1 / 46

Exchange Online Notes From The Field - PowerPoint PPT Presentation

  • Uploaded on

Exchange Online Notes From The Field…. Neil Johnson Senior Consultant Microsoft Consulting Services, UK Microsoft Corporation. Session Agenda. BPOS Current Version Technology Overview Lessons Learned from the field… Directory Sync Service Sign-Up Client Side Other Stuff.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Exchange Online Notes From The Field ' - eden

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Exchange online notes from the field

Exchange Online Notes From The Field…

Neil Johnson

Senior Consultant

Microsoft Consulting Services, UK

Microsoft Corporation

Session agenda
Session Agenda

  • BPOS Current Version

    • Technology Overview

    • Lessons Learned from the field…

      • Directory Sync

      • Service Sign-Up

      • Client Side

      • Other Stuff

Session agenda1
Session Agenda

  • Office 365 (Next version of BPOS – due H1 2011)

    • Technology Overview

    • Lessons learned from the Beta…

      • Directory Sync and Identity

      • Prerequisite Requirements

      • Mailbox Migration

Neil johnson who am i
Neil Johnsonwho am i?

  • 14 years field experience with Exchange

  • Exchange specialist (Ranger / MCM Exchange 2007 and 2010)

  • Senior Consultant for Microsoft Consulting, UK

  • Spent the last 18 months working with Exchange Online

  • Currently working with Office 365 Beta customers

Presentation goal
Presentation Goal

“To look at previous deployments of Exchange Online within BPOS and Office 365 Beta and examine the challenges involved, during planning, deployment and migration phases.”

Bpos technical overview current version
BPOS Technical OverviewCurrent Version

  • Provides Cloud Services…

    • Exchange Online

    • SharePoint Online

    • OCS Online

    • Live Meeting

  • Directory Sync

  • Tenant Configuration

  • Sign-in Client

  • E-mail Co-existence

  • Directory sync bpos wave 12
    Directory SyncBPOS Wave 12

    Directory sync overview
    Directory Sync…Overview

    • Based on Identity Lifecycle Manager (ILM)

    • Reads Active Directory objects and attributes

    • Creates BPOS User Objects

    • Flows attribute changes between on-premises and BPOS

    • Simplified install specifically for BPOS

    What could possibly go wrong?

    BPOS (Current Version)

    Directory sync things that you might not expect
    Directory SyncThings that you might not expect…

    • Requires single Active Directory Forest

      • Resource Forests are 2 Forests!

      • Forests trusts don’t make 2 Forests = 1

      • Yes, you can MAKE it work, but its not supported

    • Requires a 32bit Server

      • That means it wont work on 2008 R2!

    • Requires Enterprise Admin account to install

      • Manual work-around possible but fiddly

    BPOS (Current Version)

    Directory sync lessons learned t he hard way
    Directory SyncLessons learned - the hard way…

    • Validate Active Directory contains GAL information

      • Outsourced, Cloud based mail service, HMC etc?

      • Domino, GroupWise etc?

    • Perform GAL cleanup BEFORE Directory Sync!

    • 25k default object limit in BPOS

      • Can be raised via BPOS service request.

    • SMTP proxyAddresses stop synchronizing once a BPOS user is enabled

      • Ensure all SMTP domains are verified early!

    BPOS (Current Version)

    Directory sync more lessons learned
    Directory SyncMore lessons learned…

    • Network Connection for Directory Sync?

      • HTTPS (443/tcp)

      • Avoid Directory Sync through Proxy!

    • Error Messages sent to BPOS tenant technical contact

      • Ensure you can access this mailbox

      • Even better configure it to be a distribution list

    • Default Schedule is every 3 hours

      • Possible to change, but not recommended.

      • Force via Powershell : start-onlinecoexistencesync

    BPOS (Current Version)

    Infrastructure readiness planning microsoft premier tools and offerings
    Infrastructure Readiness Planning…Microsoft Premier Tools and Offerings…

    • Microsoft Premier Field Engineering can help!

      • Readiness Analyzer

        • Checks Exchange Organization

        • Checks Directory Attributes

        • Checks Infrastructure prerequisites

    Top Tip!

    If you are a Microsoft Premier customer talk to your Technical Account Manager about BPOS/Office 365 readiness offerings.

    BPOS (Current Version)

    Microsoft online service creation bpos current version
    Microsoft Online Service CreationBPOS (Current Version)

    Microsoft online sign up tenant configuration
    Microsoft Online Sign-upTenant Configuration

    • Sign-up requires Windows Live ID and a service name

      • Has anyone else registered your company name?

      • Has anyone completed a BPOS pilot?

      • Did they register your SMTP namespace?

      • Does anyone still remember the Admin password?

    Top Tip!

    Someone in your organisation may have already completed a Microsoft Online Services trial – this trial service may block you from creating your real tenant if the service name and SMTP domain names are already in use!

    BPOS (Current Version)

    Client side bpos current version
    Client SideBPOS (Current Version)

    Microsoft online single sign in client the client sic for short
    Microsoft Online Single Sign in ClientThe Client… “SIC” for short…

    • What does it do?

