Audience: Office 365 for enterprises

Author: Robert Mazzoli, Senior Technical Writer - Exchange

The term “federation” is used widely throughout many of Microsoft’s products and services, but its meaning (and function) can sometimes differ.

• Microsoft Federation Gateway

• Active Directory Federation Services (AD FS)

• Exchange Federation (or federated sharing and federated delegation)

Federation in Office 365 and Exchange

Quite simply, “federation” is all about using identity relationships to share different types of information between Office 365 and Exchange organizations. This identity relationship enables a variety of inter-organizational information sharing; user credentials, user business information (such as calendar free/busy status) or other organization-wide information.

For Office 365 and Exchange organizations, the major components of “federation” are:

• Microsoft Federation Gateway

• Active Directory Federation Services (AD FS)

• Exchange Federation

Microsoft Federation Gateway

“The trust broker…”

The Microsoft Federation Gateway is a free, cloud-based identity service that mediates identity requests for information and services between Office 365 and Exchange organizations. Think of the Microsoft Federation Gateway as a hub for these requests; the Microsoft Federation Gateway supports connecting users to services so that the organization only has to manage a single federation relationship to access all Microsoft and Microsoft-based services in both organizations.

This single federated relationship between the organization and the Microsoft Federation Gateway is called a federation trust. A federation trust with the Microsoft Federation Gateway requires a digital security certificate (normally self-signed) for your Exchange organization and enables authenticated users to be trusted by other federated organization. This trust relationship is required for Exchange federation.

For Office 365 organizations:  A federated trust with the Microsoft Federation Gateway is automatically configured when the Office 365 organization is provisioned by Microsoft. There isn’t any need to modify or update this trust; it’s all set and good to go right out of the box - enjoy!

For on-premises Exchange organizations:  A federation trust with the Microsoft Federation Gateway must be configured by the administrator and is the first of several requirements for sharing information between the Office 365 and Exchange organizations. Once configured, the federation trust shouldn’t normally require any further updates or modifications and you’ll be ready to continue configuring sharing between your Exchange and Office 365 organizations.

Learn more about the Microsoft Federation Gateway at:  Understanding the Microsoft Federation Gateway

Active Directory Federation Services (AD FS)

“Single sign-on, single sign-on, single sign-on…”

Active Directory Federation Services (AD FS) enables users to access both the on-premises Exchange and Office 365 organizations by using their on-premises Active Directory user name and password.  AD FS provides the various end-points that the Microsoft Federation Gateway uses to redirect clients to the on-premises AD FS server for different types of authentication.

Although AD FS isn’t a requirement for using Office 365 or for hybrid deployments, it can provide users with a familiar sign-on experience and allows administrators to easily control user account information, such as on-premises account policies, account access control and password management.

Learn more about deploying AD FS at: Single sign-on: Roadmap

Exchange Federation

“Sharing Exchange information…”

Also known as federated delegation, Exchange federation is a technology in Microsoft Exchange Server 2010 that helps organizations share information with other Exchange or Office 365 organizations. Exchange federated sharing leverages the Microsoft Federation Gateway and federation trusts to make authenticated requests between servers on behalf of users across different Exchange organizations. This enables Exchange services to share information, such as calendar free/busy and MailTips, easily and without users having to configure any additional Outlook or Outlook Web App (OWA) settings.

Learn more about federated delegation at: Understanding Federated Delegation

Additional Hybrid Deployment Resources

• Microsoft Office 365 Deployment Guide - Learn more about Office 365 and hybrid pre-deployment planning.

• Microsoft Office 365 Deployment Readiness Tool (beta) - Analyzes your on-premises environment in preparation for an Office 365 for enterprises deployment.

• Microsoft Remote Connectivity Analyzer - Check the external connectivity of your on-premises or Office 365 organization.

• Exchange Hybrid Deployment and Migration with Office 365 - Learn more about hybrid deployment and migration options.

  ---