{"id":5414,"date":"2014-11-18T12:00:26","date_gmt":"2014-11-18T12:00:26","guid":{"rendered":"http:\/\/www.markwilson.co.uk\/blog\/?p=5414"},"modified":"2017-01-31T20:29:10","modified_gmt":"2017-01-31T20:29:10","slug":"choosing-an-office-365-identity-model-when-to-use-adfs","status":"publish","type":"post","link":"https:\/\/www.markwilson.co.uk\/blog\/2014\/11\/choosing-an-office-365-identity-model-when-to-use-adfs.htm","title":{"rendered":"Choosing an Office 365 identity model (when to use ADFS)"},"content":{"rendered":"<p>At the time of writing, Microsoft Office 365 has the ability to work with three identity models:<\/p>\n<ul>\n<li>Cloud identity (stored in\u00a0Microsoft Azure Active Directory).<\/li>\n<li>Synchronised identity (a copy of the objects from an on-premises Active Directory is made in Microsoft Azure AD), optionally with synchronised password hashes. \u00a0This is also known as <em>same sign on<\/em> (not single sign on as there are still two\u00a0separate objects, albeit two objects that are kept synchronised).<\/li>\n<li>Federated identity, using a federation service (such as Active Directory Federation Services, but others are supported) to authenticate users in an on-premises directory\u00a0following which authorisation can be granted to Office 365\u00a0resources. This is also known as <em>single sign on<\/em>. \u00a0In this instance, directory synchronisation is still used to populate the Azure AD with user objects, although authentication happens on-premises.<\/li>\n<\/ul>\n<p>Whilst the majority of small businesses will be fine with cloud identities, many of my conversations with enterprise customers start off in the directory synchronisation space. Generally,\u00a0synchronisation is performed using\u00a0<a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/dn635310(v=office.15).aspx\">the Office 365 DirSync appliance<\/a> (a customised version of Forefront Identity Manager) although, more recently a new tool (<a href=\"http:\/\/www.microsoft.com\/en-gb\/download\/details.aspx?id=44225\">Azure AD Sync<\/a>) has been released that will eventually replace DirSync. \u00a0At the time of writing the main difference is that Azure\u00a0AD Sync supports multiple forests (DirSync is a single forest solution) but it doesn&#8217;t support password synchronisation (still a major advantage for DirSync).<\/p>\n<p>In general, the approach I recommend is to choose the simplest model for the\u00a0organisation&#8217;s\u00a0needs. The cloud identity model can work well when there is no on-premises directory service or there is\u00a0no requirement to integrate; synchronised identity is the most commonly used (assuming there is an existing Active Directory) but sometimes\u00a0federation\u00a0is required:<\/p>\n<ol>\n<li>If there is an existing ADFS infrastructure.<\/li>\n<li>If a third party federated ID provider is in use.<\/li>\n<li>If\u00a0Forefront Identity Manager 2010 is in use (which does not support password synchronisation).<\/li>\n<li>If there\u00a0are\u00a0multiple on-premises Active Directory forests (although Azure AD sync may negate this requirement).<\/li>\n<li>If smart cards or other third-party multi-factor authentication solutions are in use (Azure AD does have an MFA capability, although there are some restrictions on its use).<\/li>\n<li>If custom hybrid apps or hybrid search are in use (SharePoint).<\/li>\n<li>If a hybrid Lync solution is in use (i.e. placing users with enterprise voice capabilities on premises and those that don&#8217;t need voice\u00a0in Lync Online, sharing the same SIP namespace).<\/li>\n<li>For self-service password reset via a web service (only administrators have self-service password reset in Office 365).<\/li>\n<li>If there is a\u00a0requirement to audit logins and\/or immediately disable accounts.<\/li>\n<li>If there is a\u00a0requirement for single\u00a0sign-on (i.e. accessing Office 365 workloads with the same user credentials as on-premises).<\/li>\n<li>If there is a\u00a0requirement to restrict client logins by time or location.<\/li>\n<li>If the organisational security policy prevents the synchronisation of password hashes to Azure AD.<\/li>\n<\/ol>\n<p>On a related topic, <a href=\"http:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=41950\">the Microsoft Online Services Sign-in Assistant (MOSA) for IT Professionals<\/a> only exists to simplify the user experience (handling tokens, etc.) and is generally not required with modern versions of Office. <a href=\"https:\/\/www.markwilson.co.uk\/blog\/2014\/08\/administering-office-365-using-powershell-updated-information-on-the-required-components.htm\">Administrators using PowerShell may still need it\u00a0though<\/a>.<\/p>\n<p>Finally, if ADFS is down, there is no way for users to authenticate. For that reason, federated infrastructure\u00a0needs to be highly available (e.g. multiple ADFS proxies and multiple ADFS servers). \u00a0One method that&#8217;s starting to be commonly recommended is an &#8220;ADFS safety net&#8221;, using DirSync as a fall back (it&#8217;s possible to move between identity models on demand) but obviously that&#8217;s only an option if your organisation&#8217;s security policy allows the synchronisation of identities (including password hashes to minimise the impact on end users).<\/p>\n<blockquote class=\"twitter-tweet\" lang=\"en\"><p>RT <a href=\"https:\/\/twitter.com\/mderooij\">@mderooij<\/a>: Fallback options for when ADFS is unavailable <a href=\"https:\/\/twitter.com\/hashtag\/devconnections?src=hash\">#devconnections<\/a> <a href=\"http:\/\/t.co\/T8iPywpNUu\">pic.twitter.com\/T8iPywpNUu<\/a> ^MW Great advice&#8230;<\/p>\n<p>\u2014 Mark Wilson (@markwilsonit) <a href=\"https:\/\/twitter.com\/markwilsonit\/status\/512549102534414336\">September 18, 2014<\/a><\/p><\/blockquote>\n<p><script src=\"\/\/platform.twitter.com\/widgets.js\" async=\"\" charset=\"utf-8\"><\/script><\/p>\n<p>For reference, the PowerShell commands are:<\/p>\n<ul>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-gb\/library\/dn194122.aspx\">If ADFS is available<\/a>:<\/li>\n<\/ul>\n<p style=\"padding-left: 60px;\"><code>Convert-Msol-DomainToStandard -DomainName domainname.tld -SkipUserConversion $true<br \/>\nConvert-Msol-DomainToFederated -DomainName domainname.tld<\/code><\/p>\n<ul>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-gb\/library\/dn194112.aspx\">If ADFS is unavailable<\/a>:<\/li>\n<\/ul>\n<p style=\"padding-left: 60px;\"><code>Set-Msol-DomainAuthentication -Authentication Managed\u00a0-DomainName domainname.tld<br \/>\nConvert-Msol-DomainToFederated -DomainName domainname.tld<\/code><\/p>\n<p>Credit is due to Michel de Rooij (<a href=\"https:\/\/twitter.com\/mderooij\">@mderooij<\/a>) for the ADFS safety net tip.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>At the time of writing, Microsoft Office 365 has the ability to work with three identity models: Cloud identity (stored in\u00a0Microsoft Azure Active Directory). Synchronised identity (a copy of the objects from an on-premises Active Directory is made in Microsoft Azure AD), optionally with synchronised password hashes. \u00a0This is also known as same sign on &hellip; <a href=\"https:\/\/www.markwilson.co.uk\/blog\/2014\/11\/choosing-an-office-365-identity-model-when-to-use-adfs.htm\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Choosing an Office 365 identity model (when to use ADFS)<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[218],"tags":[102,176,217],"class_list":["post-5414","post","type-post","status-publish","format-standard","hentry","category-technology","tag-active-directory","tag-azure","tag-office-365"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Choosing an Office 365 identity model (when to use ADFS) - markwilson.it<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.markwilson.co.uk\/blog\/2014\/11\/choosing-an-office-365-identity-model-when-to-use-adfs.htm\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Choosing an Office 365 identity model (when to use ADFS) - markwilson.it\" \/>\n<meta property=\"og:description\" content=\"At the time of writing, Microsoft Office 365 has the ability to work with three identity models: Cloud identity (stored in\u00a0Microsoft Azure Active Directory). Synchronised identity (a copy of the objects from an on-premises Active Directory is made in Microsoft Azure AD), optionally with synchronised password hashes. \u00a0This is also known as same sign on &hellip; Continue reading Choosing an Office 365 identity model (when to use ADFS)\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.markwilson.co.uk\/blog\/2014\/11\/choosing-an-office-365-identity-model-when-to-use-adfs.htm\" \/>\n<meta property=\"og:site_name\" content=\"markwilson.it\" \/>\n<meta property=\"article:published_time\" content=\"2014-11-18T12:00:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-01-31T20:29:10+00:00\" \/>\n<meta name=\"author\" content=\"Mark Wilson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@markwilsonit\" \/>\n<meta name=\"twitter:site\" content=\"@markwilsonit\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark Wilson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2014\\\/11\\\/choosing-an-office-365-identity-model-when-to-use-adfs.htm#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2014\\\/11\\\/choosing-an-office-365-identity-model-when-to-use-adfs.htm\"},\"author\":{\"name\":\"Mark Wilson\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"headline\":\"Choosing