Azure Active Directory Active Directory Azure Active Directory Active Directory Portal PowerShell/ Directory GRAPH DirSync w/Cloud identities DirSync w/Password Sync DirSync w/SSO Target customer segment • Small • Small to Medium • Small/Medium • Small/Medium • Medium/Large Scenario supported • Least •
Download ReportTranscript Azure Active Directory Active Directory Azure Active Directory Active Directory Portal PowerShell/ Directory GRAPH DirSync w/Cloud identities DirSync w/Password Sync DirSync w/SSO Target customer segment • Small • Small to Medium • Small/Medium • Small/Medium • Medium/Large Scenario supported • Least •
Azure Active Directory Active Directory Azure Active Directory Active Directory Portal PowerShell/ Directory GRAPH DirSync w/Cloud identities DirSync w/Password Sync DirSync w/SSO Target customer segment • Small • Small to Medium • Small/Medium • Small/Medium • Medium/Large Scenario supported • Least • Least • Some limitation • Some limitations • Most Directory Source of • Cloud Authority • Cloud • On-premises • On-premises • On-premises Hardware requirements • No additional hardware required • No additional hardware required • Windows Server OS for DirSync appliance • Windows Server OS for DirSync appliance • DirSync appliance • ADFS (or other STS) deployment IDP • Cloud • Cloud • Cloud • Cloud • On-premies User login experience • Disjoint username and password • Enter credentials twice • Disjoint username and password • Enter credentials twice • Same username, • Same username • Same username disjoint password and password for and password for • Enter credentials on-prem and on-prem and twice cloud cloud • Enter credentials • Login once if ontwice premises Complexity • Low • Medium • Low • Low • High On-premises Azure AD Supported? Sync Solution ADFS/SSO Solution 1 AD Forest 1 Tenant Yes DirSync Appliance ADFS or 3rd Party STS n AD Forests* 1 Tenant Yes FIM + AAD Connector** ADFS or 3rd Party STS 1 AD Forest n Tenants Yes FIM + AAD Connector OR n DirSync Appliances ADFS or 3rd Party STS Non-AD directory n Tenants Yes FIM + AAD Connector 3rd Party STS n AD Forests + m non-AD Directories n Tenants Yes FIM + AAD Connector 3rd Party STS Resource Forest DirSync (migrate data) (“sync, UPN, ImmutableID”) Login Forest AD FS Azure AD Tenant DirSync AD Forest Azure AD Tenant AD FS DirSync Azure AD Tenant http://www.microsoft.com/downloads/details.aspx?Fa milyID=72c15d25-6515-4763-9b76-054362b58398 Rich Applications (SIA) • • • • Lync Online Office Subscriptions CRM Rich Client Office 2013 Web Clients Exchange Clients • • • Office 2010, Office 2007 SP2 with SharePoint Online Outlook Web Application • • Office 2010, Office 2007 SP2 Active Sync/POP/IMAP Entourage MS Online IDs Username and Password Username and Password Username and Password Online ID Online ID Online ID SSO IDs Username and Password (non-domain joined) Username and Password Username and Password AD credentials AD credentials AD credentials SSO IDs No Prompt Username AD credentials AD credentials (domain joined) Can save credentials Remember last user Username and Password AD credentials Can save credentials TechNet MEX Web Lync 2010/ Office Subscription Active AD FS 2.0 Proxy OWA Internal Basic auth proposal: Pass client IP, protocol, device name Exchange Online MEX Web Active Corporate Boundary OWA External Username Password AD FS 2.0 Server Lync 2010/ Office Subscription Username Password Username Password Username Password Outlook 2010/2007 IMAP/POP Outlook 2010/2007 Active Sync IMAP/POP Active Sync Authentication flow (Passive/Web profile) Customer Microsoft Online Services Active Directory Logon (SAML 1.1) Token AD FS 2.0 Server UPN:[email protected] Authentication platform Source User ID: ABC123 Auth Token UPN:[email protected] Unique ID: 254729 ` Client (joined to CorpNet) Exchange Online or SharePoint Online Authentication flow (MEX/Rich Client Profile) Customer Microsoft Online Services Active Directory Logon (SAML 1.1) Token AD FS 2.0 Server UPN:[email protected] Authentication platform Source User ID: ABC123 Auth Token UPN:[email protected] Unique ID: 254729 ` Client (joined to CorpNet) Lync Online Customer Windows Azure Active Directory Active Directory AD FS 2.0 Server (SAML 1.1) Token AD FS 2.0Logon Proxy UPN:[email protected] Authentication platform Source User ID: ABC123 Auth Token UPN:[email protected] Unique ID: 254729 ` Basic Auth Credentilas Username/Password Client (joined to CorpNet) Exchange Online here Windows Azure Active Directory Generate SAML token for authentication platform Redirect to Authentication platform Types User Name Redirect Back Authenticate 2FA response Authenticate 2FA Install 3rd party auth provider ADFS proxy Access Application Present ticket to Application Authentication platform Strong Auth VPN to internal network Windows Azure Active Directory Send Creds to Exchange Proxy Auth Evaluate Client Access Rules, issue SAML Token Authentication platform Disable passive pages on proxy Authenticate 2FA Send Creds to Exchange Proxy Auth Connect to internal network https://twitter.com/Office365 3724282 http://www.linkedin.com/groups/Microsoft-Office-365- www.microsoft.com/garage : http://fasttrack.office.com// http://channel9.msdn.com/Events/TechEd www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn