Your SlideShare is downloading. ×
0
Identity in Office 365
Blog: http://www.MyCentralAdmin.com
Twitter: @ferringer
3 | SharePoint Saturday Michigan 2013
Outline
 Office365 Overview
 Changingthe IdentityPerspective
 Authenticationvs. A...
4 | SharePoint Saturday Michigan 2013
 Email and Calendaring
 Websitesand Collaboration
 IM and OnlineMeetings
 Office...
5 | SharePoint Saturday Michigan 2013
 Office365 Overview
 Changingthe IdentityPerspective
 Authenticationvs. Authoriza...
6 | SharePoint Saturday Michigan 2013
Did Someone say Cloud?
7 | SharePoint Saturday Michigan 2013
What’s Your Perspective?
8 | SharePoint Saturday Michigan 2013
Identity’s impact on Office 365
 End UserExperience
 Complexity
 Scale
 Manageab...
9 | SharePoint Saturday Michigan 2013
 Office365 Overview
 Changingthe IdentityPerspective
 Authenticationvs. Authoriza...
10 | SharePoint Saturday Michigan 2013
Authentication vs. Authorization
 Who getsin?
 What can they do?
11 | SharePoint Saturday Michigan 2013
Who gets in?
 Where do your Office 365
useraccounts live?
 What is neededto use t...
12 | SharePoint Saturday Michigan 2013
 Office365 Overview
 Changingthe IdentityPerspective
 Authenticationvs. Authoriz...
13 | SharePoint Saturday Michigan 2013
Identity Options
1. MicrosoftOnline(MSO)IDs
2. MSOIDs +DirectorySynchronization
3. ...
14 | SharePoint Saturday Michigan 2013
What can they do?
Appropriate for
• Smaller orgs without
AD on-premise
Pros
• No se...
15 | SharePoint Saturday Michigan 2013
Sign On Experience *
SSO vs. Online IDs Summary
Win7/Vista/XP
SSO IDs
(domain
joine...
16 | SharePoint Saturday Michigan 2013
How does AD FS work?
 Claimsauthentication
 Think of it likea passport
 Passport...
17 | SharePoint Saturday Michigan 2013
AD FS’s Authentication flow
`
Client
(joined to CorpNet)
Authentication platformAD ...
18 | SharePoint Saturday Michigan 2013
AD FS 2.0 deployment options
1. Single serverconfiguration
2. AD FS 2.0 server farm...
19 | SharePoint Saturday Michigan 2013
ADFS Considerations
 Can you afford an outage?
 How do you secureit?
 It’s compl...
20 | SharePoint Saturday Michigan 2013
Directory Synchronization
 One-way or two-way
copy of accounts to Office365
 Requ...
21 | SharePoint Saturday Michigan 2013
Your Environment
AD
MS Online
Directory Sync
Identity Services
Lync
Online
SharePoi...
22 | SharePoint Saturday Michigan 2013
Getting to know DirSync
 It’s actually Forefront IdentityManager
 CopiesAD accoun...
23 | SharePoint Saturday Michigan 2013
 Office365 Overview
 Changingthe IdentityPerspective
 Authenticationvs. Authoriz...
24 | SharePoint Saturday Michigan 2013
Office 365 admin roles
 Global administrator
 Billing administrator
 Password ad...
25 | SharePoint Saturday Michigan 2013
 Office365 Overview
 Changingthe IdentityPerspective
 Authenticationvs. Authoriz...
26 | SharePoint Saturday Michigan 2013
Managing Identity in Office 365
 Admin activitiesdo not go away
 AD FS is complex...
27 | SharePoint Saturday Michigan 2013
Troubleshooting Identity
 MicrosoftOnlineDiagnosticsand Logging tool
(MOSDAL)
 Mi...
28 | SharePoint Saturday Michigan 2013
Tie IT All Together
Blog: http://www.MyCentralAdmin.com
Twitter: @ferringer
Identity in office 365   sps michigan 2013
Upcoming SlideShare
Loading in...5
×

