12. Service Descriptions
Office 365 Service Descriptions:
http://technet.microsoft.com/en-us/library/jj819284.aspx
Office 365 Service Updates:
http://community.office365.com/en-
us/wikis/office_365_service_updates/974.aspx
Office 365 Service Upgrade Center for Enterprises:
http://community.office365.com/en-
us/wikis/office_365_service_updates/office-365-service-upgrade-
center-for-enterprise.aspx
13. Office 365 Deployment Center
Sign-up for a trial: http://alturl.com/rt9j8
The new Office 365 Deployment Center:
Find the tools, guidance, and technical resources
Pilot and Deploy Office 365
http://www.deployoffice365.com/
15. Understanding Identities
Cloud Identity Federated Identity
• Separate credential from on- • Same credential as on-premises
premises credential credential
• Authentication occurs via cloud • Authentication occurs via on-
directory service premises directory service
• Password policy is stored in Office • Password policy is stored on-
365 premises
• Does not require on-premises server • Requires on-premises DirSync server
deployment • Requires on-premises ADFS server
16. Understanding Identities
Cloud Identity Cloud Identity + DirSync Federated Identity
Smaller organizations with or without on- Medium to Large organizations with Active Large enterprise organizations with Active
premises Active Directory Directory on-premises Directory on-premises
Scenario
Does not require on-premises server “Source of Authority” is on-premises Single Sign-On experience
deployment
Enables coexistence “Source of Authority” is on-premises
Benefits 2 Factor Authentication options
Enables coexistence
No Single Sign-On No Single Sign-On Requires on-premises ADFS server deployment
in high availability scenario
No 2 Factor Authentication options No 2 Factor Authentication options
Requires on-premises DirSync server
Two sets of credentials to manage Two sets of credentials to manage deployment
Limitations
Different password policies Different password policies
Requires on-premises DirSync server
deployment
17. Understanding Identities
Cloud Identity Federated Identity Federated Identity
(domain joined computer) (non-domain joined computer)
Microsoft Outlook® 2010 on
Sign in each session Sign in each session Sign in each session
Windows® 7
Outlook 2007 on Windows 7 Sign in each session Sign in each session Sign in each session
Outlook 2010 or Outlook 2007 on
Sign in each session Sign in each session Sign in each session
Windows Vista® or Windows XP
Exchange ActiveSync® Sign in each session Sign in each session Sign in each session
POP, IMAP, Microsoft Outlook for Mac
Sign in each session Sign in each session Sign in each session
2011
Web Experiences: Office 365 Portal /
Outlook Web App / SharePoint Online Sign in each browser session No Prompt Sign in each browser session
/ Office Web Apps
Office 2010 or Office 2007 using
Sign in each SharePoint Online session Sign in each SharePoint Online Session Sign in each SharePoint Online Session
SharePoint Online
Lync Online Sign in each session No prompt Sign in each session
Outlook for Mac 2011 Sign in each session Sign in each session Sign in each session
19. ADFS Enables
Enables users to access both the on-premises and
cloud-based organizations with a single user name and
password
Provides users with a familiar sign-on experience
Allows administrators to easily control account policies
for cloud-based organization mailboxes by using on-
premises Active Directory management tools
SharePoint Hybrid Search
20. Access Control Policies
Scenario Description
Office 365 access is allowed from all clients on the internal
Block all external access to Office 365 corporate network, but requests from external clients are
denied based on the IP address of the external client.
Office 365 access is allowed from all clients on the internal
corporate network, as well as from any external client
Block all external access to Office 365, except Exchange
devices, such as smart phones, that make use of Exchange
ActiveSync
ActiveSync. All other external clients, such as those using
Outlook, are blocked.
Block all external access to Office 365, except for browser- Blocks external access to Office 365, except for passive
based applications such as Outlook Web Access or (browser-based) applications such as Outlook Web Access
SharePoint Online or SharePoint Online.
This scenario is used for testing and validating client access
policy deployment. It blocks external access to Office 365
Block all external access to Office 365 for members of
only for members of one or more Active Directory group. It
designated Active Directory groups
can also be used to provide external access only to
members of a group.
21. Do 4
Is your environment ready to hook up to Office 365?
