Office 365 Deployment TechGuide: Identity and Mobility Management
|
|
- Chrystal Rice
- 7 years ago
- Views:
Transcription
1 Office 365 Deployment TechGuide: Identity and Mobility Management Migrating to Office 365 is a complex undertaking. This TechGuide covers in detail the identity and mobility management challenges associated with migration and guides you through the tools provided by Microsoft to address these challenges. Active Directory Okta Inc. I 301 Brannan Street, Suite 300 I San Francisco CA, info@okta.com I
2 Sync users & groups Active Directory Federated Authentication Moving Exchange, Sharepoint, Lync And Active Directory To The Cloud Why can it be a challenge to migrate? There are two key tasks required in moving from on-premises technologies, like Exchange, to the Office 365 cloud equivalent. The first is data. s in your inbox, your schedule in the calendar, documents in SharePoint. Microsoft has a set of free tools to help customers migrate, but they lack some features and can be hard to use. Microsoft is well known as a company that builds platforms and often relies on its large network of partners to provide the complete solution. Office 365 is no different in this regard and companies like BitTitan and SkyKick are often purchased to make the data migration easier, quicker and more complete. The second challenge around an Office 365 migration is synchronizing your user information to Office 365 while continuing to use Active Directory for authentication. Active Directory usually contains up to date information about your employees, therefore you want to use this when creating and updating your user accounts in Office 365. You also want to avoid giving your employees a separate username and password for accessing Office 365, and so it makes sense to use the already known username and password in Active Directory. Again there are some free tools from Microsoft that can help you achieve this, but they lack important features and often force you to make compromises. While Microsoft is building a wonderful new cloud platform, they are reusing aging legacy technologies to provide the critically important connection to your existing employee information. 2
3 BYOD And Office 365 The migration challenge moves beyond just identity when you look at how people access Office 365. In the older on-premises world, most clients for Exchange, SharePoint and Lync were Windows desktops. With a few mobile devices accessing . But today, with the cloud, that shift has moved significantly to mobile devices. Phones and tablets. ios and Android. So how do you easily enable access to the newly created Office 365 accounts? Mobile devices are typically in addition to a laptop or desktop. People also configure access to on more than one mobile device, such as a phone and a tablet. What happens when the user is forced to change their password, for example per a 90 day password change policy, and they have two mobile devices and two laptops that will try and authenticate with the old password? Generally, the answer is a locked account and a call to the IT helpdesk. At the end of this document, once you understand the challenges around the identity migration to office 365, I will look at the impact of mobile devices. But first, let s focus on the identity challenges. Active Directory And Years Of Use And Abuse Active Directory is at the center of IT infrastructure for many businesses today and for many, it was the first major piece of IT infrastructure implemented. Most on-premises applications use Active Directory in some way. As a place of authentication, policy or just storing/retrieving information about users and their group membership. Active Directory deployments grow in both the number of domains and also forests. This happens naturally as the business expands, especially when businesses make acquisitions. Move forward three to four years and you soon find that Active Directory can be a wasteland of information. You end up with situations like: Some users have missing information. Users created in Active Directory may rely on manual human process and people might forget to fill out department names or use the right username format. With multiple forests created by different IT groups, usernames and format of fields like department or displayname can vary significantly. It is possible to have network connectivity between Active Directory environments that allow for cross forest trust and authentication. But often forests reside in data centers with little to no network connectivity between them. Sometimes resource forests are created which duplicate every employee account and are used to only own things like Exchange attributes ( address for example) while another user forest has all the other import user attributes like Firstname and Lastname. This means the complete picture of the user account is spread across many Active Directory domains. 3
4 These sorts of issues present real problems when trying to migrate to Office 365. Typically you want to have all the users in Office 365 up to date with accurate information and have users login with usernames and passwords they are familiar with. When Active Directory has inconsistent data and incompatible configuration, most customers are asked to clean up AD or go through a painful and time consuming domain consolidation. This creates a barrier to the migration and adoption of Office 365. One thing worth mentioning is that today it is not viable for most businesses to replace on-premises Active Directory with a cloud equivalent. Moving the entire services of something like Exchange to the cloud is possible with Office 365, but replacing the entire Active Directory environment with a cloud service is not possible for a lot of people. There are too many on-premises systems, with no cloud hosted equivalent, which rely on Active Directory. Before we continue, we should also note that Microsoft has made a lot of changes to the names for its software used to connect Active Directory to Office 365. The free out of the box tool for synchronization is most commonly known as DirSync, but in 2014 was changed to AADSync. Microsoft is going to change the name again in 2015 to Azure AD Connect, which in reality is just a new installer that can deploy and configure both AADSync and ADFS. All of these software versions are actually based on a single, 10 year old technology called Microsoft Identity Integration Server (MIIS). DirSync, AADSync and Azure AD Connect also leverage functionality from MIIS s bigger brother, Microsoft Identity Manager (MIM), formerly known as Forefront Identity Manager (FIM). The DirSync, AADSync and Azure AD Connect software is specifically limited for Office 365 and prepackages some of the MIM capabilities. Confused? It can be very difficult to understand what all these versions do and which one to use. Microsoft is trying to make it simpler and has created the following page to attempt to clear things up. For reasons of simplicity in this article when we are talking collectively about the DirSync/AADSync and Azure AD Connect solutions, we ll call them the DirSync family, otherwise we will be explicit in which one we are talking about. How do you migrate your many users to a single Office 365 deployment? bgates@company.local? satya.nadella@company.com markus.persson@company.com firstname.lastname@company.com 4
