Office 365 Planning and Purchase
Office 365 is a family of products grouped under a common name: Office 365. When we walk into a grocery store and down the soup aisle, we may see cans of Campbell’s and Progresso soups. Each company offers a set of different products under its label. They both produce similar but different cream of mushroom and chicken noodle soups. Microsoft and Google are comparable to different soup manufacturers; they offer different hosted services. Microsoft Office 365 is the brand of a suite of products composed of Office 365 ProPlus (installed Office), Exchange Online, SharePoint Online, and Lync Online voice communications (see Figure 3-1).
One major advantage of Office 365 is that Microsoft administers and maintains all of the back-end servers; operating systems; Exchange, SharePoint, and Lync server software; interconnects; geo-redundancy; and network structure. This represents a cost savings compared to having to pay to plan, get the correct capacities, buy and maintain the correct hardware and software, perform software updates, build a second data center, and assume all of the other costs related to owning your own systems. The second advantage is that because Microsoft maintains your e-mail and SharePoint data in the cloud, “business continuity” is provided by going to the premises of any vendor that has an Internet connection!
Purchasing Office 365 is a bit more complicated than purchasing soup. Be sure to review “Step 1: Purchase Your Subscription(s)” (in the following “Pre-deployment” section) before you purchase your Office 365 licenses.
In Chapter 2, our hypothetical IT manager explored Microsoft Office 365 as a business solution. Reviewing the functionality is only part of the story. A successful Office 365 implementation is based on a planned deployment, which we’ll cover in this chapter.
As Microsoft Office 365 partners, we have migrated a significant number of Office 365 organizations to the cloud. The common thread of all of our successful migrations is planning. Planning begins with the selection of the Office 365 subscription plan.
There are three Office 365 subscriptions plans:
As a shortcut, we refer to the Small Business plans (Small Business and Small Business Premium) as P plans (the name under which they were first introduced) and Midsize Business as the M plan (although Microsoft does not like to call it an M plan, it just is easier to do so).
The most important point about these plans is that you cannot mix the services you choose among subscription plans. For example, if you purchased a Midsize Business plan, you cannot add an Exchange Online e-mail account. Exchange is an Enterprise plan service and can only be used with E1, E3, E4, and Kiosk subscriptions. Frequently, it is less expensive to purchase the Enterprise plan, because you can have different services with different prices. For example, the Midsize Business plan requires everyone to pay for Office 365 ProPlus (Office installed on your computer).
With Office 365 subscriptions (as released in October 2013), you must start a new subscription and do another full migration to change from Small Business Premium or Midsize Business to Enterprise. For this reason, it is important to pick the subscription that makes sense for your business. (See Figure 3-2.)
A Microsoft Tier 1 Champion Partner can help you through this decision process and help save your organization considerable time and expense.
Each Office 365 plan includes one or more parts of the Office 365 Suite, as follows:
Figure 3-2 and Figure 3-3 show comparisons of the features of Office 365. Early in Chapter 2, we explored the features of Office 365 and how you could use those services in your business.
Figure 3-3 shows present commercial pricing. There are other pricing packages. Not-for-profit (valid 501c3) organizations can purchase the E3 service for $4.50 per person per month. Prices for educational institutions start at $2.50 per person per month for the equivalent of the E3 service. There is also special pricing for government institutions, as well as for large corporations. Contact your Microsoft Partner for details.
The Enterprise plan allows you to mix and match different subscriptions, based on your business needs. As listed in Figure 3-3, the Enterprise plan includes:
There are also suite components, applications and services such as Office 365 ProPlus, many versions of CRM, Project, Lync, and SharePoint Only; Azure Active Directory, Visio, Yammer Enterprise, and more.
CRM plans are the only options in the Midsize Business plan. There are no separately priced services in the Small Business plans. Contact your Microsoft Partner for details and pricing.
The Office 365 plan options can be daunting. We always recommend the Enterprise plan for its flexibility in services and pricing. As an example, if you are providing e-mail services for a nursing station or a warehouse user, a Kiosk subscription (at $2 per person per month) may make sense. If you have already purchased Office 2010, you may choose to purchase an E1 for some people and E3 for those who may require the additional features of Office 2013. You may also choose E3 for Mac or Office 2007 users, to provide them the latest version of Office.
Note that there are additional limits (to go with the lower prices) in the Enterprise Kiosk plans. The Kiosk Exchange Online, Plan Kiosk 1, and Plan Kiosk 2 include the following:
The Kiosk Exchange Online, Plan Kiosk 1, and Plan Kiosk 2 do not include the following:
Additionally, the Kiosk Exchange Online does not include:
The Plan Kiosk 1 and Plan Kiosk 2 (the features have been combined, and they are now priced the same) do include:
There is a lot of Office 365 information online. We included the reference links at the end of this chapter. Note that these limits are often changing! The maximum Kiosk mailbox size has doubled twice since Office 365 was introduced. Also, there are additional limits for external users availing themselves of SharePoint (see Chapter 5).
Planning and Purchase Chapter Structure
There are many choices in Office 365: how you purchase, how you deploy, and what is involved in an Office 365 migration project. The purpose of this chapter is to help you through the planning process. At this point, we assume that you have made a decision to use Office 365 and are at the point of “what to do next.”
