Workshop purpose and objective

Workshop purpose and objective

Workshop

purpose

•

Facilitate planning discussions for messaging

coexistence

•

Considerations of Office 365 limits and features

•

Identify Microsoft Office 365 messaging

requirements for:

•

Hybrid deployment.

•

Mail Enabled Applications

•

Recipient and Sender Limits

•

Messaging Limits

•

Mailbox Retention

•

Default Retention Rules

•

In-place Hold

•

Mobile Devices/MDM

Objectives

Plan email coexistence and mail-enabled applications

Workshop topics

Plan approach for

Exchange hybrid

environment

Plan deployment approaches for enabling a

hybrid messaging infrastructure, including

necessary hardware and configuration.

3

Mail migration

planning

Provide awareness of bandwidth considerations

for both mail migration and day-to-day

communication performance between the

on-premises organization and the online service.

Limits and Features

Office 365 has a few limits that need to be

considered as well as new features that can be

leveraged both during migrations and

post-migrations

Plan approach for

Staged Migration

SEM – Features and Benefits



Simple and flexible migration solution



High-fidelity solution – all mailbox content is migrated



Typically best suited to medium and large organizations



Users are provisioned with Directory Sync prior to migration



No limit on the number of mailboxes



Users can be migrated in batches (up to

)



Works with Exch 2003 and 2007 only, on-premises or hosted



Identity management on-premises

SEM – Requirements and Limitations



Outlook Anywhere service on source system

(m





Directory Sync tool enabled in





SEM is not supported with Exchange 2010 and 2013



Only simple coexistence is available

SEM – Data Migration Scope

Migrated



Mail messages and folders



Rules and categories



Calendar (normal, recurring)



Out-of-Office settings



Contacts



Tasks



Delegates and folder perms



Outlook settings (e.g. favorites)

Not Migrated



Security Groups, DDLs



System mailboxes



Dumpster



Send-As Permissions

SEM – Data Migration Scope



Partial migrations are not possible (folder exclusion, time range)



SEM – User Experience







Mail routing: on-premises to Office 365

On-premises

Mess

ag

e fil

te

ring

MX Record: contoso.com Exchange Active Directory

Office 365

MX Record: contoso.onmicrosoft.com contoso.mail.onmicrosoft.com

Ex

cha

nge

Onli

ne

Pr

ot

ecti

on

Exchange Online Online Directory

DirSync DirSync Web

Service

Logon Enabled User Mailbox-enabled ProxyAddresses: SMTP: [email protected] smtp: [email protected] smtp: [email protected] User Object

Mail-enabled (not mailbox-enabled) ProxyAddresses:

SMTP: [email protected]

TargetAddresses:

SMTP:

Mail routing: Office 365 to on-premises

On-premises

Mess

ag

e fil

te

ring

MX Record: contoso.com Exchange Active Directory

Office 365

MX Record: contoso.onmicrosoft.com contoso.mail.onmicrosoft.com

Ex

cha

nge

Onli

ne

Pr

ot

ecti

on

Exchange Online Online Directory

DirSync DirSync Web

Service

Logon Enabled User

Configure

Directory

Sync

Wizard:

Enter

server

settings

and admin

creds

Mark

migration

as

complete

Change

MX

record

SEM – Migration Flow

Initial

Sync

_{sync and}

Final

Convert mailboxes after a SEM



Powershell Scripted



Convert Exchange 2003 mailboxes to mail-enabled

users after a staged Exchange migration



Convert Exchange 2007 mailboxes to mail-enabled

Plan approach for Exchange hybrid environment

Plan deployment

approaches for enabling a

hybrid messaging

infrastructure.

Workshop participants and outcomes

Participants

Technical Leads (Email and Active Directory)

Outcome

Document required steps to enable a hybrid deployment.