5 Understanding Solutions To Manage Authentication We ll start with authentication and then cover synchronization in the next section. Authentication for Office 365 with the Microsoft tools can be done in two ways. 1. Federate the authentication from Office 365 back to your Active Directory 2. Synchronize the password hash for the user from Active Directory into Office 365 The first method uses Active Directory Federation Services (ADFS) which requires you host a login page in your IT environment for authentications to Office 365. This page then takes credential information (usually username and password) from the user, and verifies them against Active Directory in real time. The second approach uses the directory synchronization tools to copy the Active Directory password hash into Office 365. There are pros and cons with each and the following section gives further insight into the areas where these two approaches differ. Lots of servers with lots of configuration Diagram showing using ADFS for Office 365 federated authentication Active Directory Federation Services (ADFS) Load Balancer/Proxy Active Directory Federation Services (ADFS) Load Balancer/Proxy A single server for all the connectivity to Office 365 Diagram showing using the DirSync family of software for password sync to Office 365 Azure AD Connect 5
6 Note with both of these solutions you need to procure dedicated servers and your IT team will need to be skilled in certain aspects of identity management such as federation and PKI. So that is the first con, the fact that when moving from your on-premises services to Office 365, you may end up adding more servers in your IT infrastructure. Microsoft is however offering free services to customers to setup these tools on virtual machines in Azure, which can alleviate the initial costs, but still presents a challenge with long term maintenance and management. Moving ADFS into Azure as VMs usually also means you move your Active Directory domain controllers as well. Not an easy or cheap task to accomplish. Let s take a look in detail at the differences between using federation with ADFS and synchronizing the Active Directory password hash. Required On-premises Infrastructure For Authentication While it is possible to use just a single ADFS server, Microsoft recommends against this for production. At a minimum you will need to deploy two ADFS servers and the required network proxy/load balancing solution, which often requires another two dedicated servers. The pro here is that ADFS can be scaled very well, simply add more ADFS servers into the farm and scale up your network infrastructure appropriately. The downside is that you have to deploy quite a bit of infrastructure and make network architecture changes. At least two to four servers and opening ports in the firewall. Sometimes you need network routing changes and new networking equipment. You also have to manage SSL certificates and the configuration of ADFS requires specialist identity knowledge. I ve seen one customer with many disconnected Active Directory domains and they faced the challenge of hosting upwards of ADFS servers. Because customers moving to Office 365 in the cloud are reluctant to deploy the on-premises infrastructure required by ADFS, Microsoft is starting to recommend using password sync. The older DirSync can sync your AD password to Office 365, but the newer AADSync can also sync the Office 365 password back to AD. The pro is that you only need to deploy one new server, not the many servers required by ADFS. But this pro, is also a downside. You can t scale this server. You can t even run another active server for backup or load balancing. So that s one server for your entire Active Directory connection to Office 365. That single server needs network connectivity across all the Active Directory domains where you want to sync passwords. If something goes wrong, Microsoft suggests rebuilding the entire server. That means making sure you have change control and a backup process to ensure you always have the latest configuration. These are the common problems with running legacy on-premises technology. 6
7 High Availability And Scale As I mention above, ADFS is designed to be scaled. You can deploy ADFS in farms of servers and deploy SQL server to even further stabilize the service. This allows ADFS to support authentication for any number of domains / forests, even when the forests are not connected / trusted, you deploy more ADFS servers. While this is a great benefit, the downside is that you need to maintain and run all this infrastructure. When migrating to Office 365 you are usually trying to reduce your on-premises IT footprint. DirSync on the other hand is a single server. For a simple single forest and single domain environment, it often satisfies. Where it starts to present problems is when you need to sync passwords from many different forests and domains. The latest version, AADSync, does support multiple forests, but that single server now needs reliable network connectivity between all of these domain locations. If the forests are not connected, a customer must look to DirSync s older brother, Microsoft Identity Manager (MIM). The problem here is MIM doesn t support the same password sync as its little brother DirSync. So you can only use MIM with ADFS. A Closer Look At Password Synchronization And Authentication Options It s worth looking in detail at the pros and cons of using the DirSync family of tools to synchronize your Active Directory password hash into Office 365. When using federation with ADFS, the servers are connected directly to your Active Directory domain. This is in turn connected to the internet via your network proxies and load balancers. So when someone attempts to authenticate to Office 365, they authenticate to ADFS and it checks the users credentials in real-time. If the Active Directory password doesn t match or the account is disabled, they can t login to Office 365. Federation is core to the whole direction the single sign on industry is taking. However, as ADFS is based on a legacy on-premises architecture, it incurs high costs to deploy and maintain. So Microsoft is recommending in a lot of cases to use the DirSync family of tools. They copy the password hash from your Active Directory into Office 365. Note Active Directory doesn t store the actual password, it stores a cryptographic hash. With DirSync this hash is then secured with another secure hash, so you are not storing the plain text Active Directory password in Office
8 The sync from Active Directory to Office 365 happens whenever a password is changed or a new user created. This means the authentication actually takes place in Office 365. This approach, which uses a single server, addresses the problems of deploying lots of ADFS servers, but the downside is the delay between changes in Active Directory and the sync to Office 365. Note that when the password is changed in Office 365 and synced to Active Directory, it happens in real time. So the following concerns are all about taking changes from Active Directory and synchronizing them to Office 365. The delay in synchronization is different for two main areas where authentication is concerned. 1. The sync of the password from Active Directory to Office 365 can take up to two minutes and is not configurable. 2. The sync of an accounts status and group membership is three hours by default. This can be lowered but it is not recommended to have it running below 30 minutes. The two minutes time window for password syncs is critical. Many users who are changing passwords, expect to login within seconds, not minutes. Consider the scenario where your Active Directory is configured with a 90 day password change policy. A user is forced to change the password in on-premises AD, then they are likely to attempt to login to Office 365 within a two minute time window. When they can t login, they often think they made a mistake in changing their password and go back to their Active Directory account and change their password again. They can get caught in a loop of changing passwords which results in an IT helpdesk call. The whole point of this password sync is to avoid helpdesk calls. Password change Every 2 minutes (Not Configurable) Azure AD Connect Active Directory User / Group change Every 3 hours by default 8
