SlideShare une entreprise Scribd logo

Identity and Authentication in Office 2013 and Office 365 from Microsoft

David J Rosenthal
David J Rosenthal
Technologie
1  sur  1
Télécharger pour lire hors ligne
Identity and Authentication in the cloud: Office 2013 and Office 365 For IT Pros and end users © 2013 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at feedork@microsoft.com. Scenario 1: All in the Microsoft cloud You are in charge. If yours is a smaller business, use Microsoft s cloud Identity Services to establish, manage, and authenticate your users. User accounts are cloud-managed by using a web portal and Windows Azure Active Directory in the Microsoft cloud. No servers are required. Microsoft manages all that for you. When identity and authentication are handled completely in the cloud without affinity to any on-premises Active Directory store, IT admins can still provision or de-provision IDs and user access to services through the portal or PowerShell cmdlets. Authentication is user centered—not computer centered In this new environment, users sign in to the Office 365 client by using one of these identities:  Their business, organization, or school ID. There are two flavors: An ID that your org assigned to users. This is for Office use, where Microsoft hosted enterprise and smaller organization user IDs are stored in the cloud. These identities are separate from on-premises identities, and are directly managed in the cloud. A federated, user ID. Also for Office use, where enterprise user IDs are stored and managed on premises. For businesses or organizations using Active Directory.  Microsoft Account (formerly known as a Windows Live ID). A Microsoft account is the combination of an email address and a password used to sign in to services like Hotmail, Skype, SkyDrive Pro, Windows Phone, Xbox LIVE, or Outlook.com. Typically, users use this identity to sign in to Office for non-business purposes. At work, users authenticate with their Microsoft- managed or federated ID... At play, with their Microsoft account... Or both, 24/7, because their work and play worlds converge. We ve made a fundamental shift from an Office that only knows about an individual on a single device, to an Office that knows about an individual across all of his or her devices and services. This shift enables content, resources, most-recently-used lists, settings, links to communities, and personalization to roam seamlessly with users as they move from desktop, to tablet, to smartphone, or to a shared or public computer. For the IT admin, user audit trails and compliance are also separated by identity. 1 2 3 4 IT Pros connect to the web access Office 365 Administration Center in the Microsoft cloud. They request new or manage existing organization IDs. These requests are passed on to your Windows Azure Active Directory. New IDs and changes to existing IDs are reflected back to the Office 365 Administration Center. If this is a change request, the change is made and reflected back to the Office 365 Administration Center. If this is a new ID request, a request for a new ID is issued to the ID provisioning platform. ADFS Office 365 Administration Center Windows Azure Active Directory 1 2 1 2 3 After you ve provisioned a user (see the diagram above), they sign in to Office using one of the following identities: Their request is tested and then granted and the Office applications are streamed to their device and ready to use. Their SkyDrive Pro saved documents associated with that identity are available to view, edit, and save back either locally to their device or back to SkyDrive Pro. Office 365 Administration Center ID Provisioning (through Windows Azure Active Directory Sync tool) Windows Azure Active Directory (cloud hosted Rights Management Service) 1 3 4 2 Active Directory Federated Server Admin computer 5 6 6 7 Active Directory (on premises rights management server) 3 IT Pro After you ve set up users in the Office 365 Administration Center in the Microsoft cloud, they can sign in from any device. And Office Pro Plus can be installed on up to five of their devices.  their work identity (for example, mike@contoso.onmicrosoft.com or mike@contoso.com)  their personal (for example, mike@outlook.com)  their organization (for example, mike@charity.org) Microsoft figures out where they want to authenticate and which files and Office settings they want to use depending on the identity they have chosen. That identity is associated with a Windows Azure Active Directory, and their email identity and associated password are passed to the correct Windows Azure Active Directory server for authentication. End user 1 and where he uses Office applications Scenario 2: Hybrid cloud and on-premises 1 2 3 The Microsoft cloud Windows Azure Active Directory Sync tool keeps your on-premises and in-the-cloud corporate user identities synchronized. 1 Install the Windows Azure Active Directory Sync tool. This tool helps to keep Windows Azure Active Directory up to date with the latest changes you make in your on-premises directory. 76 54 Create new users in your on-premises Active Directory. The Windows Azure Active Directory Sync tool will periodically check your on-premises AD server for any new identities you have created. Then it provisions these identities into Windows Azure Active Directory, links the on-premises and cloud identities to one another, and makes them visible to you through the Office 365 Administration Center. As changes are made to the identity in the on-premises AD, those changes are synchronized up to the Windows Azure Active Directory and made available to you through the Office 365 Administration Center. If your users include federated users, those users log in with your Active Directory Federated Server (ADFS). ADFS generates a security token and that token is passed to Windows Azure Active Directory. The token is verified and validated and the users is then authorized for Office 365. 32 For the end user, the authentication experience is the same—whether they are behind your corporate firewall, or at a coffee shop, home, or a hotel on the other side of the planet. They don't need to care where their request goes—it all just works— always, and wherever they are. 3 If users are behind the corporate firewall and have already logged into their corporate network, when they try to access Office 365, they don t need to log in again! The user is silently re- authenticated by Active Directory Federated Services (ADFS). After re-authentication, they are able to use Office applications and access their local or SkyDrive Office documents. Roaming users signing in from outside of the corporate firewall will be prompted by ADFS for their corporate credentials. ADFS then authenticates these credentials against the on-premises AD. Their sign in information goes directory to your company s Windows Azure Active Directory service in the Microsoft cloud. 1 2 2 3 3 3 The IT Pro identity provisioning experience ...and the end user authentication experience The IT Pro identity provisioning experience ...and the end user authentication experience Windows Azure Active Directory On premises Active Directory 4 You already know the on premises story On premises is what you have done, day in and day out, 24/7, since your beeper days. What about the new world of cloud and hybrid? —and— 1 2

