Office 365: Do’s and Don’ts, Lessons learned from the field
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • Check out Migration to Microsoft Office 365 calculator
    http://www.scnsoft.com/migration-to-microsoft-office-365-calculator
    It doesn't pretend to be 100% accurate, but still can give ballpark figures for a decision maker.
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
75,471
On Slideshare
75,469
From Embeds
2
Number of Embeds
2

Actions

Shares
Downloads
705
Comments
1
Likes
9

Embeds 2

http://www.linkedin.com 1
https://twitter.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Office 365 offers two types of identitiesThe type of identity affects the user experience and administrative requirements
  • Applications like Outlook can save the password for future logons. The password will not have to be entered again until the password is changed or resetWeb browsers that have the capability to “keep me signed in” will not prompt the user for a password until they sign outUsers using web experience with Federated Identities on domain joined machines authenticating outside of corporate network may still receive a prompt for credentials“Rich applications” (e.g. Lync) require the Microsoft Online Services Sign-In Assistant
  • Multiple exchange organizations currently not supportedFor more details, please refer to the Wiki article here
  • Multiple exchange organizations currently not supportedFor more details, please refer to the Wiki article here
  • Slide Objective: Discuss integration scenarios betweenLync, Exchange, and SharePointNotesNo matter what the combination is between on-premises and Online deployments, Lync client presence integration always works. It is possible because this kind of integration is done at the client level and not between Lync and Exchange servers.Another thing to highlight is that when using a Lync Server on-premises deployment, users get the same features no matter if Exchange Online or Exchange on-premises is used. As mentioned earlier, IM/P in OWA and voicemail integration when using Lync Server on-premises with Exchange Online is possible thanks to Lync Federation between Office 365 and Lync Server 2010 on-premises.Also, note that no voicemail integration is possible between Lync Online and Exchange Online because Lync Online does not provide Enterprise Voice feature.When looking at the integration matrix between Lync and SharePoint, it is possible to see that in every case Lync client presence integration works: it is possible because integration is done at the client level and not between Lync and SharePoint servers.Note that Skill search in Lync client is only available when using a combination of Lync Server on-premises and SharePoint Server on-premises.
  • Here is a summary of the migration tools and options we have with Exchange Online. Customers have choices to move to the cloud quickly with native migration options, to take a more measured approach to the cloud according to their business requirements or maintaining mailboxes on-premises and online for a longer period of time.We have a single management experience with their tools and API across all migration sets. Note: Exchange hybrid does not work with Exchange 2003. However, Exchange 2003 customers will be able to deploy Exchange 2010 hybrid with Exchange Online 15 in order to have a smoother experience to migrate to the cloud, if other options are not ideal for their business requirements.
  • This is what you get when you have Hybrid coexistence. Some features are optional and require more configuration than others.
  • http://blogs.technet.com/b/educloud/archive/2011/09/08/what-do-you-get-with-exchange-hybrid.aspx

Transcript

  • 1. Office 365Do’s And Don’t’sIlse Van Criekinge
  • 2. Content• What is Office365• Do’s• Don’t’s
  • 3. Office 365?
  • 4. ActiveDirectory.Local AzureAD.OnMicrosoft.Com
  • 5. ActiveDirectory.Local AzureAD.OnMicrosoft.Com
  • 6. Introducing | Your Modern Office
  • 7. Introducing | Your Modern Office
  • 8. Office 365 for Enterprises
  • 9. Content• What is Office365• Do’s• Don’t’s
  • 10. Do 1Know What You Are Subscribing To
  • 11. Microsoft Cloud Principles
  • 12. Service Descriptions Office 365 Service Descriptions:http://technet.microsoft.com/en-us/library/jj819284.aspx Office 365 Service Updates:http://community.office365.com/en-us/wikis/office_365_service_updates/974.aspx Office 365 Service Upgrade Center for Enterprises:http://community.office365.com/en-us/wikis/office_365_service_updates/office-365-service-upgrade-center-for-enterprise.aspx
  • 13. Office 365 Deployment CenterSign-up for a trial: http://alturl.com/rt9j8The new Office 365 Deployment Center: Find the tools, guidance, and technical resources Pilot and Deploy Office 365 http://www.deployoffice365.com/
  • 14. Do 2Understand Identities
  • 15. Understanding Identities Cloud Identity Federated Identity• Separate credential from on- • Same credential as on-premises premises credential credential• Authentication occurs via cloud • Authentication occurs via on- directory service premises directory service• Password policy is stored in Office • Password policy is stored on- 365 premises• Does not require on-premises server • Requires on-premises DirSync server deployment • Requires on-premises ADFS server
  • 16. Understanding Identities Cloud Identity Cloud Identity + DirSync Federated Identity  Smaller organizations with or without on-  Medium to Large organizations with Active  Large enterprise organizations with Active premises Active Directory Directory on-premises Directory on-premisesScenario  Does not require on-premises server  “Source of Authority” is on-premises  Single Sign-On experience deployment  Enables coexistence  “Source of Authority” is on-premisesBenefits  2 Factor Authentication options  Enables coexistence  No Single Sign-On  No Single Sign-On  Requires on-premises ADFS server deployment in high availability scenario  No 2 Factor Authentication options  No 2 Factor Authentication options  Requires on-premises DirSync server  Two sets of credentials to manage  Two sets of credentials to manage deploymentLimitations  Different password policies  Different password policies  Requires on-premises DirSync server deployment