There are three planning areas that we have found that will help you through the process of deploying Office 365. These planning areas are:
You can mix these areas (see Table 3-1), depending on your business needs and the complexity of your organization, but in general (for the 90% of us), these are the tasks that we have found useful in deployment of Office 365.
Table 3-1. Office 365 Planning Areas
We will review each of these planning areas in detail to help you through your Office 365 deployment. In each of these areas, we will reference the chapters in the book to assist you with additional information about Office 365.
Pre-deployment
Purchasing Office 365 is the first step in your Office 365 migration. We talk about the purchase process first, because we have found that many people just want to get started (me included) and tend to read anything called “planning” later. The pre-deployment planning areas cover these topics, shown in Table 3-2.
Table 3-2. Pre-deployment Planning Grid
Steps |
Action/Component |
Notes or Effect |
---|---|---|
|
||
Step 1 |
Purchase Your Subscription (s)(or Start a Trial) |
|
Step 2 |
Choose Your Sign-on Method |
|
Step 3 |
Collect Your Information |
|
Step 4 |
Define Your Migration Plan and Schedule |
|
Step 5 |
Microsoft Account and Organizational Account |
|
Step 6 |
SkyDrive and SkyDrive Pro |
|
Step 7 |
Windows Intune |
|
“Step 1: Purchase Your Subscription(s)” is the most important step in starting Office 365. If you do not purchase correctly, you must start over. Many of the decisions that you make at the time of initial purchase cannot be changed later.
Step 1: Purchase Your Subscription(s)
There are four important steps to be followed when purchasing Office 365 and Windows Intune (or starting an Office 365 trial). They are important because they cannot be changed later. It is good to have a Microsoft Tier 1 Cloud Accelerate Partner to help you with this process.
There are many different plans. We recommend that you purchase an Enterprise plan for its flexibility, in particular the ability to have a mixture of licenses at different prices, from $2 to $22. The other plans do not have the range of choices. You generally save money because of the varying prices that are available to meet your needs. See the preceding section “Office 365 Subscription Plans.”
To purchase (or begin a trial subscription), follow these steps:
OFFICE 365 PURCHASE NOTES
Changing this name requires another e-mail migration or waiting 120 days. You will have to disconnect and reconnect your custom domain (DNS) name; there will be downtime.
Step 2: Choose Your Sign-On Method
This is a “Major Fork,” because the choice you make here is based on the needs of your organization and will affect your Office 365 implementation and environment. For most organizations (even up to 500 users), the Office 365 sign-on is appropriate. There are several methods of user sign-on to Office 365 and any local servers.
Office 365 Sign-On
This is the standard Office 365 sign-on (through office.com or portal.microsoftonline.com; see Figure 3-6). This is the simplest method. Users sign on with their e-mail addresses and passwords. Their login and assigned Office 365 licenses determine the features that are available (e.g., Lync, SharePoint, or Office 365 ProPlus). There is no connection to any on-premises Active Directory. This is perfect for organizations with no on-premises servers.
Passwords are managed by users. The default is that a user must change his or her password every 90 days. (This can be modified.) If there is an on-premises Active Directory environment (for access to other servers), the user passwords for Office 365 and on-premises servers are not synchronized.
This is a valid choice even if you have an established Active Directory environment, if your Active Directory is only used for Exchange (and you are planning to uninstall on-premises Exchange), or if your Active Directory is used to secure on-premises servers to a relatively small number of users. (These users would have an on-premises account and an Office 365 account; most users would only need the Office 365 account.)
DirSync with Password Sync
The DirSync server role adds the ability to synchronize on-premises Active Directory to the Office 365 accounts. This includes users, distribution groups, security groups, meeting rooms, and now user passwords. Passwords must be changed in the on-premises Active Directory; synchronization is one way. All Active Directory actions (adding users, distribution groups, etc.) are done on premises; you can no longer manage Office 365 accounts in the Office 365 management portal. The organization will have to install a DirSync server. (See Chapter 11.)
Active Directory Federation Services (AD FS)/Single Sign-On
This method provides complete federation between your Office 365 accounts and your on-premises Active Directory. Office 365 users who sign in using their e-mail address at office.com or portal.microsoftonline.com are redirected to on-premises sign-on servers. For this reason, Microsoft recommends a primary and backup login server for on-premises logins and a primary and backup proxy server for people signing on from outside your organization. This implies four additional servers (plus the DirSync server). For more on this topic, see Chapter 11.
AD FS/Single Sign-On with Exchange Federation
This method adds Exchange Federation to AD FS/single sign-on. This allows the organization to move Exchange mailboxes between an on-premises Exchange server (there are minimum version requirements) and the Office 365 Hosted Exchange server. This can be used as a migration method to move your on-premises e-mail users to the Office 365 cloud without disruption. (See Chapter 11.)
