Managing User Accounts in Office 365

When working with any Microsoft Online systems in the cloud, such as Exchange Online, CRM Online, or SharePoint Online, they come with Office 365, which is a portal for managing users, domains, licensing, services and other admin-related matters.

Office 365 can be accessed via https://portal.microsoftonline.com.

Office 365 Online Portal

There are different ways you can manage user accounts in Office 365. The diagram below summarizes the differences.

Diagram Illustrating Different Ways of Managing Users in Office 365

  1. Users are created and managed in Office 365 (level: Easy).
    Users are created in the Office 365 by assigning login names @orgname.onmicrosoft.com by default, or @yourdomain.com. User information, such as names, job title, and password is stored in Office 365.Suitable for small-sized businesses with no on-premises Active Directory, or no IT team.New Office 365 User
  2. Users are created and managed in on-premises Active Directory, and synchronized to Office 365 (level: Medium).
    On-premises Active Directory is the source of truth. Using Directory Sync installed on an on-premises machine (may be the same server as the Active Directory), users, including their usernames and passwords, are copied from the on-premises Active Directory to Office 365, allowing them to login to Microsoft Online services (Exchange, CRM Online, SharePoint Online, etc.) using their Active Directory credentials.Suitable for medium-sized businesses with on-premises Active Directory, but small or minimal IT team.Active Directory User in Office 365
  3. Like #2, plus Single Sign-On (level: Advanced).
    In the option #2, the users still need to type in the passwords
     to login to Microsoft Online services, the same passwords stored in the on-premises Active Directory.In the Single Sign-On approach, authentication is done via Active Directory Federation Services (ADFS). In addition to on-premises Active Directory, in this approach you need to have another server setup for ADFS. You create a relying trust between ADFS (on-premises, accessible from the external network) with Office 365. When logging in to Microsoft Online Services and typing username@yourdomain.com, the login page will immediately redirect you to the ADFS server for authentication. For the users within the company’s network, they will be authenticated straight away without having to type in their passwords. Otherwise, they will be prompted for password on the Security Token Service (STS) page served by ADFS.To see what the user experience is like, try logging on as a Microsoft employee – whatever@microsoft.com.Suitable for enterprise-sized businesses with on-premises Active Directory, and professional IT team.

    Login Page Redirect

    STS Logon Page

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s