  • 17. Understanding Identities Cloud Identity Federated Identity Federated Identity (domain joined computer) (non-domain joined computer)Microsoft Outlook® 2010 on Sign in each session Sign in each session Sign in each sessionWindows® 7Outlook 2007 on Windows 7 Sign in each session Sign in each session Sign in each sessionOutlook 2010 or Outlook 2007 on Sign in each session Sign in each session Sign in each sessionWindows Vista® or Windows XPExchange ActiveSync® Sign in each session Sign in each session Sign in each sessionPOP, IMAP, Microsoft Outlook for Mac Sign in each session Sign in each session Sign in each session2011Web Experiences: Office 365 Portal /Outlook Web App / SharePoint Online Sign in each browser session No Prompt Sign in each browser session/ Office Web AppsOffice 2010 or Office 2007 using Sign in each SharePoint Online session Sign in each SharePoint Online Session Sign in each SharePoint Online SessionSharePoint OnlineLync Online Sign in each session No prompt Sign in each sessionOutlook for Mac 2011 Sign in each session Sign in each session Sign in each session
  • 18. Do 3Realize ADFS is more than Federated Identities
  • 19. ADFS Enables Enables users to access both the on-premises and cloud-based organizations with a single user name and password Provides users with a familiar sign-on experience Allows administrators to easily control account policies for cloud-based organization mailboxes by using on- premises Active Directory management tools SharePoint Hybrid Search
  • 20. Access Control PoliciesScenario Description Office 365 access is allowed from all clients on the internalBlock all external access to Office 365 corporate network, but requests from external clients are denied based on the IP address of the external client. Office 365 access is allowed from all clients on the internal corporate network, as well as from any external clientBlock all external access to Office 365, except Exchange devices, such as smart phones, that make use of ExchangeActiveSync ActiveSync. All other external clients, such as those using Outlook, are blocked.Block all external access to Office 365, except for browser- Blocks external access to Office 365, except for passivebased applications such as Outlook Web Access or (browser-based) applications such as Outlook Web AccessSharePoint Online or SharePoint Online. This scenario is used for testing and validating client access policy deployment. It blocks external access to Office 365Block all external access to Office 365 for members of only for members of one or more Active Directory group. Itdesignated Active Directory groups can also be used to provide external access only to members of a group.
  • 21. Do 4Is your environment ready to hook up to Office 365?
  • 22. Deployment Readiness Tool• http://community.office365.com/en- us/forums/183/p/2285/8155.aspx• Requirements: • No administrative rights required • Domain user • Domain joined machine
  • 23. Windows Azure Active DirectoryMulti-forest AD support is availablethrough Microsoft-led deployments Federation DirSync on FIMMulti-forest DirSync appliance supports using ADFSmultiple dis-joint account forests AD ADFIM 2010 Office 365 connector supportscomplex multi-forest topologies AD On-Premises Identity Ex: DomainAlice User
  • 24. Non-ADSynchronization Windows Azure Active DirectoryPreferred option for DirectorySynchronization with Non-AD Sources Federation using Non- Office 365Non-AD support with FIM is available ADFS STS Connector on FIMthrough Microsoft-led deploymentsFIM 2010 Office 365 connector supports Non-AD (LDAP)complex multi-forest topologies On-Premises Identity Ex: DomainAlice User
  • 25. Do 5Check your Network
  • 26. Network Requirements Lync:  Lync 2013 Network Bandwidth Requirements for Media Traffic: http://technet.microsoft.com/en-us/library/jj688118.aspx  Lync 2010 Bandwidth Calculator: http://www.microsoft.com/en- us/download/details.aspx?id=19011 Exchange:  Exchange Client Network Bandwidth Calculator: http://gallery.technet.microsoft.com/office/Exchange-Client-Network-8af1bf00 SharePoint:  Plan for Bandwidth Requirements: http://technet.microsoft.com/en- us/library/cc262952(v=office.12).aspx
  • 27. Connecting to Office 365 Office 365 URLS and IP Address Ranges  http://onlinehelp.microsoft.com/en-us/office365-enterprises/hh373144.aspx Exchange Online URLs and IP Address Ranges  http://technet.microsoft.com/en-us/exchangelabshelp/gg263350 RSS Updates for URL and IP Address Range Changes  http://go.microsoft.com/fwlink/?linkid=236301 Set up your network for Lync Online  http://onlinehelp.microsoft.com/en-us/office365-enterprises/hh416761.aspx
  • 28. Do 6Check out Azure
  • 29. ADFS and Azure Current Guidance:  ADFS should only be deployed in Azure VM for High Availability.  We would also not recommend a customer deploy the underlying AD domain controller to Azure. There would be latency issues for NTML authentication of domain join machines. http://msdn.microsoft.com/en- us/library/windowsazure/jj156090.aspx  You can deploy corporate domain controllers alongside AD FS on Windows Azure virtual machines, which provides additional guarantees of service availability in the event of unforeseen failures such as natural disasters. This is especially true for online services such as Microsoft Office 365 that can authenticate users directly from their on-premises corporate Active Directory.