Once you enable Microsoft’s Active Directory, you cannot go back. You can turn off Active Directory Synchronization, but you cannot remove the synced objects. You cannot delete the Office 365 tenant; you can only remove the verified domain. Verified domains take up to seven days to be removed from Exchange Online Protection (EOP). When DirSync is enabled, synced objects mailboxes are not created when an Office 365 license is assigned. A mailbox is only created as part of the Microsoft migration process.
Active Directory integration will require you to use Microsoft conversion tools, or to use Exchange Server Federation mailbox moves. If you choose to use the cutover approach, you can only use Microsoft tools. The Microsoft tools, along with Exchange Federation remote mailbox moves, create the mailbox in Office 365. If you choose to use cutover (after DirSync is enabled), you can only use Microsoft mailbox migration tools and are limited to a maximum of 1,000 mailboxes. Mailbox migrations with more than 1,000 mailboxes must use Exchange Federation remote mailbox move.
Step 3: Collect Your Information
Planning for an Office 365 implementation starts with a complete description of your environment. We normally use a spreadsheet to keep track of these details.
Domains and Domain Information
This subject includes which domains you wish to include in Office 365 and who “owns” your DNS setup (who has the login; whether there is a secondary DNS?). Keep in mind other locations. Do you have an off-premises Exchange server or other special needs for remote locations, such as branch offices or people working from home or hotel rooms? See the section “Step 8: Domain Name Service.”
This is the list of some of the items that you have to track. Many of these items may be part of your Active Directory environment. (Depending on your migration scheme, many of these items can be loaded from your existing Active Directory).
Security Groups
Security groups are useful in controlling access in your SharePoint (Team Site) environment. You can set up a security group in your Office 365 portal, or a security group will be synced from your local Active Directory if you use a DirSync method. Carefully consider naming standards. See Chapter 5 for more on security groups.
Special E-mail Addresses: Distribution Groups and Aliases
Special e-mail addresses are those that may not relate to a person (or login). For example, many organizations have external e-mail addresses, such as [email protected]. This address may be sent to a single person (as an alias) or to a group of people using a distribution group. You also may have internal distribution groups, such as [email protected] or [email protected]. Distribution groups and aliases are free. You may also choose to have an Office 365 licensed account, to have the ability to allow multiple people to use the features of Outlook to manage e-mail (and to send e-mail under that ID). An example might begin orders@.
If you are not using a DirSync migration technique, you will have to build your distribution groups (lists of users who can be referred to with one e-mail address). These lists can be internal (only available within your organization) or external (available to the world). Details on how to set up distribution groups and aliases are in Chapter 8.
Exchange Public Folders
Exchange public folders are again supported in Office 365. You may choose to use SharePoint folders or to migrate your existing public folders to Office 365. Using public folders requires Outlook 2013.
Internet, Hardware, and Software
In general, your Internet speed should be adequate (including your firewall!), and your hardware and software must be up to date. These planning elements include:
Perform Any Required Updates and Software or Hardware Upgrades
This may seem obvious, but it is important to have all of your workstations fully updated (Windows Update). This can be accomplished by installing and using Windows Intune. It may also be time to look at upgrading workstations or laptops.
There are also minimums on the version of the operating system and browsers. See http://office.microsoft.com/en-us/office365-suite-help/software-requirements-for-office-365-for-business-HA102817357.aspx.
Compliance Archive Requirements
This subject deserves a whole discussion. Check with your Microsoft Partner. If your organization is under litigation, or might be, it is important to consider the needs of your compliance archives. If you are moving an archive from another vendor or just setting one up now, you will want to understand the choices.
See Chapter 9 for additional information. You also should consider your organization’s retention policies, or whether they need to be determined.
Step 4: Define Your Migration Plan and Schedule
This is one of the items that you will want to work on in parallel with the other planning steps. This schedule will no doubt have to be updated during the project.
At first, we will introduce some concepts that you should understand to help you set your schedule. Following is a sample schedule. Many of the details depend on your specific organization’s needs.
E-mail flow is how e-mail is processed in the cloud with your existing e-mail services. In all Office 365 migrations, you should never be without e-mail, and you should not lose e-mail. The information described here is used in Chapter 4.
E-mail flow is simple. The person (program) sending you an e-mail looks up the address of your mail server (using the Domain Name Service [DNS] record known as an MX record). The program then sends the mail to the address (domain) in the MX record. All that is involved in migration is the need to forward mail from one server (where the MX record points) to the new server (where it will point), until the records are “cut over” (the MX record is set to point to the new Microsoft Office 365 Exchange server). This is mail flow. It is important to perform the required steps in sequence, so that no e-mail is lost during the migration.
An example of a risk of losing e-mail is during a cutover migration (see the following list) with a small organization that has been using a POP e-mail server. Since POP servers typically store only recent e-mail on the server, the bulk of an organization’s e-mail is in Outlook files on the individual workstations. (Another reason to use Office 365: your e-mail is backed up!) Because the e-mail is only in Outlook, the simplest way to move historic e-mail is with PST export/import (see Chapter 4 for migration details). The failure scenario is:
Mitigation of this failure scenario is simple.
