Shortly after the release of Small Business Server 2011 Essentials, Microsoft released the Microsoft Online Services Integration Module as an optional download that allowed easy integration between Office 365 and your on-premises Active Directory environment. With the Essentials roles and editions of Windows Server 2012 and R2, it’s an out of box component, and offers some flexibility and features that really help with the initial integration, but also the ongoing maintenance of the user accounts and licenses.
In this series of posts I’ll be covering some of the pieces of the integration story that aren’t raised very often, because under the covers there are more capabilities than most people are aware of, so I’ll call some of these out during the relevant posts as I cover the Microsoft Azure Active Directory integration, the Office 365 integration, Microsoft Intune integration and finally the Microsoft Azure Backup integration capabilities. What you’ll see is that even though there are many places where the integration efforts of the Windows Server Essentials team’s work pays off with being able to do things within the Essentials console, there are still times where you should be jumping into the online portals or working with PowerShell to get the most out of what is on offer. In the screenshots below I’m taking the approach of integrating a new Windows Server 2012 R2 Essentials installation with and existing set of Microsoft Online Subscriptions, so I’m not going to walk you through the sign up or subscription details, I’ll leave that to you to work through.
Traditionally it would be Office 365 integration that drives the usage of this feature, but today I will focus on leading with Azure, considering that the identity services that it provides are the basis for much of what is to come in this series of posts. If we enabled Office 365 first, the Azure integration would be done automatically because it is required. The same applies to Intune, if that’s all you are using, then the AAD pre-requisites will be done automatically for you.
The first step in the wizard advises us of some of the features that we will be enabling, such as being able to manage online user accounts from within the local dashboard, as well as synchronising usernames and passwords between your local Active Directory domain and your cloud identities.
First of all we need to provide an existing admin account for Azure AD. As we are talking about hybrids, I’ve created the hybrid organisation of Contososhea, which takes two greats, and combines them into something even better. To start with you will see that I am still using the *.onmicrosoft.com ID, which we can change later.
A strong password policy is required for the integration to be enabled, but this should be standard practice anyway.
After you accept the policy, adjustments are made to allow for the Azure AD integration.
We have completed the Azure AD integration, and we are advised by the wizard that we also have Office 365 and Intune subscriptions as well, which sets us up for the next few posts.
Before we can do any work with Azure AD in the Essentials dashboard we need to restart it, which should only take a few seconds.
Once we are back in the console we can see that the Azure AD integration is complete, so we can revisit Azure AD after the next two posts on Office 365 and Intune integration enablement.