deploying office 365 in production: part 1docshare01.docshare.tips/files/26977/269776000.pdf ·...
TRANSCRIPT
![Page 1: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/1.jpg)
Deploying Office 365 in Production: Part 1October 2013
![Page 2: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/2.jpg)
Session Overview
2
![Page 3: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/3.jpg)
Session Overview
• This session details the options and considerations when expanding a pilot Office 365 environment into a production deployment. Unlike on-premises implementations, IT professionals can scale out their Office 365 tenants with ease. However, with added scale, it is important to start to automate user provisioning, add a production domain and set up the desired workloads
![Page 4: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/4.jpg)
Step 2: Deployment Overview
4
![Page 5: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/5.jpg)
Optional integrationExtend in weeksMeet business needsCustomized to landscape
Core onboardingDeploy in daysCompanywide cloud useIT led migration
Full Office 365 servicePilot in hoursPersist to deploymentUser led migration
First use in hours, Onboarding in daysExchange, SharePoint, Lync, Office 365 ProPlus, WA Active Directory
Pilot complete
Deploy Complete
WhatOffice 365 ServiceExchange, SharePoint, Lync, Office Web Apps, Office 365 ProPlus, Mobile
HowService domainCloud IdentityWeb Client
Office clientSelf Service
WhatAll Pilot Features +Shared namespace, simple coexistence, external sites
HowPilot +IT led migration *Customer domainDirectory sync
Password syncAdmin migrationsOnRamp
WhatDeploy +Federation, Hybrid Delegation, and more
HowDeploy+ *Configure adv. featuresFederated IdentityExchange HybridCorporate app store
SharePoint HybridLync Hybrid3rd party migration tools
Adopt new features
Deploy Enhance Pilot1 2 3
![Page 6: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/6.jpg)
Sign-on Integrated identity managementSign-on with the same user and password as on premises
Integrated mail flow and migrationGlobal address list Full mail content migration – mail, calendar, contacts
Collaboration
Sharing and working with othersLync business partner federationSite governance and provisioning supportSetup of Apps for Office corporate app catalog
ClientsIT managed client productivityOffice 365 ProPlus deployed to user desktop via IT process
Mobile Managed mobile connectivitySend and receive mail from mobile device as on-prem email
AdministrationControl & monitorData loss prevention configuration (limited)Exchange Online Protection mail protection configuration (limited)
Setup in days
Adds on-premises integration
Pilot user and info is sustained
IT driven migration
Mail migration that best fits environment
From EX 2010 Mail ServersManaged mail moves (MRS)Free/busy cross premisesUse existing OST
From EX 2007/03 Mail Servers Staged mail migrationNew mail file download
From OthersUser migration (PST import) or IMAP MigrationNew mail file
Deploy Experience – what’s added
![Page 7: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/7.jpg)
IdentityWhat’s RequiredDirectory Sync server/sAD meets service requirements for hygieneSame password on-prem and in cloud via password sync
NetworkWhat you need to connectNetwork access to service from client end pointsNetwork bandwidth availabilityAccess to maintain DNS entries for share domains
ClientsRequired to connect and deployWeb client – minimum browserOffice 365 Pro Plus – clients running Windows 7 +
Unique requirements per mail platform
Dedicated customer IT team
Change management readiness
Required to setup and migrateAdmin access
From EX 2010 Mail ServersExchange 2010 SP3Certificates - public
From EX 2007/03 Mail Servers Outlook Anywhere Access
From OthersPST requirement
Deploy – what’s required
![Page 8: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/8.jpg)
Cloud Identity
Single identity in the cloud
Windows Azure Active Directory
On-Premises Identity
Dirsync & Password Sync
Directory & Password Synchronization
Single identity without federation
Windows Azure Active Directory
Federated Identity
On-Premises Identity
Federation
Single federated identity and credentials
Windows Azure Active Directory
Directory Sync
Deploy Identity Scenario Deploy Enhance Pilot1 2 3
![Page 9: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/9.jpg)
Agenda
What is DirSync? Purpose – What does it do?
Understanding Synchronization
Understanding Coexistence
Understanding Migrations Self Service Admin lead
Migration Options PST migrations IMAP migrations Staged Exchange
migrations
![Page 10: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/10.jpg)
What is DirSync?
