Windows Live Messenger hasn’t even been shut down yet (due to occur in mid-March) but it looks like Skype has already taken over, as can be seen here when a Public IM Connectivity is enabled for an Office 365 (current version) tenant:
We are now in the age where applications are not built to be standalone. Just like their creators, solutions are becoming more and more “social” – for instance Lync enables users to add one another and share information; Exchange enables the sharing of calendar between individuals and even organisations possible without any IT involvement. As simple as it may seem to end users, it takes a lot of security measures to make applications “talk” to each other.
All of these are possible through the use of federation – a way for organisations and systems to form digital alliances and trusts. For customers new to sharing technologies based on federation they can find the various types available somewhat confusing, so I thought I would bring it back to basics with a breakdown of the various federation types.
A core part of federation is the Microsoft Federation Gateway – a cloud-based technology designed to serve as a mediator between services allowing convenient yet secure communication. It mainly serves as a “trust broker” between different Microsoft applications allowing users to connect and access the relevant Microsoft-based services that they want to use.
Using standard authentication methods such as SSL certificates to prove domain ownership; the Microsoft Federation Gateway makes it easy for businesses to create trust relationships with partners. Federation can also be easily controlled by allowing or denying list of users and domains – which guarantees that only appropriate groups or people are given access to protected information.
In the Microsoft world there three key types of federation.
Federation in Active Directory
There are many Microsoft products which run on the foundation of Microsoft Federation Gateway. For instance, Active Directory Federation Services (AD FS) allows secure identity sharing and user authentication in the form of “claims”. Examples of claims are the user’s name, groups or permissions. Once a claim has been authenticated, the user can utilise AD FS for single sign-on (SSO) which provides the ability to use a single user name and password across different applications).
AD FS also lessens administrative overhead by reducing the need for duplicate accounts and other credential management. AD FS streamlines account setup by facilitating SSO across different organisations, platforms and applications. AD FS also makes identity delegation easier which is very useful for distributed applications that may require a series of sequential checks for each application, database or service. Setup authentication is another facet of AD FS through federation which enhances security for authorisation and access in identity partnerships.
Federation in Exchange (Calendar)
Another Microsoft application which utilises federation is Exchange Calendar Federation. With this level of security in Microsoft Exchange Server and Exchange Online, organisations are able to share information with other Exchange Server or Office 365 users. By utilising the Microsoft Federation Gateway, users are able to make an authenticated request to share information like calendars without having to configure Outlook or Outlook Web App settings.
Exchange Calendar Federation is very easy to use and convenient as users can share calendars with external users or even entire external organisations; and since it uses federation, it doesn’t require additional sign-on and credential prompts. Controlling the type of calendar information shared together with the users and their corresponding levels is also very straightforward.
Federation in Lync
With federation, unified communications through Lync is convenient and secure. Once Lync Federation is activated, users within the organisation can easily add external users to their contact list, see presence information and send messages securely. Federation allows users to communicate with other external Lync users (as well as select other messaging systems) through voice, video, instant messaging and even share desktops and documents.
Lync does this by publishing a federation information using DNS. This record allows users to find other external users of Lync by simply adding the remote user to their contact list. Overall, federation enables Lync users to extend the communications capability of Lync to the cloud and give more functionality to customers, suppliers and partners by facilitating more open communication and collaboration.
Federation is just one of the many underpinnings of product architecture that sets Microsoft products apart from its competitors. With federation, not only it is convenient for organisations to integrate with various applications, but it also makes products secure and compliant with various legal and government regulations. Overall, federation brings technology closer to people, as well as people closer to people – all without end user complications.
I must give credit where credit is due – my latest creation was inspired by the “Who Can Federate” tool created by Lync MVP Matt Landis.
As a big fan of Lync federation I found myself regularly hovering over sender names in Outlook and hoping to see the presence orb light up to indicate that they too are a Lync user who supports federation.
Unfortunately it’s not that simple, as you need to actually open an IM window to the sender before the federation takes place. At that point you either see their presence status or simply get “Presence unknown”.
With Office 365 amazing technologies such as Lync are easily within reach of any organisation. So to help Lync users discover who else they email is on Lync I wanted a tool that kept running in the background and was able to detect if the sender used Lync – and then prompted me.
