Let us do more!

Foetron Business
Transformation with
Technology

Active Directory &

ADFS with Device
Registration Services
 Let us do more!

Foetron believes that though right technology investment is a very well-

thought out decision which any organization goes ahead with, the right
adoption of technology at the right time plays a very crucial role for business
growth. Therefore, Foetron has developed a unique Business
Transformation with Technology series wherein we consult and support to
move ahead with the right technology at the right time.
We are honoured and proud to share with you that Foetron has been
awarded as Microsoft's Cloud Partner of the Year 2016 and also the Cloud
Champions by IDG & Channel World for the year 2014. International Data
Group (IDG) is the world's leading technology media, events and research
company. Founded in 1964 and headquartered in Boston, Massachusetts,
IDG products and services reach an audience of more than 280 million
technology buyers in 97 countries.
We are part of the Partner Advisory Board on Cloud for Microsoft. Some of
our recent work includes developing a highly secure application for the R&D
Lab of one of world’s largest Pharma company, Big Data setup for one of
largest logistic & cargo company in India, critical applications for the one of
the largest car manufacturer, and a lot of other application on Cloud to help
enterprises. We manage the citizen connect on mobile for Gurgaon Police.
We had also been consulting on cloud adoption and evaluation for
companies worldwide.
We have customers across a variety of different industry verticals include
CII, NDTV, CREDAI (The Confederation of Real Estate Developers’
Associations of India), Aam Aadmi Party, Teesta Urja, Isha Foundation,
Nando's India, Yatra, iZenica, Kingdom of Dreams, SARE Group, Sterling
Automobile, Turkey Tourism, Musashi, HiLex, Angelique International,
Savannah Seeds, Graphisads, Honda Trading, Bliss-Anand, Bergen Group,
Creative Travel, Paras Hospitals and many more.
 Let us do more!

Active Directory Domain Services (AD DS)

Active Directory Domain Services (AD DS) stores directory data and
manages communication between users and domains, including user logon
processes, authentication, and directory searches. An Active Directory
Domain Controller is a server that is running AD DS.
By using the Active Directory® Domain Services (AD DS) server role, you can
create a scalable, secure, and manageable infrastructure for user
management as well as resource management. Additionally, you can
provide support for directory-enabled applications, such as Microsoft®
Exchange Server.

Benefits of Active Directory

The major benefits of Active Directory are as follows:
• It makes the task of network administration simpler by maintaining a
central repository of information.
• It provides a single destination to look out for information.
• It is easily scalable and supports millions of objects in a single domain.
• It provides unified access to resources by supporting a uniform
naming convention.
• It provides highly secure access to data through the usage of security
policies which improves the data management.

Features of ADFS 3.0 with Device registration services

• ADFS can be configured such that users who are already logged in to the
company domain are not required to re-enter their password for
Office365 access. This basically means what the single sign-on is
implemented across domain and Microsoft Cloud. This is important and
brings efficiency as re-entry of the password is not required.
With DirSync and password hash synchronization, a user must still re-
enter their password, although it will be the same password as they use
on-premises. This is especially important for SharePoint Online which
users might need to visit dozens times a day.
 Let us do more!

• Active Directory Device Registration is the foundation for device-based

conditional access scenarios. When a device is registered, Azure Active
Directory Device Registration provides the device with an identity which
is used to authenticate the device when the user signs in. The
authenticated device, and the attributes of the device, can then be used
to enforce conditional access policies for applications that are hosted in
the cloud and on-premises.
• ADFS allows for client access filtering, which restricts access to
Exchange Online to users based on their IP address. Customers
frequently use this control to limit hourly workers to only checking mail
while onsite. Find more details here: Can I Limit Access to Office 365 for
Remote or Hourly Users?
• ADFS will honor the login time restrictions for users as configured
through Active Directory.
• ADFS can include web pages for users to change their passwords while
they are outside the corporate network.
• With ADFS, the authentication decision is always made on-premises and
no password hashes are synchronized to the cloud. This may be an
obvious feature but, it can be, sometimes, an important security policy
requirement.
• With ADFS, an administrator can immediately block a user to stop the
access, whereas, DirSync synchronizes such changes every three hours.
Only password changes are synchronized by DirSync every two minutes.
• ADFS permits the usage of on-premise deployed multi-factor
authentication products. Note that Azure AD supports multi-factor
authentication but, many third-party multi-factor authentication
products require on-premise integration.
• Sometimes Microsoft Forefront Identity Manger (FIM) is required for
some other FIM capabilities but, it should be noted that FIM directory
synchronization does not include password hash synchronization. Thus,
ADFS will still be required for SSO login.
• Some on-premise product deployments require cloud hybrid scenarios
such as hybrid search. These are possible with ADFS.

Client Access Policies Scenarios
SCENARIO
Scenario 1: Block all external access to
Office 365
Scenario 2: Block all external access to
Office 365 except Exchange ActiveSync
Scenario 3: Block all external access to
Office 365 except browser-based
applications
Scenario 4: Block all external access to
Office 365 except for designated Active
Directory groups
Let us do more!
DESCRIPTION
Office 365 access is allowed from all
clients on the internal corporate
network, but requests from external
clients are denied based on the IP
address of the external client.
Office 365 access is allowed from all
clients on the internal corporate
network, as well as from any external
client devices, such as smart phones,
that make use of Exchange
ActiveSync. All other external clients,
such as those using Outlook, are
blocked.
Blocks external access to Office 365,
except for passive (browser-based)
applications such as Outlook Web
Access or SharePoint Online.
This scenario is used for testing and
validating client access policy
deployment. It blocks external access
to Office 365 only for members of
one or more Active Directory group.
It can also be used to provide
external access only to members of a
group.
 Let us do more!

Foetron Business Transformation with Technology Series

The Business Transformation with Technology Series is a very
comprehensive, well-researched and extensive series. Foetron has
developed this series based on its experience of working with 350+
businesses across the country in last 5 years.
You can have the look at following videos to get an understanding about
our work’s length and breadth.

Go Cloud for Business Foetron powers Creative Foetron powers SARE

Advantage Sunny Travel on Office 365 Homes to Microsoft
Sharma, Foetron Cloud

You can reach out to us at cloud@foetron.com to know more about our

Business Transformation with Technology series details.

About Foetron
You can have the look at this link to know more about our journey.
 Let us do more!

Let us do more!

cloud.foetron.com
cloud@foetron.com

/foetron
/foetron