Recommandé

Windows Server 2012 R2 Jump Start - AIP
Windows Server 2012 R2 Jump Start - AIPWindows Server 2012 R2 Jump Start - AIP
Windows Server 2012 R2 Jump Start - AIP
Paulo Freitas
 
SharePoint Conference 2018 - Understanding Office 365 Usage Reporting
SharePoint Conference 2018 - Understanding Office 365 Usage ReportingSharePoint Conference 2018 - Understanding Office 365 Usage Reporting
SharePoint Conference 2018 - Understanding Office 365 Usage Reporting
Scott Hoag
 
MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)
Luís Serra Libório
 
BlackBerry Workspaces: Authentication and Identity Connectors
BlackBerry Workspaces: Authentication and Identity ConnectorsBlackBerry Workspaces: Authentication and Identity Connectors
BlackBerry Workspaces: Authentication and Identity Connectors
BlackBerry
 
Windows Server 2012 Active Directory Rights Management Services
Windows Server 2012 Active Directory Rights Management ServicesWindows Server 2012 Active Directory Rights Management Services
Windows Server 2012 Active Directory Rights Management Services
Serhad MAKBULOĞLU, MBA
 
MS365 Dev Bootcamp Montreal 2019 - Microsoft graph introduction
MS365 Dev Bootcamp Montreal 2019 - Microsoft graph introductionMS365 Dev Bootcamp Montreal 2019 - Microsoft graph introduction
MS365 Dev Bootcamp Montreal 2019 - Microsoft graph introduction
Vincent Biret
 
sharepoint.microsoft.com
sharepoint.microsoft.comsharepoint.microsoft.com
sharepoint.microsoft.com
webhostingguy
 
Writing Code To Interact With Enterprise Search
Writing Code To Interact With Enterprise SearchWriting Code To Interact With Enterprise Search
Writing Code To Interact With Enterprise Search
Corey Roth
 

Recommandé

Windows Server 2012 R2 Jump Start - AIP
Windows Server 2012 R2 Jump Start - AIPWindows Server 2012 R2 Jump Start - AIP
Windows Server 2012 R2 Jump Start - AIP
Paulo Freitas
 
SharePoint Conference 2018 - Understanding Office 365 Usage Reporting
SharePoint Conference 2018 - Understanding Office 365 Usage ReportingSharePoint Conference 2018 - Understanding Office 365 Usage Reporting
SharePoint Conference 2018 - Understanding Office 365 Usage Reporting
Scott Hoag
 
MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)
Luís Serra Libório
 
BlackBerry Workspaces: Authentication and Identity Connectors
BlackBerry Workspaces: Authentication and Identity ConnectorsBlackBerry Workspaces: Authentication and Identity Connectors
BlackBerry Workspaces: Authentication and Identity Connectors
BlackBerry
 
Windows Server 2012 Active Directory Rights Management Services
Windows Server 2012 Active Directory Rights Management ServicesWindows Server 2012 Active Directory Rights Management Services
Windows Server 2012 Active Directory Rights Management Services
Serhad MAKBULOĞLU, MBA
 
MS365 Dev Bootcamp Montreal 2019 - Microsoft graph introduction
MS365 Dev Bootcamp Montreal 2019 - Microsoft graph introductionMS365 Dev Bootcamp Montreal 2019 - Microsoft graph introduction
MS365 Dev Bootcamp Montreal 2019 - Microsoft graph introduction
Vincent Biret
 
sharepoint.microsoft.com
sharepoint.microsoft.comsharepoint.microsoft.com
sharepoint.microsoft.com
webhostingguy
 
Writing Code To Interact With Enterprise Search
Writing Code To Interact With Enterprise SearchWriting Code To Interact With Enterprise Search
Writing Code To Interact With Enterprise Search
Corey Roth
 
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEDEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
cscpconf
 
SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivity SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivity
Diana Carolina Torres Viasus
 
Paperless office
Paperless officePaperless office
Paperless office
LogicalDOC
 
What's New in Microsoft Rights Management Services
What's New in Microsoft Rights Management ServicesWhat's New in Microsoft Rights Management Services
What's New in Microsoft Rights Management Services
UL Transaction Security
 
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conferenceSIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
Richard Tong
 
Multi Tenancy
Multi TenancyMulti Tenancy
Multi Tenancy
LogicalDOC
 
Microsoft Azure Overview
Microsoft Azure OverviewMicrosoft Azure Overview
Microsoft Azure Overview
David J Rosenthal
 
Okta: "Businesses at work march 2016"
Okta: "Businesses at work march 2016"Okta: "Businesses at work march 2016"
Okta: "Businesses at work march 2016"
iGlobe
 
Share point 2010
Share point 2010Share point 2010
Share point 2010
Humayun Rashed
 
IDM Reconciliation
IDM ReconciliationIDM Reconciliation
IDM Reconciliation
Aidy Tificate
 
Okta docs
Okta docsOkta docs
Okta docs
Sam Bauch
 
Building Solutions With Business Connectivity Services
Building Solutions With Business Connectivity ServicesBuilding Solutions With Business Connectivity Services
Building Solutions With Business Connectivity Services
Chakkaradeep Chandran
 
Active directory-from-on-premises-to-the-cloud
Active directory-from-on-premises-to-the-cloudActive directory-from-on-premises-to-the-cloud
Active directory-from-on-premises-to-the-cloud
David J Rosenthal
 
PROACTEYE IDENTITY MANAGEMENT
PROACTEYE IDENTITY MANAGEMENTPROACTEYE IDENTITY MANAGEMENT
PROACTEYE IDENTITY MANAGEMENT
hardik soni
 
M365 launch event introduction - 090518
M365 launch event introduction - 090518M365 launch event introduction - 090518
M365 launch event introduction - 090518
Jonathan Stuckey
 
Introducing Windows Azure
Introducing Windows AzureIntroducing Windows Azure
Introducing Windows Azure
Ismail Muhammad
 
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
Jürgen Ambrosi
 
Identity Management
Identity ManagementIdentity Management
Identity Management
rver21
 
LTS Secure Identity Management
LTS Secure Identity ManagementLTS Secure Identity Management
LTS Secure Identity Management
rver21
 
Tesis enfasis 4
Tesis enfasis 4Tesis enfasis 4
Tesis enfasis 4
Didi Castillo
 
03 existing conditions civ 01
03 existing conditions civ 0103 existing conditions civ 01
03 existing conditions civ 01
MsplcdYkee69
 
El texto
El textoEl texto
El texto
Alexis Correas
 

Contenu connexe

Tendances

DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEDEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
cscpconf
 