9 The second area of concern is around data on the user account that affects access to Office 365. If the Active Directory account is disabled or deleted due to an employee leaving the company, that change isn t reflected into Office 365 for at least 3 hours (by default). So users can still access Office 365 even after their Active Directory account is no longer valid. This can be avoided by an IT administrator manually disabling the account in Office 365. If you are also using groups from Active Directory to determine access to Office 365 resources, these group changes are also delayed by 3 hours. Using ADFS would solve the problem of the Active Directory account being disabled or deleted, because it checks Active Directory in real time. However ADFS doesn t solve a problem of delayed group membership synchronization. Another complication in deciding how to do authentication is that if your deployment to Office 365 requires Microsoft Identity Manager (the reasons for are discussed in the next section), then you cannot implement password synchronization either from AD to Office 365, or vice versa. You have to deploy ADFS. This presents a problem for customers who need to use MIM for complex Active Directory environments but also wish to avoid the extra burden of an ADFS installation. Authentication Summary In summary, there is no right answer for what Microsoft technology to use for Office 365 authentication. You either take on the deployment and maintenance of many ADFS servers, or you reduce your effort and take on the risk of running a single server to keep your passwords up to date for all Office 365 users. Either way, you have to compromise. Understanding Solutions To Synchronize Identity Data Before you can even authenticate and access Office 365, you need to create user accounts. This is the role of the synchronization solution. While Microsoft is building a brand new and modern cloud platform for Office 365, the technologies offered to connect to Active Directory are based on 10 year legacy solutions. The first incarnation was known as Microsoft Identity Integration Server (MIIS) and has evolved through many rebranding s. But essentially these tools rely on the same legacy on-premises architecture that is a big metadirectory which stores both user and group information from Active Directory and Office 365, as well as your business logic which determines how Active Directory is connected to the cloud. There are two main solutions for synchronizing data from Active Directory to Office 365. The free DirSync family of tools or its bigger brother, Microsoft Identity Manager (MIM). The following section digs into the detail of the pros and cons of using either of these solutions. 9
10 Synchronize User And Group Data From One Or Many Domains And Forests When you have just one domain in a single forest, DirSync, AADSync or the new Azure AD Connect is an easy way to connect your Active Directory to Office 365. The challenges start when there is more than one domain or forest or if your data in that single domain isn t consistent. For example you might have users with a variety of login names and the address may not be consistently entered across all accounts. Multiple forests and domains present problems due the need to often read identity data across all domains. The recently updated AADSync now supports the ability to read from multiple forests unlike the earlier versions called DirSync. Active Directory Infrustructure HQ forest & domains IT DMZ Europe forest & domains Azure AD Connect Acquired company forest & domains The downside with using the DirSync family of tools is the limitation of a single sync server for your entire Office 365 environment. A company with many domains or forests that may be separated over different networks put strain on the single server. MIM is the bigger brother for the DirSync family of tools, but instead of being a quick and easy way to connect Active Directory to Office 365, MIM is a fully featured on-premises identity management product that can take months to deploy. MIM allows for more control over connecting to domains and forests in different locations. I ve actually heard of customers deploying multiple instances of MIM, all talking to a single master MIM instance that then connects to Office 365. The downside of this approach is the significant on-premises infrastructure that MIM requires. A common deployment consists of two MIM servers, two database servers and IIS servers for self-service password reset functionality. 10
11 Other Sources Of Identity For Office 365 Accounts Sometimes you want information in Office 365 to come from places other than just Active Directory. For example an employee s phone number might actually be better synchronized from your Cisco Unified Communications service. You might also have information in another directory service like LDAP. The entire account might come from LDAP, or you might have most information in Active Directory but just want to get employee ID from LDAP. You may want to provision accounts to Office 365 from a mix of directories. You want employees to come from Active Directory, but contractors might reside in LDAP or an SQL database. Information doesn t just come from on-premises systems, many people are moving their HR systems to the cloud and leverage services like Workday and UltiPro, and want to source user data from these applications. While DirSync and AADSync are built on a technology that can connect to these other sources of identity, these prepackaged tools do not currently support multiple sources (other than multiple Active Directory domains). Microsoft is adding LDAP to Azure AD Connect at some point in the future. But it is unclear how much flexibility is going to be added to this free tool. MIM really is the best solution from Microsoft if you have to get information from places other than Active Directory. MIM allows you to connect to a wide variety of sources, mix up the data and then provisioning it all to a common user profile to Office 365. The downside to using MIM however is that, unlike the DirSync family of tools, which can be deployed in under a day, most MIM deployments require a lot more effort. Typically at least a month of planning and implementation, and then it requires a lot of ongoing maintenance and configuration. However you can integrate MIM with whatever you want, it is just a question of skills, time and money. This does introduce yet another problem to consider. Building out a solution with MIM results in you developing important business logic in an on-premises system that isn t part of the same cloud platform you are trying to move to. So you can end up managing custom code, and duplicating your business logic. Writing rules in MIM and then recreating the same rules in the cloud, further complicating your efforts to move to cloud services. Transform / Normalize User Attributes In many scenarios a percentage of the data in Active Directory doesn t always match what you want in Office 365. A common example is IT departments that created Active Directory domains where the user domain isn t publically routable. You might have user@company.local usernames. Moving to 11
