1 John Build from Pilot to Deployment, layer features and integrations Full Office 365 User Experience with minimal on-premises requirements Time to value vs. effort invested Identity options: cloud IDs, synchronized IDs and federated IDs Pilot Experience Value Early New Cloud Experience Deploy Real World Benefits Broad Production Use Enhance Full Feature Value Meet your needs Deploy Pilot Pilot complete Enhance Deploy Complete Adopt new features Pilot Experience Setup on day 1 Sign-on Pilot the service quickly Full use of the service Mail Pilot the new Exchange mailbox Pilot setup continues to step 2 deploy Collaboration Pilot the new collaboration tools Limited on-premises requirements Clients Office across multiple devices Mobile Experience Office anywhere Administration Control & manage your pilot User driven pilot User signs into Office 365 with a Cloud ID (jane@contoso.onmicrosoft.com) New mailbox in the cloud Inbox content populated via Connected account User sends/receives email as Jane@contoso.com User PST import option for additional content migration (mail/calendar/contacts) Run online meetings with any user with computer & app sharing, video conferencing, and PC-to-PC calling Collaborate using SharePoint Online team site and newsfeeds Easily store files in the cloud with SkyDrive Pro and share file with external users Access the service via a browser - Office Web Apps across devices and platforms – no client required User self-install of Office 365 ProPlus side-by-side with existing Office client installations Mobile connectivity options are built into the service – just start connecting devices Connect to Office 365 via mobile devices with Exchange Active Sync for mail Platform specific mobile apps bring best experience where it makes sense - i.e. OneNote, Lync Centralized administration from the Office 365 admin center in the service. Online management centers for Exchange, SharePoint, and Lync. Service health dashboard to monitor service maintenance and incidents. Service use reporting available in the service admin center including service activity. Pilot Identity Scenario Pilot Deploy Enhance Cloud Identity Directory & Password Synchronization Federated Identity Single identity in the cloud Single identity without federation Single federated identity and credentials Pilot – what’s required Simple requirements Easy to start or stop Network What you need to connect Mail Connect to existing mail for the pilot Clients Pilot user access Network access to service from client end points over ports 80 and 443 Network bandwidth capacity POP3 or IMAP4 protocol support for pilot users to use Connected Accounts Web client – minimum browser Office 365 Pro Plus – clients running Windows 7 + Deploy Experience – what’s added Setup in days Sign-on Adds on-premises integration Pilot user and info is sustained Sign-on with the same user and password as on premises Integrated mail flow and migration Global address list Full mail content migration – mail, calendar, contacts Mail IT driven migration Mail migration that best fits environment Integrated identity management Sharing and working with others Collaboration Lync business partner federation Site governance and provisioning support Setup of Apps for Office corporate app catalog Clients IT managed client productivity Mobile Managed mobile connectivity Administration Office 365 ProPlus deployed to user desktop via IT process Send and receive mail from mobile device as on-prem email Control & monitor Data loss prevention configuration (limited) Exchange Online Protection mail protection configuration (limited) Deploy Identity Scenario Pilot Deploy Enhance Cloud Identity Directory & Password Synchronization Federated Identity Single identity in the cloud Single identity without federation Single federated identity and credentials FastTrack Step 2 Migration Options Supports wide range of email platforms Email only (no calendar, contacts, or tasks) X X Exchange 2000 X X No server required on-premises Identity federation with on-premises directory Exchange 2003 X X X Exchange 2007 X X X Exchange 2010 X X X Hybrid deployment Exchange 2013 X X X Manage users on-premises and online Enables cross-premises calendaring, smooth migration, and easy offboarding Notes/Domino X X GroupWise X X Other X X Hybrid IMAP migration Exchange 5.5 IMAP migration Staged Exchange migration Hybrid PST Migration Migration Import of Archived/Offline Mail Staged migration PST Migration Office 365 Deployment Offer Enterprise plans and Exchange Online Add-on or Full USL Licenses purchased through EA, MPSA, AOS, Open, or MOSP Deployment Can Include: Deploy – what’s required Unique requirements per mail platform Dedicated customer IT team What’s Required Identity Directory Sync server/s AD meets service requirements for hygiene Same password on-prem and in cloud via password sync What you need to connect Network Change management readiness Network access to service from client end points Network bandwidth availability Access to maintain DNS entries for share domains Required to setup and migrate Admin access Mail Clients Required to connect and deploy Web client – minimum browser Office 365 Pro Plus – clients running Windows 7 + Engineering service adoption enhancements Password Sync New feature of Windows Azure Directory Sync as an alternative to Federated Authentication Customer Benefits: Customer can use a “single set of credentials” (same username and password) to access both on-premises and online resources This single set of credentials is managed in the customer’s Active Directory and is synchronized with Office 365 (username + password) Password Sync is fully integrated in the Dirsync appliance, no additional sw/hw, or changes to the onpremises AD are required No requirement to deploy and maintain Active Directory Federation Services. Keeps the deployment simple and eliminates IT costs associated with ADFS Password Sync Security Does not require nor access the user’s plain text password. No requirement for AD reversible encrypted format. AD user password hash is hashed again using a non-reversible encryption