Active Directory federation services with office 365 is a feature that allows the Active Directory of an organization to be synced up with the exchange directory in Office 365 and allows for single sign on to email. There are two main components to this – dirsync and federation.
Active Directory Synchronization
Dirsync is the part that syncs up the directories. What this means is that user creation, deletion, management, passwords, etc will be done mostly within your internal active directory. Anything done to a user will be reflected in office 365 within a matter of hours (or sooner if you manually run a sync). All users in active directory will be synced to office 365, and licenses for email and other features of office 365 can be assigned and managed at will by the administrator.
Active Directory Federation
Federation is the second part, and allows Office 365 sign in to be done directly through your servers and Active Directory. The big advantage to this is that when domain joined machines go to access their email, via outlook or outlook web access, the user will already be signed in using their active directory account (which remember is already synced to office 365 using dirsync).
How useful is this? For small organizations under ten users or so, it is probably not worth the servers and setup time, as it is easy enough to create independent active directory and office 365 accounts and keep them maintained. But once you start moving towards larger organizations, it quickly becomes an invaluable tool. Imagine a 100 user organization with a moderate turnover rate. Now imagine trying to keep two separate directories (one internal and one on office 365) accurate and up to date with users changing and passwords expiring/getting lost all the time. The advantages of having only one directory to manage and keep up to date quickly become clear.
[…] What is Active Directory Federation Services (ADFS) with Office 365? […]
[…] What is ADFS with Office 365? […]