This segment introduces the Azure AD Authentication System or federation gateway as a means of sharing calendar information across separate forests.
- [Instructor] The term Federation refers to a trust-based sharing of information between separate organizations. An Exchange federation is a very specific type of federation. It's a way to provide your users calendar information to users from another company's Exchange organization. This is a useful capability in today's business environment. It's not unusual to include consultants and other partners in various meetings, but it can be hard to correlate calendars and to arrange those meetings.
The scheduling assistant in Outlook and Outlook on the web is useful if you can see the free and busy status of the people that you want to invite to your meeting. It's even more useful if you can see where those people are before and after your intended meeting time. Exchange uses a federated trust to take specific types of calendar information from users in your Active Directory domain and make them visible to users in a separate Active Directory forest and vice versa.
A federation isn't necessary for other domains within your Active Directory forest. An Exchange federation is not necessary for other domains within the same Active Directory forest because you all share one exchange organization anyway. This is for correlating calendars with an outside company or a separate Active Directory forest. A federated trust is the relationship between your company and another. In some services like ADFS you create that relationship directly with the other company and establish claims-based authentication between the two Active Directories.
An Exchange federation, however, does things a little bit differently. Exchange uses a gateway or an intermediate authority to vouch for users attempting to use the federated trust. Rather than have the organizations open a trust between their respective Active Directories, they work through a mutually trusted authority. What has been called an Exchange Federation gateway is now being referred to as Azure Active Directory authentication system.
This new name isn't just longer, it gives better insight into how it works. An Exchange Federation is a trust between your exchange organization and Azure. And the setup takes two steps. First, your organization has to create a trust with Azure as does your proposed partner. With the proper certificates in place, you can specify what types of information you intend to share. You will also specify which of your user's mailboxes will be sharing their calendar information.
Once both parties have created their trust relationship with Azure, then each can specify the domain that they want to share with. If that domain has not set up their own federation trust to Azure, this step won't work. The domain that you want to trust must already be known to Azure to complete this step. As we move forward, we'll take a look at the requirements and the steps to create a connection to the federated gateway.
- Preparing for hybrid configuration
- Deploying a hybrid configuration
- Troubleshooting Exchange Online
- Troubleshooting Office 365 clients
- Configuring the gateway
- Managing sharing policies
- Troubleshooting cross-forest availability
- Troubleshooting mail flow
- Migrating from earlier versions