Your SlideShare is downloading. ×
0
Identity in Office 365
Blog: http://www.MyCentralAdmin.comTwitter: @ferringer
Outline   Office 365 Overview   Changing the Identity Perspective   Authentication vs. Authorization   Who Are You?  ...
   Email and Calendaring   Websites and Collaboration   IM and Online Meetings   Office Client and Web Apps   Hosted ...
   Office 365 Overview   Changing the Identity Perspective   Authentication vs. Authorization   Who Are You?   What D...
Did Someone say Cloud?                     6   | SharePoint Saturday Redmond 2012
What’s Your Perspective?                           7   | SharePoint Saturday Redmond 2012
Identity’s impact on Office 365   End User Experience   Complexity   Scale   Manageability   Investment              ...
   Office 365 Overview   Changing the Identity Perspective   Authentication vs. Authorization   Who Are You?   What D...
Authentication vs. Authorization Who gets in? What can they do?                         10   | SharePoint Saturday Redmo...
Who gets in? Where do your Office 365   user accounts live? What is needed to use them? What can they do? What are the...
   Office 365 Overview   Changing the Identity Perspective   Authentication vs. Authorization   Who Are You?   What D...
Identity Options1.     Microsoft Online (MSO) IDs2.     MSO IDs + Directory Synchronization3.     Single Sign On + Directo...
What can they do?                              Appropriate forAppropriate for                • Medium/Large orgs with     ...
Sign On Experience *SSO vs. Online IDs Summary                                                    Outlook Web             ...
Active DirectoryFederation Services (AD FS)                                              Microsoft Online Services        ...
How does AD FS work? Claims authentication Think of it like a passport    Passport Application    Visa Application   ...
AD FS’s Authentication flow       Your Environment                                  Microsoft Online ServicesActive Direct...
AD FS 2.0 deployment options1. Single server configuration2. AD FS 2.0 server farm and load-balancer3. AD FS 2.0 proxy ser...
ADFS Considerations Can you afford an outage? How do you secure it? It’s complex Requires specific AD config          ...
Directory Synchronization One-way copy of accounts      to Office 365 Required for SSO/AD FS    But can be used without...
How DirSync Fits in                                              Microsoft Online Services                                ...
Getting to know DirSync It’s actually Forefront Identity Manager Copies AD accounts into Office 365    But not back dow...
   Office 365 Overview   Changing the Identity Perspective   Authentication vs. Authorization   Who Are You?   What D...
Who does what around here? Role-based Administration (RBAC) External access                                     25   | S...
Office 365 user roles End Users Service administrators    Exchange Online    SharePoint Online    Lync Online Office...
Office 365 admin roles   Global administrator   Billing administrator   Password administrator   Services administrato...
External access Allows external users access to SharePoint Online No USLs required Not full Extranet Users can have:  ...
   Office 365 Overview   Changing the Identity Perspective   Authentication vs. Authorization   Who Are You?   What D...
Managing Identity in Office 365   Admin activities do not go away   AD FS is complex   And important!   PowerShell is ...
Troubleshooting Identity Microsoft Online Diagnostics and Logging tool  (MOSDAL) Microsoft Remote Connectivity Analyzer:...
Tie IT All Together                      32   | SharePoint Saturday Redmond 2012
Blog: http://www.MyCentralAdmin.comTwitter: @ferringer
Identity in Office 365  - SPS Redmond 2012
Upcoming SlideShare
Loading in...5
×

Identity in Office 365 - SPS Redmond 2012

3,232

Published on

One of the most compelling aspects of Office 365 is how it can be integrated into organization's existing IT infrastructures to provide users with a seamless experience; when implemented properly users shouldn't even realize a difference between on premise platforms and services in the cloud with Office 365. But while this is a situation that can be very simple for end users to work within, establishing and configuring the systems necessary to provide that simple experience can be very complex and confusing.

