Announcing the Availability of Active Directory Federation Services 2.0 and Forefront Protection for SharePoint 2010
Alan Le Marquand
For organizations to make the best use of their information, the people need to be able to collaborate effectively. This collaboration could be internal or external. In past posts I’ve talked about how teams can use SharePoint to share information of all types and also how organizations create connections across organizations with AD FS. In this post I will cover two new components of the Microsoft Secure collaboration solution.
Two words that give IT Pro’s sleepless nights are ” Compliance” and “Virus”. We would love to check everybody’s device as they enter and leave our buildings. Nothing bad would get in and nothing confidential would get out. But that is just not practical. To compound the problem we [Microsoft], have made every effort to make collaboration easier, mobility easier and finding information easier. The next generation workforce is also extremely mobile. They want freedom as to where they work, which potentially exposes them to malicious threats. Another factor to consider is that when you’ve opened up your environment to outside organizations, it could all be too easy to load an infected document into a SharePoint library, but a bigger concern could be the loss of sensitive information.
Fortunately, Microsoft does have a solution. The newly released Forefront Protection 2010 for SharePoint provides us with a solution to help protect the information within SharePoint and also to help enforce all-important compliance.
This solution can provide peace of mind, especially if collaboration means sharing information with other organizations where you are unsure of their security policies. Forefront Protection 2010 for SharePoint uses five anti-malware engines to deliver its protection; helping you to prevent employees or partners from uploading or downloading infected doc's, inappropriate content, or sensitive information.
It’s very easy for us [Microsoft again] to talk about collaboration. We often make statements like “SharePoint makes collaboration amongst teams or with partners easy”, while not telling you about potential challenges with sharing a SharePoint site on your domain with a partner organization. Let alone cover that this partner may not even be running directory services based on the Windows platform.
As I mentioned above, in the post on cross-organization connections with AD FS I cover more details on how you can create more secure connections between organizations. There are also examples of organizations that have done this. The core of those solutions is the second of the new components I wanted to cover, Active Directory Federation Services 2.0 (ADFS 2.0). AD FS 2.0 provides organizations with a method to not only project identities across organizational boundaries, but also into the Cloud. It is interoperable with applications based on different programming models, languages and devices through support for WS-* and SAML 2.0. The support for these standards allows you to interoperate with the Cloud, especially with applications using the Windows Identity Foundation and running on the Windows Azure platform, and with applications that use Windows Azure platform AppFabric Access Control. Access Control accepts SAML tokens for authentication; AD FS 2.0 can issue these tokens for Active Directory users. With AD FS 2.0 you can now have single sign-on to applications that are on-premises, that are at other organizations, and that are in the Cloud. Also, SharePoint 2010 is claims- aware. It has the ability to take claims from AD FS 2.0 as part of the authentication process. Single Sign-on is achievable regardless of where the application you wish to access resides.