SlideShare a Scribd company logo
Identity in Office 365
Blog: http://www.MyCentralAdmin.com
Twitter: @ferringer
Outline
   Office 365 Overview
   Changing the Identity Perspective
   Authentication vs. Authorization
   Who Are You?
   What Do You Do Here?
   Who’s in Charge Here?



                                        3   | SharePoint Saturday Redmond 2012
   Email and Calendaring
   Websites and Collaboration
   IM and Online Meetings
   Office Client and Web Apps
   Hosted by Microsoft – in the cloud!



                                          4   | SharePoint Saturday Redmond 2012
   Office 365 Overview
   Changing the Identity Perspective
   Authentication vs. Authorization
   Who Are You?
   What Do You Do Here?
   Who’s in Charge Here?



                                        5   | SharePoint Saturday Redmond 2012
Did Someone say Cloud?




                     6   | SharePoint Saturday Redmond 2012
What’s Your Perspective?




                           7   | SharePoint Saturday Redmond 2012
Identity’s impact on Office 365
   End User Experience
   Complexity
   Scale
   Manageability
   Investment




                          8   | SharePoint Saturday Redmond 2012
   Office 365 Overview
   Changing the Identity Perspective
   Authentication vs. Authorization
   Who Are You?
   What Do You Do Here?
   Who’s in Charge Here?



                                        9   | SharePoint Saturday Redmond 2012
Authentication vs. Authorization
 Who gets in?




 What can they do?



                         10   | SharePoint Saturday Redmond 2012
Who gets in?
 Where do your Office 365
   user accounts live?
 What is needed to use them?
 What can they do?
 What are the limitations
   of the approach?



                                11   | SharePoint Saturday Redmond 2012
   Office 365 Overview
   Changing the Identity Perspective
   Authentication vs. Authorization
   Who Are You?
   What Do You Do Here?
   Who’s in Charge Here?



                                        12   | SharePoint Saturday Redmond 2012
Identity Options
1.     Microsoft Online (MSO) IDs
2.     MSO IDs + Directory Synchronization
3.     Single Sign On + Directory Synchronization             Microsoft Online Services

                                                            Identity Services


                                                                                                      Exchange
        Your Environment             Trust                   Authentication
                                                                                                       Online
                                                               platform
                  Active Directory        Admin Portal/
                    Federation             PowerShell                           IdP                  SharePoint
                    Services 2.0                                                                       Online


 IdP                 MS Online               Provisioning
                                                                Directory                                 Lync
       AD          Directory Sync              platform           Store                                  Online

              Office 365
             Desktop Setup




                                                                                      13   | SharePoint Saturday Redmond 2012
What can they do?
                              Appropriate for
Appropriate for                • Medium/Large orgs with     Appropriate for
 • Smaller orgs without          AD on-premise               • Larger enterprise orgs
   AD on-premise                                               with AD on-premise
                              Pros
Pros                           • Users and groups           Pros
 • No servers required on-         mastered on-premise       • SSO with corporate cred
     premise                   • Enables co-existence        • IDs mastered on-premise
                                   scenarios                 • Password policy
Cons                                                             controlled on-premise
 • No SSO                     Cons                           • 2FA solutions possible
 • No 2FA                      • No SSO                      • Enables co-existence
 • 2 sets of credentials to    • No 2FA                          scenarios
   manage with differing       • 2 sets of credentials to
   password policies             manage with differing      Cons
 • IDs mastered in the           password policies           • High availability server
   cloud                       • Single server                 deployments required
                                 deployment

                                                                    14   | SharePoint Saturday Redmond 2012
Sign On Experience *
SSO vs. Online IDs Summary
                                                    Outlook Web
                                                     Application                             ActiveSync,
                                 Outlook 2007 or   SharePoint Web    Office 2010, or         POP, IMAP,
                 Lync Online          2010           Application     Office 2007 SP2         Entourage
                Win7/Vista/XP    Win7/Vista/XP                       Win 7/Vista/XP



MS Online IDs     Online ID         Online ID         Online ID         Online ID               Online ID




