Tag Archives: Office 365

Which azure active directory edition I should buy?

4ac52e5b-b3ac-4fbd-bbc7-bd4bae8403da

Azure active directory is responsible for providing identity service for Microsoft online service’s needs. When I talk to people about azure AD one of most common problem they ask is what version I should buy? my existing subscription will work for the features I looking for? The myth is, lot of people still thinks azure subscriptions and prices are complicated, but if you understand what each subscription can do it’s not that hard. I have seen people paying for Azure AD premium version when azure AD free version can give the features they needed for their environment and some people struggling to implement features only available for premium version using their free azure AD instance. In this blog post I am going to list down the features for each azure AD version and hope it will help you to decide the version you need for your setup.

There are 4 Azure AD editions,

1) Free

2) Basic

3) Premium P1

4) Premium P2

Free – if you subscribed to any Microsoft online service such as azure or office 365 you will get the free azure AD version. You do not need to pay for this. But it got limited features which I will explain later in this post.

Basic – Designed for task workers with cloud-first needs, this edition provides cloud centric application access and self-service identity management solutions. With the Basic edition of Azure Active Directory, you get productivity enhancing and cost reducing features like group-based access management, self-service password reset for cloud applications, and Azure Active Directory Application Proxy (to publish on-premises web applications using Azure Active Directory), all backed by an enterprise-level SLA of 99.9 percent uptime.
 
Premium P1 – Designed to empower organizations with more demanding identity and access management needs, Azure Active Directory Premium edition adds feature-rich enterprise-level identity management capabilities and enables hybrid users to seamlessly access on-premises and cloud capabilities. This edition includes everything you need for information worker and identity administrators in hybrid environments across application access, self-service identity and access management (IAM), identity protection and security in the cloud. It supports advanced administration and delegation resources like dynamic groups and self-service group management. It includes Microsoft Identity Manager (an on-premises identity and access management suite) and provides cloud write-back capabilities enabling solutions like self-service password reset for your on-premises users.
 
Premium P2 – Designed with advanced protection for all your users and administrators, this new offering includes all the capabilities in Azure AD Premium P1 as well as our new Identity Protection and Privileged Identity Management. Azure Active Directory Identity Protection leverages billions of signals to provide risk-based conditional access to your applications and critical company data. We also help you manage and protect privileged accounts with Azure Active Directory Privileged Identity Management so you can discover, restrict and monitor administrators and their access to resources and provide just-in-time access when needed.
 
azure ad version 1
azure ad version 2
azure ad version 3
 
You can find more info about the subscriptions from 
 
if you got any question feel free to contact me on rebeladm@live.com

 
Note : Image Source https://f.ch9.ms/thumbnail/4ac52e5b-b3ac-4fbd-bbc7-bd4bae8403da.png

Step-by-Step guide to create federated sharing between on-premises Exchange 2013 and Office 365 Organization

Recently I was working on a project for a customer and I thought to share the problem and solution so in future it will help my blog readers.

Problem

My client has an on-premises Microsoft exchange 2013. Recently they are acquiring a company. This company is using Office 365. The both companies like to see calendar free/busy information when they schedules meetings etc.

Solution

Exchange 2013 offers a feature called “federation trust”. Federation trust will create trust relationship between on-premises exchange server and Azure active directory authentication system. Then it can use to create federated sharing with other federated organizations to share calendar free/busy information. The same method can use to create federated sharing between on-premises exchange server and office 365.

What you need?

Before start the configuration we need to have following ready,
1)    Exchange administrator Privileges for on-premises exchange setup
2)    Global administrator privileges for Office 365 portal
3)    Access to DNS Zones to add TXT record for the on-premises exchange domain ( it is public dns entry )
4)    Auto discovery should be fully functioning with on-premises exchange setup. If you got problem with it need to fix before start this configuration as you will end up with one way calendar free/busy info sharing.

Configuration on on-premises Exchange 2013

1)    Log in to EAC as exchange administrator
2)    Go to organization > sharing

ex1

3)    Then click on enable (if you not using any federation trusts already) and start the federation trust wizard. It is straight forward setup and once wizard completes click on close.
4)    Then under the federation trust click on modify

ex2

5)    In new window Sharing-Enabled Domains, next to step 1 click on brows
6)    In Select Accepted Domains, select the primary domain name of the on-premises exchange setup and click OK
7)    This will create a federation trust with Azure AD authentication system. Please make note of the TXT record in the windows. Then add it to DNS zone (it should resolve via public dns). Make sure this record is created correctly as you will not be able to verify domain ownership with Azure AD authentication system. Sometime DNS propagation can take up to 24 hours and it’s all depend on your DNS provider. Once record is created click on Update
8)    Once it’s done it will looks like following. It creates unique federation trust namespace and will register with Azure AD authentication system.

ex3

9)    If you got additional domains, click on + mark to add. Once done click on update and exit from the window.

ex4

10)    Now we need to add office 365 domain and allow them to see the free busy information. To do that on same sharing window, under the Organization sharing click on + mark

ex5

11)    In new window, fill the info about the office 365 domain and set the sharing permissions as you desired. But I highly recommend to use same permissions in both ends to avoid issues. Of policies mismatch it may work on one-way only.  Once changes are done click on save.

ex6

12)    That’s it, it completes the federation trust setup on on-premises exchange 2013 end.

Configuration on Office 365 end

1)    Log in to Office 365 portal and click on exchange admin center

ex7

2)    In EAC go to the Organization

ex8

3)    Under the organization sharing click on + to add on-premises exchange domain

ex9

4)    In new window add the info about on-premises domain and also set sharing permissions, once done click on save.

ex10

Now it’s all done, it’s time for testing.
Some time you may notice the even after setup office 365 users may not be able to see the calendar free/busy info while it work from the other end. So best way to start troubleshooting this problem is to follow this troubleshoot link https://support.microsoft.com/en-us/help/10092/troubleshooting-free-busy-issues-in-exchange-hybrid-environment

But I have notice sometime you need to restart IIS on on-premises exchange 2013 CAS to get this working.

Hope this help and if you have any questions feel free to contact me on rebeladm@live.com