Office 365 Deployment

Keith LabordePrincipal Service Engineer

Brian ShiersTechnical Product Manager

OUC-B340

Transform how you run your business

Devices SocialCloudFast and fluid experience with touch, pen, mouse & keyboard

Immersive touch-optimized Windows 8 apps

Support for Windows phone, iOS & Android phones

Office - on demand, roaming & up-to-date

New cloud app development model

Enterprise-grade reliability and standards

Newsfeeds & microblogging, extend with Yammer

Pervasive social capabilities across Office

Multiparty HD video & Skype federation

DLP, data retention & unified eDiscovery

Reimagined deployment model for Office apps

Common management experience across Office 365

Control

Traditional deployment methodology

1 2 3 4 5 6 7 8 9 10 11 12 ….

Pre Plan Prepare Migrate Post

Don’t treat cloud like an on-premises deployment

Pre-Deploymen

t

Plan

Prepare

Migrate

Post-Deploymen

t

First Mailbox

Experience Value EarlyNew Cloud Experience

Real World BenefitsBroad Production Use

Full Feature ValueMeet your needs

Pilot Deploy Enhance

No throw away effort “Production pilot”

Full Office 365 user experience

Pilot with minimal on-premises requirements

Time to value vs. effort invested

Multiple data migration methods: new mailbox, self-service and IT managed

Identity options: cloud IDs, synchronized IDs and federated IDs

Benefits of Office 365 FastTrack

3 - EnhanceOptional integrationExtend in weeksMeet business needsCustomized to landscape

2 - DeployCore onboardingDeploy in daysCompanywide cloud useIT led migration

1 - PilotFull Office 365 servicePilot in hoursPersist to deploymentUser led migration

First use in hours, Onboarding in days

Pilot complete

Deploy Complete

WhatOffice 365 ServiceExchange, SharePoint, Lync, Office Web Apps, Office 365 ProPlus, Mobile

HowService domainCloud IdentityWeb Client

Office clientSelf Service

WhatAll Pilot Features +Shared namespace, simple coexistence, external sites

HowPilot +IT led migration *Customer domainDirectory sync

Password syncAdmin migrationsOnRamp

WhatDeploy +Federation, Hybrid Delegation, and more

HowDeploy+ *Configure adv. featuresFederated IdentityExchange HybridCorporate app store

SharePoint HybridLync Hybrid3rd party migration tools

Adopt new features

Let’s see how it worksPilot Deploy Enhance1 2 3

Step 1: Pilot ExperiencePilot the service quicklySign-on

User signs into Office 365 with a Cloud ID (jane@contoso.onmicrosoft.com)

Pilot the new Exchange mailboxMail

New mailbox in the cloudInbox content populated via Connected accountUser sends/receives email as Jane@contoso.comUser PST import option for additional content migration (mail/calendar/contacts)

Pilot the new collaboration toolsCollaborationRun online meetings with computer & app sharing, video, and PC-to-PC callingCollaborate using SharePoint Online team site and newsfeedsEasily store files in the cloud with SkyDrive Pro and share file with external users

Office across multiple devicesClientsAccess the service via a browser - Office Web Apps across devices and platforms User self-install of Office 365 ProPlus side-by-side with existing Office client installations Experience Office anywhereMobile

Mobile connectivity options are built into the service – just start connecting devicesConnect to Office 365 via mobile devices with Exchange Active Sync for mailPlatform specific mobile apps bring best experience where it makes senseControl & manage your pilotAdministrationCentralized administration from the Office 365 admin center in the service. Online management centers for Exchange, SharePoint, and Lync. Service control in admin center

Setup on day 1Full use of the serviceUser driven pilotPilot setup continues to step 2 deployLimited on-premises requirements

DemoFastTrack Pilot

Start FastTrackPilot

Source

En

han

ce

Dep

loy

Pilot

Pilot users use the service in about an hourStart with a clean mailbox or with their own data

Cloud ID

Self service

PST

Connected account

IT Driven

PST import tool

IMAP migration

Migration

Others

Let’s look at deployPilot Deploy Enhance1 2 3

2: Deploy Experience – what’s added Integrated identity managementSign-on

Sign-on with the same user and password as on premises

Integrated mail flow and migrationMailGlobal address list Full mail content migration – mail, calendar, contacts