12 Office 365 requires that usernames leverage public DNS domains, so you need Often the answer is just to add the new domain name to your Active Directory and tell everyone they have a new username. In practice this isn t a good solution, such sweeping changes to Active Directory can cause all sorts of problems with existing on-premises software. You want to migrate to Office 365 without having to go through a lengthy Active Directory cleanup or consolidation exercise. The DirSync family of tools do allow for the manipulation of attributes like username. With the older DirSync there wasn t a supported method and customers had to go unsupported and hack in any changes. With the recent release of AADSync, Microsoft exposed a supported ability to edit the rules but they are still limited. If you have more than one domain, with different requirements for username formats in each, you can quickly get lost building your identity logic in a legacy on-premises platform. For complex, multi forest and multi domain environments or if you just need to fix up the data in Active Directory before it gets to Office 365 without actually making large changes to the directory itself, then Microsoft will recommend MIM. This usually requires getting an identity consultant / partner to help you deploy, unless your IT organization has experience in implementing identity management solutions. However this flexibility comes at a cost. MIM is a legacy, on-premises technology which means you deploy and manage new on-premises servers. All your business logic around the creation and management of users in Office 365 is embedded in an on-premises solution. None of this logic resides in the cloud, which is where you are moving the rest of your on-premises solutions. If you are using Azure Active Directory with MIM, you will find you are configuring and maintaining two very separate identity management solutions. Microsoft call this hybrid identity and it can be a costly solution. In summary there is no perfect answer to which Microsoft tool do you use for your synchronizing your Active Directory data to Office 365. It s a balance of ease of use and limitations of flexibility with the DirSync family of tools compared with the flexibility of ADFS and MIM and their significant on-premises infrastructure requirements and time, effort to deploy. Mobile Device Access To Office 365 Now consider that you ve got a grasp of the above, made your choices and you ve configured authentication and synchronization from your on-premises environment to Office 365. You ve migrated your data and you are ready to go. But how do users now successfully access these services? On the Windows desktop many users will be familiar with the Office suite on the desktop. Those who had Outlook configured for the on-premises Exchange server will be automatically migrated to Office 365. If they were familiar with accessing Exchange via Outlook Web Access, they simply now head to and login as normal. 12
13 But what about their phones and tablets? This is a little trickier. Microsoft has made huge strides towards bringing Office 365 native applications like Word, Excel and PowerPoint to Apple s ios and Google s Android devices. Exchange Active Sync, which not only handles access to but also a user s contacts and calendar, is available in the native clients for ios and Android. But configuring all these and knowing which Office apps the user has access to, is manual and incumbent on the user making the right choices. Mobile devices can also be less secure. Microsoft has started to add some mobile device management (MDM) capabilities to Office 365, specifically Exchange. This allows you to setup some basic policy over the device passcode, encryption and conditional access to data. But the features are limited and do not allow control over the download and sharing of data from Office 365 with other, less secure collaboration or file storage apps. Another problem is passwords. When you have several devices all configured for Office 365 and other services, and the password for that Office 365 account is tied back to Active Directory. How do you ensure the right password is stored on the mobile device? What happens when you update the password in Active Directory? Often those mobile clients continue to access Office 365 with older passwords which can result in locked accounts for the user. Conclusion Migrating to Office 365 can be a complex undertaking. Microsoft s tools are one option for handling the identity and mobility management challenges, but they fall short in several ways. They also force you to rely on legacy technology at the same time you are adopting the newest technology in the cloud. Okta has taken a fresh approach to solving the integration challenges associated with cloud and mobile applications, including Office 365. Okta is built on a reliable, cloud-based architecture that helps businesses avoid the many pitfalls outlined above. Okta is trusted by more than 2,000 organizations, including those migrating to Office 365. Businesses such as Seton Hall, DocuSign, Girl Scouts and Post Foods have improved security and driven end-user adoption with Okta and Office 365. Learn how in our Office 365 Learning Center at 13
14 This TechGuide was authored by Simon Thorpe who has been active in the identity and security technology industry for over 15 years. Before joining Okta, Simon worked for Oracle and Microsoft, helping customers with a variety of challenges securing their users and data. He has also contributed chapters on data security to the book "Information Security: The Complete Reference, Second Edition". Simon's role at Okta is about understanding customer needs and helping Okta product management deliver the best solution possible for securing access to Office
Office365 Adoption eguide. Identity and Mobility Challenges. Okta Inc. 301 Brannan Street San Francisco, CA 94107. info@okta.
Office365 Adoption eguide Identity and Mobility Challenges Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Executive Summary Office 365 Adoption Accelerating Through the
More informationWHITEPAPER. 13 Questions You Must Ask When Integrating Office 365 With Active Directory
WHITEPAPER 13 Questions You Must Ask When Integrating Office 365 With Active Directory Many organizations have begun their push to the cloud with a handful of applications. Microsoft s Office 365 offering
More informationCentrify Cloud Connector Deployment Guide
C E N T R I F Y D E P L O Y M E N T G U I D E Centrify Cloud Connector Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as
More informationOffice 365 deploym. ployment checklists. Chapter 27
Chapter 27 Office 365 deploym ployment checklists This document provides some checklists to help you make sure that you install and configure your Office 365 deployment correctly and with a minimum of
More informationBill Fiddes Learning and Development Specialist Rob Latino Program Manager in Office 365 Support
Bill Fiddes Learning and Development Specialist Rob Latino Program Manager in Office 365 Support Learning & Development Specialist Customer Support Services Been with Microsoft for 7 years Professionally
More informationSpeeding Office 365 Implementation Using Identity-as-a-Service
August 2015 www.sarrelgroup.com info@sarrelgroup.com Speeding Office 365 Implementation Using Identity-as-a-Service White paper August 2015 This white paper is sponsored by Centrify. August 2015 www.sarrelgroup.com
More informationWhite paper Contents
Three Ways to Integrate Active Directory with Your SaaS Applications Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 User Management Challenges of Software
More informationMod 2: User Management
Office 365 for SMB Jump Start Mod 2: User Management Chris Oakman Managing Partner Infrastructure Team Eastridge Technology Stephen Hall CEO & SMB Technologist District Computers 1 Jump Start Schedule
More informationOffice 365 deployment checklists
Chapter 128 Office 365 deployment checklists This document provides some checklists to help you make sure that you install and configure your Office 365 deployment correctly and with a minimum of issues.
