Office 365 can integrate with your existing
directory services and with an on-premises installation of Exchange Server,
Skype for Business Server 2015, or SharePoint Server 2013.
When integrate with directory services, we can
synchronize and manage user accounts for both environments. We can also add
password hash synchronization or single sign-on (SSO) so users can log on to
both environments with their on-premises credentials. For more information
about hybrid environments, see Office 365 hybrid cloud solutions overview.
Integrate
Office 365 with directory services
If you have existing user accounts in an
on-premises directory, you don't want to re-create all of those accounts in
Office 365 and risk introducing differences or errors between the environments.
Directory synchronization helps you mirror those accounts between your online
and on-premises environments. With directory synchronization, your users don't
have to remember new information for each environment, and you don't have to
create or update accounts twice. You will need to prepare your on-premises directory for
directory synchronization, you can do this manually or use the IdFix tool (IdFix tool only works with
Active Directory).
If you want users to be able to log on to Office 365 with their on-premises credentials, you can also configure SSO. With SSO, Office 365 is configured to trust the on-premises environment for user authentication.
Directory
synchronization with or without password hash synchronization or pass-through
authentication
A user logs on to their on-premises environment with their user
account (domain\username). When they go to Office 365, they must log on again
with their work or school account (user@domain.com). The user name is the same
in both environments. When you add password hash sync or pass-through
authentication, the user has the same password for both environments, but will
have to provide those credentials again when logging on to Office 365.
Directory synchronization with password hash sync is the most commonly used
directory sync scenario.
To set up directory synchronization, use Azure Active Directory
Connect. For instructions, read Set up directory synchronization for Office 365,
and Use Azure AD Connect with express settings.
Learn more about preparing to provision users through directory
synchronization to Office 365 and integrating
your on-premises identifies with Azure Active Directory.
Directory
synchronization with SSO
A user logs on to their on-premises environment with their user
account. When they go to Office 365, they are either logged on automatically,
or they log on using the same credentials they use for their on-premises
environment (domain\username).
To set up SSO you also use Azure AD Connect. For instructions,
read Use Azure AD Connect with custom settings.
Learn more about application access and single sign-on with Azure Active Directory.
Azure
ADConnect
Azure AD Connect replaces older versions of identity integration
tools such as DirSync and Azure AD Sync. For more information, see Integrating your on-premises identities with Azure Active
Directory. If you want to update from Azure Active
Directory Sync to Azure AD Connect, see the upgrade instructions. See a solution architecture built
for Office 365 Directory Synchronization (DirSync) in Microsoft
Azure.
You can use the Azure AD advisors for customized setup
guidance:
- Azure AD
Connect advisor
- AD FS
deployment advisor
- Azure RMS
Deployment Wizard
- Azure AD
Premium setup guidance
No comments:
Post a Comment