Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Office 365: Do’s and Don’ts, Lessons learned from the field

154,604 views

Published on

More info on http://techdays.be.

Published in: Technology

Office 365: Do’s and Don’ts, Lessons learned from the field

  1. 1. Office 365Do’s And Don’t’sIlse Van Criekinge
  2. 2. Content• What is Office365• Do’s• Don’t’s
  3. 3. Office 365?
  4. 4. ActiveDirectory.Local AzureAD.OnMicrosoft.Com
  5. 5. ActiveDirectory.Local AzureAD.OnMicrosoft.Com
  6. 6. Introducing | Your Modern Office
  7. 7. Introducing | Your Modern Office
  8. 8. Office 365 for Enterprises
  9. 9. Content• What is Office365• Do’s• Don’t’s
  10. 10. Do 1Know What You Are Subscribing To
  11. 11. Microsoft Cloud Principles
  12. 12. Service Descriptions Office 365 Service Descriptions:http://technet.microsoft.com/en-us/library/jj819284.aspx Office 365 Service Updates:http://community.office365.com/en-us/wikis/office_365_service_updates/974.aspx Office 365 Service Upgrade Center for Enterprises:http://community.office365.com/en-us/wikis/office_365_service_updates/office-365-service-upgrade-center-for-enterprise.aspx
  13. 13. Office 365 Deployment CenterSign-up for a trial: http://alturl.com/rt9j8The new Office 365 Deployment Center: Find the tools, guidance, and technical resources Pilot and Deploy Office 365 http://www.deployoffice365.com/
  14. 14. Do 2Understand Identities
  15. 15. Understanding Identities Cloud Identity Federated Identity• Separate credential from on- • Same credential as on-premises premises credential credential• Authentication occurs via cloud • Authentication occurs via on- directory service premises directory service• Password policy is stored in Office • Password policy is stored on- 365 premises• Does not require on-premises server • Requires on-premises DirSync server deployment • Requires on-premises ADFS server
  16. 16. Understanding Identities Cloud Identity Cloud Identity + DirSync Federated Identity  Smaller organizations with or without on-  Medium to Large organizations with Active  Large enterprise organizations with Active premises Active Directory Directory on-premises Directory on-premisesScenario  Does not require on-premises server  “Source of Authority” is on-premises  Single Sign-On experience deployment  Enables coexistence  “Source of Authority” is on-premisesBenefits  2 Factor Authentication options  Enables coexistence  No Single Sign-On  No Single Sign-On  Requires on-premises ADFS server deployment in high availability scenario  No 2 Factor Authentication options  No 2 Factor Authentication options  Requires on-premises DirSync server  Two sets of credentials to manage  Two sets of credentials to manage deploymentLimitations  Different password policies  Different password policies  Requires on-premises DirSync server deployment
  17. 17. Understanding Identities Cloud Identity Federated Identity Federated Identity (domain joined computer) (non-domain joined computer)Microsoft Outlook® 2010 on Sign in each session Sign in each session Sign in each sessionWindows® 7Outlook 2007 on Windows 7 Sign in each session Sign in each session Sign in each sessionOutlook 2010 or Outlook 2007 on Sign in each session Sign in each session Sign in each sessionWindows Vista® or Windows XPExchange ActiveSync® Sign in each session Sign in each session Sign in each sessionPOP, IMAP, Microsoft Outlook for Mac Sign in each session Sign in each session Sign in each session2011Web Experiences: Office 365 Portal /Outlook Web App / SharePoint Online Sign in each browser session No Prompt Sign in each browser session/ Office Web AppsOffice 2010 or Office 2007 using Sign in each SharePoint Online session Sign in each SharePoint Online Session Sign in each SharePoint Online SessionSharePoint OnlineLync Online Sign in each session No prompt Sign in each sessionOutlook for Mac 2011 Sign in each session Sign in each session Sign in each session
  18. 18. Do 3Realize ADFS is more than Federated Identities
