and creation of an Office 365 tenant (part 1)
- Cloud-based credentials only. I'll mention this option only as a basis for comparison, since no synchronization takes place. User credentials only exist in the Cloud, in Office 365. This would only be suitable for (probably very small) organizations that have no requirement to authenticate users onsite. Users would logon to their devices with local (not domain) credentials, or might not logon at all, and then access Exchange Online afterwards.
- DirSync. this tool synchronizes onsite account information, and more recently password hashes, to Office 365 so they can be used to authenticate users accessing Exchange Online. DirSync provides "Same-Sign-On" as opposed to "Single-Sign-On" functionality. We can use the same password to access onsite and online resources but we may have to logon more than once when accessing email. For example, I would logon to my laptop to access the desktop and when I open Outlook by clicking on my shortcut, I would have to enter the password again.
- Active Directory Federation Services (ADFS). This option provides "Single-Sign-On" functionality. When a user with an online mailbox attempts to open Outlook, ADFS allows Exchange Online to query onsite Active Directory just as Exchange would do if it were located onsite.