrastructure More Complex Infrastructure, Trust Relationships etc. Probably use Exchange Email, Lotus Notes or Other On-Site Email Solution Probably uses Multi Factor Authentication In house IT Support
  • 10. Identity Solutions for Office 365 • Separate credential from onpremises credential • Authentication occurs via cloud directory service • Password policy is stored in Office 365 • Does not require on-premises server deployment • Same credential as on-premises credential • Authentication occurs via onpremises directory service • Password policy is stored onpremises • Requires on-premises DirSync server • Requires on-premises ADFS server
  • 11. Identity Architecture and Integration Options 1. No Integration 2. Directory Data Only 3. Directory and Single sign-on (SSO) Windows Azure Active Directory EPC Group customer premises Active Directory Federation Server 2.0 IdP AD Admin Portal/ PowerShell MS Online Directory Sync Provisioning platform Office 365 Desktop Setup SharePoint Online Authentication platform Trust IdP Directory Store Exchange Online Lync Online Office Subscription Services
  • 12. Understanding Identities Cloud Identity Cloud Identity + DirSync Federated Identity  Large enterprise organizations with Active Directory on-premises  Does not require on-premises server  “Source of Authority” is on-premises deployment  Enables coexistence Scenario  Smaller organizations with or without  Medium to Large organizations with on-premises Active Directory Active Directory on-premises  Single Sign-On experience Benefits  “Source of Authority” is on-premises  2 Factor Authentication options  Enables coexistence  No Single Sign-On  No 2 Factor Authentication options Limitations  No Single Sign-On  No 2 Factor Authentication options  Two sets of credentials to manage  Two sets of credentials to manage  Different password policies  Different password policies  Requires on-premises DirSync server deployment  Requires on-premises ADFS server deployment in high availability scenario  Requires on-premises DirSync server deployment
  • 13. Understanding Identities Cloud Identity Federated Identity Federated Identity (domain joined computer) (non-domain joined computer) Microsoft Outlook® 2010 on Windows® 7 Sign in each session Sign in each session Sign in each session Outlook 2007 on Windows 7 Sign in each session Sign in each session Sign in each session Outlook 2010 or Outlook 2007 on Windows Vista® or Windows XP Sign in each session Sign in each session Sign in each session Exchange ActiveSync® Sign in each session Sign in each session Sign in each session POP, IMAP, Microsoft Outlook for Mac 2011 Sign in each session Sign in each session Sign in each session Web Experiences: Office 365 Portal / Outlook Web App / SharePoint Online / Office Web Apps Sign in each browser session No Prompt Sign in each browser session Sign in each SharePoint Online session Sign in each SharePoint Online Session Sign in each SharePoint Online Session Lync Online Sign in each session No prompt Sign in each session Outlook for Mac 2011 Sign in each session Sign in each session Sign in each session Office 2010 or Office 2007 using SharePoint Online
  • 14. Make the Solutions Workable • • • • • • • Must be Tailored to Customer Requirements Cost Effective Avoid Ego Driven Design Bloat! Take into Account Future Growth Current / Future Migration Plans Local / National Legal / Compliance Issues Cross Platform Integration
  • 15. Understanding Identities • Two types of Domains • Managed Domain • Federated Domain • Domain ownership must be verified • Must use publicly registered namespace (i.e. cannot use *.local, etc.) • Options for adding new domains: • Microsoft Online Portal • Microsoft Online Services Module for Windows PowerShell
  • 16. Understanding Identities • Microsoft Online Portal • Active Directory tools • Exchange Management Tools • Identity management solutions • Microsoft Online Services Module for Windows PowerShell • Remote PowerShell
  • 18. Windows Active Directory • • • • • • • • • Directory service implemented on MS domain networks Introduced in Windows 2000 DCs authenticate and authorise users and computers in a domain Assigns and enforces security policies Deployed in a single domain nor as part of a larger forest Can be expanded through Trust Relationships Has both physical & logical attributes Only one instance per domain Active Directory uses LDAP, Kerberos, and DNS
  • 19. WAD: Potential Issues • • • • As a number of trust limitations in respect to size & complexity Designed primarily to manage in-house networks Protocol limitations i.e. LDAP Customer security concerns about WAD data in cloud (closed attributes) • Does not natively support new cloud based protocols • Solution: Extend AD attributes into cloud…
  • 20. Windows Azure Active Directory
  • 21. Windows Azure Active Directory
  • 22. What is Windows Azure Active Directory? • Customized Version of ADLDS / ADAM • Every Office 365 Customer is an Azure • • • • AD Tennant Designed primarily to meet the needs of cloud applications Extends Customers Active Directory into the cloud Think of it as a Fish on a Hook! Identity as a service: essential part of Platform as a Service
  • 23. Relationship to Windows Server AD • On-premises and cloud Active Directory managed as one • Directory information synchronized to cloud, made available to cloud apps via roles-based access control • Federated authentication enables single sign on to cloud applications
  • 24. WAAD Vs WAD! • While enterprises work to consolidate identity system on- premises, cloud apps are fragmenting identity… again
  • 25. Azure Active Directory Design Principles The cloud design point demands capabilities that are not part of current-day Windows Server Active Directory • Maximize device & platform reach • http/web/REST based protocols • Multi-tenancy • Customer owns directory, not Microsoft • Optimize for availability, consistent performance, scale • Keep it simple
  • 26. To Federate or Not Too Federate?