Hybrid server requirements—on-premises organization

On-premises environment

Exchange 2010 SP3 Hybrid

Exchange 2013 CU1 or higher

_Hybrid

Exchange 2013 CU1 or higher Not applicable

Supported

Exchange 2010 SP3 or higher

Supported

Supported

1

Exchange 2010 SP2

Supported

4

_{Not supported}

2, 3

Exchange 2010 SP1

Out of Support

Out of Support

Exchange 2007 SP3 RU10

Supported

Supported

1

Exchange 2007 SP3

Not supported

Not supported

Exchange 2003 SP2 + All

Current Windows Updates

Supported

Not supported

3

Note:

1

_{Requires at least one on-premises Exchange 2013 CU1 or greater server}

2

_{All Exchange 2010 infrastructure must be running SP3 for Exchange 2013 or higher Hybrid}

3

_{Blocked in Exchange 2013 setup}

4

_{CAS, HT and MBX Exchange 2010 SP2 servers are supported with a dedicated pool of Exchange 2010 SP3 Hybrids}

Simple and hybrid deployment capabilities

Follow-up actions and additional information from prior assessments

Service Enablement plan

Draft implementation plan to address affected items in current

messaging environment, to enable hybrid deployment.

Considerations

[List specific issues uncovered or context from prior assessments]

19

Feature

Simple Hybrid

Mail routing between on-premises and online.

Yes

Yes

Unified GAL

Yes

Yes

Free/busy and calendar sharing cross-premises.

No

Yes

Out-of-office understands that cross-premises is “internal.”

No

Yes

Mail tips, messaging tracking, and mailbox search cross-premises.

No

Yes

Smart Redirection, OWA, Autodiscover, etc

No

Yes

Outbound mail can be routed on-premises (DLP inspection, etc)

No

Yes

Secure mail routing (TLS plus mutual authentication) cross-premises.

No

Yes

Exchange Management Console (on-premises) administration of Office 365

No

Yes

Mailbox moves support for on-boarding and off-boarding.

No

Yes

No OST re-sync after mailbox migration.

No

Yes

Hybrid Coexistence Feature Example

20

Cross-Premises Free/Busy and

Calendar Sharing

Creates the look and feel of a single,

seamless organization for meeting

scheduling and management of

calendars

Hybrid Coexistence Feature Example

Cross-Premises MailTips

Correct evaluation of “Internal” vs.

“External” organization context

Allows awareness and correct

Outlook representation of MailTips

Hybrid Coexistence Feature Example

Cross-Premises Mail Flow

Preserves internal organizational

headers

(e.g. auth header)

Message is considered “trusted” and

resolve the sender to rich recipient

information in the GAL (not SMTP

address)

Restrictions specified for that

recipient are honored

Hybrid – Architecture

On-premises Exchange Org

Users, Groups, Contacts via DirSync

Office 365

Existing

Exchange

2003 or

later

Office 365 Directory

Synchronization

App

Exchange

Hybrid

Secure Mail Flow

2. Deploy Hybrid servers

Install EX2010 SP3 or EX2013 CAS/HT/MBX servers

Set an ExternalUrl for the Exchange Web Services

Exchange Hybrid deployment

E2010 or 2007 Hub

Internet facing site

Intranet site

Exchange 2010 or 2007 Servers

1. Prepare

Exchange 2010 SP3/2013 CU1 or higher schema

Exchange 2010 SP3/2013 CU1 or higher required on CAS

servers

4. Publish protocols externally

Create public DNS A Records for the EWS, SMTP, and

MRS endpoints

Validate using Remote Connectivity Analyzer

6. Switch autodiscover namespace to E2013 CAS

Change the public autodiscover DNS record to resolve

to Hybrid VIP

5. Run the Hybrid Configuration Wizard

E2010/E2 013 CAS/

HT/MBX

3. Obtain and Deploy Certificates

Obtain and deploy certificates on Hybrid Servers

On Premises

On Premises

User “Ben”

Client Access

Server

Mailbox

Server

Standard On-Premises Free/busy

Ben

Exchange Online Protection (EOP) for Exchange

Connectors

Fully hosted scenario:

email flows exclusively through the cloud (Exchange Online), without any interaction with on-premises servers. (Note that this scenario does not use Exchange Online Protection (EOP) connectors.)

Outbound smart-host scenario:

EOP acts as a smart host, redirecting outbound mail to an on-premises server that applies additional processing before delivering mail to its final destination. Consider this option for when an on-premises application or other compliance solution is used to filter outgoing mail and to have the benefits of EOP edge, spam, virus, and policy filtering.

Inbound safe listing scenario:

email is sent inbound through EOP from a trusted organization. In this scenario, EOP is configured to skip IP address

filtering on inbound mail sent from IP addresses specified in a safe list. EOP can also be configured to skip policy and spam filtering.