      • Caches user passwords

      • Configures Client Applications (Outlook, Communicator, IE, etc)

    • What doesn't it do?

      • Connect if the client time is more than 5 minutes out

      • Connect through a Proxy that requires NTLM Authentication

      • Work without .NET 2.0

    BPOS (Current Version)

    Passwords the client password caching comes back to bite us
    Passwords…The Client… password caching comes back to bite us…

    • No Password Synchronisation Provided

    • Password complexity rules?

      • Should you change on-premises to match BPOS?

    • Password Expiry Schedule?

      • On Day 1 the passwords may match

      • By Day 101 they probably wont match!

    Top Tip!

    Some of our partners have stepped up to solve this problem – if you are in this situation they may be worth a look.

    BPOS (Current Version)

    Performance the client were going to need a considerably bigger pipe
    Performance…The Client… were going to need a considerably bigger pipe…

    • All BPOS Services run over HTTPS via your Internet connection.

      • Have you scaled your Internet connection?

      • Have you scaled your Firewalls?

      • Have you scaled your Proxy Servers?

      • Everything in-between the end-user and BPOS is potentially adding latency, LATENCY=BAD!

    Top Tip!

    Where possible try to engineer the most direct path between end users and your cloud services – sending 10k Outlook users via HTTPS through your 32bit proxy server is potentially a recipe for disaster.

    Shameless Plug!

    I am running an Interactive session (UNC323-IS) on Friday from 12:30 – 13:30 in (Hall 3.2 Interactive 5) where I will discuss performance and network scaling techniques in more detail…

    BPOS (Current Version)

    Other stuff bpos current version
    Other StuffBPOS (Current Version)

    E mail message flow and message hygiene service coexistence
    E-mail Message Flow and Message HygieneService coexistence…

    • BPOS will act as another Server for your E-mail domains

      • They need to be added to your SPF record

      • Your inbound MTA needs to whitelist BPOS (& Vice Versa)

    • BPOS has a 25MB attachment limit

      • What is your internal attachment limit?

    • BPOS uses FOPE for SPAM and will send out a SPAM digest

      • End user education – will they know where to look?

    • No Cross Premises Availability (Free/Busy) Data

      • Migrate user departments or communities in groups

    BPOS (Current Version)

    Mail migration data migration what goes up must come down
    Mail Migration…Data Migration… what goes up must come down!

    • Migration Throughput

      • Highly dependent on mailbox item count

      • Consider using multiple migration servers

      • Are you migrating data through your proxy servers?

    • BPOS/S SIC Configures Outlook in Cached mode

      • This is generally a good thing!

      • However…

        • Mailbox migrations in Wave 12 require OST resynchronization

          • If you migrate 1GB to the cloud, you need to sync 1GB back down to the client…

    BPOS (Current Version)

    Mailbox sizes is bigger always better
    Mailbox SizesIs Bigger Always Better?

    • BPOS/S Allows a 25GB Mailbox!

      • Outlook 2003 doesn’t work so well with large OST files…

      • Old laptop hardware doesn't handle large OST files so well either…

      • Roaming users?? Imagine the fun

    Top Tip!

    Just because you CAN provide a 25GB mailbox doesn't necessarily mean that you should!

    Another Top Tip!

    If you ARE going to provision 25GB Mailboxes consider Outlook 2010

    ..and one Final Top Tip!

    Educate Roaming users to the benefits of OWA

    BPOS (Current Version)

    Bpos exchange 2003 public folders
    BPOS  Exchange 2003Public Folders?

    • Public Folders are not supported

      • BPOS users cannot use PF data on-premises!

      • Plan to migrate PF data BEFORE migrating to BPOS

    Top Tip!

    Reference the following White Paper for more information on Public Folder migration when moving to BPOS.

    BPOS (Current Version)

    New stuff what s happening in the beta
    New Stuff…What's happening in the Beta…


    …now the marketing guys have decided on a name we will start calling it “Office 365”…

    … however I may accidentally refer to it as Wave 14 or V2…

    … I may also refer to the current version as Wave 12 or V1 or BPOS…

    Office 365 technical overview next version h1 2011
    Office 365 Technical OverviewNext Version.. H1 2011

    • Provides Better! Cloud Services…

      • Exchange 2010 Online

      • SharePoint 2010 Online

      • Lync 2010 Online

      • Live Meeting

  • Improved Directory Sync

  • Identity Federation

  • Improved Migration

  • Rich Exchange Coexistence

  • Things that are fixed stuff we don t need to worry about anymore
    Things that are fixed…Stuff we don’t need to worry about anymore…

    • Directory Sync

      • proxyAddresses now always flowed to Office 365 user object

    • Client

      • No more Outlook 2003

      • No more Single Sign In Client

      • No need for password sync with ADFS deployed!

