office 365 | discovery · pdf filethe minnesota state colleges and universities system is an...
TRANSCRIPT
The Minnesota State Colleges and Universities system is an Equal Opportunity employer and educator.
Office 365 | Discovery Workshop
<INSTITUTION NAME> Migration Planning
<DATE>
Goals of Discovery
To provide an overview of the single tenant (design, support process, roles/responsibilities etc).
To understand the current environment of the migrating institution.
Determine a migration plan, identify remediation items and migration timeline.
2
Discovery Topics
Day 1
Overview of Office 365 Single Tenant Terms and Conditions
The User Experience (UX)
Technical Design
Roles, Support and Governance
Discovery of Migrating Institution Current Environment
Current- and Future-State Processes
3
Day 2
Migration Planning Migration Process
Pilot Strategy
Pre-Migration Tasks
Remediation Tasks
Timeline
Training & Communications
Review toolkit
Training & Communications Planning
Overview of the Office 365 Single Tenant
4
Terms, Conditions & StandardsInstitutions who choose to participate in the single tenant must agree to the following prior to migrating:
StarID should be considered public data.
Employees and Students will leverage the following credentials when accessing their Office 365 account
Employee UPN: %starid%@mnscu.edu
Student UPN: %starid%@go.mnscu.edu
Institution accepts any risks associated to an employee having access to emails and OneDrive content associated to a concluded role while still an employee within the MnSCU system.
Institution will use the defined naming conventions.
Institution has reviewed and accepted the defined Service Descriptions.
5
Terms, Conditions & Standards, cont. Institution will leverage Shared Services and has reviewed and accept the defined
support processes.
Shared Services will leverage campuses current provisioning and de-provisioning rules
Institution will follow and adhere to the Office 365 Single Tenant Governance Process.
Migrating institutions will fund their migration, licenses and accept cost outlined within the Shared Services Cost Model.
6
7
go.mnscu.eduExternally
Connected* Opt Out Notes
Common student account X
Outlook
User is Searchable in Global Address List XUser must know the email address of the externallyconnected campus in order to collaborate.
Free/Busy calendar X X
Detail calendar X
Skype for Business
User is Searchable in Global Address List XUser must know the email address of the externallyconnected campus in order to view.
Free/Busy Status X X
Collaborate - share, meet X X
Yammer
Engage in social networking (e.g., share, form groups, discover, connect)
X
User is Searchable (by name) X
SharePoint
mnscu.edu SharePoint access X
OneDrive X
Student Experience
*Assumes the externally connected campus is leveraging Office 365 and Lync for students.
8
mnscu.eduExternally
Connected* Opt Out Notes
Common faculty / staff account X
Outlook
User is Searchable in Global Address List XUser must know the email address of the externallyconnected campus in order to collaborate.
Free/Busy calendar X X
Detail calendar X
Skype for Business
User is Searchable in Global Address List XUser must know the email address of the externallyconnected campus in order to collaborate.
Free/Busy Status X X
Collaborate - share, meet X X
Yammer
Engage in social networking (e.g., share, form groups, discover, connect)
X X X Dependent on Connect migration
User is Searchable (by name) X X X Dependent on Connect migration
SharePoint
SharePoint access X
SharePoint Connect access X X X Dependent on Connect migration
OneDrive X X X Dependent on Connect migration
Employee Experience
*Assumes the externally connected campus is leveraging Office 365 and Lync for employees.
*mnscu.edu will not be leveraged for mail routing with Phase 1 (System Office and Rainy River migrations)**Shared Services generated SMTP addresses for new accounts: If participating institution is not synchronizing their directory data into Single Tenant Active Directory (STAD), the following naming convention will be used.