Controlling Mail Flow for Office 365 Migration Options
There are three methods of controlling e-mail flow (setting the MX record) related to implementing Office 365:
For small organizations, we recommend a 100% cutover at a particular date and time. The users are loaded onto Office 365; the DNS mail (MX) record is pointed to Office 365; and historical e-mail will be moved after the cutover. This is the simplest and the most cost-effective method. The organization should be simple enough that the “test group” is the implementer, just to prove functions and timing.
Simple coexistence is for organizations that would benefit from having a test group—a group that will learn about Office 365, become advocates, and be able to help the next wave(s) of new users. Depending on the tool, historical e-mail will be moved after each group is cut over.
In simple coexistence, the users are loaded onto Office 365 in groups. The DNS mail (MX) record is not changed (until the end of the process). E-mail is still sent to the existing e-mail server, and the existing mail server is set to forward (without saving a copy!) new e-mail to the appropriate Office 365 account. This type of forward ensures that no duplicate e-mails are created. In the Office 365 Exchange management console, we mark the domain as “Internal Relay.”
Internal Relay means that when a user who already has an Office 365 account sends an e-mail, one of the two following scenarios occurs:
See Chapter 4 for details on how to set Internal Relay.
Hybrid coexistence is designed for large organizations that require a single sign-on and that may continue to retain an on-premises Exchange server. Large organizations may have the need to move users to and back from the cloud, such as if you have a legacy application that is not cloud-enabled. This requires an on-premises Exchange management server and knowledge of Federation. We discuss directory syncing (DirSync) and Federation in detail in Chapter 11.
Mail Flow Options Based on Organization Size
Table 3-3 shows different Office 365 deployment options, based on organization size and e-mail flow choice. Our focus here is on the cutover or simple coexistence methods, rather than on hybrid coexistence. See Chapter 11 for more details on hybrid coexistence, including why you may need four more servers.
Table 3-3. Mail Flow Options
These mail flow options all recommend a pilot or test group. These test group individuals should be selected to help lead the organization to a fast acceptance of Office 365. If the test groups are chosen correctly, the deployment goes very quickly.
IMPLEMENTATION NOTES
There are a few details that are mentioned elsewhere but deserve to be repeated (and included in your plan).
The plans we implement are broken down into six phases, summarized as follows:
Phase I: Plan—work with organization administrator(s) to define migration deliverables.
Phase II: Set up Office 365.
Phase III: Pilot with test groups (recommended for more than 20 users; this will reduce support).
Phase IV: E-mail migration with tool: validate and configure Active Directory.
Phase V: Clean up the environment (depends upon organization’s objectives).
Phase VI: Training.
Feel free to adjust the plan task owners and due dates, as appropriate.
REMEMBER: FOLLOW THE PATH BASED ON MIGRATION STRATEGY
The details of the six phases are described in the following six tables (Tables 3-4 through 3-9).
Table 3-4. Phase I: Work with Organization Administrator(s) to Define Migration Deliverables
Due Date |
Owner |
Task |
---|---|---|
|
Table 3-5. Phase II: Set Up Office 365
Due Date |
Owner |
Task |
---|---|---|
|
Table 3-6. Phase III: Pilot with Test Groups
Due Date |
Owner |
Task |
---|---|---|
|
Table 3-7. Phase IV: E-mail Migration with Tool—Validate and Configure Active Directory
Due Date |
Owner |
Task |
---|---|---|
|
Table 3-8. Phase V: Clean Up Environment (Depends on Organization’s Objectives)
Due Date |
Owner |
Task |
---|---|---|
|
Table 3-9. Phase VI: Training
Due Date |
Owner |
Task |
---|---|---|
As required, timing to be determined |
Step 5: Microsoft Account and Organizational Account
There are two types of “login” accounts associated with Microsoft. One is the “Microsoft account.” This is the new name for a Live ID (live.com). It also includes accounts at hotmail.com, outlook.com, Xbox Live, and SkyDrive. This is the consumer account. It is this type of account that Windows 8 wants to have you use to synchronize your desktop and other features through SkyDrive. To create a Microsoft account with your e-mail address, go to http://outlook.com and “Sign Up Now” to create a new account.
A Microsoft account can be the same “text” as your organization e-mail; that is, [email protected] can be both a Microsoft account and an Organizational account. You can create a Microsoft account from your Organization ID or from your other e-mail accounts, such as Gmail and Yahoo. This can be confusing, because your passwords may not be synchronized—you will have to determine where you are trying to log in to be sure to use the password for that type of account.
The other type is an “Organizational account” or “Organizational ID.” This is an Office 365 login for any organization using Office 365. This is the business account. This is an account that you would use to sign on to Office 365.
If the software is not sure which account you mean, you will see a “We Need a Little More Help” screen, as shown in Figure 3-7.
A side note: Either of these accounts can be used by SharePoint when sharing with external users.
Note To add an external user to your Office 365 SharePoint site, you send him or her an invitation. He or she will require either an Office 365 “Organizational account” or a “Microsoft account” to access your shared data.
Step 6: SkyDrive and SkyDrive Pro
SkyDrive and SkyDrive Pro have similar names. Both are Microsoft data storage services. Their implementation is radically different (see Figure 3-8). SkyDrive (not Pro) is the consumer service. The data storage is hosted on a set of servers completely separate from Office 365. The sign-on for SkyDrive is a “Microsoft account” (see section “Step 5: Microsoft Account and Organizational Account”). SkyDrive will take any type of file.
