locked
login to O365 with LDAP or azure RRS feed

  • Question

  • hi, 

    I'm going to be integrating an association (non profit) as IT manager.

    At the moment they are running an open source email server and LDAP to center the login to the different services (only web based eg: wordpress)

    I would like to transfer the email server to O365 and the LDAP to azure and also launch teams and OneDrive.

    after doing some digging i've this :

    https://azure.microsoft.com/en-us/pricing/details/active-directory/

    and this

    https://www.microsoft.com/en-us/nonprofits/azure

    what i'm looking to do with azure is certalize the login, add 2FA, add reuse the SSO part to enable user to login to the other sites (like wordpress as said above)

    i'm currently planning on using the non-profitE1 offer

    https://products.office.com/en/nonprofit/office-365-nonprofit-plans-and-pricing?tab=2

    so my questions are :

    can we link the non-profit E1 offer and exchange (or is it included in the E1 offer) ?

    would using azure for all that i said above (login, SSO, 2FA) still be free ?

    were can i find a tutorial for using azure's SSO with php and with python ?

    can i use azure as a link to my LDAP ?

    At the moment they are running an open source email server and LDAP to centre the login to the different services (only webbased eg: wordpress)

    I would like to transfer the email server to O365 and also launch teams and OneDrive.

    At the moment they are running an open source email server and LDAP to centre the login to the different services (only webbased eg: wordpress)

    I would like to transfer the email server to O365 and also launch teams and OneDrive.

    Saturday, November 10, 2018 6:56 PM

Answers

  • i've been in contact with microsoft and this is what they had to say :

    From: TSI Azure Sales <tsiazure@microsoft.com>
    Sent: 16 November 2018 16:39
    To: 'glenn mckenna'; TSI Azure Sales
    Subject: RE: Azuré non-profit pricing

    Désolé,

    Voici la calculatrice de prix pour la France:

    https://azure.microsoft.com/fr-fr/pricing/calculator/ 

    I apologize, my French isn’t very good—I took a few years of it in school, but rarely get a chance to 
    practice. Hope you don’t mind.


    Chas Vinal
    Tech for Social Impact
    Email : tsiazure@microsoft.com

     



    From: glenn mckenna <glennmckenna2001@hotmail.com>  
    Sent: Friday, November 16, 2018 9:15 AM 
    To: TSI Azure Sales <tsiazure@microsoft.com> 
    Subject: RE: Azuré non-profit pricing

    Do you have a calculator for France ?

    The problem with a partner is that it would not be free

    Regards 
    glenn

    From: TSI Azure Sales <tsiazure@microsoft.com>  
    Sent: 16 November 2018 16:12 
    To: 'glenn mckenna' <glennmckenna2001@hotmail.com>; TSI Azure Sales <tsiazure@microsoft.com> 
    Subject: RE: Azuré non-profit pricing

    2FA is included in the Azure Active Directory Premium P1 SKU, which is available for 50 seats, free of 
    charge, in the EMS donation (https://www.microsoft.com/en-us/nonprofits/enterprise-mobility-
    security).

    Beyond that, I’m afraid the costs will vary based on the complexity of your environment.  The Azure 
    pricing calculator is a great way to estimate what your costs will be: https://azure.microsoft.com/en-
    us/pricing/calculator/

    If you’d like, I can help find a Microsoft partner in your area who could help you scope out the work and 
    plan your next steps. 

