In my company, we are using Office365 for our emails. In addition to this, we are using Windows Azure Active Directory to secure some applications.
在我的公司,我们使用Office365作为电子邮件。除此之外,我们还使用Windows Azure Active Directory来保护某些应用程序。
Now I've been asked to create some kind of link between our users in Office 365 and Windows Azure Active Directory. The point would be to have some admin applications deployed and secured with WAAD but for which the users are the ones from Office365.
现在我被要求在Office 365和Windows Azure Active Directory中的用户之间创建某种链接。关键是要使用WAAD部署和保护一些管理应用程序,但用户是来自Office365的用户。
I've found lots of documentation on the web on how to sync directories but not really anything stating clearly that this is possible.
我在网上找到了很多关于如何同步目录的文档,但没有发现任何明确说明这是可行的文档。
I'd like to insist on the fact that it is our own application that we'd like to secure like this.
我想坚持认为这是我们自己的应用程序,我们希望像这样保护。
Thanks
谢谢
4 个解决方案
#1
16
(Edit 2018-03-23: This answer was updated to reflect changes in the new Azure portal.)
(编辑2018-03-23:此答案已更新,以反映新Azure门户中的更改。)
The underlying directory for Office 365 is Azure Active Directory (Azure AD). This means that if you have an Office 365 account, you already have a directory -or "tenant"- in Azure AD.
Office 365的基础目录是Azure Active Directory(Azure AD)。这意味着,如果您拥有Office 365帐户,则Azure AD中已有一个目录 - 或“租户”。
In your case, I think what you want to do is move from securing your application with a different Azure AD tenant (under a different domain), to securing your applications with the tenant you got when you started using Office 365. The key here is to be able to get access to your Office 365 tenant from the Azure portal.
在您的情况下,我认为您要做的是从使用不同的Azure AD租户(在不同的域下)保护您的应用程序,以及使用您在开始使用Office 365时获得的租户保护您的应用程序。此处的关键是能够从Azure门户访问您的Office 365租户。
All you need to do is sign in to the Azure portal (https://portal.azure.com) with you Office 365 account (which, remember, is an Azure AD account), and head over to the "Azure Active Directory" blade. (Note: You do not need an Azure subscription in order to manage your Azure AD tenant in the Azure portal.)
您需要做的就是使用Office 365帐户登录Azure门户(https://portal.azure.com)(请记住,这是一个Azure AD帐户),然后转到“Azure Active Directory”刀。 (注意:您无需Azure订阅即可在Azure门户中管理Azure AD租户。)
Now you can go about adding and configuring apps to the Office 365 tenant so that you can use that tenant to secure your apps.
现在,您可以向Office 365租户添加和配置应用程序,以便您可以使用该租户来保护您的应用程序。
Extra: Since you've already started doing things with another Azure subscription (presumably your Microsoft Account, MSA --formerly LiveID--), you might be interested in transferring that Azure subscription to be owned by an account in your primary Azure AD tenant: https://docs.microsoft.com/en-us/azure/billing/billing-subscription-transfer
额外:由于您已经开始使用另一个Azure订阅(可能是您的Microsoft帐户,MSA - 应用程序LiveID--),您可能有兴趣将Azure订阅转移到您的主Azure AD租户中的帐户所有:https://docs.microsoft.com/en-us/azure/billing/billing-subscription-transfer
#2
5
If the aim is to make the Office 365 directory available inside the Azure portal, this currently works:
如果目标是使Azure 365门户中的Office 365目录可用,则此功能目前可用:
In the Azure portal, under Active Directory, click the New button, then Directory, then Custom Create. In the Directory pull-down, select 'Use existing directory' and follow the instructions to sign out and sign in using your Office 365 admin user. This will make your Office 365 directory available inside your Azure portal (in addition to any other Azure directories you have access to.)
在Azure门户的Active Directory下,单击“新建”按钮,然后单击“目录”,再单击“自定义创建”。在“目录”下拉列表中,选择“使用现有目录”,然后按照说明注销并使用Office 365管理员用户登录。这将使您的Office 365目录在Azure门户中可用(除了您有权访问的任何其他Azure目录。)
#3
0
When you setup your Azure Subcription did you use the same account you used when you setup your Office 365 Subscription? If so you should be able to see an existing WAAD instance when you log into Azure that has your @*.onmicrosoft.com domain registered against it. If you don't see that you may be able to add the domain to Azure subscription assuming of you are the domain admin. See here: http://blogs.msdn.com/b/bspann/archive/2013/10/20/adding-existing-o365-directory-to-azure-msdn-subscription.aspx
设置Azure Subcription时,是否使用了在设置Office 365订阅时使用的相同帐户?如果是这样,当您登录到具有针对其注册的@ *。onmicrosoft.com域的Azure时,您应该能够看到现有的WAAD实例。如果您没有看到您可以将域添加到Azure订阅,假设您是域管理员。请看:http://blogs.msdn.com/b/bspann/archive/2013/10/20/adding-existing-o365-directory-to-azure-msdn-subscription.aspx
#4
0
For the sake of completion, I hope the OP would come back and accept the answer provided by Philippe.