SkyDrive Pro is the business service. The data storage is hosted by the same Office 365 SharePoint servers as the rest of your Team Site. SkyDrive Pro uses the same permissions structure as any other part of SharePoint.
SkyDrive Pro has limits on the number of files, the type of file (you cannot store .exe files, for example), and the maximum size of the amount of data that can be synchronized. These limitations exist because SkyDrive Pro is based on SharePoint. The limitations are continuing to be reduced as Office 365 improves. For example, SkyDrive Pro now allows 20,000 items in a list (the old limit was 5,000 items).
Syncing is performed by a SkyDrive Pro tool (or SharePoint Workspace for Office 2010 Professional users). See Chapter 2 for more information on using SkyDrive Pro.
Step 7: Windows Intune
Windows Intune is a powerful device-management tool that includes anti-malware scanning, anti-spam processing, hardware and software inventory features, a user help feature, and more. We like to use Windows Intune to determine hardware and software in the environment. We recommend installing Windows Intune early in the migration process, both for its inventory capabilities and the ability to install software remotely. See Chapter 7 for installation details and more information.
We have completed the planning for your Office 365 deployment. At this point, you have collected the required information and are ready to deploy. Before we start this process, let us discuss the project and how the deployment process will work. This way, when you begin to deploy (as described in Chapter 4), you will have already made the necessary decisions (see Table 3-10).
Table 3-10. Office 365 Deployment Planning Grid
Steps |
Action/Component |
Notes or Effect |
---|---|---|
Step 1 |
Verify Your Environment |
|
Step 2 |
Add Domain Name Service (DNS) Information |
|
Step 3 |
Configure Lync |
|
Step 4 |
Initial User Load |
|
Step 5 |
Pilot/Test Group |
|
Step 6 |
Inform Your Users |
|
Step 7 |
Train Your Users |
|
Step 8 |
E-mail Migration |
|
Step 9 |
Set Up Workstations |
|
Step 10 |
Configure External Devices |
|
Step 11 |
Cutover |
|
At KAMIND, we have a few sayings, including: “Don’t do it” and “Just get started.” For example, you may be thinking, “I want to save a buck and get the ‘Small Business’ plan.” Don’t do it. The savings are tiny, and the limitations are huge. There are even more limits with Midsize Business (no Exchange-Only, no Kiosk). Just buy Enterprise. For more details, see the discussion in the section “Office 365 Subscription Plans.”
“Just get started” basically means don’t over-plan. Planning, like most things in life, requires balance. This is especially true when you are implementing Office 365 for the first time and migrating your e-mail.
Granted, you can mix these areas, depending on your business needs and the complexity of the organization, but in general (for the 90% of us), these next steps are the steps that we have found important in our deployment of Office 365 for our customers.
Step 1: Verify Your Environment
Microsoft provides a tool to verify various parts of your environment, including Active Directory. Figure 3-9 shows the screen after the completion of the test. This tool is described in Chapter 4.
Step 2: Add Domain Name Service (DNS) Information
Domain Name Service (DNS) is the set of data that is used by services in the Internet to find, manage, and secure domain names, such as getoffice365now.com. Security for a domain is provided by services (domain registrars, such as GoDaddy, eNom, and Network Solutions) that require you to have a username and password in order to change information about the domain.
If your domain provider does not supply all of the necessary DNS records required to support Office 365, you will have to change providers. The most common missing records support are the service records (SRV), which are key for Lync VOIP support and Lync Federation. The information that you collected for the DNS will be used in Chapter 4 sections “Step 1: Validate Your Domain(s) to Microsoft” and “Step 2: Add Additional Domain Name Service (DNS) Information.” Microsoft uses your ability to add records to your domain information to verify that you can edit and, therefore, “own” the domain.
A common problem with DNS service occurs when another provider (perhaps the vendor hosting your web site) has added a “secondary domain server.” This is normally a check box and the name of the server(s) in your primary domain registrar. If you cannot add the records that are required (Office 365 requires records, such as Autodiscover, SRV, and TXT), you may have to delete the secondary domain server to get control of your domain(s). In some cases, when you remove the DNS record, the hosting provider may delete your web site. However, if your web hosting provider provided an IP address for your web site, you are in good shape. BE SURE TO RECORD THE FIXED IP ADDRESS OF YOUR WEB (and FTP) SITES. You will have to readd this information again as the “www” record at the primary registrar, as we make changes to support Office 365.
Typically, you use the registrar’s DNS (the registrar is the place you purchased the domain name) to manage the services (or address pointers) to the web-hosting, e-mail, and other services. As an example, in the United States, the majority of domains are purchased from GoDaddy, eNom, or Network Solutions. There are secondary domain suppliers, but in essence, those are only front ends to these primary domain suppliers.
Some secondary domain suppliers (such as some web-hosting companies) want to control the DNS: they want to control your pointers to mail, web, and other services. These companies can be inflexible on any changes to DNS. They want to lock you into receiving all services with them, because they know that once you start using these services, it will be too costly for you to change them.