function and digest is synchronized into Azure AD. The digest in Azure AD cannot be used to access resources in the customer’s on-premises environment. IdFix DirSync Error Remediation Tool Identifies and remediates AD object issues that will fail Windows Azure AD DirSync Built on analysis of DirSync daily error volumes and is targeted at fixing the majority of errors quickly IdFix Provides a data grid with the ability to scroll, sort and edit Suggested fixes are provided for known errors Customer change confirmation change and undo/rollback functionality Azure AD DirSync Scoping Options Ability to Dirsync to Windows Azure AD only a subset of your users Options for Filtering OU Domain-based User Attribute Exchange 2010 SP3 Hybrid Customers with Exchange 2010 SP3 or Exchange 2013 on-premises can deploy Exchange Hybrid in Step 2 The built in Hybrid Configuration Wizard automates the process and allows hybrid configuration to be completed within timelines and effort requirements of Step 2 Enhance - What’s added Adds scenarios Sign-on Extended durations Customer specific implementation Ability to add to deployed clients at point in the future Mail Collaboration Advanced integration Single sign-on / ADFS 3rd Party identity providers – “Works with program” Advance migration scenarios Notes migrations Hybrid Exchange for 2007 or 2003 Advanced integration and solution building Lync or SharePoint hybrid SharePoint solutions – including BCS, Duet, etc. Clients Advanced client management capabilities Mobile Connect to the service Administration Virtual desktop and virtual application scenarios Blackberry Enterprise Sever integration Leverage advanced service controls Data loss prevention configuration Exchange Online Protection mail protection configuration Deploy Identity Scenario Pilot Deploy Enhance Cloud Identity Directory & Password Synchronization Federated Identity Single identity in the cloud Single identity without federation Single federated identity and credentials Federation options Works with AD Works with AD & Non-AD Shibboleth (SAML*) Works with AD & Non-AD Suitable for medium, large enterprises including educational organizations Suitable for medium, large enterprises including educational organizations Suitable for educational organizations Recommended option for Active Directory (AD) based customers Recommended where customers may use existing non-ADFS Identity systems with AD or Non-AD Recommended where customers may use existing non-ADFS Identity systems Single sign-on Single sign-on Single sign-on Secure token based authentication Secure token based authentication Secure token based authentication Support for web and rich clients Support for web and rich clients Support for web clients and outlook only Microsoft supported Third-party supported Phonefactor can be used for two factor auth Phonefactor can be used for two factor auth Microsoft supported for integration only, no shibboleth deployment support Works for Office 365 Hybrid Scenarios Works for Office 365 Hybrid Scenarios Requires on-premises servers, licenses & support Requires on-premises servers, licenses & support Verified through ‘works with Office 365’ program Works for Office 365 Hybrid Scenarios Requires on-premises servers & support Works with AD and other directories on-premises Compliance: Email archiving and retention Preserve In-Place Archive Search Governance Hold eDiscovery Secondary mailbox with separate quota Automated and timebased criteria Capture deleted and edited email messages Web-based eDiscovery Center and multi-mailbox search Managed through EAC or PowerShell Set policies at item or folder level Time-Based In-Place Hold Search primary, In-Place Archive, and recoverable items Available on-premises, online, or through EOA Expiration date shown in email message Granular Query-Based In-Place Hold Delegate through roles-based administration Optional notification De-duplication after discovery Auditing to ensure controls are met Pilot Experience Value Early New Cloud Experience Deploy Real World Benefits Broad Production Use Enhance Full Feature Value Meet your needs Quick reference guide Key Capabilities Step 1 – Pilot Step 2 – Deploy Step 3 - Extend Identity Sign On Cloud IDs Corporate AD user account with same password via Password Sync Corporate AD user account and password via ADFS Option for Integration with “Works with O365” Identity Providers Option for Shibboleth Integration Active Directory Remediation Not applicable IdFix Dirsync Error Remediation Tool IdFix Dirsync Error Remediation Tool Custom Engagement Key Capabilities Step 1 – Pilot Step 2 – Deploy Step 3 - Extend Global Address List Cloud Users Dirsync Users Dirsync users FIM 2010 via O365 connector Calendar Free/Busy sharing Cloud Users Dirsync Users (req. Ex 2010 SP3) Dirsync Users Exchange Federation to other O365 or Exchange Corporate Email Yes via “connected accounts” Yes via Corporate Domain add Data Migration Options User driven migrations via connected accounts (mail only) User driven PST import (mail/calendar/contacts) User Driven IT Driven via Staged Migration or Hybrid Exchange (req. Ex 2010 SP3) OWA / Full Outlook Mobile via Active Sync a Cloud Email Address (Send From) a Corporate Email Address Option for BlackBerry BCS a Hybrid Exchange for 2010, 2007 or 2003 on-premises IBM Notes Migration Option a Corporate Email Address Option for BlackBerry BCS Key Capabilities Step 1 – Pilot Step 2 – Deploy Step 3 - Extend IM & P a a a Online Meetings a a a Video Conferencing a a a PC and Application Sharing a a a Mobile Lync Clients a a a Skype Federation (Summer ‘13) a a a a a Lync External Federation Lync Hybrid Option a Lync Hybrid Voice Option a Key Capabilities Step 1 – Pilot Step 2 – Deploy Step 3 - Extend Team Sites a a a Sky Drive Pro a a a External Sharing a a a Office Web Apps a a a a a Public Site with Corporate DNS a SharePoint Solutions (BCS, Duet) Click-to-Run Office 2013 Prof Plus Self-Serve for Pilot Users Self-Serve for Dirsync Users IT Managed Deployment Self-Serve for Dirsync Users IT Managed Deployment © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.