10
![Page 11: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/11.jpg)
What is DirSync? Application that synchronizes on-premises Active Directory with Office 365
Designed as a software based “appliance” “Set it and forget it”
x64 version based on FIM 2010 Bundled with SQL Server 2008 R2 Express Edition
11
![Page 12: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/12.jpg)
Purpose (#1) Enables coexistence
Provisions objects in Office 365 with same email addresses as the objects in the on-premises environment
Provides a unified Global Address List experience between on-premises and Office 365 Objects hidden from the GAL on-premises are also hidden from the
GAL in Office 365 Enables coexistence for Exchange
Works in both simple and hybrid deployment scenarios Enabler for mail routing between on-premises and Office 365 with a
shared domain namespace Enables coexistence for Microsoft Lync
12
![Page 13: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/13.jpg)
Purpose (#2) Enables “run state” administration and management of users, groups, and contacts Synchronizes adds/deletes/modifications of users, groups, and
contacts from on-premise to Office 365
Enabler for Single Sign-On Mandatory component for ADFS / Federated Identities deployments
Not intended as a single use bulk upload tool
13
![Page 14: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/14.jpg)
Understanding Synchronization
14
![Page 15: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/15.jpg)
Synchronization Synchronize one (and only one) Active Directory forest with Office 365
Entire Active Directory forest is scoped for synchronization (default) Filtering can be configured based on OU, AD domain, and user
attribute
What is synchronized? All user objects All group objects Mail-enabled contact objects
Passwords are not synchronized
![Page 16: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/16.jpg)
Synchronization Most Synchronization is from on-premises to Office 365 In an Exchange Hybrid Deployment, DirSync is configured to write
attributes back to the on-premises Active Directory
Synchronization occurs every 3 hours Use “Start-OnlineCoexistenceSync” cmdlet to force a sync outside of
regular synchronization schedule
16
![Page 17: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/17.jpg)
Synchronization User Objects
Mail-enabled/mailbox-enabled users are synchronized as mail-enabled users (not mailbox-enabled users) Visible in the Office 365 GAL (unless explicitly hidden from GAL) Logon enabled, but not automatically licensed to use services Target address is synchronized for mail-enabled users
Regular NT users are synchronized as regular NT users Not automatically provisioned as mail-enabled in Office 365
Resource mailboxes are synchronized as resource mailboxes Synchronized users are not automatically assigned a license
17
![Page 18: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/18.jpg)
Synchronization Group Objects
Mail-enabled groups are synchronized as mail-enabled Group memberships are synchronized Security groups are synchronized as security groups Dynamic Distribution Groups are NOT synchronized
Contacts Objects Only mail-enabled contacts are synchronized Target address is synchronized to Office 365
18
![Page 19: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/19.jpg)
Synchronization New user, group, and contact objects that are added to on-premises are added to Office 365 Licenses are not automatically assigned
Existing user, group, or contact objects attributes that are modified on-premises are modified in Office 365 Not all on-premises AD attributes are synchronized
19
![Page 20: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/20.jpg)
Synchronization Existing user, group, and contact objects that are deleted from on-premises are deleted from Office 365
Existing user objects that are disabled on-premises are disabled in Office 365 License is not automatically unassigned
20
![Page 21: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/21.jpg)
Synchronization First synchronization cycle after installation is a full synchronization May be a time consuming process relative to the number of objects
synchronized Approximately 5000 objects every 45 to 60 minutes Plan ahead if synchronizing tens or hundreds of thousands of objects
Subsequent synchronization cycles are deltas only and much faster
21
![Page 22: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/22.jpg)
On-premises
Synchronization
22
Exchange
Active Directory
Office 365
Windows Azure Active Directory
Directory Synchronizatio
n
Provisioning Web Service
Logon Enabled UserMail-Enabled (not mailbox-enabled)ProxyAddresses: SMTP: [email protected] smtp: [email protected] smtp: [email protected]: SMTP: [email protected]
Logon Enabled UserMail-Enabled (not mailbox-enabled)ProxyAddresses: SMTP: [email protected] smtp: [email protected] smtp: [email protected]: SMTP: [email protected]
Exchange Online
Authentication Platform
SharePoint Online
Lync Online
User ObjectMailbox-EnabledProxyAddresses: SMTP: [email protected]
User ObjectMailbox-EnabledProxyAddresses: SMTP: [email protected]
Sync Cycle Stage 3:Export Users, Groups, and Contacts to Office 365
Sync Cycle Stage 2:Import Users, Groups, and Contacts from Office 365