an Office 365 identity model (when to use ADFS)\",\"datePublished\":\"2014-11-18T12:00:26+00:00\",\"dateModified\":\"2017-01-31T20:29:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2014\\\/11\\\/choosing-an-office-365-identity-model-when-to-use-adfs.htm\"},\"wordCount\":668,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"keywords\":[\"Microsoft Active Directory\",\"Microsoft Azure\",\"Microsoft Office 365\"],\"articleSection\":[\"Technology\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2014\\\/11\\\/choosing-an-office-365-identity-model-when-to-use-adfs.htm#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2014\\\/11\\\/choosing-an-office-365-identity-model-when-to-use-adfs.htm\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2014\\\/11\\\/choosing-an-office-365-identity-model-when-to-use-adfs.htm\",\"name\":\"Choosing an Office 365 identity model (when to use ADFS) - markwilson.it\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#website\"},\"datePublished\":\"2014-11-18T12:00:26+00:00\",\"dateModified\":\"2017-01-31T20:29:10+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2014\\\/11\\\/choosing-an-office-365-identity-model-when-to-use-adfs.htm#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2014\\\/11\\\/choosing-an-office-365-identity-model-when-to-use-adfs.htm\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2014\\\/11\\\/choosing-an-office-365-identity-model-when-to-use-adfs.htm#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Choosing an Office 365 identity model (when to use ADFS)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/\",\"name\":\"markwilson.it\",\"description\":\"get-info -class technology | write-output &gt; \\\/dev\\\/web\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\",\"name\":\"Mark Wilson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"width\":800,\"height\":800,\"caption\":\"Mark Wilson\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\"},\"description\":\"A Chartered IT Professional, with recent experience in technology leadership, IT strategy and practice management roles, Mark Wilson is an Enterprise Architect in the Advisory and Management Group at risual. During a career spanning more than two decades, Mark has gained widespread recognition as an expert in his field including both industry and national press exposure. In addition to certifications from Microsoft, VMware, Red Hat, The Open Group and Axelos, Mark held a Microsoft Most Valuable Professional (MVP) award for three years and is now part of the MVP Reconnect programme. Mark is also well-known on social media and maintains an award-winning blog.\",\"sameAs\":[\"http:\\\/\\\/www.markwilson.co.uk\\\/\",\"https:\\\/\\\/www.instagram.com\\\/markwilsonuk\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/markawilson\\\/\",\"https:\\\/\\\/x.com\\\/markwilsonit\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCWHlZCoHRTocdvtrOJ2IL4A\"],\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/author\\\/mark-wilson\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Choosing an Office 365 identity model (when to use ADFS) - markwilson.it","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.markwilson.co.uk\/blog\/2014\/11\/choosing-an-office-365-identity-model-when-to-use-adfs.htm","og_locale":"en_GB","og_type":"article","og_title":"Choosing an Office 365 identity model (when to use ADFS) - markwilson.it","og_description":"At the time of writing, Microsoft Office 365 has the ability to work with three identity models: Cloud identity (stored in\u00a0Microsoft Azure Active Directory). Synchronised identity (a copy of the objects from an on-premises Active Directory is made in Microsoft Azure AD), optionally with synchronised password hashes. \u00a0This is also known as same sign on &hellip; Continue reading Choosing an Office 365 identity model (when to use ADFS)","og_url":"https:\/\/www.markwilson.co.uk\/blog\/2014\/11\/choosing-an-office-365-identity-model-when-to-use-adfs.htm","og_site_name":"markwilson.it","article_published_time":"2014-11-18T12:00:26+00:00","article_modified_time":"2017-01-31T20:29:10+00:00","author":"Mark Wilson","twitter_card":"summary_large_image","twitter_creator":"@markwilsonit","twitter_site":"@markwilsonit","twitter_misc":{"Written by":"Mark Wilson","Estimated reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.markwilson.co.uk\/blog\/2014\/11\/choosing-an-office-365-identity-model-when-to-use-adfs.htm#article","isPartOf":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2014\/11\/choosing-an-office-365-identity-model-when-to-use-adfs.htm"},"author":{"name":"Mark Wilson","@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"headline":"Choosing an Office 365 