Aucune remarque pour cette diapositive
DO NOT REMOVE – Notes for AttendeesCan use AD FS 2.0 to handle multiple trusts: Even though you use WS-* to MS Online, you can still use the same ADFS server to create trusts with other service and federation servers using protocol of your choice.Although SAML2.0 is supported by ADFS2.0, we ALWAYS use ws-* federation because SAML2.0 does not yet support federated authentication for rich clients. However if customers need to set up SAML2.0 federation to other services gateways or organizations, they can do this with AD FS 2.0.
Situation Slide objectiveExplain how the same Exchange federation used for calendar sharing can also be used to extend Exchange 2010 IRM support features to partners. Talking points[Build 1] Partners create trust with Microsoft Federation Gateway Sender federates on-premises RMS server with the Microsoft Federation Gateway. (Requires software that ships in Windows Server 2008 R2 SP1.) Partnerfederates their Exchange 2010 server with MFG. [Build 2] Protected message is sent to Fabrikam recipient.Message can be automatically protected (via Outlook Protection Rules or Transport Protection Rules) or manually (in OLK/OWA)[Build 3] Fabrikam contacts RMS server for Use License. Fabrikam’s Exchange server contacts MFG to get a SAML token for this message proving Fabrikam’s identityFabrikam’s Exchange server contacts Contoso’s RMS server, presenting the SAML token from MFG and requesting a Use License[Build 4] Fabrikam decrypts message for indexing, search, etc. Sending organization has the option to prevent journal decryption by partner’s Exchange 2010 (all other IRM support functions enabled). [Build 5] Recipient can read/reply to protected message in OWA Recipient can also search message in OWA and Outlook (online). Note: To read/reply in Outlook, organization and partner also need to federate using Active Directory Federation Services.