Sharing and working with othersCollaborationLync business partner federationSite governance and provisioning supportSetup of Apps for Office corporate app catalog

IT managed client productivityClientsOffice 365 ProPlus deployed to user desktop via IT process

Managed mobile connectivityMobile

Send and receive mail from mobile device as on-prem email

Control & monitorAdministration

Data loss prevention configuration (limited)Exchange Online Protection mail protection configuration (limited)

Setup in daysAdds on-premises integrationPilot user and info is sustainedIT driven migrationMail migration that best fits environment

From EX 2010:Managed mail moves (MRS)Free/busy cross premisesUse existing OST

From EX 2007/03:Staged mail migrationNew mail file download

From Others:User migration (PST import) or IMAP MigrationNew mail file

Exchange 2003/2007 ScenarioDeploy Cloud identity

Source

En

han

ce

DeployPilo

t

Shared namespace

Self service PST

IT driven

PST import tool

IMAP migration

Deploy quickly using cloud identityOption to expedite with use of a new or shared namespace with limited GAL

Migration

Exchange 2003/2007 ScenarioDeploy Synchronized identity

Source

En

han

ce

DeployPilo

t

Synchronized ID with password sync IT driven

Migration

Shared namespace

Staged migration

Use the service within days post migration of mail data with full GAL

Exchange 2010/2013 ScenarioDeploy Cloud identity

Source

En

han

ce

DeployPilo

t

Shared namespace

IT driven

Migration

PST import tool

IMAP migration

Users can start using the service within hours to days post-data migration depending on requirements of new or shared namespace with limited GAL

Exchange 2010/2013 ScenarioDeploy Synchronized identity

Source

En

han

ce

DeployPilo

t Synchronized ID with password sync

Shared namespace

Hybrid migration

Users can start using the service within days post-introduction of SP3 or later with HCW, full GAL, post-data move

Self service

IT driven

Migration

PST

Step 2 DeployRecap

Transition pilot service

Deployment options to meet your requirements

Leverage staged migration for IT led migration

Optionally enhance service over time

Decision pointsIdentity type

Namespace

Migration approach

FastTrack enablersEngineering enhancements

Office 365 setup toolGuidance tailored to meet your environmentEnvironmental checks to aid in identifying remediation tasks to ensure successful onboarding

DemoSetup with FastTrack

IdFix-Dirsync error remediation toolIdentifies and remediates AD object issues that will fail Windows Azure AD DirsyncBuilt on analysis of Dirsync daily error volumes and is targeted at fixing the majority of errors quickly Provides a datagrid with the ability to scroll, sort and editSuggested fixes are provided for known errorsCustomer change confirmation change and undo/rollback functionalityAvailable for download from TechNet

IdFix-Dirsync error remediation toolAcross all objects:

Well know exclusions (“Admini*”, “CAS_{“, etc.)Distinguished name contains “\OACNF:”isCriticalSystemObject

Looks for invalid characters, checks length constraints, format and duplicate values across:

c, co, displayName, givenName, Mail, mailNickName, proxyAddress, sAMAccountName, sn, targetAddress, userPrincipalName

IdFix Tool

DemoIdFix

Azure AD Dirsync scoping optionsAbility to Dirsync to Windows Azure AD only a subset of your usersOptions for Filtering• OU • Domain-based • User attribute

Step-by-step instructions available on TechNet

Password SyncAvailable today

New feature of Windows Azure Directory Sync as an alternative to Federated AuthenticationCustomer benefits:• Customer can use a “single set of credentials” (same username and

password) to access both on-premises and online resources• This single set of credentials is managed in the customer’s Active

Directory and is synchronized with Office 365 (username + password)• Password Sync is fully integrated in the Dirsync appliance, no

additional sw/hw, or changes to the on-premises AD are required• No requirement to deploy and maintain Active Directory Federation

Services.• Keeps the deployment simple and eliminates IT costs associated with

ADFS

Attend OUC-B211 - Tuesday @ 8:30 AM

Overview of Microsoft Office 365 Identity

Management

Password Sync securityDoes not require nor access the plain text passwordNo requirement for AD reversible encrypted formatAD user password hash is hashed again using a non-reversible encryption function and digest is synchronized into Azure ADThe digest in Azure AD cannot be used to access resources in the customer’s on-premises environment