identity model (when to use ADFS)","datePublished":"2014-11-18T12:00:26+00:00","dateModified":"2017-01-31T20:29:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2014\/11\/choosing-an-office-365-identity-model-when-to-use-adfs.htm"},"wordCount":668,"commentCount":1,"publisher":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"keywords":["Microsoft Active Directory","Microsoft Azure","Microsoft Office 365"],"articleSection":["Technology"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.markwilson.co.uk\/blog\/2014\/11\/choosing-an-office-365-identity-model-when-to-use-adfs.htm#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.markwilson.co.uk\/blog\/2014\/11\/choosing-an-office-365-identity-model-when-to-use-adfs.htm","url":"https:\/\/www.markwilson.co.uk\/blog\/2014\/11\/choosing-an-office-365-identity-model-when-to-use-adfs.htm","name":"Choosing an Office 365 identity model (when to use ADFS) - markwilson.it","isPartOf":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#website"},"datePublished":"2014-11-18T12:00:26+00:00","dateModified":"2017-01-31T20:29:10+00:00","breadcrumb":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2014\/11\/choosing-an-office-365-identity-model-when-to-use-adfs.htm#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.markwilson.co.uk\/blog\/2014\/11\/choosing-an-office-365-identity-model-when-to-use-adfs.htm"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.markwilson.co.uk\/blog\/2014\/11\/choosing-an-office-365-identity-model-when-to-use-adfs.htm#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.markwilson.co.uk\/blog"},{"@type":"ListItem","position":2,"name":"Choosing an Office 365 identity model (when to use ADFS)"}]},{"@type":"WebSite","@id":"https:\/\/www.markwilson.co.uk\/blog\/#website","url":"https:\/\/www.markwilson.co.uk\/blog\/","name":"markwilson.it","description":"get-info -class technology | write-output &gt; \/dev\/web","publisher":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.markwilson.co.uk\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":["Person","Organization"],"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468","name":"Mark Wilson","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","url":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","width":800,"height":800,"caption":"Mark Wilson"},"logo":{"@id":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1"},"description":"A Chartered IT Professional, with recent experience in technology leadership, IT strategy and practice management roles, Mark Wilson is an Enterprise Architect in the Advisory and Management Group at risual. During a career spanning more than two decades, Mark has gained widespread recognition as an expert in his field including both industry and national press exposure. In addition to certifications from Microsoft, VMware, Red Hat, The Open Group and Axelos, Mark held a Microsoft Most Valuable Professional (MVP) award for three years and is now part of the MVP Reconnect programme. Mark is also well-known on social media and maintains an award-winning blog.","sameAs":["http:\/\/www.markwilson.co.uk\/","https:\/\/www.instagram.com\/markwilsonuk\/","https:\/\/www.linkedin.com\/in\/markawilson\/","https:\/\/x.com\/markwilsonit","https:\/\/www.youtube.com\/channel\/UCWHlZCoHRTocdvtrOJ2IL4A"],"url":"https:\/\/www.markwilson.co.uk\/blog\/author\/mark-wilson"}]}},"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":5944,"url":"https:\/\/www.markwilson.co.uk\/blog\/2015\/09\/overview-of-azure-ad-synchronisation.htm","url_meta":{"origin":5414,"position":0},"title":"Overview of Azure AD synchronisation","author":"Mark Wilson","date":"Thursday 24 September 2015","format":false,"excerpt":"Over the last few months, I've had the opportunity to work with a number of directories that are synchronised from on-premises Active Directory (AD) to Azure AD (AAD) -\u00a0the directory service behind Office 365, Azure, Dynamics, Intune and other business-focused Microsoft online services. I've learned a few things along the\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/www.markwilson.co.uk\/blog\/topic\/technology"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5986,"url":"https:\/\/www.markwilson.co.uk\/blog\/2015\/09\/troubleshooting-missing-objects-azure-ad-sync.htm","url_meta":{"origin":5414,"position":1},"title":"Troubleshooting missing objects in Azure AD sync","author":"Mark Wilson","date":"Friday 11 September 2015","format":false,"excerpt":"I have a half-written blog post about Microsoft Azure Active Directory (AAD) Connect - the latest incarnation of the directory synchronisation engine used to populate a cloud directory for Office 365 and other online services. That post will stay half-written