vege - Fotolia

Get started Bring yourself up to speed with our introductory content.

Three ways to manage user accounts in Office 365

Office 365 has three options to establish user accounts. Admins will need to choose the best one before performing a migration.

Deciding whether Office 365 is the right option for your enterprise means answering a number of important questions. Admins should be ready to answer questions about domain names and Active Directory, as well as how Office 365 will identify each end user or group.

The Office 365 administrative console provides three general options for establishing user accounts: Active Directory synchronization, identity federation and multifactor identification.

Admins should take a closer look at these three options to decide which option would be the best option for end user migration and management.

How will you migrate users and manage user accounts?

Active Directory synchronization. The first option to establish and manage user accounts is to synchronize Active Directory, which is the simplest and most straightforward option. The idea is to copy current Active Directory contents from your local environment to the cloud that's hosting Office 365. The advantage here is that the company retains complete control over the Active Directory environment and will continue to manage Active Directory using previously established management software and practices

But Active Directory synchronization has potential pitfalls. It's usually a one-way process. Content copies over from the company to Office 365 and will be updated as local Active Directory contents are changed. Office 365 Enterprise allows two-way synchronization (write-back), copying attributes from the cloud to local Active Directory to support enhanced features such as whitelisting or blacklisting, archiving, and voicemail. If you don't use enhanced features, there's little need for two-way AD synchronization.

Identity federation. The alternative to Active Directory synchronization is identity federation. The idea behind identity federation is to establish a single sign-on approach that allows users to log on to Office 365 using local Active Directory credentials. A local Active Directory Federation Services server then provides a token and passes it to Office 365 to handle the user logon. Identity federation eliminates the need to replicate Active Directory contents to the cloud. However, identity federation will require additional server and service deployment on the company side, which can complicate a move to Office 365.

Multifactor identification. The third option to manage end user accounts is multifactor identification (MFA), which is also available for Office 365. MFA requires a second means of authentication beyond conventional usernames and passwords. Office 365 supports and enforces a variety of secondary authentication mechanisms including a mobile app, phone call and text (SMS) message. Multifactor identification is not routinely deployed, but can be a powerful tool when email security and end user trust are primary concerns for the enterprise.

Next Steps

This is part two in a checklist of important questions to ask before migrating to Office 365. In part one, we covered company domains and Active Directory.

Stay tuned for part three, which covers migration methods.

Dig Deeper on Office 365 and Microsoft SaaS setup and management