ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity Without Boundaries 24 May 2016 Senior Architect – Oxford Computer Group

ADFS - Does it Still have a Place? Fitting into the EMS puzzle

Core Identity Scenarios with Azure Active Directory Cloud Identity Single identity in the cloud Suitable for small organizations with no integration to on- premises directories Directory & Password Synchronization* Single identity suitable for medium and large organizations without federation* Federated Identity Single federated identity and credentials suitable for medium and large organizations

Windows Azure Active Directory User Ease of deployment, management and support Lower cost as no additional servers are required On-Premises High availability and reliability as all Identities and Services are managed in the cloud Cloud Identity Ex:

Windows Azure Active Directory User Directory synchronization between on- premises and online Identities are created and managed on-premises and synchronized to the cloud Single identity and credentials but no single Sign-On for on-premises Password synchronization enables single sign- on at lower cost than federation On-Premises Identity Ex: corp\frank Directory Synchronization Password Synchronization Cloud Identity Ex: AD Non-AD (LDAP) Non-AD (LDAP)

Windows Azure Active Directory User Single identity and sign-on for on-premises and Azure AD protected services Identities mastered on-premises with single point of management Directory synchronization to synchronize directory objects into Azure AD Secure Token based authentication 3 rd party strong fa ctor authentication options for additional security with ADFS On-Premises Identity Ex: corp\frank Federation AD Non-AD (LDAP) Non-AD (LDAP) Directory Synchronization

Federation Options Suitable for educational organizations j Recommended where customers may use existing non-ADFS Identity systems Single sign-on Secure token based authentication Support for web clients and outlook only Microsoft supported for integration only, no shibboleth deployment support Requires on-premises servers & support Works with AD and other directories on-premises Shibboleth (SAML*) Works with AD & Non-AD Suitable for medium, large enterprises including educational organizations Recommended option for Active Directory (AD) based customers Single sign-on Secure token based authentication Support for web and rich clients Microsoft supported Phonefactor can be used for two factor auth Works for Office 365 Hybrid Scenarios Requires on-premises servers, licenses & support Suitable for medium, large enterprises including educational organizations Recommended where customers may use existing non-ADFS Identity systems with AD or Non-AD Single sign-on Secure token based authentication Support for web and rich clients Third-party supported Phonefactor can be used for two factor auth Works for Office 365 Hybrid Scenarios Requires on-premises servers, licenses & support Verified through ‘works with Office 365’ program Works for Office 365 Hybrid Scenarios

‘Works with Office 365’ Program for third party identity providers to interoperate with Office 365 Objective is to help customers that currently use Non-Microsoft identity solutions to adopt Office 365

Decision Points- General

Decision Points- Specific

Login Page Customization User Experience

Desktop SSO User Experience

Outlook 2010/2013 Active Sync / IMAP / POP MS Online Portal SharePoint Online Office Web Apps Lync 2010 / 2013 User Experience - Applications

Cost / Complexity issues with ADFS Other Considerations - Complexity

Security Scenarios that require ADFS Other Considerations - Security

2016 Redmond Summit Sponsors

Thank you! Frank. om