Transcript Document

2
Session Overview
• This session details the options and considerations when expanding a
pilot Office 365 environment into a production deployment. Unlike
on-premises implementations, IT professionals can scale out their
Office 365 tenants with ease. However, with added scale, it is
important to start to automate user provisioning, add a production
domain and set up the desired workloads
4
Deploy
Pilot
Pilot complete
Enhance
Deploy Complete
Adopt new features
Deploy Experience – what’s added
Setup in days
Sign-on
Adds on-premises
integration
Pilot user and info is
sustained
Sign-on with the same user and password as on premises
Integrated mail flow and migration
Global address list
Full mail content migration – mail, calendar, contacts
Mail
IT driven migration
Mail migration that best
fits environment
Integrated identity management
Sharing and working with others
Collaboration
Lync business partner federation
Site governance and provisioning support
Setup of Apps for Office corporate app catalog
Clients
IT managed client productivity
Mobile
Managed mobile connectivity
Administration
Office 365 ProPlus deployed to user desktop via IT process
Send and receive mail from mobile device as on-prem email
Control & monitor
Data loss prevention configuration (limited)
Exchange Online Protection mail protection configuration (limited)
Deploy – what’s required
Unique requirements per
mail platform
Dedicated customer IT
team
What’s Required
Identity
Directory Sync server/s
AD meets service requirements for hygiene
Same password on-prem and in cloud via password sync
What you need to connect
Network
Change management
readiness
Network access to service from client end points
Network bandwidth availability
Access to maintain DNS entries for share domains
Required to setup and migrate
Admin access
Mail
Clients
Required to connect and deploy
Web client – minimum browser
Office 365 Pro Plus – clients running Windows 7 +
Deploy Identity Scenario
Pilot
Deploy
Enhance
Cloud Identity
Directory & Password
Synchronization
Federated Identity
Single identity in the cloud
Single identity without federation
Single federated identity
and credentials

What is DirSync?
 Purpose – What does it do?

Understanding Synchronization

Understanding Coexistence

Understanding Migrations
 Self Service
 Admin lead

Migration Options
 PST migrations
 IMAP migrations
 Staged Exchange migrations
10


















14









































Sync Cycle
Stage 1:
Import Users, Groups,
and
Contacts from on-premises
On-premises
Office 365
Sync Cycle
Stage 4:
Export “Write Back” attributes
Sync Cycle
Active Directory
Stage 2:
Import Users, Groups, and
Contacts from Office 365
Exchange
User Object
Mailbox-Enabled
ProxyAddresses:
SMTP: [email protected]
Sync Cycle
Stage 3:
Export Users, Groups, and
Contacts to Office 365
Authentication Platform
Windows
Azure
Logon Enabled User
Active Directory
Mail-Enabled (not mailbox-enabled)
ProxyAddresses:
SMTP: [email protected]
Exchange Online
smtp: [email protected]
smtp: [email protected]
TargetAddress:
SMTP: [email protected]
SharePoint Online
Directory
Synchronization
Provisioning Web
Service
Lync Online




































TechNet
Federated Authentication
“single set of credentials”
synchronized with Office 365
fully integrated
• No requirement
deployment simpl
alternative to
Does not require
No requirement
encryption function
non-reversible
cannot be used to access resources
Password Sync is one-way synchronization from on-premises
to the cloud
Password Complexity Policy implemented in the on-premises AD
is the master policy
Password Expiration Policy on the Azure AD is set
to “Never Expire”
Password expiration and sync to Azure AD is driven
by on-premises events








