Separate credential from on- premises credential Authentication
occurs via cloud directory service Does not require on-premises
server deployment Same credential as on-premises credential
Authentication occurs via on- premises directory service Requires
on-premises DirSync server Requires on-premises AD FS
server(s)
Slide 6
Cloud IdentityCloud Identity + DirSyncFederated Identity
Scenario Smaller organizations with or without on-premises Active
Directory Medium to Large organizations with Active Directory
on-premises Large enterprise organizations with Active Directory
on-premises Benefits Does not require on-premises server deployment
Source of Authority is on-premises Enables coexistence Single
Sign-On experience Source of Authority is on-premises 2 Factor
Authentication options Limitations No Single Sign-On No 2 Factor
Authentication options (*) Two sets of credentials to manage
Different password policies No Single Sign-On No 2 Factor
Authentication options Requires on-premises DirSync server
deployment (**) Requires on-premises AD FS server deployment in
high availability scenario Requires on-premises DirSync server
deployment
Slide 7
Cloud Identity Federated Identity (domain joined computer)
Federated Identity (non-domain joined computer) Outlook (PC and
Mac)Sign in each sessionNo PromptSign in each session Exchange
ActiveSyncSign in each session POP, IMAPSign in each session Web
Experiences: Office 365 Portal / Outlook Web App / SharePoint
Online / Office Web Apps Sign in each browser sessionNo PromptSign
in each browser session Office using SharePoint OnlineSign in each
SharePoint Online sessionSign in each SharePoint Online Session
Lync ClientSign in each sessionNo promptSign in each session
Slide 8
Slide 9
Office 365 Admin Center Active Directory tools Exchange
management tools Identity management solutions Windows Azure AD
PowerShell Remote PowerShell
Slide 10
Slide 11
Slide 12
Slide 13
Slide 14
Slide 15
Slide 16
Slide 17
Slide 18
Slide 19
Slide 20
Slide 21
Run from the Admin Center Important if running previous
versions of Office, but tool also does OS updates for successful
SSO
Slide 22
Slide 23
Slide 24
Slide 25
Slide 26
Slide 27
Slide 28
On-Premises Identity Services Provisioning Service Active
Directory Federation Server 2.0/2.1 Trust Directory Store Admin
Portal/ PowerShell Authentication platform MSOL PowerShell Module
Office 365 Add Domain Required TXT/MX Record Add Trust -Claim Rules
-User Source ID = AD ObjectGUID Verify-Domain -Active/Mex/Passive
-Token certs Current/Next -Brand URI etc Update
Number of usersMinimum number of servers Fewer than 1,000 users
Implement fault-tolerance but no need for dedicated federation
servers 1,000 to 15,000 users 2 dedicated federation servers 2
dedicated federation server proxies 15,000 to 60,000 users Between
3 and 5 dedicated federation servers At least 2 dedicated
federation server proxies