9
Naming Convention Example
UPN Employee: %StarID%@mnscu.eduStudent: %StarID%@go.mnscu.edu
Display Name Surname<comma><space>Preferred Name<space>Middle
Initial
Smith, John L
Exchange Shared Mailbox 3-5 Letter of Campus<hyphen>Shared Account Name PINE-TRIO
Distribution List 3-5 Letter of Campus<hyphen>Distribution Group Name PINE-Help Desk
Conference Room 3-5 Letter of Campus<hyphen>Location<space><RM>Room
Name<hyphen>Capabilities
PINE-601 RM140-VC
Equipment 3-5 Letter of Campus<hyphen>Optional
Location<space>Equipment with enumerator
PINE-Projector1
Groups in O365 3-5 Letter of Campus<hyphen>Group Name PINE-PsychAb4022
Attribute Naming Convention Example
Assigned Proxy Address*
Employee
Student
%StarID%@mnscu.edu
%StarID%@go.mnscu.edu
Proxy Address** <firstname>.<lastname>@institution.edu [email protected]
Naming Conventions
10
Office 365 is designed to work with the following software:
The current or immediately previous version of Internet Explorer or Firefox, or the latest version of Chrome or Safari.
Any version of Microsoft Office in mainstream support.
Office clients in mainstream support
Most Office 365 plans provide you with the latest versions of Office desktop applications, such as Word, Excel, and PowerPoint.
Operating system requirements
Office 365 does not have an operating system requirement, except that the operating system you use must be supported by its manufacturer.
Source: https://support.office.com/en-us/article/Office-365-system-requirements-719254C0-2671-4648-9C84-C6A3D4F3BE45
System Requirements
11
Supported Mobile Devices
Android phone or tablet
iPhone or iPad
Windows phone or tablet
Blackberry – can be set up to work with O365; some caveats
EAS** Access Settings provide control over which mobile devices can synchronize to Exchange Online mailboxes and which administrators are notified when devices are quarantined
Device access rules determine whether users can synchronize to Exchange with specific mobile device families or models
Source: https://support.office.com/en-in/article/Office-365-mobile-setup---Help-7dabb6cb-0046-40b6-81fe-767e0b1f014f?ui=en-US&rs=en-IN&ad=IN
**Microsoft Exchange ActiveSync. Source: 5 SEP clients and Collaboration.Customer.ppt provided by Microsoft to MnSCU
System Retention Policies
12
System Retention
User recoverable deleted items (dumpster) available for 14 days
Detached mailbox retention –30 days
Detached mailbox on in-place hold indefinite
Default Retention Settings in Exchange Online
13
Tag name Tag type Retention age limit (days) Retention action
Deleted Items Deleted Items folder**14 with the ability to increase to 30
User managed. Default policy exists but must be turned on by user. Previously policy was on by default.
Junk Email JunkEmail** 30 Delete and Allow Recovery
1 Week Delete Personal 7
User managed. By default policy is turned off. User can right-click a folder and assign a policy to a folder.
1 Month Delete Personal 30 Same as above
6 Month Delete Personal 180 Same as above
1 Year Delete Personal 365 Same as above
5 Year Delete Personal 1825 Same as above
Never Delete*** Personal No age limit Same as above
Note:
There are no default retention policies applied in Exchange Online
Retention tags with a type of All are DPTs. DPTs apply to items that don't have another retention tag applied.
** The type for RPTs identifies the default mail folder that the tag applies to.
*** This tag isn't enabled by default. Items that have this retention tag are either never moved or never deleted
Mailbox Limits
14
Feature Office 365 Enterprise E1 Office 365 Enterprise E3 / E4
User mailboxes 50 GB 50 GB
Archive mailboxes 50 GB2 No limit
Shared mailboxes* 10 GB4 10 GB
Resource mailboxes* 10 GB 10 GB
Site mailboxes* 5 GB 5 GB
* Denotes mailboxes that are not licensed
Recipient and Sender LimitsLimit Value
Recipient limit The maximum number of message recipients allowed in the To:, Cc:, and Bcc: fields.
500 recipients
Maximum message size for large distribution groups If a message is sent to 5,000 or more recipients, the message size can't exceed this limit. If the message size exceeds the limit, the message isn't delivered, and the sender receives a non-delivery report (NDR). The total recipient count is determined after distribution group expansion.
2 MB
Message rate limit The maximum number of e-mail messages that can be sent from a single e-mail client per minute. The client is identified by the user account.
30 messages per minute
Recipient rate limit The maximum number of recipients that can receive e-mail messages sent from a single cloud-based mailbox in a 24 hour period. After the limit has been reached, messages can’t be sent from the mailbox until the number of recipients that were sent messages in the past 24 hours drops below the limit. The recipient rate limit applies to messages sent to recipients inside and outside your organization.
