Office 365 FastTrack - Microsoft Office 365 Community

1
John
Build from Pilot to
Deployment, layer
features and
integrations
Full Office 365 User
Experience with
minimal on-premises
requirements
Time to value vs. effort
invested
Identity options:
cloud IDs,
synchronized IDs
and federated IDs
Pilot
Experience Value Early
New Cloud Experience
Deploy
Real World Benefits
Broad Production Use
Enhance
Full Feature Value
Meet your needs
Deploy
Pilot
Pilot complete
Enhance
Deploy Complete
Adopt new features
Pilot Experience
Setup on day 1
Sign-on
Pilot the service quickly
Full use of the service
Mail
Pilot the new Exchange mailbox
Pilot setup continues to
step 2 deploy
Collaboration
Pilot the new collaboration tools
Limited on-premises
requirements
Clients
Office across multiple devices
Mobile
Experience Office anywhere
Administration
Control & manage your pilot
User driven pilot
User signs into Office 365 with a Cloud ID (jane@contoso.onmicrosoft.com)
New mailbox in the cloud
Inbox content populated via Connected account
User sends/receives email as Jane@contoso.com
User PST import option for additional content migration (mail/calendar/contacts)
Run online meetings with any user with computer & app sharing, video conferencing, and PC-to-PC calling
Collaborate using SharePoint Online team site and newsfeeds
Easily store files in the cloud with SkyDrive Pro and share file with external users
Access the service via a browser - Office Web Apps across devices and platforms – no client required
User self-install of Office 365 ProPlus side-by-side with existing Office client installations
Mobile connectivity options are built into the service – just start connecting devices
Connect to Office 365 via mobile devices with Exchange Active Sync for mail
Platform specific mobile apps bring best experience where it makes sense - i.e. OneNote, Lync
Centralized administration from the Office 365 admin center in the service.
Online management centers for Exchange, SharePoint, and Lync.
Service health dashboard to monitor service maintenance and incidents.
Service use reporting available in the service admin center including service activity.
Pilot Identity Scenario
Pilot
Deploy
Enhance
Cloud Identity
Directory & Password
Synchronization
Federated Identity
Single identity in the cloud
Single identity without federation
Single federated identity
and credentials
Pilot – what’s required
Simple requirements
Easy to start or stop
Network
What you need to connect
Mail
Connect to existing mail for the pilot
Clients
Pilot user access
Network access to service from client end points over ports 80 and 443
Network bandwidth capacity
POP3 or IMAP4 protocol support for pilot users to use Connected Accounts
Web client – minimum browser
Office 365 Pro Plus – clients running Windows 7 +
Deploy Experience – what’s added
Setup in days
Sign-on
Adds on-premises
integration
Pilot user and info is
sustained
Sign-on with the same user and password as on premises
Integrated mail flow and migration
Global address list
Full mail content migration – mail, calendar, contacts
Mail
IT driven migration
Mail migration that best
fits environment
Integrated identity management
Sharing and working with others
Collaboration
Lync business partner federation
Site governance and provisioning support
Setup of Apps for Office corporate app catalog
Clients
IT managed client productivity
Mobile
Managed mobile connectivity
Administration
Office 365 ProPlus deployed to user desktop via IT process
Send and receive mail from mobile device as on-prem email
Control & monitor
Data loss prevention configuration (limited)
Exchange Online Protection mail protection configuration (limited)
Deploy Identity Scenario
Pilot
Deploy
Enhance
Cloud Identity
Directory & Password
Synchronization
Federated Identity
Single identity in the cloud