    Chas Vinal
    Tech for Social Impact
    Email : tsiazure@microsoft.com

     




    From: glenn mckenna <glennmckenna2001@hotmail.com>  
    Sent: Friday, November 16, 2018 4:38 AM 
    To: TSI Azure Sales <tsiazure@microsoft.com> 
    Subject: Re: Azuré non-profit pricing

    Hi, 
    Thanks for the quick answer, 
    How comes 2FA is not free were as it is for public (I only need to use it for OneDrive, teams, 
    exchange)? 
    How much does it cost to setup the LDAP link ? 
    Thanks for suggestion but i'm not running an AD directory but PHP LDAP, anyway how much 
    does the hybrid solution cost per user ? 
    Regards 
    Glenn 
    Get Outlook for Android

     
    From: TSI Azure Sales <tsiazure@microsoft.com> 
    Sent: Thursday, November 15, 2018 3:43:00 PM 
    To: 'glenn mckenna'; TSI Azure Sales 
    Subject: RE: Azuré non-profit pricing 
     
    Hi Glenn,
     
    It looks like you’ve already done quite a bit of research, and I see that your biggest concern seems to be 
    the valuation of EMS, and how that works out to the number of users who can have 2FA for free, 
    correct?
     
    Because nonprofit organizations receive a discount on EMS licenses, the monthly subscription price per-
    user for EMS E3 is $2.50 USD.  We donate 50 seats of EMS, which at $2.50 per user per month = 
    $125/month = $1,500/year. 
     
    I see as well that in your discussion earlier, you mentioned not wanting to use Azure Active Directory 
    Domain Services.  In the event that you change your mind on that, here’s a link to a how-to for 
    configuring LDAP access with Azure AD: https://docs.microsoft.com/en-us/azure/active-directory-
    domain-services/active-directory-ds-admin-guide-configure-secure-ldap
     
    Keep in mind that the Azure AD Domain Services resource could be paid for using a portion of the 
    $3,500 credit you receive. If you know the number of directory objects (which you can find out using 
    powershell on your domain controller), you can estimate the cost of running a DS sync to Azure to see if 
    it would fall within your budget.  Believe it or not, Azure AD vs. On-premises AD isn’t a zero-sum game. 
    You can (and I encourage most organizations to) set up a hybrid environment so that you get the best of 
    both worlds: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-hybrid-identity
     
    So, to answer your question, I hope that this explains it in much more detail. For cost, you can enable 
    2FA for free for 50 users, and then each additional user beyond that will be $2.50 per user per 
    month.  And to answer your next question, no, the $3,500 USD credit can’t be spent on EMS 
    licenses.  The $3,500 credit is only for consumption services (like VMs, storage accounts, etc.), while EMS 
    is a subscription service.  Consumption vs. subscription is a big differentiator in the billing system, which 
    is why those two sponsorships are separate from each other. 
     
    Let me know if this helps, and if you have any other questions!
     
    Chas Vinal
    Tech for Social Impact
    Email : tsiazure@microsoft.com
     
     
     
     
     
    From: glenn mckenna <glennmckenna2001@hotmail.com>  
    Sent: Thursday, November 15, 2018 1:36 AM 
    To: TSI Azure Sales <tsiazure@microsoft.com> 
    Subject: Azuré non-profit pricing
     
    Hello,
    I'm contacting you today because I'm confused with the pricing for the nonprofit solution of 
    azure.
    I'm currently looking into transfering my email server to exchange and my LDAP database to 
    azure. For the exchange solution i'm looking at the nonprofit E1 solution.
    Here's a link to the topic :link 
    My question is concerning azure, it says :
    our nonprofit Azure offer includes up to $1,500 of Azure Active Directory Premium 
    available via donated Enterprise Mobility + Security E3 subscriptions (up to 50 seats)" . If 
    you have EMS E3 licenses then 2FA will be free for 50 people who have the licenses 
    assigned.
    Could you please explain this more in detail, Bering in med that I would like to activate 2FA for 
    the users ?
    And how much will this cost ?
    Regards
    Glenn mckenna
    Get Outlook for Android
     