More informationAgenda. Federation using ADFS and Extensibility options. Office 365 Identity overview. Federation and Synchronization
Agenda Office 365 Identity overview 1 Federation and Synchronization Federation using ADFS and Extensibility options 2 3 What s New in Azure AD? Cloud Business App - Overview 4 Identity Management is
More informationMicrosoft Enterprise Mobility Suite
Microsoft Enterprise Mobility Suite Standalone - overview Peter Daalmans http://configmgrblog.com, peter@daalmans.com IT-Concern John Marcum Enterprise Client Management Architect / johnmarcum@outlook.com
More informationMod 3: Office 365 DirSync, Single Sign-On & ADFS
Office 365 for SMB Jump Start Mod 3: Office 365 DirSync, Single Sign-On & ADFS Chris Oakman Managing Partner Infrastructure Team Eastridge Technology Stephen Hall CEO & SMB Technologist District Computers
More informationMigrating Exchange Server to Office 365
Migrating Exchange Server to Office 365 By: Brien M. Posey CONTENTS Domain Verification... 3 IMAP Migration... 4 Cut Over and Staged Migration Prep Work... 5 Cut Over Migrations... 6 Staged Migration...
More informationIdentity. Provide. ...to Office 365 & Beyond
Provide Identity...to Office 365 & Beyond Sponsored by shops around the world are increasingly turning to Office 365 Microsoft s cloud-based offering for email, instant messaging, and collaboration. A
More informationGet started with cloud hybrid search for SharePoint
Get started with cloud hybrid search for SharePoint This document supports a preliminary release of the cloud hybrid search feature for SharePoint 2013 with August 2015 PU and for SharePoint 2016 Preview,
More informationAn identity management solution. TELUS AD Sync
An identity management solution TELUS AD Sync June 2013 Introduction An important historic challenge faced by small and mid-sized businesses when opting for the TELUS Business E-mail Service is the requirement
More informationWhite Paper. What is an Identity Provider, and Why Should My Organization Become One?
White Paper What is an Identity Provider, and Why Should My Organization Become One? May 2015 Executive Overview Tame Access Control Security Risks: Become an Identity Provider (IdP) Organizations today
More informationHybrid for SharePoint Server 2013. Search Reference Architecture
Hybrid for SharePoint Server 2013 Search Reference Architecture 2014 Microsoft Corporation. All rights reserved. This document is provided as-is. Information and views expressed in this document, including
More informationAddressing the BYOD Challenge with Okta Mobility Management. Okta Inc. 301 Brannan Street San Francisco, CA 94107. info@okta.
Addressing the BYOD Challenge with Okta Mobility Management Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Executive Summary The Impact of BYOD BYOD can be a very polarizing
More informationWorkday Mobile Security FAQ
Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy
More informationWhen enterprise mobility strategies are discussed, security is usually one of the first topics
Acronis 2002-2014 Introduction When enterprise mobility strategies are discussed, security is usually one of the first topics on the table. So it should come as no surprise that Acronis Access Advanced
More informationEnterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect
Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment Paul Luetje Enterprise Solutions Architect Table of Contents Welcome... 3 Purpose of this document...
More informationWhat you need to know about DirSync - our experiences with DirSync and Office 365, by David Parizek and Henry Verlander.
Installing Azure Active Directory Sync (AADSync, informally known as DirSync) What you need to know about DirSync - our experiences with DirSync and Office 365, by David Parizek and Henry Verlander. DirSync
More informationWhite Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0
White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative
More informationMicrosoft Office 365 Helps Communication Company Connect Employees
Microsoft Office 365 Helps Communication Company Connect Employees INDUSTRY Media IT PRO Nick McKinney, IT Manager COMPANY Raycom Media EMPLOYEES 4,000+ Employee-owned Raycom Media owns or provides services
More informationWhere are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players
The Current and Future State of IT When, Where, and How To Leverage the The and the Players Software as a Service Citrix VMWare Google SalesForce.com Created and Presented by: Rand Morimoto, Ph.D., MCITP,
More informationManaging Office 365 Identities and Services 20346C; 5 Days, Instructor-led
Managing Office 365 Identities and Services 20346C; 5 Days, Instructor-led Course Description This is a 5-day Instructor Led Training (ILT) course that targets the needs of IT professionals who take part
More informationCourse 20346: Managing Office 365 Identities and Services
Course 20346: Managing Office 365 Identities and Services Overview About this course This is a 5-day Instructor Led Training (ILT) course that targets the needs of IT professionals who take part in evaluating,
More informationDeltek Touch Time & Expense for Vision 1.3. Release Notes
Deltek Touch Time & Expense for Vision 1.3 Release Notes June 25, 2014 While Deltek has attempted to verify that the information in this document is accurate and complete, some typographical or technical
More informationTop 8 Identity and Access Management Challenges with Your SaaS Applications. Okta Inc. 301 Brannan Street San Francisco, CA 94107
Top 8 Identity and Access Management Challenges with Your SaaS Applications Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 The Importance of Identity for SaaS
More informationInteract Intranet Version 7. Technical Requirements. August 2014. 2014 Interact
Interact Intranet Version 7 Technical Requirements August 2014 2014 Interact Definitions... 3 Licenses... 3 On-Premise... 3 Cloud... 3 Pulic Cloud... 3 Private Cloud... 3 Perpetual... 3 Self-Hosted...