22. Deployment Readiness Tool
• http://community.office365.com/en-
us/forums/183/p/2285/8155.aspx
• Requirements:
• No administrative rights required
• Domain user
• Domain joined machine
23. Windows Azure
Active Directory
Multi-forest AD support is available
through Microsoft-led deployments
Federation DirSync on FIM
Multi-forest DirSync appliance supports using ADFS
multiple dis-joint account forests
AD AD
FIM 2010 Office 365 connector supports
complex multi-forest topologies AD
On-Premises Identity
Ex: DomainAlice
User
24. Non-AD
Synchronization Windows Azure
Active Directory
Preferred option for Directory
Synchronization with Non-AD Sources Federation
using Non- Office 365
Non-AD support with FIM is available ADFS STS Connector on FIM
through Microsoft-led deployments
FIM 2010 Office 365 connector supports Non-AD
(LDAP)
complex multi-forest topologies
On-Premises Identity
Ex: DomainAlice
User
26. Network Requirements
Lync:
Lync 2013 Network Bandwidth Requirements for Media Traffic:
http://technet.microsoft.com/en-us/library/jj688118.aspx
Lync 2010 Bandwidth Calculator: http://www.microsoft.com/en-
us/download/details.aspx?id=19011
Exchange:
Exchange Client Network Bandwidth Calculator:
http://gallery.technet.microsoft.com/office/Exchange-Client-Network-8af1bf00
SharePoint:
Plan for Bandwidth Requirements: http://technet.microsoft.com/en-
us/library/cc262952(v=office.12).aspx
27. Connecting to Office 365
Office 365 URLS and IP Address Ranges
http://onlinehelp.microsoft.com/en-us/office365-enterprises/hh373144.aspx
Exchange Online URLs and IP Address Ranges
http://technet.microsoft.com/en-us/exchangelabshelp/gg263350
RSS Updates for URL and IP Address Range
Changes
http://go.microsoft.com/fwlink/?linkid=236301
Set up your network for Lync Online
http://onlinehelp.microsoft.com/en-us/office365-enterprises/hh416761.aspx
29. ADFS and Azure
Current Guidance:
ADFS should only be deployed in Azure VM for High Availability.
We would also not recommend a customer deploy the underlying AD domain
controller to Azure. There would be latency issues for NTML authentication of domain
join machines.
http://msdn.microsoft.com/en-
us/library/windowsazure/jj156090.aspx
You can deploy corporate domain controllers alongside AD FS on Windows Azure
virtual machines, which provides additional guarantees of service availability in the
event of unforeseen failures such as natural disasters. This is especially true for online
services such as Microsoft Office 365 that can authenticate users directly from their
on-premises corporate Active Directory.
30. Azure and Office365
http://weblogs.asp.net/scottgu/archive/2012/07/26/wi
ndows-azure-and-office-365.aspx
Developing Windows Azure Web Sites
Integrated with Office 365
Developing Windows Azure Workflows
Integrated with Office 365
31. Windows Azure™ AD RMS
Integration with Exchange Online
Company Confidential
Company Confidential Read Only
Do not forward (Works across tenants)
Integration with SharePoint Online
There is no support for SharePoint Online Wave 15 (v2013) integration with customer on-premise
AD RMS infrastructure.
Documents that have been protected with RMS can be uploaded to SharePoint Online only in
standard document libraries.