10,000 recipients per day
Message LimitsLimit Value
Message size limit The maximum total size of an e-mail message. The total size includes the message header, the message body, and any file attachments.
150 MB
File attachments limit The maximum number of file attachments allowed in an email message. 125 attachments
Subject length limit The maximum number of text characters allowed in the subject line of an e-mail message.
255 characters
Embedded message depth limit The maximum number of forwarded e-mail messages that are allowed in an e-mail message.
30 embedded messages
Note: If any of the message limits are “true” the MRS mailbox move is abandon. Mailboxes are moved in entirety, items can’t be skipped or left behind.
OneDrive for Business OneDrive for Business will want to sync your SharePoint
MySite by default.
25 GB of personal space will be provided.
17
User Authentication Prompts
18
1 Stores cached credentials in Windows Credential Manager (WCM). If WCM is disabled (no ability to cache credentials),
user will be prompted each time application starts
App / Service User Experience
Outlook 2013/2010/2007, Exchange ActiveSync, POP, IMAP
Prompted for credentials on first connection (and at each password change/expiration) with checkbox to "Save Password"1
OneDrive for Business Prompted for credentials on first connection (and at each password change/expiration) with checkbox to "Save Password"1
Browser - Microsoft Online Portal, SharePoint Online, Office Web Apps
Forms-based authentication
Skype for Business Prompted for credentials on first connection (and at each password change/expiration) with checkbox to "Save Password"1
Provisioning and De-Provisioning
Provisioning and de-provisioning accounts will be based on institution rules.
Shared Services can grant delegate access to separated employees’ mailboxes upon request.
Email address can be created by the institution or Shared Services
License Management Tool
August functionality:
Tool will manage both the base licensing level and a la carte licensing (product level).
Global Licensing Manager will perform licensing activities in the tool (Institution-level future state).
User will be assigned or removed automatically to the appropriate license based on their institution, group membership, and/or individually assigned license.
Reporting, tracking, auditing performed by Global Licensing Manager.
In the meantime, licensing will be managed manually by Shared Services.
COMING SOON!!
eDiscovery / Legal Hold Requests
Basic process for institutions in the single tenant:
Submit requests to System Office Security.
Purchase E3 license.
Shared Services responsible for fulfilling the requests (includes applying E3 license to the account).
22
Governance TeamParticipatingCampus
Advisory Board Tenant Administrator
Shared Services Manager
Shared Services Administrators
Responsibilities of Participating Campuses include:- Submits requests for
changes to the Shared Services Manager.- Cascades
communications regarding upcoming changes to their campus, as appropriate.
The Advisory Board consists of CIOs from the system office and various campuses whose responsibilities include:- Provide strategic
direction for the single tenant.- Review and approve
changes that impact the tenant as a whole.
Responsibilities of the system office Vice Chancellor and Assoc. Vice Chancellor of Infrastructure include:- Ensures change
requests requiring Advisory Board approval are reviewed, decisions made and communicated back to Shared Services Manager. - Final decision maker
for changes impacting the tenant as a whole.
Responsibilities of the Shared Services Manager include:- Central point of
contact for all change requests.- Works with the
Advisory Board (via Tenant Owner) to obtain approval for change requests impacting the tenant as a whole. - Works within the
Shared Services Team to complete change requests.- Ensures campuses are aware of changes being made, timing and impact to users.
Responsibilities of the Shared Services Team include:- Ensures Microsoft
updates are tested within the test environment prior to production. - Completes approved
change requests from the Advisory Board and/or participating campus.- Responsible for the
day-to-day operations of the tenant.
Support Process
23
Shared Services - Roles
24
The following Roles will be provided within the Shared Services Team:
Shared Services Manager
Centralized Helpdesk
Global Administrator(s)
Exchange Administrator(s)
SharePoint Site Collection Administrator(s)
Skype for Business Administrator(s)
Administrator(s) for “Other” Office 365 Services
NOTE: One resource can fill multiple roles
Shared Services - ResponsibilitiesMIGRATION Facilitate campus migrations of Exchange and/or SharePoint. Apply voicemail dial plan, policy and number to mailboxes. Establish external connections (federations)
ACCOUNT ONBOARDING O365 account provisioning and deprovisioning based on campus policy. Email address creation.* Standard proxy address creation.* Sip address creation for Skype for Business. License management based on campus licensing rules.
