Exploring Identity Management options in Office 365

Paul Hunt - MVP

Who am I?

Who am I?

What is this session about?

Authentication Versus Authorisation

© British Gas

In the Office 365 Scenario

Trusted Identity

Accounts are stored in Azure Active Directory and authenticated by Microsoft.

Federated Identity

Microsoft detects a federated domain and redirects the user with a claim that needs to be authenticated.

Common issues

Outbound Account Sync to Office 365

AAD Connect(Sync Service)

Inbound Password & Attribute Sync to Active

Directory (Optional)

http://bit.ly/installaadc

(PREVIEW!)Docs: http://bit.ly/AADConnectPassthru

AAD Connect(Sync Service)

• Skype for Business client applications are not supported (inc 2016)

• Be aware of the Smart Lockout feature and ensure your AD lockout settings are greater than Azure AD.

Demo – IdFix, AAD Connect & Pass Through Auth

AD Sync Scheduler

How does federation work?

Demo – ADFS and WAP

Password Write-back

Password Write-back

Self Service Password Reset

Demo – Password Write-Back

Direct or Inherited

Creating a License template for groups

Creating a License template for groups

Migrating from Direct to Inherited

Pay attention to Assignment Paths!

Demo – Group Licensing

Currently expected to be available to E3 and above at General Availability*.

*Subject to confirmation

What is needed?

Already logged in?

Log out and choose forget… Or clear your cookies…

Limitations

Demo – Sign-in Branding

Many options - For Example

http://bit.ly/fedthirdparties

PFE – AD FS Deep Dive (Planning)

AD FS Topology Design Guide

Customizing the AD FS sign-in pages

Customising the Office 365 sign-in pages

Running the Office 365 IdFix tool

Microsoft Group Licensing Docs

Useful Links