In Office 365 Wave 15 (v2013), SharePoint Online supports RMS integration with the Windows
Azure RMS service
32. Do 7
UC & C: Decide what to keep On Premises and
what to move to Online
33. Lync Interoperability with
Exchange and SharePoint
Exchange Online Exchange Server Presence integration =
(on-premises) OOF messages in Lync,
Lync Online Lync client presence integration Lync client presence integration calendar-based presence
IM/Presence in OWA status, embedded
presence in Microsoft
Lync Server on-premises Lync client presence integration Lync client presence Office Outlook® and Office
IM/Presence in OWA integration
Exchange voicemail integration IM/Presence in OWA
Exchange voice-mail
integration
SharePoint Online SharePoint Server
Presence integration =
(on-premises)
embedded presence and
Lync Online Lync client presence integration Lync client presence integration click-to-communicate in
SharePoint sites
Lync Server on-premises Lync client presence integration Lync client presence
integration
Skill search in Lync client
34. Do 8
Ready to move Exchange, think about your
options
35. Migration options
IMAP migration
Cutover migration
Staged migration
IMAP migration
Supports wide range of email platforms
Email only (no calendar, contacts, or tasks)
Hybrid
Migration
Cutover Exchange migration
Good for fast, cutover migrations
No Exchange upgrade required on-premises
Exchange 5.5 X
Staged Exchange migration Exchange 2000 X
No Exchange upgrade required on-premises Exchange 2003 X X X
Identity federation with on-premises directory Exchange 2007 X X X X
Exchange 2010 X X X
Hybrid deployment Exchange 2013 X X X
Hybrid
Manage users on-premises and online Notes/Domino X
Enables cross-premises calendaring, smooth migration, GroupWise X
and easy off-boarding Other X
36. Cutover vs. Staged
Cutover Staged
Cutover is designed for small/fast Staged uses the same migration engine
migrations to Office 365. as cutover but in conjunction with Office
Mailbox data and address book data is 365 Directory Synchronization to allow
synced from on-premises to Exchange you to move a few users at a time
Online via Outlook Anywhere (RPC over Mailbox data is copied via Outlook
https) Anywhere
As the name sounds it’s an “all at once” Users/contacts & groups are synchronized
move via Directory Sync
Limited to a maximum of 1000 mailboxes Exchange 2010 or later is not supported
total (but hybrid based moves are)
37. Cutover Migration server roles
On-premises Exchange organization
Office 365
Users, Contacts & Groups via Outlook Anywhere (NSPI)
Mailbox Data via Outlook Anywhere (MAPI)
Existing Exchange
environment
(Exchange 2003 or later)
38. Staged Migration server roles
On-premises Exchange organization
Users, Contacts & Groups via dirsync Office 365
Office 365 Active
Directory Synchronization
Mailbox Data via Outlook Anywhere (MAPI)
Existing Exchange environment
(Exchange 2003 or 2007)
39. Hybrid Feature Comparison
Feature Simple Hybrid
Mail routing between on-premises and cloud (recipients on either side)
Mail routing with shared namespace (if desired) on both sides
Unified GAL
Free/Busy and calendar sharing cross-premises
Out of Office understands that cross-premises is “internal” to the organization
Mailtips, messaging tracking, and mailbox search work cross-premises
OWA redirection cross-premise (single OWA URL for both on-premises and cloud)
Single tool to manage cross-premises Exchange functions (including migrations)
Mailbox moves support both onboarding and offboarding
No outlook reconfiguration or OST resync required after mailbox migration
Preserve auth header (ensure internal email is not spam, resolve against GAL, etc.)
Centralized mail flow , ensures that all email routes inbound/outbound via on-prem
40. Hybrid overview
Federation Trust
• Delegated authentication for on-premises/cloud web services
• Enables Free/busy, calendar sharing, message tracking & online archive
Integrated Admin • Manage all of your Exchange functions, whether cloud or on-premises
Experience from the same place; Exchange Administration Center
Native Mailbox • Online mailbox moves
• Preserve the Outlook profile and offline folders
Move • Leverages the Mailbox Replication Service (MRS)
• Authenticated and encrypted mail flow between on-premises and the cloud
Secure Mail Flow • Preserves the internal Exchange messages headers, allowing a seamless end user
experience
• Support for compliance mail flow scenarios (centralized transport)
41. Hybrid server roles
On-premises Exchange organization
Office 365 Active
Directory
Synchronization
Users, Contacts & Groups via dirsync Office 365
Secure Mail Flow
Sharing (free/busy, MailTips, archive, etc.)
Existing Exchange Mailbox Data via Outlook Anywhere (MAPI)
environment
(Exchange 2007
or later) Exchange 2013 Client
Access & Mailbox Server
42. Exchange 2010 Hybrid Support
Exchange 2010 SP3 will be compatible with current and
new O365 tenants
Exchange 2010 based hybrid deployments will continue
to support Exchange 2003 coexistence with the new
O365 tenants
Once the new O365 service is launched, Exchange 2013
based hybrid is recommended for all new deployments
(unless migrating from Exchange 2003)
43. Everything Moved…
Remove the Hybrid Server? In short, leave a
CAS behind, maybe an Hub if you need an on-
premises central mail routing server for
apps/printers/scanners/etc….
