8. 1. MS Online IDs 2. MS Online IDs + Dir Sync 3. Federated IDs + Dir Sync
Appropriate for Appropriate for Appropriate for
• Smaller organizations without • Orgs with AD on-premise • Larger enterprise organizations
AD on-premise with AD on-premise
Pros
Pros • Users and groups mastered on- Pros
• No servers required on- premise • SSO with corporate cred
premise • Enables co-existence scenarios • Users and groups mastered on-
premise
Cons • Password policy controlled on-
Cons • No SSO premise
• No SSO • No 2FA • 2FA solutions possible
• No 2FA (strong authentication) • 2 sets of credentials to manage • Enables co-existence scenarios
• 2 sets of credentials to with differing password policies
manage with differing • Single server deployment Cons
password policies • High availability server
• Users and groups mastered in deployments required
the cloud
9. Microsoft Office 365 Services
Bronze Sky customer premises
Trust Federation
Exchange
Gateway
Online
Active Directory Authentication
Federation Server platform SharePoint
2.0
IdP
Online
IdP MS Online Directory Provisioning
Sync
Directory Lync
AD platform
Store Online
Service
connector
Admin Portal
10. Federated vs. Non-Federated Summary
Office 2010, or Office
ActiveSync, POP,
Outlook Outlook Outlook 2007 or Outlook Web 2007 SP2
IMAP, Entourage
2010 2007 2010 Application SharePoint Online
Win 7 Win 7 Vista/XP Win 7/Vista/XP
MS Online IDs Online ID Online ID Online ID Online ID Online ID Online ID
Federated IDs,
domain joined AD credentials
23. Authentication flow (passive profile)
Customer Microsoft Office 365
Active Directory
AD FS 2.0 Server Federation Gateway
`
Client Exchange Online
(joined to CorpNet)
24. Authentication flow (active profile)
Customer Microsoft Office 365
Active Directory
AD FS 2.0 Server Federation Gateway
`
Client Exchange Online
(joined to CorpNet)
25. AD FS 2.0 deployment options
Active
Directory
AD FS 2.0 AD FS 2.0 AD FS 2.0
Server Server Server
Proxy
AD FS 2.0
Server
Proxy
Internal
user Enterprise DMZ
26. Active
Directory
AD FS 2.0 AD FS 2.0 AD FS 2.0
Server Server Server
Proxy
AD FS 2.0
Server
Proxy
Internal
user Enterprise DMZ
27. Active Active
Directory Directory
AD FS 2.0 AD FS 2.0 AD FS 2.0 AD FS 2.0
Server Server Server Server
Internal External
user Enterprise user IAAS
28. Active Active
Directory Directory
AD FS 2.0 AD FS 2.0
Server Server
Internal External
user Enterprise user IAAS
29. Active
Directory
AD FS 2.0 AD FS 2.0 AD FS 2.0
Server Server Server
LB ENDPOINT
IP SEC
GATEWAY
AD FS 2.0
DEVICE
Server
CLOUD SERVICE Enterprise
Windows Azure
30. Active
Directory
AD FS 2.0 AD FS 2.0
Server Server
Internal
External IAAS
user
Note: Passwords are NOT synced. If you want to use your on-premise passwords in Office 365/Azure, you will have to deploy ADFS.Future release of DirSync might support Password Synchronization** Functionality nor a release date have been confirmed by Microsoft. As far as I understood, this sync will not really sync the password, but it will rather use the password’s hash