    • Migration and Coexistence

      • No more OST resynchronization after migration

      • Free/Busy data available cross premises

      • Online migration possible from Exchange 2010 to Office 365

    Office 365

    New stuff to worry about or notes from the technical preview and beta program
    New Stuff to Worry About…or… “Notes from the Technical Preview and Beta program”

    Identity federation with adfs what is office 365 identity federation
    Identity Federation with ADFSWhat is Office 365 identity federation?

    • Provides single user identity

      • No more password synchronization problems

      • Single master directory of identity (Active Directory)

    • Based on industry standards

      • Can be used with other cloud services

    • Not enabled by default

      • Configured on a per domain basis.

    Office 365

    Identity federation with adfs what is my userprincipalname
    Identity Federation with ADFSWhat is my userPrincipalName?

    • ADFS Sounds Great, so what's the problem?

    • ADFS uses AD userPrincipalName for account ID in Office 365

      • UPN domain defaults to the Forest Name

      • Many Forest Names are agnostic and can’t be registered in public DNS

        • forest.local


      • ….which means that ADFS cannot be configured

    Top Tip!

    Update all UPN’s to match user E-mail addresses – this may require re-distribution of user certificates.

    Top Tip!

    To perform a small user trial use Active Directory Domains and Trusts to add in a valid UPN suffix then create some test users with the new UPN suffix.

    Office 365

    Identity federation with adfs making things highly available
    Identity Federation with ADFSMaking things highly available…

    • Once Identity Federation is Enabled ADFS MUST be available!

      • No ADFS = No Office 365

      • ADFS Planning and Design becomes critical for success

    Top Tip!

    Begin planning for ADFS publishing early in the project and ensure that ADFS infrastructure is available throughout your organization.

    Office 365

    The client what s not supported
    The Client…what's not supported..

    • Outlook 2003 not supported

    • IE6 not supported

    • Windows XP SP2 not supported

    Top Tip!

    Spend time to ensure that your desktop meets the recommended requirements for the service! Desktop upgrades are generally a slow process and can add significant delay.

    I have some customers that are still working on this – months later…

    Office 365

    Migration data migration certified
    MigrationData Migration… certified?

    • Office 365 uses Exchange 2010 CAS MRS Service

      • This is a GREAT thing!

      • Mailbox GUID is persisted so no more OST resync

      • However…

        • The MRS service “pulls” data from on-premises CAS

        • This means you need to publish Exchange 2010 CAS EWS Service

        • It also means that you need a trusted public certificate!

    Top Tip!

    Plan to publish Exchange 2010 services from the outset even if you do not publish them now!

    Office 365

    Office 365 exchange 2003 public folders
    Office 365  Exchange 2003Public Folders?

    • Public Folders are still not supported

      • Office 365 users cannot use PF data on-premises!

      • Plan to migrate PF data BEFORE migrating to Office 365

    • Office 365 uses Exchange 2010 Availability Service

      • Provides cross-forest Availability!

    • Where on-premises Exchange is still 2003

      • Requires PF Database on Exchange 2010 CAS Server

      • Does NOT require all PF replicas

        • Just SCHEDULE+FREE/BUSY replica

    Office 365

    Public folder migration migrating from public folders to bpos whitepaper
    Public Folder Migration…Migrating from Public Folders to BPOS Whitepaper…

    Migrate from Exchange Public Folders to Microsoft Business Productivity Online Standard Suite

    Office 365

    Top tips list for migrating to exchange online all versions past and present
    Top Tips List for Migrating to Exchange OnlineAll versions, past and present 

    Top tips list a w ise man once s aid
    Top Tips List…AWise Man Once Said…

    • Begin planning early.

      • Understand the impact to YOUR business

    • Define your functional requirements.

      • Don’t assume that because you can do it on-premises you can do it in a cloud environment.

    • Conduct a thorough proof of concept.

      • Use your functional requirements list to generate a test plan and work through it. Then perform GAP analysis.

    • Be prepared to change the way you do things.

    Office 365

    UNC323-IS “Open Forum - Q & A’s on Exchange Online“

    Hall 3.2 Interactive 5

    Friday, November 12

    12:30 PM - 1:30 PM


    Please be gentle – I’m new to this 

    Session evaluations

    Session Evaluations

    Tell us what you think, and you could win!

    All evaluations submitted are automatically entered into a daily prize draw* 

    Sign-in to the Schedule Builder at

    * Details of prize draw rules can be obtained from the Information Desk.

    © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

    The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

    Password policy the details
    Password PolicyThe Details

    • Password expiry BPOS = 90 days

    • Password complexity rules?

    • The current BPOS password policy is at least 7 characters, and must contain three of the following character types:

      • Uppercase

      • Lowercase

      • Numeral

      • Non-alphanumeric characters ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | [ ] \ : " ; ' < > ? , . /

    Password policy the details1
    Password PolicyThe Details

    • In addition the following rules apply:

      • Cannot reuse any of the last 24 passwords

      • Passwords expire every 90 days

      • Cannot change the password more than once in any 24 hour period

    • New parameters added to the MOSI API

      • StrongPasswordRequired Boolean

      • PasswordExpiry Boolean

    Messageops password sync bpos current version
    MessageOps Password SyncBPOS Current Version