• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Identity in office 365   sps michigan 2013
 

Identity in office 365 sps michigan 2013

on

  • 342 views

 

Statistics

Views

Total Views
342
Views on SlideShare
342
Embed Views
0

Actions

Likes
0
Downloads
3
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Identity in office 365   sps michigan 2013 Identity in office 365 sps michigan 2013 Presentation Transcript

    • Identity in Office 365
    • Blog: http://www.MyCentralAdmin.com Twitter: @ferringer
    • 3 | SharePoint Saturday Michigan 2013 Outline  Office365 Overview  Changingthe IdentityPerspective  Authenticationvs. Authorization  Who Are You?  What Do You Do Here?  Who’s in Charge Here?
    • 4 | SharePoint Saturday Michigan 2013  Email and Calendaring  Websitesand Collaboration  IM and OnlineMeetings  OfficeClientand Web Apps  Hostedby Microsoft– in the cloud!
    • 5 | SharePoint Saturday Michigan 2013  Office365 Overview  Changingthe IdentityPerspective  Authenticationvs. Authorization  Who Are You?  What Do You Do Here?  Who’s in Charge Here?
    • 6 | SharePoint Saturday Michigan 2013 Did Someone say Cloud?
    • 7 | SharePoint Saturday Michigan 2013 What’s Your Perspective?
    • 8 | SharePoint Saturday Michigan 2013 Identity’s impact on Office 365  End UserExperience  Complexity  Scale  Manageability  Investment
    • 9 | SharePoint Saturday Michigan 2013  Office365 Overview  Changingthe IdentityPerspective  Authenticationvs. Authorization  Who Are You?  What Do You Do Here?  Who’s in Charge Here?
    • 10 | SharePoint Saturday Michigan 2013 Authentication vs. Authorization  Who getsin?  What can they do?
    • 11 | SharePoint Saturday Michigan 2013 Who gets in?  Where do your Office 365 useraccounts live?  What is neededto use them?  What can they do?  What are the limitations of the approach?
    • 12 | SharePoint Saturday Michigan 2013  Office365 Overview  Changingthe IdentityPerspective  Authenticationvs. Authorization  Who Are You?  What Do You Do Here?  Who’s in Charge Here?
    • 13 | SharePoint Saturday Michigan 2013 Identity Options 1. MicrosoftOnline(MSO)IDs 2. MSOIDs +DirectorySynchronization 3. SingleSignOn +DirectorySynchronization Your Environment AD MS Online Directory Sync Identity Services Provisioning platform Lync Online SharePoint Online Exchange Online Active Directory Federation Services 2.0 Trust IdP Directory Store Admin Portal/ PowerShell Authentication platform Office 365 Desktop Setup Microsoft Online Services IdP
    • 14 | SharePoint Saturday Michigan 2013 What can they do? Appropriate for • Smaller orgs without AD on-premise Pros • No servers required on- premise Cons • No SSO • No 2FA • 2 sets of credentials to manage with differing password policies • IDs mastered in the cloud Appropriate for • Medium/Large orgs with AD on-premise Pros • Users and groups mastered on-premise • Enables co-existence scenarios Cons • No SSO • No 2FA • 2 sets of credentials to manage with differing password policies • Single server deployment Appropriate for • Larger enterprise orgs with AD on-premise Pros • SSO with corporate cred • IDs mastered on-premise • Password policy controlled on-premise • 2FA solutions possible • Enables co-existence scenarios Cons • High availability server deployments required
    • 15 | SharePoint Saturday Michigan 2013 Sign On Experience * SSO vs. Online IDs Summary Win7/Vista/XP SSO IDs (domain joined) MS Online IDs Outlook Web Application SharePoint Web Application ActiveSync, POP, IMAP, Entourage Outlook 2007 or 2010 Online IDOnline IDOnline ID Win 7/Vista/XP Office 2010, or Office 2007 SP2 Online ID Win7/Vista/XP Lync Online Online ID AD credentials AD credentials AD credentials AD credentials AD credentials SSO IDs (non-domain joined) AD credentials AD credentials AD credentials AD credentials AD credentials *Requires ADFS 2.0
