Today, when we are authenticating to Office 365, the authentication is "user centred", and not "computer centred" anymore. In this new reality, users who sign in the Office 365 will use different kinds of identities: Microsoft Account (Xbox, Skype, One Drive…) or Organizational account (for O365, Intune or CRM online).
A Microsoft Account, formerly known as Windows Live ID, is the combination of an email address and a password used to sign in to services like Xbox, outlook.com, skype, OneDrive…
Regarding the Organizational account, Office 365 has two systems that can be used for user identities:
• Work or school account (cloud identity) Users receive Azure Active Directory cloud credentials—separate from other desktop or corporate credentials—for signing into Office 365 and other Microsoft cloud services. This is the default identity, and is recommended in order to minimize deployment complexity. Passwords for work or school accounts use the Azure Active Directory password policy.
• Federated account (federated identity) For all subscriptions in organizations with on-premises Active Directory that use single sign-on (SSO), users can sign into Office 365 services by using their Active Directory credentials. The corporate Active Directory stores and controls the password policy.
For information about User Account Management, please check the following article:
User Account Management
Note: As this article has the purpose to introduce the Identity and Authentication in the cloud using Office 365, we will focus on the Organizational accounts from now.
Office 365 uses the cloud-based user authentication service Azure Active Directory (AAD) to manage users. You can choose from three main identity models in Office 365 when you set up and manage user accounts:
a) Cloud identity.
All is done in the cloud and you manage your user accounts in Office 365 only. No on-premises servers are required to manage users.
b) Synchronized identity.
Synchronize on-premises directory objects with Office 365 and manage your users on-premises. You can also synchronize passwords so that the users have the same password on-premises and in the cloud, but they will have to sign in again to use Office 365.
c) Federated identity.
Synchronize on-premises directory objects with Office 365 and manage your users on-premises. The users have the same password on-premises and in the cloud, and they do not have to sign in again to use Office 365. This is often referred to as single sign-on.
For more information about this topic, please check the following article:
Understanding Office 365 identity and Azure Active Directory
When you are using CRM Online and Office 365, it is important understand which identity model is used to have a better understanding about how your users are accessing O365. On top of it , you can also consider several factors as time, complexity, and cost, which will vary from one organization to another.
You can check the user identity used in O365 accessing "User and groups", selecting
"Active Users", and checking the "Status" as described below:
What is my user ID and why do I need it for Office 365 for business
Office 365 Core Identity Scenarios
Identity and Authentication in the cloud: Office 2013 and Office 365 (Poster)
EMEA Dynamics CRM Support Team
Share this Blog Article on Twitter
Follow Us on Twitter