More informationMICROSOFT HIGHER SOLUTION
SOLUTIONS AT A GLANCE United States Higher Education Gr Canyon University () is a private Gr Canyon has approximately University () 41,500 is students, a private 111 Christian full-time college faculty
More informationVMware Identity Manager Administration
VMware Identity Manager Administration VMware Identity Manager 2.6 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationManage all your Office365 users and licenses
Manage all your Office365 users and licenses Delegate 365 White Paper Authors: Toni Pohl, Martina Grom Version: 1.2 of December 2014 atwork information technology gmbh. All rights reserved. For information
More informationConfiguration Guide. BES12 Cloud
Configuration Guide BES12 Cloud Published: 2016-04-08 SWD-20160408113328879 Contents About this guide... 6 Getting started... 7 Configuring BES12 for the first time...7 Administrator permissions you need
More informationOkta Mobility Management
Okta Mobility Management A User Centric Approach to Integrated Identity and Mobility Management Okta Inc. I 301 Brannan Street, Suite 300 I San Francisco CA, 94107 info@okta.com I 1-888-722-7871 Contents
More informationBlackBerry Enterprise Service 10. Universal Device Service Version: 10.2. Administration Guide
BlackBerry Enterprise Service 10 Universal Service Version: 10.2 Administration Guide Published: 2015-02-24 SWD-20150223125016631 Contents 1 Introduction...9 About this guide...10 What is BlackBerry
More informationMicrosoft Partner Network. Cloud Services Dashboard User Guide
Microsoft Partner Network Cloud Services Dashboard User Guide Table of Contents 1. Navigation... 4 1.1 MPN Portal... 4 2. Azure Consumption... 4 2.1 Subscriptions... 5 2.2 Consumption... 6 2.3 Customers...
More informationAn Enterprise Approach to Mobile File Access and Sharing
White Paper File and Networking Services An Enterprise Approach to Mobile File Access and Sharing Table of Contents page Anywhere, Any Device File Access with IT in Control...2 Novell Filr Competitive
More informationConfiguration Guide BES12. Version 12.3
Configuration Guide BES12 Version 12.3 Published: 2016-01-19 SWD-20160119132230232 Contents About this guide... 7 Getting started... 8 Configuring BES12 for the first time...8 Configuration tasks for managing
More informationWINDOWS AZURE DATA MANAGEMENT
David Chappell October 2012 WINDOWS AZURE DATA MANAGEMENT CHOOSING THE RIGHT TECHNOLOGY Sponsored by Microsoft Corporation Copyright 2012 Chappell & Associates Contents Windows Azure Data Management: A
More informationTechnology Day 2015 Xylos
Stay in control of your identity with Azure Active Directory (Premium) Technology Day 2015 Xylos Robin Vermeirsch Sr. IT consultant CCM Azure Active Directory Introduction Competence Center Messaging (CCM)
More informationManaging Office 365 Identities and Services
Course 20346B: Managing Office 365 Identities and Services Page 1 of 7 Managing Office 365 Identities and Services Course 20346B: 4 days; Instructor-Led Introduction This is a 4-day Instructor Led Training
More informationDirectory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA 94107. info@okta.
Directory Integration with Okta An Architectural Overview Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 User Directories and the Cloud: An Overview 3 Okta
More informationConfiguration Guide BES12. Version 12.2
Configuration Guide BES12 Version 12.2 Published: 2015-07-07 SWD-20150630131852557 Contents About this guide... 8 Getting started... 9 Administrator permissions you need to configure BES12... 9 Obtaining
More informationAn Overview of Samsung KNOX Active Directory and Group Policy Features
C E N T R I F Y W H I T E P A P E R. N O V E M B E R 2013 An Overview of Samsung KNOX Active Directory and Group Policy Features Abstract Samsung KNOX is a set of business-focused enhancements to the Android
More informationMoving Forward Together
Moving Forward Together AMITA HEALTH INFORMATION SERVICES EMAIL MIGRATION INFORMATION The purpose of IT integration is to bridge the technology and infrastructure between Adventist Midwest Health sites
More informationEnterprise Remote Control 5.6 Manual
Enterprise Remote Control 5.6 Manual Solutions for Network Administrators Copyright 2015, IntelliAdmin, LLC Revision 3/26/2015 http://www.intelliadmin.com Page 1 Table of Contents What is Enterprise Remote
More informationConfiguration Guide BES12. Version 12.1
Configuration Guide BES12 Version 12.1 Published: 2015-04-22 SWD-20150422113638568 Contents Introduction... 7 About this guide...7 What is BES12?...7 Key features of BES12... 8 Product documentation...
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationAgenda. Enterprise challenges. Hybrid identity. Mobile device management. Data protection. Offering details
Agenda Enterprise challenges Hybrid identity Mobile device management Data protection Offering details 2 The time to address enterprise mobility is now 29% of today s global workforce use 3+ devices, work
More informationMicrosoft Exchange ActiveSync Administrator s Guide
Microsoft Exchange ActiveSync Administrator s Guide Copyright 2005 palmone, Inc. All rights reserved. palmone, HotSync, Treo, VersaMail, and Palm OS are among the trademarks or registered trademarks owned
More informationSecure, Centralized, Simple
Whitepaper Secure, Centralized, Simple Multi-platform Enterprise Mobility Management 2 Controlling it all from one place BlackBerry Enterprise Service 10 (BES10) is a unified, multi-platform, device, application,
More informationConfiguration Guide. BlackBerry Enterprise Service 12. Version 12.0
Configuration Guide BlackBerry Enterprise Service 12 Version 12.0 Published: 2014-12-19 SWD-20141219132902639 Contents Introduction... 7 About this guide...7 What is BES12?...7 Key features of BES12...