Sync Cycle Stage 1:Import Users, Groups,and Contacts from on-premises Sync Cycle
Stage 4:Export “Write Back” attributes
![Page 23: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/23.jpg)
Synchronization Once implemented, on-premises AD becomes the “source of authority” for synchronized objects Modifications to synchronized objects must occur in the on-premises
AD Synchronized objects cannot be modified or deleted via the portal
unless DirSync is disabled for the tenant
Scoping/Filtering Custom scoping of default management agents is officially
supported23
![Page 24: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/24.jpg)
Synchronization On-premises objectGuid AD attribute is assigned as the value for immutableID attribute during initial synchronization of an object Referred to as a “hard match” DirSync knows which Office 365 objects it is the “source of authority”
for by examining sourceAnchor attribute
DirSync can also match user objects created via the portal with on-premises objects if there is a match using the primary SMTP address Referred to as a “soft match”
24
![Page 25: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/25.jpg)
Synchronization On-premises proxyAddresses attribute values are synchronized Requires a matching verified domain Updates/modifications to on-premises proxyAddresses attribute are
synchronized even after license assignment
25
![Page 26: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/26.jpg)
Synchronization By default, only the first 50,000 objects are synchronized STEVE TO ADD Quota limit can be increased by contacting technical support Synchronization service will be stopped Email sent to technical contact
Deleted objects count against quota for up to 30 days
26
![Page 27: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/27.jpg)
Synchronization 10GB SQL Server 2012 Express Edition database file size is estimated to max out ~50,000 objects 50,000+ total objects requires full SQL Server
Authorization and synchronization occur via SSL
27
![Page 28: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/28.jpg)
Synchronization Synchronization errors are emailed to the Technical Contact for the subscription Recommend using a distribution group as the Technical Contact
email address
Example errors include: Synchronization health status
Sent once a day if a synchronization cycle has not registered 24 hours after last successful synchronization
Objects whose attributes contain invalid characters Objects with duplicate/conflicting email addresses Sync quota limit exceeded28
![Page 29: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/29.jpg)
Azure AD DirSync scoping options Ability to DirSync to Windows Azure AD only a subset of your users
Options for Filtering OU Domain-based User attribute
Step-by-step instructions available on TechNet
![Page 30: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/30.jpg)
Password SynchronizationScheduled to release in CY2013
New feature of Windows Azure Directory Sync as an alternative to Federated Authentication
Customer benefits:• Customer can use a “single set of credentials” (same username and
password) to access both on-premises and online resources• This single set of credentials is managed in the customer’s Active
Directory and is synchronized with Office 365 (username + password)• Password Sync is fully integrated in the DirSync appliance, no
additional sw/hw, or changes to the on-premises AD are required• No requirement to deploy and maintain Active Directory Federation
Services.• Keeps the deployment simple and eliminates IT costs associated with
ADFS
![Page 31: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/31.jpg)
Password Sync securityDoes not require nor access the plain text password
No requirement for AD reversible encrypted format
AD user password hash is hashed again using a non-reversible encryption function and digest is synchronized into Azure AD
The digest in Azure AD cannot be used to access resources in the customer’s on-premises environment
![Page 32: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/32.jpg)
Password Sync key password policiesPassword Sync is one-way synchronization from on-premises to the cloud
Password Complexity Policy implemented in the on-premises AD is the master policy
Password Expiration Policy on the Azure AD is set to “Never Expire”
Password expiration and sync to Azure AD is driven by on-premises events
![Page 33: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/33.jpg)
Understanding Coexistence
33
![Page 34: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/34.jpg)
What is Coexistence? Some users are provisioned in Office 365 while the remaining users are provisioned in the on-premises environment
Office 365 users see the same objects in the Global Address List as the on-premises users
Email messages are routed seamlessly from Office 365 users to on-premises users, and vice-versa
![Page 35: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/35.jpg)
Simple Coexistence Deployment Uses Directory Synchronization for GAL synchronization Enables mail routing between on-premises and Office 365 using a
shared DNS namespace Provides a unified GAL experience
