office 365 groups: are you missing out?

57
Welcome! We will get started shortly… Office 365 Groups: Are You Missing Out? A Binary Tree SMART Migration Webinar

Upload: binary-tree

Post on 14-Apr-2017

1.258 views

Category:

Technology


2 download

TRANSCRIPT

Welcome! We will get started shortly…Office 365 Groups: Are You Missing Out?

A Binary Tree SMART Migration Webinar

Office 365 Groups: Are You Missing Out?

A Binary Tree SMART Migration Webinar

Who I am.

Justin Harris is a Microsoft Certified Master on Exchange Server and a Microsoft MVP for Exchange Server. Justin is a Principal Solution Architect with Binary Tree, blogger, author, and Pluralsight author.

@ntexcellence

http://www.ntexcellence.com

What are we going to cover?

• Single place for team-based collaboration

• Which social network?• Discovery of information• Maintain historical context of

collaborative team activities

• Office 365 admin center• Available *UnifiedGroup and

*UnifiedGroupLinks Cmdlets• OWA Mailbox Policy

Need for Collaboration Architecture Administration

• Many different Office 365 workloads have been “bolted on”

• Azure Active Directory is the single source of authority

• Concept of FwdSync• Groups only reside in Office 365

Times have changed!

• Expectations of how people work has profoundly changed

• The rise of mobile• Technology has changed my

personal life

• Maximize customer interactions• How to leverage technology to

“get in earlier and stay longer”

On-demand workforce On-demand meetings Responsive to customers

• The need to spin up ad-hoc teams

• Do more with less• Working with partners

What has fueled the change?

Education Social networks Evolution of technology

Justin Harris
I went back to school (Lynn) last year for my MBA. Lynn provides iPads to all graduate students. All coursework, textbooks, weekly assignments and homework is delivered, viewed and submitted through the app on the iPad. Instead of the textbook showing a picture of the solar system for instance, you now get an interactive video of the solar system since the textbook is electronic.
Tony Redmond
What is the point you make about education (just interested)?

On-demand workforce

File shares SharePoint Lync/Skype for Business Mobile applications to communicate

Office 365 Groups

“Groups brings together people, info, and apps across O365 platform to help spark communication and collaboration.”

Office 365 Groups

“Groups brings together people, info, and apps across O365 platform to help spark communication and collaboration.”

In other words – an AAD object that is backed by a shared mailbox in EXO (email & cal) and a document library in SPO (files & OneNote). Not to be confused with…

Office 365 Groups

Groups have many different bolted-on modules

Justin Harris
Fair enough. I was crossing streams a bit.
Tony Redmond
Should Outlook be Exchange Online? I don't think you are discussing clients here... So it's really Exchange Online that is providing the mailbox...

Groups have many different bolted-on modules

OFFICE 365 groups

Justin Harris
Fair enough. I was crossing streams a bit.
Tony Redmond
Should Outlook be Exchange Online? I don't think you are discussing clients here... So it's really Exchange Online that is providing the mailbox...

Groups have many different bolted-on modules

EXO

One

Driv

e

One

Not

e

Skyp

e fo

r Bus

ines

s

Dyna

mic

s CRM

Delv

e (c

omin

g so

on)

Yam

mer

(com

ing

soon

)

OFFICE 365 groups

Justin Harris
Fair enough. I was crossing streams a bit.
Tony Redmond
Should Outlook be Exchange Online? I don't think you are discussing clients here... So it's really Exchange Online that is providing the mailbox...

An Office 365 Group is not

Not a distribution list Not a security group Not just a SPO doc library

• Only mailboxes (tenant) can be a member

• No site or shared mailboxes• No MEUs• No contacts• No external recipients (soon)• No PF’s that are mail-enabled

• Cannot be set on ACLs to control access

• Only controls access to resources that are approved workloads

• Can only be set to private or public (default) and cannot change after creation

• Document library created for each new Group when user tries to access for the first time saving quota overhead

• Document library is associated with a hidden site collection

What are the benefits?