Microsoft Azure Overview
Microsoft Azure OverviewMicrosoft Azure Overview
Microsoft Azure Overview
David J Rosenthal
 
Active directory-from-on-premises-to-the-cloud
Active directory-from-on-premises-to-the-cloudActive directory-from-on-premises-to-the-cloud
Active directory-from-on-premises-to-the-cloud
David J Rosenthal
 

Tendances (19)

DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEDEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
 
SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivity SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivity
 
Paperless office
Paperless officePaperless office
Paperless office
 
What's New in Microsoft Rights Management Services
What's New in Microsoft Rights Management ServicesWhat's New in Microsoft Rights Management Services
What's New in Microsoft Rights Management Services
 
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conferenceSIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
 
Multi Tenancy
Multi TenancyMulti Tenancy
Multi Tenancy
 
Microsoft Azure Overview
Microsoft Azure OverviewMicrosoft Azure Overview
Microsoft Azure Overview
 
Okta: "Businesses at work march 2016"
Okta: "Businesses at work march 2016"Okta: "Businesses at work march 2016"
Okta: "Businesses at work march 2016"
 
Share point 2010
Share point 2010Share point 2010
Share point 2010
 
IDM Reconciliation
IDM ReconciliationIDM Reconciliation
IDM Reconciliation
 
Okta docs
Okta docsOkta docs
Okta docs
 
Building Solutions With Business Connectivity Services
Building Solutions With Business Connectivity ServicesBuilding Solutions With Business Connectivity Services
Building Solutions With Business Connectivity Services
 
Active directory-from-on-premises-to-the-cloud
Active directory-from-on-premises-to-the-cloudActive directory-from-on-premises-to-the-cloud
Active directory-from-on-premises-to-the-cloud
 
PROACTEYE IDENTITY MANAGEMENT
PROACTEYE IDENTITY MANAGEMENTPROACTEYE IDENTITY MANAGEMENT
PROACTEYE IDENTITY MANAGEMENT
 
M365 launch event introduction - 090518
M365 launch event introduction - 090518M365 launch event introduction - 090518
M365 launch event introduction - 090518
 
Introducing Windows Azure
Introducing Windows AzureIntroducing Windows Azure
Introducing Windows Azure
 
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
 
Identity Management
Identity ManagementIdentity Management
Identity Management
 
LTS Secure Identity Management
LTS Secure Identity ManagementLTS Secure Identity Management
LTS Secure Identity Management
 

En vedette

03 existing conditions civ 01
03 existing conditions civ 0103 existing conditions civ 01
03 existing conditions civ 01
MsplcdYkee69
 
Выписка из реестра про UTT
Выписка из реестра про UTTВыписка из реестра про UTT
Выписка из реестра про UTT
nrtb
 
Visita Técnica 5
Visita Técnica 5Visita Técnica 5
Visita Técnica 5
auspin
 
Монастырь святого апостола Симона Кананита. Фотоальбом
Монастырь святого апостола Симона Кананита. Фотоальбом Монастырь святого апостола Симона Кананита. Фотоальбом
Монастырь святого апостола Симона Кананита. Фотоальбом
anyhaorg
 
Lijepo je danas bit zena, cvrsta i
Lijepo je danas bit zena, cvrsta iLijepo je danas bit zena, cvrsta i
Lijepo je danas bit zena, cvrsta i
Suzana Tesanovic
 
лондон1
лондон1лондон1
лондон1
swxdec
 
Edad de piedra (paleolitico)
Edad de piedra (paleolitico)Edad de piedra (paleolitico)
Edad de piedra (paleolitico)
Leiidy Toonguiino
 

En vedette (20)

Tesis enfasis 4
Tesis enfasis 4Tesis enfasis 4
Tesis enfasis 4
 
03 existing conditions civ 01
03 existing conditions civ 0103 existing conditions civ 01
03 existing conditions civ 01
 
El texto
El textoEl texto
El texto
 
ประวัตืส่วนตัว(จริงๆๆนะ)
ประวัตืส่วนตัว(จริงๆๆนะ)ประวัตืส่วนตัว(จริงๆๆนะ)
ประวัตืส่วนตัว(จริงๆๆนะ)
 