for a while longer as\u00a0it needs a bit more work\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/www.markwilson.co.uk\/blog\/topic\/technology"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5496,"url":"https:\/\/www.markwilson.co.uk\/blog\/2015\/02\/microsoft-accounts-vs-microsofts-organizational-accounts.htm","url_meta":{"origin":5414,"position":2},"title":"&#8220;Microsoft accounts&#8221; vs. Microsoft&#8217;s &#8220;organizational accounts&#8221;","author":"Mark Wilson","date":"Thursday 19 February 2015","format":false,"excerpt":"If you're using Microsoft's online services, you might reasonably expect to authenticate against some form of directory service. \u00a0And, if you have your own directory service (like\u00a0Active Directory), you might reasonably expect to be able to synchronise it with your cloud identity to provide a holistic view to end users.\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/www.markwilson.co.uk\/blog\/topic\/technology"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5992,"url":"https:\/\/www.markwilson.co.uk\/blog\/2015\/09\/adding-microsoft-azure-services-to-an-existing-office-365-tenant.htm","url_meta":{"origin":5414,"position":3},"title":"Adding Microsoft Azure services to an existing Office 365 tenant","author":"Mark Wilson","date":"Monday 21 September 2015","format":false,"excerpt":"If you have an Office 365 subscription, you use Microsoft Azure because Azure Active Directory is the underlying directory service - regardless of your chosen identity model (even if you use federated identity, you'll sync your users to the cloud). Within the Office 365 admin center, is an Azure AD\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/www.markwilson.co.uk\/blog\/topic\/technology"},"img":{"alt_text":"Azure - AD created by Office 365","src":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/images\/azure-ad-o365.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/images\/azure-ad-o365.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/images\/azure-ad-o365.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":8306,"url":"https:\/\/www.markwilson.co.uk\/blog\/2021\/07\/notes-from-the-field-some-common-dependencies-for-microsoft-365-deployments.htm","url_meta":{"origin":5414,"position":4},"title":"Notes from the field: some common dependencies for Microsoft 365 deployments","author":"Mark Wilson","date":"Monday 19 July 2021","format":false,"excerpt":"My blog posts take a while to get published these days. I struggle to find the time to write them and often a few notes can remain in draft form for a long time. Some of those notes never make it. Others possibly shouldn't. This is one of those posts\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/www.markwilson.co.uk\/blog\/topic\/technology"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/Microsoft365_logo_horiz_c-gray_rgb.png?fit=1200%2C441&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/Microsoft365_logo_horiz_c-gray_rgb.png?fit=1200%2C441&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/Microsoft365_logo_horiz_c-gray_rgb.png?fit=1200%2C441&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/Microsoft365_logo_horiz_c-gray_rgb.png?fit=1200%2C441&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/Microsoft365_logo_horiz_c-gray_rgb.png?fit=1200%2C441&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":7821,"url":"https:\/\/www.markwilson.co.uk\/blog\/2020\/01\/microsoft-online-services-tenants-subscriptions-and-domain-names.htm","url_meta":{"origin":5414,"position":5},"title":"Microsoft Online Services: tenants, subscriptions and domain names","author":"Mark Wilson","date":"Thursday 23 January 2020","format":false,"excerpt":"I often come across confusion with clients trying to understand the differences between tenants, subscriptions and domain names when deploying Microsoft services. This post attempts to clear up some misunderstandings and to - hopefully - make things a little clearer. Each organisation has a Microsoft Online Services tenant which has\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/www.markwilson.co.uk\/blog\/topic\/technology"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5414","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=5414"}],"version-history":[{"count":5,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5414\/revisions"}],"predecessor-version":[{"id":6917,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5414\/revisions\/6917"}],"wp:attachment":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=5414"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=5414"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=5414"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}