    Wednesday, November 21, 2018 6:26 PM

All replies

  • Hello Glennmckenna,

    can we link the non-profit E1 offer and exchange (or is it included in the E1 offer) ? yes , It's included but users can only web based outlook portal and will not be able to install Outlook App

    would using azure for all that i said above (login, SSO, 2FA) still be free ? Login and SSO will be free but 2FA is an Azure AD Premium feature and is not included in the non-profit E1 offer. However in this article "https://www.microsoft.com/en-us/nonprofits/azure" it's mentioned that " In addition, our nonprofit Azure offer includes up to $1,500 of Azure Active Directory Premium available via donated Enterprise Mobility + Security E3 subscriptions (up to 50 seats)" . If you have EMS E3 licenses then 2FA will be free for 50 people who have the licenses assigned.

    were can i find a tutorial for using azure's SSO with php and with python ?  This page has a lot of saamples that you can refer : https://docs.microsoft.com/en-us/azure/active-directory/develop/sample-v1-code

    can i use azure as a link to my LDAP ? No, Azure AD cannot  be directly linked to LDAP. You have to recreate the user identities in Azure AD and Azure AD does not support LDAP auth.

    Note: You might find that Azure AD Domain services supports LDAP but it's a paid feature where a AD environment is deployed for you in the backend which I am assuming is out of the scope for this scenario.

    Hope this helps.


    • Proposed as answer by Joe Carlyle Monday, November 12, 2018 9:05 AM
    Monday, November 12, 2018 6:58 AM
  • yes , It's included but users can only web based outlook portal and will not be able to install Outlook App

    and what about if they already have outlook (or another solution) installed on their computer or mobile ?

    Login and SSO will be free but 2FA is an Azure AD Premium feature and is not included in the non-profit E1 offer. However in this article "https://www.microsoft.com/en-us/nonprofits/azure" it's mentioned that " In addition, our nonprofit Azure offer includes up to $1,500 of Azure Active Directory Premium available via donated Enterprise Mobility + Security E3 subscriptions (up to 50 seats)" . If you have EMS E3 licenses then 2FA will be free for 50 people who have the licenses assigned.

    so if i understand correctly, in my case (with the non profit E1) i'll be able to use the 2FA up to $1.500 ?

    This page has a lot of saamples that you can refer : https://docs.microsoft.com/en-us/azure/active-directory/develop/sample-v1-code

    ahh thanks, just what i needed (great to that there's also php)

    No, Azure AD cannot  be directly linked to LDAP. You have to recreate the user identities in Azure AD and Azure AD does not support LDAP auth.

    Note: You might find that Azure AD Domain services supports LDAP but it's a paid feature where a AD environment is deployed for you in the backend which I am assuming is out of the scope for this scenario.

    indeed i do not need azure AD as a domain controller, but only to centralize the authentication to the different sites


    Monday, November 12, 2018 9:21 AM
  • so if I understand correctly, in my case (with the non profit E1) i'll be able to use the 2FA up to $1.500 ?

    I don't think that's the case. They are going to give you 50 EMS E3 licenses which are valued at $1500.

    what about if they already have outlook (or another solution) installed on their computer or mobile ?

     adding another account in the app should work. I don't have a  way to test this but the restriction is only around Office 2016 applications suite. So I believe it will work.


    Monday, November 12, 2018 9:44 AM
  • I don't think that's the case. They are going to give you 50 EMS E3 licenses which are valued at $1500.

    that isn't logical though because an 50 E3 lisences aren't worth 1500$ (not saying that you're wrong), do you know of a way to get the exact information ?

     adding another account in the app should work. I don't have a  way to test this but the restriction is only around Office 2016 applications suite. So I believe it will work.

    if i understand, you were saying that because the suite office isn't included with the non profit E1

    Monday, November 12, 2018 9:52 AM
  • I think 1500$ is per year , so not sure about the valuation. 

    https://www.microsoft.com/en-us/nonprofits/faq - You can check this for some more details and there is a way to contact partners to get the exact details for Non-Profit in there

    Yes, non Profit E1 doesn't include Office suite.

     
    Monday, November 12, 2018 10:29 AM
  • i've been in contact with microsoft and this is what they had to say :

    From: TSI Azure Sales <tsiazure@microsoft.com>
    Sent: 16 November 2018 16:39
    To: 'glenn mckenna'; TSI Azure Sales
    Subject: RE: Azuré non-profit pricing

    Désolé,

    Voici la calculatrice de prix pour la France:

    https://azure.microsoft.com/fr-fr/pricing/calculator/ 

    I apologize, my French isn’t very good—I took a few years of it in school, but rarely get a chance to 
    practice. Hope you don’t mind.


    Chas Vinal
    Tech for Social Impact
    Email : tsiazure@microsoft.com

     



    From: glenn mckenna <glennmckenna2001@hotmail.com>  
    Sent: Friday, November 16, 2018 9:15 AM 
    To: TSI Azure Sales <tsiazure@microsoft.com> 
    Subject: RE: Azuré non-profit pricing

    Do you have a calculator for France ?

    The problem with a partner is that it would not be free

    Regards 
    glenn

    From: TSI Azure Sales <tsiazure@microsoft.com>  
    Sent: 16 November 2018 16:12 
    To: 'glenn mckenna' <glennmckenna2001@hotmail.com>; TSI Azure Sales <tsiazure@microsoft.com> 
    Subject: RE: Azuré non-profit pricing

    2FA is included in the Azure Active Directory Premium P1 SKU, which is available for 50 seats, free of 
    charge, in the EMS donation (https://www.microsoft.com/en-us/nonprofits/enterprise-mobility-
    security).

    Beyond that, I’m afraid the costs will vary based on the complexity of your environment.  The Azure 
    pricing calculator is a great way to estimate what your costs will be: https://azure.microsoft.com/en-
    us/pricing/calculator/

    If you’d like, I can help find a Microsoft partner in your area who could help you scope out the work and 
    plan your next steps. 

    Chas Vinal
    Tech for Social Impact
    Email : tsiazure@microsoft.com

     




    From: glenn mckenna <glennmckenna2001@hotmail.com>  
    Sent: Friday, November 16, 2018 4:38 AM 
    To: TSI Azure Sales <tsiazure@microsoft.com> 
    Subject: Re: Azuré non-profit pricing

    Hi, 
    Thanks for the quick answer, 
    How comes 2FA is not free were as it is for public (I only need to use it for OneDrive, teams, 
    exchange)? 
    How much does it cost to setup the LDAP link ? 
    Thanks for suggestion but i'm not running an AD directory but PHP LDAP, anyway how much 
    does the hybrid solution cost per user ? 
    Regards 
    Glenn 
    Get Outlook for Android

     
    From: TSI Azure Sales <tsiazure@microsoft.com> 
    Sent: Thursday, November 15, 2018 3:43:00 PM 
    To: 'glenn mckenna'; TSI Azure Sales 
    Subject: RE: Azuré non-profit pricing 
     
    Hi Glenn,
     
    It looks like you’ve already done quite a bit of research, and I see that your biggest concern seems to be 
    the valuation of EMS, and how that works out to the number of users who can have 2FA for free, 
    correct?
     
    Because nonprofit organizations receive a discount on EMS licenses, the monthly subscription price per-
    user for EMS E3 is $2.50 USD.  We donate 50 seats of EMS, which at $2.50 per user per month = 
    $125/month = $1,500/year. 
     
    I see as well that in your discussion earlier, you mentioned not wanting to use Azure Active Directory 
    Domain Services.  In the event that you change your mind on that, here’s a link to a how-to for 
    configuring LDAP access with Azure AD: https://docs.microsoft.com/en-us/azure/active-directory-
    domain-services/active-directory-ds-admin-guide-configure-secure-ldap
     
    Keep in mind that the Azure AD Domain Services resource could be paid for using a portion of the 
    $3,500 credit you receive. If you know the number of directory objects (which you can find out using 
    powershell on your domain controller), you can estimate the cost of running a DS sync to Azure to see if 
    it would fall within your budget.  Believe it or not, Azure AD vs. On-premises AD isn’t a zero-sum game. 
    You can (and I encourage most organizations to) set up a hybrid environment so that you get the best of 
    both worlds: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-hybrid-identity
     
