Three significant Office 365 updates were announced in Microsoft’s latest revision notice released on Wednesday of last week. If you don’t receive the update, one of the items is pretty exciting… something that people have been asking for for a very long time…
Update #1: Password Policies!
You can now set your password expiration policy for Office 365 through the web admin portal!
As you can see in the screenshot above, a new option has appeared on the Office 365 Users management page. When you click the link a new window pops up:
Update #2: Third Party Single Sign On
Another important but slightly less exciting feature was released this cycle as well: interoperability with third-party identity providers for single sign-on. Yes, that’s right, there’s an alternative to Active Directory Federation Services!
For larger enterprises ADFS 2.0 is still far and away the best solution. It gives you identity federation using your own Active Directory and will work with many services, internal, external, custom and box solutions. This is possible due to Microsoft’s WS-Federation and WS-Trust protocols and the recent SAML & Shibboleth authentication support.
Microsoft announced two initial solutions and tested federation with them successfully:
I’ve been tracking a couple other identity management solutions that promise SSO functionality for Office 365 as well:
I have not tried any of these solutions as of yet but may evaluate each and come up with a comparison – time permitting. Most of these hosted identity management providers use a web page for initial login to their account and then their account is federated with the services of your choice. In addition, some of the providers will synchronize your Active Directory objects (using a locally installed agent generally) to their service. Some will even let you use your Active Directory password to log in to their service.
What I haven’t verified is whether any of the solutions have a locally installed program that provides single-sign on across multiple applications (or just with your network login). When I have more information I will report back.
By the way… none of these is supported by Microsoft really… they’re just officially allowing the integration. You’ll need to work with the provider for any assistance.
Update #3: Directory Synchronization Scoping & Filtering
You could do this before… it was unsupported though. Maybe that has changed? They announced this like it was a new feature, but the link provided in the announcement didn’t work for me.
To make these changes now requires a dive in to the DirSync back-end, Federated Identify Management (FIM).
I’m hoping this update means that the actual DirSync tool is getting an update or that Office 365 will have a configuration option in the web interface to scope and filter objects. If this is just Microsoft acknowledging that we can use the FIM tools I’m going to be disappointed.
I’ll post an update when I learn more.