  • 30. Azure and Office365 http://weblogs.asp.net/scottgu/archive/2012/07/26/wi ndows-azure-and-office-365.aspx Developing Windows Azure Web Sites Integrated with Office 365 Developing Windows Azure Workflows Integrated with Office 365
  • 31. Windows Azure™ AD RMSIntegration with Exchange Online  Company Confidential  Company Confidential Read Only  Do not forward (Works across tenants)Integration with SharePoint Online  There is no support for SharePoint Online Wave 15 (v2013) integration with customer on-premise AD RMS infrastructure.  Documents that have been protected with RMS can be uploaded to SharePoint Online only in standard document libraries.  In Office 365 Wave 15 (v2013), SharePoint Online supports RMS integration with the Windows Azure RMS service
  • 32. Do 7UC & C: Decide what to keep On Premises andwhat to move to Online
  • 33. Lync Interoperability withExchange and SharePoint Exchange Online Exchange Server Presence integration = (on-premises) OOF messages in Lync,Lync Online  Lync client presence integration Lync client presence integration calendar-based presence  IM/Presence in OWA status, embedded presence in MicrosoftLync Server on-premises  Lync client presence integration  Lync client presence Office Outlook® and Office  IM/Presence in OWA integration  Exchange voicemail integration  IM/Presence in OWA  Exchange voice-mail integration SharePoint Online SharePoint Server Presence integration = (on-premises) embedded presence andLync Online Lync client presence integration Lync client presence integration click-to-communicate in SharePoint sitesLync Server on-premises Lync client presence integration  Lync client presence integration  Skill search in Lync client
  • 34. Do 8Ready to move Exchange, think about youroptions
  • 35. Migration options IMAP migration Cutover migration Staged migration IMAP migration Supports wide range of email platforms Email only (no calendar, contacts, or tasks) HybridMigration Cutover Exchange migration Good for fast, cutover migrations No Exchange upgrade required on-premises Exchange 5.5 X Staged Exchange migration Exchange 2000 X No Exchange upgrade required on-premises Exchange 2003 X X X Identity federation with on-premises directory Exchange 2007 X X X X Exchange 2010 X X X Hybrid deployment Exchange 2013 X X XHybrid Manage users on-premises and online Notes/Domino X Enables cross-premises calendaring, smooth migration, GroupWise X and easy off-boarding Other X
  • 36. Cutover vs. Staged Cutover Staged Cutover is designed for small/fast Staged uses the same migration engine migrations to Office 365. as cutover but in conjunction with Office Mailbox data and address book data is 365 Directory Synchronization to allow synced from on-premises to Exchange you to move a few users at a time Online via Outlook Anywhere (RPC over Mailbox data is copied via Outlook https) Anywhere As the name sounds it’s an “all at once” Users/contacts & groups are synchronized move via Directory Sync Limited to a maximum of 1000 mailboxes Exchange 2010 or later is not supported total (but hybrid based moves are)
  • 37. Cutover Migration server roles On-premises Exchange organization Office 365 Users, Contacts & Groups via Outlook Anywhere (NSPI) Mailbox Data via Outlook Anywhere (MAPI) Existing Exchange environment (Exchange 2003 or later)
  • 38. Staged Migration server roles On-premises Exchange organization Users, Contacts & Groups via dirsync Office 365 Office 365 Active Directory Synchronization Mailbox Data via Outlook Anywhere (MAPI) Existing Exchange environment (Exchange 2003 or 2007)
  • 39. Hybrid Feature Comparison Feature Simple Hybrid Mail routing between on-premises and cloud (recipients on either side)   Mail routing with shared namespace (if desired) on both sides   Unified GAL   Free/Busy and calendar sharing cross-premises  Out of Office understands that cross-premises is “internal” to the organization  Mailtips, messaging tracking, and mailbox search work cross-premises  OWA redirection cross-premise (single OWA URL for both on-premises and cloud)  Single tool to manage cross-premises Exchange functions (including migrations)  Mailbox moves support both onboarding and offboarding  No outlook reconfiguration or OST resync required after mailbox migration  Preserve auth header (ensure internal email is not spam, resolve against GAL, etc.)  Centralized mail flow , ensures that all email routes inbound/outbound via on-prem 