Dillard University Template Office Hours
Dillard University Template Office HoursDillard University Template Office Hours
Dillard University Template Office Hours
 
Выписка из реестра про UTT
Выписка из реестра про UTTВыписка из реестра про UTT
Выписка из реестра про UTT
 
Visita Técnica 5
Visita Técnica 5Visita Técnica 5
Visita Técnica 5
 
Capelinha dos milagres
Capelinha dos milagresCapelinha dos milagres
Capelinha dos milagres
 
Windows 8
Windows 8Windows 8
Windows 8
 
Монастырь святого апостола Симона Кананита. Фотоальбом
Монастырь святого апостола Симона Кананита. Фотоальбом Монастырь святого апостола Симона Кананита. Фотоальбом
Монастырь святого апостола Симона Кананита. Фотоальбом
 
A um passo da felicidade
A um passo da felicidadeA um passo da felicidade
A um passo da felicidade
 
复活节文字Doc
复活节文字Doc复活节文字Doc
复活节文字Doc
 
Avanzada regia
Avanzada regiaAvanzada regia
Avanzada regia
 
Vinayaka Chaturthi or Ganesha Chaturthi
Vinayaka Chaturthi or Ganesha ChaturthiVinayaka Chaturthi or Ganesha Chaturthi
Vinayaka Chaturthi or Ganesha Chaturthi
 
Lijepo je danas bit zena, cvrsta i
Lijepo je danas bit zena, cvrsta iLijepo je danas bit zena, cvrsta i
Lijepo je danas bit zena, cvrsta i
 
Londres
LondresLondres
Londres
 
24 games-150312
24 games-15031224 games-150312
24 games-150312
 
лондон1
лондон1лондон1
лондон1
 
конференция о спорте
конференция о спорте конференция о спорте
конференция о спорте
 
Edad de piedra (paleolitico)
Edad de piedra (paleolitico)Edad de piedra (paleolitico)
Edad de piedra (paleolitico)
 

Similaire à Identity and Authentication in Office 2013 and Office 365 from Microsoft

Okta Directory Integration for Microsoft Office365 - from Atidan
Okta Directory Integration for Microsoft Office365 - from AtidanOkta Directory Integration for Microsoft Office365 - from Atidan
Okta Directory Integration for Microsoft Office365 - from Atidan
David J Rosenthal
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory Proposal
MJ Ferdous
 

Similaire à Identity and Authentication in Office 2013 and Office 365 from Microsoft (20)

AzureAAD
AzureAADAzureAAD
AzureAAD
 
Ms cloud identity and access infographic 2015
Ms cloud identity and access infographic 2015Ms cloud identity and access infographic 2015
Ms cloud identity and access infographic 2015
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active Directory
 
Connect to the Microsoft Cloud
Connect to the Microsoft CloudConnect to the Microsoft Cloud
Connect to the Microsoft Cloud
 
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
 
Okta Directory Integration for Microsoft Office365 - from Atidan
Okta Directory Integration for Microsoft Office365 - from AtidanOkta Directory Integration for Microsoft Office365 - from Atidan
Okta Directory Integration for Microsoft Office365 - from Atidan
 
SSO to Office365 using Active Directory Credentials
SSO to Office365 using Active Directory CredentialsSSO to Office365 using Active Directory Credentials
SSO to Office365 using Active Directory Credentials
 
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory Proposal
 
JoTechies - Cloud identity
JoTechies - Cloud identityJoTechies - Cloud identity
JoTechies - Cloud identity
 
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
 
Microsoft Cloud Identity and Access Management Poster - Atidan
Microsoft Cloud Identity and Access Management Poster - AtidanMicrosoft Cloud Identity and Access Management Poster - Atidan
Microsoft Cloud Identity and Access Management Poster - Atidan
 
SYDSP - Office 365 and Cloud Identity - What does it mean for me?
SYDSP - Office 365 and Cloud Identity - What does it mean for me?SYDSP - Office 365 and Cloud Identity - What does it mean for me?
SYDSP - Office 365 and Cloud Identity - What does it mean for me?
 