Can be used with cloud identities or federated identities
Does not require an on-premises Hybrid server
35
![Page 36: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/36.jpg)
Office 365
SEM Architecture
37
On-premises Exchange Org
Users, Groups, Contacts via DirSync
Mailbox Data via Outlook Anywhere (RPC over HTTP)
Exchange 2003 or 2007
Office 365 Directory
SynchronizationApp
![Page 37: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/37.jpg)
Mail Routing: Pre-Coexistence
38
On-premises
Messa
ge Filte
ring
MX Record:contoso.com
User ObjectMailbox-EnabledProxyAddresses: SMTP: [email protected]
User ObjectMailbox-EnabledProxyAddresses: SMTP: [email protected]
Exchange
Active Directory
![Page 38: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/38.jpg)
Mail Routing: On-Premises To Office 365
39
On-premises
Messa
ge Filte
ring
MX Record:contoso.com
Exchange
Active Directory
Office 365
MX Record:contoso.onmicrosoft.com
contoso.mail.onmicrosoft.com
Exc
hange O
nlin
e P
rote
ctio
n
Exchange Online
Online Directory
DirSync DirSync Web Service
Logon Enabled UserMailbox-EnabledProxyAddresses: SMTP: [email protected] smtp: [email protected] smtp: [email protected]
Logon Enabled UserMailbox-EnabledProxyAddresses: SMTP: [email protected] smtp: [email protected] smtp: [email protected]
User ObjectMail-Enabled (not mailbox-enabled)ProxyAddresses: SMTP: [email protected]: SMTP: [email protected]
User ObjectMail-Enabled (not mailbox-enabled)ProxyAddresses: SMTP: [email protected]: SMTP: [email protected]
![Page 39: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/39.jpg)
Mail Routing: Office 365 To On-Premises
40
On-premises
Messa
ge Filte
ring
MX Record:contoso.com
Exchange
Active Directory
Office 365
MX Record:contoso.onmicrosoft.com
contoso.mail.onmicrosoft.com
Exc
hange O
nlin
e P
rote
ctio
n
Exchange Online
Online Directory
DirSync DirSync Web Service
Logon Enabled UserMail-Enabled (not mailbox-enabled)ProxyAddresses: SMTP: [email protected] smtp: [email protected] smtp: [email protected]: SMTP: [email protected]
Logon Enabled UserMail-Enabled (not mailbox-enabled)ProxyAddresses: SMTP: [email protected] smtp: [email protected] smtp: [email protected]: SMTP: [email protected]
User ObjectMailbox-EnabledProxyAddresses: SMTP: [email protected]
User ObjectMailbox-EnabledProxyAddresses: SMTP: [email protected]
![Page 40: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/40.jpg)
Understanding Migrations
42
![Page 41: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/41.jpg)
Migration Option Decision Factors
43 | Microsoft Confidential
DEPLOYMENT PLAN
Migration solution is part of the
plan
DEPLOYMENT PLAN
Migration solution is part of the
plan
Source ServerSource Server
ExchangeIMAPLotus NotesGoogle
SizeSize
LargeMediumSmall
Identity Manageme
nt
Identity Manageme
ntIn-CloudOn-PremiseSingle Sign-On
ProvisioningProvisioning
DirSyncManual/Bulk Provisioning
Coexistence
Requirement
Coexistence
Requirement
SimpleRich
43
Time to ValueTime to Value
Self serve or Admin DrivenFeatures by user typeCloud or on- premises tools
![Page 42: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/42.jpg)
Additional Onboarding Options
44
Control Deployment Type Description
Self Service
New mailbox
User receives new “green field” mailbox – i.e. user is onboarded to without data migration.
New mailbox + Outlook PST
User receives new mailbox and either attaches or imports PST files for access to pre-Office 365 data.
New mailbox + Connected Accounts
User receives new mailbox and configures connected accounts via OWA.
Admin-Driven New mailbox + PST Import
User receives a new mailbox and admin uses PST Export features of Exchange and 3rd Party tools to import PST data into the user’s Exchange Online mailbox.
![Page 43: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/43.jpg)
PST Migration
IMAP migration
Staged migration
Hybrid
Exchange 5.5 X X
Exchange 2000 X X
Exchange 2003 X X X
Exchange 2007 X X X
Exchange 2010 X X X
Exchange 2013 X X X
Notes/Domino X X
GroupWise X X
Other X X
* Additional options available with tools from migration partners
FastTrack Step 2 Migration Options
Migration
PST MigrationImport of Archived/Offline Mail
IMAP migrationSupports wide range of email platformsEmail only (no calendar, contacts, or tasks)
Staged Exchange migrationNo server required on-premisesIdentity federation with on-premises directory
Hybrid
Hybrid deploymentManage users on-premises and onlineEnables cross-premises calendaring, smooth migration, and easy off-boarding
![Page 44: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/44.jpg)
Migration Options
![Page 45: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/45.jpg)
IMAP Migrations
![Page 46: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/46.jpg)
IMAP Features and Benefits Works with a large number of source mail systems Works with on-premises or hosted systems Users can be migrated in batches On-premises migration tool is not required
48
![Page 47: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/47.jpg)
IMAP Requirements and Limitations Access to IMAP ports (TCP/143/993) SMTP domains configured in O365 tenant Users + mailboxes must be provisioned prior to
migration Bulk provisioning, CSV parser, manual, etc.