Single identity without federation
Single federated identity
and credentials
FastTrack Step 2 Migration Options
Supports wide range of email platforms
Email only (no calendar, contacts, or tasks)
X
X
Exchange 2000
X
X
No server required on-premises
Identity federation with on-premises directory
Exchange 2003
X
X
X
Exchange 2007
X
X
X
Exchange 2010
X
X
X
Hybrid deployment
Exchange 2013
X
X
X
Manage users on-premises and online
Enables cross-premises calendaring, smooth migration, and easy offboarding
Notes/Domino
X
X
GroupWise
X
X
Other
X
X
Hybrid
IMAP migration
Exchange 5.5
IMAP migration
Staged Exchange migration
Hybrid
PST Migration
Migration
Import of Archived/Offline Mail
Staged migration
PST Migration
Office 365 Deployment Offer
Enterprise plans and Exchange Online Add-on or Full USL
Licenses purchased through EA, MPSA, AOS, Open, or MOSP
Deployment Can
Include:
Deploy – what’s required
Unique requirements per
mail platform
Dedicated customer IT
team
What’s Required
Identity
Directory Sync server/s
AD meets service requirements for hygiene
Same password on-prem and in cloud via password sync
What you need to connect
Network
Change management
readiness
Network access to service from client end points
Network bandwidth availability
Access to maintain DNS entries for share domains
Required to setup and migrate
Admin access
Mail
Clients
Required to connect and deploy
Web client – minimum browser
Office 365 Pro Plus – clients running Windows 7 +
Engineering service adoption enhancements
Password Sync
New feature of Windows Azure Directory Sync as an alternative to Federated
Authentication
Customer Benefits:
Customer can use a “single set of credentials” (same username and password) to access both
on-premises and online resources
This single set of credentials is managed in the customer’s Active Directory and is synchronized with
Office 365 (username + password)
Password Sync is fully integrated in the Dirsync appliance, no additional sw/hw, or changes to the onpremises AD are required
No requirement to deploy and maintain Active Directory Federation Services.
Keeps the deployment simple and eliminates IT costs associated with ADFS
Password Sync Security
Does not require nor access the user’s plain text password.
No requirement for AD reversible encrypted format.
AD user password hash is hashed again using a non-reversible encryption
function and digest is synchronized into Azure AD.
The digest in Azure AD cannot be used to access resources in the customer’s
on-premises environment.
IdFix DirSync Error Remediation Tool
Identifies and remediates AD object issues that will
fail Windows Azure AD DirSync
Built on analysis of DirSync daily error volumes and
is targeted at fixing the majority of errors quickly
IdFix
Provides a data grid with the ability to scroll, sort
and edit
Suggested fixes are provided for known errors
Customer change confirmation change and
undo/rollback functionality
Azure AD DirSync Scoping Options
Ability to Dirsync to Windows Azure AD
only a subset of your users
Options for Filtering
 OU
 Domain-based
 User Attribute
Exchange 2010 SP3 Hybrid
Customers with Exchange 2010 SP3 or
Exchange 2013 on-premises can deploy
Exchange Hybrid in Step 2
The built in Hybrid Configuration Wizard
automates the process and allows
hybrid configuration to be completed
within timelines and effort requirements
of Step 2
Enhance - What’s added
Adds scenarios
Sign-on
Extended durations
Customer specific
implementation
Ability to add to deployed
clients at point in the
future
Mail
Collaboration
Advanced integration
Single sign-on / ADFS
3rd Party identity providers – “Works with program”
Advance migration scenarios
Notes migrations
Hybrid Exchange for 2007 or 2003
Advanced integration and solution building
Lync or SharePoint hybrid
SharePoint solutions – including BCS, Duet, etc.