In this session, attendees will be introduced to the numerous ways that existing on premises systems, including Active Directory, Exchange, SharePoint, and Lync, can be seamlessly integrated into Office 365 by organizations of all shapes and sizes. We will walk through the decision process companies will need to follow to determine how to configure their coexistence and integration strategies, as well as provide hands-on examples of common set ups.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
3,232
On Slideshare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Identity in Office 365 - SPS Redmond 2012"

  1. 1. Identity in Office 365
  2. 2. Blog: http://www.MyCentralAdmin.comTwitter: @ferringer
  3. 3. Outline Office 365 Overview Changing the Identity Perspective Authentication vs. Authorization Who Are You? What Do You Do Here? Who’s in Charge Here? 3 | SharePoint Saturday Redmond 2012
  4. 4.  Email and Calendaring Websites and Collaboration IM and Online Meetings Office Client and Web Apps Hosted by Microsoft – in the cloud! 4 | SharePoint Saturday Redmond 2012
  5. 5.  Office 365 Overview Changing the Identity Perspective Authentication vs. Authorization Who Are You? What Do You Do Here? Who’s in Charge Here? 5 | SharePoint Saturday Redmond 2012
  6. 6. Did Someone say Cloud? 6 | SharePoint Saturday Redmond 2012
  7. 7. What’s Your Perspective? 7 | SharePoint Saturday Redmond 2012
  8. 8. Identity’s impact on Office 365 End User Experience Complexity Scale Manageability Investment 8 | SharePoint Saturday Redmond 2012
  9. 9.  Office 365 Overview Changing the Identity Perspective Authentication vs. Authorization Who Are You? What Do You Do Here? Who’s in Charge Here? 9 | SharePoint Saturday Redmond 2012
  10. 10. Authentication vs. Authorization Who gets in? What can they do? 10 | SharePoint Saturday Redmond 2012
  11. 11. Who gets in? Where do your Office 365 user accounts live? What is needed to use them? What can they do? What are the limitations of the approach? 11 | SharePoint Saturday Redmond 2012
  12. 12.  Office 365 Overview Changing the Identity Perspective Authentication vs. Authorization Who Are You? What Do You Do Here? Who’s in Charge Here? 12 | SharePoint Saturday Redmond 2012
  13. 13. Identity Options1. Microsoft Online (MSO) IDs2. MSO IDs + Directory Synchronization3. Single Sign On + Directory Synchronization Microsoft Online Services Identity Services Exchange Your Environment Trust Authentication Online platform Active Directory Admin Portal/ Federation PowerShell IdP SharePoint Services 2.0 Online IdP MS Online Provisioning Directory Lync AD Directory Sync platform Store Online Office 365 Desktop Setup 13 | SharePoint Saturday Redmond 2012
  14. 14. What can they do? Appropriate forAppropriate for • Medium/Large orgs with Appropriate for • Smaller orgs without AD on-premise • Larger enterprise orgs AD on-premise with AD on-premise ProsPros • Users and groups Pros • No servers required on- mastered on-premise • SSO with corporate cred premise • Enables co-existence • IDs mastered on-premise scenarios • Password policyCons controlled on-premise • No SSO Cons • 2FA solutions possible • No 2FA • No SSO • Enables co-existence • 2 sets of credentials to • No 2FA scenarios manage with differing • 2 sets of credentials to password policies manage with differing Cons • IDs mastered in the password policies • High availability server cloud • Single server deployments required deployment 14 | SharePoint Saturday Redmond 2012
  15. 15. Sign On Experience *SSO vs. Online IDs Summary Outlook Web Application ActiveSync, Outlook 2007 or SharePoint Web Office 2010, or POP, IMAP, Lync Online 2010 Application Office 2007 SP2 Entourage Win7/Vista/XP Win7/Vista/XP Win 7/Vista/XPMS Online IDs Online ID Online ID Online ID Online ID Online IDSSO IDs(domain AD credentials AD credentials AD credentials AD credentials AD credentialsjoined)SSO IDs(non-domain AD credentials AD credentials AD credentials AD credentials AD credentialsjoined)*Requires ADFS 2.0 15 | SharePoint Saturday Redmond 2012
