How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
The document compares three options for providing identity and access management for Microsoft Online services: 1) MS Online IDs only, 2) MS Online IDs with on-premise directory synchronization, and 3) Federated IDs with on-premise directory synchronization. It provides pros and cons of each option, with the third option being most appropriate for larger enterprises as it allows for single sign-on using on-premise credentials, centralized user management, and password policies controlled on-premise while also enabling co-existence with cloud-based identities. The document also includes diagrams illustrating authentication flows and potential federated identity deployment architectures between an on-premise Active Directory and Microsoft Online services.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
Similar to How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365 (20)
More from Microsoft TechNet - Belgium and Luxembourg
More from Microsoft TechNet - Belgium and Luxembourg (20)
Recently uploaded
Recently uploaded (20)
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
- 5. 1. MS Online IDs 2. MS Online IDs + Dir Sync 3. Federated IDs + Dir Sync Appropriate for Appropriate for Appropriate for • Smaller organizations without • Orgs with AD on-premise • Larger enterprise organizations AD on-premise with AD on-premise Pros Pros • Users and groups mastered on- Pros • No servers required on- premise • SSO with corporate cred premise • Enables co-existence scenarios • Users and groups mastered on- premise Cons • Password policy controlled on- Cons • No SSO premise • No SSO • No 2FA • 2FA solutions possible • No 2FA (strong authentication) • 2 sets of credentials to manage • Enables co-existence scenarios • 2 sets of credentials to with differing password policies manage with differing • Single server deployment Cons password policies • High availability server • Users and groups mastered in deployments required the cloud
- 6. Microsoft Office 365 Services Bronze Sky customer premises Trust Federation Exchange Gateway Online Active Directory Authentication Federation Server platform SharePoint 2.0 IdP Online IdP MS Online Directory Provisioning Sync Directory Lync AD platform Store Online Service connector Admin Portal
- 7. Federated vs. Non-Federated Summary Office 2010, or Office ActiveSync, POP, Outlook Outlook Outlook 2007 or Outlook Web 2007 SP2 IMAP, Entourage 2010 2007 2010 Application SharePoint Online Win 7 Win 7 Vista/XP Win 7/Vista/XP MS Online IDs Online ID Online ID Online ID Online ID Online ID Online ID Federated IDs, domain joined AD credentials
- 9. Authentication flow (passive profile) Customer Microsoft Office 365 Active Directory AD FS 2.0 Server Federation Gateway ` Client Exchange Online (joined to CorpNet)
- 10. Authentication flow (active profile) Customer Microsoft Office 365 Active Directory AD FS 2.0 Server Federation Gateway ` Client Exchange Online (joined to CorpNet)
- 11. AD FS 2.0 deployment options Active Directory AD FS 2.0 AD FS 2.0 AD FS 2.0 Server Server Server Proxy AD FS 2.0 Server Proxy Internal user Enterprise DMZ
- 18. Architecture
- 26. VPN Active Directory AD FS 2.0 AD FS 2.0 Active Server Server Directory IaaS Enterprise
- 32. AD FS 2.0 Server IP SEC DirSync GATEWAY LB ENDPOINT DEVICE AD FS 2.0 Server CLOUD SERVICE Windows Azure Enterprise
Editor's Notes
- - how many 2K8 R2?How many want 64-bit? STUCK on 32-bit?
- Complexity/time – SG memberships heavier, recursive membership