Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

Slides:



Advertisements
Similar presentations
Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Advertisements

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Configuring SharePoint 2013 and Office 365 Hybrid – Part 1
Implementing and Administering AD FS
Identity management integration options for Office 365
Peter Ginnegar Technical Solution Professional Microsoft Corporation
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Active Directory Integration with Microsoft Office 365
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
User Microsoft Account Ex: User Organizational Account Ex: Microsoft Account Windows Azure Active Directory.
TechEd /20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Introduction Please answer the survey questions posted at the end of this meeting. Let us know what sessions you want! Josh Topal at
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
5 | Microsoft Confidential 6 | Microsoft Confidential.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Single Sign-On with Microsoft Azure
…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Office 365 deployment choices Cutover, Staged, Hybrid What is AD FS (Active Directory Federation Services) Attribute Stores, ADFS Configuration Database.
Office 365: Identity and Access Solutions Suresh Menon Technology Specialist – Office 365 Microsoft Corporation India.
Office 365 Directory Synchronization Update: Deploying Password Sync.
Bronze Sky customer premises AD MS Online Directory Sync Provisioning platform Provisioning platform Lync Online Lync Online SharePoint Online SharePoint.
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
Access resources in a federation partner organization.
Configuration Manager and InTune Gemeinsam oder einsam?
Module 11: Designing an Active Directory Federation Services Implementation in Windows Server 2008.
With ADFS and Azure Active Directory
Linus Joyeux Valerie Alonso Managing consultantLead consultant blue-infinity (Switzerland) Active Directory Federation Services v2.
Identities and Azure AD Premium
Microsoft Office 365: Identity and Access Solutions
Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.
BE-com.eu Brussel, 26 april 2016 EXCHANGE 2010 HYBRID (IN THE EXCHANGE 2016 WORLD)
Managing Office 365 Identities and Requirements Question Answer
 Step 2 Deployment Overview  What is DirSync?  Purpose – What does it do?  Understanding Synchronization  Understanding Coexistence  Understanding.
 What is DirSync?  Purpose – What does it do?  Understanding Synchronization  Understanding Coexistence  Demo.
EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries
ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.
Office 365 Migration Challenges Drew St. John 2016 Redmond Summit | Identity Without Boundaries May 24, 2016 Consultant
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Recording Brief EMS Partner Bootcamp Variables Values Module Title
Identity; What you need to know to be in the Microsoft Cloud
När verkligheten hälsar på
Directory Synchronization in Office 365
Microsoft Online Services Partner Deployment Training for Office 365
Acutelearn Azure Administration Training in Hyderabad Classroom Training Instructor led trainings at Acutelearn premises Corporate Training Custom tailored.
Cloud Connect Seamlessly
Hybrid Search Planning Implementation.
05 | AD to Windows Azure AD IT Professionals
TechEd /24/2018 4:00 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
SharePoint Online Hybrid – Configure Outbound Search
M7: New Features for Office 365 Identity Management
Office 365 Identity Management
Office 365 Identity Management
Microsoft Ignite /24/2019 6:23 PM
M6: Advanced Identity Management topics for Office 365
Office 365 Identity Management
Azure AD Simon May Technical Evangelist.
10 | Implementing Directory Synchronization
Presentation transcript:

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB

Microsoft Directory Synchronization

Directory Synchronization – Why to use  Easy to onboard large number of users – small to medium size companies  Identities to be mastered/manage on premises  Free / busy coexistence  Support for identity federation  Synchronization of photos, thumbnails, conference rooms, and security groups  Filtering coexistence

Directory Synchronization – How it works

Deploying steps for Directory Synchronization tool Step 1 –> system requirement / permission / performance consideration Step 2 –> Activate Directory synchronization via MS online portal Step 3 –> Install and configure DS tool – config wizard Step 4 –> Synchronize your directory – write objects on Azure AD from on premises Step 5 – > Activate synced users – individual / bulk Step 6 –> Verify / Upgrade / Reinstall

What will it synchronizes & what not Will   All users, Mail-Enabled Contacts, Mail-Enabled Groups  Only some attributes Will not   Built-in administrative user accounts  Passwords  Built-in administrative groups  Default Exchange Administrative groups  Exchange System Mailbox Accounts

Windows Azure Active Directory Sync Tool - Update The tool is downloaded from the Office 365 admin portal. Only a one way hash of the password will be synchronized to WAAD such that the original password cannot be reconstructed from it. Synchronizes user passwords from on- premises AD to Azure AD (Office 365). Respects on-premises password policies. Can’t sync passwords for Federated Users, but can co-exist. SAML2 Identity Provider

Directory Sync Tool or Active Directory Federation Services Password SyncSSO with AD FS Same password to access resources Can control password policies on-premises Support for two factor authentication * No password re-entry if on premises Client access filtering Authentication occurs in on premises directory

Active Authentication: Why Multi-Factor

Active Directory Federation Services

 Extremely important feature for many customers is Identity Federation  AD FS 2.0 to provide users with a single sign-on experience  Use corporate credentials to access their Office 365 services

Non federated users – Mailbox  User Experiences: ◦Logs in with cloud identity ◦User authentication takes place on cloud AD ◦Users have two IDs – one to access on-premise services & one for Online services ◦Users prompted for credentials even when logged into the domain when accessing Online Services  Administrator Experience: ◦Manages password policy in cloud & on premises ◦Password reset for on premises & MS Online IDs ◦No 2 Factor Authentication integration

Federated Users – Mailbox  User Experiences: ◦Users Sign in with corporate ID ◦Authentication happens on premises ◦Users have a single credential to provide SSO to on premises and Online services ◦Users get true SSO experience ◦2 factor Authentication can be utilized if it is deployed on-premise  Administrator Experience: ◦Manages password policy on premise only ◦Password reset for on premise IDs only ◦2 Factor Authentication integration options ◦Requires additional servers to enable identity federation so there will be an additional up front cost

ADFS Authentication Flow  Authentication for passive / web profile  Authentication for rich client profile  Authentication Exchange Active Sync / MS Outlook

ADFS 2.0 – Deployment Options  Single server configuration  AD FS 2.0 server farm and load-balancer  AD FS 2.0 proxy server or UAG/TMG  (External Users, Active Sync, Down-level Clients with Outlook)

ADFS Certificates / Policy Store  Certificates  Token signing  Token decryption  Secure Communication Certificate  Policy Store  In AD FS 2.0 the policy is stored in a database that uses either Windows Internal Database or Microsoft SQL Server as the dedicated store  AD FS 2.0 makes policy decisions based on identity information that is provided to it in the form of claims and other contextual information

What is ADFS proxy ?  A service that brokers a connection between external users and your internal AD FS 2.0 server  Three primary functions ◦Assertion provider: The proxy accepts token requests from users and passes the information over SSL (default port 443) to the internal AD FS server. It receives the token from the internal AD FS server and passes it back to the user. ◦Assertion consumer: The proxy accepts tokens from users and passes them over SSL (default port 443) to the internal AD FS server for processing. ◦Metadata provider: The proxy will also respond to requests for Federation Metadata.

How does the AD FS 2.0 Proxy work

Troubleshooting O365 Issues  Certificates – on all ADFS servers / client browsers(default trusted certs.)  ISA/TMG O365 Rules – Domains  Network Firewall – IP white lists  Internet – Backup  ADFS / Proxy server event viewer – correlation ID  DIR Sync server event viewer 

Additional reading… Select an Office 365 plan for business (Trial) – Explore the Community & Blogs - -Office 365 for IT pros – Learn / Training / Try / Deploy -

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.