1
00:00:07,070 --> 00:00:15,710
You can use any affairs to provide an s so experience to users across various cloud based platforms.

2
00:00:16,280 --> 00:00:24,860
For example, after the user was authenticated with 82 hours credentials, they can then use those domain

3
00:00:24,860 --> 00:00:35,510
credentials to access Microsoft online services such as Asia, Microsoft Intune or Office 365 eight.

4
00:00:35,590 --> 00:00:40,460
It first can also provide SSL to other cloud based providers.

5
00:00:40,850 --> 00:00:49,730
However, because open standards are the basis for the ADA offers, it can interoperate with any compliant,

6
00:00:49,730 --> 00:00:51,680
claims based system.

7
00:00:53,420 --> 00:00:54,080
A hybrid.

8
00:00:54,230 --> 00:01:02,600
Microsoft Exchange deployment is an example of a cloud based service that users look users at a first

9
00:01:02,600 --> 00:01:11,390
for authentication in this type of deployment and organization, deploy some or all of its mailboxes

10
00:01:11,390 --> 00:01:12,410
in an office.

11
00:01:12,410 --> 00:01:14,210
365 environment.

12
00:01:15,130 --> 00:01:25,090
However, the organisation manages all of its user accounts in its on premises aided environment.

13
00:01:25,600 --> 00:01:33,730
The deployment uses a directory synchronization tool to synchronize user account information from the

14
00:01:34,120 --> 00:01:36,970
on premises environment to the office.

15
00:01:36,970 --> 00:01:38,560
365 deployment.

16
00:01:39,760 --> 00:01:43,270
One user has tried to assign them to their office.

17
00:01:43,270 --> 00:01:45,190
365 mailboxes.

18
00:01:45,610 --> 00:01:51,070
They must authenticate by using their internal ADF credentials.

19
00:01:51,850 --> 00:01:57,940
If you there are strive to assign them directly to the office 365 environment.

20
00:01:58,330 --> 00:02:06,400
They are redirected back to the internal at their first deployment to authenticate before they are given

21
00:02:06,400 --> 00:02:06,910
access.

22
00:02:08,440 --> 00:02:09,520
The following steps.

23
00:02:09,520 --> 00:02:18,070
Describe what happens when a user tries to access his or her online mailbox by using a web browser.

24
00:02:19,420 --> 00:02:26,140
The user opens a web browser and sends an extra dubious request to the office.

25
00:02:26,140 --> 00:02:29,050
365 Outlook Web Server.

26
00:02:29,800 --> 00:02:39,910
The second step the Outlook Web Server receives the request and verifies whether the user is part of

27
00:02:39,910 --> 00:02:44,950
hybrid exchange server deployment if it is the case.

28
00:02:45,250 --> 00:02:52,130
The server redirects the client computer to the Microsoft Online Services Federation server.

29
00:02:52,960 --> 00:03:00,280
The third step the client computer sends an extra to pass the request to the Microsoft Online Services

30
00:03:00,280 --> 00:03:01,480
for Region Server.

31
00:03:02,200 --> 00:03:09,250
Then the client computer is redirected again to the on premises federation server.

32
00:03:09,580 --> 00:03:15,610
The redirection to the user's home domain is based on the European suffix of the user.

33
00:03:16,330 --> 00:03:24,130
The fifth step is the client computer science and appears dubious request to the on premises for duration

34
00:03:24,130 --> 00:03:24,670
servers.

35
00:03:25,840 --> 00:03:33,730
After that, if the user was already signed into the domain, the on premises for duration server can

36
00:03:33,730 --> 00:03:42,910
take the user's Kerberos ticket and request authentication from entities on the user's behalf by using

37
00:03:43,180 --> 00:03:45,040
Microsoft authentication.

38
00:03:45,880 --> 00:03:51,400
If the user signs soon from outside of the network or from a home computer.

39
00:03:52,410 --> 00:03:56,190
Or a computer that is not a member of the internal domain.

40
00:03:56,490 --> 00:03:58,890
The user is prompted for credentials.

41
00:03:59,760 --> 00:04:07,830
Then there is domain controller, authenticates the user and then sends the success message back to

42
00:04:07,830 --> 00:04:15,660
the federation server along with all the information about the user or that the Federation server can

43
00:04:15,660 --> 00:04:18,210
use to generate the user's claims.

44
00:04:19,300 --> 00:04:19,560
There.

45
00:04:19,570 --> 00:04:27,670
Its step is the Federation server creates the claim for the user based on the rules defined during the

46
00:04:28,240 --> 00:04:29,140
first server.

47
00:04:29,200 --> 00:04:35,770
So top the claims data is placed in a digitally signed security token.

48
00:04:36,190 --> 00:04:44,200
Then the data is sent to the client computer, which posts back to the Microsoft Online Services Federation

49
00:04:44,200 --> 00:04:44,710
server.

50
00:04:45,960 --> 00:04:53,100
After learning the Microsoft Online Services Federation server validates that the security token came

51
00:04:53,100 --> 00:04:55,470
from a trusted federation partner.

52
00:04:56,040 --> 00:04:59,130
This trust is configured when you configure.

53
00:05:00,310 --> 00:05:02,950
The Hybrid Exchange server environment.

54
00:05:03,790 --> 00:05:11,830
The ten step is that Microsoft Online Services Federation server creates sounds, science and utopia

55
00:05:12,100 --> 00:05:19,780
that it sends to the client computer, which then sends the token back to the Outlook Web server.