  16. 16. Active DirectoryFederation Services (AD FS) Microsoft Online Services Identity Services Exchange Your Environment Trust Authentication Online platform Active Directory Federation IdP SharePoint Services 2.0 OnlineIdP MS Online Directory Lync AD Directory Sync Store Online Office 365 Desktop Setup 16 | SharePoint Saturday Redmond 2012
  17. 17. How does AD FS work? Claims authentication Think of it like a passport  Passport Application  Visa Application  Submit for authorization  Allowed access 17 | SharePoint Saturday Redmond 2012
  18. 18. AD FS’s Authentication flow Your Environment Microsoft Online ServicesActive Directory AD FS 2.0 Server (SAML 1.1) Token Logon UPN:user@contoso.com Authentication platform Source User ID: ABC123 Auth Token UPN:user@contoso.com Unique ID: 254729 ` Exchange Online or Client SharePoint Online (joined to CorpNet) 18 | SharePoint Saturday Redmond 2012
  19. 19. AD FS 2.0 deployment options1. Single server configuration2. AD FS 2.0 server farm and load-balancer3. AD FS 2.0 proxy server or UAG/TMG (External Users, Active Sync, Outlook) Active Directory AD FS 2.0 AD FS 2.0 AD FS 2.0 Server Server Server Proxy AD FS 2.0 Server Proxy External Internal Enterprise user user DMZ 19 | SharePoint Saturday Redmond 2012
  20. 20. ADFS Considerations Can you afford an outage? How do you secure it? It’s complex Requires specific AD config Hat tip: @usher  UPN formatting Requires DirSync Other options available  Shibboleth (added August 2012) 20 | SharePoint Saturday Redmond 2012
  21. 21. Directory Synchronization One-way copy of accounts to Office 365 Required for SSO/AD FS  But can be used without AD FS Required for Hybrid scenarios Think of it as an appliance, always running 21 | SharePoint Saturday Redmond 2012
  22. 22. How DirSync Fits in Microsoft Online Services Identity Services Exchange Your Environment Trust Authentication Online platform Active Directory Federation IdP SharePoint Services 2.0 OnlineIdP MS Online Directory Lync AD Directory Sync Store Online Office 365 Desktop Setup 22 | SharePoint Saturday Redmond 2012
  23. 23. Getting to know DirSync It’s actually Forefront Identity Manager Copies AD accounts into Office 365  But not back down Doesn’t sync passwords Filtering now available Can have sizing issues  Upload sizing  Database sizing FIM: no touchy! (maybe) 23 | SharePoint Saturday Redmond 2012
  24. 24.  Office 365 Overview Changing the Identity Perspective Authentication vs. Authorization Who Are You? What Do You Do Here? Who’s in Charge Here? 24 | SharePoint Saturday Redmond 2012
  25. 25. Who does what around here? Role-based Administration (RBAC) External access 25 | SharePoint Saturday Redmond 2012
  26. 26. Office 365 user roles End Users Service administrators  Exchange Online  SharePoint Online  Lync Online Office 365 administrators External users 26 | SharePoint Saturday Redmond 2012
  27. 27. Office 365 admin roles Global administrator Billing administrator Password administrator Services administrator User management administrator Delegated administrator See the Office 365 Support Services Description document for more info: http://tinyurl.com/o365SvcDescrs 27 | SharePoint Saturday Redmond 2012
  28. 28. External access Allows external users access to SharePoint Online No USLs required Not full Extranet Users can have:  MSO ID  Live ID  EASI ID It’s a Feature Preview… 28 | SharePoint Saturday Redmond 2012
  29. 29.  Office 365 Overview Changing the Identity Perspective Authentication vs. Authorization Who Are You? What Do You Do Here? Who’s in Charge Here? 29 | SharePoint Saturday Redmond 2012
  30. 30. Managing Identity in Office 365 Admin activities do not go away AD FS is complex And important! PowerShell is your friend How’s your internet connection? Office 365 is constantly changing 30 | SharePoint Saturday Redmond 2012
  31. 31. Troubleshooting Identity Microsoft Online Diagnostics and Logging tool (MOSDAL) Microsoft Remote Connectivity Analyzer: HTTP://testexchangeconnectivity.com Fiddler WireShark/Netmon Office 365 Expert Discussion Series: http://tinyurl.com/o365ExptDisc 31 | SharePoint Saturday Redmond 2012
  32. 32. Tie IT All Together 32 | SharePoint Saturday Redmond 2012
  33. 33. Blog: http://www.MyCentralAdmin.comTwitter: @ferringer
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×