Transcript Document



Step 2 Deployment Overview

What is DirSync?
 Purpose – What does it do?

Understanding Synchronization

Understanding Coexistence

Understanding Migrations
 Self Service
 Admin lead

Migration Options
 PST migrations
 IMAP migrations
 Staged Exchange migrations
John
Build from Pilot to
Deployment, layer
features and
integrations
Full Office 365 User
Experience with
minimal on-premises
requirements
Time to value vs. effort
invested
Identity options:
cloud IDs,
synchronized IDs
and federated IDs
Pilot
Experience Value Early
New Cloud Experience
Deploy
Real World Benefits
Broad Production Use
Enhance
Full Feature Value
Meet your needs
Deploy
Pilot
Pilot complete
Enhance
Deploy Complete
Adopt new features
Deploy Experience – what’s added
Setup in days
Sign-on
Adds on-premises
integration
Pilot user and info is
sustained
Sign-on with the same user and password as on premises
Integrated mail flow and migration
Global address list
Full mail content migration – mail, calendar, contacts
Mail
IT driven migration
Mail migration that best
fits environment
Integrated identity management
Sharing and working with others
Collaboration
Lync business partner federation
Site governance and provisioning support
Setup of Apps for Office corporate app catalog
Clients
IT managed client productivity
Mobile
Managed mobile connectivity
Administration
Office 365 ProPlus deployed to user desktop via IT process
Send and receive mail from mobile device as on-prem email
Control & monitor
Data loss prevention configuration (limited)
Exchange Online Protection mail protection configuration (limited)
Deploy – what’s required
Unique requirements per
mail platform
Dedicated customer IT
team
What’s Required
Identity
Directory Sync server/s
AD meets service requirements for hygiene
Same password on-prem and in cloud via password sync
What you need to connect
Network
Change management
readiness
Network access to service from client end points
Network bandwidth availability
Access to maintain DNS entries for share domains
Required to setup and migrate
Admin access
Mail
Clients
Required to connect and deploy
Web client – minimum browser
Office 365 Pro Plus – clients running Windows 7 +
Deploy Identity Scenario
Pilot
Deploy
Enhance
Cloud Identity
Directory & Password
Synchronization
Federated Identity
Single identity in the cloud
Single identity without federation
Single federated identity
and credentials








http://aka.ms/sync






























































































On-premises
Active Directory
Office 365
Sync Cycle
Stage 4:
Export “Write Back” attributes
Sync Cycle
Stage 2:
Import Users, Groups, and
Contacts from Office 365
Exchange
User Object
Mailbox-Enabled
ProxyAddresses:
SMTP: [email protected]
Sync Cycle
Stage 3:
Export Users, Groups, and
Contacts to Office 365
Authentication Platform
Windows Azure
Active Directory
Logon Enabled User
Exchange Online
Mail-Enabled (not mailbox-enabled)
ProxyAddresses:
SMTP: [email protected]
smtp: [email protected]
smtp: [email protected]
TargetAddress:
SMTP: [email protected]
SharePoint Online
Directory
Synchronization
Provisioning Web
Service
Lync Online
Activate Directory
Synchronization
In MOP
, select
Form
DirSync
server
(can take
up
to 24h
to propagate)
users
and Download
groups
| DirSync
DirSyncSet up
















 Introduced
with DirSync in June 2013
 Benefits of using Password Sync as an alternative to
Federated Authentication

“Single set of credentials” to access both on-premises and
online resources
 Managed in the customer’s Active Directory and is synchronized with Office 365
(username + password)
Fully integrated in the DirSync appliance
 No requirement for Active Directory Federation Services.