为了完成,我希望OP回来接受Philippe提供的答案。
I found this that was quite helpful: http://blogs.technet.com/b/ad/archive/2013/04/29/using-a-existing-windows-azure-ad-tenant-with-windows-azure.aspx
我发现这非常有帮助:http://blogs.technet.com/b/ad/archive/2013/04/29/using-a-existing-windows-azure-ad-tenant-with-windows-azure。 ASPX
#1
16
(Edit 2018-03-23: This answer was updated to reflect changes in the new Azure portal.)
(编辑2018-03-23:此答案已更新,以反映新Azure门户中的更改。)
The underlying directory for Office 365 is Azure Active Directory (Azure AD). This means that if you have an Office 365 account, you already have a directory -or "tenant"- in Azure AD.
Office 365的基础目录是Azure Active Directory(Azure AD)。这意味着,如果您拥有Office 365帐户,则Azure AD中已有一个目录 - 或“租户”。
In your case, I think what you want to do is move from securing your application with a different Azure AD tenant (under a different domain), to securing your applications with the tenant you got when you started using Office 365. The key here is to be able to get access to your Office 365 tenant from the Azure portal.
在您的情况下,我认为您要做的是从使用不同的Azure AD租户(在不同的域下)保护您的应用程序,以及使用您在开始使用Office 365时获得的租户保护您的应用程序。此处的关键是能够从Azure门户访问您的Office 365租户。
All you need to do is sign in to the Azure portal (https://portal.azure.com) with you Office 365 account (which, remember, is an Azure AD account), and head over to the "Azure Active Directory" blade. (Note: You do not need an Azure subscription in order to manage your Azure AD tenant in the Azure portal.)
您需要做的就是使用Office 365帐户登录Azure门户(https://portal.azure.com)(请记住,这是一个Azure AD帐户),然后转到“Azure Active Directory”刀。 (注意:您无需Azure订阅即可在Azure门户中管理Azure AD租户。)
Now you can go about adding and configuring apps to the Office 365 tenant so that you can use that tenant to secure your apps.
现在,您可以向Office 365租户添加和配置应用程序,以便您可以使用该租户来保护您的应用程序。
Extra: Since you've already started doing things with another Azure subscription (presumably your Microsoft Account, MSA --formerly LiveID--), you might be interested in transferring that Azure subscription to be owned by an account in your primary Azure AD tenant: https://docs.microsoft.com/en-us/azure/billing/billing-subscription-transfer
额外:由于您已经开始使用另一个Azure订阅(可能是您的Microsoft帐户,MSA - 应用程序LiveID--),您可能有兴趣将Azure订阅转移到您的主Azure AD租户中的帐户所有:https://docs.microsoft.com/en-us/azure/billing/billing-subscription-transfer
#2
5
If the aim is to make the Office 365 directory available inside the Azure portal, this currently works:
如果目标是使Azure 365门户中的Office 365目录可用,则此功能目前可用:
In the Azure portal, under Active Directory, click the New button, then Directory, then Custom Create. In the Directory pull-down, select 'Use existing directory' and follow the instructions to sign out and sign in using your Office 365 admin user. This will make your Office 365 directory available inside your Azure portal (in addition to any other Azure directories you have access to.)
在Azure门户的Active Directory下,单击“新建”按钮,然后单击“目录”,再单击“自定义创建”。在“目录”下拉列表中,选择“使用现有目录”,然后按照说明注销并使用Office 365管理员用户登录。这将使您的Office 365目录在Azure门户中可用(除了您有权访问的任何其他Azure目录。)
#3
0
When you setup your Azure Subcription did you use the same account you used when you setup your Office 365 Subscription? If so you should be able to see an existing WAAD instance when you log into Azure that has your @*.onmicrosoft.com domain registered against it. If you don't see that you may be able to add the domain to Azure subscription assuming of you are the domain admin. See here: http://blogs.msdn.com/b/bspann/archive/2013/10/20/adding-existing-o365-directory-to-azure-msdn-subscription.aspx
设置Azure Subcription时,是否使用了在设置Office 365订阅时使用的相同帐户?如果是这样,当您登录到具有针对其注册的@ *。onmicrosoft.com域的Azure时,您应该能够看到现有的WAAD实例。如果您没有看到您可以将域添加到Azure订阅,假设您是域管理员。请看:http://blogs.msdn.com/b/bspann/archive/2013/10/20/adding-existing-o365-directory-to-azure-msdn-subscription.aspx
#4
0
For the sake of completion, I hope the OP would come back and accept the answer provided by Philippe.
为了完成,我希望OP回来接受Philippe提供的答案。
I found this that was quite helpful: http://blogs.technet.com/b/ad/archive/2013/04/29/using-a-existing-windows-azure-ad-tenant-with-windows-azure.aspx
我发现这非常有帮助:http://blogs.technet.com/b/ad/archive/2013/04/29/using-a-existing-windows-azure-ad-tenant-with-windows-azure。 ASPX