Originally posted at Lucian.Blog.
Okay, you have the green light and it’s time to get cracking deploying Office 365. Before a mailbox can be migrated, before even an account can be AADSync’ed, before you even provision the O365 tenant, there is the matter of checking if the existing infrastructure is ready to handle the great features of Office 365.
What is always recommended before the design phase of a project even starts is to conduct an Office 365 readiness assessment. Working on a project recently and having it fresh in my mind, I thought I’d put finger to keyboard (pen to paper) and jot down the key items to check.
There’s allot of IT companies out there who offer this discovery and assessment process which is great. As a handy reference point, here’s the approach I take, with the a focus on Exchange Online messaging as that’s what I’m pretty good at…
Before you start
-
- What are the requirements of Office 365: always the first question and what everyone should ask
- There’s an ever growing list of applications and services accessible, so making sure the requirements are met for the business is key
- This could initially mean a simple migration to Exchange Online, but you want to set a decent foundation for future service expansion
- Choosing the licensing model
- There’s quite a few license tiers available with the higher you go, the more you get
- Choose the one that gives you the features you desire, but also with the best value
- Choose the identity and authentication solution
- This extends from the first point- what are the requirements
- Most of the large enterprise clients I’ve worked with, in fact all of them to be honest, have all had a Federated Identity
- Federated Identity utilizes AADSync with Federation for a single federated identity and credentials, most ideal for enterprise
- What are the requirements of Office 365: always the first question and what everyone should ask
Sidebar: Office 365 Identity
Directory Services
-
- ADDS Forest and Domain Functional Levels
- Ensuring that these are at a minimum level to integrate with Azure AD
- Windows 2003 or higher for AD FS 2.0 to AD FS 3.0, Windows 2008 R2 or higher for AD FS 3.0 is recommended
- External Forests and Trusts
- External trusts are supported and with AD FS 3.0 and AADSync, you’re able to sync multiple forests to Azure AD
- User Principal Names
- Office 365 can’t route internal domain names, like those ending in .local
- Setting a UPN in your ADDS to a publicly rout-able domain ensures successful login to Office 365
- Invalid Attributes in AD Objects
- Certain characters are not supported in Office 365 and Azure AD
- Remove these by renaming any user or group objects that have these characters
- Username unsupported characters include: ? @ \ +
- Email alias unsupported characters include: [ \ ! # $ % & * + / = ? ^ ` { } ]
- Organisational Units
- When using AADSync, you would select the appropriate OU to replicate to O365
- Having a logical and sound system of administration means all users to sync are in the synced OU’s
- ADDS Forest and Domain Functional Levels
Identity Management
-
- User Principal Name alignment with Email Address
- It’s also best practice to align usernames with email address, depending on your preference
- Set this to something like FirstInitalLastname or Firstname.Lastname
- It’s also best practice to align usernames with email address, depending on your preference
- Office 365 License Assignment
- This can be done manually through the portal
- This can also be done in a streamlined manner via Powershell scripts
- User Principal Name alignment with Email Address
Exchange Organization
-
- Mail Flow
- Determine how mail routing is to flow in your organization
- Office 365 now has a streamlined wizard to facilitate this process
- http://blogs.office.com/2015/05/22/announcing-a-new-way-to-create-connectors-in-office-365/
- Email Domains
- Determine which email domains are to be kept, migrated to O365
- Autodiscover and Exchange Web Services
- Exchange Certificate Services
- Mobile Device Access (ActiveSync) and Management (MDM)
- Client Access (Outlook Anywhere / Outlook Web App)
- Message Limits
- Determine requirements and make sure these are maintained in O365
- Mailbox Sizing
- Determine requirements and make sure these are maintained in O365
- Public Folders
- Determine requirements and make sure these are maintained in O365
- Archiving and Journaling
- Determine requirements
- Application SMTP Relays
- Determine requirements
- Third Party Applications
- Determine integration requirements
- Mail Flow
Networks
- Bandwidth and Utilisation
- Complete the Exchange Client Network Bandwidth Calculator
- http://blogs.technet.com/b/exchange/archive/2012/02/10/announcing-the-exchange-client-network-bandwidth-calculator-beta.aspx
- Complete the OneDrive for Business Client Network Bandwidth Calculator
- https://www.microsoft.com/en-us/download/details.aspx?id=44541
- DNS
- Determine requirements
- Internet Proxies
- Determine impact of proxies
- Firewalls and Ports
- Check firewall and ports are able to be opened and forwarded appropriately
- Complete change management process to ensure these are able to be opened and don’t break security protocol
- Clients
- Desktop SOE – does this meet the requirements for Office 365 mail
- Internet Explorer 10 +
- WIN – Office 2010 SP1 +
- MAC – Office 2011 SP3 +
- Click to run – Office 2013 Professional Plus
- Deploy to SOE
- Desktop SOE – does this meet the requirements for Office 365 mail
Security Considerations
- Azure AD – Rights Management Service (RMS)
- Provides the ability to encrypt individual documents and ensure that the permissions ‘float’ with the document regardless of the storage or transmission mechanism
- Mobile Device Management (MDM)
- Determine what integration and policy deployment needs to be configured and applied
References
A couple links to some interesting reads that might be of use:
- Support Community: Office 365 for business
- Office 365 integration with on-premises environments
- Determine which directory integration scenario to use
- Office 365 deployment guide
- Plan for your upgrade/migration to Office 365 with the Microsoft Assessment and Planning Toolkit
Additional Services
These are most of the considerations related to the Office 365, more focused on the Exchange Online side. SharePoint Online and Lync Online have their own additional requirements and additional readiness assessment tasks on top of the above.
However, with the complexity that can be SharePoint Server, oftentimes using a third party tool like Share-Gate achieves the desired results with considerable less stress. The only hurdle is procurement of licensing for Share-Gate.
Finally, there is an overview of any Skype for Business infrastructure on-premises and extending that to the cloud, as well as understanding any social requirements to provision Yammer Enterprise.
Thank you,
Originally posted at Lucian.Blog.
Extremely useful. Thanks for sharing
Hi Good article.
AD FS 3.0 can be run in a Windows Server 2003 domain
Worth taking a look here https://technet.microsoft.com/en-us/library/dn554247.aspx#BKMK_4