 Keeps the deployment simple and eliminates IT costs associated with AD/FS
 Does
not require nor access the plain text password
 No requirement for AD reversible encrypted format
 AD user password hash is hashed again using a nonreversible encryption function and digest is
synchronized into Azure AD
 The digest in Azure AD cannot be used to access
resources in the customer’s on-premises
environment
 One-way
cloud
synchronization from on-premises to the
 Password
Complexity Policy implemented in the onpremises AD is the master policy
 Password Expiration Policy on the Azure AD is set to “Never Expire”
 Password expiration and sync to Azure AD is driven by on-premises events








On-premises
MX Record:
contoso.com
User Object
Mailbox-Enabled
ProxyAddresses:
SMTP: [email protected]
Exchange
Message Filtering
Active Directory
Office 365
MX Record:
contoso.com
Exchange
User Object
Mail-Enabled (not mailbox-enabled)
ProxyAddresses:
SMTP: [email protected]
TargetAddresses:
SMTP: [email protected]
DirSync
Message Filtering
Active Directory
MX Record:
contoso.onmicrosoft.com
contoso.mail.onmicrosoft.com
Exchange Online Protection
On-premises
Exchange Online
Online Directory
Logon Enabled User
Mailbox-Enabled
ProxyAddresses:
SMTP: [email protected]
smtp: [email protected]
smtp: [email protected]
DirSync Web
Service
Office 365
MX Record:
contoso.com
Exchange
User Object
Mailbox-Enabled
ProxyAddresses:
SMTP: [email protected]
DirSync
Message Filtering
Active Directory
MX Record:
contoso.onmicrosoft.com
contoso.mail.onmicrosoft.com
Exchange Online Protection
On-premises
Exchange Online
Online Directory
Logon Enabled User
Mail-Enabled (not mailbox-enabled)
ProxyAddresses:
SMTP: [email protected]
smtp: [email protected]
smtp: [email protected]
TargetAddresses:
SMTP: [email protected]
DirSync Web
Service
Large
Medium
Small
Exchange
IMAP
Lotus
Notes
49Google
| Microsoft Confidential
Simple
Rich
DirSync
Manual/Bulk
Provisioning
Self serve or
Admin Driven
Features by
user type
Cloud or onpremises tools
In-Cloud
On-Premise
Single
Sign-On
FastTrack Step 2 Migration Options
Supports wide range of email platforms
Email only (no calendar, contacts, or tasks)
X
X
Exchange 2000
X
X
No server required on-premises
Identity federation with on-premises directory
Exchange 2003
X
X
X
Exchange 2007
X
X
X
Exchange 2010
X
X
X
Hybrid deployment
Exchange 2013
X
X
X
Manage users on-premises and online
Enables cross-premises calendaring, smooth migration, and easy offboarding
Notes/Domino
X
X
GroupWise
X
X
Other
X
X
Hybrid
IMAP migration
Exchange 5.5
IMAP migration
Staged Exchange migration
Hybrid
PST Migration
Migration
Import of Archived/Offline Mail
Staged migration
PST Migration
Self Service or Admin Driven Options
Control
Self Service
Admin-Driven
Deployment Type
Description
Prepare
for
IMAP
Migration
Create a
CSVs for
IMAP
Migration
Create
IMAP
Migration
Endpoint
Create
IMAP
Migration
Batch
Start
IMAP
Migration
Batch
Configure
MX
Record
Pointing
to Office
365
Delete
IMAP
Migration
Batches



Prepare
for
IMAP
Migration
Best practices







Best practices
Create
Start
IMAP
IMAP
Migration Migration
Batch
Batch



Create a
Prepare
CSV File
for Staged for Staged
Migration Migration
Batch
Create
Migration
End-Point
Delete
Start a
Convert OnCreate a
Staged
Staged
Premise
Staged
Migration Migration Mailboxes to Migration
Batch
Batch
Mail-Enabled
Batch
Users
Complete
PostMigration
Tasks




Prepare
for Staged
Migration


Best practices






Create a
CSV File
for Staged
Migration
Batch
Create
Migration
End-Point
Best practices




Best practices
Start a
Staged
Migration
Batch





Convert OnPremise
Mailboxes to
Mail-Enabled
Users


Best practices




Best practices
Delete
Staged
Migration
Batch





Complete
PostMigration
Tasks
Best practices


http://technet.microsoft.com/en-us/library/jj219422.aspx









http://ignite.office.com/office365

http://fasttrack.office.com