More informationAVG Business Secure Sign On Active Directory Quick Start Guide
AVG Business Secure Sign On Active Directory Quick Start Guide The steps below will allow for download and registration of the AVG Business SSO Cloud Connector to integrate SaaS application access and
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationTest Lab Guide: Creating a Windows Azure AD and Windows Server AD Environment using Azure AD Sync
Test Lab Guide: Creating a Windows Azure AD and Windows Server AD Environment using Azure AD Sync Microsoft Corporation Published: December 2014 Author: Mark Grimes Acknowledgements Special thanks to the
More informationImplementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led
Implementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led Course Description This course is aimed at experienced IT Professionals who currently administer their on-premises infrastructure.
More informationCloud Based Device Management Using Enterprise Mobility Suite Production Pilot Service Definition Document
Microsoft Services - GCloud 7 Catalogue Cloud Based Device Management Using Enterprise Mobility Suite Production Pilot Service Definition Document 1 Overview of the Service 1.1 Service Objectives The 2
More informationOndřej Výšek Sales Lead, Microsoft MVP. vysek@kpcs.cz
Ondřej Výšek Sales Lead, Microsoft MVP vysek@kpcs.cz Azure Active Directory Features Free edition Basic edition Premium edition Directory as a service User and group management using UI or Windows PowerShell
More informationStrong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment
Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment IIIIII Best Practices www.gemalto.com IIIIII Table of Contents Strong Authentication and Cybercrime... 1
More informationABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES
CONTENTS About Tools4ever... 3 About Deloitte Risk Services... 3 HelloID... 4 Microsoft Azure... 5 HelloID Security Architecture... 6 Scenarios... 8 SAML Identity Provider (IDP)... 8 Service Provider SAML
More informationactivecho Driving Secure Enterprise File Sharing and Syncing
activecho Driving Secure Enterprise File Sharing and Syncing activecho Overview In today s enterprise workplace, employees are increasingly demanding mobile and collaborative solutions in order to get
More informationThree Ways to Integrate Active Directory with Your SaaS Applications OKTA WHITE PAPER. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107
OKTA WHITE PAPER Three Ways to Integrate Active Directory with Your SaaS Applications Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107 info@okta.com 1-888-722-7871 wp-3waysad-113012 Table
More informationCourse 20533B: Implementing Microsoft Azure Infrastructure Solutions
Course 20533B: Implementing Microsoft Azure Infrastructure Solutions Sales 406/256-5700 Support 406/252-4959 Fax 406/256-0201 Evergreen Center North 1501 14 th St West, Suite 201 Billings, MT 59102 Course
More informationTotal Cost of Ownership Overview ADFS vs OneLogin WHITEPAPER
Total Cost of Ownership Overview vs OneLogin WHITEPAPER Are you really going to double down on machines, software and professional services to extend Active Directory (AD)? Executive Summary Are you planning
More informationAdministration Guide. BlackBerry Enterprise Service 12. Version 12.0
Administration Guide BlackBerry Enterprise Service 12 Version 12.0 Published: 2015-01-16 SWD-20150116150104141 Contents Introduction... 9 About this guide...10 What is BES12?...11 Key features of BES12...
More informationWINDOWS AZURE EXECUTION MODELS
WINDOWS AZURE EXECUTION MODELS Windows Azure provides three different execution models for running applications: Virtual Machines, Web Sites, and Cloud Services. Each one provides a different set of services,
More informationWhite Paper. The Principles of Tokenless Two-Factor Authentication
White Paper The Principles of Tokenless Two-Factor Authentication Table of contents Instroduction... 2 What is two-factor authentification?... 2 Access by hardware token... 3 Advantages and disadvantages
More informationEasily Managing User Accounts on Your Cloud Servers. How modern IT and ops teams leverage their existing LDAP/Active Directory for their IaaS
Easily Managing User Accounts on Your Cloud Servers How modern IT and ops teams leverage their existing LDAP/Active Directory for their IaaS How Did We Get Here? How the move to IaaS has created problems
More informationOverview of Microsoft Enterprise Mobility Suite (EMS) Cloud University
Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University www.infrontconsulting.com Global #1 on System Center Trusted for over a decade Microsoft Partner of the year 2012, 2013 & 2014 #1
More informationAn Enterprise Approach to Mobile File Access and Sharing
White Paper Filr An Enterprise Approach to Mobile File Access and Sharing Table of Contents page Anywhere, Any Device File Access with IT in Control...2 Filr Competitive Differentiators...2 Filr High-Level
More informationCreating a Single Sign on Web Portal using Azure. Robert Crane Office 365 MVP @directorcia
Creating a Single Sign on Web Portal using Azure Robert Crane Office 365 MVP @directorcia Agenda What is Office 365? What is Azure? What is Single Sign on (SSO)? What is WAAD? Accessing your free WAAD
More informationSpecial thanks to the following people for reviewing and providing invaluable feedback for this document: Joe Davies, Bill Mathers, Andreas Kjellman
Test Lab Guide: Creating a Microsoft Azure Active Directory and Windows Server Active Directory Environment using Microsoft Azure Active Directory Sync Services Microsoft Corporation Published: December
More informationSymantec Mobile Management Suite
Symantec Mobile Management Suite One Solution For All Enterprise Mobility Needs Data Sheet: Mobile Security and Management Introduction Most enterprises have multiple mobile initiatives spread across the
More informationIntroducing Databackup.com Cloud Backup. File Locker File Sharing & Collaboration EndGaurd EndPoint Protection & Device Management
Introducing Databackup.com Cloud Backup File Locker File Sharing & Collaboration EndGaurd EndPoint Protection & Device Management Global Explosion of Data The demand for cloud storage is just getting started.
More informationGuidelines to setup mobile devices to a UOITnet account Google Apps for Education. Information Technology Services
Guidelines to setup mobile devices to a UOITnet account Google Apps for Education Information Technology Services Contents Support for UOITnet email set up on a Mobile Device... 2 Generate Google Token...