Regulated partner with forced TLS scenario:

forced inbound and outbound transport layer security (TLS) is used to secure all routing channels with

business regulated partners. Default is opportunistic, if certificate exists will use TLS

Hybrid scenarios:

hybrid mail-flow scenarios can be used to host email partially in the cloud (Exchange Online) and partially on-premises. The following configurations allow for use of a single domain name for all mailboxes in both the on-premises Exchange organization and the cloud:

•

Shared address space with on-premises relay scenario (MX points to on-premises):

the mail exchanger (MX) record for the

shared email domain is configured to route email to the on-premises mail server before it is sent through EOP to the cloud mailboxes. Use this configuration if the on-premises protection solution is to provide filtering on inbound mail before sending it to the cloud.

•

Shared address space with on-premises relay scenario (MX points to EOP):

the MX record for the shared email domain is

configured to route email to EOP for spam and policy filtering before it reaches the on-premises server. Use this configuration if EOP is to perform spam and policy filtering before routing mail to the on-premises server for additional processing.

•

Shared address space with cloud relay scenario (MX points to the cloud):

the MX record for the shared email domain is

configured to route email to EOP for anti-spam processing and policy filtering before it is routed to Exchange Online, where it is filtered again by Exchange Online Protection (EOP) on the Exchange Online transport servers. Use this scenario if all messages that are to be relayed to the on-premises organization have been filtered for spam and viruses by Forefront.

Junk Mail Folder:

EOP receives telemetry data from Junk Mail folders to improve heuristics of junk mail through aggregate

Data Loss Protection DLP:

EOP has an ever increasing rule set to allows customers to enforce DLP rules

Exchange Hosted Encryption:

*New* Encryption services are available with EOP depending on licenses

Follow-up actions and additional information from prior assessments

Service Enablement plan

Draft implementation plan to address potential use of EOP connectors.

Considerations

[List specific issues uncovered or context from prior assessments]

Deployment considerations

Delegation coexistence:

delegate permissions (delegate access, folder permissions, and “send on behalf of”) are migrated

to Exchange Online but are not available after a mailbox move unless all parties are migrated at the same time.

Cross-premises permissions:

Microsoft does not support cross-premises permission scenarios. Permissions are migrated

and functional when implementing an Exchange hybrid deployment only if there are corresponding directory objects in Exchange

Online. Additionally, all objects with special permissions—such as send as, receive as, and full access—must be migrated at the

same time.

Mailbox permissions:

on-premises mailbox permissions (send as, receive as, full access) that are explicitly applied on the

mailbox are migrated to Exchange Online. However, inherited (explicit) mailbox permissions and any permissions on

non-mailbox objects—such as distribution lists or a mail-enabled user—are not migrated.

Off-boarding:

as part of ongoing recipient management, you might have to move Exchange Online mailboxes back to your

on-premises environment.

Decommissioning on-premises Exchange:

some organizations might want to remove their on-premises Exchange

environment completely after all mailboxes have been migrated.

Archiving/Vaulting:

There are three primary approaches to moving content in an Archive or Vault

1. Retire the Archive, don’t move any content. Provide a mechanism for users to access historical data. Must unstub items

2. Move content once mailbox migrations are complete through 3

rd

_{party tools, online-archive may be utilized}

Deployment requirements

Review hybrid

deployment

requirements, including

the hybrid server

requirements, Directory

Synchronization tool,

and Microsoft Federation

Gateway.

Hybrid server: install a hybrid server running Exchange 2010 Service

Pack 3 or Exchange 2013 Cumulative Update 1 in the on-premises

Exchange environment, and configure Exchange coexistence between

the on-premises Exchange environment and Exchange Online.

Directory Synchronization tool: this tool must be running in the local

environment. Directory Synchronization write-back is recommended

for smooth off-boarding and other advanced coexistence functionality.

Microsoft Federation Gateway: an online service that acts as the

trust broker between on-premises Exchange organization and the

Exchange Online service. Hybrid deployment requires that a federation

trust be configured with Microsoft Federation Gateway.

Follow-up actions and additional information from prior assessments

Service Enablement plan

Draft implementation plan to address affected items, and include the

need for high availability into the approach.

Considerations

[List specific issues uncovered or context from prior assessments]

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

Questions ?