AAD and O365 Integration

This post is based on information in the following TechEd 2013 sessions: http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/OUC-B341



There are many sources of information about integrating with Azure Active Directory and Office 365, but to date, they’ve been spotty and the technical details ¬†haven’t really been all that clear. This appears to be changing under the leadership of Program Managers like Jono Luk and Ross Adams. In particular, the OUC-B341 session was excellent and most of the content of this post comes from that session.

Here are some key bits of information I gleaned from the presentations given:

  • new DirSync version is the first version that is upgradable, i.e. after you install this version you won’t have to uninstall and reinstall to move to a new version
  • new DirSync version supports SQL 2012
  • can use same ADFS server for multiple domains, just must use different issuer URIs for each (i think this is documented somewhere)
  • when syncing, if anchor is missing in AAD, then soft-match uses primary SMTP value
  • federated authentication immutableID (or user source address) must match the “sourceAnchor” from DirSync (or whatever you use to create the AAD user)
  • slide showing the authentication flows between clients and O365 and which have a username/password going over them, and more detail about the authentication flows within O365
  • FIM AAD connector will be released to Beta sometime in June via Connect site
  • DirSync is required for Exchange hybrid mode (via a question)

Leave a Reply

Your email address will not be published. Required fields are marked *