Upload
paul-hunt
View
1.518
Download
0
Embed Size (px)
Citation preview
Exploring Identity Management options in Office 365
Paul Hunt - MVP
Who am I?
Who am I?
What is this session about?
Authentication Versus Authorisation
© British Gas
In the Office 365 Scenario
Trusted Identity
Accounts are stored in Azure Active Directory and authenticated by Microsoft.
Federated Identity
Microsoft detects a federated domain and redirects the user with a claim that needs to be authenticated.
Common issues
Outbound Account Sync to Office 365
AAD Connect(Sync Service)
Inbound Password & Attribute Sync to Active
Directory (Optional)
http://bit.ly/installaadc
(PREVIEW!)Docs: http://bit.ly/AADConnectPassthru
AAD Connect(Sync Service)
• Skype for Business client applications are not supported (inc 2016)
• Be aware of the Smart Lockout feature and ensure your AD lockout settings are greater than Azure AD.
Demo – IdFix, AAD Connect & Pass Through Auth
AD Sync Scheduler
How does federation work?
Demo – ADFS and WAP
Password Write-back
Password Write-back
Self Service Password Reset
Demo – Password Write-Back
Direct or Inherited
Creating a License template for groups
Creating a License template for groups
Migrating from Direct to Inherited
Pay attention to Assignment Paths!
Demo – Group Licensing
Currently expected to be available to E3 and above at General Availability*.
*Subject to confirmation
What is needed?
Already logged in?
Log out and choose forget… Or clear your cookies…
Limitations
Demo – Sign-in Branding
Many options - For Example
http://bit.ly/fedthirdparties
PFE – AD FS Deep Dive (Planning)
AD FS Topology Design Guide
Customizing the AD FS sign-in pages
Customising the Office 365 sign-in pages
Running the Office 365 IdFix tool
Microsoft Group Licensing Docs
Useful Links