Check:
http://blogs.technet.com/b/exchange/archive/2012/12
/05/decommissioning-your-exchange-2010-servers-
in-a-hybrid-deployment.aspx
44. One More to Bookmark
Exchange 2013 Deployment Assistant
http://technet.microsoft.com/en-US/exdeploy2013/Checklist?state=672-
W-AAAAAAAAQAAA
45. Hybrid – Only Exchange?
SharePoint 2013 hybrid resources:
http://www.microsoft.com/en-us/download/details.aspx?id=35593
One-way hybrid environment with SharePoint Server 2013 and
Office 365
Two-way hybrid Search environment with SharePoint Server 2013
and Office 365
Business Connectivity Services Hybrid Overview
Planning for Hybrid Voice with Lync 2013:
http://technet.microsoft.com/en-us/library/jj205095.aspx
48. Skype – Lync: Status
Is IM and presence available today between Lync and Skype?
Yes, on a limited basis
Can Skype users add Lync users to their contact lists today?
Not yet, target = June
Can Lync users add Skype users to their Lync contact lists today?
Yes, but using Skype users’ Microsoft accounts
What communications capabilities will be supported between Lync and Skype as part
of the upcoming release?
In June: presence, one-on-one IM, and audio calling
What must Skype users do to connect to Lync contacts in the upcoming release?
New Skype App + Sign in with Microsoft account
Will Skype Connectivity work with Lync 2010?
Yes
49. SharePoint Online
Microsoft iTunes Skype
ilse@hotmail.com ivcrieki
ilse@hotmail.com
Password x Password z
Password y
ilse@skynet.be
Password ghi
Telenet Office365 Skynet
ilse@skynet.be
Password def
Gmail
Facebook Pandora
ilse@hotmail.com
Password abc
55. Don’t’s
Do not “not” look into Office 365
Do not jump in without setting clear goals and
knowing what you want to achieve
Do not forget to go through all the do’s
Office 365 offers two types of identitiesThe type of identity affects the user experience and administrative requirements
Applications like Outlook can save the password for future logons. The password will not have to be entered again until the password is changed or resetWeb browsers that have the capability to “keep me signed in” will not prompt the user for a password until they sign outUsers using web experience with Federated Identities on domain joined machines authenticating outside of corporate network may still receive a prompt for credentials“Rich applications” (e.g. Lync) require the Microsoft Online Services Sign-In Assistant
Multiple exchange organizations currently not supportedFor more details, please refer to the Wiki article here
Multiple exchange organizations currently not supportedFor more details, please refer to the Wiki article here
Slide Objective: Discuss integration scenarios betweenLync, Exchange, and SharePointNotesNo matter what the combination is between on-premises and Online deployments, Lync client presence integration always works. It is possible because this kind of integration is done at the client level and not between Lync and Exchange servers.Another thing to highlight is that when using a Lync Server on-premises deployment, users get the same features no matter if Exchange Online or Exchange on-premises is used. As mentioned earlier, IM/P in OWA and voicemail integration when using Lync Server on-premises with Exchange Online is possible thanks to Lync Federation between Office 365 and Lync Server 2010 on-premises.Also, note that no voicemail integration is possible between Lync Online and Exchange Online because Lync Online does not provide Enterprise Voice feature.When looking at the integration matrix between Lync and SharePoint, it is possible to see that in every case Lync client presence integration works: it is possible because integration is done at the client level and not between Lync and SharePoint servers.Note that Skill search in Lync client is only available when using a combination of Lync Server on-premises and SharePoint Server on-premises.
Here is a summary of the migration tools and options we have with Exchange Online. Customers have choices to move to the cloud quickly with native migration options, to take a more measured approach to the cloud according to their business requirements or maintaining mailboxes on-premises and online for a longer period of time.We have a single management experience with their tools and API across all migration sets. Note: Exchange hybrid does not work with Exchange 2003. However, Exchange 2003 customers will be able to deploy Exchange 2010 hybrid with Exchange Online 15 in order to have a smoother experience to migrate to the cloud, if other options are not ideal for their business requirements.
This is what you get when you have Hybrid coexistence. Some features are optional and require more configuration than others.