  19. 19. ADFS Enables Enables users to access both the on-premises and cloud-based organizations with a single user name and password Provides users with a familiar sign-on experience Allows administrators to easily control account policies for cloud-based organization mailboxes by using on- premises Active Directory management tools SharePoint Hybrid Search
  20. 20. Access Control PoliciesScenario Description Office 365 access is allowed from all clients on the internalBlock all external access to Office 365 corporate network, but requests from external clients are denied based on the IP address of the external client. Office 365 access is allowed from all clients on the internal corporate network, as well as from any external clientBlock all external access to Office 365, except Exchange devices, such as smart phones, that make use of ExchangeActiveSync ActiveSync. All other external clients, such as those using Outlook, are blocked.Block all external access to Office 365, except for browser- Blocks external access to Office 365, except for passivebased applications such as Outlook Web Access or (browser-based) applications such as Outlook Web AccessSharePoint Online or SharePoint Online. This scenario is used for testing and validating client access policy deployment. It blocks external access to Office 365Block all external access to Office 365 for members of only for members of one or more Active Directory group. Itdesignated Active Directory groups can also be used to provide external access only to members of a group.
  21. 21. Do 4Is your environment ready to hook up to Office 365?
  22. 22. Deployment Readiness Tool• http://community.office365.com/en- us/forums/183/p/2285/8155.aspx• Requirements: • No administrative rights required • Domain user • Domain joined machine
  23. 23. Windows Azure Active DirectoryMulti-forest AD support is availablethrough Microsoft-led deployments Federation DirSync on FIMMulti-forest DirSync appliance supports using ADFSmultiple dis-joint account forests AD ADFIM 2010 Office 365 connector supportscomplex multi-forest topologies AD On-Premises Identity Ex: DomainAlice User
  24. 24. Non-ADSynchronization Windows Azure Active DirectoryPreferred option for DirectorySynchronization with Non-AD Sources Federation using Non- Office 365Non-AD support with FIM is available ADFS STS Connector on FIMthrough Microsoft-led deploymentsFIM 2010 Office 365 connector supports Non-AD (LDAP)complex multi-forest topologies On-Premises Identity Ex: DomainAlice User
  25. 25. Do 5Check your Network
  26. 26. Network Requirements Lync:  Lync 2013 Network Bandwidth Requirements for Media Traffic: http://technet.microsoft.com/en-us/library/jj688118.aspx  Lync 2010 Bandwidth Calculator: http://www.microsoft.com/en- us/download/details.aspx?id=19011 Exchange:  Exchange Client Network Bandwidth Calculator: http://gallery.technet.microsoft.com/office/Exchange-Client-Network-8af1bf00 SharePoint:  Plan for Bandwidth Requirements: http://technet.microsoft.com/en- us/library/cc262952(v=office.12).aspx
  27. 27. Connecting to Office 365 Office 365 URLS and IP Address Ranges  http://onlinehelp.microsoft.com/en-us/office365-enterprises/hh373144.aspx Exchange Online URLs and IP Address Ranges  http://technet.microsoft.com/en-us/exchangelabshelp/gg263350 RSS Updates for URL and IP Address Range Changes  http://go.microsoft.com/fwlink/?linkid=236301 Set up your network for Lync Online  http://onlinehelp.microsoft.com/en-us/office365-enterprises/hh416761.aspx
  28. 28. Do 6Check out Azure
  29. 29. ADFS and Azure Current Guidance:  ADFS should only be deployed in Azure VM for High Availability.  We would also not recommend a customer deploy the underlying AD domain controller to Azure. There would be latency issues for NTML authentication of domain join machines. http://msdn.microsoft.com/en- us/library/windowsazure/jj156090.aspx  You can deploy corporate domain controllers alongside AD FS on Windows Azure virtual machines, which provides additional guarantees of service availability in the event of unforeseen failures such as natural disasters. This is especially true for online services such as Microsoft Office 365 that can authenticate users directly from their on-premises corporate Active Directory.
