Presentation is loading. Please wait.

Presentation is loading. Please wait.

Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.

Published byLaureen Beasley Modified over 9 years ago

Similar presentations

Presentation on theme: "Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321."— Presentation transcript:

1 Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321

2

3

4

5 Office Subscription Services Office Subscription Services Contoso customer premises AD MS Online Directory Sync Windows Azure Active Directory Provisioning platform Provisioning platform Lync Online Lync Online SharePoint Online SharePoint Online Exchange Online Exchange Online Active Directory Federation Server 2.0 Trust IdP Directory Store Directory Store Admin Portal/ PowerShell Admin Portal/ PowerShell Authentication platform Office 365 Desktop Setup IdP

6

7 1. No Integration Appropriate for Smaller orgs without AD on- premises Pros No servers required on- premises Cons No SSO No 2FA 2 sets of credentials to manage with differing password policies IDs mastered in the cloud Appropriate for Smaller orgs without AD on- premises Pros No servers required on- premises Cons No SSO No 2FA 2 sets of credentials to manage with differing password policies IDs mastered in the cloud 2. Directory Only Appropriate for Medium/Large orgs with AD on-premises Pros Users and groups mastered on- premises Enables co-existence scenarios Cons No SSO No 2FA 2 sets of credentials to manage with differing password policies Single server deployment Appropriate for Medium/Large orgs with AD on-premises Pros Users and groups mastered on- premises Enables co-existence scenarios Cons No SSO No 2FA 2 sets of credentials to manage with differing password policies Single server deployment 3. Directory and SSO Appropriate for Larger enterprise orgs with AD on-premises Pros SSO with corporate cred IDs mastered on-premises Password policy controlled on- premises 2FA solutions possible Enables hybrid scenarios Location isolation Cons High availability server deployments required Appropriate for Larger enterprise orgs with AD on-premises Pros SSO with corporate cred IDs mastered on-premises Password policy controlled on- premises 2FA solutions possible Enables hybrid scenarios Location isolation Cons High availability server deployments required

8

9

10

11

12

13

14

15 Web Clients Office 2010, Office 2007 SP2 with SharePoint Online Outlook Web Application Remember last user Web Clients Office 2010, Office 2007 SP2 with SharePoint Online Outlook Web Application Remember last user Exchange Clients Office 2010, Office 2007 SP2 Active Sync/POP/IMAP Entourage Can save credentials Exchange Clients Office 2010, Office 2007 SP2 Active Sync/POP/IMAP Entourage Can save credentials Rich Applications (SIA) Lync Online Office Subscriptions CRM Rich Client Can save credentials Rich Applications (SIA) Lync Online Office Subscriptions CRM Rich Client Can save credentials SSO IDs (domain joined) MS Online IDs No Prompt Username and Password Online ID AD credentials SSO IDs (non-domain joined) Username and Password AD credentials Username Username and Password Online ID AD credentials Username and Password AD credentials Username and Password Online ID AD credentials Username and Password AD credentials

16

17

18

19 Customer Microsoft Online Services Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Auth Token UPN:user@contoso.com Unique ID: 254729 Auth Token UPN:user@contoso.com Unique ID: 254729

20 Customer Microsoft Online Services Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Auth Token UPN:user@contoso.com Unique ID: 254729 Auth Token UPN:user@contoso.com Unique ID: 254729

21 Customer Microsoft Online Services Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Auth Token UPN:user@contoso.com Unique ID: 254729 Auth Token UPN:user@contoso.com Unique ID: 254729 Basic Auth Credentilas Username/Password Basic Auth Credentilas Username/Password

22 StructureDescriptionConsiderations Matching domainsInternal Domain and External domain are the same i.e. contoso.com No special requirements Sub domainInternal domains is a sub domain of the external domain i.e. corp.contoso.com Requires Domains registered in order, primary then sub domains.local domainInternal domain is not publicly “registered” i.e. contoso.local Domain ownership can’t be proved, must use a different domain Requires all users to get new UPN Use SMTP address if possible Smart Card issues Multiple distinct UPN suffixes in single forest Mix of users having login UPNs under different domains i.e. contoso.com & fabrikam.com Must use SupportMultipleDomain switch in PowerShell Sub domains require additional work Multi ForestMultiple AD ForestPremier engagement