Hence the Lync Social Connector by Xstran was created!
The application is an Outlook plugin that also has a tray icon (hidden by default). Installation & operation are simple:
- install the Lync Social Connector
- restart Outlook
- when you receive an email from someone who has Lync but isn’t on your contact list you will be asked if you want to add them with the options: Yes / No / Ignore User / Ignore Domain
- if you want to stop ignoring a user or domain then right click on the tray icon and select the removal options
It’s a completely free application, my gift to the world of Lync users. Download it from the Microsoft TechNet Gallery today!
When an organisation makes the smart choice to use Office 365 usually the main focus is on improving internal productivity & communications.
As the world gets smaller it’s important to improve communications OUTSIDE the borders of your own organisation – with federation being the key functionality to drive those improvements.
With Lync federation is quite simple, and using the Who Can Federate Tool created by people such as Matt Landis (Lync MVP) make it easy for you to find which of your contacts uses Lync and can be federated with.
However one of my personal passions is around Exchange calendar federation.
Recently I ran a Lync and Learn session for the Office 365 team on federation for both Lync & Exchange and it got me thinking – how can I discover which of my contacts (customers, suppliers, partners, friends, etc.) is also on Office 365?
So I had the Exchange Federation Discovery Tool built written to do exactly that task!
The tool will search your Outlook contacts and come back to you with a listing of the mail servers used and will point out if the contact uses Exchange Online from Office 365 (meaning they can federate now) or Exchange Online from BPOS (meaning they will be able to federate when they have transitioned to Office 365).
The tool is a free download and is currently at version 0.5.1 as we are still working out how to find out if contacts are using Exchange Server 2010.
So download and run the tool – and start sharing calendars!
On the 9th of February at 2pm US Pacific Time (9am on the 10th of Feb for my fellow Aussies) I will be talking about federation with Exchange Online and Lync Online.
Register here to make sure you don’t miss the action!
I’ve been using federation for a long time. So long in fact that several versions before we had Lync Online there was a product called Microsoft Office Live Communications Server 2005 (LCS).
Personally I started my Microsoft cloud journey with BPOS (the predecessor to Office 365) as one of the components was Office Communications Online – the cloud version of Office Communications Server 2007 (the upgrade to LCS).
Hopefully I haven’t lost you yet. 
So one of Lync’s most powerful features is the ability to federate with users outside of your own organisation, however customers of Office 365 are generally only told about this feature during the sales process and possibly post-migration training.
Today’s article on BoxFreeIT is about a fantastic free tool which searches your Outlook contacts and lets you know who you can communicate with via Lync. Read on here: http://www.boxfreeit.com.au/Productivity/discover-who-else-uses-lync-online.html.
Something commonly forgotten about when setting up BPOS for a customer that uses Active Directory – is that a new set of password management exists in BPOS.
This can exist in scenarios where the customer already has an on-premise Exchange and is now using Exchange Online, or even for peer-to-peer networks with no central password management.
What the users end up with is two passwords – one for their PC (local or AD authentication), another for BPOS.
Something new customers and partners moving to and using BPOS may not be aware of is the fact that the Directory Synchronization tool does not actually synchronize passwords – just users and groups.
So what are our options? Sure you can get everyone’s current password and match this in BPOS – however there is a default password expiration of 90 days. Very quickly you can see how this would be an inconvenience to users, and quite confusing the first time around.
Another option is to log a support case and request to disable password expiration – however this is not recommended due as it weakens your security.
Something we as a business (Paradyne) have found useful is the MessageOps Password Synchronization tool.
It is free and easy to use, and will run on your domain controller to keep passwords synchronized for your users.
This allows your BPOS environment to adhere to your existing password security policy, keep your organization & data more secure, and overall keep you users happy.
While Office 365 will support Active Directory Federation Services (ADFS) – you will require significant on-premise infrastructure to support this, so it is more relevant for large businesses and enterprises.
The MessageOps tool will still be the way to go with smaller organisations that cannot support the ADFS requirements or large businesses and enterprises that can’t or don’t plan to utilise ADFS.
Happy password synchronizing!