Client Operating System and Applications Scope

Workshop Purpose and Objectives

Workshop

Purpose

• Review client experience options for the user base

• Review requirements to enable the rich

experience and the web experience

• Evaluate rich experience and web experience

requirements

• Determine best approach for user profiles (such

as kiosk or information worker)

• Determine proper authentication approach for

client access to Office 365

• Create client deployment plan and approach for

remediation if necessary

Rich, web, and

conferencing

experiences

Considerations for

extended protection

for authentication

Review the impact of the various client and end-user experiences to the organization. Capture which ones will be used by identified customer end-user segments.

Review impact if customer's browser standards include Firefox, Google Chrome, or Safari, and have enabled Extended Protection for Authentication.

Mobile device options

and approach

Bring awareness to requirements for mobile devices to connect to

Exchange Online. Capture the impact to the customer's mobile platforms.

Client Operating Systems and Client Applications

Rich Experience Clients

Review the existing rich

experience clients and the

impact of their respective

hardware and software

requirements. Determine from

known inventory of client

configuration what updates and

desktop remediation will need

to be planned for providing rich

experience.

Rich experience clients include the following desktop

applications:

 Microsoft Office 2013 (including Outlook)

 Microsoft Office 2010 SP2 (including Outlook)

 Microsoft Office

2007 Service Pack 3 (SP3)

(including Outlook)

 Microsoft Office

2003 (POP and IMAP Only)

 Microsoft Office 2011 for Mac with Service Pack 3

 Office Web Apps (minimum required OSX 10.6)

 Microsoft Lync 2013

 Office 365 Sign In Assistant (Windows 7, XP)

Follow-up actions and additional information from prior assessments

Service Enablement Plan

access to Office 365

Rich Experience Operating Systems

Review the existing rich

experience clients and the

impact of their respective

hardware and software

requirements. Determine from

known inventory of client

configuration what updates and

desktop remediation will need

to be planned for providing rich

experience.

Rich experience clients include the following desktop Operating Systems:

 Windows 8

 Windows 7 Enterprise, Windows 7 Professional, Windows 7 Ultimate

 Windows Server 2008 R2  VDI – RDS, Citrix  Mac OS X 10.5 (Leopard)  Windows XP

 Still works but out of support, no security hotfixes  Degraded experience & browser support

Follow-up actions and additional information from prior assessments

Service Enablement Plan

access to Office 365

Web Experience Clients

Review the existing web

client requirements across

the end-user experiences,

as well as determine

current browser versions.

Capture high-level

approach for browser

patching and updates to

ensure web experience is

supported.

Requires a recent version of the following browsers:

 Internet Explorer 10 or higher, IE8 goes Lite in April 2014  Firefox 3 or later

 Chrome 3.0.195.27 or later

 Safari 3 or later on Macintosh OS 10.5

Outlook Web App is a powerful web-based version of the Outlook client that provides most of the same features and functionality of the Outlook client.

Follow-up actions and additional information from prior assessments

Remediation Checklist

access to Office 365

Considerations

Internet Explorer, Firefox, Chrome, and Safari are all tested

Client Updates and Deployment

Review the plan to

update the existing client

infrastructure with the

necessary software and

patches for the in-scope

rich and web client

applications

Determine how to deploy the following client

applications:

 Microsoft Office

 Microsoft Lync client

 Internet Explorer

 Outlook add-ins

 Service packs and hotfixes

 Office 365 desktop setup

 Microsoft Online Services Sign-In Assistant

(IDCRL7)

Follow-up actions and additional information from prior assessments

Service Enablement Plan

enable the in-scope rich and web client experiences

*Considerations for Extended Protection for

Authentication with ADFS

Review impact if browser

standards include Firefox,

Google Chrome, or Safari, and

have enabled Extended

Protection for Authentication

*Browser Issues with Extended Protection for

Authentication *Solution Review

Workshop participants and outcomes

Participants

 Technical Lead (Security)

Outcome

*Browser Issues with Extended Protection for

Authentication with ADFS

Determine if end users will

be affected by the known

supportability issue of

using Extended Protection

for Authentication for

Firefox, Google Chrome,

or Safari browsers

Clients that have Extended Protection for Authentication, and use the Firefox, Google Chrome, or Safari browsers, may not be able to sign in to Office 365, depending upon the operating

system. This is due to the default configuration for Active Directory Federation Services (AD FS) 2.0 and Extended Protection for Authentication.

