Presentation is loading. Please wait.

Presentation is loading. Please wait.

Office 365 Identity Management

Published byYildiz Arıca Modified over 6 years ago

Similar presentations

Presentation on theme: "Office 365 Identity Management"— Presentation transcript:

1 Office 365 Identity Management

2 Meet Paul Andrew | @pndrw
Office 365 Technical Product Manager Office 365 datacenter, networking, identity management Passion for informing and inspiring IT Professionals to create simpler solutions to complex problems Meet Andreas Kjellman Active Directory Program Manager Identity Synchronization

3 M2: Directory Synchronization is Easy with Office 365

4 Agenda Overview of the synchronization model Before installing AADSync
Demo install AADSync Considerations after the install

5 Office 365 identity models
Cloud identity Synchronized identity Federated identity Zero on-premises servers Directory sync with password sync Federation Directory sync On-premises identity On-premises identity Between zero and three additional servers Between two and eight on-premises servers

6 Synchronized identity model
Password hashes User accounts Synchronized identity AAD Sync On-premises directory Sign-on User On-premises directory

7 Before installing AADSync
Active Directory remediation Run IdFix Verify DNS domains with Office 365 Add these prior to syncing to preserve UPN Directories other than Active Directory Works with Office 365 – Identity program Will be added soon to AADSync One server is most common Domain controller is Okay Separate SQL Server is Okay up to 100,000 directory objects You can install to Azure IAAS Migrating from DirSync or FIM 2010 Uninstall / Reinstall Side by side install with object review Forest functional level Windows Server 2003

8 IdFix – DirSync AD Remediation
Errors Validated Attributes Duplicate proxyAddresses Invalid characters in attributes Over length attributes Format errors in attributes Use of non-routable domains Blank attribute that requires a value mailNickName proxyAddresses sAMAccountName targetAddress userPrincipalName

9 demo Configure Office 365

10 Install the product Install all dependencies: With default settings:
SQL Express LocalDB, Sync, Sign-in assistant, AAD Connector With default settings: Local service account w/ random password

11 Install and Configure aadsync
demo Install and Configure aadsync

12 User (and contact) matching
Metaverse Connector Space 1 2 1 2 1 2

13 Post installation considerations

14 Out of the box configuration
Single forest Same as DirSync Multi-forest configurations Fully-mesh, Account-resource forest One or multiple Exchange organizations with hybrid Exchange Group membership for security groups with ForeignSecurityPrincipals (FSPs) Assumptions User will have only one enabled user account User will have only one mailbox The best data quality for a user is where Exchange is located Passwords Password (hash) Sync and password write-back

15 Review the configuration
Installation logs %windir%\temp\aadsync Synchronization Rules Depending on if Exchange and Lync is present in AD, different rules will be generated Depending on Exchange version attributes will be removed as needed Only selected services will have outbound rules to AAD Attributes you selected to not be included are removed from the outbound rules to AAD Introducing the Sync Rule Editor A “Resource Kit Tool” to view, change and add Sync Rules

16 demo Sync Rule Editor

17 AADSync installation review
Be aware of directory object limits A new tenant can sync up to 50,000 directory objects Register a vanity domain and it is increased to 300,000 objects Sync now Expect about 1 hour per 5,000 objects Password expiry for the sync account Assign Office 365 licenses High availability Can Backup and reinstall Filtering AADSync By Domain and OUs By attributes

18 Password hash sync security
5/4/2019 Password hash sync security On-premises directory Azure AD Hash Extra Security User Password Password hash AD DS It is not reversible to get the users password A Hash Hashes are mathematical functions that are nearly impossible to reverse The result of the hash algorithm is called a digest Additional Processing We further process it with a one way hash SHA256 algorithm Connections are only to the Azure AD service Connections are SSL encrypted Enables Azure AD to validate the users password when they log in © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Licensing AADSync is following AAD licensing
No extra cost for Sync AADSync is free when synchronizing from on-prem to AAD Includes multiple AD-forests, non-AD LDAP, and any other supported source Includes write-back for hybrid Exchange AADSync requires AAD Premium for write-back from AAD to on-prem Password, device, group, user, … Includes writing between on-premises directories

20 M2 Summary: Directory Synchronization is Easy with Office 365
Directory and password hash synchronization IdFix to avoid synchronization issues Tips for making sync easy

21

Download ppt "Office 365 Identity Management"

Similar presentations

Configuring SharePoint 2013 and Office 365 Hybrid – Part 1

Configuring SharePoint 2013 and Office 365 Hybrid – Part 1
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
MIX 09 4/15/2017 11:14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Identity management integration options for Office 365

Identity management integration options for Office 365
| |

| |
Session 1.

Session 1.
Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
Feature: Assign an Item to Multiple Sites © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Feature: Assign an Item to Multiple Sites © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
WinHEC 2008 4/22/2017 © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

WinHEC /22/2017 © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
Windows Azure Connect Name Title Microsoft Corporation.

Windows Azure Connect Name Title Microsoft Corporation.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

customer.

customer.
03 | Word Templates Brian Meier| Senior Lead Program Manager.

03 | Word Templates Brian Meier| Senior Lead Program Manager.
demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
demo Demo.

demo Demo.
Advanced SQL Azure Database Name Title Microsoft Corporation.

Advanced SQL Azure Database Name Title Microsoft Corporation.
demo QueryForeign KeyInstance /sm:body()/x:Order/x:Delivery/y:TrackingId1Z01234567893.

demo QueryForeign KeyInstance /sm:body()/x:Order/x:Delivery/y:TrackingId1Z

Similar presentations

Ads by Google