O365con14 - moving from on-premises to online, the road to follow
•
1 j'aime•1,880 vues
European Office 365 Connect 2014 Presentation
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à O365con14 - moving from on-premises to online, the road to follow
Similaire à O365con14 - moving from on-premises to online, the road to follow (20)
Plus de NCCOMMS
Plus de NCCOMMS (20)
Dernier
Dernier (17)
O365con14 - moving from on-premises to online, the road to follow
- 12. ActiveDirectory.Local AzureAD.OnMicrosoft.Com But... Wait Another Minute.... Your.Domain
- 20. Service Protocol Port LDAP TCP/UDP 389 Kerberos TCP/UDP 88 DNS TCP/UDP 53 Kerberos Change Password TCP/UDP 464 RPC TCP 135 RPC randomly allocated high TCP ports TCP 1024 - 65535 49152 - 655351 SMB TCP 445 SSL TCP 443 SQL TCP 1433
- 39. Attribute Object Type MSExchArchiveStatus User MSExchBlockedSendersHash User SExchSafeRecipientsHash User MSExchSafeSendersHash User MSExchUCVoiceMailSettings User ProxyAddresses User, Contact, Group
- 57. Microsoft Online Services Logon Enabled User Object (Unlicensed) Mail-Enabled User (not Mailbox-Enabled) ProxyAddresses: SMTP: John.Doe@contoso.com smtp: John.Doe@contoso.onmicrosoft.com TargetAddress: John.Doe@contoso.com On-premises Active Directory Exchange Server DirSync Online Directory DirSync Web Service SharePoint Online Live ID Exchange Online Lync Online Sync Cycle Step 1: Import Users, Groups, and Contacts from source Active Directory forest Sync Cycle Step 2: Imports Users, Groups, and Contacts from Microsoft Online Services via AWS Sync Cycle Step 3: Export Users, Groups, and Contacts that do not already exist in Microsoft Online Services User Object Mailbox-Enabled ProxyAddresses: SMTP: John.Doe@contoso.com
- 72. Scenario Description Block all external access to Office 365 Office 365 access is allowed from all clients on the internal corporate network, but requests from external clients are denied based on the IP address of the external client. Block all external access to Office 365, except Exchange ActiveSync Office 365 access is allowed from all clients on the internal corporate network, as well as from any external client devices, such as smart phones, that make use of Exchange ActiveSync. All other external clients, such as those using Outlook, are blocked. Block all external access to Office 365, except for browser- based applications such as Outlook Web Access or SharePoint Online Blocks external access to Office 365, except for passive (browser-based) applications such as Outlook Web Access or SharePoint Online. Block all external access to Office 365 for members of designated Active Directory groups This scenario is used for testing and validating client access policy deployment. It blocks external access to Office 365 only for members of one or more Active Directory group. It can also be used to provide external access only to members of a group.
- 74. AD FS AD FS AD FS Proxy AD FS Proxy Active Directory Directory Synchronization
- 75. DATA CENTER 1 AD FS AD FS Proxy Directory synchronization Active Directory AD FS VPNTunnel VPN VPN Active Directory
- 76. VPNTunnel VPN AD FS Proxy AD FS Proxy Active Directory Directory Synchronization AD FS AD FS Proxy Directory synchronization Active DIrectoryVPN AD FS AD FS AD FS
- 77. Cloud identity Single identity in the cloud Suitable for small organizations with no integration to on- premises directories Cloud identity with directory synchronization Single identity suitable for medium and large organizations without federation* Federated identity Single federated identity and credentials suitable for medium and large organizations
- 78. Federation options Suitable for educational organizations j Recommended where customers may use existing non-ADFS Identity systems Single sign-on Secure token based authentication Support for web clients and outlook only Microsoft supported for integration only, no shibboleth deployment support Requires on-premises servers & support Works with AD and other directories on-premises Shibboleth Works with AD & Non-AD Suitable for medium, large enterprises including educational organizations Recommended option for Active Directory (AD) based customers Single sign-on Secure token based authentication Support for web and rich clients Microsoft supported Works for Office 365 Hybrid Scenarios Requires on-premises servers, licenses & support Works with AD Suitable for medium, large enterprises including educational organizations Recommended where customers may use existing non-ADFS Identity systems with AD or Non-AD Single sign-on Secure token based authentication Support for web and rich clients Third-party supported Requires on-premises servers, licenses & support Verified through ‘works with Office 365’ program Works for Office 365 Hybrid Scenarios Works with AD & Non-AD
- 79. What is it? • Qualification of third party identity providers for federation with Office 365. Microsoft supports Office 365 only when qualified third party identity providers are used. Program Update Jan 2014: • Published Qualification Requirements • Published Technical Integration Docs • Automated Testing Tool • Self Testing work by Partner • Predictable and Shorter Qualification WS-Trust & WS-Federation WS-Federation SAML Active Directory with ADFS Customer Benefits • Flexibility to reuse existing identity provider investments • Confidence that the solution is qualified by Microsoft • Coordinated support between the partner and Microsoft
- 85. Two or more of the following factors: Types of multi-factor authentication: Hardware OTP Tokens Certificates Smart Cards Phone-Based Authentication: Phone Call, Text Message, and Push Software OTP Tokens Multiple factors are required for sign-In Familiar to consumer cloud service users such as the Microsoft Account Simple block to password compromise from another country Addresses regulatory compliance and high risk user scenarios AKA two-factor, 2FA, MFA, strong authentication
- 86. Powered by PhoneFactor, acquired by Microsoft in 2012 Trusted by thousands of enterprises to authenticate employee, customer, and partner access Secures applications and identities in the cloud and on-premises
- 87. App Passwords
- 89. Multi-Factor Authentication for Office 365 Windows Azure Multi- Factor Authentication Administrators can Enable/Enforce MFA to end-users Yes Yes Use Mobile app (online and OTP) as second authentication factor Yes Yes Use Phone call as second authentication factor Yes Yes Use SMS as second authentication factor Yes Yes App passwords for non-browser clients (e.g. Outlook, Lync) Yes Yes Default Microsoft greetings during authentication phone calls Yes Yes Custom greetings during authentication phone calls Yes Fraud alert Yes Event Confirmation Yes Security Reports Yes Block/Unblock Users Yes One-Time Bypass Yes Customizable caller ID for authentication phone calls Yes MFA Server - MFA for on-premises applications Yes MFA SDK – MFA for custom apps Yes
- 99. http://office.microsoft.com/en-001/sharepoint- server-help/what-is-skydrive-pro-HA102822076.aspx
- 107. Ilse Van Criekinge Technology Advisor Business Productivity @ivcrieki, ilvancri@microsoft.com