More informationMICROSOFT OFFICE 365 MIGRATION 2013/05/13
MICROSOFT OFFICE 365 MIGRATION 2013/05/13 WHAT IS OFFICE 365 Office 365 provides virtually anywhere access to familiar Office tools Word WEB App Excel WEB App PowerPoint WEB App Enterprise-grade email
More informationPrinterOn Mobile App for ios and Android
PrinterOn Mobile App for ios and Android User Guide Version 3.4 Contents Chapter 1: Getting started... 4 Features of the PrinterOn Mobile App... 4 Support for PrinterOn Secure Release Anywhere printer
More informationAurora Hosted Services Hosted AD, Identity Management & ADFS
22/09/2013 Aurora Hosted Services Hosted AD, Identity Management & ADFS 1 Service Overview - Hosted Identity Management Core provides a fully managed solution hosted in Azure and connected directly to
More informationMIGRATION SERVICES MIGRATION SERVICES
MIGRATION SERVICES Our team of 100 carefully selected technology professionals average 10+ years of experience per engineer across a broad spectrum of disciplines, including network infrastructure, cloud
More informationDirectory Integration with Okta. An Architectural Overview. Okta White paper. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107
Okta White paper Directory Integration with Okta An Architectural Overview Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107 info@okta.com 1-888-722-7871 wp-dint-053013 Table of Contents
More informationOWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.
OWA vs. MDM Introduction SmartPhones and tablet devices are becoming a common fixture in the corporate environment. As feature phones are replaced with new devices such as iphone s, ipad s, and Android
More informationDeployment of Cisco Extension Mobility in Enterprises White Paper
Deployment of Cisco Extension Mobility in Enterprises White Paper Z E R O T O U C H A U T O M A T E D P R O V I S I O N I N G Sync to Active Directory Automated System to sync Cisco Extension Mobility
More informationNew Features: What s new in Windows Intune?
New Features: What s new in Windows Intune? Contents Release Overview... 2 Unified Enterprise Management Solution... 2 User-based Licensing... 5 Extending Client Support... 5 Understanding Mobile Device
More informationADAPTIVE USER AUTHENTICATION
ADAPTIVE USER AUTHENTICATION SMS PASSCODE is the leading technology in adaptive multi-factor authentication, improving enterprise security and productivity through an easy to use and intelligent solution
More informationSimplify Software as a Service (SaaS) Integration
Simplify Software as a Service (SaaS) Integration By Simon Peel December 2008 Introduction Fuelled by a fiercely competitive business environment that requires the pace of business and technology to accelerate,
More informationOkta/Dropbox Active Directory Integration Guide
Okta/Dropbox Active Directory Integration Guide Okta Inc. 301 Brannan Street, 3rd Floor San Francisco CA, 94107 info@okta.com 1-888- 722-7871 1 Table of Contents 1 Okta Directory Integration Edition for
More informationSetup Guide: Server-side synchronization for CRM Online and Exchange Server
Setup Guide: Server-side synchronization for CRM Online and Exchange Server Version 8.0 Microsoft Dynamics CRM 2016 Authors: Elad Ben Yosef, Sumanta Batabyal This document is provided "as-is". Information
More informationAdvanced Configuration Steps
Advanced Configuration Steps After you have downloaded a trial, you can perform the following from the Setup menu in the MaaS360 portal: Configure additional services Configure device enrollment settings
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More informationSHARPCLOUD SECURITY STATEMENT
SHARPCLOUD SECURITY STATEMENT Summary Provides details of the SharpCloud Security Architecture Authors: Russell Johnson and Andrew Sinclair v1.8 (December 2014) Contents Overview... 2 1. The SharpCloud
More informationIdentity and Access Management for the Hybrid Enterprise
Identity and Access Management for the Hybrid Enterprise Redmond Identity Summit 2014 Directories Devices Identity Keith Brintzenhofe Microsoft Corporation Thank You to our Sponsors Gold Silver Plus Silver
More informationShareSync from LR Associates Inc. A business-grade file sync and share service that meets the needs of BOTH users and administrators.
ShareSync from LR Associates Inc. A business-grade file sync and share service that meets the needs of BOTH users and administrators. Overview of ShareSync Easy, intuitive sharing and syncing ShareSync
More informationDocumentation. CloudAnywhere. http://www.cloudiway.com. Page 1
Documentation CloudAnywhere http://www.cloudiway.com Page 1 Table of Contents 1 INTRODUCTION 3 2 OVERVIEW 4 2.1 KEY FUNCTIONALITY 4 2.2 PREREQUISITES 5 3 FEATURES 6 3.1 A UNIVERSAL PROVISIONING SOLUTION.
More informationWork Together Tools Social Collaboration with Novell Vibe Cloud
APR_2011 // Novell Connection Magazine Work Together Tools Social Collaboration with Novell Vibe Cloud by Ken Baker Too often, collaboration tools become the place where documents go to die. Some tools
More informationCloud-Accelerated Hybrid Scenarios with SharePoint and Office 365
Cloud-Accelerated Hybrid Scenarios with SharePoint and Office 365 Contents Contents 1 About this guide 3 Overview 9 Authentication and authorization 10 Getting started with identity integration 26 Getting
More informationWHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS
WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user
More informationInstalling Logos SSL Certificates on Mobile Devices
Installing Logos SSL Certificates on Mobile Devices Phase 1: Obtain the SSL Certificate You can obtain the SSL certificate in one of 2 ways. Method 1 Download the SSL certificate from it.logostech.net
More informationBASICS. Simple, Straightforward, and Jargon-Free Answers
BASICS Simple, Straightforward, and Jargon-Free Answers Contents: What is Office 365? What is Office 365 used for? How much does Office 365 cost? Is Office 365 secure? How does Office 365 stack up against
More information