Office 365 Do’s And Don’t’s

Ilse Van Criekinge

Content

• What is Office365• Do’s• Don’t’s

Office 365?

ActiveDirectory.Local

AzureAD.OnMicrosoft.Com

ActiveDirectory.Local

AzureAD.OnMicrosoft.Com

COEXISTENCE

Introducing | Your Modern Office

Devices SocialCloud Control

Introducing | Your Modern Office

Devices SocialCloud

Fast and fluid experience with touch, pen, mouse & keyboard

Immersive touch-optimized Windows 8 apps

Support for Windows phone, iOS & Android phones

Office - on demand, roaming & up-to-date

New cloud app development model

Enterprise-grade reliability and standards

Newsfeeds & microblogging, extend with Yammer

Pervasive social capabilities across Office

Multiparty HD video & Skype federation

DLP, data retention & unified eDiscovery

Reimagined deployment model for Office apps

Common management experience across Office 365

Control

Stay connected to your business

Run it the way you want

Office 365 for Enterprises

Experience Office anywhere

Keep your business compliant

Trusted service

Industry-leading productivity service hosted by Microsoft

Content

• What is Office365• Do’s• Don’t’s

Do 1Know What You Are Subscribing To

Microsoft Cloud Principles

Services are highly configurable and scalable without customization.

Services are under the Microsoft Security Policy.

We provide transparency in data location and transfers.

We audit on your behalf and provide certification reports.

Microsoft’s liability is capped, consistent with industry standards.

Office 365 is an evergreen service. Customers need to stay current.

Our solution evolves rapidly with a documented roadmap.

We provide services offers to help you migrate to the cloud efficiently.

Service Descriptions

Office 365 Service Descriptions:http://technet.microsoft.com/en-us/library/jj819284.aspx Office 365 Service Updates:http://community.office365.com/en-us/wikis/office_365_service_updates/974.aspx Office 365 Service Upgrade Center for Enterprises:

http://community.office365.com/en-us/wikis/office_365_service_updates/office-365-service-upgrade-center-for-enterprise.aspx

Office 365 Deployment Center

Sign-up for a trial: http://alturl.com/rt9j8

The new Office 365 Deployment Center:Find the tools, guidance, and technical resources Pilot and Deploy Office 365http://www.deployoffice365.com/

Do 2Understand Identities

• Same credential as on-premises credential

• Authentication occurs via on-premises directory service

• Password policy is stored on-premises

• Requires on-premises DirSync server

• Requires on-premises ADFS server

Understanding Identities

• Separate credential from on-premises credential

• Authentication occurs via cloud directory service

• Password policy is stored in Office 365

• Does not require on-premises server deployment

Cloud Identity Federated Identity

Understanding Identities

16

 

Cloud Identity Cloud Identity + DirSync Federated Identity

Scenario

Smaller organizations with or without on-premises Active Directory

Medium to Large organizations with Active Directory on-premises

Large enterprise organizations with Active Directory on-premises

Benefits

Does not require on-premises server deployment

“Source of Authority” is on-premises

Enables coexistence

Single Sign-On experience

“Source of Authority” is on-premises

2 Factor Authentication options

Enables coexistence

Limitations

No Single Sign-On

No 2 Factor Authentication options

Two sets of credentials to manage

Different password policies

No Single Sign-On

No 2 Factor Authentication options

Two sets of credentials to manage

Different password policies

Requires on-premises DirSync server deployment

Requires on-premises ADFS server deployment in high availability scenario

Requires on-premises DirSync server deployment

Understanding Identities

17

 Cloud Identity Federated Identity

(domain joined computer)Federated Identity

(non-domain joined computer)

Microsoft Outlook® 2010 on Windows® 7

Sign in each session Sign in each session Sign in each session

Outlook 2007 on Windows 7 Sign in each session Sign in each session Sign in each session

Outlook 2010 or Outlook 2007 on Windows Vista® or Windows XP

Sign in each session Sign in each session Sign in each session

Exchange ActiveSync® Sign in each session Sign in each session Sign in each session

POP, IMAP, Microsoft Outlook for Mac 2011

Sign in each session Sign in each session Sign in each session

Web Experiences: Office 365 Portal / Outlook Web App / SharePoint Online / Office Web Apps