On-premises Exchange Org
Office 365 Directory
Synchronization
App
Users, Groups, Contacts via DirSync
Mailbox Data via Outlook Anywhere
(RPC over HTTP)
Exchange 2003 or 2007
Office 365
On-premises
MX Record:
contoso.com
User Object
Mailbox-Enabled
ProxyAddresses:
SMTP: [email protected]
Exchange
Message Filtering
Active Directory
Office 365
MX Record:
contoso.com
Exchange
User Object
Mail-Enabled (not mailbox-enabled)
ProxyAddresses:
SMTP: [email protected]
TargetAddresses:
SMTP: [email protected]
DirSync
Message Filtering
Active Directory
MX Record:
contoso.onmicrosoft.com
contoso.mail.onmicrosoft.com
Exchange Online Protection
On-premises
Exchange Online
Online Directory
Logon Enabled User
Mailbox-Enabled
ProxyAddresses:
SMTP: [email protected]
smtp: [email protected]
smtp: [email protected]
DirSync Web
Service
Office 365
MX Record:
contoso.com
Exchange
User Object
Mailbox-Enabled
ProxyAddresses:
SMTP: [email protected]
DirSync
Message Filtering
Active Directory
MX Record:
contoso.onmicrosoft.com
contoso.mail.onmicrosoft.com
Exchange Online Protection
On-premises
Exchange Online
Online Directory
Logon Enabled User
Mail-Enabled (not mailbox-enabled)
ProxyAddresses:
SMTP: [email protected]
smtp: [email protected]
smtp: [email protected]
TargetAddresses:
SMTP: [email protected]
DirSync Web
Service
Large
Medium
Small
Exchange
IMAP
Lotus
Notes
43Google
| Microsoft Confidential
Simple
Rich
DirSync
Manual/Bulk
Provisioning
Self serve or
Admin Driven
Features by
user type
Cloud or onpremises tools
In-Cloud
On-Premise
Single
Sign-On
Control
Self Service
Admin-Driven
Deployment Type
Description
FastTrack Step 2 Migration Options
Supports wide range of email platforms
Email only (no calendar, contacts, or tasks)
X
X
Exchange 2000
X
X
No server required on-premises
Identity federation with on-premises directory
Exchange 2003
X
X
X
Exchange 2007
X
X
X
Exchange 2010
X
X
X
Hybrid deployment
Exchange 2013
X
X
X
Manage users on-premises and online
Enables cross-premises calendaring, smooth migration, and easy offboarding
Notes/Domino
X
X
GroupWise
X
X
Other
X
X
Hybrid
IMAP migration
Exchange 5.5
IMAP migration
Staged Exchange migration
Hybrid
PST Migration
Migration
Import of Archived/Offline Mail
Staged migration
PST Migration




Works with a large number of source mail systems
Works with on-premises or hosted systems
Users can be migrated in batches
On-premises migration tool is not required

Access to IMAP ports (TCP/143/993)


Users + mailboxes must be provisioned prior to migration
 Bulk provisioning, CSV parser, manual, etc.


Gather user credentials or setup admin credentials
Prepare a CSV file with list of users
 EmailAddress, UserName, Password
 Max of 50,000 rows
 Max 10 MB in size

Very limited data migration scope (mail items only)
Migrated
 Mail messages
(Inbox and other folders)
 Maximum of 500,000 items
 Possible to exclude specific
folders from migration
(e.g. Deleted Items, Junk EMail)
Not Migrated
 Contacts, Calendars, Tasks, etc.
 Excluded folders
 Folders with a forward slash
( / ) in the folder name
 Messages larger than 25 MB
Provision
users
+
mailboxes
in O365
(license
assigned)
Gather
IMAP creds,
configure
IMAP
endpoint
and prepare
CSV
Initial
sync
EAC
Wizard:
Enter server
settings and
upload CSV
Change MX
record
Delta
sync
every 24
hours
Mark
migration as
complete
Final
sync and
cleanup









Simple and flexible migration solution
High-fidelity solution – all mailbox content is migrated
Typically best suited to medium and large organizations
Users are provisioned with Directory Sync prior to migration
No limit on the number of mailboxes
Users can be migrated in batches (up to
)
Works with Exchange 2003 and 2007 only, on-premises or hosted
Identity management on-premises
On-premises migration tool is not required

Outlook Anywhere service on source system
(m



Directory Sync tool enabled in


SEM is not supported with Exchange 2010 and 2013
Only simple coexistence is available
(no sharing of free/busy, calendar, etc.)







› EmailAddress, Password, ForceChangePassword



Migrated








Mail messages and folders
Rules and categories
Calendar (normal, recurring)
Out-of-Office settings
Contacts
Tasks
Delegates and folder perms
Outlook settings (e.g. favorites)
Not Migrated





Security Groups, DDLs
System mailboxes
Dumpster
Send-As Permissions
Messages larger than 25 MB





Partial migrations are not possible
(no folder exclusion, no time range selection, etc.)



Configure
Outlook
Anywhere
Test using
ExRCA
Assign
migration
perms
EAC
Wizard:
Configure
Directory
Sync
Enter
server
settings ,
admin
creds,
batch CSV
Migrate
Batch
Convert
onprem
mailboxes
to MEU
Delete
migration
batch
(optional)
License
users
Change
MX
Record