Choosing an Identity model for Office 365

Posted on

The following identity models are support in Office 365 and depend on our requirement these models will be used,

  1. Office 365 Cloud Identity
  2. Office 365 Synchronized Identity
  3. Office 365 Federated Identity

choosesignin_01

Overview

Office 365 Cloud Identity: If you are new starter to Office 365 and you don’t have requirements to use your on-premises Active Directory identity store, then this model is right for you .In this model a user is created and managed in Office 365 and stored in Azure Active Directory, and the password is verified by Azure Active Directory. Azure Active Directory is the cloud directory that is used by Office 365. There is no equivalent user account on-premises, and there is nothing that needs to be configured to use this other than to create users in the Office 365 admin center.

Office 365 Synchronized Identity: In this model the user identity is managed in an on-premises server and the accounts and password hashes are synchronized to the cloud. The user enters the same password on-premises as they do in the cloud, and at sign-in the password is verified by Azure Active Directory. This model uses the Microsoft Azure Active Directory Sync Tool (DirSync).

Note: Most of the organisation has restriction on storing the password in cloud/ external store. If you these restriction use/implement the Office 365 Federated Identity.

Office 365 Federated Identity: This model requires a synchronized identity but with one change to that model: the user password is verified by the on-premises identity provider. This means that the password hash does not need to be synchronized to Azure Active Directory. This model uses Active Directory Federation Services (AD FS) or a third- party identity provider.

When to choose the Cloud Identity model

Choosing cloud-managed identities enables you to implement the simplest identity model, because there is no on-premises identity configuration to do. All you have to do is enter and maintain your users in the Office 365 admin center. This is likely to work for you if you have no other on-premises user directory, and I have seen organizations of up to 200 users work using this model.

You may also choose the Cloud Identity model if you have a very complex on-premises directory and simply want to avoid the work to integrate with it. These complexities may include a long-term directory restructuring project or complex governance in the directory. If you have an existing on-premises directory, but you want to run a trial or pilot of Office 365, then the Cloud Identity model is a good choice, because we can match users when you want to connect to your on-premises directory.

It is most common for organizations with an existing on-premises directory to want to sync that directory to the cloud rather than maintaining the user directory both on-premises and in Office 365. In that case, either password synchronization or federated sign-in are likely to be better options, because you perform user management only on-premises.

To sum up, you would choose the Cloud Identity model if you have no on-premises directory, if you have a very small number of users, if your on-premises directory is undergoing significant restructuring, or if you are trialing or piloting Office 365.

When to use the Synchronized Identity model

The Synchronized Identity model is also very simple to configure. It requires you to have an on-premises directory to synchronize from, and it requires you to install the DirSync tool and run a few other consistency checks on your on-premises directory. This is described in my recent blog post Synchronizing your directory with Office 365 is easy. Before June 2013 this model did not include password synchronization and users provisioned using synchronized identity had to create new cloud passwords for Office 365. This was a strong reason for many customers to implement the Federated Identity model. Now that password synchronization is available, the Synchronized Identity model is suitable for many customers who have an on-premises directory to synchronize with and their users will have the same password on-premises and in the cloud.

In addition to leading with the simplest solution, we recommend that the choice of whether to use password synchronization or identity federation should be based on whether you need any of the advanced scenarios that require federation. I’ll talk about those advanced scenarios next. However if you don’t need advanced scenarios, you should just go with password synchronization. You can also use the Synchronized Identity model when you ultimately want federated identity, but you are running a pilot of Office 365 or for some other reason you aren’t ready to dedicate time to deploying the AD FS servers yet.

To sum up, you would choose the Synchronized Identity model if you have an on-premises directory and you don’t need any of the specific scenarios that are provided for by the Federated Identity model.

When to use the Federated Identity model

As mentioned earlier, many organizations deploy the Federated Identity model just so that their users can have the same password on-premises and in the cloud. With the addition of password hash synchronization to the Synchronized Identity model in July 2013, fewer customers are choosing to deploy the Federated Identity model, because it’s more complex and requires more network and server infrastructure to be deployed.

All of the configuration for the Synchronized Identity model is required for the Federated Identity model. Because of this, we recommend configuring synchronized identity first so that you can get started with Office 365 quickly and then adding federated identity later.

The following scenarios are good candidates for implementing the Federated Identity model. If none of these apply to your organization, consider the simpler Synchronized Identity model with password synchronization.

Advertisements

Building SharePoint Farm in Azure using Template for Dev & Test

Posted on

The Microsoft Azure Preview Portal automatically creates a pre-configured SharePoint Server 2013 farm for us. This can save you a lot of time when we need a basic or high-availability SharePoint farm for a development and testing environment.

The basic SharePoint farm consists of three virtual machines in this configuration.

Small_SPFarm

We can use this farm configuration for a simplified setup for SharePoint app development or first-time evaluation of SharePoint 2013.

The high-availability SharePoint farm consists of nine virtual machines in this configuration.

Medium_SPFarm

We can use this farm configuration to test higher client loads, high availability of the external SharePoint site, and SQL Server AlwaysOn for a SharePoint farm. We can also use this configuration for SharePoint app development in a high-availability environment.

