Slide 1

Slide 2

Scenario covered in this presentation

Slide 3

Slide 4

Slide 5

Separate credential from on- premises credential Authentication occurs via cloud directory service Does not require on-premises server deployment Same credential as on-premises credential Authentication occurs via on- premises directory service Requires on-premises DirSync server Requires on-premises AD FS server(s)

Slide 6

Cloud IdentityCloud Identity + DirSyncFederated Identity Scenario Smaller organizations with or without on-premises Active Directory Medium to Large organizations with Active Directory on-premises Large enterprise organizations with Active Directory on-premises Benefits Does not require on-premises server deployment Source of Authority is on-premises Enables coexistence Single Sign-On experience Source of Authority is on-premises 2 Factor Authentication options Limitations No Single Sign-On No 2 Factor Authentication options (*) Two sets of credentials to manage Different password policies No Single Sign-On No 2 Factor Authentication options Requires on-premises DirSync server deployment (**) Requires on-premises AD FS server deployment in high availability scenario Requires on-premises DirSync server deployment

Slide 7

Cloud Identity Federated Identity (domain joined computer) Federated Identity (non-domain joined computer) Outlook (PC and Mac)Sign in each sessionNo PromptSign in each session Exchange ActiveSyncSign in each session POP, IMAPSign in each session Web Experiences: Office 365 Portal / Outlook Web App / SharePoint Online / Office Web Apps Sign in each browser sessionNo PromptSign in each browser session Office using SharePoint OnlineSign in each SharePoint Online sessionSign in each SharePoint Online Session Lync ClientSign in each sessionNo promptSign in each session

Slide 8

Slide 9

Office 365 Admin Center Active Directory tools Exchange management tools Identity management solutions Windows Azure AD PowerShell Remote PowerShell

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Run from the Admin Center Important if running previous versions of Office, but tool also does OS updates for successful SSO

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

On-Premises Identity Services Provisioning Service Active Directory Federation Server 2.0/2.1 Trust Directory Store Admin Portal/ PowerShell Authentication platform MSOL PowerShell Module Office 365 Add Domain Required TXT/MX Record Add Trust -Claim Rules -User Source ID = AD ObjectGUID Verify-Domain -Active/Mex/Passive -Token certs Current/Next -Brand URI etc Update

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

On-Premises Office 365 Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Auth Token UPN:user@contoso.com Unique ID: 254729

Slide 34

On-Premises Office 365 Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Auth Token UPN:user@contoso.com Unique ID: 254729 Basic Auth Credentilas Username/Password

Slide 35

On-Premises Office 365 Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Auth Token UPN:user@contoso.com Unique ID: 254729

Slide 36

Slide 37

Slide 38

Slide 39

Slide 40

Slide 41

Slide 42

Slide 43

Perimeter Network AD FS Proxy ActiveDirectory Proxy Load balancer Internal Network Basic Authentication (Active Profile) Passive Federation (Passive Profile)

Slide 44

Number of usersMinimum number of servers Fewer than 1,000 users Implement fault-tolerance but no need for dedicated federation servers 1,000 to 15,000 users 2 dedicated federation servers 2 dedicated federation server proxies 15,000 to 60,000 users Between 3 and 5 dedicated federation servers At least 2 dedicated federation server proxies

Slide 45

Slide 46

Slide 47