Preparing Identities for the Cloud Randy Robb 2016 Redmond Summit | Identity Without Boundaries May 24 th 2016 Senior Consultant

Slides:

Advertisements

Similar presentations

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Advertisements

Configuring SharePoint 2013 and Office 365 Hybrid – Part 1

RequirementsDeployment Options 2 3 Dirsync Overview 1 Understanding Synchronization 4.

Hybrid Search with SharePoint 2013 and Office 365 Brendan Griffin.

Identity management integration options for Office 365

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

Active Directory Integration with Microsoft Office 365

TechEd /20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

SharePoint Farm On Azure IAAS Prepared By : Prakhar Rastogi Premier Field engineer Microsoft India.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.

Single Sign-On with Microsoft Azure

Module 2 Designing Microsoft® Exchange Server 2010 Integration with the Current Infrastructure.

Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

Cloud Identity Windows Azure Active Directory Cloud Identity & Directory SyncFederated Identity Appropriate for Smaller orgs without.

Virtual techdays INDIA │ august 2010 virtual techdays INDIA │ august 2010 Moving/Co-existing your messaging platform to the cloud with Exchange.

Hybrid end-to-end: SPC339 – Monday 2pm Office 365 identity federation using Windows Azure and Windows Azure Active Directory: SPC411 – Tuesday 9am.

Key Considerations in Architecting Active Directory Federation Alexander Yim WSHFC NCSHA, Nashville on Sept 28 th, 2015.

Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.

Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Office 365 deployment choices Cutover, Staged, Hybrid What is AD FS (Active Directory Federation Services) Attribute Stores, ADFS Configuration Database.

Identity Decision Tree Framework Quick Reference Guides.

Office 365 hur kommer du dit – på riktigt Magnus Björk Altitude 365.

XTRABANNER Deployment Scenarios 12-MAR Scenario 1: On Premise Exchange - Before On Premise Network Internet Active Directory Exchange

DMI202 Experience Value Early New Cloud Experience Real World Benefits Broad Production Use Full Feature Value Meet your needs Deploy Enhance Pilot.

Office 365: Identity and Access Solutions Suresh Menon Technology Specialist – Office 365 Microsoft Corporation India.

Office 365 Directory Synchronization Update: Deploying Password Sync.

Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.

DNS DNS changes required to validate domains in Office 365 UPN – User Principal Name Every user must have a UPN UPN suffixes must match a validated.

Exchange Hybrid: Deployment, best practices, and what’s new

#SPSMX Hybrid Environments SharePoint On-premises & SharePoint Online Luis Du Solier SharePoint Premier Field Engineer Microsoft.

Identities and Azure AD Premium

Exchange versionMainstream support phase Extended support phase Exchange Server 5.512/31/20031/10/2006 Exchange 2000 Server12/31/20051/11/2011 Exchange.

BE-com.eu Brussel, 26 april 2016 EXCHANGE 2010 HYBRID (IN THE EXCHANGE 2016 WORLD)

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

Managing Office 365 Identities and Requirements.

 Step 2 Deployment Overview  What is DirSync?  Purpose – What does it do?  Understanding Synchronization  Understanding Coexistence  Understanding.

 What is DirSync?  Purpose – What does it do?  Understanding Synchronization  Understanding Coexistence  Demo.

Enabling the Modern Workstyle with Windows 10 & Azure Active Directory Venkatesh Gopalakrishnan 2016 Redmond Summit | Identity Without Boundaries May 25,

ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.

Office 365 Migration Challenges Drew St. John 2016 Redmond Summit | Identity Without Boundaries May 24, 2016 Consultant

Jhong Catane Exchange Hybrid Deployment PRD34 2.

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

Recording Brief EMS Partner Bootcamp Variables Values Module Title

Max Fritz Senior Systems Consultant, Now Micro

Provisioning and Configuring Office 365

SharePoint Hybrid Capabilities

Microsoft - Managing Office 365 Identities and Requirements

Using Microsoft Identity Manger with SharePoint 2016 to fill the User Profile Sync Gap Max Fritz Senior Systems Consultant Now Micro.

Directory Synchronization in Office 365

Full Exam Name: Microsoft Dynamics CRM 2016 Online Deployment

Dumps PDF Implementing Microsoft Azure Infrastructure Solutions dumps.html Are You worried About Your Exam.

Leverage your on-premise investments with cloud innovation

Microsoft Ignite /20/2018 2:21 PM

Migrating to Office 365 from Google mail and exchange

11/27/2018 5:57 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

SharePoint Online Hybrid – Configure Outbound Search

Microsoft Virtual Academy

M7: New Features for Office 365 Identity Management

M3: Guidance for choosing the right integration option

AD FS Integration Active Directory Federation Services (AD FS) 7.4

Surviving identity management in a hybrid world

SharePoint 2016 in MIM 2016 Robi Vončina Kompas Xnet.