Microsoft Azure Preview Portal:

PortalPre

SharePoint Online (SPO) Migration PowerShell Cmdlets public preview

Posted on Updated on

The Long waited utility for migrating On-Premises File Share or On-Premises SharePoint server site to Office 365 SharePoint Online is release recently from Microsoft.

This utility/API is PowerShell cmdlets and its called “SharePoint Online (SPO) Migration PowerShell Cmdlets”.

SharePoint Online (SPO) Migration PowerShell Cmdlets public preview is a new API dedicated to migrating data from on-premises file shares to Office 365. To join this preview go to SPO Migration Preview.

SPO Migration PowerShell cmdlets are designed to move on-premises content from file shares and SharePoint Server libraries and One Drive to SharePoint Online and OneDrive for Business. Requiring minimal CSOM calls, it leverages Azure temporary BLOB storage to scale to the demand of large migration of data content.

The detailed information can be found here,

https://technet.microsoft.com/en-us/library/mt203923.aspx

Azure Infrastructure Services Implementation Guidelines

Posted on Updated on

Azure is an excellent platform to implement dev/test or proof-of-concept configurations, since it requires very little investment to test a particular approach to an implementation of your solutions. However, you must be able to distinguish the easy practices for a dev/test or proof-of-concept environment from the more difficult, detailed practices for a fully functional, production-ready implementation of an IT workload.

This guidance identifies many areas for which planning are key to the success of an IT infrastructure or workload in Azure. In addition, it helps the implementation of solutions on the Azure platform by providing an order to the creation of the necessary resources. Although there is some flexibility, Microsoft recommends that you apply this order to your planning and decision-making.

  • Naming conventions
  • Subscriptions and accounts
  • Storage
  • Virtual networks
  • Cloud services
  • Availability Sets
  • Virtual machines

The full version of guide can be found here.

 

