Le cloud s’est très nettement imposé ces dernières années. Nous avons commencé avec BPOS pour arriver aujourd’hui à Office 365 ! Il n’y a pas que l’offre commerciale de Microsoft qui a évoluée. Il existe différents scénarios possibles pour allier environnement local et cloud. Dans cette session, découvrez les avantages de passer à l’hybride. Les sujets de provisioning, fédération d’identité, messagerie avec Exchange ou encore collaboration avec SharePoint seront abordés. On va tout vous expliquer sur les outils utilisés et les possibilités qui s’offrent à vous … L’essayer, c’est l’adopter !
4. Deployment 100% in on your premises
• Advantages :
– The level of security is chosen by the company
– The specific developments are free (Sharepoint has limit)
– Sensitive data stay in premises
– We use the internal resources : Existing investments
– We control the schedule of the updates (Simpler coexistence of the software)
• Inconveniences :
– The level of safety chosen by the company doesn't follow inevitably the Microsoft
recommendations
– The specific developments are free but sometimes heavy of consequences during migration
– The resources of internal server cannot easily adapt themselves to a punctual load
– Unavailable Yammer
– Necessary investments in the acquisition of licenses and an infrastructure
- 4 -
5. Deployment 100% in the Cloud
• Advantages :
– Level of security guaranteed by Microsoft
– Automatic and frequent upgrades
– Enterprise social network Yammer included in the offer
– Focus on the heart of business
– Evolution simplified of the load or of the number of users
– Easier collaboration with external partners
– Available on all the devices of the user (Mobility)
– Cloud service accessible everywhere
– Quick installation
• Inconveniences :
– Limited specific developments unless deployment in Azure
– Subscription to a service
– Data in the cloud
– Dependencies of connectivity and bandwidth - 5 -
7. Forefront Microsoft
Identity Manager
AD / Azure Rights
Management
Services
AD Federation
Services
Identity & Access Management (IAM)
Management of identities, their authentication,
authorization and privileges across systems
Safeguard digital information
Protects data at rest, in transit and in use
Identity Federation
Web Single Sign-On (SSO)
Microsoft Identity
Overview
8. - 8 -
Cloud Identity
Single identity in the cloud
Suitable for small organizations
with no integration to on-
premises directories
Directory Synchronization
Single identity
suitable for medium
and large organizations
without federation
Federated Identity
Single federated identity
and credentials suitable
for medium and large
organizations
Office 365 Hybrid
Identity
9. Multi-forest AD
On-Premises Identity
Ex: DomainAlice
Federation
using ADFS
AD
Azure AD connect
AD
AD
Windows Azure
Active Directory
User
Office 365 Hybrid
Identity
10. • One built-in wizard
• GA 24/06/2015
http://blogs.technet.com/b/ad/archive/2015/06/24/azure-ad-connect-
amp-connect-health-is-now-ga.aspx
1- Directory Sync
2- Azure AD Sync
3- Azure AD Connect
4- MIM (FIM)
Office 365 Hybrid
Identity - Azure AD Connect
12. Cloud Identity Directory Sync Password Sync Graph API MIM (FIM) Single Sign-On
Org size Small All All Large Large Large
Control of attributes
in directory
Least control Full control via on-
premises directory
Full control via on-
premises directory
Can control core
attributes and select
optional
Can control core
attributes and select
optional
Full control via on-
premises directory
Source of authority Cloud On-premises On-Premises Cloud On-premises On-premises
Hardware
requirements
No on-premises
hardware required
Windows Server OS
for DirSync
appliance
Windows Server OS
for DirSync
appliance
Machine to run
Powershell jobs on
Federated Identity
Manager with office
365 Connector
DirSync appliance
ADFS (or other STS)
deployment
Login experience Disjoint username,
password for on-
premises and cloud
Enter credentials
twice
Disjoint username,
password for on-
premises and cloud
Enter credentials
twice
Same username,
password for on-
premises and cloud
Enter credentials
twice
Disjoint username,
password for on-
premises and cloud
Enter credentials
twice
Disjoint username,
password for on-
premises and cloud
Enter credentials
twice
Same username,
password for on-
premises and cloud
Login once if on-
premises
1 2 3 4 5 6
Office 365 Hybrid
Identity integration options
13. - 13 -
SSO: Single sign-on
– Using the UPN
– https://login.microsoftonline.com
Office 365 & Identités
Office 365 Hybrid
Identity - User Experience
19. SharePoint Hybrid
Document Management System
local SP and Extranet in Office 365
Site Intranet Site Extranet
Document Interne Document Externe
RechercheSite Personnel
Document Personnel
OnlineOn Premises
https://technet.microsoft.com/en-us/library/dn197172(v=office.15).aspx
20. - 20 -
SharePoint Hybrid
Office 365 with OneDrive for Business
technet.microsoft.com
https://fr.pinterest.com/pin/3051189434
76848316/
23. Hybrid Search FederationHybrid Search via Common Search
Richard DiZerega
SharePoint Hybrid
Research
User experience
https://blogs.msdn.microsoft.com/richard_dizeregas_blog/2014/09/02/sharepoint-online-implementation-roadmap/
24. AD
AAD
DirSync
SP 2013 SP 2010 SP 2007 Fileshares BCS
Cloud SSA
Content processing
SPO
Search IndexItem
queue
Parsed
content
ACL mapping
1
2
34
5
6 7
Corporate
network
Office 365
Crawling and
parsing
SharePoint Hybrid
Research
MS Ignite 2015
Source: Microsoft Ignite (BRK3134) “Implementing Next Generation SharePoint Hybrid Search”
25. - 25 -
Use Azure RMS to protect sensitive data
Secure cloud due to RMS
26. What RMS improves on my secure IT project ?
DRM : Digital Rights Management VS DLP : Data Loss Prevention
Safeguard digital information
Example :
AD / Azure RMS : Active Directory Rights
Management Services
Broadest visibility and control
Example :
Digital Guardian
RMS overview
27. # The RMS connector
Windows
Azure Active
Directory
Synchronization Tool
Exchange
2010/2013
Azure RMS
Microsoft RMS
Connector
SharePoint
2010/2013
Active
Directory
RMS hybrid architecture
28. Documents and emails
protection
Data encryption
Data decryption by
authorized users
Rights :
- Read / write
- Print
- Forward
RMS template rights :
- By the user
- Automatically
Centralized security
policy
RMS workflow
29. By the user Automatically RMS integration
Use RMS template :
« read for all
employees »
User could define specific
rights
Use FCI (File
Classification
Infrastructure) to enforce
specific template that
depends to the
classification
Deploy RMS template on
MS Office or Exchange
SharePoint :
RMS template is
automatically apply
RMS rights =
SharePoint rights
RMS security model
32. Pour aller plus loin
Blog technique – section RMS disponible !
http://it-channels.com/Microsoft/rms
Ressources Microsoft en ligne :
MSDN
TECHNET
yOS
Pour aller plus loin
Blog technique – section Azure AD connect disponible !
http://www.cloud-generation.com/category/office-365/
Ressources Microsoft en ligne :
MSDN
TECHNET
yOS