nathan mercer - microsoft infrastructure update for it pros
TRANSCRIPT
Zero to running in 60 mins Frederick Piliu Cloud Partner BDM (Microsoft) [email protected]
2 | Microsoft Confidential
Office Professional Plus is available in select service plans
- Small Business Plan (<25
Users, 50 Max)
- P Plan (Less than 25
(Hardstop @ 50),
Community only support,
Office Web Apps + Option)
Enterprise Plan (50+ Users)
E Plan (Starts today @ E1
(BPOS) E2, E3)
K Plan (Light Users)
Exchange 1
& 2
Sharepoint
1 & 2
Lync 1 & 2 Office Pro
Plus
5 | Microsoft Confidential
Creating a tenant - Trial via Partner - Direct
6 | Microsoft Confidential
Custom Plan guide
7 | Microsoft Confidential
DNS
8 | Microsoft Confidential
Migration
9 | Microsoft Confidential
Migration Overview
1 150 5,000 25,000
Cutover
Exchange
Migration
Staged Exchange Migration
(with DirSync)
MRS
<1 Week 2 Weeks 3 Weeks Several Months
None Mailflow/GalSync Free/Busy, Archive in Cloud
10
Identity Options Comparison 1. MS Online IDs
Appropriate for
• Smaller orgs without AD on-premise
Pros
• No servers required on-premise
Cons
• No SSO
• No 2FA
• 2 sets of credentials to manage with differing password policies
• IDs mastered in the cloud
2. MS Online IDs + Dir Sync
Appropriate for
• Medium/Large orgs with AD on-premise
Pros
• Users and groups mastered on-premise
• Enables co-existence scenarios
Cons
• No SSO
• No 2FA
• 2 sets of credentials to manage with differing password policies
• Single server deployment
3. Federated IDs + Dir Sync
Appropriate for
• Larger enterprise orgs with AD on-premise
Pros
• SSO with corporate cred
• IDs mastered on-premise
• Password policy controlled on-premise
• 2FA solutions possible
• Enables co-existence scenarios
Cons
• High availability server deployments required
11
Key Customer Choices • Identity Federation
− Enables single sign on
− Identities are mastered on premise.
− Requires domain registration and ADFS on premise
• Simple Coexistence − DirSync synchronizes identities
− No on-premise Exchange Server 2010 Client Access server
• Rich Coexistence − DirSync synchronizes identities
− Customer has Exchange Server 2010 Client Access server on premise
− Customer has enabled Rich Coexistence features in DirSync
− DirSync enables some new Exchange Rich Coexistence features (Filtering Coexistence, Cloud Archive)
− Filtering Coexistence: Is the customer already using an existing filtering solution?
− Cloud Archive: Enables the on-premise EMC admin to specify who should get a Cloud Archive; requires Exchange Server 2010 Client Access server on premises
12
Office 365 Archiving
14 | Microsoft Confidential
15 | Microsoft Confidential
Exchange Online (Plan 1) Users receive a combined total size
of 25 GB for their primary mailbox and archive mailbox.
Therefore, the size of the user’s archive mailbox can’t exceed
25 GB.
Exchange Online (Plan 2) Users receive unlimited storage in
their archive mailbox. However, a default quota of 100 GB is
set on the archive mailbox. In the unlikely event that a user
reaches this quota, contact Office 365 support to request
more storage space for the archive mailbox.
Exchange Online Archive
Archiving & Compliance in Exchange Online
Integrated email archiving capabilities offer tools to preserve
and discover email data, without changing the user or IT
professional experience from on-premises to the cloud
• Secondary mailbox
with separate quota
• Archive in the cloud
• Appears in Microsoft
Outlook® and OWA
• Managed through
EMC, ECP or
Windows PowerShell™
• Support for
Outlook 2007
Personal Archive
• Automated and
time-based criteria
• Works across
premise and cloud
• Manage with
EMC/ECP
• Expiry date shown
in email message
Move/Delete Policy
• Central web-based UI
across premise & cloud
• Previews, de-dupe,
annotations
• Search primary, archive,
dumpster
• Delegate through roles-
based admin
• Capture deleted
and edited
email messages
• Cross-premises
support
• Offers single
item restore
• Notify user on
hold
Hold Policy Multi-Mailbox
Search
16
17 | Microsoft Confidential
A Familiar Personal Archive
• Specialized Exchange mailbox configured
and associated with the user’s primary
mailbox
• Delivers your users a familiar experience by
seamlessly surfacing in both Outlook and
OWA
• Your users can use the same skills and
methods they already use today to interact
with archive email:
− “Drag-and-drop” email to folders
− Create folders and categorize
− Conduct searches and filter results
− Reply to messages and set flags
Arc
hiv
e
Pri
mary
Mailb
ox
18
• Easily add archiving capabilities for cloud-based users
• Manage the archive from the Exchange Control Panel
Preserve: Available to Cloud and On-Premises Users
• Create cloud archives for local users
• Requires Exchange Server 2010 SP1 on-premises
• Manage the archive using the Exchange Management Console
• If primary mailbox is later moved to the cloud, archive moves with it
For cloud-based mailboxes For on-premises mailboxes
Create a remote archive for an
Exchange Server 2010 SP1 mailbox
Enable archiving for an
Exchange Online user
19
20 | Microsoft Confidential
21 | Microsoft Confidential
22 | Microsoft Confidential
Powershell
23 | Microsoft Confidential
Scenario Description Relevant cmdlets
User creation Administrators can automate
importing their users, either for
initial onboarding to Office 365
or for adding new users on an
ongoing basis. Users can be
created with a license, which will
grant them access to services.