*Available services that are optional for campuses participating in the tenant - campuses can continue with these activities if preferred.
NOTE: Shared Services will manage licenses for the tenant but the associated cost of the required licenses will be the responsibility of the campus.
25
Shared Services - ResponsibilitiesON-GOING SUPPORT / MAINTENANCE eDiscovery and legal holds. Establish and maintain base-level affiliations and distribution groups. Creation of Resource Mailboxes. Maintain the automated process for Office 365 Groups per campus (these groups
span all Office 365 products). Maintain campus address book. Establish and maintain shared accounts. Test and apply Microsoft updates for Office 365 products/services. Centralized Help Desk and Tier II support for Office 365 products/services. Development and on-going maintenance of tools required to manage affiliations,
groups and licenses. Change management through the Office 365 and SharePoint governance process. Farm-level SharePoint administration. Integrate and maintain SharePoint 3rd party apps. Accountable to be subject matter experts for all Office 365 products (current state
and future Microsoft enhancements).
26
27
Campus - ResponsibilitiesMIGRATIONS Remediation of migration tasks Campus / user communications and training.
ACCOUNT ON-BOARDING Email address creation – if campus chooses to retain creation vs. leverage shared
services.* Additional Proxy address creation.*
ON-GOING SUPPORT First-level of support for campus users. Site-collection SharePoint administration. Creation of one-off affiliation and distribution groups (assuming a tool is created)
*Available services that are optional for campuses participating in the tenant - campuses can continue with these activities if preferred.
NOTE: Shared Services will manage licenses for the tenant but the associated cost of the required licenses will be the responsibility of the campus.
Discovery of Migrating Institution
28
Current platforms and operating systems? (Cloud or OnPrem)
Version of Exchange?
Mail enabled apps? (e.g., monitoring solutions)
SMTP authentication?
Existing email naming policies?
Mail flow
Do you have individual end-user mailboxes larger than 50 GB?
Do you have mail messages larger than 150 MB?
Discovery of Migrating Institution
Network
Environment—operating systems? Hardware?
Configuration
Current bandwidth needs?
Which mobile devices do you support?
Are you keeping your H:?
Are you planning to provide local and web access to O365?
What will your licensing strategy be?
Discovery of Migrating Institution
Discovery NOTES
31
Migration Planning
32
33
Supported Migrations
In scope
Exchange
Out of scope
OneDrive content
SharePoint Connect and My Sites
Yammer
34
Office 365Single Tenant
Campus [email protected]
Single Tenant AD [email protected]
Copy Exchange Attributes
OIM OIM
On Premise Exchange to
Office 365 Single Tenant
Plan for Email Migration Purpose of this section:
Provide awareness of the bandwidth considerations for both mail migration and day-to-day communication performance between on-premises organization and the online service.
This section will cover
Migration approaches
Bandwidth considerations
Impacts
At the system level
To the UX
Email Change Management
36
Shared
mailboxes and
Delegates
Shared Services recommends migrating Shared Mailbox and users of mailbox together
Important Dates
Holiday Change Freezes
Desktop Upgrades or patching (ensure on most current versions)
D2L change freezes
Campus-level freezes
Mailboxes
Moving online content only--No Archives/Vaults or PST’s
Subject to mailbox size limits—individual end-user mailbox has to be smaller than 50 GB
Mail messages larger than 150 MB will not be moved
Migration Impacts
37
Migration speed
Can be influenced by average
mailbox size
connection and throughput speed to the internet
Network capacity
Network saturation
Version of network operating system and age of hardware (recommend having at least one Exchange 2013, SP1, server)
Institution’s Pilot Strategy Campus needs to be able to identify
How many pilot phases required
What type of users will be leveraged for each phase
Specific mailboxes being migrated within each pilot phase
Duration of pilot
Things to consider:
Make sure have cross-functional representation, i.e., various types of users are represented; e.g., staff (e.g., ITS; Finance) and faculty
Types of mailboxes that might need to be piloted; e.g., shared accounts; resources such as rooms and laptops commonly used by pilot groups can be migrated
Users not to migrate in a pilot; for example, user has access to a shared mailbox. Rationale: user won’t be able to access the shared mailbox until full migration
Consider including helpdesk staff in pilot
Be mindful of users with delegate permissions. For example, there may be users who support multiple people; be aware of impact if you include those users but not the users they support.