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
 
What is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy itWhat is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy it
 
Slim omgaan met uw mobiele devices - EM+S
Slim omgaan met uw mobiele devices - EM+SSlim omgaan met uw mobiele devices - EM+S
Slim omgaan met uw mobiele devices - EM+S
 
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - Ajay
 
Cloud Identity and Access Management
Cloud Identity and Access ManagementCloud Identity and Access Management
Cloud Identity and Access Management
 
What small businesses need to know about Azure AD premium
What small businesses need to know about Azure AD premiumWhat small businesses need to know about Azure AD premium
What small businesses need to know about Azure AD premium
 

Plus de David J Rosenthal

Microsoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleMicrosoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made Simple
David J Rosenthal
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chain
David J Rosenthal
 
Microsoft Viva Introduction
Microsoft Viva IntroductionMicrosoft Viva Introduction
Microsoft Viva Introduction
David J Rosenthal
 
Microsoft Viva Learning
Microsoft Viva LearningMicrosoft Viva Learning
Microsoft Viva Learning
David J Rosenthal
 
Microsoft Viva Topics
Microsoft Viva TopicsMicrosoft Viva Topics
Microsoft Viva Topics
David J Rosenthal
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
David J Rosenthal
 
Windows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldWindows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid World
David J Rosenthal
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the Enterprise
David J Rosenthal
 
Microsoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantMicrosoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital Assistant
David J Rosenthal
 
What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021
David J Rosenthal
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft Azure
David J Rosenthal
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
David J Rosenthal
 
Nintex Worflow Overview
Nintex Worflow OverviewNintex Worflow Overview
Nintex Worflow Overview
David J Rosenthal
 

Plus de David J Rosenthal (20)

Microsoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleMicrosoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made Simple
 
Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021
 
Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021
 
Viva Connections from Microsoft
Viva Connections from MicrosoftViva Connections from Microsoft
Viva Connections from Microsoft
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chain
 
Microsoft Viva Introduction
Microsoft Viva IntroductionMicrosoft Viva Introduction
Microsoft Viva Introduction
 
Microsoft Viva Learning
Microsoft Viva LearningMicrosoft Viva Learning
Microsoft Viva Learning
 
Microsoft Viva Topics
Microsoft Viva TopicsMicrosoft Viva Topics
Microsoft Viva Topics
 
A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 Overview
 
Windows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldWindows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid World
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the Enterprise
 
Microsoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantMicrosoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital Assistant
 
What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft Azure
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
 
Nintex Worflow Overview
Nintex Worflow OverviewNintex Worflow Overview
Nintex Worflow Overview
 
Microsoft Power BI Overview
Microsoft Power BI OverviewMicrosoft Power BI Overview
Microsoft Power BI Overview
 

Dernier

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 

Dernier (20)

