Office 365 Identity and Access Solutions Suresh Menon

  • Slides: 17
Download presentation
Office 365: Identity and Access Solutions Suresh Menon Technology Specialist – Office 365 Microsoft

Office 365: Identity and Access Solutions Suresh Menon Technology Specialist – Office 365 Microsoft Corporation India

Session Objectives • • • Describe the different Identity Features Explain the Identity Architecture

Session Objectives • • • Describe the different Identity Features Explain the Identity Architecture and Features Describe how federated authentication works Describe the various deployment scenarios Questions

Office 365 Identity features • Microsoft Online ID + Active Directory Sync • Federated

Office 365 Identity features • Microsoft Online ID + Active Directory Sync • Federated ID -Single sign-on with corporate credentials • Role-based administration: Five administration roles • • • Company Admin Billing Admin User Account Admin Help. Desk Admin Service Support Admin

Identity architecture: Identity options 1. Microsoft Online IDs Microsoft Online Services Contoso customer premises

Identity architecture: Identity options 1. Microsoft Online IDs Microsoft Online Services Contoso customer premises Trust Authentication platform Active Directory Federation Server 2. 0 Id. P AD MS Online Directory Sync Office 365 Desktop Setup Exchange Online Id. P Provisioning platform Admin Portal Directory Store Share. Point Online Lync Online

Identity options comparison 1. MS Online IDs 2. MS Online IDs + Dir Sync

Identity options comparison 1. MS Online IDs 2. MS Online IDs + Dir Sync 3. Federated IDs + Dir Sync Appropriate for • Smaller orgs without AD on-premise Appropriate for • Medium/Large orgs with AD on-premise Appropriate for • Larger enterprise orgs with AD on-premise Pros • No servers required onpremise Pros • Users and groups mastered on-premise • Enables co-existence scenarios Pros • SSO with corporate cred • IDs mastered onpremise • Password policy controlled on-premise • 2 FA solutions possible • Enables co-existence scenarios Cons • No SSO • No 2 FA • 2 sets of credentials to manage with differing password policies • IDs mastered in the cloud Cons • No SSO • No 2 FA • 2 sets of credentials to manage with differing password policies • Single server deployment Cons • High availability server deployments required

Single Sign on setup

Single Sign on setup

Identity Federation Authentication flow (Passive/Web profile) Customer Microsoft Online Services User Source ID NET

Identity Federation Authentication flow (Passive/Web profile) Customer Microsoft Online Services User Source ID NET ID

Identity Federation Authentication flow (Rich Client profile) Customer Microsoft Online Services User Source ID

Identity Federation Authentication flow (Rich Client profile) Customer Microsoft Online Services User Source ID NET ID

Identity Federation Authentication flow (EAS Basic Auth/Active profile) Customer Microsoft Online Services User Source

Identity Federation Authentication flow (EAS Basic Auth/Active profile) Customer Microsoft Online Services User Source ID Basic Creden tial NET ID

AD FS 2. 0 deployment options 1. Single server configuration 2. AD FS 2.

AD FS 2. 0 deployment options 1. Single server configuration 2. AD FS 2. 0 server farm and load-balancer 3. AD FS 2. 0 proxy server or UAG/TMG (External Users, Active Sync, Down-level Clients with Outlook) Active Directory AD FS 2. 0 Server Internal user AD FS 2. 0 Server Enterprise AD FS 2. 0 Server Proxy DMZ

Customer AD Structures • Matching domains – Internal Domain and External domain are the

Customer AD Structures • Matching domains – Internal Domain and External domain are the same • Eg. contoso. com • Sub Domain – Internal domains is a sub domain of the external domain • Eg. Corp. contoso. com • Local Domain – Internal domain is not publicly “registered” • Eg. Contoso. local • Multi Forest – Not Currently supported

General Rules • Every User must have a UPN • UPNs must match a

General Rules • Every User must have a UPN • UPNs must match a validated domain in MSOL. • Users need to understand that they must use UPN to logon to Microsoft Online Services

Active Directory Considerations • Matching domain – No special requirements • Sub Domain –

Active Directory Considerations • Matching domain – No special requirements • Sub Domain – Requires that Domains be registered in order, primary then sub domain • Local Domain – Domain can not be registered thus cannot be used for federation • Requires all users to get new UPN

• • Additional resources link www. office 365. com Office 365 Beta service

• • Additional resources link www. office 365. com Office 365 Beta service Descriptions Setting up a Federation Service

Resources Software Application Developers Infrastructure Professionals http: //msdn. microsoft. com/ http: //technet. microsoft. com/

Resources Software Application Developers Infrastructure Professionals http: //msdn. microsoft. com/ http: //technet. microsoft. com/ msdnindia @msdnindia technetindia @technetindia

© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows Vista and other product names

© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U. S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Office 365 Overview INTRODUCTION TO OFFICE 365 OfficeOffice 365 Overview INTRODUCTION TO OFFICE 365 Office
Plan and Implement Office 365 Implementing Office 365Plan and Implement Office 365 Implementing Office 365
Plan and Implement Office 365 Implementing Office 365Plan and Implement Office 365 Implementing Office 365
Office 365 Office Project Visio Office Servers OfficeOffice 365 Office Project Visio Office Servers Office
Office 365 WPC 044 Managing Office 365 TenantOffice 365 WPC 044 Managing Office 365 Tenant
Office 365 An Introduction to Office 365 WhatOffice 365 An Introduction to Office 365 What
OFFICE 365 FOREDUCATION Introduction to Office 365 inOFFICE 365 FOREDUCATION Introduction to Office 365 in
Office 365 Main features Office 365 Email accountnamehwbmailOffice 365 Main features Office 365 Email accountnamehwbmail
Accessing Office 365 Forms Login to Office 365Accessing Office 365 Forms Login to Office 365
Office 365 Qu es Office 365 es laOffice 365 Qu es Office 365 es la
Office 365 Platform Flexible Tools Each Office 365Office 365 Platform Flexible Tools Each Office 365
Office 365 Update Looked at Office 365 fromOffice 365 Update Looked at Office 365 from
Office 365 Office 365 firma Microsoft poskytuje slubuOffice 365 Office 365 firma Microsoft poskytuje slubu
Microsoft Office 365 Name Date 2017 Office 365Microsoft Office 365 Name Date 2017 Office 365
Office 365 ir Teams mokymai pradedantiesiems Office 365Office 365 ir Teams mokymai pradedantiesiems Office 365
Why Trust Office 365 Office 365 Security PrivacyWhy Trust Office 365 Office 365 Security Privacy