SSO IDs
(domain
                AD credentials    AD credentials    AD credentials    AD credentials        AD credentials
joined)


SSO IDs
(non-domain
                AD credentials    AD credentials    AD credentials    AD credentials        AD credentials
joined)


*Requires ADFS 2.0                                                                     15   | SharePoint Saturday Redmond 2012
Active Directory
Federation Services (AD FS)
                                              Microsoft Online Services

                                            Identity Services


                                                                                      Exchange
       Your Environment             Trust    Authentication
                                                                                       Online
                                               platform
                 Active Directory
                   Federation                                   IdP                  SharePoint
                   Services 2.0                                                        Online


IdP                 MS Online
                                                Directory                                 Lync
      AD          Directory Sync                  Store                                  Online

             Office 365
            Desktop Setup




                                                                      16   | SharePoint Saturday Redmond 2012
How does AD FS work?
 Claims authentication
 Think of it like a passport
    Passport Application
    Visa Application
    Submit for authorization
    Allowed access



                                17   | SharePoint Saturday Redmond 2012
AD FS’s Authentication flow
       Your Environment                                  Microsoft Online Services




Active Directory




             AD FS 2.0 Server (SAML 1.1) Token
                            Logon
                            UPN:user@contoso.com
                                                           Authentication platform
                                Source User ID: ABC123



                                                                    Auth Token
                                                                    UPN:user@contoso.com
                                                                    Unique ID: 254729




             `

                                                          Exchange Online or
        Client
                                                           SharePoint Online
 (joined to CorpNet)
                                                                              18   | SharePoint Saturday Redmond 2012
AD FS 2.0 deployment options
1. Single server configuration
2. AD FS 2.0 server farm and load-balancer
3. AD FS 2.0 proxy server or UAG/TMG
  (External Users, Active Sync, Outlook)
                 Active
                Directory


         AD FS 2.0      AD FS 2.0          AD FS 2.0
          Server         Server             Server
                                            Proxy

                                           AD FS 2.0
                                            Server
                                            Proxy                    External
         Internal        Enterprise                                    user
           user                                 DMZ
                                                       19   | SharePoint Saturday Redmond 2012
ADFS Considerations
 Can you afford an outage?
 How do you secure it?
 It’s complex
 Requires specific AD config              Hat tip: @usher

    UPN formatting
 Requires DirSync
 Other options available
    Shibboleth (added August 2012)
                                      20   | SharePoint Saturday Redmond 2012
Directory Synchronization
 One-way copy of accounts
      to Office 365
 Required for SSO/AD FS
    But can be used without AD FS
 Required for Hybrid scenarios
 Think of it as an appliance,
     always running


                                     21   | SharePoint Saturday Redmond 2012
How DirSync Fits in
                                              Microsoft Online Services

                                            Identity Services


                                                                                      Exchange
       Your Environment             Trust    Authentication
                                                                                       Online
                                               platform
                 Active Directory
                   Federation                                   IdP                  SharePoint
                   Services 2.0                                                        Online


IdP                 MS Online
                                                Directory                                 Lync
      AD          Directory Sync                  Store                                  Online

             Office 365
            Desktop Setup




                                                                      22   | SharePoint Saturday Redmond 2012
Getting to know DirSync
 It’s actually Forefront Identity Manager
 Copies AD accounts into Office 365
    But not back down
 Doesn’t sync passwords
 Filtering now available
 Can have sizing issues
    Upload sizing
    Database sizing
 FIM: no touchy! (maybe)                    23   | SharePoint Saturday Redmond 2012
   Office 365 Overview
   Changing the Identity Perspective
   Authentication vs. Authorization
   Who Are You?
   What Do You Do Here?
   Who’s in Charge Here?