Sign in each browser session No Prompt Sign in each browser session

Office 2010 or Office 2007 using SharePoint Online

Sign in each SharePoint Online session

Sign in each SharePoint Online Session

Sign in each SharePoint Online Session

Lync Online Sign in each session No prompt Sign in each session

Outlook for Mac 2011 Sign in each session Sign in each session Sign in each session

Do 3Realize ADFS is more than Federated Identities

ADFS Enables

Enables users to access both the on-premises and cloud-based organizations with a single user name and password

Provides users with a familiar sign-on experience Allows administrators to easily control account

policies for cloud-based organization mailboxes by using on-premises Active Directory management tools

SharePoint Hybrid Search

Access Control Policies

Scenario Description

Block all external access to Office 365

Office 365 access is allowed from all clients on the internal corporate network, but requests from external clients are denied based on the IP address of the external client.

Block all external access to Office 365, except Exchange ActiveSync

Office 365 access is allowed from all clients on the internal corporate network, as well as from any external client devices, such as smart phones, that make use of Exchange ActiveSync. All other external clients, such as those using Outlook, are blocked.

Block all external access to Office 365, except for browser-based applications such as Outlook Web Access or SharePoint Online

Blocks external access to Office 365, except for passive (browser-based) applications such as Outlook Web Access or SharePoint Online.

Block all external access to Office 365 for members of designated Active Directory groups

This scenario is used for testing and validating client access policy deployment. It blocks external access to Office 365 only for members of one or more Active Directory group. It can also be used to provide external access only to members of a group.

Do 4Is your environment ready to hook up to Office 365?

Deployment Readiness Tool

• http://community.office365.com/en-us/forums/183/p/2285/8155.aspx

• Requirements:• No administrative rights required • Domain user • Domain joined machine

Multi-forest AD Windows Azure Active Directory

User

Multi-forest AD support is available through Microsoft-led deployments

Multi-forest DirSync appliance supports multiple dis-joint account forests

FIM 2010 Office 365 connector supports complex multi-forest topologies On-Premises

IdentityEx: Domain\Alice

Federation using ADFS

AD

DirSync on FIM

AD

AD

Non-AD Synchronization Windows Azure

Active Directory

User

Preferred option for Directory Synchronization with Non-AD Sources

Non-AD support with FIM is available through Microsoft-led deployments

FIM 2010 Office 365 connector supports complex multi-forest topologies

On-Premises IdentityEx: Domain\Alice

Federation using Non-ADFS STS

Office 365 Connector on FIM

Non-AD(LDAP)

Do 5Check your Network

Network Requirements

Lync: Lync 2013 Network Bandwidth Requirements for Media Traffic: http://

technet.microsoft.com/en-us/library/jj688118.aspx Lync 2010 Bandwidth Calculator: http://

www.microsoft.com/en-us/download/details.aspx?id=19011

Exchange: Exchange Client Network Bandwidth Calculator: http://

gallery.technet.microsoft.com/office/Exchange-Client-Network-8af1bf00

SharePoint: Plan for Bandwidth Requirements:

http://technet.microsoft.com/en-us/library/cc262952(v=office.12).aspx

Connecting to Office 365

Office 365 URLS and IP Address Ranges http://

onlinehelp.microsoft.com/en-us/office365-enterprises/hh373144.aspx

Exchange Online URLs and IP Address Ranges http://technet.microsoft.com/en-us/exchangelabshelp/gg263350

RSS Updates for URL and IP Address Range Changes http://go.microsoft.com/fwlink/?linkid=236301

Set up your network for Lync Online http://

onlinehelp.microsoft.com/en-us/office365-enterprises/hh416761.aspx

Do 6Check out Azure

ADFS and Azure

Current Guidance: ADFS should only be deployed in Azure VM for High Availability. We would also not recommend a customer deploy the underlying AD

domain controller to Azure. There would be latency issues for NTML authentication of domain join machines.

http://msdn.microsoft.com/en-us/library/windowsazure/jj156090.aspx You can deploy corporate domain controllers alongside AD FS on

Windows Azure virtual machines, which provides additional guarantees of service availability in the event of unforeseen failures such as natural disasters. This is especially true for online services such as Microsoft Office 365 that can authenticate users directly from their on-premises corporate Active Directory.