23

24

25 Access Application Redirect to Authentication platform Types User Name Generate SAML token for authentication platform Redirect Back Present ticket to Application Install 3 rd party auth provider ADFS proxy Authenticate 2FA Authenticate 2FA response Authentication platform Windows Azure Active Directory

26

27 Authenticate 2FA Send Creds to Exchange Proxy Auth Evaluate Client Access Rules, issue SAML Token Send Creds to Exchange Proxy Auth Disable passive pages on proxy Connect to internal network Strong Auth VPN to internal network Authentication platform Windows Azure Active Directory

28 Questions

29 CodeTitleSchedule OSP221Microsoft Office 365 for Enterprises6/11/2012 3:00 PM OSP305The Modern Compatibility Process to Accelerate Microsoft Office Deployment6/11/2012 4:45 PM OSP321Active Directory Integration with Microsoft Office 3656/12/2012 10:15 AM OSP224Microsoft Office 365 Management and Deployment6/12/2012 1:30 PM OSP223Microsoft Office 365 for Education6/12/2012 3:15 PM OSP303Supporting Microsoft Office in an Enterprise Environment6/12/2012 3:15 PM OSP202Microsoft Excel: A Web Development Tool?6/12/2012 5:00 PM OSP306Microsoft Office Deployment for the Elite6/13/2012 10:15 AM OSP325To the Cloud, from the Trenches: Best Practices for Migrating to Microsoft Office 3656/13/2012 1:30 PM OSP302Building Integrated Microsoft Office 365, SharePoint Online, and Office Solutions Using BCS and LOB Data6/13/2012 3:15 PM OSP323Microsoft Office 365 Security, Privacy, and Trust6/13/2012 5:00 PM OSP324Microsoft Office 365 Service Reliability and Disaster Recovery6/14/2012 8:30 AM OSP304Optimized Desktop Deployment Jeopardy Live Game Show6/14/2012 1:00 PM OSP222Empowering Small Businesses: Microsoft Office 365 P-Suite6/14/2012 4:30 PM

30

31 Required Slide Complete an evaluation on CommNet and enter to win!

32 Connect. Share. Discuss. http://northamerica.msteched.com Learning Microsoft Certification & Training Resources www.microsoft.com/learning TechNet Resources for IT Professionals http://microsoft.com/technet Resources for Developers http://microsoft.com/msdn

33 Scan the Tag to evaluate this session now on myTechEd Mobile

34

35

Download ppt "Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321."

Similar presentations

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Office 365 Identity Federation Technology Deep-Dive

Office 365 Identity Federation Technology Deep-Dive
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Office 365 Identity aka Azure Active Directory

Office 365 Identity aka Azure Active Directory
Identity management integration options for Office 365

Identity management integration options for Office 365
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Microsoft Ignite /16/2017 4:55 PM

Microsoft Ignite /16/2017 4:55 PM
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
OSP206. Experience Office as it was meant to be… without the complexity of setting up servers.

OSP206. Experience Office as it was meant to be… without the complexity of setting up servers.
Active Directory Integration with Microsoft Office 365

Active Directory Integration with Microsoft Office 365
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
User Microsoft Account Ex: User Organizational Account Ex: Microsoft Account Windows Azure Active Directory.

User Microsoft Account Ex: User Organizational Account Ex: Microsoft Account Windows Azure Active Directory.
Building Integrated Microsoft Office 365, SharePoint Online, and Office Solutions Using BCS and LOB Data Donovan Follette Sr. Technical.

Building Integrated Microsoft Office 365, SharePoint Online, and Office Solutions Using BCS and LOB Data Donovan Follette Sr. Technical.
Archiving in the Cloud with Exchange Online Archiving BHARAT SUNEJA SR TECHNICAL WRITER | EXCHANGE MICROSOFT CORPORATION EXL301.

Archiving in the Cloud with Exchange Online Archiving BHARAT SUNEJA SR TECHNICAL WRITER | EXCHANGE MICROSOFT CORPORATION EXL301.
SIM 320. Contoso customer premises AD MS Online Directory Sync Identity Services Provisioning platform Provisioning platform Lync Online Lync Online.

SIM 320. Contoso customer premises AD MS Online Directory Sync Identity Services Provisioning platform Provisioning platform Lync Online Lync Online.
Introduction Please answer the survey questions posted at the end of this meeting. Let us know what sessions you want! Josh Topal at

Introduction Please answer the survey questions posted at the end of this meeting. Let us know what sessions you want! Josh Topal at
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Similar presentations

Ads by Google