56
00:05:20,470 --> 00:05:28,590
And finally, the Outlook Web server receives the request and validates the same tokens.

57
00:05:29,170 --> 00:05:37,930
The server issues the client the client assertion cookie indicating that it has successfully authenticated

58
00:05:38,470 --> 00:05:44,320
the user is granted access to his or her exchange server mailbox.

59
00:05:45,430 --> 00:05:49,290
Know some words about preparing the for ESA.

60
00:05:49,310 --> 00:05:52,690
So integration with Microsoft online services.

61
00:05:54,570 --> 00:06:02,100
As a soul or identity for duration allows you to simplify your user assignment process.

62
00:06:02,370 --> 00:06:09,570
While the excess online services such as Office 36354 Microsoft Intune.

63
00:06:10,590 --> 00:06:19,620
By using it as a suit, users can use their internal AIDS credentials to access this online services.

64
00:06:20,340 --> 00:06:29,100
Venue Configurator Fails to provide us so for Microsoft Online Services, you create a federated trust

65
00:06:29,460 --> 00:06:38,460
between your organisation's on premises directory and the federated domain you specify in your usually

66
00:06:38,460 --> 00:06:40,330
determined no.

67
00:06:40,380 --> 00:06:47,700
To deploy this is so integration with Microsoft Online Services user folder and high level steps.

68
00:06:48,650 --> 00:06:51,660
First you have to prepare your environment for us.

69
00:06:51,760 --> 00:06:57,830
So where you have to deploy, do this in your on premises environment.

70
00:06:58,290 --> 00:06:59,980
Install the idea.

71
00:06:59,990 --> 00:07:00,780
First rule.

72
00:07:01,310 --> 00:07:05,480
Prepare it is dependent on your demands.

73
00:07:05,780 --> 00:07:08,030
You might need to complete to this tasks.

74
00:07:08,040 --> 00:07:15,800
You have to verify that the Europeans are researched and known by the users and verify that the European

75
00:07:15,800 --> 00:07:21,170
domain suffix is under the domain that you choose to set up for us.

76
00:07:21,240 --> 00:07:30,240
So here you have to remember the Europeans that you use for us also must contain only lateral number

77
00:07:30,240 --> 00:07:31,010
of spirits.

78
00:07:31,250 --> 00:07:33,170
Therefore, sound underscores.

79
00:07:34,110 --> 00:07:43,060
And you have to ensure that the domain you choose to federate is registered as a public domain with

80
00:07:43,060 --> 00:07:48,860
the domain registrar or within your own public DNS servers.

81
00:07:51,330 --> 00:07:55,380
If your ID it is the my name is not a public internet domain.

82
00:07:55,590 --> 00:08:03,540
You must configure a European to have a domain suffix that you can register publicly but publicly.

83
00:08:04,230 --> 00:08:11,880
In this situation, it was recommended that you use some familiar to your users, such as email domain.

84
00:08:13,150 --> 00:08:21,070
To prepare your active duty environment for us so you can run the Microsoft Deployment Readiness Tool

85
00:08:21,700 --> 00:08:30,130
List to inspect your Active Directory environment and provides a report that includes information about

86
00:08:30,550 --> 00:08:32,500
whether you are ready to support us.

87
00:08:32,590 --> 00:08:39,550
So if not, at least it lists the changes you need to make to prepare for this.

88
00:08:39,650 --> 00:08:40,000
So.

89
00:08:42,630 --> 00:08:45,960
The second step is to deploy for duration services.

90
00:08:46,470 --> 00:08:55,260
Here you have to deploy your first server for, then configure extranet access where you have to install

91
00:08:55,260 --> 00:09:00,960
the web application, process the role, and configure the web application proxy.

92
00:09:01,440 --> 00:09:06,960
And you have to establish a trust between the first and Asia ready.

93
00:09:08,350 --> 00:09:16,870
Here you have to use Windows PowerShell and the Asia Ready module for Windows PowerShell and add the

94
00:09:16,870 --> 00:09:22,630
required domains with the new MSO Federated Domain Command.

95
00:09:22,630 --> 00:09:23,020
Let.

96
00:09:24,270 --> 00:09:32,760
For additional guidance on the steps, you can refer to the checklist of how to use the first to implement

97
00:09:32,760 --> 00:09:35,370
on banners single sign on.

98
00:09:35,670 --> 00:09:39,870
You can refer to this link to read about it.

99
00:09:40,860 --> 00:09:49,770
The third step is to deploy directory synchronization where you have to download and install Asia Connect

100
00:09:50,070 --> 00:09:54,000
to enable the synchronization of the domain in Asia.

101
00:09:54,630 --> 00:10:03,750
And the final step is to verify ASR So well, you have to own a computer that has joined to the domain.

102
00:10:04,050 --> 00:10:11,100
You have to sign into your Microsoft client servers by using the same surname, name that you use for

103
00:10:11,100 --> 00:10:13,170
your corporate credentials.

104
00:10:13,620 --> 00:10:22,020
Then you have to click inside the password box if necessary, as set of the password box will be shaded

105
00:10:22,020 --> 00:10:24,240
and you will see the following message.

106
00:10:24,540 --> 00:10:28,140
You are now required to sign in at your company.

107
00:10:28,560 --> 00:10:36,630
Then you have to click the sign in, add your company link, and if you are able to sign in, you set

108
00:10:36,630 --> 00:10:38,550
up your SO correctly.

109
00:10:39,570 --> 00:10:45,060
Next up, we'll be talking about planning a highly available ADF deployment.