heavywhe.blogg.se

However, a cloud identity model doesn’t require IT to deploy and manage any special infrastructure, which may be a positive.

User logs on to Office 365 services with a cloud identity, and on-premises resources with an on-premises Active Directory identity.Īdministrative effort is also duplicated, requiring IT to make updates to attributes (such as display names, or phone numbers) to two separate objects rather than a single object that is synchronized. When I’ve seen this used in the real world it can be awkward, confusing and frustrating for end users, and often leads to weakening of security by configuring non-expiring passwords, or worse, the same password for everyone. Cloud identity is less suitable for organizations that have a legacy on-premises Active Directory, because users will have two sets of credentials (one for authentication to on-premises resources, and one for cloud services). User logs on to Office 365 services with a cloud identity.Ĭloud identity works well for organizations with no on-premises Active Directory, because users have a single set of credentials to remember and manage. The Azure AD identities are used by Office 365 services like Exchange Online, and can also be used to sign on to third party services that support federation with Azure AD such as Dropbox and Salesforce. With the cloud identity approach Azure Active Directory becomes the source of identity for the organization, and user accounts for each person in the organization exist in the cloud. Here’s an overview of the three Office 365 identity models to consider.

Any of the three identity models might suit them, depending on their long term plans, so we discuss the options and choose one. Organizations with existing on-premises infrastructure have more to think about. This type of customer can reasonably easily adopt a cloud identity model (which I’ll explain shortly). Usually the business has no desire to deploy any on-premises IT infrastructure, except perhaps some basic printer sharing or local file storage, and so there is no on-premises Active Directory to consider. In each case I like to have a discussion early in the conversation about their expectations for identity management, as this element of the solution will heavily influence how the rest of the Office 365 deployment or migration goes.įor green field deployments the decision is fairly easy.