Step 2 Deployment Overview What is DirSync? Purpose – What does it do? Understanding Synchronization Understanding Coexistence Understanding Migrations Self Service Admin lead Migration Options PST migrations IMAP migrations Staged Exchange migrations
Build from Pilot to Deployment, layer features and integrations Full Office 365 User Experience with minimal on-premises requirements Time to value vs. effort invested Identity options: cloud IDs, synchronized IDs and federated IDs John
Experience Value Early New Cloud Experience Real World Benefits Broad Production Use Full Feature Value Meet your needs Deploy Enhance Pilot
Pilot completeDeploy CompleteAdopt new features Deploy Enhance Pilot
Sign-on Integrated identity management Sign-on with the same user and password as on premises Mail Integrated mail flow and migration Global address list Full mail content migration – mail, calendar, contacts Collaboration Sharing and working with others Lync business partner federation Site governance and provisioning support Setup of Apps for Office corporate app catalog Clients IT managed client productivity Office 365 ProPlus deployed to user desktop via IT process Mobile Managed mobile connectivity Send and receive mail from mobile device as on-prem Administration Control & monitor Data loss prevention configuration (limited) Exchange Online Protection mail protection configuration (limited) Setup in days Adds on-premises integration Pilot user and info is sustained IT driven migration Mail migration that best fits environment Deploy Experience – what’s added
Identity What’s Required Directory Sync server/s AD meets service requirements for hygiene Same password on-prem and in cloud via password sync Network What you need to connect Network access to service from client end points Network bandwidth availability Access to maintain DNS entries for share domains Clients Required to connect and deploy Web client – minimum browser Office 365 Pro Plus – clients running Windows 7 + Unique requirements per mail platform Dedicated customer IT team Change management readiness Mail Required to setup and migrate Admin access Deploy – what’s required
Cloud Identity Single identity in the cloud Directory & Password Synchronization Single identity without federation Federated Identity Single federated identity and credentials Deploy Identity Scenario Deploy Enhance Pilot
On-premises ExchangeActive Directory Office 365 Windows Azure Active Directory Directory Synchronization Provisioning Web Service Logon Enabled User Mail-Enabled (not mailbox-enabled) ProxyAddresses: SMTP: smtp: smtp: TargetAddress: SMTP: Logon Enabled User Mail-Enabled (not mailbox-enabled) ProxyAddresses: SMTP: smtp: smtp: TargetAddress: SMTP: Exchange Online Authentication Platform SharePoint Online Lync Online User Object Mailbox-Enabled ProxyAddresses: SMTP: User Object Mailbox-Enabled ProxyAddresses: SMTP: Sync Cycle Stage 3: Export Users, Groups, and Contacts to Office 365 Sync Cycle Stage 4: Export “Write Back” attributes Sync Cycle Stage 2: Import Users, Groups, and Contacts from Office 365
In MOP, select users and groups | DirSync Set up Activate Directory Synchronization (can take up to 24h to propagate) Form DirSync server Download DirSync
Introduced with DirSync in June 2013 Benefits of using Password Sync as an alternative to Federated Authentication “Single set of credentials” to access both on-premises and online resources Managed in the customer’s Active Directory and is synchronized with Office 365 (username + password) Fully integrated in the DirSync appliance No requirement for Active Directory Federation Services. Keeps the deployment simple and eliminates IT costs associated with AD/FS
Does not require nor access the plain text password No requirement for AD reversible encrypted format AD user password hash is hashed again using a non-reversible encryption function and digest is synchronized into Azure AD The digest in Azure AD cannot be used to access resources in the customer’s on-premises environment
One-way synchronization from on-premises to the cloud Password Complexity Policy implemented in the on-premises AD is the master policy Password Expiration Policy on the Azure AD is set to “Never Expire” Password expiration and sync to Azure AD is driven by on-premises events
On-premises Message Filtering MX Record: contoso.com User Object Mailbox-Enabled ProxyAddresses: SMTP: User Object Mailbox-Enabled ProxyAddresses: SMTP: ExchangeActive Directory
On-premises Message Filtering MX Record: contoso.com ExchangeActive Directory Office 365 MX Record: contoso.onmicrosoft.com contoso.mail.onmicrosoft.com Exchange Online Protection Exchange Online Online Directory DirSync DirSync Web Service Logon Enabled User Mailbox-Enabled ProxyAddresses: SMTP: smtp: smtp: Logon Enabled User Mailbox-Enabled ProxyAddresses: SMTP: smtp: smtp: User Object Mail-Enabled (not mailbox-enabled) ProxyAddresses: SMTP: TargetAddresses: SMTP: User Object Mail-Enabled (not mailbox-enabled) ProxyAddresses: SMTP: TargetAddresses: SMTP:
On-premises Message Filtering MX Record: contoso.com ExchangeActive Directory Office 365 MX Record: contoso.onmicrosoft.com contoso.mail.onmicrosoft.com Exchange Online Protection Exchange Online Online Directory DirSync DirSync Web Service Logon Enabled User Mail-Enabled (not mailbox-enabled) ProxyAddresses: SMTP: smtp: smtp: TargetAddresses: SMTP: Logon Enabled User Mail-Enabled (not mailbox-enabled) ProxyAddresses: SMTP: smtp: smtp: TargetAddresses: SMTP: User Object Mailbox-Enabled ProxyAddresses: SMTP: User Object Mailbox-Enabled ProxyAddresses: SMTP:
49 | Microsoft Confidential DEPLOYMENT PLAN Migration solution is part of the plan DEPLOYMENT PLAN Migration solution is part of the plan Exchange IMAP Lotus Notes Google Large Medium Small In-Cloud On-Premise Single Sign-On DirSync Manual/Bulk Provisioning Simple Rich Self serve or Admin Driven Features by user type Cloud or on- premises tools
PST Migration IMAP migration Staged migration Hybrid Exchange 5.5XX Exchange 2000XX Exchange 2003XXX Exchange 2007XXX Exchange 2010XXX Exchange 2013XXX Notes/DominoXX GroupWiseXX OtherXX FastTrack Step 2 Migration Options Migration PST Migration Import of Archived/Offline Mail IMAP migration Supports wide range of platforms only (no calendar, contacts, or tasks) Staged Exchange migration No server required on-premises Identity federation with on-premises directory Hybrid Hybrid deployment Manage users on-premises and online Enables cross-premises calendaring, smooth migration, and easy off- boarding
Self Service or Admin Driven Options ControlDeployment TypeDescription Self Service Admin-Driven
Prepare for IMAP Migration Prepare for IMAP Migration Create IMAP Migration Endpoint Create a CSVs for IMAP Migration Configure MX Record Pointing to Office 365 Configure MX Record Pointing to Office 365 Start IMAP Migration Batch Create IMAP Migration Batch
Prepare for IMAP Migration Prepare for IMAP Migration
Start IMAP Migration Batch Create IMAP Migration Batch
Convert On- Premise Mailboxes to Mail-Enabled Users Prepare for Staged Migration Prepare for Staged Migration Create Migration End-Point Create a CSV File for Staged Migration Batch Create a CSV File for Staged Migration Batch Delete Staged Migration Batch Start a Staged Migration Batch Create a Staged Migration Batch
Prepare for Staged Migration Prepare for Staged Migration
Create a CSV File for Staged Migration Batch Create a CSV File for Staged Migration Batch Create Migration End-Point
Start a Staged Migration Batch
Convert On- Premise Mailboxes to Mail-Enabled Users
Delete Staged Migration Batch