Saturday, March 29, 2014

Office 365 Federation Updates

There was some good information in this blog that really cleared the air on a few topics which I talk a lot about with customers -

A lot of times I am asked, can authentication federation with Office 365 can be done with something other than Active Directory Federation Services (ADFS) and Active Directory (AD)? The answer has always been yes as there are other third-party STS servers that have been supported plus other LDAP directories are supported.

However with this recent announcement this story has been cleaned up a bit. Here are the high level facts you need to know:

  • Active Directory (AD) can be used to synchronize your directories to Office 365. You can use DirSync to do this. Everyone knows this. If you have multiple AD forests, you will need to use Forefront Identity Manager (FIM).
  • LDAP directories can also be synchronized with Office 365. Again you will need to use FIM to support this. Recommend that you talk with your licensing person at Microsoft. Remember a full FIM CAL is not needed when all you are using is the FIM synchronization service. I am not a licensing expert on FIM so I recommend you double check.
  • SAML 2.0 is now offered as an authentication federation option now with Office 365. This allows a whole host of STS identity providers to authenticate with Office 365. The important note is that SAML 2.0 support is for “passive authentication” scenarios which as you may know is used for browser based authentication.
  • Office 365 has supported and will continue to support WS-Federation and WS-Trust to support ADFS and other WS-* identity providers.
  • So what about the Rich Clients? When we are talking rich clients we are talking such client applications as Lync client, Office Desktop clients (Word, Excel, PowerPoint, Outlook, etc.), etc. In the Microsoft Office 365 world, it is not just browser only, there are tons of other clients that can to connect to Office 365 service. Authentication using these rich clients is referred to as “active authentication” which currently requires WS-Trust. If you want to have federated authentication and you need to support rich clients, you will need to use an STS identity provider that supports WS-Federation and WS-Trust. You will need to use either Active Directory Federation Services (ADFS) or a qualified solutions partner that can support this level of authentication. A list of third-party approved providers is listed here - and information about the program for getting third-party qualified is listed here -
  • So is the Rich Client scenario ever going to support SAML 2.0 and Passive Authentication? The answer is YES. It is reflected in the public roadmap of these two blogs and There will be an update to Office 2013 client applications, in the year 2014, which will allow Office 2013 client applications to support SAML 2.0 (or Shibboleth) passive authentication.

These changes in Office 365 federation authentication are great changes to supporting more enterprise scenarios.

Office for iPad and Office Mobile

There was a major announcement for Office 365 this week that I think almost everyone heard about this week. iPad for Office is now available. For business Office 365 business customers (and consumers) this was long awaited and a proof to world that Microsoft is making a commitment to be a devices and services company. Here are the big facts that everyone should know:

  • Office for iPad supports Word, PowerPoint and Excel.
  • Office for iPad for free allows you to read, view and present.
  • Office for iPad subscription service with Office 365 allows you to create and edit.
  • Office Mobile for iPhone and Android phones is now free, just like on a Windows Phone. No Office 365 subscription is needed.
  • Office for iPad when creating and editing will ensure that content and formatting will be maintained. This is really important for business scenarios to ensure the integrity of documents as a record.
  • Remember all this gets hooked into OneDrive and OneDrive for Business. This means your documents follow you everywhere. I will have to say that OneDrive for Business has literally changed the way I work. When I work with files on my laptop on in OneDrive or any SharePoint Online document library, I have access to all my recently edited Office files on my phone. So when I am on the run, I always have access to what I have been working on. Plus all my OneDrive for Business files accessible from Office Mobile / Office for iPad. Office is not longer just on my PC, it is everywhere I am working across devices. All the Office files (and other file types) are managed in the corporation and are discoverable.

I am telling you. Office Mobile / Office for iPad / OneDrive for Business is literally a game-changer in how your business people work across devices.

Then when you start looking at all the Lync Apps available on Windows Phone, iPhone, iPad and Android you can really see how productive people can really become.

Sunday, March 23, 2014

SharePoint Online Unlimited Storage

I have not had a lot of time to blog about the most recent SharePoint Conference. There was a lot of good things presented. With my focus on Office 365 and SharePoint Online, the announcement that gave me the most excitement was that Site Collection storage was being expanded to 1 TB with the ability to purchase unlimited storage -

When I heard this I was blown away. We now have a similar solution for SharePoint Online, like we have for Exchange Online. Customers no longer have to worry about how much data they have. Microsoft Office 365 can hold it all.