Pilot & Migration Strategy NOTES
39
New Processes Required License management
eDiscovery requests
Provisioning and De-Provisioning
User Experience
Logging in (UX after mailbox moved, how prompts will change)
OneDrive strategy (e.g., is it replacing current personal network drive?)
Collaboration across campuses
Shared Services Support, O365 Access and Product Level
Office 365 governance
Campus-dependent (if campus migrates SharePoint with Exchange): SharePoint governance
Enhancement Requests – part of governance
AD Preparation To successfully migrate an institution’s required AD attributes
to STAD/O365 for onboarding, the migration script requires administrative access to gather the following:
Mailbox GUID (ExchangeGuid)
Primary proxy and additional proxy addresses (PrimarySmtpAddress, EmailAddresses)
Attribute populated with StarID (SAMAccountName, UPN, etc..)
To report mailbox delegation and access permissions (full mailbox, send as), the script must be run using an account that has full mailbox access for all mailboxes.*
41
*Note:
This is currently for reporting purposes only until otherwise notified.
Mail Enabled Applications - Remediation
Remediation of some mail enabled applications may be required:
Fax/Scan Software
Unified Messaging
Applications that leverage MAPI, CDO, Webdav
Will have to change configuration on these or leave pointed at old end points
Public folders – need to either move to a mailbox or abandon
EWS (Exchange Web Services)
SMTP Relay – accessing third parties or developers may be using – will be affected
42
Pre-Migration Tasks Conduct Discovery Workshops.
Review and accept terms and conditions.
Need list of O365 feature groups to determine which will be scripted.
Review current provisioning rules for mailboxes (account expirations, non-enrolled students, etc).
Provide list of all SMTPs.
Determine who will create proxy email address (campus or Shared Services).
Determine if local AD needs to be updated with all email addresses.
Ensure all active employees and students are identified within the appropriate OIM managed groups for migrating to the correct STAD account.
Review and ensure identified ISRS data is up-to-date (department, title, etc). OUT OF SCOPE FOR SYSTEM OFFICE MIGRATION.
43
Pre-Migration & Remediation TaskTASK OWNER STATUS NOTES
Conduct Discovery Workshops
Review and accept terms and conditions
List O365 feature groups to determine which will be scripted
Review current provisioning rules for mailboxes
Provide list all SMTPs
Determine who will create proxy email address
Determine if local AD needs to be updated with all email addresses
Ensure all active employees are identified within the appropriate OIM managed groups for migrating to the correct STAD account
Ensure identified ISRS data is up-to-date
Pre-Migration & Remediation TaskTASK OWNER STATUS NOTES
Rename resources, shared mailboxes and distribution groups with new naming conventions
Confirm license types and counts
Purchase license
Ensure all users have a StarID
Establish and execute on training and communications plan
Run AD prep scripts
46
Migration Planning **PROPOSED**
TASK OWNER(S) START / END STATUS
ASSESSMENT PHASE
Conduct Discovery Workshops
Finalize Enablement Plan
REMEDIATION PHASE
Complete Prep & Remediation Tasks
Establish Training & Communications Plan
ENABLEMENT PHASE
EOP Migration
Pilot
Architecture Review
MIGRATION PHASE
Training and Communications
47
Training Plan for End Users
Assess the needs and requirements for different roles and personas in the future state, prioritizing the readiness needs into a customized training plan
Develop a plan for end user onboarding
Leverage training and communications materials provided by MnSCU O365 team
Designate resources that are responsible for end user readiness, including who is responsible for implementation of communications delivery and readiness logistics
Designate owner of the User/Administrator Training Plan
Toolkit samples include:
Early-awareness communication
Communications plan
Sample talking points
Poster
Pre-transition email templates
Press release
Configuration documents
Support matrix
Helpdesk training
How to select your primary institution guide
Classroom training materials
Post-migration communication
Roles and responsibilities for training and communications
Training & Communications Toolkit
Training & Communications NOTES
50