Operational considerations for Office 365 with single sign-on and Azure Virtual Machines

  • Article

 

Applies to: Office 365

Summary: Introduces operational considerations for Office 365 deployments that use single sign-on with Azure Virtual Machines.

We're listening to your feedback and consolidating all our Office 365 deployment content. On July 1st, 2015, all information in this guide will be moved to https://support.office.com/, and these pages will be removed from TechNet. As you review the content still on TechNet, you'll notice many have links pointing to the new content already on https://support.office.com/.

To explore content available on https://support.office.com/, start with the Office 365 for business - Admin Help page.

Like your on-premises deployment, you need to monitor and maintain your virtual network and virtual machines.

Virtual private network (VPN) gateway management

We strongly recommend that you keep the VPN gateway active 24 hours a day, seven days a week. If you have to disconnect the gateway, you must ensure that you don’t leave the gateway disconnected for more than 50 percent of your Active Directory Domain Services (AD DS) tombstone lifetime.

Virtual machine management considerations

Managing virtual machines in Microsoft Azure is very similar to managing servers in your on-premises network. Server configuration management, software installation, and security updates can all be performed by using the tools you are using on-premises, such as Microsoft System Center Configuration Manager or Windows Server Update Services. Security updates can also use the built-in Windows Update Services client because all virtual machines in Azure have outbound Internet connectivity. Using an existing on-premises management solution requires the virtual network connection to be operational 24 hours a day, seven days a week.

Domain controller virtualization management

Deploying Windows Server Active Directory domain controllers on virtual machines is subject to the same guidelines as running domain controllers on-premises in a virtual machine. Running virtualized domain controllers in either situation requires operational procedures for backing up and restoring domain controllers within your organization.

For information about virtualizing domain controllers, see Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines.

Create system state backups by using only backup software that is specifically aware of backup requirements for Windows Server AD DS, such as Windows Server Backup. Specifically, you should never copy or clone .vhd files of domain controllers. Instead, perform regular backups. Restoring from a cloned or copied .vhd file will introduce issues that can lead to a permanently divergent state between domain controllers.