Scribd
Upload
23 views3 pages

Identity Models and Authentication For Microsoft Teams - Microsoft Teams - Microsoft Learn

Microsoft Teams supports various identity models including cloud-only and hybrid configurations, which utilize Microsoft Entra ID for user account management and authentication. Deployment steps vary based on the chosen identity model, with specific checklists provided for cloud and hybrid identities. Multifactor authentication (MFA) is recommended for enhanced security, especially for administrator accounts, and is supported across all Microsoft 365 and Office 365 plans that include Teams.

Uploaded by

Tran Lan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
23 views3 pages

Identity Models and Authentication For Microsoft Teams - Microsoft Teams - Microsoft Learn

Microsoft Teams supports various identity models including cloud-only and hybrid configurations, which utilize Microsoft Entra ID for user account management and authentication. Deployment steps vary based on the chosen identity model, with specific checklists provided for cloud and hybrid identities. Multifactor authentication (MFA) is recommended for enhanced security, especially for administrator accounts, and is supported across all Microsoft 365 and Office 365 plans that include Teams.

Uploaded by

Tran Lan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Identity models and authentication for Microsoft

Teams
Article • 06/03/2024 • Applies to: Microsoft Teams

Microsoft Teams supports all the identity models that are available with Microsoft 365 and Office 365, which include:

Cloud-only: User accounts are created and managed in Microsoft 365 or Office 365 and stored in Microsoft Entra ID.
User sign-in credentials (account name and password) are validated by Microsoft Entra ID.

Hybrid: User accounts are typically managed in an on-premises Active Directory Domain Services (AD DS) forest.
Depending on the configuration, credential validations are done by Microsoft Entra ID, AD DS, or a federated identity
provider. This model uses directory synchronization from AD DS to Microsoft Entra ID with Microsoft Entra Connect.

For more information, see Microsoft 365 identity models and Microsoft Entra ID.

Configurations
Depending on your organization's decisions of which identity model and configuration you use, the implementation steps
may vary.

If you haven't already deployed Microsoft 365 or Office 365 and an identity model, use this table.

ノ Expand table

Identity Model Deployment Checklist Additional information

All Office 365 plan options


1. Compare Microsoft 365 and Office 365 plan options and Compare Microsoft 365 for
obtain a subscription and a tenant. business Plans
Identity Model Deployment Checklist Additional information

2. Create a Microsoft 365 or Office 365 organization for your Buy or remove subscription
tenant. licenses
3. Purchase Microsoft 365 or Office 365 licenses for the Add licenses to a subscription
tenant Set up Microsoft 365 for business
4. Configure domains and admin user accounts. Add a domain with the setup
wizard

Microsoft FastTrack is available to


assist you.

Cloud identity Create user accounts with the Microsoft 365 admin center Add users and assign licenses

Hybrid identity Set up directory synchronization


1. Install Microsoft Entra Connect.
2. Configure directory synchronization.
3. Manage users and groups with AD DS tools.

Hybrid identity with Plan your AD FS deployment


federated authentication 1. Install and configure a federated identity provider such as Checklist: Deploy your federation
AD FS. server farm
2. Install Microsoft Entra Connect and configure directory Configure extranet access for AD
synchronization and federated authentication. FS
3. Manage users and groups with AD DS tools. Set up a trust between AD FS and
Microsoft Entra ID
Verify and manage single sign-on
with ADFS
Set up directory synchronization
Multifactor authentication
Passwords are the most common method of authentication for signing in to a computer or online service, but they're also the
most vulnerable. People can choose easy passwords and use the same passwords for multiple sign-ins to different computers
and services.

To provide an extra level of security for sign-ins, use multifactor authentication (MFA), which requires both a password and an
other verification method such as:

A text message sent to a phone that requires the user to type a verification code.
A phone call.
The Microsoft Authenticator smart phone app.
Other methods available with hybrid identity and federated authentication.

MFA is supported with any Microsoft 365 or Office 365 plan that includes Microsoft Teams. It's highly recommended that at a
minimum you require MFA for that accounts that are assigned administrator roles, such as Teams service admin.

You should also roll out MFA to your users. Once your users are enrolled for MFA, the next time they sign in, they'll see a
message that asks them to set up their extra verification method.

For more information, see multifactor authentication for Microsoft 365.

Feedback
Was this page helpful?  Yes  No

Provide product feedback

You might also like