Spencer Harbar: “Principles of sound Identity Management remain consistent”

February 19, 2018

Spencer Harbar

If you would get a dime for each click on your “fixing user profiles” blog post, now you would be…

Heh! Semi-retired! I really should have put some ad words on those pages! I’ve always fancied running a second hand book or record store. 🙂 The interesting thing about those articles is that despite the product moving on considerably, and indeed the material now also being used on TechNet/Docs.com they remain extremely popular. There is an awful lot of SharePoint 2010 and 2013 still out there!

What is the role of hybrid today?

Hybrid, in the context of Office 365 and SharePoint, is a twofold proposition. Firstly it’s about being able to operate on premises infrastructure in a “software as a service” fashion. In other words, being up to date, being secure, and being agile in terms of operational service management. Whilst this isn’t an aspect the vendor makes much noise about, it is probably the biggest impact to customers. Running on premises SharePoint the “old way” simply doesn’t cut the mustard any more.
Secondly it’s a stepping stone. All of the key innovation is and will continue to be “cloud first” – i.e. available in Office 365. In order to take advantage of that innovation organizations need to prepare and implement hybrid solutions to continue to take advantage of moving workloads to the cloud (for example OneDrive for Business, also known as MySites) or integrating Office 365 based solutions with legacy corpuses on premises which don’t make sense in the cloud (e.g. Integrated Hybrid Search scenarios).


We are seeing identity in SharePoint space shifting from SP centric (User Profiles) to Azure Active Directory centric. What changes does it bring, and what does it all mean in hybrid environments, where cloud identity needs to be in sync with local identity stores? What is the present, and what is the future of identity management in the cloud?

Wow, that’s a pretty big question!  Interestingly however, the principles of sound Identity Management (IdM) remain consistent. They are the same issues as they were in the late 1990s.
Everything we should have been doing with respect to IdM is now being pushed to the forefront and exposed via cloud solutions. Typically enterprises would sweep IdM challenges under the carpet, to be dealt with “another time” and most of the focus was purely on authentication and access control. With cloud identity synchronization now common, these aspects can no longer be ignored and it is imperative that on premises identity subsystems are fit for purpose and “clean” in terms of their data. These IdM practice disciplines remain the biggest challenge to successful adoption of cloud and hybrid solutions, much more so than pure technical implementation aspects.  All of the key innovations within Office 365 for example make heavy use of identity data, and the richer the identity data, the richer the features are. We’ve always had this (e.g. Corporate Directory) but now with things like Office Delve, the importance is amplified. It’s amazing how long it’s taken this to happen, and interesting that it’s the cloud in effect that has pushed us to finally dealing with identity data properly.

Regarding Identity Management, Azure Active Directory is innovating at an incredible pace, and will hopefully be embraced by Office 365 and to a lesser degree SharePoint moving forward.

Currently and for the last decade or so, we are forced to integrate multiple directories, with layers of synchronization, and in some cases multiple “metadirectories”. Whilst there will always be multiple directories, most of them are redundant and of course the additional complexity leads to less security and more brittle solutions. This is another interim phase whilst the whole industry moves to cloud driven identity solutions and the key vendors provide the appropriate solutions, especially with respect to cloud scale. Azure Active Directory is innovating at an incredible pace, and will hopefully be embraced by Office 365 and to a lesser degree SharePoint moving forward.  It does not take much of crystal ball to envisage a future where there is no separate store of User Profile information within SharePoint Online. It’s a redundant, non-scalable, flawed identity subsystem which incurs an incredible penalty in terms of the features that can be built upon it (e.g. SharePoint Social). We of course need much better tooling in Azure AD in order to make that goal a reality. The future is a single metadirectory in the cloud – and that future is Azure Active Directory.

Now a simple one: what is the future of SharePoint? 😊

SharePoint will remain at the forefront of end user access to collaboration data within the enterprise. It’s all thankfully gone back to being all about the Sharing of the Point.

How do you make all those beautiful photos that we can see on your Facebook and Flickr profiles?

Well, it’s pretty easy. You take a camera and point it at something beautiful and “click”. 😊 But seriously, like most things, decades of practice and preparation. It’s a lifetime adventure. But most importantly it’s about being able to see. There is so much beauty all around us every day, everywhere. The trick is to stop and appreciate it.

Collaboration means two-way communication!

Did you like this article? Are you interested in this topic? Would you like to share your knowledge and experience with the authors and other readers? Our #communityrocks group on Facebook is bringing everyone involved together: authors, editors and readers. Join us in sharing knowledge, asking questions and making suggestions. We would like to hear from you! 

Join us on Facebook


Related Articles

Submit a Comment

Your email address will not be published. Required fields are marked *