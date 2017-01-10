Just as most of us were getting ready for Christmas 2016, Microsoft announced to relatively little fanfare a new way to configure authentication in Office 365. From a technical point of view this is perhaps one of the most significant Office 365 developments of the year and one that neatly addresses one of the difficult decisions to be made when implementing Office 365.

First, some background. Since Office 365 was born, one of the first things to consider in any implementation is how identity and authentication are handled.

In the same way that, for example, Exchange needs to use Active Directory to find out about users and other objects, Exchange Online in Office 365 needs to look to a directory. Office 365’s directory service is called Azure Active Directory (AAD) and, for the majority of established businesses with an existing on-premises Active Directory (AD), synchronisation between AD and AAD is one of the first steps in any Office 365 project.

