office 365: do’s and don’ts, lessons learned from the field
DESCRIPTION
More info on http://techdays.be.TRANSCRIPT
Office 365 Do’s And Don’t’s
Ilse Van Criekinge
Content
• What is Office365• Do’s• Don’t’s
Office 365?
ActiveDirectory.Local
AzureAD.OnMicrosoft.Com
ActiveDirectory.Local
AzureAD.OnMicrosoft.Com
COEXISTENCE
Introducing | Your Modern Office
Devices SocialCloud Control
Introducing | Your Modern Office
Devices SocialCloud
Fast and fluid experience with touch, pen, mouse & keyboard
Immersive touch-optimized Windows 8 apps
Support for Windows phone, iOS & Android phones
Office - on demand, roaming & up-to-date
New cloud app development model
Enterprise-grade reliability and standards
Newsfeeds & microblogging, extend with Yammer
Pervasive social capabilities across Office
Multiparty HD video & Skype federation
DLP, data retention & unified eDiscovery
Reimagined deployment model for Office apps
Common management experience across Office 365
Control
Stay connected to your business
Run it the way you want
Office 365 for Enterprises
Experience Office anywhere
Keep your business compliant
Trusted service
Industry-leading productivity service hosted by Microsoft
Content
• What is Office365• Do’s• Don’t’s
Do 1Know What You Are Subscribing To
Microsoft Cloud Principles
Services are highly configurable and scalable without customization.
Services are under the Microsoft Security Policy.
We provide transparency in data location and transfers.
We audit on your behalf and provide certification reports.
Microsoft’s liability is capped, consistent with industry standards.
Office 365 is an evergreen service. Customers need to stay current.
Our solution evolves rapidly with a documented roadmap.
We provide services offers to help you migrate to the cloud efficiently.
Service Descriptions
Office 365 Service Descriptions:http://technet.microsoft.com/en-us/library/jj819284.aspx Office 365 Service Updates:http://community.office365.com/en-us/wikis/office_365_service_updates/974.aspx Office 365 Service Upgrade Center for Enterprises:
http://community.office365.com/en-us/wikis/office_365_service_updates/office-365-service-upgrade-center-for-enterprise.aspx
Office 365 Deployment Center
Sign-up for a trial: http://alturl.com/rt9j8
The new Office 365 Deployment Center:Find the tools, guidance, and technical resources Pilot and Deploy Office 365http://www.deployoffice365.com/
Do 2Understand Identities
• Same credential as on-premises credential
• Authentication occurs via on-premises directory service
• Password policy is stored on-premises
• Requires on-premises DirSync server
• Requires on-premises ADFS server
Understanding Identities
• Separate credential from on-premises credential
• Authentication occurs via cloud directory service
• Password policy is stored in Office 365
• Does not require on-premises server deployment
Cloud Identity Federated Identity
Understanding Identities
16
Cloud Identity Cloud Identity + DirSync Federated Identity
Scenario
Smaller organizations with or without on-premises Active Directory
Medium to Large organizations with Active Directory on-premises
Large enterprise organizations with Active Directory on-premises
Benefits
Does not require on-premises server deployment
“Source of Authority” is on-premises
Enables coexistence
Single Sign-On experience
“Source of Authority” is on-premises
2 Factor Authentication options
Enables coexistence
Limitations
No Single Sign-On
No 2 Factor Authentication options
Two sets of credentials to manage
Different password policies
No Single Sign-On
No 2 Factor Authentication options
Two sets of credentials to manage
Different password policies
Requires on-premises DirSync server deployment
Requires on-premises ADFS server deployment in high availability scenario
Requires on-premises DirSync server deployment
Understanding Identities
17
Cloud Identity Federated Identity
(domain joined computer)Federated Identity
(non-domain joined computer)
Microsoft Outlook® 2010 on Windows® 7
Sign in each session Sign in each session Sign in each session
Outlook 2007 on Windows 7 Sign in each session Sign in each session Sign in each session
Outlook 2010 or Outlook 2007 on Windows Vista® or Windows XP
Sign in each session Sign in each session Sign in each session
Exchange ActiveSync® Sign in each session Sign in each session Sign in each session
POP, IMAP, Microsoft Outlook for Mac 2011
Sign in each session Sign in each session Sign in each session
Web Experiences: Office 365 Portal / Outlook Web App / SharePoint Online / Office Web Apps
Sign in each browser session No Prompt Sign in each browser session
Office 2010 or Office 2007 using SharePoint Online
Sign in each SharePoint Online session
Sign in each SharePoint Online Session
Sign in each SharePoint Online Session
Lync Online Sign in each session No prompt Sign in each session
Outlook for Mac 2011 Sign in each session Sign in each session Sign in each session
Do 3Realize ADFS is more than Federated Identities
ADFS Enables
Enables users to access both the on-premises and cloud-based organizations with a single user name and password
Provides users with a familiar sign-on experience Allows administrators to easily control account
policies for cloud-based organization mailboxes by using on-premises Active Directory management tools
SharePoint Hybrid Search
Access Control Policies
Scenario Description
Block all external access to Office 365
Office 365 access is allowed from all clients on the internal corporate network, but requests from external clients are denied based on the IP address of the external client.
