Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Andy Malone - The new office 365 for it pro's


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Andy Malone - The new office 365 for it pro's

  1. 1. Andy Malone The New Office 365 for IT Pro’s
  2. 2. Follow me on Twitter @AndyMalone Andy Malone Microsoft MVP (Enterprise Security) Founder: Cybercrime Security Forum! Microsoft International Event Speaker MCT (18 Years) Winner: Microsoft Speaker Idol 2006 See me speak @ Microsoft TechEd 2014
  3. 3. The Extras… Follow @AndyMalone & Get my SkyDrive Link
  4. 4. Register at the Glasspaper Booth for more info & a chance to win tickets!
  5. 5. Goals Explore Connect Administer Identity Secure SharePoint Online Tips n Tricks
  6. 6. Explore…
  7. 7. What is Office 365? Latest productivity services in Microsoft’s public cloud + the latest apps
  8. 8. Benefits of Office 365 Latest productivity services in Microsoft’s public cloud + the latest apps
  9. 9. Understand where your data is stored
  10. 10. Energy In = Heat Out Removing heat is critical Environmental control is a major source of energy and water consumption Innovative approaches increase overall efficiency over traditional computer room air conditioning (CRAC)
  11. 11. Microsoft’s Datacenter Evolution 1989-2005 2007 2008 2011+ Generation 1 Generation 2 Generation 3 Generation 4 Colocation Density Containment Modular Server Capacity ~2 PUE 20 year Technology Rack Density and Deployment 1.4 – 1.6 PUE Minimized Resource Impact Containers, PODs Scalability & Sustainability 1.2 – 1.5 PUE Air & Water Economization Differentiated SLAs ITPACs & Colos Reduced Carbon, Rightsized 1.05 – 1.20 PUE Faster Time to Market Outside Air Cooled
  12. 12. Office 365 Operates as a Datacenter within Microsoft Datacenters • Shared Mechanical & Electrical • Consumer Services: • • • • Different hardware Separate access control Separate network Separate storage
  13. 13. Office 365: Getting Started
  14. 14. Adding a Domain to Office 365
  15. 15. Identity…
  16. 16. Core identity scenarios with Office 365 Cloud Identity Single identity in the cloud Suitable for small organizations with no integration to on-premises directories Directory & Password Synchronization* Single identity suitable for medium and large organizations without federation* Federated Identity Single federated identity and credentials suitable for medium and large organizations
  17. 17. Windows Azure Active Directory One Cloud Directory for every organization What it is: • The identity platform behind Office 365 & other Microsoft Cloud Services • Able to integrate with enterprise identity platforms • Enabler of single sign-on for Office 365 and other apps What it isn’t: • Windows Azure Active Directory is not your AD Domain Controllers running in the Windows Azure • We do support AD running as a role on a VM in Windows Azure IaaS – but that is a separate discussion
  18. 18. Protocols to Connect to Windows Azure AD Protocol Purpose Details REST/HTTP directory access Create, Read, Update, Delete directory objects and relationships Compatible with OData V3 Authenticate with OAuth 2.0 OAuth 2.0 Service to service authentication Delegated access JWT token format Open ID Connect Web application authentication Rich client authentication Under investigation JWT token format SAML 2.0 Web application authentication SAML 2.0 token format WS-Federation 1.3 Web application authentication SAML 1.1 token format SAML 2.0 token format JWT token format
  19. 19. WAAD Provisioning • Manual – Simple Web based user interface – Bulk import of user – Best for small customers • Scriptable – PowerShell module for windows – Programmable REST based API – Limited attribute set/object types • Automated – Directory Synchronization with delta – Full fidelity of attributes and object types – Optimized for large object sets
  20. 20. Cloud Identity OAuth2 Metadata SAML-P Graph API WS-Federation