Office 365 does not care who the primary DNS supplier is, or the secondary, for that matter. All Office 365 cares about is that you have the ability to directly change your DNS records.
Note Some DNS providers do not want customers to control the DNS. If this is true in your case, you will have to find a new domain service provider.
One of the records that you will want to insert into DNS is Autodiscover. Autodiscover is the ability of an Outlook client (including your laptop and your smartphone) to discover the location of the Office 365 Exchange e-mail server and to automatically connect to that server (see Figure 3-10). The process of verifying your domain(s) will describe the records that you need to add.
If you are on-site, and you are trying to connect to the Office 365 Exchange server, the Outlook client will use the Exchange service control point connection object to attach to the local Exchange server and bypass the external Autodiscover lookup. You may need a registry tweak. (See Chapter 4 for more details.)
SRV are service records. Lync uses these records to support Voice (VOIP) communications. After you verify the domain, you will have to change the SRV records. If your DNS supplier does not support service records, you will have to change suppliers. If you have no desire to use Lync, then these records do not matter.
Step 3: Configure Lync
Lync is a very powerful communications and collaboration tool that is available in Enterprise plans E1 and up. Following are a few setup options that you may choose to implement.
We highly recommend using Lync for your pilot and implementation project, for both your project meetings and user support, as well as for general use throughout your organization.
Lync requires DNS SRV records to be defined, as described previously. If you have local DNS (most sites with servers will), you may also have to add these SRV records to your local DNS.
Lync also has the following general setup options:
We recommend that both be checked.
You can specifically include or exclude domains (depending on the setting above). Click “+” to add, or the pencil to edit.
You may also choose to use a third-party conferencing vendor, “Dial-in Conferencing,” in order to use regular phone numbers (POTS) in your Lync conference calls.
It is also possible to customize your Lync meeting invitation with your own logo and a Help URL, a Legal URL, and Footer text. See the section “Lync Administration” in Chapter 8 for more information.
It is a good idea to set these options (and to have your domain validated) before loading users. These are the default values that will be copied to individual users. Otherwise, you may have to go to each user to set the appropriate values. See Chapter 4 for details on how to configure these settings.
Define your test groups. Load your e-mail accounts (users), set administrators, assign your Enterprise plan licenses, and assign locations. Determine who will be migrated. Details are important! An accurate list of who and what is to be migrated and how your business processes might have changed improves the odds of an easy and successful migration.
You started collecting this information in “Step 2: Collect Your Information.”
Details are important! Following are some of the details that have been missed:
Users can be loaded, as follows:
When you are building your pilot/test group, it is important to load only the users for that test group (or to be sure that the extra users do not have Office 365 licenses assigned). If the users are loaded, e-mail will be directed to the online account from anyone else with an Office 365 account, not back to the on-premises Exchange server. See Chapter 4 for more information.
KAMIND stresses the use of a test group and a project plan. For organizations with fewer than 100 users, the deployment plans are simpler. Once you reach 100 users, you have to look at phased deployment based on the ability of the organization to absorb the changes. Automated mechanisms to push software updates to the users are more important.
MULTIPLE PURPOSES FOR TEST GROUPS
There are two types of pilot:
Take advantage of the tools at hand.
KAMIND’s philosophy includes the design of implementation success criteria for the test groups and the deployment process. Success criteria are Go/NoGo decision points. As examples, Go/NoGo criteria could be
At the end of a test group deployment, you must review your criteria and evaluate the success of the process. If the test group deployment is successful, then move to the next step. If the test group does not deploy successfully, then stop, evaluate the failure(s), and make a decision on the deployment of the next test group.
Note If the test group has not met the success criteria, fix the problem. Verify and resolve any odd things. Do not proceed until the test group is 100% successful!
Keep your users up to date.
This seems obvious as well. The good news is that Outlook is the same (unless you are taking the opportunity to move to a new version). Lync is cool. Everyone loves it. SharePoint may be new, but a good implementation is pretty seamless for your users. For example, explain the similarities and differences between “installed on your computer” Outlook and Outlook Web App (through a web browser on the blue ribbon). The e-mail data is the same, just different front ends. See Chapter 2 for more information.
Step 8: E-mail Migration—Moving Historical E-mail (Migration) Options
Migrating e-mail is the process of copying historical e-mail (and calendars, tasks, contacts, and folders) from an existing on-premises Exchange server or e-mail service into Office 365. After migration, your old e-mail will be available in the users’ Outlook(s), Outlook Web App (through a web browser), and their smartphones.
Tip When you move historic e-mail, you do not have to move all users’ e-mail at once. What we have found is that it is best to move the calendars, tasks, contacts, folders, and at least 100–200 e-mails for each user. This is quick and allows the organization to function. The remainder of the older e-mail is migrated, based on the organization priority list.
Outlook (on all of the users’ devices) may also cache the information on the hard drive of the desktop/laptop. Smartphones also cache data locally. This allows a user to review sent or historical e-mail even when disconnected from the Internet.
