Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-03-06

Federation is a technology in Microsoft Exchange Server 2010 that helps organizations share information with other Exchange organizations. Federation makes it easier to share free/busy (calendar availability) and contact information with users in other Exchange organizations. The following table defines the core components associated with federation in Exchange 2010.

account namespace domain

The combination of the first selected accepted domain namespace and a pre-defined string that's automatically added to the organization identifier (OrgID) as a federated domain. The account namespace domain is formatted as FYDIBOHF25SPDLT.< your domain>, is used in delegation tokens, and is unique to your Exchange organization.

application identifier (AppID)

A unique number generated by the Microsoft Federation Gateway to identify Exchange organizations. The AppID is generated when you create a federation trust with the Microsoft Federation Gateway.

delegation token

A Security Assertion Markup Language (SAML) token issued by the Microsoft Federation Gateway that allows users from one federated organization to be trusted by another federated organization. A delegation token contains the user's e-mail address, an immutable identifier, and information associated with the offer for which the token is issued for action.

external federated organization

An external Exchange organization that's established a federation trust with the Microsoft Federation Gateway.

federated delegation

A group of Exchange features that leverage a federation trust with the Microsoft Federation Gateway to work across Exchange organizations, including cross-premise Exchange deployments. Together, these features are used to make authenticated requests between servers on behalf of users across multiple Exchange organizations.

federated domain

An accepted authoritative domain that's added to the organization identifier (OrgID) for an Exchange organization.

domain proof encryption string

A cryptographically secure string used by an Exchange organization to provide proof that the organization owns the domain used with the Microsoft Federation Gateway. The string is generated by using the Get-FederatedDomainProof cmdlet.

federated sharing policy

An organization-level policy that enables and controls user-established, person-to-person sharing of both calendar and contact information.


A trust-based agreement between two Exchange organizations to achieve a common purpose. With federation, both organizations want authentication assertions from one organization to be recognized by the other.

federation trust

A relationship with the Microsoft Federation Gateway that defines the following components for your Exchange organization:

  • Account namespace

  • Application identifier (AppID)

  • Organization identifier (OrgID)

  • Federated domains

To configure federated delegation with other federated Exchange organizations, a federation trust must be established with the Microsoft Federation Gateway.

Microsoft Federation Gateway

A free identity service that runs in the cloud (over the Internet and beyond a corporate network domain). The Microsoft Federation Gateway acts as the trust broker between federated Microsoft Exchange Server 2010 organizations. It's responsible for issuing delegation tokens to Exchange recipients when they request information from recipients in other federated Exchange organizations.

non-federated organization

Organizations that don't have a federation trust established with the Microsoft Federation Gateway.

organization identifier (OrgID)

Defines which of the authoritative accepted domains configured in an organization are enabled for federation. Only recipients that have e-mail addresses with federated domains configured in the OrgID are recognized by the Microsoft Federation Gateway and able to use federated delegation features.

organization relationship

A one-to-one relationship between two federated Exchange organizations that allows recipients to share free/busy (calendar availability) information. An organization relationship requires a federation trust with the Microsoft Federation Gateway and replaces the need to use Active Directory forest or domain trusts between Exchange organizations.