Azure and Office365

http://weblogs.asp.net/scottgu/archive/2012/07/26/windows-azure-and-office-365.aspx

Developing Windows Azure Web Sites Integrated with Office 365

Developing Windows Azure Workflows Integrated with Office 365

Windows Azure™ AD RMS

Integration with Exchange Online Company Confidential Company Confidential Read Only Do not forward (Works across tenants)

Integration with SharePoint Online There is no support for SharePoint Online Wave 15 (v2013) integration with customer

on-premise AD RMS infrastructure. Documents that have been protected with RMS can be uploaded to SharePoint Online

only in standard document libraries. In Office 365 Wave 15 (v2013), SharePoint Online supports RMS integration with the

Windows Azure RMS service

Do 7UC & C: Decide what to keep On Premises and what to move to Online

Lync Interoperability with Exchange and SharePoint

Exchange Online Exchange Server (on-premises)

Lync Online Lync client presence integration IM/Presence in OWA

Lync client presence integration

Lync Server on-premises

Lync client presence integration IM/Presence in OWA Exchange voicemail integration

Lync client presence integration

IM/Presence in OWA Exchange voice-mail

integration

SharePoint Online SharePoint Server (on-premises)

Lync Online Lync client presence integration Lync client presence integration

Lync Server on-premises

Lync client presence integration Lync client presence integration

Skill search in Lync client

Presence integration = OOF messages in Lync, calendar-based presence status, embedded presence in Microsoft Office Outlook® and Office

Presence integration = embedded presence and click-to-communicate in SharePoint sites

Do 8Ready to move Exchange, think about your options

IMAP migration

Cutove

r migration

Staged

migration

Hybrid

Exchange 5.5 X

Exchange 2000 X

Exchange 2003 X X X

Exchange 2007 X X X X

Exchange 2010 X X X

Exchange 2013 X X X

Notes/Domino X

GroupWise X

Other X

* Additional options available with tools from migration partners

Mig

rati

on

Hyb

rid

IMAP migrationSupports wide range of email platformsEmail only (no calendar, contacts, or tasks)

Cutover Exchange migration Good for fast, cutover migrationsNo Exchange upgrade required on-premises

Staged Exchange migrationNo Exchange upgrade required on-premisesIdentity federation with on-premises directory

Hybrid deploymentManage users on-premises and onlineEnables cross-premises calendaring, smooth migration, and easy off-boarding

Migration options

Cutover vs. Staged

CutoverCutover is designed for small/fast migrations to Office 365. Mailbox data and address book data is synced from on-premises to Exchange Online via Outlook Anywhere (RPC over https)As the name sounds it’s an “all at once” moveLimited to a maximum of 1000 mailboxes total

StagedStaged uses the same migration engine as cutover but in conjunction with Office 365 Directory Synchronization to allow you to move a few users at a timeMailbox data is copied via Outlook AnywhereUsers/contacts & groups are synchronized via Directory SyncExchange 2010 or later is not supported (but hybrid based moves are)

Cutover Migration server roles

On-premises Exchange organization

Existing Exchange environment (Exchange 2003 or later)

Users, Contacts & Groups via Outlook Anywhere (NSPI)

Mailbox Data via Outlook Anywhere (MAPI)

Office 365

Staged Migration server roles

On-premises Exchange organization

Existing Exchange environment (Exchange 2003 or 2007)

Users, Contacts & Groups via dirsync

Mailbox Data via Outlook Anywhere (MAPI)

Office 365Office 365 Active Directory Synchronization

Hybrid Feature Comparison

Feature Simple Hybrid

Mail routing between on-premises and cloud (recipients on either side)

Mail routing with shared namespace (if desired) on both sides

Unified GAL

Free/Busy and calendar sharing cross-premises

Out of Office understands that cross-premises is “internal” to the organization

Mailtips, messaging tracking, and mailbox search work cross-premises

OWA redirection cross-premise (single OWA URL for both on-premises and cloud)

Single tool to manage cross-premises Exchange functions (including migrations)

Mailbox moves support both onboarding and offboarding

No outlook reconfiguration or OST resync required after mailbox migration

Preserve auth header (ensure internal email is not spam, resolve against GAL, etc.)