Block all external access to Office 365, except Exchange ActiveSync
Office 365 access is allowed from all clients on the internal corporate network, as well as from any external client devices, such as smart phones, that make use of Exchange ActiveSync. All other external clients, such as those using Outlook, are blocked.
Block all external access to Office 365, except for browser-based applications such as Outlook Web Access or SharePoint Online
Blocks external access to Office 365, except for passive (browser-based) applications such as Outlook Web Access or SharePoint Online.
Block all external access to Office 365 for members of designated Active Directory groups
This scenario is used for testing and validating client access policy deployment. It blocks external access to Office 365 only for members of one or more Active Directory group. It can also be used to provide external access only to members of a group.
Do 4Is your environment ready to hook up to Office 365?
Deployment Readiness Tool
• http://community.office365.com/en-us/forums/183/p/2285/8155.aspx
• Requirements:• No administrative rights required • Domain user • Domain joined machine
Multi-forest AD Windows Azure Active Directory
User
Multi-forest AD support is available through Microsoft-led deployments
Multi-forest DirSync appliance supports multiple dis-joint account forests
FIM 2010 Office 365 connector supports complex multi-forest topologies On-Premises
IdentityEx: Domain\Alice
Federation using ADFS
AD
DirSync on FIM
AD
AD
Non-AD Synchronization Windows Azure
Active Directory
User
Preferred option for Directory Synchronization with Non-AD Sources
Non-AD support with FIM is available through Microsoft-led deployments
FIM 2010 Office 365 connector supports complex multi-forest topologies
On-Premises IdentityEx: Domain\Alice
Federation using Non-ADFS STS
Office 365 Connector on FIM
Non-AD(LDAP)
Do 5Check your Network
Network Requirements
Lync: Lync 2013 Network Bandwidth Requirements for Media Traffic: http://
technet.microsoft.com/en-us/library/jj688118.aspx Lync 2010 Bandwidth Calculator: http://
www.microsoft.com/en-us/download/details.aspx?id=19011
Exchange: Exchange Client Network Bandwidth Calculator: http://
gallery.technet.microsoft.com/office/Exchange-Client-Network-8af1bf00
SharePoint: Plan for Bandwidth Requirements:
http://technet.microsoft.com/en-us/library/cc262952(v=office.12).aspx
Connecting to Office 365
Office 365 URLS and IP Address Ranges http://
onlinehelp.microsoft.com/en-us/office365-enterprises/hh373144.aspx
Exchange Online URLs and IP Address Ranges http://technet.microsoft.com/en-us/exchangelabshelp/gg263350
RSS Updates for URL and IP Address Range Changes http://go.microsoft.com/fwlink/?linkid=236301
Set up your network for Lync Online http://
onlinehelp.microsoft.com/en-us/office365-enterprises/hh416761.aspx
Do 6Check out Azure
ADFS and Azure
Current Guidance: ADFS should only be deployed in Azure VM for High Availability. We would also not recommend a customer deploy the underlying AD
domain controller to Azure. There would be latency issues for NTML authentication of domain join machines.
http://msdn.microsoft.com/en-us/library/windowsazure/jj156090.aspx You can deploy corporate domain controllers alongside AD FS on
Windows Azure virtual machines, which provides additional guarantees of service availability in the event of unforeseen failures such as natural disasters. This is especially true for online services such as Microsoft Office 365 that can authenticate users directly from their on-premises corporate Active Directory.
