AAD and O365 Integration

This post is based on information in the following TechEd 2013 sessions: http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/OUC-B341

http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/WAD-B309

http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/OUC-B211

There are many sources of information about integrating with Azure Active Directory and Office 365, but to date, they’ve been spotty and the technical details  haven’t really been all that clear. This appears to be changing under the leadership of Program Managers like Jono Luk and Ross Adams. In particular, the OUC-B341 session was excellent and most of the content of this post comes from that session.

Here are some key bits of information I gleaned from the presentations given:

  • new DirSync version is the first version that is upgradable, i.e. after you install this version you won’t have to uninstall and reinstall to move to a new version
  • new DirSync version supports SQL 2012
  • can use same ADFS server for multiple domains, just must use different issuer URIs for each (i think this is documented somewhere)
  • when syncing, if anchor is missing in AAD, then soft-match uses primary SMTP value
  • federated authentication immutableID (or user source address) must match the “sourceAnchor” from DirSync (or whatever you use to create the AAD user)
  • slide showing the authentication flows between clients and O365 and which have a username/password going over them, and more detail about the authentication flows within O365
  • FIM AAD connector will be released to Beta sometime in June via Connect site
  • DirSync is required for Exchange hybrid mode (via a question)

Windows Azure Active Directory and Office 365 TechEd Session roundup

There were quite a few AAD and O365 sessions at TechEd 2013 this year. As of now, I’ve attended or watched the first five in the list below, and can recommend all but OUC-B209 (unless you are on live@edu currently). I’ll have more posts about the content from these sessions.

Here’s a list:

  • WAD-B309: Introduction to Windows Azure Active Directory. Jono Luk & Ross Adams
  • OUC-B211: Overview of Microsoft Office 365 Identity Management. Paul Andrew
  • WAD-B308: Deep Dive into Azure Active Directory Graph API. Edward Wu
  • OUC-B209: Microsoft Office 365 for Education: Overview and Upgrades
  • OUC-B341: Microsoft Office 365 Directory and Access Management with Windows Azure Active Directory. Jono Luk, Paul Andrews, Ross Adams
  • OUC-B205: Security in Microsoft Office 365. Andy O’Donald, Paul Andrew
  • OUC-B216: Microsoft Office 365 Service Communications. Katy Olmstead
  • WAD-B307: Securing Rich Client Applications Using OAuth 2.0 and Windows Active Directory. Vittorio Bertocci

To view any of these presentations yourself, use a URL of: http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/ + the 8 character code I’ve listed. For example: http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/WAD-B309