office 365 for it pros - sps michigan 2012

Office 365 for IT Pros

Blog: http://www.MyCentralAdmin.com Twitter: @ferringer

http://www.mycentraladmin.com/

3 | SharePoint Saturday Michigan 2012

Housekeeping

Please turn off all electronic devices or set them to vibrate.

If you must take a phone call, please do so in the hall so as not to disturb others.

Wireless is available to all attendees with a valid Michigan ID, just find the nearest sign-up terminal

Follow SharePoint Saturday Michigan on Twitter @spsmi and hashtag #spsmi

Join us for SharePint after the closing

Chammps 301 West Big Beaver Road Troy, MI 48084


Outline

Office 365 Overview

IT and the Cloud

What we give up

What we get back

Pain points


Email and Calendaring

Websites and Collaboration

IM and Online Meetings

Office Client and Web Apps

Hosted by Microsoft – in the cloud!


Office 365 Overview

IT and the Cloud

What we give up

What we get back

Pain points


Did Someone say Cloud?


What’s Your Perspective?


Office 365’s impact on IT

No more deep platform management

Less control over functionality

More Identity Management

Hybrid challenges


Office 365 Overview

IT and the Cloud

What we give up

What we get back

Pain points


Changing the perspective

Your Environment


Losing Control

No tweaking

No fine customization

No server installs

No storage management

No patching

No networking

No upgrades

*


Office 365 Overview

IT and the Cloud

What we give up

What we get back

Pain points


What we get back

Who can do what?

Accounts and Subscriptions

How do you manage Identity?

Remember the client

Maintaining the connection


Subscriptions

No more CALs

Now you have USLs

Must assign licenses

Dynamic assignment


Office 365 user roles

End Users

Service administrators

Exchange Online

SharePoint Online

Lync Online

Office 365 administrators

External users


Office 365 admin roles

Global administrator

Billing administrator

Password administrator

Services administrator

User management administrator

Delegated administrator

See the Office 365 Support Services Description document for more info:

http://tinyurl.com/o365SvcDescrs




Identity: who gets in?

Where do your Office 365 user accounts live?

What is needed to use them?

What can they do?

What are the limitations of the approach?


Identity Options 1. Microsoft Online (MSO) IDs

2. MSO IDs + Directory Synchronization

3. Single Sign On + Directory Synchronization

Your Environment

AD

MS Online Directory Sync

Identity Services

Provisioning platform

Lync Online

SharePoint Online

Exchange Online

Active Directory Federation Services 2.0

Trust

IdP Directory

Store

Admin Portal/ PowerShell

Authentication platform

Office 365 Desktop Setup

Microsoft Online Services

IdP


What can they do?

Appropriate for • Smaller orgs without

AD on-premise

Pros • No servers required on-

premise

Cons • No SSO • No 2FA • 2 sets of credentials to

manage with differing password policies

• IDs mastered in the cloud

Appropriate for • Medium/Large orgs with

AD on-premise

Pros • Users and groups

mastered on-premise • Enables co-existence

scenarios Cons • No SSO • No 2FA • 2 sets of credentials to

manage with differing password policies

• Single server deployment

Appropriate for • Larger enterprise orgs

with AD on-premise Pros • SSO with corporate cred • IDs mastered on-premise • Password policy

controlled on-premise • 2FA solutions possible • Enables co-existence

scenarios Cons • High availability server

deployments required


Sign On Experience *SSO vs. Online IDs Summary

Win7/Vista/XP

SSO IDs (domain joined)

MS Online IDs

Outlook Web Application

SharePoint Web Application

ActiveSync, POP, IMAP, Entourage

Outlook 2007 or 2010

Online ID Online ID Online ID

Win 7/Vista/XP

Office 2010, or Office 2007 SP2

Online ID

Win7/Vista/XP

Lync Online

Online ID

AD credentials AD credentials AD credentials AD credentials AD credentials

SSO IDs (non-domain joined) AD credentials AD credentials AD credentials AD credentials AD credentials

*Requires AD FS 2.0


Your Environment

AD


Identity Services

Lync Online

SharePoint Online

Exchange Online


Trust

IdP Directory

Store




Active Directory Federation Services (AD FS)


How does AD FS work?

Claims authentication

Think of it like a passport

Passport Application

Visa Application

Submit for authorization

Allowed access


AD FS’s Authentication flow

`

Client

(joined to CorpNet)

Authentication platformAD FS 2.0 Server

Exchange Online or

SharePoint Online

Active Directory

Your Environment Microsoft Online Services

Logon (SAML 1.1) Token UPN:[email protected] Source User ID: ABC123

Auth Token UPN:[email protected] Unique ID: 254729


AD FS 2.0 deployment options 1. Single server configuration

2. AD FS 2.0 server farm and load-balancer

3. AD FS 2.0 proxy server or UAG/TMG (External Users, Active Sync, Outlook)

Enterprise

DMZ

AD FS 2.0 Server Proxy

External user Internal

user

Active Directory

AD FS 2.0 Server

AD FS 2.0 Server

AD FS 2.0 Server Proxy


Directory Synchronization

One-way copy of accounts to Office 365

Required for SSO/AD FS

But can be used without AD FS

Required for Hybrid scenarios

Think of it as an appliance, always running


Your Environment

AD


Identity Services

Lync Online

SharePoint Online

Exchange Online


Trust

IdP Directory

Store




IdP

How DirSync Fits in


Getting to know DirSync

It’s actually Forefront Identity Manager

Copies AD accounts into Office 365

But not back down

Doesn’t sync passwords

Filtering now available

Can have sizing issues

Upload sizing

Database sizing

FIM: no touchy! (maybe)


We still have those silly users…

OS compatibility

Office compatibility

Single sign on

Training

Transitions

Mobile


None of this works without…

What kind of connection do you have?

How big is it?

How reliable is it?

Is it redundant?


Office 365 Overview

IT and the Cloud

What we give up

What we get back

Pain points


Are you supportive? Know what you get

What are you responsible for?

Who are you dealing with?

Does it meet your requirements?


Where did it go?


No upgrades?


Managing Identity in Office 365

AD FS is complex

And important!

PowerShell is your friend

Remember your internet connection?

Office 365 is constantly changing


Did someone say PowerShell?


A tale of two shells

(soon three)


Troubleshooting Tools

Microsoft Online Diagnostics and Logging tool (MOSDAL)

Microsoft Remote Connectivity Analyzer: HTTP://testexchangeconnectivity.com

Fiddler

WireShark/Netmon

Office 365 Expert Discussion Series: http://tinyurl.com/o365ExptDisc

http://testexchangeconnectivity.com/

http://testexchangeconnectivity.com/

http://tinyurl.com/o365ExptDisc

http://tinyurl.com/o365ExptDisc


Tie IT All Together


Event

Exhibit

Web

Blog: http://www.MyCentralAdmin.com Twitter: @ferringer

http://www.mycentraladmin.com/

office 365 for it pros - sps michigan 2012

Technology