Originally posted at Lucian.Blog.


Okay, you have the green light and it’s time to get cracking deploying Office 365. Before a mailbox can be migrated, before even an account can be AADSync’ed, before you even provision the O365 tenant, there is the matter of checking if the existing infrastructure is ready to handle the great features of Office 365.

What is always recommended before the design phase of a project even starts is to conduct an Office 365 readiness assessment. Working on a project recently and having it fresh in my mind, I thought I’d put finger to keyboard (pen to paper) and jot down the key items to check.

There’s allot of IT companies out there who offer this discovery and assessment process which is great. As a handy reference point, here’s the approach I take, with the a focus on Exchange Online messaging as that’s what I’m pretty good at…

Before you start

    • What are the requirements of Office 365: always the first question and what everyone should ask
      • There’s an ever growing list of applications and services accessible, so making sure the requirements are met for the business is key
      • This could initially mean a simple migration to Exchange Online, but you want to set a decent foundation for future service expansion
    • Choosing the licensing model
      • There’s quite a few license tiers available with the higher you go, the more you get
      • Choose the one that gives you the features you desire, but also with the best value
    • Choose the identity and authentication solution
      • This extends from the first point- what are the requirements
      • Most of the large enterprise clients I’ve worked with, in fact all of them to be honest, have all had a Federated Identity
        • Federated Identity utilizes AADSync with Federation for a single federated identity and credentials, most ideal for enterprise

 

Sidebar: Office 365 Identity

 Directory Services

    • ADDS Forest and Domain Functional Levels
      • Ensuring that these are at a minimum level to integrate with Azure AD
      • Windows 2003 or higher for AD FS 2.0 to AD FS 3.0, Windows 2008 R2 or higher for AD FS 3.0 is recommended
    • External Forests and Trusts
      • External trusts are supported and with AD FS 3.0 and AADSync, you’re able to sync multiple forests to Azure AD
    • User Principal Names
      • Office 365 can’t route internal domain names, like those ending in .local
      • Setting a UPN in your ADDS to a publicly rout-able domain ensures successful login to Office 365
    • Invalid Attributes in AD Objects
      • Certain characters are not supported in Office 365 and Azure AD
      • Remove these by renaming any user or group objects that have these characters
      • Username unsupported characters include: ? @ \ +
      • Email alias unsupported characters include: [ \ ! # $ % & * + / = ? ^ ` { } ]
    • Organisational Units
      • When using AADSync, you would select the appropriate OU to replicate to O365
      • Having a logical and sound system of administration means all users to sync are in the synced OU’s

Identity Management

    • User Principal Name alignment with Email Address
      • It’s also best practice to align usernames with email address, depending on your preference
        • Set this to something like FirstInitalLastname or Firstname.Lastname
    • Office 365 License Assignment
      • This can be done manually through the portal
      • This can also be done in a streamlined manner via Powershell scripts

Exchange Organization

    • Mail Flow
    • Email Domains
      • Determine which email domains are to be kept, migrated to O365
    • Autodiscover and Exchange Web Services
    • Exchange Certificate Services
    • Mobile Device Access (ActiveSync) and Management (MDM)
    • Client Access (Outlook Anywhere / Outlook Web App)
    • Message Limits
      • Determine requirements and make sure these are maintained in O365
    • Mailbox Sizing
      • Determine requirements and make sure these are maintained in O365
    • Public Folders
      • Determine requirements and make sure these are maintained in O365
    • Archiving and Journaling
      • Determine requirements
    • Application SMTP Relays
      • Determine requirements
    • Third Party Applications
      • Determine integration requirements

Networks

Security Considerations

  • Azure AD – Rights Management Service (RMS)
    • Provides the ability to encrypt individual documents and ensure that the permissions ‘float’ with the document regardless of the storage or transmission mechanism
  • Mobile Device Management (MDM)
    • Determine what integration and policy deployment needs to be configured and applied

References

A couple links to some interesting reads that might be of use:

Additional Services

These are most of the considerations related to the Office 365, more focused on the Exchange Online side. SharePoint Online and Lync Online have their own additional requirements and additional readiness assessment tasks on top of the above.

However, with the complexity that can be SharePoint Server, oftentimes using a third party tool like Share-Gate achieves the desired results with considerable less stress. The only hurdle is procurement of licensing for Share-Gate.

Finally, there is an overview of any Skype for Business infrastructure on-premises and extending that to the cloud, as well as understanding any social requirements to provision Yammer Enterprise.

Thank you,

by-lucian-handwritten-v1


Originally posted at Lucian.Blog.

Category:
Communication and Collaboration, Office 365
Tags:
,

Join the conversation! 2 Comments

  1. Extremely useful. Thanks for sharing

  2. Hi Good article.

    AD FS 3.0 can be run in a Windows Server 2003 domain
    Worth taking a look here https://technet.microsoft.com/en-us/library/dn554247.aspx#BKMK_4

Comments are closed.