Note The planning task for this section is to consider your migration method(s). You may choose any method for a particular user. You do not have to use the same method for all users: different users may have different requirements. Some users may not require history at all.
There are more details on the pros and cons of each type of migration and specific usage information for each type in Chapter 4, section “Step 9: Migrate Historical E-mail.”
There are four types of migration:
Do Nothing
The easiest is to move nothing. Some people have actually chosen this option! This is not normally a choice, but there may be some users who do not need e-mail history. In this do-nothing case, you just cut over all services to Office 365. New mail will flow to the accounts.
Third-Party Tools
The third-party tool that we prefer to use is the data-migration tool MigrationWiz from www.migrationwiz.com. This tool is the simplest to set up and use and requires little oversight; it just runs. MigrationWiz moves e-mail, tasks, contacts, and calendar entries. MigrationWiz also migrates data from many types of e-mail services. The added benefit is that you can start and stop migrations, so you can allow the user accounts to be built and follow up with historical e-mail.
MigrationWiz can only be used if you do not use the active directory synchronization tool (DirSync). If you use Microsoft DirSync tool, you will have to use Microsoft’s Exchange migration tools.
There are also migration tools available through your Microsoft Partner.
Office 365 with DirSync
Office 365 is supplied with a number of migration tools for moving from on-premises equipment to the cloud. You must use these tools if you use DirSync. The on-cloud mailboxes are only created with Microsoft tools. Directory synchronization is discussed in Chapter 11.
The fourth method is to use the .pst file export/import within Outlook. PST migration brings over e-mail, tasks, contacts, and calendar entries data but will not bring over the complete e-mail addresses when the data is imported. As an example, when you try to reply to an e-mail in a PST import, the e-mail address may not be complete.
Typically, we use this method with POP e-mail accounts. In this case, there is not very much (if any) e-mail on the POP e-mail server, so historical e-mail is only stored locally in the user’s Outlook files.
It is also important not to try to restart a PST export or import; start over from the beginning, that is, re-do the export, then the import.
Note If the source server is an Exchange server, use MigrationWiz.
PST migration is easy to use. You simply export the cached data in the user’s Outlook to a .pst file then import the .pst file to the Office 365 root directory, and the data is uploaded to Office 365. There are two ways to do a PST import:
See Chapter 4 for details.
Step 9: Set Up Workstations
Workstation setup is now usually “self-service” by the user—that is, the user now does his or her own installation of Office and other components. The user will need his or her Office 365 login and password and Administrative rights to his or her computer. See Chapter 2 for more details.
Step 10: Configure External Devices
One of the areas that is frequently forgotten in deployment and planning is external devices and how those devices are configured to use Office 365 services. Office 365 supports receiving e-mail from trusted and untrusted senders. The actual connection of these devices uses the concept of “connectors.” You have to add a trusted connector to Office 365 that allows the device (such as a scanner or copier) to send to Office 365 and have the e-mail sent to both internal and external users.
Step 11: Cutover
This is the step where the MX record is re-pointed to Office 365 and the SPF record is added to your registrar’s DNS.
If you used a third-party migration tool, this is also the time to start DirSync (if you are planning to use it) to get a “soft match” between your on-premises Active Directory and Office 365.
At this point, we have completed the migration of e-mail services to Office 365 and the implementation of Lync. –Next, we have to address post-deployment activities, including SharePoint deployment and migration (see Table 3-11). We separate this into post-deployment, because the key migration for a business is normally e-mail and voice services. These are business- critical services. SharePoint is business-critical as well, but you can deploy to Office 365 and have a separate project that migrates the SharePoint services to Office 365.
Table 3-11. Office 365 Post-deployment Planning Grid
Steps |
Action/Component |
Notes or Effect |
---|---|---|
Step 1 |
Hosted SharePoint Domain Name |
|
Step 2 |
Hosted SharePoint Initial Configuration |
There are a few settings that you should verify in SharePoint after you first purchase an Office 365 subscription. See Chapter 5, sections “SharePoint Admin Center” and “Initial SharePoint Setup.” |
Step 3 |
Hosted SharePoint Planning |
See Chapter 5 for additional points about SharePoint planning (best practices) including:
|
Step 4 |
Hosted SharePoint Personal Sites |
|
Step 5 |
Office 365 Hosted Web Site |
|
Step 6 |
Exchange Online Protection |
|
Step 7 |
Data Loss Prevention |
|
Step 8 |
Compliance: eDiscovery, Search Center |
|
Step 9 |
Cleanup |
|
Step 1: Hosted SharePoint Domain Name
The domain name for your SharePoint Team Site is xxx.sharepoint.com (where xxx is the .onmicrosoft.com name that you used when you purchased Office 365). The personal sites are xxx-my.sharepoint.com. SharePoint is only a web service; you can use any browser and type in the URL for the page that you wish to see. You can set up favorites in your web browser. See Chapter 5 for more information.
Step 2: Hosted SharePoint Initial Configuration
There are a few settings that you should verify in SharePoint after you first purchase an Office 365 subscription. See Chapter 5, sections “SharePoint Admin Center” and “Initial SharePoint Setup.”