Identity in office 365 sps michigan 2013

261

Published on

Published in: Technology, Sports
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
261
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Identity in office 365 sps michigan 2013"

  1. 1. Identity in Office 365
  2. 2. Blog: http://www.MyCentralAdmin.com Twitter: @ferringer
  3. 3. 3 | SharePoint Saturday Michigan 2013 Outline  Office365 Overview  Changingthe IdentityPerspective  Authenticationvs. Authorization  Who Are You?  What Do You Do Here?  Who’s in Charge Here?
  4. 4. 4 | SharePoint Saturday Michigan 2013  Email and Calendaring  Websitesand Collaboration  IM and OnlineMeetings  OfficeClientand Web Apps  Hostedby Microsoft– in the cloud!
  5. 5. 5 | SharePoint Saturday Michigan 2013  Office365 Overview  Changingthe IdentityPerspective  Authenticationvs. Authorization  Who Are You?  What Do You Do Here?  Who’s in Charge Here?
  6. 6. 6 | SharePoint Saturday Michigan 2013 Did Someone say Cloud?
  7. 7. 7 | SharePoint Saturday Michigan 2013 What’s Your Perspective?
  8. 8. 8 | SharePoint Saturday Michigan 2013 Identity’s impact on Office 365  End UserExperience  Complexity  Scale  Manageability  Investment
  9. 9. 9 | SharePoint Saturday Michigan 2013  Office365 Overview  Changingthe IdentityPerspective  Authenticationvs. Authorization  Who Are You?  What Do You Do Here?  Who’s in Charge Here?
  10. 10. 10 | SharePoint Saturday Michigan 2013 Authentication vs. Authorization  Who getsin?  What can they do?
  11. 11. 11 | SharePoint Saturday Michigan 2013 Who gets in?  Where do your Office 365 useraccounts live?  What is neededto use them?  What can they do?  What are the limitations of the approach?
  12. 12. 12 | SharePoint Saturday Michigan 2013  Office365 Overview  Changingthe IdentityPerspective  Authenticationvs. Authorization  Who Are You?  What Do You Do Here?  Who’s in Charge Here?
  13. 13. 13 | SharePoint Saturday Michigan 2013 Identity Options 1. MicrosoftOnline(MSO)IDs 2. MSOIDs +DirectorySynchronization 3. SingleSignOn +DirectorySynchronization Your Environment AD MS Online Directory Sync Identity Services Provisioning platform Lync Online SharePoint Online Exchange Online Active Directory Federation Services 2.0 Trust IdP Directory Store Admin Portal/ PowerShell Authentication platform Office 365 Desktop Setup Microsoft Online Services IdP
  14. 14. 14 | SharePoint Saturday Michigan 2013 What can they do? Appropriate for • Smaller orgs without AD on-premise Pros • No servers required on- premise Cons • No SSO • No 2FA • 2 sets of credentials to manage with differing password policies • IDs mastered in the cloud Appropriate for • Medium/Large orgs with AD on-premise Pros • Users and groups mastered on-premise • Enables co-existence scenarios Cons • No SSO • No 2FA • 2 sets of credentials to manage with differing password policies • Single server deployment Appropriate for • Larger enterprise orgs with AD on-premise Pros • SSO with corporate cred • IDs mastered on-premise • Password policy controlled on-premise • 2FA solutions possible • Enables co-existence scenarios Cons • High availability server deployments required
  15. 15. 15 | SharePoint Saturday Michigan 2013 Sign On Experience * SSO vs. Online IDs Summary Win7/Vista/XP SSO IDs (domain joined) MS Online IDs Outlook Web Application SharePoint Web Application ActiveSync, POP, IMAP, Entourage Outlook 2007 or 2010 Online IDOnline IDOnline ID Win 7/Vista/XP Office 2010, or Office 2007 SP2 Online ID Win7/Vista/XP Lync Online Online ID AD credentials AD credentials AD credentials AD credentials AD credentials SSO IDs (non-domain joined) AD credentials AD credentials AD credentials AD credentials AD credentials *Requires ADFS 2.0
