Configuring SharePoint 2013 and Office 365 Hybrid – Part 1

Slides:



Advertisements
Similar presentations
Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Advertisements

Office 365 and SharePoint 2013 Hybrid Environments Rene Modery Singapore 1.
Office 365 Identity Federation Technology Deep-Dive
Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Hybrid Search with SharePoint 2013 and Office 365 Brendan Griffin.
Identity management integration options for Office 365
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
Active Directory Integration with Microsoft Office 365
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
SharePoint Business Continuity Management with SQL Server AlwaysOn
Understanding Active Directory
TechEd /20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Introduction Please answer the survey questions posted at the end of this meeting. Let us know what sessions you want! Josh Topal at
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
Single Sign-On with Microsoft Azure
Module 2 Designing Microsoft® Exchange Server 2010 Integration with the Current Infrastructure.
Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium
…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
Virtual techdays INDIA │ august 2010 virtual techdays INDIA │ august 2010 Moving/Co-existing your messaging platform to the cloud with Exchange.
Key Considerations in Architecting Active Directory Federation Alexander Yim WSHFC NCSHA, Nashville on Sept 28 th, 2015.
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Office 365 deployment choices Cutover, Staged, Hybrid What is AD FS (Active Directory Federation Services) Attribute Stores, ADFS Configuration Database.
Office 365: Identity and Access Solutions Suresh Menon Technology Specialist – Office 365 Microsoft Corporation India.
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
Configuration Manager and InTune Gemeinsam oder einsam?
DNS DNS changes required to validate domains in Office 365 UPN – User Principal Name Every user must have a UPN UPN suffixes must match a validated.
#SPSMX Hybrid Environments SharePoint On-premises & SharePoint Online Luis Du Solier SharePoint Premier Field Engineer Microsoft.
Identities and Azure AD Premium
BE-com.eu Brussel, 26 april 2016 EXCHANGE 2010 HYBRID (IN THE EXCHANGE 2016 WORLD)
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Managing Office 365 Identities and Requirements Question Answer
Managing Office 365 Identities and Requirements.
Preparing Identities for the Cloud Randy Robb 2016 Redmond Summit | Identity Without Boundaries May 24 th 2016 Senior Consultant
Enabling the Modern Workstyle with Windows 10 & Azure Active Directory Venkatesh Gopalakrishnan 2016 Redmond Summit | Identity Without Boundaries May 25,
ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.
Private KEEP OFF! Private KEEP OFF! Open! What is a cloud? Cloud computing is a model for enabling convenient, on-demand network access to a shared.
Productivity Architect Meet Chris Bortlik Author, Blogger, Speaker.
Office 365 Migration Challenges Drew St. John 2016 Redmond Summit | Identity Without Boundaries May 24, 2016 Consultant
Planning, Implementing and Supporting Office 365
Recording Brief EMS Partner Bootcamp Variables Values Module Title
SharePoint Hybrid Capabilities
Microsoft - Managing Office 365 Identities and Requirements
6/17/2018 5:54 AM OSP322 Getting the best of both worlds, making the most of SharePoint hybrid search solutions Shyam Narayan Microsoft © 2013 Microsoft.
Azure AD for the client management guy (or gal!)
Directory Synchronization in Office 365
Leverage your on-premise investments with cloud innovation
SharePoint Online Management and Control
Deploying Office 365 ProPlus
Cloud Connect Seamlessly
Hybrid Search Planning Implementation.
Hybrid Search Technical Guidance.
PSC Group, LLc Office 365/SharePoint Online Migration traps and tricks
05 | AD to Windows Azure AD IT Professionals
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
SharePoint Online Hybrid – Configure Outbound Search
Microsoft Virtual Academy
M7: New Features for Office 365 Identity Management
Office 365 Identity Management
M3: Guidance for choosing the right integration option
2/27/2019 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
M6: Advanced Identity Management topics for Office 365
Office 365 Identity Management
Microsoft 365 Business Technical Fundamentals Series
10 | Implementing Directory Synchronization
Presentation transcript:

Configuring SharePoint 2013 and Office 365 Hybrid – Part 1 Brendan Griffin

Me.About() Senior Premier Field Engineer @ Microsoft http://aka.ms/fromthefield @brendankarl Senior Premier Field Engineer @ Microsoft Microsoft Certified Master: SharePoint 2010 10 years experience with SharePoint

Agenda What is Hybrid? Identity Considerations Base Configuration for Hybrid

What is Hybrid? Office 365 + SharePoint 2013 = Hybrid Securely integrate SharePoint Online with SharePoint On-Premises Facilitates gradual migration from On-Premises to Office 365 Addresses key workloads – Search, BCS and Social *This session will focus on configuring the infrastructure to support Hybrid, Part 2 will take a closer look at SharePoint specific configuration and advanced scenarios

Example: Hybrid Search Imagine a Scenario… Your company are using SharePoint On-Premises and Office 365 User content is currently stored in both Does this mean that your users have to search both to find content???