                                        24   | SharePoint Saturday Redmond 2012
Who does what around here?
 Role-based Administration (RBAC)
 External access




                                     25   | SharePoint Saturday Redmond 2012
Office 365 user roles
 End Users
 Service administrators
    Exchange Online
    SharePoint Online
    Lync Online
 Office 365 administrators
 External users

                              26   | SharePoint Saturday Redmond 2012
Office 365 admin roles
   Global administrator
   Billing administrator
   Password administrator
   Services administrator
   User management administrator
   Delegated administrator

 See the Office 365 Support Services Description document for more info:
  http://tinyurl.com/o365SvcDescrs
                                                          27   | SharePoint Saturday Redmond 2012
External access
 Allows external users access to SharePoint Online
 No USLs required
 Not full Extranet
 Users can have:
    MSO ID
    Live ID
    EASI ID
 It’s a Feature Preview…
                                           28   | SharePoint Saturday Redmond 2012
   Office 365 Overview
   Changing the Identity Perspective
   Authentication vs. Authorization
   Who Are You?
   What Do You Do Here?
   Who’s in Charge Here?



                                        29   | SharePoint Saturday Redmond 2012
Managing Identity in Office 365
   Admin activities do not go away
   AD FS is complex
   And important!
   PowerShell is your friend
   How’s your internet connection?
   Office 365 is constantly changing



                                        30   | SharePoint Saturday Redmond 2012
Troubleshooting Identity
 Microsoft Online Diagnostics and Logging tool
  (MOSDAL)
 Microsoft Remote Connectivity Analyzer:
  HTTP://testexchangeconnectivity.com
 Fiddler
 WireShark/Netmon
 Office 365 Expert Discussion Series:
  http://tinyurl.com/o365ExptDisc

                                          31   | SharePoint Saturday Redmond 2012
Tie IT All Together




                      32   | SharePoint Saturday Redmond 2012
Blog: http://www.MyCentralAdmin.com
Twitter: @ferringer

More Related Content

More from John Ferringer

Moving to M365: You Got There, Now What Do You Do?
Moving to M365: You Got There, Now What Do You Do?Moving to M365: You Got There, Now What Do You Do?
Moving to M365: You Got There, Now What Do You Do?
John Ferringer
 
Deciding What to Do - SharePoint 2019 - NACS 2019
Deciding What to Do - SharePoint 2019 - NACS 2019Deciding What to Do - SharePoint 2019 - NACS 2019
Deciding What to Do - SharePoint 2019 - NACS 2019
John Ferringer
 
After the Dust settles - SharePoint Operations Guidance DaySPUG
After the Dust settles - SharePoint Operations Guidance DaySPUGAfter the Dust settles - SharePoint Operations Guidance DaySPUG
After the Dust settles - SharePoint Operations Guidance DaySPUG
John Ferringer
 
Identity in office 365 sps michigan 2013
Identity in office 365   sps michigan 2013Identity in office 365   sps michigan 2013
Identity in office 365 sps michigan 2013
John Ferringer
 
SharePoint Conference 2012 - After the Dust Settles
SharePoint Conference 2012 - After the Dust SettlesSharePoint Conference 2012 - After the Dust Settles
SharePoint Conference 2012 - After the Dust Settles
John Ferringer
 
Backup is not Backup, Restore is Backup SPSCincy 2012
Backup is not Backup, Restore is Backup   SPSCincy 2012Backup is not Backup, Restore is Backup   SPSCincy 2012
Backup is not Backup, Restore is Backup SPSCincy 2012
John Ferringer
 
Everybody lies: Troubleshooting SharePoint with House M.D. - SPSTC fall 2012
Everybody lies: Troubleshooting SharePoint with House M.D. - SPSTC fall 2012Everybody lies: Troubleshooting SharePoint with House M.D. - SPSTC fall 2012
Everybody lies: Troubleshooting SharePoint with House M.D. - SPSTC fall 2012
John Ferringer
 
Getting to know Office 365: Detroit Day of Azure 2012
Getting to know Office 365: Detroit Day of Azure 2012Getting to know Office 365: Detroit Day of Azure 2012
Getting to know Office 365: Detroit Day of Azure 2012
John Ferringer
 
Intro to SharePoint 2010 development for .NET developers
Intro to SharePoint 2010 development for .NET developersIntro to SharePoint 2010 development for .NET developers
Intro to SharePoint 2010 development for .NET developers
John Ferringer
 