Review requirements at http://support.microsoft.com/kb/2461628 To use single sign-on for Office 365 with Firefox, Google

Chrome, or Safari, two solutions exist:

1. Uninstall the Extended Protection patches from the client machines

2. Change the Extended Protection setting on the AD FS 2.0 server

Follow-up actions and additional information from prior assessments

Remediation Checklist

for third-party browsers

OneDrive for Business

OneDrive for Business

Formerly SkyDrive Pro

OneDrive for Business is not the same as OneDrive which is focused on the consumer

OneDrive for Business is based on Groove, which was a peer to peer synching technology. It has been modified to sync SharePoint sites

OneDrive for Business wants to sync your SharePoint MySite by default, 25 GB of personal space

Kiosk users don’t have access to SkyDrive Pro or SharePoint

Follow-up actions and additional information from prior assessments

Service Enablement Plan

access to Office 365

SharePoint Online

SharePoint Online

Highly recommend strong governance model prior to site design Highly recommend purposeful site design

Microsoft does not have any native content migration tools for SharePoint content

SharePoint continues to have its own security database There is some notion around SharePoint Hybrid with Search Disable licenses until you are ready to support users and admins ACS SharePoint Online consultants available via separate

engagement

Follow-up actions and additional information from prior assessments

Service Enablement Plan

access to Office 365

Lync Online

Lync Online

More server-side settings, not as reliant on client settings, GPO’s

Hybrid

• On-premises environment must be OCS R2 or higher • Requires both a Lync 2013 pool server and Lync 2013

Edge server

• Split SIP domains

• Can move users from on-premises to Lync Online • Moves buddy lists

• Requires Lync 2013 client

• Cannot move users back on premises

Follow-up actions and additional information from prior assessments

Service Enablement Plan

access to Office 365

Mobile Device Options and Approach

Bring awareness to

requirements for mobile devices

to connect to Exchange Online.

Capture the impact to the

customer's mobile platforms.

Mobile Device

Access

*BlackBerry

Devices

Data

Protection

Workshop participants and outcomes

Participants

 Technical Lead (Email)

Mobile Device Access

Device access rules determine whether users can

synchronize to Exchange with specific mobile device

families or models

Review device rule sets in

Microsoft Exchange

ActiveSync (EAS) to control

synchronization access to

Exchange

EAS Access Settings provide control over which mobile

devices can synchronize to Exchange Online mailboxes

and which administrators are notified when devices are

quarantined

Follow-up actions and additional information from prior assessments

Service Enablement Plan

Exchange Online

*BlackBerry Devices

Outline the impact to the

organization of the current

BlackBerry Internet Service

(BIS) connectivity option for

Exchange Online

Follow-up actions and additional information from prior assessments

Service Enablement Plan

 Document approach for integrating BlackBerry Business Cloud Services for enabling Exchange Online access.

Considerations

 *Users of BlackBerry smartphones can connect to Exchange Online and experience rich messaging features using the BIS  *BlackBerry Business Cloud Services will be hosted, licensed,

and supported by RIM.

Data Protection

Review the impact of the

EAS policies to provide

PIN-based protection on

mobile devices as well as

provide guidelines for how

to handle devices not

supported within these

policies

Follow-up actions and additional information from prior assessments

Service Enablement

Plan

 Document EAS policies for PIN-based protection on those mobile devices supported

 Document guidelines for how to handle devices not supported within EAS PIN-based policies

Considerations

 EAS device policies provide control over the devices

that end users are synchronizing with Microsoft

Exchange

 Enforcement of policies on devices can increase the

security of your organization's data that is stored on

and accessed by these devices

 Policies provide the ability to configure devices so the

user is required to use security features, such as the

following:

 Lock the device with a PIN

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must

Questions ?