Gather user credentials or setup admin credentials Prepare a CSV file with list of users
EmailAddress, UserName, Password Max of 50,000 rows Max 10 MB in size
Very limited data migration scope (mail items only)49
![Page 48: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/48.jpg)
IMAP Data Migration ScopeMigrated
Mail messages (Inbox and other folders)
Maximum of 500,000 items
Possible to exclude specific folders from migration(e.g. Deleted Items, Junk E-Mail)
Not Migrated Contacts, Calendars,
Tasks, etc. Excluded folders Folders with a forward
slash( / ) in the folder name
Messages larger than 25 MB
50
![Page 49: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/49.jpg)
Deltasync
every 24 hours
Mark migratio
n as complet
e
Change MX
record
Gather IMAP creds,
configure IMAP
endpoint and
prepare CSV
IMAP Migration Flow
51
Provision
users+
mailboxes
in O365
(license assigned
)
EAC Wizard:
Enter server
settings and
upload CSV
Initial sync
Final sync and cleanup
![Page 50: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/50.jpg)
IMAP Migrations
Questions?
![Page 51: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/51.jpg)
StagedExchangeMigrations(SEM)
![Page 52: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/52.jpg)
SEM Features and Benefits Simple and flexible migration solution High-fidelity solution – all mailbox content is
migrated Typically best suited to medium and large
organizations Users are provisioned with Directory Sync prior to
migration No limit on the number of mailboxes Users can be migrated in batches (up to 1000 per
batch) Works with Exchange 2003 and 2007 only, on-
premises or hosted Identity management on-premises On-premises migration tool is not required
54
![Page 53: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/53.jpg)
SEM Requirements Outlook Anywhere service on source system
(must have SSL certificate issued by a public CA) Migration Account with Full Access or Receive-As
permissions to all mailboxes that will be migrated SMTP domain(s) configured in O365 tenant Directory Sync tool enabled in O365 tenant
(i.e. requires simple coexistence)
55
![Page 54: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/54.jpg)
SEM Limitations SEM is not supported with Exchange 2010 and
2013 Only simple coexistence is available
(no sharing of free/busy, calendar, etc.)
56
![Page 55: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/55.jpg)
SEM Accounts and Passwords Accounts Provisioning
Migration tool relies on DirSync to do provisioningFor every on-premises mailbox to be migrated there needs to be a MEU or Mailbox in Office 365
PasswordsTarget mailbox passwords must be specified for all users
Administrators can force users to change passwords on first login
Note: Password management has been simplified with DirSync and password sync
57
![Page 56: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/56.jpg)
SEM Batch File Format CSV format
› EmailAddress, Password, ForceChangePassword One user per line Max of 1000 users in each CSV Smart-check against the Office 365 directory
58
![Page 57: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/57.jpg)
SEM Data Migration Scope
59
Migrated Mail messages and
folders Rules and categories Calendar (normal,
recurring) Out-of-Office settings Contacts Tasks Delegates and folder
perms Outlook settings (e.g.
favorites)
Not Migrated Security Groups, DDLs System mailboxes Dumpster Send-As Permissions Messages larger than 25
MB
![Page 58: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/58.jpg)
SEM Data Migration Scope Partial migrations are not possible
(no folder exclusion, no time range selection, etc.) Mailboxes enabled for Unified Messaging cannot be
migrated Hidden mailboxes (not visible to tool) cannot be
migrated New cloud mailbox is created (new GUID) and data
is copied Existing cached-mode files (OST files) cannot be
preserved60
![Page 59: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/59.jpg)
SEM User Experience Admin needs to distribute new passwords to users Users create their new Outlook profile using O365
username and new passwords (Autodiscover) All mail is downloaded from the Office 365 mailbox
(i.e. the OST file must be recreated)
Note: IT Admins must convert on-premises mailbox-enable user to mail-enable user (which will delete on-premises content)
61
![Page 60: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/60.jpg)
Configure
Directory
Sync
EACWizard:
Enter server setting
s , admincreds, batch CSV
Delete migrati
on batch
(optional)
Change MX
Record
SEM Migration Flow
62
Migrate Batch
Convert onprem mailbox
es to MEU
License users
Configure
Outlook Anywhe
re
Test using ExRCA
Assign migrati
onperms
![Page 61: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/61.jpg)
StagedExchangeMigrations
Questions?
![Page 62: Deploying Office 365 in Production: Part 1docshare01.docshare.tips/files/26977/269776000.pdf · What you need to connect Network access to service from client end points ... Outlook](https://reader033.vdocuments.us/reader033/viewer/2022042411/5f29c8dec93f895192229a87/html5/thumbnails/62.jpg)
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.