Same but Different: Developing for SharePoint Online
Same but Different: Developing for SharePoint OnlineSame but Different: Developing for SharePoint Online
Same but Different: Developing for SharePoint Online
John Ferringer
 
Establishing Dominance - SPS Columbus 2011
Establishing Dominance - SPS Columbus 2011Establishing Dominance - SPS Columbus 2011
Establishing Dominance - SPS Columbus 2011
John Ferringer
 
SharePoint on Imaginary Hardware - IndyTechFest 2010
SharePoint on Imaginary Hardware - IndyTechFest 2010SharePoint on Imaginary Hardware - IndyTechFest 2010
SharePoint on Imaginary Hardware - IndyTechFest 2010
John Ferringer
 

More from John Ferringer (12)

Moving to M365: You Got There, Now What Do You Do?
Moving to M365: You Got There, Now What Do You Do?Moving to M365: You Got There, Now What Do You Do?
Moving to M365: You Got There, Now What Do You Do?
 
Deciding What to Do - SharePoint 2019 - NACS 2019
Deciding What to Do - SharePoint 2019 - NACS 2019Deciding What to Do - SharePoint 2019 - NACS 2019
Deciding What to Do - SharePoint 2019 - NACS 2019
 
After the Dust settles - SharePoint Operations Guidance DaySPUG
After the Dust settles - SharePoint Operations Guidance DaySPUGAfter the Dust settles - SharePoint Operations Guidance DaySPUG
After the Dust settles - SharePoint Operations Guidance DaySPUG
 
Identity in office 365 sps michigan 2013
Identity in office 365   sps michigan 2013Identity in office 365   sps michigan 2013
Identity in office 365 sps michigan 2013
 
SharePoint Conference 2012 - After the Dust Settles
SharePoint Conference 2012 - After the Dust SettlesSharePoint Conference 2012 - After the Dust Settles
SharePoint Conference 2012 - After the Dust Settles
 
Backup is not Backup, Restore is Backup SPSCincy 2012
Backup is not Backup, Restore is Backup   SPSCincy 2012Backup is not Backup, Restore is Backup   SPSCincy 2012
Backup is not Backup, Restore is Backup SPSCincy 2012
 
Everybody lies: Troubleshooting SharePoint with House M.D. - SPSTC fall 2012
Everybody lies: Troubleshooting SharePoint with House M.D. - SPSTC fall 2012Everybody lies: Troubleshooting SharePoint with House M.D. - SPSTC fall 2012
Everybody lies: Troubleshooting SharePoint with House M.D. - SPSTC fall 2012
 
Getting to know Office 365: Detroit Day of Azure 2012
Getting to know Office 365: Detroit Day of Azure 2012Getting to know Office 365: Detroit Day of Azure 2012
Getting to know Office 365: Detroit Day of Azure 2012
 
Intro to SharePoint 2010 development for .NET developers
Intro to SharePoint 2010 development for .NET developersIntro to SharePoint 2010 development for .NET developers
Intro to SharePoint 2010 development for .NET developers
 
Same but Different: Developing for SharePoint Online
Same but Different: Developing for SharePoint OnlineSame but Different: Developing for SharePoint Online
Same but Different: Developing for SharePoint Online
 
Establishing Dominance - SPS Columbus 2011
Establishing Dominance - SPS Columbus 2011Establishing Dominance - SPS Columbus 2011
Establishing Dominance - SPS Columbus 2011
 
SharePoint on Imaginary Hardware - IndyTechFest 2010
SharePoint on Imaginary Hardware - IndyTechFest 2010SharePoint on Imaginary Hardware - IndyTechFest 2010
SharePoint on Imaginary Hardware - IndyTechFest 2010
 

Recently uploaded

Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Zilliz
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 

Recently uploaded (20)

Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 

Identity in Office 365 - SPS Redmond 2012

  • 3. Outline  Office 365 Overview  Changing the Identity Perspective  Authentication vs. Authorization  Who Are You?  What Do You Do Here?  Who’s in Charge Here? 3 | SharePoint Saturday Redmond 2012
  • 4. Email and Calendaring  Websites and Collaboration  IM and Online Meetings  Office Client and Web Apps  Hosted by Microsoft – in the cloud! 4 | SharePoint Saturday Redmond 2012
  • 5. Office 365 Overview  Changing the Identity Perspective  Authentication vs. Authorization  Who Are You?  What Do You Do Here?  Who’s in Charge Here? 5 | SharePoint Saturday Redmond 2012
  • 6. Did Someone say Cloud? 6 | SharePoint Saturday Redmond 2012
  • 7. What’s Your Perspective? 7 | SharePoint Saturday Redmond 2012
  • 8. Identity’s impact on Office 365  End User Experience  Complexity  Scale  Manageability  Investment 8 | SharePoint Saturday Redmond 2012
  • 9. Office 365 Overview  Changing the Identity Perspective  Authentication vs. Authorization  Who Are You?  What Do You Do Here?  Who’s in Charge Here? 9 | SharePoint Saturday Redmond 2012
  • 10. Authentication vs. Authorization  Who gets in?  What can they do? 10 | SharePoint Saturday Redmond 2012
  • 11. Who gets in?  Where do your Office 365 user accounts live?  What is needed to use them?  What can they do?  What are the limitations of the approach? 11 | SharePoint Saturday Redmond 2012
  • 12. Office 365 Overview  Changing the Identity Perspective  Authentication vs. Authorization  Who Are You?  What Do You Do Here?  Who’s in Charge Here? 12 | SharePoint Saturday Redmond 2012
  • 13. Identity Options 1. Microsoft Online (MSO) IDs 2. MSO IDs + Directory Synchronization 3. Single Sign On + Directory Synchronization Microsoft Online Services Identity Services Exchange Your Environment Trust Authentication Online platform Active Directory Admin Portal/ Federation PowerShell IdP SharePoint Services 2.0 Online IdP MS Online Provisioning Directory Lync AD Directory Sync platform Store Online Office 365 Desktop Setup 13 | SharePoint Saturday Redmond 2012
  • 14. What can they do? Appropriate for Appropriate for • Medium/Large orgs with Appropriate for • Smaller orgs without AD on-premise • Larger enterprise orgs AD on-premise with AD on-premise Pros Pros • Users and groups Pros • No servers required on- mastered on-premise • SSO with corporate cred premise • Enables co-existence • IDs mastered on-premise scenarios • Password policy Cons controlled on-premise • No SSO Cons • 2FA solutions possible • No 2FA • No SSO • Enables co-existence • 2 sets of credentials to • No 2FA scenarios manage with differing • 2 sets of credentials to password policies manage with differing Cons • IDs mastered in the password policies • High availability server cloud • Single server deployments required deployment 14 | SharePoint Saturday Redmond 2012
  • 15. Sign On Experience * SSO vs. Online IDs Summary Outlook Web Application ActiveSync, Outlook 2007 or SharePoint Web Office 2010, or POP, IMAP, Lync Online 2010 Application Office 2007 SP2 Entourage Win7/Vista/XP Win7/Vista/XP Win 7/Vista/XP MS Online IDs Online ID Online ID Online ID Online ID Online ID SSO IDs (domain AD credentials AD credentials AD credentials AD credentials AD credentials joined) SSO IDs (non-domain AD credentials AD credentials AD credentials AD credentials AD credentials joined) *Requires ADFS 2.0 15 | SharePoint Saturday Redmond 2012
  • 16. Active Directory Federation Services (AD FS) Microsoft Online Services Identity Services Exchange Your Environment Trust Authentication Online platform Active Directory Federation IdP SharePoint Services 2.0 Online IdP MS Online Directory Lync AD Directory Sync Store Online Office 365 Desktop Setup 16 | SharePoint Saturday Redmond 2012
