Tommy Clarke

Agenda Workshop Materials & Infrastructure

Housekeeping Notes

Whoami!

Lync: tommy.clarke@ucaware.com

Self employed in UCAware AB Working with Microsoft Unified

Communications and Collaboration in the Cloud or on-prem

Lync MVP (Most Valued Professional)

MCSM: Communications (Microsoft Certified Solutions Master)

Microsoft V-TSP ( b-toclar@microsoft.com )

Lots of other Microsoft Certified…

Traditional deployment methodology

1 2 3 4 5 6 7 8 9 10 11 12 ….

Pre Plan Prepare Migrate Post

Don’t treat cloud like an on-premises deployment

Pre-Deployme

ntPlan Prepare Migrate

Post-Deployme

nt

First Mailbox

No throw away effort “Production pilot”

Full Office 365 User Experience with minimal on-premises requirements

Time to value vs. effort invested

Multiple data migration methods: new mailbox, self-service and IT managed

Identity options: cloud IDs, synchronized IDs and federated IDs

Benefits of Office 365 FastTrack

3 - EnhanceOptional integrationExtend in weeksMeet business needsCustomized to landscape

2 - DeployCore onboardingDeploy in daysCompanywide cloud useIT led migration

1 - PilotFull Office 365 servicePilot in hoursPersist to deploymentUser led migration

First use in hours, Onboarding in days

Pilot complete

Deploy Complete

WhatOffice 365 ServiceExchange, SharePoint, Lync, Office Web Apps, Office 365 ProPlus, Mobile

HowService domainCloud IdentityWeb Client

Office clientSelf Service

WhatAll Pilot Features +Shared namespace, simple coexistence, external sites

HowPilot +IT led migration *Customer domainDirectory sync

Password syncAdmin migrationsOnRamp

WhatDeploy +Federation, Hybrid Delegation, and more

HowDeploy+ *Configure adv. featuresFederated IdentityExchange HybridCorporate app store

SharePoint HybridLync Hybrid3rd party migration tools

Adopt new features

1: Pilot ExperiencePilot the service quicklySign-on

User signs into Office 365 with a Cloud ID (jane@contoso.onmicrosoft.com)

Pilot the new Exchange mailboxMailNew mailbox in the cloudInbox content populated via Connected accountUser sends/receives email as Jane@contoso.comUser PST import option for additional content migration (mail/calendar/contacts)

Pilot the new collaboration toolsCollaborationRun online meetings with any user with computer & app sharing, video conferencing, and PC-to-PC callingCollaborate using SharePoint Online team site and newsfeedsEasily store files in the cloud with SkyDrive Pro and share file with external users

Office across multiple devicesClientsAccess the service via a browser - Office Web Apps across devices and platforms – no client requiredUser self-install of Office 365 ProPlus side-by-side with existing Office client installations

Experience Office anywhereMobileMobile connectivity options are built into the service – just start connecting devicesConnect to Office 365 via mobile devices with Exchange Active Sync for mailPlatform specific mobile apps bring best experience where it makes sense - i.e. OneNote, Lync

Control & manage your pilotAdministrationCentralized administration from the Office 365 admin center in the service. Online management centers for Exchange, SharePoint, and Lync. Service health dashboard to monitor service maintenance and incidents.Service use reporting available in the service admin center including service activity.

Setup on day 1Full use of the serviceUser driven pilotPilot setup continues to step 2 deployLimited on-premises requirements

1: Pilot – what’s requiredWhat you need to connectNetwork

Network access to service from client end points over ports 80 and 443Network bandwidth capacity

Pilot user accessClientsWeb client – minimum browserOffice 365 Pro Plus – clients running Windows 7 +

Simple requirements

Easy to start or stop Connect to existing mail for the pilotMailPOP3 or IMAP4 protocol support for pilot users to use Connected Accounts

2: Deploy Experience – what’s added Integrated identity managementSign-on

Sign-on with the same user and password as on premises

Integrated mail flow and migrationMailGlobal address list Full mail content migration – mail, calendar, contacts

Sharing and working with othersCollaborationLync business partner federationSite governance and provisioning supportSetup of Apps for Office corporate app catalog

IT managed client productivityClientsOffice 365 ProPlus deployed to user desktop via IT process