  30. 30. Azure and Office365 http://weblogs.asp.net/scottgu/archive/2012/07/26/wi ndows-azure-and-office-365.aspx Developing Windows Azure Web Sites Integrated with Office 365 Developing Windows Azure Workflows Integrated with Office 365
  31. 31. Windows Azure™ AD RMSIntegration with Exchange Online  Company Confidential  Company Confidential Read Only  Do not forward (Works across tenants)Integration with SharePoint Online  There is no support for SharePoint Online Wave 15 (v2013) integration with customer on-premise AD RMS infrastructure.  Documents that have been protected with RMS can be uploaded to SharePoint Online only in standard document libraries.  In Office 365 Wave 15 (v2013), SharePoint Online supports RMS integration with the Windows Azure RMS service
  32. 32. Do 7UC & C: Decide what to keep On Premises andwhat to move to Online
  33. 33. Lync Interoperability withExchange and SharePoint Exchange Online Exchange Server Presence integration = (on-premises) OOF messages in Lync,Lync Online  Lync client presence integration Lync client presence integration calendar-based presence  IM/Presence in OWA status, embedded presence in MicrosoftLync Server on-premises  Lync client presence integration  Lync client presence Office Outlook® and Office  IM/Presence in OWA integration  Exchange voicemail integration  IM/Presence in OWA  Exchange voice-mail integration SharePoint Online SharePoint Server Presence integration = (on-premises) embedded presence andLync Online Lync client presence integration Lync client presence integration click-to-communicate in SharePoint sitesLync Server on-premises Lync client presence integration  Lync client presence integration  Skill search in Lync client
  34. 34. Do 8Ready to move Exchange, think about youroptions
  35. 35. Migration options IMAP migration Cutover migration Staged migration IMAP migration Supports wide range of email platforms Email only (no calendar, contacts, or tasks) HybridMigration Cutover Exchange migration Good for fast, cutover migrations No Exchange upgrade required on-premises Exchange 5.5 X Staged Exchange migration Exchange 2000 X No Exchange upgrade required on-premises Exchange 2003 X X X Identity federation with on-premises directory Exchange 2007 X X X X Exchange 2010 X X X Hybrid deployment Exchange 2013 X X XHybrid Manage users on-premises and online Notes/Domino X Enables cross-premises calendaring, smooth migration, GroupWise X and easy off-boarding Other X
  36. 36. Cutover vs. Staged Cutover Staged Cutover is designed for small/fast Staged uses the same migration engine migrations to Office 365. as cutover but in conjunction with Office Mailbox data and address book data is 365 Directory Synchronization to allow synced from on-premises to Exchange you to move a few users at a time Online via Outlook Anywhere (RPC over Mailbox data is copied via Outlook https) Anywhere As the name sounds it’s an “all at once” Users/contacts & groups are synchronized move via Directory Sync Limited to a maximum of 1000 mailboxes Exchange 2010 or later is not supported total (but hybrid based moves are)
  37. 37. Cutover Migration server roles On-premises Exchange organization Office 365 Users, Contacts & Groups via Outlook Anywhere (NSPI) Mailbox Data via Outlook Anywhere (MAPI) Existing Exchange environment (Exchange 2003 or later)
  38. 38. Staged Migration server roles On-premises Exchange organization Users, Contacts & Groups via dirsync Office 365 Office 365 Active Directory Synchronization Mailbox Data via Outlook Anywhere (MAPI) Existing Exchange environment (Exchange 2003 or 2007)
  39. 39. Hybrid Feature Comparison Feature Simple Hybrid Mail routing between on-premises and cloud (recipients on either side)   Mail routing with shared namespace (if desired) on both sides   Unified GAL   Free/Busy and calendar sharing cross-premises  Out of Office understands that cross-premises is “internal” to the organization  Mailtips, messaging tracking, and mailbox search work cross-premises  OWA redirection cross-premise (single OWA URL for both on-premises and cloud)  Single tool to manage cross-premises Exchange functions (including migrations)  Mailbox moves support both onboarding and offboarding  No outlook reconfiguration or OST resync required after mailbox migration  Preserve auth header (ensure internal email is not spam, resolve against GAL, etc.)  Centralized mail flow , ensures that all email routes inbound/outbound via on-prem 
