Hi, this is Yuheng, program manager on the Windows Server Essentials product team. In this blog post, I would like to give you an overview of Services Integration, which will be followed by an additional post that is specific to new features in Windows Server 2012 R2 Essentials: SharePoint Online integration and Exchange ActiveSync integration. I will start with the most fundamental piece of the Services Integration pillar, Windows Azure Active Directory integration, as well as the major day-to-day management tasks associated with it.
More and more small and medium-sized businesses are beginning to adopt mainstream cloud services such as Office 365. While adopting cloud services helps to increase IT capabilities and also provides predictable operational costs, it leads to a new challenge—how to manage on-premises resources and cloud services effectively. In Windows Server 2012 R2 Essentials, the Dashboard continues to play an important role in addressing this new challenge.
Identity management is one of the fundamental elements in an IT environment that needs to be properly planned and managed. Active Directory in Windows Server is the leading technology for on-premises identity management. As cloud services continue to emerge, Microsoft has introduced a new Internet-friendly identity management technology—Windows Azure Active Directory—which is itself a cloud-based service. Today many mainstream cloud services such as Office 365, Windows Intune, and others offered by SaaS providers, are either leveraging Windows Azure Active Directory or are being well integrated with it. Windows Server 2012 R2 Essentials can be easily integrated with Windows Azure Active Directory to provide some key benefits for managing cloud services.
Password synchronization between on-premises Active Directory and Windows Azure Active Directory
After Windows Server Essentials is integrated with Windows Azure Active Directory, password synchronization is started automatically between your on-premises Active Directory and Windows Azure Active Directory. Please note that password synchronization is set to be one-directional, where a password in the on-premises Active Directory always takes precedence over what’s in Windows Azure Active Directory. The password synchronization happens instantly when a password is updated in the on-premises Active Directory. With this feature, the end user experience is improved by seamlessly using the same password when authenticating to on-premises resources and applications as well as their cloud services (e.g., the same password is used for both the local network account and for Office 365). You can extend this benefit to other cloud-based applications that are custom built for your organization by leveraging the Windows Azure Active Directory integration capabilities and Graph API for authentication and authorization. Learn more
Centralized day-to-day management
To address the new challenge of managing both on-premises and cloud resources in today’s IT environment, the Windows Server Essentials Dashboard is designed for getting most, if not all, of your day-to-day management tasks completed in just one place. New management tasks that can now be performed in Windows Server 2012 R2 Essentials include the following:
- Online user account management (for both Office 365 and Windows Intune)
- Distribution group management (Exchange Online distribution group)
- User group management (for both local network and the Windows Azure Active Directory security group)
- SharePoint Online Library and Exchange ActiveSync management
- Online service subscription plan/license management: multiple subscription plans are supported and their licenses can be assigned through the Windows Server 2012 R2 Essentials Dashboard; with these new management capabilities, IT admins can easily on-board new employees by provisioning local and online resources directly within the Dashboard.
Here is a screenshot of the entry point for enabling Services Integration from the Dashboard’s Home page:
You should be aware of the following before you deploy Services Integration features:
- Windows Azure Active Directory integration will be turned on automatically when you turn on either Office 365 or Windows Intune. This is because they both leverage Windows Azure Active Directory as a common identity platform.
- Currently, the Services Integration features, including Windows Azure Active Directory integration, Office 365 integration, Windows Intune integration, and on-premises Exchange integration, are only supported in a single domain controller environment. In addition, the integration wizard must be run on a domain controller.
Part two of this series will be an introduction to the SharePoint Online integration feature and Exchange ActiveSync integration. In the meantime, I’ll like to encourage you to download the trial of Windows Server 2012 R2 Essentials and to join the conversation in our forum.