Managed mobile connectivityMobileSend and receive mail from mobile device as on-prem email

Control & monitorAdministrationData loss prevention configuration (limited)Exchange Online Protection mail protection configuration (limited)

Setup in daysAdds on-premises integrationPilot user and info is sustainedIT driven migrationMail migration that best fits environment

From EX 2010 Mail Servers :Managed mail moves (MRS)Free/busy cross premisesUse existing OST

From EX 2007/03 Mail Servers :Staged mail migrationNew mail file download

From Others:User migration (PST import) or IMAP MigrationNew mail file

2: Deploy – what’s requiredWhat’s RequiredIdentity

Directory Sync server/sAD meets service requirements for hygieneSame password on-prem and in cloud via password sync

What you need to connectNetworkNetwork access to service from client end pointsNetwork bandwidth availabilityAccess to maintain DNS entries for share domains

Required to connect and deployClientsWeb client – minimum browserOffice 365 Pro Plus – clients running Windows 7 +

Unique requirements per mail platformDedicated customer IT teamChange management readiness

Required to setup and migrateMailAdmin access

From EX 2010 Mail Servers :Exchange 2010 SP3Certificates - public

From EX 2007/03 Mail Servers :Outlook Anywhere Access

From Others:PST requirement

3: Enhance- What’s addedAdvanced integrationSign-on

Single sign-on / ADFS3rd Party identity providers – “Works with program”

Advance migration scenariosMailNotes migrationsHybrid Exchange for 2007 or 2003

Advanced integration and solution buildingCollaborationLync or SharePoint hybridSharePoint solutions – including BCS, Duet, etc.

Advanced client management capabilitiesClientsVirtual desktop and virtual application scenarios

Connect to the serviceMobileBlackberry Enterprise Sever integration

Leverage advanced service controlsAdministrationData loss prevention configuration Exchange Online Protection mail protection configuration

Adds scenariosExtended durationsCustomer specific implementationAbility to add to deployed clients at point in the future

Portal.FastTrack.office.com

FastTrack EnablersEngineering service adoption enhancements

OnRamp Setup Toolhttps://onramp.office365.com

IdFix-Dirsync Error Remediation ToolIdentifies and remediates AD object issues that

will fail Windows Azure AD DirsyncBuilt on analysis of Dirsync daily error volumes and is targeted at fixing the majority of errors quickly Provides a datagrid with the ability to scroll, sort and editSuggested fixes are provided for known errorsCustomer change confirmation change and undo/rollback functionalityAvailable for download from TechNet

IdFix-Error classesAcross all objects:

Well know exclusions (“Admini*”, “CAS_{“, etc.) Distinguised name contains “\OACNF:” isCriticalSystemObject

Looks for invalid characters, checks length constraints, format and duplicate values across: c, co, displayName, givenName, Mail, mailNickName, proxyAddress,

sAMAccountName, sn, targetAddress, userPrincipalName

IdFix Tool view

Azure AD Dirsync Scoping OptionsAbility to Dirsync to Windows Azure AD only a subset of your usersOptions for Filtering

OU Domain-based User Attribute

Step-by-Step instructions available on TechNet

Exchange HybridCustomers with Exchange 2010 SP3 or Exchange 2013 on-premises can deploy Exchange Hybrid in Step 2The built in Hybrid Configuration Wizard automates the process and allows hybrid configuration to be completed within timelines and effort requirements of Step 2Details are available on TechNet

Password SyncNew feature of Windows Azure Directory Sync as an alternative to Federated AuthenticationCustomer Benefits:

Customer can use a “single set of credentials” (same username and password) to access both on-premises and online resourcesThis single set of credentials is managed in the customer’s Active Directory and is synchronized with Office 365 (username + password)Password Sync is fully integrated in the Dirsync appliance, no additional sw/hw, or changes to the on-premises AD are requiredNo requirement to deploy and maintain Active Directory Federation Services.Keeps the deployment simple and eliminates IT costs associated with ADFS

Password Sync SecurityDoes not require nor access the user’s plain text password.No requirement for AD reversible encrypted format.AD user password hash is hashed again using a non-reversible encryption function and digest is synchronized into Azure AD. The digest in Azure AD cannot be used to access resources in the customer’s on-premises environment.

