Office 365 Single Sign Out with ISA or TMG as the ADFS Proxy

Over the last year I’ve spent a decent chunk of my time shaping and delivering Identity and Access Management workshops for Office 365 projects at Content and Code. This is generally underpinned by Active Directory Federation Services v2.0 (ADFS). In fact I don’t think we’ve done a single Office 365 project without it. Along the way I’ve become acquainted with many of the nuances of the sign on and sign out experiences as they differ across Office 365 services, client applications and different (valid) network perimeter technologies. In this post I will mainly focus on the security implications of publishing ADFS through ISA or TMG Reverse Proxies in the place of ADFS Proxy servers. In the majority of our engagements we’ve considered this option (potentially allowing our clients to consolidate infrastructure) since ISA, TMG or similar Reverse Proxies are commonly deployed. Yet we need to evaluate with full awareness of how ADFS operates without a Claims-aware Reverse Proxy such as the ADFS Proxy. This gets pretty technical, so I’m assuming some high-level familiarity with ADFS, Reverse Proxies and Office 365.

Contents

Continue reading “Office 365 Single Sign Out with ISA or TMG as the ADFS Proxy”

Superflows are here, with authoring in due course

Tony Soper, a Senior Technical Writer for Microsoft, has been revealing some interesting new content recently. Both System Center Configuration Manager and Forefront Threat Management Gateway (the successor to ISA) have, “Superflows”, which are described as, “a new Content Type”. After poking around for a bit I found this 8 minute podcast from 2008, where Tony interviews Doug Eby from the SCCM team about Superflows in more detail. They’re, “an interactive flowchart”. A Superflow can ask questions (about an environment, for instance) and a resulting flow will be targeted based on those answers. In the podcast they say this will be extensible in future and that there will be authoring support of some sort, so it will be interesting to see how this sits beside Visio, Visual Studio and InfoPath as a form/flow technology. I’ve asked Tony for more information about that on his blog and was told to watch that space for an eventual release date. I’d recommend this anyway, as his blog is a trove of good information, particularly around Virtualisation.