Microsoft Office 365 Identity Services – Part I

Microsoft Office 365 is a cloud-based productivity suite that's stuffed full of familiar, powerful applications and services such as Office Professional Plus, Lync Online, Exchange Online. Office 365 offers a multitude of identity based services in terms of user accounts, passwords, identity synchronisation, identity federation etc. In part one of our two part series, we'll be looking at the types of identities, user creation and login options.

There are two types of identities that Office 365 supports:

- Microsoft Online Service Cloud Ids: Users receive a set of credentials that are separate from their desktop or corporate credentials. These separate credentials are also known as a Cloud Identity. The password policy of the Cloud ID is stored in the cloud with Office 365's services and data.

- Federated Identity: Companies that have on-premises Active Directory setup can enable users to use their corporate identities to log-on to the cloud services without the need for separate credentials. The company's Active Directory Sever store's the user information, password policy information and all the other data.

Creating User Accounts

Users can be created on Office 365 in four different ways (assuming that federated identity is not utilised).

- Administrator Console of Office 365: Administrators can use the Office 365 online console to create user accounts and individually assign licenses as per user requirement. Once the users are created, further information like department, telephone and contact details can be added.

- Bulk User creation through .csv upload: Administrators can use the Bulk add user wizard to upload a .csv file with user data. Once the file is uploaded and users are created, the administrator can view the new users’ passwords or send them directly to the individuals via email.

- Active Directory Synchronization Tool: With this tool administrators can replicate the Active Directory on Office 365 and in turn populate all the information as user attributes. The master copy of the users stays on the local server, so online details can not be edited in the Office 365 console.

- Simple Migration for Exchange: User accounts and mailboxes will be created automatically if an organization wishes to migrate its entire email setup from on-premises Exchange 2007 or Exchange 2010 to the cloud. This particular method is called simple or cutover migration for Exchange.

Types of Authentication Supported by Microsoft Office 365

Office 365 supports two modes of authentication - browser based and client based.

Under browser based authentication, users can use either the Cloud Identity or the Federated Identity depending upon their company's configuration option. With a Federated Identity setup, the sign-in service alows for user authentication via the on-premises Active Directory Federation Server.

Rich Client based authentication employs basic/proxy authentication through SSL, calling on both Exchange Online and the on-premises Active Directory Federation Server 2.0. The Office service Sign-in Assistant, which is a simple desktop-based application, allows users to logon to Office 365 using either their Cloud ID or the Federated ID.

In the next part we shall be looking at the Two Factor Authentication Supported by Office 365, Password Management and Active Directory Synchronization.