Your SlideShare is downloading. ×
Supporting architecture for office 365 spo
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Supporting architecture for office 365 spo

662

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
662
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Note: Passwords are NOT synced. If you want to use your on-premise passwords in Office 365/Azure, you will have to deploy ADFS.Future release of DirSync might support Password Synchronization** Functionality nor a release date have been confirmed by Microsoft. As far as I understood, this sync will not really sync the password, but it will rather use the password’s hash
  • http://social.technet.microsoft.com/wiki/contents/articles/3286.ad-fs-2-0-how-to-use-fiddler-web-debugger-to-analyze-a-ws-federation-passive-sign-in.aspx
  • Transcript

    • 1. 1. MS Online IDs 2. MS Online IDs + Dir Sync 3. Federated IDs + Dir SyncAppropriate for Appropriate for Appropriate for • Smaller organizations without • Orgs with AD on-premise • Larger enterprise organizations AD on-premise with AD on-premise ProsPros • Users and groups mastered on- Pros • No servers required on- premise • SSO with corporate cred premise • Enables co-existence scenarios • Users and groups mastered on- premise Cons • Password policy controlled on-Cons • No SSO premise • No SSO • No 2FA • 2FA solutions possible • No 2FA (strong authentication) • 2 sets of credentials to manage • Enables co-existence scenarios • 2 sets of credentials to with differing password policies manage with differing • Single server deployment Cons password policies • High availability server • Users and groups mastered in deployments required the cloud
    • 2. Microsoft Office 365 ServicesBronze Sky customer premises Trust Federation Exchange Gateway Online Active Directory Authentication Federation Server platform SharePoint 2.0 IdP OnlineIdP MS Online Directory Provisioning Sync Directory Lync AD platform Store Online Service connector Admin Portal
    • 3. Federated vs. Non-Federated Summary Office 2010, or Office ActiveSync, POP, Outlook Outlook Outlook 2007 or Outlook Web 2007 SP2 IMAP, Entourage 2010 2007 2010 Application SharePoint Online Win 7 Win 7 Vista/XP Win 7/Vista/XPMS Online IDs Online ID Online ID Online ID Online ID Online ID Online IDFederated IDs,domain joined AD credentials
    • 4. DirSyncActive Directory METAVERSE
    • 5. Identity Co-Existence
    • 6. Application Co-Existence
    • 7. Application Co-Existence
    • 8. lD85BkxzEE2NilRewNm0CQ==
    • 9. Authentication flow (passive profile) Customer Microsoft Office 365 Active Directory AD FS 2.0 Server Federation Gateway ` Client Exchange Online (joined to CorpNet)
    • 10. Authentication flow (active profile) Customer Microsoft Office 365 Active Directory AD FS 2.0 Server Federation Gateway ` Client Exchange Online (joined to CorpNet)
    • 11. AD FS 2.0 deployment options Active Directory AD FS 2.0 AD FS 2.0 AD FS 2.0 Server Server Server Proxy AD FS 2.0 Server Proxy Internal user Enterprise DMZ
    • 12. Active DirectoryAD FS 2.0 AD FS 2.0 AD FS 2.0 Server Server Server Proxy AD FS 2.0 Server ProxyInternal user Enterprise DMZ
    • 13. Active Active Directory DirectoryAD FS 2.0 AD FS 2.0 AD FS 2.0 AD FS 2.0 Server Server Server ServerInternal External user Enterprise user IAAS
    • 14. Active Active Directory DirectoryAD FS 2.0 AD FS 2.0 Server ServerInternal External user Enterprise user IAAS
    • 15. Active Directory AD FS 2.0 AD FS 2.0 AD FS 2.0 Server Server Server LB ENDPOINT IP SEC GATEWAY AD FS 2.0 DEVICE ServerCLOUD SERVICE Enterprise Windows Azure
    • 16. Active Directory AD FS 2.0 AD FS 2.0 Server ServerInternalExternal IAAS user
    • 17. W.A.A.D.Already used in:
    • 18. W.A.A.D.W.A.A.D.W.A.A.D.

    ×