Active Directory Federation Services

Active Directory Federation Services

Active Directory  Federation Services(ADFS) provides single sign-on (SSO) by using token-based authentication. With SSO, a service will trust the authentication token of a user who has successfully logged on to a disparate but trusted network. As, such the service will grant access without requiring the user to authenticate again.

SSO through AD FS is not mandatory for Office 365, but enterprise customers usually implement it because of the need to desire to leverage existing identity management solutions such as AD.

Different types of user accounts

There are essentially two classes of user accounts:

Ø  Cloud Identity

Ø  Federated Identity

Cloud Identities are user accounts that are created directly in Office 365 through the admin center. The passwords associated with cloud identities are also stored in Office 365. Cloud identities can be managed through the admin center as well as through Windows PowerShell.

Federated Identities refer to user accounts that are maintained outside if Office 365 such as in AD. Federated identities are the most commonly used accounts in an enterprise because most enterprises already have an identity management solution such as AD.

Integrating Active Directory with Office 365

To fully leverage AD in Office 365, follow these general steps:

Ø  Add your domain name to your Office 365 tenant.

Ø  Set up and configure SSO through AD FS

Ø  Install and configure the Directory Sync tool.

Active Directory Federation Services

AD FS is a role in Windows Server. The most prominent and primary reason to use AD FS with Office 365 is that it allows and AD user to seamlessly access office 365 without having to re-supply her credentials again. However, if your organization decides to implement AD FS, the minimum AD FS version required by office 365 is version 2.0; thus, it is often referred to as AD FS 2.0

Single sign-on experience

Ø  Scenario 1: No single sign-on experience

Ø  Scenario 2: User is logged on at work

Ø  Scenario 3: Remote worker on a virtual private network connection

Ø  Scenario 4: Remote worker is not logged on to the corporate network

Steps to Implement SSO using AD FS

Ø  Remediate your AD UPN suffix.

Ø  Install IIS on the server that will host AD FS.

Ø  Protect IIS with an Secure Sockets Layer(SSL) certificate

Ø  Install and configure AD FS 2.0

Office 365 - The Business case for the cloud

The Business case for the cloud

Consumer vs. enterprise

The concepts of consumer and enterprise are important to keep in mind because the cloud has different meanings for different audiences.

A consumer simply might want a convenient way to share files, while an enterprise might need to ensure security and audit trails in addition to the ability to share files. An enterprise might have a strong negative reaction if employees get distracted with non-work related advertising or, worse yet, advertising that might be deemed inappropriate to the mission of the organization.

Office 365

Of all the different types of cloud services, one that stands out very prominently and is clearly designed for the enterprise is the Microsoft cloud known as Office 365.

Now in its third release, Office 365 is the overarching brand name of the Microsoft’s flagship business products offered through the cloud:

·         Office 365 ProPlus      A full version of office

·         Exchange Online         For hosted messaging

·         SharePoint Online      For hosted file sharing and collaboration

·         Lync Online                  For hosted communications

Licensing Overview

There are four core technologies in Office 365; Exchange, SharePoint, Lync, and Office ProPlus. As with many Microsoft licensing options, Office 365 provides multiple paths or adoption.

Just like the on-premises versions of the software, there is a standard edition as well as an enterprise edition for Exchange, SharePoint, and Lync. In the online world, these are known as Plan1 and Plan2. Online Plan1 is equivalent to an on-premise standard edition, while Online Plan2 is equivalent to an on-premises enterprise edition. Therefore, Office365 core technologies can be further defined by these plans:

·         Exchange Online

Plan 1, Plan 2

·         SharePoint Online

Plan 1, Plan 2

·         Lync Online

Plan 1, Plan 2

·         Office 365 ProPlus (no different plans)

Office 365 stand-alone purchases

The Plan 1 and Plan 2 categories represent the foundation of the flexible office 365 licensing model. You can purchase any core technology and its associated plan as a stand-alone component.

Office 365 suites

Some organizations might be interested in multiple technologies. For these organizations, Microsoft provides bundled options known as Office 365 suites. There are different types of suites designed for different types of organizations:

·         Enterprise suites

·         Government suites

·         Education suites

·         Kiosk plans

·         Office 365 Small Business

·         Office 365 Midsize Business

·         Office 365 Home Premium

Office 365 Terminology

There are several new terms that are used in Office 365. You will frequently hear these terms when Office 365 is discussed, so it is important to understand what they mean.

Tenant - An Office 365 subscription is often referred as tenant. The tenant refers to the licensing model, but might also refer to the deployed platform.

Tenant name – The tenant name sometimes referred to as the office 365 domain name, is the onmicrosoft.com name of your tenant.

Vanity domain name – Your true domain name is referred to as the Vanity domain name.

Waves – The wave term is Microsoft’s internal reference to releases of Office 365.

Wave 14 refers to Office 365 with 2010 versions of Exchange, SharePoint, Lync, and Office 365 Professional Plus.

Wave 15 refers to Office 365 with 2013 versions.

Hybrid – Hybrid is frequently used in the context of the different Office 365 services. The term refers to  the implementation of on-premises Exchange, SharePoint, and Lync coexisting and working with the respective online deployments.

Government Community Cloud – Microsoft recently announced a special version of Office 365 called the Government Community Cloud(GCC). The GCC is specifically created for United States government entities. A subscription to the GCC is sometimes referred to as G-tenant.

The GCC was introduced to address very specific government regulatory requirements, such as the need for special auditing or for additional background checks and security clearances of Office 365 personnel. These requirements are unique to government entities and are not required for enterprise customers.

Business case for Office 365

Some of the more significant features for an Office 365 business case:

·         Subscription model

·         Economics of scale

·         Scalability

·         Redundancy

·         Core competency

Trust Center

Microsoft is very serious about security and privacy. Therefore, Microsoft created the Office 365 Trust Center to ensure transparent and efficient communication about the security and privacy of Microsoft cloud services.

The Office 365 Trust Center is the one-stop location for all updated privacy and security issues related to Office 365. The Trust Center has five pillars:

·         Privacy

·         Transparency

·         Security

·         Compliance

·         Service Continuity