  • 40. Hybrid overview Federation Trust • Delegated authentication for on-premises/cloud web services • Enables Free/busy, calendar sharing, message tracking & online archive Integrated Admin • Manage all of your Exchange functions, whether cloud or on-premises Experience from the same place; Exchange Administration Center Native Mailbox • Online mailbox moves • Preserve the Outlook profile and offline folders Move • Leverages the Mailbox Replication Service (MRS) • Authenticated and encrypted mail flow between on-premises and the cloud Secure Mail Flow • Preserves the internal Exchange messages headers, allowing a seamless end user experience • Support for compliance mail flow scenarios (centralized transport)
  • 41. Hybrid server roles On-premises Exchange organization Office 365 Active Directory Synchronization Users, Contacts & Groups via dirsync Office 365 Secure Mail Flow Sharing (free/busy, MailTips, archive, etc.) Existing Exchange Mailbox Data via Outlook Anywhere (MAPI) environment (Exchange 2007 or later) Exchange 2013 Client Access & Mailbox Server
  • 42. Exchange 2010 Hybrid Support Exchange 2010 SP3 will be compatible with current and new O365 tenants Exchange 2010 based hybrid deployments will continue to support Exchange 2003 coexistence with the new O365 tenants Once the new O365 service is launched, Exchange 2013 based hybrid is recommended for all new deployments (unless migrating from Exchange 2003)
  • 43. Everything Moved… Remove the Hybrid Server? In short, leave a CAS behind, maybe an Hub if you need an on- premises central mail routing server for apps/printers/scanners/etc…. Check: http://blogs.technet.com/b/exchange/archive/2012/12 /05/decommissioning-your-exchange-2010-servers- in-a-hybrid-deployment.aspx
  • 44. One More to BookmarkExchange 2013 Deployment Assistanthttp://technet.microsoft.com/en-US/exdeploy2013/Checklist?state=672-W-AAAAAAAAQAAA
  • 45. Hybrid – Only Exchange? SharePoint 2013 hybrid resources: http://www.microsoft.com/en-us/download/details.aspx?id=35593  One-way hybrid environment with SharePoint Server 2013 and Office 365  Two-way hybrid Search environment with SharePoint Server 2013 and Office 365  Business Connectivity Services Hybrid Overview Planning for Hybrid Voice with Lync 2013: http://technet.microsoft.com/en-us/library/jj205095.aspx
  • 46. Do 9Need to connect with External Users?
  • 47. Lync OnlineFederation with LyncFederation with MSNFederation with Skype
  • 48. Skype – Lync: StatusIs IM and presence available today between Lync and Skype? Yes, on a limited basisCan Skype users add Lync users to their contact lists today? Not yet, target = JuneCan Lync users add Skype users to their Lync contact lists today? Yes, but using Skype users’ Microsoft accountsWhat communications capabilities will be supported between Lync and Skype as partof the upcoming release? In June: presence, one-on-one IM, and audio callingWhat must Skype users do to connect to Lync contacts in the upcoming release? New Skype App + Sign in with Microsoft accountWill Skype Connectivity work with Lync 2010? Yes
  • 49. SharePoint Online Microsoft iTunes Skype ilse@hotmail.com ivcrieki ilse@hotmail.com Password x Password z Password y ilse@skynet.be Password ghi Telenet Office365 Skynet ilse@skynet.be Password def Gmail Facebook Pandora ilse@hotmail.com Password abc
  • 50. Do 10Check our Trust Center
  • 51. Office 365 Trust Center
  • 52. Do 11Ask us for help in understanding if our solution isaligned with your requirements
  • 53. Going to the Cloud with a Plan:Office 365 Customer Decision Framework
  • 54. Content What is Office365 Do’s Don’t’s
  • 55. Don’t’s Do not “not” look into Office 365 Do not jump in without setting clear goals and knowing what you want to achieve Do not forget to go through all the do’s
  • 56. Thank You!