Centralized mail flow , ensures that all email routes inbound/outbound via on-prem

Hybrid overview

• Delegated authentication for on-premises/cloud web services• Enables Free/busy, calendar sharing, message tracking & online

archive

Federation Trust

• Manage all of your Exchange functions, whether cloud or on-premises from the same place; Exchange Administration Center

Integrated Admin Experience

• Online mailbox moves• Preserve the Outlook profile and offline folders• Leverages the Mailbox Replication Service (MRS)

Native Mailbox Move

• Authenticated and encrypted mail flow between on-premises and the cloud• Preserves the internal Exchange messages headers, allowing a seamless

end user experience• Support for compliance mail flow scenarios (centralized transport)

Secure Mail Flow

Hybrid server roles

On-premises Exchange organization

Existing Exchange environment (Exchange 2007 or later)

Users, Contacts & Groups via dirsync

Secure Mail Flow

Office 365

Office 365 Active Directory Synchronization

Sharing (free/busy, MailTips, archive, etc.)

Mailbox Data via Outlook Anywhere (MAPI)

Exchange 2013 Client Access & Mailbox Server

Exchange 2010 Hybrid Support

Exchange 2010 SP3 will be compatible with current and new O365 tenants

Exchange 2010 based hybrid deployments will continue to support Exchange 2003 coexistence with the new O365 tenants

Once the new O365 service is launched, Exchange 2013 based hybrid is recommended for all new deployments (unless migrating from Exchange 2003)

Everything Moved…

Remove the Hybrid Server? In short, leave a CAS behind, maybe an Hub if you need an on-premises central mail routing server for apps/printers/scanners/etc….

Check: http://blogs.technet.com/b/exchange/archive/2012/12/05/decommissioning-your-exchange-2010-servers-in-a-hybrid-deployment.aspx

One More to Bookmark

Exchange 2013 Deployment Assistant http://technet.microsoft.com/en-US/exdeploy2013/Checklist?state=672-W-AAAAAAAAQAAA

Hybrid – Only Exchange?

SharePoint 2013 hybrid resources: http://www.microsoft.com/en-us/download/details.aspx?id=35593 One-way hybrid environment with SharePoint Server

2013 and Office 365 Two-way hybrid Search environment with SharePoint

Server 2013 and Office 365 Business Connectivity Services Hybrid Overview

Planning for Hybrid Voice with Lync 2013: http://technet.microsoft.com/en-us/library/jj205095.aspx

Do 9Need to connect with External Users?

Lync Online

Federation with LyncFederation with MSNFederation with Skype

Skype – Lync: Status

Is IM and presence available today between Lync and Skype?Yes, on a limited basis

Can Skype users add Lync users to their contact lists today? Not yet, target = June

Can Lync users add Skype users to their Lync contact lists today?Yes, but using Skype users’ Microsoft accounts

What communications capabilities will be supported between Lync and Skype as part of the upcoming release?

In June: presence, one-on-one IM, and audio callingWhat must Skype users do to connect to Lync contacts in the upcoming release?

New Skype App + Sign in with Microsoft accountWill Skype Connectivity work with Lync 2010?

Yes

SharePoint Online

Microsoft iTunes Skype

Office365

Facebook

Skynet

Pandora

Telenet

Gmail

ilse@hotmail.comPassword x ilse@hotmail.c

omPassword y

ivcriekiPassword z

ilse@hotmail.comPassword abc

ilse@skynet.bePassword def

ilse@skynet.bePassword ghi

Do 10Check our Trust Center

Office 365 Trust Center

http://www.trustoffice365.com/

Do 11Ask us for help in understanding if our solution is aligned with your requirements

Going to the Cloud with a Plan: Office 365 Customer Decision Framework

Capability & Technical FitGovernance Transaction

Lifecycle Services & Support

Content

What is Office365 Do’s Don’t’s

Don’t’s

Do not “not” look into Office 365 Do not jump in without setting clear goals and knowing what you want to achieve

Do not forget to go through all the do’s

Thank You!