Вы находитесь на странице: 1из 20

AGENDA

Introduction Microsoft Federation Gateway

Federation Trusts
Organization Relationships Sharing Policies

INTRODUCTION

This presentation will walk us through as to how one can share the Calendar and contact information with external recipients

TRUSTS WITHOUT TRUSTS

The two companies had been collaborating more & more in recent months. There is a desire to share the following
Free/Busy Information Contacts Calendar

There are rules in place that they cannot break such as


No Trust relationships are to be made between the two organizations No VPN connections between the two organizations can be made.

UNDERSTANDING THE FEDERATION


Federation involves creating a federation trust not with other organizations but with the Microsoft Federation Gateway. Federation Gateway is an identity service in the cloud over the internet & beyond the corporate domain

MS Federation Gateway becomes a Trust broker. Once you are trusted by the Federation Gateway, you can create Federated delegations with other organizations that are also federated.

MICROSOFT FEDERATION GATEWAY

CREATING FEDERATION TRUST

Pre- Requisites:

Domain used should be resolved from the internet. e.g. that organization should receives email through the internet. An X.509 certification issued by a third party Certification Authority(one that is trusted by the MS Federation Gateway)

Federation Trust creation - EMC or EMS


EMC New Federation Trust wizard can be used. EMS New-FederationTrust.

Once the trust is in place, add federated domains(obviously you can only connect to other trusted organizations)

CREATING FEDERATION TRUST IN EMS


In order to locate the certificate that we knew it is in server then use following command: Get-ExchangeCertificate | where {$_.IsSelfSigned eq $false} |fl

CREATING FEDERATION TRUST IN EMS


Once you received the thumbprint then run create federation trust using following command: New-FederationTrust Name My Federarion Trust Thumbprint 2376____ -verbose

APP ID OF ACCEPTED DOMAIN


Logically we are federated with other organization which are already connected with MS federated gateway. Microsoft is broker who authorize the organization which is federated with MS Federation Gateway. This would provide the App ID.

MANAGE FEDERATION

MANAGE FEDERATION

ORGANIZATION RELATIONSHIPS VS. SHARING


POLICIES

Organization relationships allow you to enable federated delegation with another federated organization for the purpose of sharing calendar free/busy information between users in both organizations. Organization relationships are one-to-one relationships between two organizations. Both organizations are required to establish only one federation trust with the Microsoft Federation Gateway and to configure their federated organization identifier prior to configuring the organization relationship with each other. When you create an organization relationship with an external organization, users in the external organization can access your users' free/busy information. No replication of GAL information is required. With this configuration in place, Outlook 2010 and Office Outlook Web App users can simply enter the SMTP address of an external recipient when scheduling meetings.

CREATING ORGANIZATION RELATIONSHIP

CREATING ORGANIZATION RELATIONSHIP

CREATING ORGANIZATION RELATIONSHIP

SHARING POLICY

Sharing Policy enable user-established, people-to-people sharing of both calendar and contact information with different types of external users. Sharing polices allow your users to share both their free/busy and contact information (including the Calendar and Contacts folders) with recipients in other external federated organizations. In Sharing policy external recipients they want to collaborate with. Using Outlook 2010 or Outlook Web App, users can invite external recipients in other federated domains to access their Calendar or Contacts folder and also request that they share theirs in return.

DEFAULT SHARING POLICY

NEW SHARING POLICY

WHAT WE LEARNED IN THIS SESSION