  21. 21. Directory & Password Sync OAuth2 Metadata SAML-P Graph API WS-Federation
  22. 22. Federated Identity OAuth2 Metadata SAML-P Graph API WS-Federation
  23. 23. Account Provisioning
  24. 24. What is Dirsync? (Azure Active Directory Sync Tool ) • Enables Simple & Rich Coexistence – Provisions objects in Office 365 with same email addresses as the objects in the on-premises environment – Provides a unified Global Address List experience between on-premises and Office 365 • Objects hidden from the GAL on-premises are also hidden from the GAL in Office 365 – Enables coexistence for Exchange • Works in both simple and hybrid deployment scenarios – Enabler for mail routing between on-premises and Office 365 with a shared domain namespace – Enables coexistence for Microsoft Lync
  25. 25. Dirsync Password Synchronization • No longer requires ADFS to provide SSO – Does not sync plaintext passwords – Dirsync syncs hashes of hashes of your user's passwords greatly reducing the risk of a password leaking – You don't need to install any new software on your DCs or reboot DCs – Users don't need to change passwords – Password Syncing is 1 way. Users that have Password Sync enabled are required to change their passwords on premises in an AD connected machine. – “In my opinion not as secure as ADFS”
  26. 26. Provisioning Office 365 with Dirsync
  27. 27. |Online
  28. 28. SharePoint Cloud Continuum • Auto HA, Fault-Tolerance • Friction-free scale • Self-provisioning, mgmt @ scale SharePoint Online (Office 365) Value Prop: Value Prop: • Full h/w control – size/scale • Roll-your-own HA/DR/scale • 100% of API surface area • Easy migration of existing apps • Roll-your-own HA/DR/scale SharePoint (Windows Azure) SharePoint (On-premises) CONTROL COST-EFFICIENCY Value Prop:
  29. 29. Layers of SharePoint Online Physical Datacenters Machines Physical network Virtual Machine Roles VMs performing different roles Units of scalability called “Networks” Services 1+ services run within VM role Hundreds of services interacting
  30. 30. SharePoint Online components • SharePoint – actual bits & features – Same bits used in on-premises deployments – All features must conform to service fabric horizontals—”cloud ready” • Service Fabric – components needed to run service – – – – – – – Deployment & Environments – Topology Identity & Sign In Provisioning Tenants & Users Tenant Admin Upgrade High Availability & Disaster Recovery Telemetry, Incident Management, Debugging & Patching Code in the Service • Zoom in on topology, provisioning & upgrade – Deep dive into system topology & deployment, customers onboarding & upgrades
  31. 31. Office Web Apps • Consumer / Windows Live – Publicly available to any Live ID user – Free with SkyDrive & (Hotmail) – Iterative release cadence • On-Premise / Private Cloud – Runs as Office Web Apps Server – Integrates with SharePoint, Exchange, File shares, etc. – Minimal changes during life cycle • Office 365 / Public Cloud – An option within the service – Monthly per-user subscription – 90-day service update cycle 34
  32. 32. Browser Requirements for Office 365 Internet Explorer 8 • Safari 5 • latest Chrome • Latest Firefox •
  33. 33. SharePoint Online Topology Datacenter 1..N: Disaster Recovery Datacenter 1..N: Network 1..N: Grid Manager Network 1..N: AD Sync SCOM SPDiag DNS Admin AD Sync SCOM SPDiag DNS Admin Prov. ULS WER SMTP Backup Prov. ULS WER SMTP Backup Stamp 1: Global Directory Stamp 1: Content: Federated Services: Tenant Admin (UI) Content: Federated Services: Fed App Fed CA WFE CA Fed App Fed CA WFE CA Fed Query Fed Idx Crawl WFE Sandbox Fed Query Fed Idx Crawl WFE Sandbox App Server Timer Jobs App Server Timer Jobs SQL: SQL SQL SQL SQL NLB Directory: AD AD Stamp 2..N: SQL: SQL SQL SQL NLB SQL Directory: AD AD Stamp 2..N: Content: Federated Services: Fed App Fed CA WFE CA Fed App Fed CA WFE CA Fed Query Fed Idx Crawl WFE Sandbox Fed Query Fed Idx Crawl WFE Sandbox App Server Timer Jobs App Server Timer Jobs SQL: SQL SQL SQL SQL Directory: AD SQL: SQL AD SQL SQL SQL Directory: AD NLB DNS (multiple) OrgID Auth, Svc. Content: Federated Services: Commerce backend NLB AD Incident Management Azure (Windows/SQL) CDN Services