Azure and Office365
http://weblogs.asp.net/scottgu/archive/2012/07/26/windows-azure-and-office-365.aspx
Developing Windows Azure Web Sites Integrated with Office 365
Developing Windows Azure Workflows Integrated with Office 365
Windows Azure™ AD RMS
Integration with Exchange Online Company Confidential Company Confidential Read Only Do not forward (Works across tenants)
Integration with SharePoint Online There is no support for SharePoint Online Wave 15 (v2013) integration with customer
on-premise AD RMS infrastructure. Documents that have been protected with RMS can be uploaded to SharePoint Online
only in standard document libraries. In Office 365 Wave 15 (v2013), SharePoint Online supports RMS integration with the
Windows Azure RMS service
Do 7UC & C: Decide what to keep On Premises and what to move to Online
Lync Interoperability with Exchange and SharePoint
Exchange Online Exchange Server (on-premises)
Lync Online Lync client presence integration IM/Presence in OWA
Lync client presence integration
Lync Server on-premises
Lync client presence integration IM/Presence in OWA Exchange voicemail integration
Lync client presence integration
IM/Presence in OWA Exchange voice-mail
integration
SharePoint Online SharePoint Server (on-premises)
Lync Online Lync client presence integration Lync client presence integration
Lync Server on-premises
Lync client presence integration Lync client presence integration
Skill search in Lync client
Presence integration = OOF messages in Lync, calendar-based presence status, embedded presence in Microsoft Office Outlook® and Office
Presence integration = embedded presence and click-to-communicate in SharePoint sites
Do 8Ready to move Exchange, think about your options
IMAP migration
Cutove
r migration
Staged
migration
Hybrid
Exchange 5.5 X
Exchange 2000 X
Exchange 2003 X X X
Exchange 2007 X X X X
Exchange 2010 X X X
Exchange 2013 X X X
Notes/Domino X
GroupWise X
Other X
* Additional options available with tools from migration partners
Mig
rati
on
Hyb
rid
IMAP migrationSupports wide range of email platformsEmail only (no calendar, contacts, or tasks)
Cutover Exchange migration Good for fast, cutover migrationsNo Exchange upgrade required on-premises
Staged Exchange migrationNo Exchange upgrade required on-premisesIdentity federation with on-premises directory
Hybrid deploymentManage users on-premises and onlineEnables cross-premises calendaring, smooth migration, and easy off-boarding
Migration options
Cutover vs. Staged
CutoverCutover is designed for small/fast migrations to Office 365. Mailbox data and address book data is synced from on-premises to Exchange Online via Outlook Anywhere (RPC over https)As the name sounds it’s an “all at once” moveLimited to a maximum of 1000 mailboxes total
StagedStaged uses the same migration engine as cutover but in conjunction with Office 365 Directory Synchronization to allow you to move a few users at a timeMailbox data is copied via Outlook AnywhereUsers/contacts & groups are synchronized via Directory SyncExchange 2010 or later is not supported (but hybrid based moves are)
Cutover Migration server roles
On-premises Exchange organization
Existing Exchange environment (Exchange 2003 or later)
Users, Contacts & Groups via Outlook Anywhere (NSPI)
Mailbox Data via Outlook Anywhere (MAPI)
Office 365
Staged Migration server roles
On-premises Exchange organization
Existing Exchange environment (Exchange 2003 or 2007)
Users, Contacts & Groups via dirsync
Mailbox Data via Outlook Anywhere (MAPI)
Office 365Office 365 Active Directory Synchronization
Hybrid Feature Comparison
Feature Simple Hybrid
Mail routing between on-premises and cloud (recipients on either side)
Mail routing with shared namespace (if desired) on both sides
Unified GAL
Free/Busy and calendar sharing cross-premises
Out of Office understands that cross-premises is “internal” to the organization
Mailtips, messaging tracking, and mailbox search work cross-premises
OWA redirection cross-premise (single OWA URL for both on-premises and cloud)
Single tool to manage cross-premises Exchange functions (including migrations)
Mailbox moves support both onboarding and offboarding
No outlook reconfiguration or OST resync required after mailbox migration
Preserve auth header (ensure internal email is not spam, resolve against GAL, etc.)