Single place to collaborate

Anyone can join

Provides historical context

Client Options

Client Options

Client Options

Client Options

EXO Directory Store

@ntexcellence

EXO Directory StoreEXODS provides a layer of separation for AAD• You have configuration data about workloads like EXO• You have Exchange specific configuration data for each tenant• Continuous stream of synchronization between EXODS and AAD• Hybrid – DirSync – AAD is target then sync to EXODS

EXODS provides redundancy• A cached copy of relevant tenant AAD information• Provides continuity in the event of service disruptions or regional AAD outages• EXO queries EXODS for items such as objects stamped with mail properties• EXO deployed across 30 forests (source: Office 365 for Exchange Professionals) @ntexcellence

Architecture

Group Identity

AAD

Master identityAzure Active Directory (AAD) is the master for group identity and membership across Office 365

Working togetherServices work together but are independent workloadsEmail conversations stored in EXODocuments & OneNote reside in SPO

The synchronization glueDual writes to AAD and EXODSConvergence handled by FwdSync

Architecture

EXO AD

SPO AD

Mailbox

OneDriveGroup Identity

AAD

Exchange

SharePoint

Master identityAzure Active Directory (AAD) is the master for group identity and membership across Office 365

Working togetherServices work together but are independent workloadsEmail conversations stored in EXODocuments & OneNote reside in SPO

The synchronization glueDual writes to AAD and EXODSConvergence handled by FwdSync

What About Synchronization?Any action by EXO/SPO are made against AAD object• Repetitive theme!• Only one master identity• If you think about it – this one-way sync model makes life easier

Changes in AAD are funneled down to other workloads through a process called “FwdSync”• All changes against a group are made against the AAD object• “FwdSync" takes care of notifying workloads like EXO & SPO of the change• The other workloads then update their own Active Directory copy (cached instance)• Architecturally speaking – all sync traffic flows downhill (AAD to EXO for instance)• Changes in EXODS (new-mailbox) replicated to AAD through backsync (https)

Synchronization in Action

MSODSAzure Active Directory

Exchange Online SharePoint Online

EXODS SPODS

EXO SPO

Synchronization in Action

MSODSAzure Active Directory

Exchange Online SharePoint Online

EXODS SPODS

EXO SPO

Create group

Synchronization in Action

MSODSAzure Active Directory

Exchange Online SharePoint Online

EXODS SPODS

EXO SPO

Create group

Create via AAD

Synchronization in Action

MSODSAzure Active Directory

Exchange Online SharePoint Online

EXODS SPODS

EXO SPO

Create group

Create via AAD

New Group

Synchronization in Action

MSODSAzure Active Directory

Exchange Online SharePoint Online

EXODS SPODS

EXO SPO

Create group

Create via AAD

New Group

Dual writeCached

Synchronization in Action

MSODSAzure Active Directory

Exchange Online SharePoint Online

EXODS SPODS

EXO SPO

Create group

Create via AAD

New Group

Dual writeCached

New Group

Synchronization in Action

MSODSAzure Active Directory

Exchange Online SharePoint Online

EXODS SPODS

EXO SPO

Create group

Create via AAD

New Group

Dual writeCached

New GroupFwdSync

Synchronization in Action

MSODSAzure Active Directory

Exchange Online SharePoint Online

EXODS SPODS

EXO SPO

Create group

Create via AAD

New Group

Dual writeCached

New GroupFwdSync

Cached

Synchronization in Action

MSODSAzure Active Directory

Exchange Online SharePoint Online

EXODS SPODS

EXO SPO

Create group

Create via AAD

New Group

Dual writeCached

New GroupFwdSync

Cached

New Group

Loosely Coupled

#ITDEVCON

Exchange SharePointNotifications

• FwdSync is the sync mechanism that AAD uses but…

• EXO can notify SPO of a new group • New Groups may not automatically appear

until synchronization occurs• Each workload is independent of each other

which Microsoft calls “loose coupling”

AAD Object ID

Groups is an AAD Object• Unique identifier stamped on each

object• You can see Object ID in Azure portal

for a Group• Public health warning – please do

not edit here!

What About Hybrid?

What About Hybrid?History of Groups – Old-style vs New-style• Before Ignite - AAD group associated with an Exchange mailbox• After Ignite – Unified Groups are now viewed as distribution groups• Script on TechNet Gallery to convert distribution groups to Unified @ntexcellence

What About Hybrid?History of Groups – Old-style vs New-style• Before Ignite - AAD group associated with an Exchange mailbox• After Ignite – Unified Groups are now viewed as distribution groups• Script on TechNet Gallery to convert distribution groups to Unified @ntexcellence

What About Hybrid?History of Groups – Old-style vs New-style• Before Ignite - AAD group associated with an Exchange mailbox• After Ignite – Unified Groups are now viewed as distribution groups• Script on TechNet Gallery to convert distribution groups to Unified Groups

• Old-style Groups that have been converted have the (OFF1CE) suffix

@ntexcellence

What About Hybrid?History of Groups – Old-style vs New-style• Before Ignite - AAD group associated with an Exchange mailbox• After Ignite – Unified Groups are now viewed as distribution groups• Script on TechNet Gallery to convert distribution groups to Unified Groups On-premises users cannot access fully-featured Group functionality• On-premises users when added to a Group are “auto-subscribed”• Outlook user will receive email copies of Group interactions automatically

AAD Connect is required for better end user experience • Use AAD Connect to sync or “write-back” AAD Group object • The object is written to on-premises AD as a DL• The Group then appears in the on-premises GAL

@ntexcellence

Outlook 2016How does Outlook 2016 find Groups?• Autodiscover writes info about Groups for user to an XML file• C:\Users\jharris\AppData\Local\Microsoft\Outlook\16• Once you access a Group the local XML is refreshed

Outlook 2016How does Outlook 2016 find Groups?• Autodiscover writes info about Groups for user to an XML file• C:\Users\jharris\AppData\Local\Microsoft\Outlook\16• Once you access a Group the local XML is refreshed

Offline access for Groups?• Group Storage File or GST• .NST file extension• C:\Users\jharris\AppData\Local\Microsoft\Outlook• Only mail items like a conversation and calendar are written to local disk

Site collection created for new Group is hidden• Cannot see it in SPO Admin• You need to trick the system to see path• Cannot go to URL as you will be redirected• SharePoint Designer is required to edit –

Public Service Warning!!

Hidden site collection?

Tony Redmond
Another warning - don't mess with this collection from SPO admin

Site collection created for new Group is hidden• Cannot see it in SPO Admin• You need to trick the system to see path• Cannot go to URL as you will be redirected• SharePoint Designer is required to edit –

Public Service Warning!!

Hidden site collection?

Tony Redmond
Another warning - don't mess with this collection from SPO admin

Site collection created for new Group is hidden• Cannot see it in SPO Admin• You need to trick the system to see path• Cannot go to URL as you will be redirected• SharePoint Designer is required to edit –

Public Service Warning!!

Hidden site collection?

Tony Redmond
Another warning - don't mess with this collection from SPO admin

SPO Team Site?Group document libraries have several limitations:• Cannot check documents in and out• Workflows are not available (expense reports etc.)• Cannot create views• Cannot provide read-only access to Group data

Administration

@ntexcellence

Administration

@ntexcellence

Administration

@ntexcellence

Available Cmdlets• Help UnifiedGroup• Get/New/Remove/Set-UnifiedGroup• Add/Get/Remove-UnifiedGroupLinks• New-OWAMailboxPolicy -Name DisableGroupCreation• Set-OWAMailboxPolicy -Identity DisableGroupCreation -GroupCreationEnabled $false• Scripts on TechNet Gallery to convert distribution groups to modern Groups

Administration

@ntexcellence

Available Cmdlets• Help UnifiedGroup• Get/New/Remove/Set-UnifiedGroup• Add/Get/Remove-UnifiedGroupLinks• New-OWAMailboxPolicy -Name DisableGroupCreation• Set-OWAMailboxPolicy -Identity DisableGroupCreation -GroupCreationEnabled $false• Scripts on TechNet Gallery to convert distribution groups to modern Groups

Administration

@ntexcellence

Demonstration: OWA

Demonstration: Outlook

What’s Missing?

Compliance Backup & Migration Administration

• eDiscovery• In-place Hold• DLP• Lifecycle

• No soft-delete function• When groups are deleted – they

are gone• Cannot remove individual post

in conversation – delete all • Public Folder migration• SharePoint migration

• DL & Query-based membership• External users• Mobile (coming fall)• Lack of EWS support – Outlook

2016 for Mac!• Missing notification of

@mentions or likes (Outlook 2016)

Key Takeaways

“Groups brings together people, info, and apps across O365 platform to help spark communication and collaboration”

Other workloads bolt-on and add additional data like EXO and SPO

Still a lot of key missing features

Growing set of administrative features

Single source for identity – AAD

Questions and Answers

Thank You for Attending!