Microsoft Azure Services

Posted on

The following table illustrate the list of Azure Services,

ID Azure Services Description
1 API Management Azure API Management allows you to publish APIs to developers, partners and employees securely and at scale.
2 App Service Create apps faster with a one-of-a-kind cloud service that enables you to quickly and easily create enterprise-ready web and mobile apps for any platform or device and deploy them on a scalable and reliable cloud infrastructure.
3 Application Insights Application Insights is an all-in-one telemetry solution which can help you detect issues, solve problems and continuously improve your web applications by providing real-time, 360-degree views of your apps across availability, performance and usage.
4 Automation Azure Automation allows you to automate the creation, deployment, monitoring and maintenance of resources in your Azure environment using a highly scalable and reliable workflow execution engine.
5 Azure Active Directory Azure Active Directory (Azure AD) provides identity management and access control capabilities for your cloud applications. You can synchronise your on-premises identities and enable single sign-on to simplify user access to cloud applications. Azure AD is available in two tiers: Free and Premium. Azure Active Directory Premium is licensed separately from Azure Services.
6 Azure Search Azure Search is a fully managed service for adding sophisticated search capabilities to web and mobile applications without the typical complexities of full-text search.
7 Backup Azure Backup manages cloud backups through familiar tools in Windows Server 2012, Windows Server 2012 Essentials or System Center 2012 Data Protection Manager.
8 Batch Azure Batch makes it easy to run large-scale parallel and HPC workloads in Azure. You can use Batch to scale out parallel workloads, manage execution of tasks in a queue and cloud enable applications to offload compute jobs in the cloud.
9 BizTalk Services Azure BizTalk Services is a powerful and extensible cloud-based integration service that provides Business-to-Business (B2B) and Enterprise Application Integration (EAI) capabilities for delivering cloud and hybrid integration solutions.
10 CDN Azure CDN (Content Delivery Network) allows you to deliver high-bandwidth content to end users around the world with low latency and high availability via a robust network of global data centres.
11 Cloud Services Azure Cloud Services remove the need to manage server infrastructure. With Web and Worker roles, they enable you to quickly build, deploy and manage modern applications.
12 Data Factory Azure Data Factory is a managed service for developers to produce trusted information from raw data in cloud or on-premises sources. Easily create, orchestrate and schedule highly available, fault-tolerant workflows of data movement and transformation activities. Monitor all of your data pipelines and service health at a glance with a rich visual experience offered through the Azure portal.
13 DNS Azure DNS allows you to host and manage your DNS records in Microsoft Azure.
14 DocumentDB Azure DocumentDB is a fully managed NoSQL document database service that offers query and transactions over schema-free data, predictable and reliable performance and rapid development.
15 Event Hubs Azure Event Hubs enables elastic scale telemetry and event ingestion with durable buffering and sub-second end-to-end latency for millions of devices and events.
16 ExpressRoute Azure ExpressRoute enables you to create private connections between Azure data centres and the infrastructure on your premises or in a collocation environment.
17 HDInsight Azure HDInsight Service is a Hadoop-based service that brings an Apache Hadoop solution to the cloud. Gain full value of Big Data with a cloud-based data platform that manages data of any type and any size.
18 Key Vault Microsoft Azure Key Vault offers an easy, cost-effective way to safeguard keys and other secrets in the cloud using Hardware Security Modules (HSMs). Protect cryptographic keys and small secrets like passwords with keys stored in Hardware Security Modules (HSMs). For added assurance, import or generate your keys in HSMs certified to FIPS 140-2 level 2 and Common Criteria EAL4+ standards, so that your keys stay within the HSM boundary. Key Vault is designed so that Microsoft does not see or extract your keys. Developers can create new keys for dev/test in minutes and migrate seamlessly to production keys managed by security operations. Key Vault scales to meet the demands of your cloud applications without the hassle required to provision, deploy and manage HSMs and key management software.
19 Load Balancer Azure Load Balancer improves application reliability and provides load balancing for Internet and private network traffic.
20 Machine Learning Azure Machine Learning allows you to easily design, test, operationalise and manage predictive analytics solutions in the cloud.
21 Managed Cache Azure Cache is a distributed, in-memory, scalable solution that enables you to build highly scalable and responsive applications by providing super-fast access to data.
22 Media Services Azure Media Services offer cloud-based media solutions from many existing technologies, including ingest, encoding, format conversion, content protection and both on-demand and live streaming capabilities.
23 Mobile Engagement Maximise mobile apps usage and revenue with Azure Mobile Engagement – an SaaS-delivered, data-driven user engagement platform that enables real-time fine-grain user segmentation, app user analytics and contextually aware smart push notifications and in-app messaging across all connected devices. It closes the marketing loop for app developers and marketers, allowing them to get directly in touch with all of their customers in a personal, contextually aware and non-intrusive way, and at the right time.
24 Mobile Services Azure Mobile Services provides a scalable cloud backend for building Windows Store, Windows Phone, Apple iOS, Android and HTML/JavaScript applications. Store data in the cloud, authenticate users and send push notifications to your application within minutes.
25 Multi-Factor Authentication Azure Multi-Factor Authentication helps prevent unauthorised access to on-premises and cloud applications by providing an additional layer of authentication. Follow organisational security and compliance standards while also addressing user demand for convenient access.
26 Notification Hubs Notification Hubs provide a highly scalable, cross-platform push notification infrastructure that enables you to either broadcast push notifications to millions of users at once or tailor notifications to individual users.
27 Operational Insights Operational Insights enables you to collect, correlate and visualise all your machine data, such as event logs, network logs, performance data and much more from both your on-premise and cloud assets.
28 Redis Cache Based on the popular open-source Redis Cache, this gives you access to a secure, dedicated cache for your Azure applications.
29 RemoteApp RemoteApp helps employees stay productive anywhere, on a variety of devices – Windows, Mac OS X, iOS or Android.
30 Scheduler Azure Scheduler allows you to invoke actions that call HTTP/S endpoints or post messages to a storage queue on any schedule. In Scheduler, you can create jobs that reliably call services either inside or outside of Azure and run those jobs straight away, on a regular or irregular schedule, or set them to run at a future date.
31 Service Bus Azure Service Bus is a messaging infrastructure that sits between applications, allowing them to exchange messages for improved scale and resiliency.
32 Site Recovery Site Recovery helps you protect important applications by coordinating the replication and recovery of private clouds for simple, cost-effective disaster recovery.
33 SQL Database Azure SQL Database is a relational database service that enables you to rapidly create, extend and scale relational applications into the cloud.
34 Storage Azure Storage offers non-relational data storage, including Blob, Table, Queue and Drive storage.
35 StorSimple StorSimple offers a unique hybrid cloud storage solution that provides primary storage, archive and disaster recovery. Combined with Microsoft Azure, this solution optimises total storage costs and data protection. The Microsoft Azure StorSimple offering with 8000 Series is licensed separately from Azure Services.
36 Stream Analytics Stream Analytics is an event-processing engine that helps uncover insights from devices, sensors, cloud infrastructure and existing data properties in real time. With out-of-the-box integration to Event Hubs, the combined solution can both ingest millions of events as well as do analytics to better understand patterns, power a dashboard, detect anomalies or kick off an action while data is being streamed in real time.
37 Traffic Manager Azure Traffic Manager allows you to load-balance incoming traffic across multiple hosted Azure services – whether they’re running in the same data centre or across different data centres around the world.
38 Virtual Machines Azure Virtual Machines enable you to deploy a Windows Server or Linux image in the cloud. You can select images from a marketplace or bring your own customised images.
39 Virtual Network Azure Virtual Network enables you to create Virtual Private Networks (VPN) within Azure and securely link these with on-premises IT infrastructure.
40 Visual Studio Online Visual Studio Online provides a cloud-based ALM solution that handles everything from hosted code repos and issue tracking to load testing and automated builds. Best of all, it’s accessible from nearly anywhere and you can create an account for free. Visual Studio Online is licensed separately from Azure Services.
41 VPN Gateway Azure VPN Gateway enables you to establish secure, cross-premises connectivity between your Virtual Network within Azure and on-premises IT infrastructure.