Marten Bütow
31. January 2020 0
Collaboration

The secure future workplace? Just hybrid, please!

Buzzwords like “public cloud first” or even “public cloud only” are all the rage. Agile, innovative, forward-looking companies hardly have a choice: they all rely on the public cloud. Its advantages are well-known: simplicity, dynamism, cost-effectiveness. Agility is great for new, internal applications in core processes. But when companies bet on reliability, they have to go whole hog. That means the collaboration tools for the future workplace cannot lag behind. So off to the public cloud we go.

The future workplace – from the cloud

The workplace of the future comes from the cloud – but not only from there. People who use Microsoft Office for business need to be able to do so in both online cloud mode and in (disconnected) local mode. But the user must be recognized accordingly in both modes – locally and when working in the public cloud.

In contrast to consumer applications, companies cannot rely solely on a public cloud solution for identity management. In the home network, we can use the central Microsoft services for this with a clear conscience. In the enterprise domain, however, we usually need a separate Active Directory for identity management.

Or, to put it metaphorically: agile workplaces from the public cloud are like high-performance race cars, with all the bells and whistles, but unfortunately without seat belts – and locks that can be picked with a paperclip are optional. Apropos: did Marty McFly always have a car key with him?

And now the crucial question: where is the Active Directory stored?

Microsoft offers Cloud Identity, an identity management solution for users who want to use Office 365 and don’t have a local Active Directory. The advantage: no need for administration or infrastructure on the user’s end. The simplicity of the cloud beckons. The user accounts are managed exclusively in an Azure Active Directory. And it is hosted by Microsoft – as are the passwords. For users, this means goodbye single sign-on. But the lack of control over password policies and user administration means this isn’t a good fit for every company.

The next step involves using synchronized identities. To enable it, the Office 365 user needs a separate Active Directory – which means they’re already entering the hybrid world at this low level. Because the user can run this Active Directory at home or, alternatively, in a private cloud run by another trusted provider. Of course, this Active Directory must be continually synchronized with Microsoft’s. This is done using Azure AD Connect, which copies the password hashes and other credentials to the cloud.

Federated identity enables secure, easy work

But if you want to use the same password locally and in the public cloud, avoid having to log on all the time, store your passwords locally, or even use two-factor authorization, synchronized identity isn’t a good fit for you. Particularly since these “features” hardly contribute to improving the user experience in the future workplace. Neither security nor convenience is optimized. This is where federated identity comes in.

This requires a few more components: an Active Directory Federated server, a WAP proxy, and AAD (Azure Active Directory) Connect. The passwords stay in-house and users don’t even have to log on. It’s an elegant, secure solution.

What? Email too?

The federated identity approach is particularly significant for the future digital workplace, especially for Exchange. To put it bluntly: If you want to use Outlook services like email and calendars securely (and I can’t imagine many companies that don’t want to do that…), there’s no way around running your own Active Directory. No customer can use Exchange without this in-house Exchange installation – which should be implemented redundantly (including backup), by the way.

The only (practical and supported) way to maintain attributes on the AAD is through the Exchange management tools: Exchange Admin Center and Exchange PowerShell. AADSync lets the local Active Directory declare itself the master of all the things. The attributes of the external Azure Active Directory become “read-only” in this case. Attributes are changed exclusively on the separate, in-house AD, while the changes are merely passed on to the Azure AD.

Into the hybrid world – automatically

This means: Even if all the mailboxes (and their data) are in Office 365, the configuration is still local under an activated AADSync. So it’s automatically hybrid. Only the hybrid approach enables professional use of Office 365 from the public cloud. And just like that, the future workplace makes the dream of the hybrid collaboration world come true 😉.

Leave a Reply

Your email address will not be published.

* Mandatory field

 
 

Twitter

tsystemsCom @tsystemsCom
#TSystems at #BCW20: Our #LabSession "Digitalization as key to smart urban mobility" at Europe's largest IoT Confer… https://t.co/ULUky8H0CD
#SiemensInnovationDay: As a @Siemens ecosystem supplier & partner we at T-Systems are proud to present our innovati… https://t.co/0PcZhwvCwx
Hawk, one of the most powerful computers in the world, was put into operation at the Stuttgart High Performance Com… https://t.co/O3Y8VAHtwx
#CustomerExperience between the on- and offline world? The Future Store will be demonstrating how to emotionally ch… https://t.co/I5PSjaHfD4
From headquarters to stores: #CustomerExperience makes retail successful. These digital #retail solutions help you… https://t.co/tcLkjN2S0v
In webshops, desired items are only a click away, but many customers continue to attach importance to a classic sho… https://t.co/JC773ZmB1i
Using digital price tags, the #retail segment can flexibly change prices. They can personally advise the customer a… https://t.co/ZFT6h7ipb8
Our #healthcare system is more digital than its reputation – Mark Düsener, Head of Telekom Healthcare Solutions in… https://t.co/kgVYJPuv0l
Companies, decision-makers and partners from the #retail sector - watch out! From 16 to 20 February you will meet t… https://t.co/67ltcdMP4N
Load More...