4/3/2019 3:20 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.

M6: Advanced Identity Management topics for Office 365

Office 365 Identity Management

10 | Implementing Directory Synchronization

Presentation transcript:

Preparing Identities for the Cloud Randy Robb 2016 Redmond Summit | Identity Without Boundaries May 24 th 2016 Senior Consultant

Introduction

Preparing Identities for the Cloud

Company IT Infrastructure

Generic System

Generic Cloud System

Azure AD

Supported Topologies Single forest, single Azure AD directory Multiple forests, single Azure AD directory (objects represented mutually exclusive)

Supported Topologies Multiple forests – separate topologies (objects represented mutually exclusive) Multiple forests – match users (Objects joined that represent identical objects) Resources Shared via Trusts Users matched by selected attribute

Supported Topologies Multiple forests – full mesh with optional GALSync Multiple Forests – Account-Resource Forest MIM on premises Users matched by address Exchange Org A Exchange Org B Users matched by msExchMasterAccountSID

Supported Topologies

GALsync with on-premises MIM sync server (Contact Objects Synchronized) Single Forest - Each object only once in an Azure AD directory

Supported Topologies Single Forest - Each object only once in an Azure AD directory

Supported Topologies Single Forest - Each object only once in an Azure AD directory

Supported Topologies Single Forest - Each object only once in an Azure AD directory The UPNs of the users in the on-premises AD must use separate namespaces. There must be a 1:1 correspondence between a namespace and an Azure AD instance. There is no GALsync between the Azure AD directory instances. The address book in Exchange Online and Skype for Business only shows users in the same directory. Only one of the Azure AD directories can enable Exchange hybrid with the on-premises Active Directory. Windows 10 devices can only be associated with one Azure AD directory. The requirement for mutually exclusive sets of objects also applies to writeback. Some writeback features are not supported with this topology since these features assume a single configuration on-premises: Group writeback with default configuration Device writeback

Source Anchor

The sourceAnchor attribute is defined as an attribute immutable during the lifetime of an object.

Source Anchor The sourceAnchor attribute is defined as an attribute immutable during the lifetime of an object. When a new sync engine server is built, or rebuilt after a disaster recovery scenario, this attribute will link existing objects in Azure AD with objects on-premises. If you move from a cloud-only identity to a synchronized identity model this attribute will allow objects to “hard match” existing objects in Azure AD with on-premises objects. If you use federation, this attribute together with the userPrincipalName is used in the claim to uniquely identify a user.

Source Anchor The sourceAnchor attribute is defined as an attribute immutable during the lifetime of an object. When a new sync engine server is built, or rebuilt after a disaster recovery scenario, this attribute will link existing objects in Azure AD with objects on-premises. If you move from a cloud-only identity to a synchronized identity model this attribute will allow objects to “hard match” existing objects in Azure AD with on-premises objects. If you use federation, this attribute together with the userPrincipalName is used in the claim to uniquely identify a user.

IDFix Free Download from Microsoft It doesn’t fix all issues, but it is good for most Originally created for Office 365 implementations

IDFix – What does it do?

“Provides customers the ability to identify and remediate the majority of object synchronization errors in their Active Directory forests in preparation for deployment to Office 365.”

IDFix – What does it do? Key Point – Remediate errors in preparation for Office 365 – In particular Exchange Online “Provides customers the ability to identify and remediate the majority of object synchronization errors in their Active Directory forests in preparation for deployment to Office 365.”

IDFix – Details Attribute mailNo white spaceRfc routable namespace No duplicatesLess than 256 characters mailnicknameNot blankInvalid characters: whitespace \ ! # $ % & * + / = ? ^ ` { } | ~ ( ) ' ; :, [ ] May not begin or end with a period Less than 64 characters proxyaddressesRfc routable namespace (SMTP only) No duplicatesLess than 256 characters samaccountnameInvalid characters: \ " |, / [ ] : + = ; ? * No duplicatesLess than 20 characters targetAddressNot blankRfc routable namespace (SMTP only) value = mail (contact and user [if no homeMdb]) Less than 256 characters userPrincipalNameRfc routable namespace - Invalid chars whitespace \ % & * + / = ? ` { } | ( ) ; :, [ ] " No duplicatesLess than 64 characters Less than 256 characters

IDFix – Details

AD Sync Health

Reporting – AD Sync Health

Preparing On-Premises AD Before installing / configuring Azure AD Sync: 1.Define a supported topology 2.Identify uniqueness of AD objects 3.Identify your Source Anchor 4.Clean up AD to ensure correct attribute formatting IDFix After installation and synchronization verification 1.Look at Synchronization Service 2.Review Azure AD Health Report

DEMO

2016 Redmond Summit Sponsors