  16. 16. 16 | SharePoint Saturday Michigan 2013 How does AD FS work?  Claimsauthentication  Think of it likea passport  PassportApplication  Visa Application  Submit for authorization  Allowedaccess
  17. 17. 17 | SharePoint Saturday Michigan 2013 AD FS’s Authentication flow ` Client (joined to CorpNet) Authentication platformAD FS 2.0 Server Exchange Online or SharePoint Online Active Directory Your Environment Microsoft Online Services Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Auth Token UPN:user@contoso.com Unique ID:254729
  18. 18. 18 | SharePoint Saturday Michigan 2013 AD FS 2.0 deployment options 1. Single serverconfiguration 2. AD FS 2.0 server farm and load-balancer 3. AD FS 2.0 proxy serveror UAG/TMG (ExternalUsers,ActiveSync,Outlook) Enterprise DMZ AD FS 2.0 Server Proxy External userInternal user Active Directory AD FS 2.0 Server AD FS 2.0 Server AD FS 2.0 Server Proxy
  19. 19. 19 | SharePoint Saturday Michigan 2013 ADFS Considerations  Can you afford an outage?  How do you secureit?  It’s complex  RequiresspecificAD config  UPN formatting  RequiresDirSync  Otheroptions available  Shibboleth  Ping  Okta Hattip:@usher
  20. 20. 20 | SharePoint Saturday Michigan 2013 Directory Synchronization  One-way or two-way copy of accounts to Office365  Requiredfor SSO/ADFS  But can be usedwithout AD FS  Requiredfor Hybrid scenarios  Think of it as an appliance, always running
  21. 21. 21 | SharePoint Saturday Michigan 2013 Your Environment AD MS Online Directory Sync Identity Services Lync Online SharePoint Online Exchange Online Active Directory Federation Services 2.0 Trust IdP Directory Store Authentication platform Office 365 Desktop Setup Microsoft Online Services IdP How DirSync Fits in
  22. 22. 22 | SharePoint Saturday Michigan 2013 Getting to know DirSync  It’s actually Forefront IdentityManager  CopiesAD accounts into Office365  But not back down  Doesn’tsync passwords  Filteringnow available  Can have sizingissues  Upload sizing  Databasesizing  FIM:no touchy! (maybe)
  23. 23. 23 | SharePoint Saturday Michigan 2013  Office365 Overview  Changingthe IdentityPerspective  Authenticationvs. Authorization  Who Are You?  What Do You Do Here?  Who’s in Charge Here?
  24. 24. 24 | SharePoint Saturday Michigan 2013 Office 365 admin roles  Global administrator  Billing administrator  Password administrator  Servicesadministrator  Usermanagement administrator  Delegatedadministrator  See the Office365 SupportServicesDescriptiondocument formore info: http://tinyurl.com/o365SvcDescrs
  25. 25. 25 | SharePoint Saturday Michigan 2013  Office365 Overview  Changingthe IdentityPerspective  Authenticationvs. Authorization  Who Are You?  What Do You Do Here?  Who’s in Charge Here?
  26. 26. 26 | SharePoint Saturday Michigan 2013 Managing Identity in Office 365  Admin activitiesdo not go away  AD FS is complex  And important!  PowerShellis your friend  How’s your internetconnection?  Office365 is constantlychanging
  27. 27. 27 | SharePoint Saturday Michigan 2013 Troubleshooting Identity  MicrosoftOnlineDiagnosticsand Logging tool (MOSDAL)  MicrosoftRemoteConnectivityAnalyzer: HTTP://testexchangeconnectivity.com  Fiddler  WireShark/Netmon  Office365 ExpertDiscussionSeries: http://tinyurl.com/o365ExptDisc
  28. 28. 28 | SharePoint Saturday Michigan 2013 Tie IT All Together
  29. 29. Blog: http://www.MyCentralAdmin.com Twitter: @ferringer
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×