  40. 40. Hybrid overview Federation Trust • Delegated authentication for on-premises/cloud web services • Enables Free/busy, calendar sharing, message tracking & online archive Integrated Admin • Manage all of your Exchange functions, whether cloud or on-premises Experience from the same place; Exchange Administration Center Native Mailbox • Online mailbox moves • Preserve the Outlook profile and offline folders Move • Leverages the Mailbox Replication Service (MRS) • Authenticated and encrypted mail flow between on-premises and the cloud Secure Mail Flow • Preserves the internal Exchange messages headers, allowing a seamless end user experience • Support for compliance mail flow scenarios (centralized transport)
  41. 41. Hybrid server roles On-premises Exchange organization Office 365 Active Directory Synchronization Users, Contacts & Groups via dirsync Office 365 Secure Mail Flow Sharing (free/busy, MailTips, archive, etc.) Existing Exchange Mailbox Data via Outlook Anywhere (MAPI) environment (Exchange 2007 or later) Exchange 2013 Client Access & Mailbox Server
  42. 42. Exchange 2010 Hybrid Support Exchange 2010 SP3 will be compatible with current and new O365 tenants Exchange 2010 based hybrid deployments will continue to support Exchange 2003 coexistence with the new O365 tenants Once the new O365 service is launched, Exchange 2013 based hybrid is recommended for all new deployments (unless migrating from Exchange 2003)
  43. 43. Everything Moved… Remove the Hybrid Server? In short, leave a CAS behind, maybe an Hub if you need an on- premises central mail routing server for apps/printers/scanners/etc…. Check: http://blogs.technet.com/b/exchange/archive/2012/12 /05/decommissioning-your-exchange-2010-servers- in-a-hybrid-deployment.aspx
  44. 44. One More to BookmarkExchange 2013 Deployment Assistanthttp://technet.microsoft.com/en-US/exdeploy2013/Checklist?state=672-W-AAAAAAAAQAAA
  45. 45. Hybrid – Only Exchange? SharePoint 2013 hybrid resources: http://www.microsoft.com/en-us/download/details.aspx?id=35593  One-way hybrid environment with SharePoint Server 2013 and Office 365  Two-way hybrid Search environment with SharePoint Server 2013 and Office 365  Business Connectivity Services Hybrid Overview Planning for Hybrid Voice with Lync 2013: http://technet.microsoft.com/en-us/library/jj205095.aspx
  46. 46. Do 9Need to connect with External Users?
  47. 47. Lync OnlineFederation with LyncFederation with MSNFederation with Skype
  48. 48. Skype – Lync: StatusIs IM and presence available today between Lync and Skype? Yes, on a limited basisCan Skype users add Lync users to their contact lists today? Not yet, target = JuneCan Lync users add Skype users to their Lync contact lists today? Yes, but using Skype users’ Microsoft accountsWhat communications capabilities will be supported between Lync and Skype as partof the upcoming release? In June: presence, one-on-one IM, and audio callingWhat must Skype users do to connect to Lync contacts in the upcoming release? New Skype App + Sign in with Microsoft accountWill Skype Connectivity work with Lync 2010? Yes
  49. 49. SharePoint Online Microsoft iTunes Skype ilse@hotmail.com ivcrieki ilse@hotmail.com Password x Password z Password y ilse@skynet.be Password ghi Telenet Office365 Skynet ilse@skynet.be Password def Gmail Facebook Pandora ilse@hotmail.com Password abc
  50. 50. Do 10Check our Trust Center
  51. 51. Office 365 Trust Center
  52. 52. Do 11Ask us for help in understanding if our solution isaligned with your requirements
  53. 53. Going to the Cloud with a Plan:Office 365 Customer Decision Framework
  54. 54. Content What is Office365 Do’s Don’t’s
  55. 55. Don’t’s Do not “not” look into Office 365 Do not jump in without setting clear goals and knowing what you want to achieve Do not forget to go through all the do’s
  56. 56. Thank You!

×