European Collaboration Summit (https://www.collabsummit.eu) 2019 was an awesome community-driven conference and it was a pleasure being part of it!
You can download my session slides about “password-less authentication with AD FS 2019” here: https://1drv.ms/p/s!ApvEqumCGaOPjJgyXIazPiJpQVXaqA
This blog post covers a summary of the session from Paul Collinge and Jeff Mealiffe about a recommended network architecture to get the most out of Office 365.
The enterprise connectivity challenge is that most customers are using a lot of expensive network equipment for the outgoing and incoming network traffic to and from the Internet. For example, proxy servers, WAN accelerator, secure web gateway, intrusion prevention system, etc. All of this network and connectivity equipment is expected because all things outside is unknown and untrusted.
But this model doesn’t fit with the cloud world of Office 365 and causes various connectivity problems.
Continue reading “BRK3081 – Implementing a modern network architecture to get the most out of Office 365”
Read more at the ENow Software Blog.
Office 365 comes with a set of admin roles that can be assigned to users within your organization. Each admin role maps to common business functions and gives your users permissions to do specific tasks in the Office 365 admin center and Windows PowerShell.
This is especially true for large organizations or universities with multiple brands or decentralized administration within a single Office 365 tenant, the default admin roles can cause headaches. While the delegation of permissions in Exchange Online works very well with Role Based Access Control (RBAC), other applications and services are hard to manage at a granular level. For example, license management or helpdesk for different countries, brands, and organizations. In these organizations, only a subset of administrative users are allowed to edit properties based on their region or brand.
Read more at the ENOW SOFTWARE BLOG
I would like to share some Exchange 2010 hybrid migration facts with you that we figured out.
First, again many thanks to Michael Van Horenbeeck! He helped me discuss this with a customer. I’m always very happy to work with him. And many thanks to Ben Winzenz and Jeff Kizner as well, I’m very grateful for your help.
In short: a customer is trying to keep about 65k mailboxes in sync to ensure a short cutover time. We are using a maximum of 1,500 mailboxes per batch, 5 batches per week, and switching 7,500 mailboxes with an overall data of about 5TB per week. For some technical details, we are using Azure ER (800 Mbit) for migration with 4 TMG as a proxy and some kind of F5 load balancing in between, PAW is activated, and two migration endpoints with each 100 sync/complete in parallel. We did some networking measuring and move request statistics and we had an average migration velocity of 18.6GB/h for batches starting the first incremental sync (0% to 95%) which is great. Of course, the migration velocity depends on the number of batches, mailboxes, mailbox items, network workload, etc.
Continue reading “Exchange Hybrid MRS vs. MigrationService Migrations”
My colleagues and I are working on a (pilot) multi-forest Exchange hybrid environment with a single Office 365 tenant. In this early stage of the project we will have two companies, each with their own on-premises environment. One of the requirement is a delegated administrative concept for Exchange Online, which means administrators and helpdesk workers should only manage and configure settings for their specific domains. This blog post will show you how to handle this with Role Based Access Control (RBAC).
Read more at the atwork blog.
Enabling single sign-on for your users must not be a big deal. There are multiple hybrid identity authentication scenarios available to obtain single sign-on capabilities to your users:
- Active Directory Federation Services (AD FS): single sign-on, based on one identity in your on-premises Active Directory and publishes on-premises and cloud web applications. This is the most complex scenario and often used by organizations with 250+ seats. They are not only using Office 365 applications for single sign-on, but also for other Intranet and Internet applications to achieve SSO user experience.
- Password Hash Sync (PHS): same sign-on, which means you must authenticate again with your on-premises credentials accessing Office 365 services.
- Pass-through authentication (PTA): single sign-on, allows your users to sign in to Azure Active Directory directly validating the users’ passwords against your on-premises Active Directory.
- Seamless single sign-on: single sign-on, automatically signs your users in when they are on their corporate devices connected to your corporate network. Can be combined with either PHS or PTA.
When should I use AD FS instead of other hybrid authentication methods?
Read more at the atwork blog.
I’m very happy to announce that I was awarded for the 1st Microsoft MVP Award for Office Servers and Services!
Read more at the atwork blog.
Large enterprise customers often have unique and specialized requirements for adoption Exchange Online. This session showcases the lifecycle of an enterprise customer leveraging features designed just for them. Demo and some several new features will be covered, such as Mailbox Plans, Client Access Rules, on send event APIs, and a first look at technology for mergers and divestitures.
The full recorded session can be found here: https://www.youtube.com/watch?v=pN6lsxKRrJQ&t=1503s
This blog post covers a summary of the session. Continue reading “Microsoft Ignite 2017: BRK3155 – Thrive in as an enterprise organization in Microsoft Exchange Online”
What is the best, DAS or SAN? Are SSDs on the way in or are slow spindles here to stay? Should you give up and migrate to the cloud? What about virtualization? This session covers the various Exchange architectures that can be deployed on-premises and hybrid.
- Exchange 2016 now supports up to 192GB of memory
- Item Recovery Enhancements
- Should I follow the PA? Yes. If it is possible, follow the PA. This is the tested and best practices solution from Microsoft running in Exchange Online. This simplifies the operation process in case of outage, failures, etc.
- Should I deploy SSD? No. Jeff Guillet mentioned a good example for this. If you are using SSD’s for Exchange, it is like you are driving a Ferrari on a gravel road.
- Should I virtualize Exchange? Yes and no. Of course, you can virtualize Exchange. Be sure that you use the calculator for virtualization 1:1 as you would do it for physical servers. Physical servers are more easier to manage and deploy because virtualization needs some more things to do.
- What should I do if I plan to have a hybrid deployment with O365? Follow the same approach as you would do it for an on-premises environment. If all your mailboxes are migrated to Exchange Online, use a single Exchange server for recipient management purposes only.
- What size mailbox should I deploy? Are 1GB mailboxes valid anymore? You already get 25GB mailboxes for free today and simple JBOD storage is a very low cost factor.
- Third-party archiving solutions or keep in Exchange? The Microsoft perspective is that archive mailboxes should be retain in Exchange. In case of big mailboxes and Outlook OST slider, there is no reason to use archive mailboxes anymore. If you are having strict compliance regulations for archiving, you can use Exchange, Exchange Online, or of course third-party archiving solutions.