Step 3: Hosted SharePoint Planning
SharePoint licensing is included in the Small Business, Small Business Premium, Midsize Business, and Enterprise Business E1, E3, and E4 plans (and to a limited extent, in some of the Kiosk plans). The concepts discussed in this chapter generally apply to all of these versions of Office 365 SharePoint, but these configurations have only been tested with the Enterprise version.
What Is SharePoint?
SharePoint is Microsoft’s document-storage and content-management tool. SharePoint was first released in 2001. Originally, SharePoint was used as an enterprise’s on-premises “Intranet.” SharePoint was included in Small Business Server and in the original Microsoft cloud offering: BPOS. The version with Office 365 is SharePoint Online.
SharePoint is fundamentally a web server that presents web pages to your browser (Internet Explorer, FireFox, Chrome, Safari, etc.). The SharePoint data (structure, permissions, sites, your documents, etc.) is hosted on SQL servers that are maintained by Microsoft within their secure environment.
Note Because your data is presented as a URL, you can set a bookmark or favorite to go to a particular SharePoint page.
This allows people to read, edit, create pages and sites, and control administrative settings, depending on their permissions. Chapter 2 includes descriptions of capabilities that everyone will normally use (adding documents to SharePoint, creating and editing documents locally or in the cloud). This chapter includes descriptions of how to create sites and site features up to full site collection administration ones.
Microsoft has a stated and executed intention of “cloud first.” This means that the SharePoint that is available with Office 365 (Wave 15) is SharePoint 2013 with more extensions and features. There are only a couple of functions of SharePoint that are in the on-premises version that are not in the Office 365 version. When you include the feature that you can be up and running in SharePoint Online (the very latest version) in one day, your SharePoint Online version might be three to six years ahead of your on-premises functionality!
The Two Sides of Permissions: Sites and Groups
Permissions are set as the combination of
See Chapter 5 for additional points about SharePoint planning (best practices), including the following:
Step 4: Hosted SharePoint Personal Sites
A personal SharePoint site is created for each plan E1 (or above) or SharePoint plan 1 (or above) user. The space allocated is separate from your other SharePoint space. It is intended for use by that user. The user can decide how to share his or her data and with whom. The personal sites are xxx-my.sharepoint.com. See Chapter 2 for more on this topic.
Step 5: Office 365 Hosted Web Site
Office 365 includes the option of a public facing web site hosted by Microsoft (for no additional charge for storage or bandwidth). There are limitations; see Chapter 6 for details.
Your SharePoint team or personal site is also available for external access (with proper authority). Access depends on the permissions granted. See Chapter 5 for details.
Step 6: Exchange Online Protection
The Exchange Online Protection (EOP) service is the front end of Office 365 that handles all of the external e-mail front-end processing and filtering. If you have smart devices that e-mail to Office 365, you will use EOP to manage the interaction. See Chapter 10 for more information and a description of the initial setup steps that may be important for your organization.
Step 7: Data Loss Prevention
Data loss prevention in the configuration of services that will process the e-mail communications helps ensure that confidential company information and/or personal information is not e-mailed improperly. The DLP service keeps your business safe (as much as possible) from people making simple mistakes in sending out information in e-mail that they should not have distributed. Please See Chapter 9 for details.
Step 8: Compliance: eDiscovery, Search Center
Office 365 supports a full eDiscovery and compliance center for e-mail communications and access to documents on your SharePoint services. The new compliance center allows you to perform eDiscovery services on Office 365 in response to an external request for judicial or compliance review. See Chapter 9 for details.
It is important to “de-provision” your Exchange and SharePoint servers. It is easy to assume that you can just “turn them off” and scrap them. This will lead to problems! You have to plan for the removal of the equipment by uninstalling the server software and removing it from your Active Directory. The general practice is to uninstall the role or server software. See Chapter 4 for the details to complete your migration.
Summary
There is a lot to think about in the planning of an Office 365 deployment. We have tried to address most of the issues that you will face and have provided a plan to address them. As you move forward with your Office 365 deployment, please refer to the next chapters to address your questions related to specific areas of your business.
Reference Links
There is a large amount of information about Office 365 on the Web. The difficulty lies in finding the right information. The information contained in this chapter derives from a combination of our experiences in executing deployments and support information that has been published by third parties.
Office 365 Trial Subscription
http://getoffice365now.com/Pages/default.aspx
Windows Intune Trial Subscription
www.microsoft.com/en-us/windows/windowsintune/try.aspx
Office 365 and Windows Intune Trust Center
www.microsoft.com/online/legal/v2/?docid=36&langid=en-us
Create Microsoft Account Alias to Your Personal E-mail Address
http://account.outlook.com
Office 365 Planning and Migration Spreadsheet
http://getoffice365now.com/Pages/default.aspx
Office 365 Fast Track Migration Tools
http://fasttrack.office.com/
Software Requirements for Office 365
http://office.microsoft.com/en-us/office365-suite-help/software-requirements-for-office-365-for-business-HA102817357.aspx
Next Steps
You have reviewed and performed the required parts of the planning process. You have a migration plan. See Chapter 4 for the details to complete your migration, and along with Chapter 4, here is a list of chapters you may want to read next: