Template for Azure Network // Building up a company network
Hello @all, maybe somebody could help me, I've got the following challenge: I have a "Company" - keep things simple so lets call it "company" This Companyhas a Domain - "company.corp" So far, so good. Now I need 3 "Subdomains" - aroot.a.corp - broot.b.corp - croot.corp (yes, without the "c") In every of these "Subdomains" I need an Exchangeserver. What is the target of the Challenge.? -> I want to setup an Useraccount (e.g. the Name could be "3Admin") which is able to collect informations from all those 3 Domains and set informations there - no matter where this account is logged on - so also from a windows 10 Machine, joined to one of these 3 domains.. So e.g. I want to Login into "aroot.a.corp" with the User "3Admin" and get Values from User XY. Then I want to set exactly those values to the User YZ in the Domain "broot.b.corp" without changing the DC or without a Step in between, just with a simple PowerShell command. maybe something like get a value from User XY (in the domain aroot.a.corp) and copy it to User YZ (in the domain broot.b.corp) And here is my question: How can I setup this environment.? Do I need 4 Domain Controllers and 4 Exchanges.? I appreciate every help. Thanks in advance.!
Access control for Azure Active Directory Application to EWS mailboxes
I'm uncertain if this is in the correct place, so please bear with me. We are currently in process of migrating our Exchange environment from On-Premise to Exchange 365. Our developer team has an on premise application that uses EWS to read mailbox contents, then delete those messages. We were able to create an application registration in Azure Active Directory, and are able to access our mailboxes in 365 through impersonation and read contents - Our application is using OAuth with certificate authentication (no login credentials), and we have granted our Application the Use Exchange Web Services with full access to all mailboxes rights. The problem, however, is that we don't want this application to be able to access all mailboxes, only a specific set of mailboxes. Currently it is able to access any mailbox. My question is how can we properly secure this application to only be able to access mailboxes that we specify? I've seen different suggestions on scoping and roles, but have not been able to find a definitive answer. If we do not use OAuth, and use user credentials to log into EWS, we have a means of defining write scope in Exchange 365, which will limit that impersonation access. I've been unable to find similar means when using OAuth with a certificate, and not using specific login credentials. If anyone can provide some help or direction here, it would be greatly apprediated. Please let me know if any additional details are required.
Azure- and O365-Architecture for Affiliated Group Companies
My enterprise (an affiliated group of several manufacturing companies) is at a conceptual design phase of adopting Office 365 and Azure. The individual companies share very little in common. Actually it is quite usual in our industry to sell a complete company to another group. So with the time it is likely that single companies from our group will leave and others will join. Nevertheless there are decision makers who wish that all companies share the same domain which gives us (the IT departments of the individual companies) quite some headache. One perhaps important note: They are primarily thinking in "Email-Addresses". Meaning we shall at least share the same Email Domains. So my Questions are: What drawbacks do we have to consider having one single tenant? What drawbacks do we have to consider having multiple tenants? Is there a way to share one Domain for Emails while each affiliated company can have their own tenant?