  34. 34. Keeping Your Data Safe Data Center client side cache Failure Scope Data Center asynchronous log shipping synchronous mirroring save none disk dc rack Copy Count recycle bin 1 4 2 10+ 6 RAID 10 Rack 1 scheduled backups point-in-time restore Rack 2 Rack 3 asynchronous replication
  35. 35. Office 365 SharePoint
  36. 36. |Online
  37. 37. Exchange —Work Smarter, Anywhere. Remain in control, online and on-premises Do more, on any device Keep the organization safe Tailor your solution based on your unique needs Manage increasing volumes of communications Protect business communications and sensitive information Ensure your communications are always available Work together more effectively as teams Meet internal and regulatory compliance requirements
  38. 38. Touch Mode adds more space and finger-friendly Quick Actions Minimized ribbon is just one touch away Consolidate views from different sources into a single contact card Inline reply lets you compose while staying in context Quick Peeks that give you access to your calendar, people and tasks without leaving your inbox Improved navigation takes less space Copyright© Microsoft Corporation
  39. 39. Email, calendar, and contacts from Outlook Web App Additional features through native integration with the device:  Stored credentials  Voice activated actions  Contact sync to native address book Apps require Office 365 with the latest update of Exchange Online
  40. 40. Delegate administrative tasks to specialist users Copyright© Microsoft Corporation Systems administrator All
  41. 41. Multi-engine protection from Exchange Online Protection (EOP) Sender notifications Admin notifications Copyright© Microsoft Corporation
  42. 42. Block email based on language New fingerprinting techniques from Exchange Online Protection (EOP) Block email based on geography Copyright© Microsoft Corporation
  43. 43. Policy details transparently displayed to end user Centrally managed or user-assigned policies Automated data retention and deletion Copyright© Microsoft Corporation Right click to assign policy to an item, folder or to all your email
  44. 44. Outlook PolicyTips notify users of policy violations before they happen A PolicyTip notifies you of a policy violation while composing an email Copyright© Microsoft Corporation
  45. 45. DLP reporting DLP policy templates support major regulatory requirements DLP reporting provides insight into organizational compliance Templates based on regulatory requirements Copyright© Microsoft Corporation
  46. 46. Use proximity searches to understand context Fine tune complex queries Search Exchange, SharePoint, and Lync data from a single interface Get instant statistics Query results across Exchange, Lync & SharePoint Laser focused refiners to help find the data you need
  47. 47. Update hybrid settings Copyright© Microsoft Corporation
  48. 48. Lync experiences
  49. 49. Exchange Online
  50. 50. Top Tips & Final Thoughts • • • • Choose Correct 365 Solution Sign up for a free trial Subscriptions yearly Options available for • • • • Kiosk Plans (Basic browser based, pop email etc) Home Premium Small Business (P Plans) Enterprise (E Plans)
  51. 51. Top Tips & Final Thoughts • • • • • • • • Product V.s. Service Clean House, users, mailboxes etc To SSO or not to SSO? Read the Planning Guides Region V.s. Compliance! Get your DNS Correct Watch out for Expiring SSL Certs Beware the Deleted Domains!
  52. 52. Review…
  53. 53. The Extras… Follow @AndyMalone & Get my SkyDrive Link
  54. 54. Tools Exchange Remote Connectivity Analyzer Exchange Client Network Bandwidth Calculator PST Capture PowerShell Scripts
  55. 55. Please evaluate the session before you leave 