  • 27. Protocols to Connect to Windows Azure AD Protocol Purpose Details REST/HTTP directory access Create, Read, Update, Delete directory objects and relationships Compatible with OData V3 Authenticate with OAuth 2.0 OAuth 2.0 Service to service authentication Delegated access JWT token format Open ID Connect Web application authentication Rich client authentication Under investigation JWT token format SAML 2.0 Web application authentication SAML 2.0 token format WS-Federation 1.3 Web application authentication SAML 1.1 token format SAML 2.0 token format JWT token format
  • 29. ADFS 2.0 & SSO Requirements • • • • • • • • Windows Server 2008 or Windows Server 2008 R2 Windows Server 2012 (2.1) PowerShell V3 Web Server (IIS) .Net 3.5 SP1 Windows Identity Foundation Publicly registered domain name SSL Certificate for Hybrid Deployment
  • 30. Understanding SAML Authentication Into the Cloud Customer Microsoft Online Services Active Directory AD FS 2.0 Logon (SAML 1.1) Token UPN:user@contoso.com ServerUser ID: ABC123 Source Authentication platform Auth Token UPN:user@contoso.com Unique ID: 254729 ` Client (joined to CorpNet) Exchange Online or SharePoint Online
  • 31. Walkthrough Access Control Using ADFS Client Endpoints
  • 32. ADFS Claim Types • Launch ADFS 2.0 • • • • Management Console, browse to Claims Provider Trusts, and Edit Claim Rules… Add new rule Select “Pass through or filter an incoming claim” template Provide rule name and type Repeat for all 5 claim types
  • 33. Issuance Authorization Rule • Launch ADFS 2.0 Management Console, browse to Relying Party Trusts, and Edit Claim Rules… • Add new Issuance Authorization Rule • Select “Send claims using a custom rule” template • Add rule name and custom rule syntax
  • 35. WAAD Provisioning • Manual • Simple Web based user interface • Bulk import of user • Best for small customers • Scriptable • PowerShell module for windows • Programmable New REST based API • Limited attribute set/object types • Automated • Directory Synchronization with delta • Full fidelity of attributes and object types • Optimized for large object sets
  • 36. What is Dirsync? (Azure Active Directory Sync Tool ) • Enables Simple & Rich Coexistence • Provisions objects in Office 365 with same email addresses as the objects in the on-premises environment • Provides a unified Global Address List experience between on-premises and Office 365 • Objects hidden from the GAL on-premises are also hidden from the GAL in Office 365 • Enables coexistence for Exchange • Works in both simple and hybrid deployment scenarios • Enabler for mail routing between on-premises and Office 365 with a shared domain namespace • Enables coexistence for Microsoft Lync
  • 37. Dirsync Implementation Options 1 Way Sync from AD to Cloud • Provisions users, DLs, Security Groups and contacts • Can move to 2 Way Sync later • on-premises master for all objects and properties 2 Way Sync from AD to Cloud and Cloud to AD • Required for Hybrid Deployments e.g. co-existence • • • • with Exchange online and Exchange on-premises Cannot move back to 1 way sync Cloud becomes master for certain properties (safe senders, mail co-existence, UM) Password Sync Option Password Syncing is 1 way. Users that have Password Sync enabled are required to change their passwords on premises in an AD connected machine.
  • 38. Dirsync Password Synchronization • No longer requires ADFS to provide SSO • Does not sync plaintext passwords • Dirsync syncs hashes of hashes of your user's passwords greatly reducing the risk of a password leaking • You don't need to install any new software on your DCs or reboot DCs • Users don't need to change passwords • Password Syncing is 1 way. Users that have Password Sync enabled are required to change their passwords on premises in an AD connected machine. • “In my opinion not as secure as ADFS”
  • 39. Dirsync: Synchronization Schedule • Default is Every 3 Hours • “Start-OnlineCoexistenceSync” cmdlet can manually force a manual sync • Synchronization can be re-scheduled here! 1. First navigate to the following directory on your DirSync Server. C:Program 2. 3. 4. 5. FilesMicrosoft Online Directory Sync Locate service executable that is used to run the DirSync scheduleLocate the following lines within the Microsoft.Online.DirSync.Scheduler.exe.config file: <add key="SyncTimeInterval" value="3:00:0" /> Edit the time within this file to reduce the sync schedule; for example to reduce the time to every 30 minutes use the following values: <add key="SyncTimeInterval" value="0:30:0" /> Finally open the Services console (Start>Run>Services.msc) and restart the Microsoft Online Services Directory Synchronization Service. 39
  • 40. • • • • • • • • • Best Bets and Next Choose Correct 365 Solution Steps Product V.s. Service Clean House SSO or not to SSO? Read the Planning Guides Region V.s. Compliance! Get your DNS Correct Watch out for Expiring SSL Certs Beware the Deleted Domain Issue