osp126: an introduction to windows azure...
TRANSCRIPT
• OSP126: An Introduction to Windows Azure Active Directory and Office 365
• AZR314: Integration with Windows Azure AD and Office 365 – Provisioning and Synchronization
• AZR320: Integration with Windows Azure AD and Office 365 – Identity and Access Management
• OSP269: A tour through integration scenarios with Windows Azure AD and Office 365
Directory Management
Managing directory data (on-
prem and cloud).
Access Management
Controlling the AuthN/Z of
users and other identities
We’re spending time here
Login:
Managed Identities Only
Login:
Managed Identities Only
Login:
Managed and Federated IDs
Services:
No Hybrid Services
Services:
No Hybrid Services
Services:
Hybrid Services Capable
Volume:
Low volume
Volume:
Low to Medium Volume
Volume:
High Volume
Complexity/Cost:
Low complexity
Complexity/Cost:
Can be high complexity
Complexity:
Varies*
Directory
Provisioning Platform
PowershellGRAPH APIAWS
AD
Au
then
ticati
on
Pla
tfo
rm
Contoso Customer Premises
Exchange Online
SharePoint Online
Service X
…
Directory
Provisioning Platform
PowershellGRAPH APIAWS
AD
Au
then
ticati
on
Pla
tfo
rm
Contoso Customer Premises
Exchange Online
SharePoint Online
Service X
…
Directory
Provisioning Platform
PowershellGRAPH APIAWS
AD
Au
then
ticati
on
Pla
tfo
rm
Contoso Customer Premises
Directory
Management App
Exchange Online
SharePoint Online
Service X
…
MyApp.com
Directory
Provisioning Platform
PowershellGRAPH APIAWS
AD
Au
then
ticati
on
Pla
tfo
rm
Contoso Customer Premises
Directory
Sync
Exchange Online
SharePoint Online
Service X
…
ADFS
Login:
Managed Identities Only
Login:
Managed and Federated IDs
Services:
No Hybrid Services
Services:
Hybrid Services Capable
Volume:
Low to Medium Volume
Volume:
High Volume
Login:
Managed Identities Only
Services:
No Hybrid Services
Volume:
Low volume
Complexity/Cost:
Low complexity
Complexity/Cost:
Can be high complexity
Complexity:
Varies*
We’re spending the most time here
FIM + Azure AD
Connector
When to use
• Multiple AD Forests
containing directory data
to synchronize to AAD
• Directory data “overlaps”
(an object is represented
in more than one forest)
• Non-AD directory
sources*
DirSync Appliance (in
MF mode)
When to use
• More than 1 AD Forest
with data to sync to Azure
AD
• Each forest contains non-
overlapping data (no
object in one forest is
represented in another
forest)
DirSync Appliance
When to use
• Single Active Directory
Forest to sync to Azure AD
Directory
Provisioning Platform
PowershellGRAPH APIAWS
AD
Au
then
ticati
on
Pla
tfo
rm
Contoso Customer Premises
Directory
Sync
Exchange Online
SharePoint Online
Service X
…
Attribute Feature
SafeSendersHash, BlockedSendersHash,
SafeRecipientHash
Filtering Coexistence
enables on-premise filtering using cloud safe/blocked sender info
msExchArchiveStatus Cloud Archive
Allows users to archive mail to the Office 365 service
ProxyAddresses (cloudLegDN) Mailbox off-boarding
Enables off-boarding of mailboxes back to on-premise
msExchUCVoiceMailSettings Voicemail Co-Existence
Enables on-premise mailbox users to have Lync in the cloud
PublicDelegates Cross-Premises Public Delegation
Allows users to specify delegates fro their mailbox
msExchUserHoldPolicies Cross-Premises Litigation Hold
Allows cloud services to determine which users are under Litigation Hold.
Attribute Most common issues
userPrincipalName • cannot have dot ‘.’ immediately preceding ‘@’
• cannot exceed 113 chars (64 for username, 48 for domain)
• cannot contain ! # $ % & \ * + / = ? ^ ` { | } ~ < > ( )
• cannot have duplicate UPNs
samAccountName • cannot contain “ \ / [ ] : | < > + = ; ? ,
• cannot end with dot ‘.’
• cannot be more than 20 chars
• cannot be empty
proxyAddresses • cannot contain smtp addresses with domains that are not registered
for the tenant
• cannot have duplicate ProxyAddresses