Example: Hybrid Search Certainly Not! Hybrid Search provides the ability for Office 365 content to be surfaced in Search results within an On-Premises farm and vice versa End users can perform a single Search query to find content! 3 options are available for configuring Hybrid search – Outbound, Inbound and Two-Way

Hybrid Topologies This session will focus on the One-Way Outbound topology Easiest of the three options to configure Start with the One-Way Outbound topology first before embarking on more complex Hybrid topologies

Hybrid Topologies Example: One-Way Outbound Topology

Identity Considerations How does Authorization Work? There are three different identity scenarios for Office 365 Hybrid requires the ability to map an On-Premise user to a Cloud Identity – Cloud Identity (only) isn’t an option for Hybrid

Identity Considerations Decisions, Decisions??? Should you go for Synchronised or Federated Identity…it all depends! A great Blog post that outlines potential reasons to opt for Federated Identity over Synchronised Already use ADFS? Require auditing? Immediate account disable? Restrict sign in by location/time?

Identity Considerations In this session we will look at Directory & Password Synchronization Users from the On-Premise AD will be sync’d to Office 365 (Azure AD) – includes a hash of their password Enables users to logon to SharePoint On-Premises and Office 365 using the same username and password – this isn’t SSO though!

On-Premises Service Applications SharePoint On-Premises requires a number of Service Applications to support Hybrid Secure Store is required for inbound Hybrid User Profile Service required to rehydrate users for Security Trimming

Deployment Steps Four Steps to Configure One-Way Outbound Hybrid Search Infrastructure Pre-Requisites Setup AAD Sync (DirSync) Establish S2S Trust with Azure ACS Configure SharePoint On-Premises Search – Covered in Part 2

Deployment Steps Required Tools Microsoft Online Services Sign-In Assistant – Link Azure Active Directory Module for Windows PowerShell – Link SharePoint Online Management Shell – Link

Deployment Steps Infrastructure Pre-Requisites – Verify Internal Domain Verify the internal AD domain name with Office 365 – Needs to be a routable domain! Enables Microsoft to verify that you “own” the domain If you are using a non-routable domain (.local) for AD – all is not lost! Verifying a domain increases the Office 365 object limit from 50K to 300K!

Deployment Steps Infrastructure Pre-Requisites – Verify Internal Domain In my environment the AD domain is griffin.local which isn’t routable! I purchased brendg.co.uk and associated this with the AD domain griffin.local by adding a UPN Suffix Updated user accounts to use the new domain

Deployment Steps Infrastructure Pre-Requisites – Verify Internal Domain Involves adding a temporary DNS record to the domain The existence of this record is verified by Microsoft to validate domain ownership Instructions included for the most common DNS hosting providers

Deployment Steps Infrastructure Pre-Requisites – Verify Internal Domain

Deployment Steps Infrastructure Pre-Requisites – Active Directory AD domain must be at least Windows Server 2003 Forest Functional Level Run IdFix to identify objects that could cause sync issues and remediate Illegal characters Duplicate entries Length …

Deployment Steps Admin Center Infrastructure Pre-Requisites – Activate Directory Sync PowerShell Admin Center

Demo 1: Infrastructure Pre-Requisites

IdFix - Walkthrough

IdFix undo

Verify domain and activate sync

UPN update

Deployment Steps Setting up AAD Sync Install and configure the AAD Sync tool – http://aka.ms/aadsync Assign user licenses in Office 365

Demo 2: Setting up AAD Sync

AAD Sync install/configure

AAD Sync user tidy up

Deployment Steps Additional Considerations For greater control over the attributes that are synchronised to Azure AD select Azure AD app and attribute filtering Password write-back requires Azure AD Premium

Deployment Steps Checking Directory Synchronisation

Deployment Steps Directory Synchronisation – Notification e-mail

Deployment Steps Assigning Licenses using the Office 365 Portal

Deployment Steps Assigning Licenses using PowerShell Licenses all users with a Username (UPN) of *.brendg.co.uk Also sets their location to GB

Deployment Steps AAD Sync Schedule By default AAD Sync will sync AD users with Office 365 every 3 hours A sync can be manually performed using DirectorySyncClientCmd.exe – automate using a Scheduled Task

Deployment Steps AAD Sync Account Account is created in AD during AAD Sync configuration Used by AAD Sync to read attributes from AD This account is granted the following permissions: Replicating Directory Changes Replicating Directory Changes All

Deployment Steps Establish S2S Trust with Azure ACS Replace the STS Certificate within the On-Premises SharePoint farm Register the On-Premises STS as a Service Principal in Office 365 Establish a trust between the On-Premises farm and Azure ACS

Demo 3: Establish S2S Trust with Azure ACS

Export certs

Pre-req’s and update STS certificate

Azure ACS trust

Base Configuration for Hybrid Summary Added a custom domain to Office 365 (brendg.co.uk) Tidied up AD and activated Directory Sync in Office 365 Setup Azure AD Sync to sync users from On-Premises AD to Office 365 (Azure AD) Established S2S trust between SharePoint 2013 and Office 365 The next session will demonstrate Hybrid Search configuration

Questions

Thank You to Our Sponsors!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.