This post is based on information in the following TechEd 2013 sessions: http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/OUC-B341
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/WAD-B309
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/OUC-B211
There are many sources of information about integrating with Azure Active Directory and Office 365, but to date, they’ve been spotty and the technical details haven’t really been all that clear. This appears to be changing under the leadership of Program Managers like Jono Luk and Ross Adams. In particular, the OUC-B341 session was excellent and most of the content of this post comes from that session.
Here are some key bits of information I gleaned from the presentations given:
- new DirSync version is the first version that is upgradable, i.e. after you install this version you won’t have to uninstall and reinstall to move to a new version
- new DirSync version supports SQL 2012
- can use same ADFS server for multiple domains, just must use different issuer URIs for each (i think this is documented somewhere)
- when syncing, if anchor is missing in AAD, then soft-match uses primary SMTP value
- federated authentication immutableID (or user source address) must match the “sourceAnchor” from DirSync (or whatever you use to create the AAD user)
- slide showing the authentication flows between clients and O365 and which have a username/password going over them, and more detail about the authentication flows within O365
- FIM AAD connector will be released to Beta sometime in June via Connect site
- DirSync is required for Exchange hybrid mode (via a question)