Password Sync Key Password Policies

Password Sync is one-way synchronization from on-premises to the cloudPassword Complexity Policy implemented in the On-Premises AD is the master policyPassword Expiration Policy on the Azure AD is set to “Never Expire” Password Expiration and sync to Azure AD is driven by on-premises events

Password Sync FastTrack EAP DetailsCurrent Password Sync EAP build only supports single Forest environments Customers must redeploy DirSync to the final GA releaseCustomer must be willing to engage in feedback activities with the Product GroupAs the binaries are pre-release code, the customer will need to sign legal agreements (TAP)

Explore FastTrack

FastTrack Deployment

http://FastTrack.Office.com

FastTrack Data SheetsQuick reference guide

Office 365 Capability Matrix per Deployment StepKey Capabilities Step 1 – Pilot Step 2 – Deploy Step 3 - Extend

Identity

Identity Sign On Cloud IDs Corporate AD user account with same password via Password Sync

Corporate AD user account and password via ADFS Option for Integration

with “Works with O365” Identity Providers

Option for Shibboleth Integration

Active Directory Remediation

Not applicable IdFix Dirsync Error Remediation Tool

IdFix Dirsync Error Remediation Tool

Custom Engagement

Office 365 Capability Matrix per Deployment StepKey Capabilities Step 1 – Pilot Step 2 – Deploy Step 3 - Extend

Exchange

Global Address List Cloud Users Dirsync Users Dirsync users FIM 2010 via O365

connector

Calendar Free/Busy sharing

Cloud Users Dirsync Users (req. Ex 2010 SP3)

Dirsync Users Exchange Federation to

other O365 or Exchange

Corporate Email Yes via “connected accounts”

Yes via Corporate Domain add a

Data Migration Options

User driven migrations via connected accounts (mail only)

User driven PST import (mail/calendar/contacts)

User Driven IT Driven via Staged

Migration or Hybrid Exchange (req. Ex 2010 SP3)

Hybrid Exchange for 2010, 2007 or 2003 on-premises

IBM Notes Migration Option

OWA / Full Outlook a a a

Mobile via Active Sync

Cloud Email Address (Send From)

Corporate Email Address Option for BlackBerry BCS

Corporate Email Address

Option for BlackBerry BCS

Office 365 Capability Matrix per Deployment StepKey Capabilities Step 1 – Pilot Step 2 – Deploy Step 3 - Extend

Lync

IM & P a a a

Online Meetings a a a

Video Conferencing a a a

PC and Application Sharing

a a a

Mobile Lync Clients a a a

Skype Federation (Summer ‘13)

a a a

Lync External Federation   a a

Lync Hybrid Option     aLync Hybrid Voice Option     a

Office 365 Capability Matrix per Deployment StepKey

CapabilitiesStep 1 – Pilot Step 2 – Deploy Step 3 - Extend

SharePoint

Team Sites a a a

Sky Drive Pro a a a

External Sharing a a a

Office Web Apps a a a

Public Site with Corporate DNS

  a a

SharePoint Solutions (BCS, Duet)

    a

Click-to-Run Office 2013 Prof Plus

Self-Serve for Pilot Users Self-Serve for Dirsync Users

IT Managed Deployment

Self-Serve for Dirsync Users

IT Managed Deployment

Office 365 Customer Effort per Deployment StepEffort Step 1 – Pilot Step 2 – Deploy Step 3 - Extend

Number of Users 25 to 250 Up to Office 365 Licenses Up to Office 365 Licenses

Level of Effort Low Medium High

No on-premises components SMTP/POP needed for

connected accounts experience

Dirsync Appliance Dirsync scoping optional AD Remediation (IdFix

Dirsync Error Remediation Tool available)

Option for Exchange Hybrid configuration if Ex 2013 SP3 On-Prem via Configuration Wizard

Dirsync Appliance – or- O365 Connector for FIM

ADFS Infrastructure and Capacity Planning

Exchange Hybrid configurations via HCW and Manual steps as required per Exchange version

Lync Hybrid Option Lync Hybrid Voice Option

Ignite

Office 365 Technical Blog

Thank You!!!

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.