    So, to answer your question, I hope that this explains it in much more detail. For cost, you can enable 
    2FA for free for 50 users, and then each additional user beyond that will be $2.50 per user per 
    month.  And to answer your next question, no, the $3,500 USD credit can’t be spent on EMS 
    licenses.  The $3,500 credit is only for consumption services (like VMs, storage accounts, etc.), while EMS 
    is a subscription service.  Consumption vs. subscription is a big differentiator in the billing system, which 
    is why those two sponsorships are separate from each other. 
     
    Let me know if this helps, and if you have any other questions!
     
    Chas Vinal
    Tech for Social Impact
    Email : tsiazure@microsoft.com
     
     
     
     
     
    From: glenn mckenna <glennmckenna2001@hotmail.com>  
    Sent: Thursday, November 15, 2018 1:36 AM 
    To: TSI Azure Sales <tsiazure@microsoft.com> 
    Subject: Azuré non-profit pricing
     
    Hello,
    I'm contacting you today because I'm confused with the pricing for the nonprofit solution of 
    azure.
    I'm currently looking into transfering my email server to exchange and my LDAP database to 
    azure. For the exchange solution i'm looking at the nonprofit E1 solution.
    Here's a link to the topic :link 
    My question is concerning azure, it says :
    our nonprofit Azure offer includes up to $1,500 of Azure Active Directory Premium 
    available via donated Enterprise Mobility + Security E3 subscriptions (up to 50 seats)" . If 
    you have EMS E3 licenses then 2FA will be free for 50 people who have the licenses 
    assigned.
    Could you please explain this more in detail, Bering in med that I would like to activate 2FA for 
    the users ?
    And how much will this cost ?
    Regards
    Glenn mckenna
    Get Outlook for Android
     

    Wednesday, November 21, 2018 6:26 PM
  • Thanks for the update. It will definitely help others.

    So $1,500 credit is the cost evaluation for 50 EMS E3 licenses. 

    Thursday, November 22, 2018 2:36 AM
  • Hello Glennmckenna,

    can we link the non-profit E1 offer and exchange (or is it included in the E1 offer) ? yes , It's included but users can only web based outlook portal and will not be able to install Outlook App

    would using azure for all that i said above (login, SSO, 2FA) still be free ? Login and SSO will be free but 2FA is an Azure AD Premium feature and is not included in the non-profit E1 offer. However in this article "https://www.microsoft.com/en-us/nonprofits/azure" it's mentioned that " In addition, our nonprofit Azure offer includes up to $1,500 of Azure Active Directory Premium available via donated Enterprise Mobility + Security E3 subscriptions (up to 50 seats)" . If you have EMS E3 licenses then 2FA will be free for 50 people who have the licenses assigned.

    were can i find a tutorial for using azure's SSO with php and with python ?  This page has a lot of saamples that you can refer : https://docs.microsoft.com/en-us/azure/active-directory/develop/sample-v1-code

    can i use azure as a link to my LDAP ? No, Azure AD cannot  be directly linked to LDAP. You have to recreate the user identities in Azure AD and Azure AD does not support LDAP auth.

    Note: You might find that Azure AD Domain services supports LDAP but it's a paid feature where a AD environment is deployed for you in the backend which I am assuming is out of the scope for this scenario.

    Hope this helps.


    i would like to re-launch this answer about Azure AD Domain services, I've got the go ahead to ba able to use it !

    may i assume that you were talking abut this solution :
    https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-guide-configure-secure-ldap

    there for using Azure as the LDAP server ?
    Thursday, March 28, 2019 10:17 PM
  • Hello glennmckenna,

    Yes. You would have to first enable Azure AD DS before you can configure LDAPS. 

    You can follow the steps described here to do this.

    Also I would appreciate it, if you can open a new thread for any further questions related to Azure AD DS.

    Friday, March 29, 2019 7:19 AM