    • 16 | SharePoint Saturday Michigan 2013 How does AD FS work?  Claimsauthentication  Think of it likea passport  PassportApplication  Visa Application  Submit for authorization  Allowedaccess
    • 17 | SharePoint Saturday Michigan 2013 AD FS’s Authentication flow ` Client (joined to CorpNet) Authentication platformAD FS 2.0 Server Exchange Online or SharePoint Online Active Directory Your Environment Microsoft Online Services Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Auth Token UPN:user@contoso.com Unique ID:254729
    • 18 | SharePoint Saturday Michigan 2013 AD FS 2.0 deployment options 1. Single serverconfiguration 2. AD FS 2.0 server farm and load-balancer 3. AD FS 2.0 proxy serveror UAG/TMG (ExternalUsers,ActiveSync,Outlook) Enterprise DMZ AD FS 2.0 Server Proxy External userInternal user Active Directory AD FS 2.0 Server AD FS 2.0 Server AD FS 2.0 Server Proxy
    • 19 | SharePoint Saturday Michigan 2013 ADFS Considerations  Can you afford an outage?  How do you secureit?  It’s complex  RequiresspecificAD config  UPN formatting  RequiresDirSync  Otheroptions available  Shibboleth  Ping  Okta Hattip:@usher
    • 20 | SharePoint Saturday Michigan 2013 Directory Synchronization  One-way or two-way copy of accounts to Office365  Requiredfor SSO/ADFS  But can be usedwithout AD FS  Requiredfor Hybrid scenarios  Think of it as an appliance, always running
    • 21 | SharePoint Saturday Michigan 2013 Your Environment AD MS Online Directory Sync Identity Services Lync Online SharePoint Online Exchange Online Active Directory Federation Services 2.0 Trust IdP Directory Store Authentication platform Office 365 Desktop Setup Microsoft Online Services IdP How DirSync Fits in
    • 22 | SharePoint Saturday Michigan 2013 Getting to know DirSync  It’s actually Forefront IdentityManager  CopiesAD accounts into Office365  But not back down  Doesn’tsync passwords  Filteringnow available  Can have sizingissues  Upload sizing  Databasesizing  FIM:no touchy! (maybe)
    • 23 | SharePoint Saturday Michigan 2013  Office365 Overview  Changingthe IdentityPerspective  Authenticationvs. Authorization  Who Are You?  What Do You Do Here?  Who’s in Charge Here?
    • 24 | SharePoint Saturday Michigan 2013 Office 365 admin roles  Global administrator  Billing administrator  Password administrator  Servicesadministrator  Usermanagement administrator  Delegatedadministrator  See the Office365 SupportServicesDescriptiondocument formore info: http://tinyurl.com/o365SvcDescrs
    • 25 | SharePoint Saturday Michigan 2013  Office365 Overview  Changingthe IdentityPerspective  Authenticationvs. Authorization  Who Are You?  What Do You Do Here?  Who’s in Charge Here?
    • 26 | SharePoint Saturday Michigan 2013 Managing Identity in Office 365  Admin activitiesdo not go away  AD FS is complex  And important!  PowerShellis your friend  How’s your internetconnection?  Office365 is constantlychanging
    • 27 | SharePoint Saturday Michigan 2013 Troubleshooting Identity  MicrosoftOnlineDiagnosticsand Logging tool (MOSDAL)  MicrosoftRemoteConnectivityAnalyzer: HTTP://testexchangeconnectivity.com  Fiddler  WireShark/Netmon  Office365 ExpertDiscussionSeries: http://tinyurl.com/o365ExptDisc
    • 28 | SharePoint Saturday Michigan 2013 Tie IT All Together
    • Blog: http://www.MyCentralAdmin.com Twitter: @ferringer