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 

Identity and Authentication in Office 2013 and Office 365 from Microsoft

  • 1. Identity and Authentication in the cloud: Office 2013 and Office 365 For IT Pros and end users © 2013 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at feedork@microsoft.com. Scenario 1: All in the Microsoft cloud You are in charge. If yours is a smaller business, use Microsoft s cloud Identity Services to establish, manage, and authenticate your users. User accounts are cloud-managed by using a web portal and Windows Azure Active Directory in the Microsoft cloud. No servers are required. Microsoft manages all that for you. When identity and authentication are handled completely in the cloud without affinity to any on-premises Active Directory store, IT admins can still provision or de-provision IDs and user access to services through the portal or PowerShell cmdlets. Authentication is user centered—not computer centered In this new environment, users sign in to the Office 365 client by using one of these identities:  Their business, organization, or school ID. There are two flavors: An ID that your org assigned to users. This is for Office use, where Microsoft hosted enterprise and smaller organization user IDs are stored in the cloud. These identities are separate from on-premises identities, and are directly managed in the cloud. A federated, user ID. Also for Office use, where enterprise user IDs are stored and managed on premises. For businesses or organizations using Active Directory.  Microsoft Account (formerly known as a Windows Live ID). A Microsoft account is the combination of an email address and a password used to sign in to services like Hotmail, Skype, SkyDrive Pro, Windows Phone, Xbox LIVE, or Outlook.com. Typically, users use this identity to sign in to Office for non-business purposes. At work, users authenticate with their Microsoft- managed or federated ID... At play, with their Microsoft account... Or both, 24/7, because their work and play worlds converge. We ve made a fundamental shift from an Office that only knows about an individual on a single device, to an Office that knows about an individual across all of his or her devices and services. This shift enables content, resources, most-recently-used lists, settings, links to communities, and personalization to roam seamlessly with users as they move from desktop, to tablet, to smartphone, or to a shared or public computer. For the IT admin, user audit trails and compliance are also separated by identity. 1 2 3 4 IT Pros connect to the web access Office 365 Administration Center in the Microsoft cloud. They request new or manage existing organization IDs. These requests are passed on to your Windows Azure Active Directory. New IDs and changes to existing IDs are reflected back to the Office 365 Administration Center. If this is a change request, the change is made and reflected back to the Office 365 Administration Center. If this is a new ID request, a request for a new ID is issued to the ID provisioning platform. ADFS Office 365 Administration Center Windows Azure Active Directory 1 2 1 2 3 After you ve provisioned a user (see the diagram above), they sign in to Office using one of the following identities: Their request is tested and then granted and the Office applications are streamed to their device and ready to use. Their SkyDrive Pro saved documents associated with that identity are available to view, edit, and save back either locally to their device or back to SkyDrive Pro. Office 365 Administration Center ID Provisioning (through Windows Azure Active Directory Sync tool) Windows Azure Active Directory (cloud hosted Rights Management Service) 1 3 4 2 Active Directory Federated Server Admin computer 5 6 6 7 Active Directory (on premises rights management server) 3 IT Pro After you ve set up users in the Office 365 Administration Center in the Microsoft cloud, they can sign in from any device. And Office Pro Plus can be installed on up to five of their devices.  their work identity (for example, mike@contoso.onmicrosoft.com or mike@contoso.com)  their personal (for example, mike@outlook.com)  their organization (for example, mike@charity.org) Microsoft figures out where they want to authenticate and which files and Office settings they want to use depending on the identity they have chosen. That identity is associated with a Windows Azure Active Directory, and their email identity and associated password are passed to the correct Windows Azure Active Directory server for authentication. End user 1 and where he uses Office applications Scenario 2: Hybrid cloud and on-premises 1 2 3 The Microsoft cloud Windows Azure Active Directory Sync tool keeps your on-premises and in-the-cloud corporate user identities synchronized. 1 Install the Windows Azure Active Directory Sync tool. This tool helps to keep Windows Azure Active Directory up to date with the latest changes you make in your on-premises directory. 76 54 Create new users in your on-premises Active Directory. The Windows Azure Active Directory Sync tool will periodically check your on-premises AD server for any new identities you have created. Then it provisions these identities into Windows Azure Active Directory, links the on-premises and cloud identities to one another, and makes them visible to you through the Office 365 Administration Center. As changes are made to the identity in the on-premises AD, those changes are synchronized up to the Windows Azure Active Directory and made available to you through the Office 365 Administration Center. If your users include federated users, those users log in with your Active Directory Federated Server (ADFS). ADFS generates a security token and that token is passed to Windows Azure Active Directory. The token is verified and validated and the users is then authorized for Office 365. 32 For the end user, the authentication experience is the same—whether they are behind your corporate firewall, or at a coffee shop, home, or a hotel on the other side of the planet. They don't need to care where their request goes—it all just works— always, and wherever they are. 3 If users are behind the corporate firewall and have already logged into their corporate network, when they try to access Office 365, they don t need to log in again! The user is silently re- authenticated by Active Directory Federated Services (ADFS). After re-authentication, they are able to use Office applications and access their local or SkyDrive Office documents. Roaming users signing in from outside of the corporate firewall will be prompted by ADFS for their corporate credentials. ADFS then authenticates these credentials against the on-premises AD. Their sign in information goes directory to your company s Windows Azure Active Directory service in the Microsoft cloud. 1 2 2 3 3 3 The IT Pro identity provisioning experience ...and the end user authentication experience The IT Pro identity provisioning experience ...and the end user authentication experience Windows Azure Active Directory On premises Active Directory 4 You already know the on premises story On premises is what you have done, day in and day out, 24/7, since your beeper days. What about the new world of cloud and hybrid? —and— 1 2