  • 17. How does AD FS work?  Claims authentication  Think of it like a passport  Passport Application  Visa Application  Submit for authorization  Allowed access 17 | SharePoint Saturday Redmond 2012
  • 18. AD FS’s Authentication flow Your Environment Microsoft Online Services Active Directory AD FS 2.0 Server (SAML 1.1) Token Logon UPN:user@contoso.com Authentication platform Source User ID: ABC123 Auth Token UPN:user@contoso.com Unique ID: 254729 ` Exchange Online or Client SharePoint Online (joined to CorpNet) 18 | SharePoint Saturday Redmond 2012
  • 19. AD FS 2.0 deployment options 1. Single server configuration 2. AD FS 2.0 server farm and load-balancer 3. AD FS 2.0 proxy server or UAG/TMG (External Users, Active Sync, Outlook) Active Directory AD FS 2.0 AD FS 2.0 AD FS 2.0 Server Server Server Proxy AD FS 2.0 Server Proxy External Internal Enterprise user user DMZ 19 | SharePoint Saturday Redmond 2012
  • 20. ADFS Considerations  Can you afford an outage?  How do you secure it?  It’s complex  Requires specific AD config Hat tip: @usher  UPN formatting  Requires DirSync  Other options available  Shibboleth (added August 2012) 20 | SharePoint Saturday Redmond 2012
  • 21. Directory Synchronization  One-way copy of accounts to Office 365  Required for SSO/AD FS  But can be used without AD FS  Required for Hybrid scenarios  Think of it as an appliance, always running 21 | SharePoint Saturday Redmond 2012
  • 22. How DirSync Fits in Microsoft Online Services Identity Services Exchange Your Environment Trust Authentication Online platform Active Directory Federation IdP SharePoint Services 2.0 Online IdP MS Online Directory Lync AD Directory Sync Store Online Office 365 Desktop Setup 22 | SharePoint Saturday Redmond 2012
  • 23. Getting to know DirSync  It’s actually Forefront Identity Manager  Copies AD accounts into Office 365  But not back down  Doesn’t sync passwords  Filtering now available  Can have sizing issues  Upload sizing  Database sizing  FIM: no touchy! (maybe) 23 | SharePoint Saturday Redmond 2012
  • 24. Office 365 Overview  Changing the Identity Perspective  Authentication vs. Authorization  Who Are You?  What Do You Do Here?  Who’s in Charge Here? 24 | SharePoint Saturday Redmond 2012
  • 25. Who does what around here?  Role-based Administration (RBAC)  External access 25 | SharePoint Saturday Redmond 2012
  • 26. Office 365 user roles  End Users  Service administrators  Exchange Online  SharePoint Online  Lync Online  Office 365 administrators  External users 26 | SharePoint Saturday Redmond 2012
  • 27. Office 365 admin roles  Global administrator  Billing administrator  Password administrator  Services administrator  User management administrator  Delegated administrator  See the Office 365 Support Services Description document for more info: http://tinyurl.com/o365SvcDescrs 27 | SharePoint Saturday Redmond 2012
  • 28. External access  Allows external users access to SharePoint Online  No USLs required  Not full Extranet  Users can have:  MSO ID  Live ID  EASI ID  It’s a Feature Preview… 28 | SharePoint Saturday Redmond 2012
  • 29. Office 365 Overview  Changing the Identity Perspective  Authentication vs. Authorization  Who Are You?  What Do You Do Here?  Who’s in Charge Here? 29 | SharePoint Saturday Redmond 2012
  • 30. Managing Identity in Office 365  Admin activities do not go away  AD FS is complex  And important!  PowerShell is your friend  How’s your internet connection?  Office 365 is constantly changing 30 | SharePoint Saturday Redmond 2012
  • 31. Troubleshooting Identity  Microsoft Online Diagnostics and Logging tool (MOSDAL)  Microsoft Remote Connectivity Analyzer: HTTP://testexchangeconnectivity.com  Fiddler  WireShark/Netmon  Office 365 Expert Discussion Series: http://tinyurl.com/o365ExptDisc 31 | SharePoint Saturday Redmond 2012
  • 32. Tie IT All Together 32 | SharePoint Saturday Redmond 2012
  • 33.