Presentation is loading. Please wait.

Presentation is loading. Please wait.

Planning your Office 365 deployment - Lessons from real world deployments. Chris Goosen Office Servers and Services MVP Insight.

Published bySibyl Cobb Modified over 6 years ago

Similar presentations

Presentation on theme: "Planning your Office 365 deployment - Lessons from real world deployments. Chris Goosen Office Servers and Services MVP Insight."— Presentation transcript:

1 Planning your Office 365 deployment - Lessons from real world deployments.
Chris Goosen Office Servers and Services MVP Insight

2 Who am I? Senior Architect at Insight Based in Dallas, TX
Office Servers and Services MVP Microsoft Certified Master – Exchange Blog: LinkedIn: Podcast: thearchitects.cloud

3 In this session.. Introduction Readiness
Identity management and configuration Directory synchronization considerations Workload-specific considerations Monitor your deployment Updates after Ignite: Network/Express route guidance

4 Readiness

5 Readiness Don't forget about the clients!
Workstation readiness is often overlooked and could cause large project delays Windows 8/8.1 mainstream support ends January 2018 Office 365 works with any version of Office in mainstream support: Office 2013/2016 Office for Mac 2016 Windows 8/8.1 Mainstream Support ends on January 9, 2018 Office for Mac 2011 client mainstream support is ending on October 10, 2017 Starting October 13, 2020, Office 365 ProPlus or Office perpetual in mainstream support will be required to connect to Office 365 services

6 Readiness Don’t have access to SCCM (or other) reports?
Telemetry Dashboard Uses an agent to collect data from Office 2003 / / 2010 clients (includes add-in information) Office add-in report for Windows Upgrade Analytics Cloud based solution that uses OMS The Microsoft Assessment and Planning (MAP) Toolkit Agentless inventory, assessment and reporting tool

7 Readiness Network and DNS
Using an internet proxy? Consider bypassing the proxy for Office 365 URLs Centralized DNS infrastructures could result in clients falsely being redirected to the incorrect datacenter Ensure that there is no pre-authentication taking place for Autodiscover/EWS Understand current usage patterns and utilization Bandwidth calculator tools can help predict the impact, but the results should be verified

8 Utilization data with predictions
Readiness Utilization data Utilization data with predictions

9 Client connectivity is heavily reliant on DNS resolution

10 Readiness What about ExpressRoute?
ExpressRoute for Office 365 isn’t a magic bullet solution! It is a connection to the edge of Microsoft’s network Alternate route for a subset of URLs – CRLs, CDNs, DNS, etc. are still public Can be very complex to implement and manage Peering is currently blocked and requires approval by Microsoft - evaluated on a customer by customer basis

11 Readiness The golden rules of Office 365 connectivity:
Identify and differentiate Office 365 traffic Egress Office 365 data connections as close to the user as practical (including DNS) Avoid network hairpins Bypass proxies, inspection devices and duplicate security where possible if already available in Office 365 Always try to follow the Office 365 connectivity principles

12 Identity management and configuration

13 Identity management and configuration
A mature Identity Management strategy is very important Consider the user experience User sign-on methods: Cloud Identity Password Synchronization Federation Pass-through Authentication

14 Identity management and configuration
Pass-through Authentication has some limitations: Requires Modern Authentication Skype for Business not supported Older PowerShell modules not supported Federation is no longer the only way to provide SSO Azure Active Directory Seamless Single Sign-On is also a great option!

15 Identity management and configuration
Too many options, which one should I choose?? Synchronized identities enable same sign-on without the need for federation Consider synchronized identities unless you specifically require federation Pass-through Authentication is now generally available, but still has some limitations Federation enables true single sign-on and can be leveraged for other SaaS applications Cloud identities work great if you don’t have an on-premises AD, for testing or simple pilots PTA Limitations: User sign-ins into legacy Office client applications (Office 2013 or earlier). User sign-ins into Skype for Business client applications, including Skype for Business 2016. User sign-ins into PowerShell v1.0. It is recommended that you use PowerShell v2.0 instead. Azure AD Domain Services. App passwords for MFA. Detection of users with leaked credentials.