Clients
Advanced client management capabilities
Mobile
Connect to the service
Administration
Virtual desktop and virtual application scenarios
Blackberry Enterprise Sever integration
Leverage advanced service controls
Data loss prevention configuration
Exchange Online Protection mail protection configuration
Deploy Identity Scenario
Pilot
Deploy
Enhance
Cloud Identity
Directory & Password
Synchronization
Federated Identity
Single identity in the cloud
Single identity without federation
Single federated identity
and credentials
Federation options
Works with AD
Works with AD & Non-AD
Shibboleth (SAML*)
Works with AD & Non-AD
Suitable for medium, large enterprises
including educational organizations
Suitable for medium, large enterprises
including educational organizations
Suitable for educational organizations
Recommended option for Active Directory (AD)
based customers
Recommended where customers may use existing
non-ADFS Identity systems with AD or Non-AD
Recommended where customers may use existing
non-ADFS Identity systems
Single sign-on
Single sign-on
Single sign-on
Secure token based authentication
Secure token based authentication
Secure token based authentication
Support for web and rich clients
Support for web and rich clients
Support for web clients and outlook only
Microsoft supported
Third-party supported
Phonefactor can be used for two factor auth
Phonefactor can be used for two factor auth
Microsoft supported for integration only, no
shibboleth deployment support
Works for Office 365 Hybrid Scenarios
Works for Office 365 Hybrid Scenarios
Requires on-premises servers, licenses & support
Requires on-premises servers, licenses & support
Verified through ‘works with Office 365’ program
Works for Office 365 Hybrid Scenarios
Requires on-premises servers & support
Works with AD and other directories on-premises
Compliance: Email archiving and retention
Preserve
In-Place Archive
Search
Governance
Hold
eDiscovery
Secondary mailbox with
separate quota
Automated and timebased criteria
Capture deleted and
edited email messages
Web-based eDiscovery Center
and multi-mailbox search
Managed through EAC
or PowerShell
Set policies at item or
folder level
Time-Based In-Place
Hold
Search primary, In-Place
Archive, and recoverable items
Available on-premises,
online, or through EOA
Expiration date shown
in email message
Granular Query-Based
In-Place Hold
Delegate through roles-based
administration
Optional notification
De-duplication after discovery
Auditing to ensure controls
are met
Pilot
Experience Value Early
New Cloud Experience
Deploy
Real World Benefits
Broad Production Use
Enhance
Full Feature Value
Meet your needs
Quick reference guide
Key Capabilities
Step 1 – Pilot
Step 2 – Deploy
Step 3 - Extend
Identity Sign On
Cloud IDs
Corporate AD user account with
same password via Password
Sync
Corporate AD user account and
password via ADFS
 Option for Integration with
“Works with O365” Identity
Providers
 Option for Shibboleth
Integration
Active Directory Remediation
Not applicable
IdFix Dirsync Error Remediation
Tool
 IdFix Dirsync Error
Remediation Tool
 Custom Engagement
Key Capabilities
Step 1 – Pilot
Step 2 – Deploy
Step 3 - Extend
Global Address List
Cloud Users
Dirsync Users
 Dirsync users
 FIM 2010 via O365 connector
Calendar Free/Busy sharing
Cloud Users
Dirsync Users (req. Ex 2010 SP3)
 Dirsync Users
 Exchange Federation to other
O365 or Exchange
Corporate Email
Yes via “connected accounts”
Yes via Corporate Domain add
Data Migration Options
 User driven migrations via
connected accounts (mail only)
 User driven PST import
(mail/calendar/contacts)
 User Driven
 IT Driven via Staged Migration
or Hybrid Exchange (req. Ex
2010 SP3)
OWA / Full Outlook
Mobile via Active Sync
a
Cloud Email Address (Send From)
a
 Corporate Email Address
 Option for BlackBerry BCS
a
 Hybrid Exchange for 2010,
2007 or 2003 on-premises
 IBM Notes Migration Option
a
 Corporate Email Address
 Option for BlackBerry BCS
Key Capabilities
Step 1 – Pilot
Step 2 – Deploy
Step 3 - Extend
IM & P
a
a
a
Online Meetings
a
a
a
Video Conferencing
a
a
a
PC and Application Sharing
a
a
a
Mobile Lync Clients
a
a
a
Skype Federation (Summer ‘13)
a
a
a
a
a
Lync External Federation
Lync Hybrid Option
a
Lync Hybrid Voice Option
a
Key Capabilities
Step 1 – Pilot
Step 2 – Deploy
Step 3 - Extend
Team Sites
a
a
a
Sky Drive Pro
a
a
a
External Sharing
a
a
a
Office Web Apps
a
a
a
a
a
Public Site with Corporate DNS
a
SharePoint Solutions (BCS,
Duet)
Click-to-Run Office 2013 Prof
Plus
Self-Serve for Pilot Users
 Self-Serve for Dirsync Users
 IT Managed Deployment
 Self-Serve for Dirsync Users
 IT Managed Deployment
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the
part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.