New-MsolUser
License
Assignment for
synched Users
Users created through DirSync
need to be activated (i.e.
assigned a license) before they
are able to use any services.
Administrators can use
PowerShell to assign licenses to
their synched users.
Set-MsolUser
Set-MsolUserLicense
Managing Admin
Roles
There are 5 built in admin roles,
each of which has it’s own set of
associated permissions. Users
can be assigned membership to
these roles (similar to how they
are assigned to a security group).
Get-MsolRole
Add-MsolRoleMember
Remove-
MsolRoleMember
Scenario Description Relevant cmdlets
Security Group
Management
Security Groups are used to
control access to SharePoint
sites. Administrators can user
PowerShell to manage Security
groups and their memberships.
New-MsolGroup, Add-
MsolGroupMember
Distribution List
Management
Administrators can use Exchange
Remote PowerShell to create
Distribution lists and manage
memberships
Available only through
Exchange Online
Managing
Contacts
Exchange Remote PowerShell can
be used to manage a companies
external contact.
Available only through
Exchange Online
Scenario Description Relevant cmdlets
Domain
Management
PowerShell cmdlets can be used
to add and verify vanity domains.
Note that in order to verify the
domain, the caller must set the
appropriate TXT or MX record
with their domain registrar.
New-MsolDomain
Get-
MsolDomainVerificationD
NS
Confirm-MsolDomain
Setting up Identity
federation with
ADFS
There are a set of cmdlets
available to set up Identity
federation for a vanity domain.
These cmdlets interact with both
MS Online and ADFS.
New-
MsolFederatedDomain
(x2)
Usage Reporting Exchange remote PowerShell
offers several cmdlets to retrieve
statistics about Mailbox usage.
Get-MsolUser
Mailbox statistics
available through
Exchange Online
Company level
settings
Admins can use PowerShell to
configure various company level
settings (such as turning on
Directory Synchronization).
Set-
MsolCompanyContactInfo
Set-
MsolCompanySettings
Set-MsolDirSyncEnabled
Import-Module MSOnline
Connect-MsolService
Connect-MsolService –Credential
$cred
Get-MsolParterContract –DomainName
contoso.com
New-MsolUser –UserPrincipalName
[email protected] –tenantID “358a21e1-46e7-
45b0-82e5-370129a58c98”
Mail Control & FOPE
30 | Microsoft Confidential
High-accuracy spam filtering Multiple virus-scanning engines
Hub Transport Mailbox
External
About 90%
of
email is
junk
Tuned for enterprise email
Included with Exchange Online subscription
Built-in protection for Exchange Online customers
FOPE Admin Center
Run real-time reports Configure policy filtering
Perform message tracking Customize spam settings
Office 365 customers can access FOPE Admin Center
Use FOPE Admin Center for these
tasks • Domain Management
– Filtering Only customers
• Message Trace
– Outside your organization
• Transport rules to control mail hygiene and corresponding mail delivery
– Configure org-wide safe/blocked senders
– Configure granular anti-spam settings
• View reports on email hygiene
• Configure and Control End to End Email Flow
– Configure Connectors
• Domain Management
– Office 365 customers (Hosted Email)
• Message Trace
– Within your organization
• Transport rules to control email delivery
• Configure journaling of emails to external archive
Use Exchange Control Panel for these
tasks
When to use Admin Center vs. the Exchange Control Panel
Permissions Mapping
Permissions mapping between Exchange Online and FOPE
Exchange Online
Console
FOPE Admin Center
Billing Administrator No access
Global Administrator Full Admin privileges
Password Administrator Admin Read-only
privileges
Service Administrator No access
User Management
Administrator
No access
35 | Microsoft Confidential
http://technet.microsoft.com/en-us/edge/office-365-
jump-start-11-lync-online-overview-configuration-for-it-
pros
http://speedtest.apac.microsoftonline.com/
http://community.office365.com/en-us/default.aspx
http://technet.microsoft.com/en-
us/exdeploy2010/default.aspx#Index
36 | Microsoft Confidential