Centralized mail flow , ensures that all email routes inbound/outbound via on-prem
Hybrid overview
• Delegated authentication for on-premises/cloud web services• Enables Free/busy, calendar sharing, message tracking & online
archive
Federation Trust
• Manage all of your Exchange functions, whether cloud or on-premises from the same place; Exchange Administration Center
Integrated Admin Experience
• Online mailbox moves• Preserve the Outlook profile and offline folders• Leverages the Mailbox Replication Service (MRS)
Native Mailbox Move
• Authenticated and encrypted mail flow between on-premises and the cloud• Preserves the internal Exchange messages headers, allowing a seamless
end user experience• Support for compliance mail flow scenarios (centralized transport)
Secure Mail Flow
Hybrid server roles
On-premises Exchange organization
Existing Exchange environment (Exchange 2007 or later)
Users, Contacts & Groups via dirsync
Secure Mail Flow
Office 365
Office 365 Active Directory Synchronization
Sharing (free/busy, MailTips, archive, etc.)
Mailbox Data via Outlook Anywhere (MAPI)
Exchange 2013 Client Access & Mailbox Server
Exchange 2010 Hybrid Support
Exchange 2010 SP3 will be compatible with current and new O365 tenants
Exchange 2010 based hybrid deployments will continue to support Exchange 2003 coexistence with the new O365 tenants
Once the new O365 service is launched, Exchange 2013 based hybrid is recommended for all new deployments (unless migrating from Exchange 2003)
Everything Moved…
Remove the Hybrid Server? In short, leave a CAS behind, maybe an Hub if you need an on-premises central mail routing server for apps/printers/scanners/etc….
Check: http://blogs.technet.com/b/exchange/archive/2012/12/05/decommissioning-your-exchange-2010-servers-in-a-hybrid-deployment.aspx
One More to Bookmark
Exchange 2013 Deployment Assistant http://technet.microsoft.com/en-US/exdeploy2013/Checklist?state=672-W-AAAAAAAAQAAA
Hybrid – Only Exchange?
SharePoint 2013 hybrid resources: http://www.microsoft.com/en-us/download/details.aspx?id=35593 One-way hybrid environment with SharePoint Server
2013 and Office 365 Two-way hybrid Search environment with SharePoint
Server 2013 and Office 365 Business Connectivity Services Hybrid Overview
Planning for Hybrid Voice with Lync 2013: http://technet.microsoft.com/en-us/library/jj205095.aspx
Do 9Need to connect with External Users?
Lync Online
Federation with LyncFederation with MSNFederation with Skype
Skype – Lync: Status
Is IM and presence available today between Lync and Skype?Yes, on a limited basis
Can Skype users add Lync users to their contact lists today? Not yet, target = June
Can Lync users add Skype users to their Lync contact lists today?Yes, but using Skype users’ Microsoft accounts
What communications capabilities will be supported between Lync and Skype as part of the upcoming release?
In June: presence, one-on-one IM, and audio callingWhat must Skype users do to connect to Lync contacts in the upcoming release?
New Skype App + Sign in with Microsoft accountWill Skype Connectivity work with Lync 2010?
Yes
SharePoint Online
Microsoft iTunes Skype
Office365
Skynet
Pandora
Telenet
Gmail
[email protected] x [email protected]
omPassword y
ivcriekiPassword z
Do 10Check our Trust Center
Office 365 Trust Center
http://www.trustoffice365.com/
Do 11Ask us for help in understanding if our solution is aligned with your requirements
Going to the Cloud with a Plan: Office 365 Customer Decision Framework
Capability & Technical FitGovernance Transaction
Lifecycle Services & Support
Content
What is Office365 Do’s Don’t’s
Don’t’s
Do not “not” look into Office 365 Do not jump in without setting clear goals and knowing what you want to achieve
Do not forget to go through all the do’s
Thank You!