16 Identity management and configuration
What about license management? Unified vs à la carte With great flexibility comes increased complexity Consider accurate user profiling prior to deployment Should integrate with provisioning processes Automation can help ease administrative burden Useful when lighting up new features Map out any existing automated processes Solutions don’t need to be complex but consider scalability! Important to consider the burdened cost of custom solutions Use Microsoft Graph to ensure long term supportability

17 Identity management and configuration
Have you considered Azure AD group-based licensing? Requires Azure AD Basic or Premium Work with cloud-only or synchronized groups Allows granular control of all SKU options Assignments are cumulative Only available via the Azure Portal Does not support nested groups Dynamic groups allow assignment based on attribute value

18 Directory synchronization considerations

19 Directory synchronization considerations
Do not underestimate Active Directory remediation Most AD environments will require some remediation Removal of stale proxy addresses, .local domain suffixes, etc - GIGO Update AD information (Location, Phone number, etc) Best user experience when the UPN matches address Restructure AD if required for filtering

20 Workload-specific considerations

21 Workload-specific considerations
Exchange Hybrid is a configuration state, not a server role! A Hybrid deployment uses existing Exchange workloads You do need to implement a newer version of Exchange IF migrating from a legacy version: Exchange 2003  Use Exchange 2010 Exchange 2007  Use Exchange 2013 Consider retaining at least 1 on-premises Exchange server for management and SMTP relay Some changes to this was announced at Ignite 2017, however these are months away.

22 Workload-specific considerations
Virtualization is supported Important to ensure that hypervisor is validated under the Windows Server Virtualization Validation Program (SVVP) Incorrectly configured or undersized virtual Exchange servers impact migration performance Don’t over-complicate your deployment or create a single point of failure

23 Workload-specific considerations
2 Sockets x 2 Cores = 4 Cores 1 Socket x 4 Cores = 4 Cores 100 concurrent moves

24 Workload-specific considerations
Microsoft Teams Microsoft Teams is enabled by default for all eligible users By default, every user can create a team Teams is built on Office 365 Groups (Like Planner) Office 365 Groups creation settings apply to Teams This can be really good, or really bad.. Carefully consider limiting group creation

25 Workload-specific considerations
It effects all Office 365 services that use groups, not just Teams: Ability to create groups via Outlook, Planner, etc. Does not restrict group creation in Office 365 admin center (for admins) Consider drafting governance and usage guidelines When to use Teams vs Yammer vs Groups vs SharePoint

26 Monitor Your Deployment

27 Monitor Your Deployment
Azure AD connect health Monitors your on-premises identity infrastructure Azure AD Connect server AD FS & AD FS Proxy (WAP) servers AD DS Domain Controllers Requires Azure AD Premium & AAD Connect ver.  Health Agents installed on AD FS servers & domain controllers Azure AD Connect ver.  is from Nov Current version (May 2017) is Many third-party vendors, like Enow.

28 Azure AD Connect ver. 1. 9125. 0 is from Nov 2015
Azure AD Connect ver.  is from Nov Current version (May 2017) is Many third-party vendors, like Enow.

29 THANK YOU! QUESTIONS?

Download ppt "Planning your Office 365 deployment - Lessons from real world deployments. Chris Goosen Office Servers and Services MVP Insight."

Similar presentations

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Configuring SharePoint 2013 and Office 365 Hybrid – Part 1

Configuring SharePoint 2013 and Office 365 Hybrid – Part 1
1 | SharePoint Saturday St. Louis 2015 Case Study An on premise challenge to move to the cloud. The migration to Azure and Office 365.

1 | SharePoint Saturday St. Louis 2015 Case Study An on premise challenge to move to the cloud. The migration to Azure and Office 365.
Hybrid Search with SharePoint 2013 and Office 365 Brendan Griffin.

Hybrid Search with SharePoint 2013 and Office 365 Brendan Griffin.
Identity management integration options for Office 365

Identity management integration options for Office 365
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.

Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
5 | Microsoft Confidential 6 | Microsoft Confidential.

5 | Microsoft Confidential 6 | Microsoft Confidential.
Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium

Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium
123456789101112…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Key Considerations in Architecting Active Directory Federation Alexander Yim WSHFC NCSHA, Nashville on Sept 28 th, 2015.

Key Considerations in Architecting Active Directory Federation Alexander Yim WSHFC NCSHA, Nashville on Sept 28 th, 2015.
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.

Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Offer highly configurable and scalable services Maintain an evergreen service Provide a platform built on security, privacy, and trust.

Offer highly configurable and scalable services Maintain an evergreen service Provide a platform built on security, privacy, and trust.
Alessandro Cardoso Microsoft MVP | Readify National Manager |

Alessandro Cardoso Microsoft MVP | Readify National Manager |
Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.

Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.
Module 11 Upgrading to Microsoft ® Exchange Server 2010.

Module 11 Upgrading to Microsoft ® Exchange Server 2010.
Office 365 Performance Management. Meet Paul Andrew Office 365 Technical Product Manager – Office 365 datacenter, networking, identity management.

Office 365 Performance Management. Meet Paul Andrew Office 365 Technical Product Manager – Office 365 datacenter, networking, identity management.
Identities and Azure AD Premium

Identities and Azure AD Premium

Similar presentations

Ads by Google