Password Sync key password policiesPassword Sync is one-way synchronization from on-premises to the cloudPassword Complexity Policy implemented in the on-premises AD is the master policyPassword Expiration Policy on the Azure AD is set to “Never Expire” Password expiration and sync to Azure AD is driven by on-premises events

Exchange 2010 SP3 hybridCustomers with Exchange 2010 SP3 or Exchange 2013 on-premises can deploy Exchange hybrid in step 2The built in Hybrid Configuration Wizard automates the process Enables hybrid configuration to be completed within timelines and effort requirements of step 2Details are available on TechNet

Let’s see how it worksPilot Deploy Enhance1 2 3

3: Enhance- What’s addedAdvanced integrationSign-on

Single sign-on / ADFS3rd Party identity providers – “Works with program”

Advance migration scenariosMail

Notes migrationsHybrid Exchange for 2007 or 2003

Advanced integration and solution buildingCollaborationLync or SharePoint hybridSharePoint solutions – including BCS, Duet, etc.

Advanced client management capabilitiesClientsVirtual desktop and virtual application scenarios

Connect to the serviceMobile

Blackberry Enterprise Sever integration

Leverage advanced service controlsAdministration

Data loss prevention configuration Exchange Online Protection mail protection configuration

Adds scenariosExtended durationsCustomer specific implementationAbility to add to deployed clients at point in the future

Enhance IdentityEnhance Deploy Synchronized identity

Enhance

Pilo

t

Dep

loy

Users can start using the service within weeks post-introduction of hybrid servers, full GA,

and SSO post-data move

Federated ID

IT driven

Staged migration

Migration

Self Service

Hybrid migration

Sou

rce

Exchange 2007 ScenarioEnhance Deploy Hybrid mail

Source

En

han

ce

EnhancePilo

t

Dep

loy

Use the service within weeks post-introduction of hybrid serversComplete GAL availability

Hybrid servers

IT driven

Migration

Hybrid migration

Step 3 Enhance Recap

Pilot and deploy activities leveraged

Optional enhancement scenarios

Complete at deploy or over time

Decision pointsHybrid use

Authentication requirements

Additional scenarios

Start FastTrack

FastTrack deploymentresources of Office 365

http://FastTrack.Office.com

Track resources

Team blogs: http://blogs.office.com/b/microsoft_office_365_blog/http://blogs.technet.com/b/exchange/

Twitter:Follow @ https://twitter.com/Office365

Join the conversation, use #IamMEC

Check out: Office 365 FastTrack: fasttrack.office.com/ Garage Series for IT Pros: www.microsoft.com/garageMicrosoft Exchange Conference 2014: www.iammec.com Technical Training with Ignite: ignite.office.com

Resources

LearningMicrosoft certification & training resourceswww.microsoft.com/learning

TechNetResources for IT professionalshttp://microsoft.com/technet

msdnResources for developershttp://microsoft.com/msdn

LearningSessions on demandhttp://channel9.msdn.com/Events/TechEd

Complete an evaluation on CommNet and enter to win!

Evaluate this session

Scan this QR code to evaluate this session and be automatically entered in a drawing to win a prize

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Appendix

EnhanceDeployPilot

Optimized Path for Exchange 2007

Cloud ID

Self service

PST

Connected account

IT Driven

PST import tool

IMAP migration

Migration

Shared namespace

Self service PST

IT driven

PST import tool

IMAP migration

Migration

Sync’d ID and

password

IT driven Staged Migration

Change ID Type

Federated ID

Change ID Type

Migration

Self service

IT driven

Migration

Hybrid servers

IT driven

Migration

Hybrid migration

Hybrid migration

Staged migration

EnhanceDeployPilot

Optimized Path for Exchange 2010

Cloud ID

Self service

PST

Connected account

IT Driven

PST import tool

IMAP migration

Migration

Shared namespace

Self service PST

IT driven

PST import tool

IMAP migration

Migration

Sync’d ID and

password

IT driven Hybrid Migration

Change ID Type

Federated ID

Change ID Type

Migration

Self service

IT driven

Hybrid migration

Migration