This blog post covers a summary of the session from Paul Collinge and Jeff Mealiffe about a recommended network architecture to get the most out of Office 365.
The enterprise connectivity challenge is that most customers are using a lot of expensive network equipment for the outgoing and incoming network traffic to and from the Internet. For example, proxy servers, WAN accelerator, secure web gateway, intrusion prevention system, etc. All of this network and connectivity equipment is expected because all things outside is unknown and untrusted.
But this model doesn’t fit with the cloud world of Office 365 and causes various connectivity problems.
Continue reading “BRK3081 – Implementing a modern network architecture to get the most out of Office 365”
Office 365 comes with a set of admin roles that can be assigned to users within your organization. Each admin role maps to common business functions and gives your users permissions to do specific tasks in the Office 365 admin center and Windows PowerShell.
This is especially true for large organizations or universities with multiple brands or decentralized administration within a single Office 365 tenant, the default admin roles can cause headaches. While the delegation of permissions in Exchange Online works very well with Role Based Access Control (RBAC), other applications and services are hard to manage at a granular level. For example, license management or helpdesk for different countries, brands, and organizations. In these organizations, only a subset of administrative users are allowed to edit properties based on their region or brand.
Read more at the ENOW SOFTWARE BLOG
I would like to share some Exchange 2010 hybrid migration facts with you that we figured out.
First, again many thanks to Michael Van Horenbeeck! He helped me discuss this with a customer. I’m always very happy to work with him. And many thanks to Ben Winzenz and Jeff Kizner as well, I’m very grateful for your help.
In short: a customer is trying to keep about 65k mailboxes in sync to ensure a short cutover time. We are using a maximum of 1,500 mailboxes per batch, 5 batches per week, and switching 7,500 mailboxes with an overall data of about 5TB per week. For some technical details, we are using Azure ER (800 Mbit) for migration with 4 TMG as a proxy and some kind of F5 load balancing in between, PAW is activated, and two migration endpoints with each 100 sync/complete in parallel. We did some networking measuring and move request statistics and we had an average migration velocity of 18.6GB/h for batches starting the first incremental sync (0% to 95%) which is great. Of course, the migration velocity depends on the number of batches, mailboxes, mailbox items, network workload, etc.
Continue reading “Exchange Hybrid MRS vs. MigrationService Migrations”
Enabling single sign-on for your users must not be a big deal. There are multiple hybrid identity authentication scenarios available to obtain single sign-on capabilities to your users:
- Active Directory Federation Services (AD FS): single sign-on, based on one identity in your on-premises Active Directory and publishes on-premises and cloud web applications. This is the most complex scenario and often used by organizations with 250+ seats. They are not only using Office 365 applications for single sign-on, but also for other Intranet and Internet applications to achieve SSO user experience.
- Password Hash Sync (PHS): same sign-on, which means you must authenticate again with your on-premises credentials accessing Office 365 services.
- Pass-through authentication (PTA): single sign-on, allows your users to sign in to Azure Active Directory directly validating the users’ passwords against your on-premises Active Directory.
- Seamless single sign-on: single sign-on, automatically signs your users in when they are on their corporate devices connected to your corporate network. Can be combined with either PHS or PTA.
When should I use AD FS instead of other hybrid authentication methods?
Read more at the atwork blog.
I’m very happy to announce that I was awarded for the 1st Microsoft MVP Award for Office Servers and Services!
Read more at the atwork blog.
Large enterprise customers often have unique and specialized requirements for adoption Exchange Online. This session showcases the lifecycle of an enterprise customer leveraging features designed just for them. Demo and some several new features will be covered, such as Mailbox Plans, Client Access Rules, on send event APIs, and a first look at technology for mergers and divestitures.
The full recorded session can be found here: https://www.youtube.com/watch?v=pN6lsxKRrJQ&t=1503s
This blog post covers a summary of the session. Continue reading “Microsoft Ignite 2017: BRK3155 – Thrive in as an enterprise organization in Microsoft Exchange Online”
What is the best, DAS or SAN? Are SSDs on the way in or are slow spindles here to stay? Should you give up and migrate to the cloud? What about virtualization? This session covers the various Exchange architectures that can be deployed on-premises and hybrid.
- Exchange 2016 now supports up to 192GB of memory
- Item Recovery Enhancements
- Should I follow the PA? Yes. If it is possible, follow the PA. This is the tested and best practices solution from Microsoft running in Exchange Online. This simplifies the operation process in case of outage, failures, etc.
- Should I deploy SSD? No. Jeff Guillet mentioned a good example for this. If you are using SSD’s for Exchange, it is like you are driving a Ferrari on a gravel road.
- Should I virtualize Exchange? Yes and no. Of course, you can virtualize Exchange. Be sure that you use the calculator for virtualization 1:1 as you would do it for physical servers. Physical servers are more easier to manage and deploy because virtualization needs some more things to do.
- What should I do if I plan to have a hybrid deployment with O365? Follow the same approach as you would do it for an on-premises environment. If all your mailboxes are migrated to Exchange Online, use a single Exchange server for recipient management purposes only.
- What size mailbox should I deploy? Are 1GB mailboxes valid anymore? You already get 25GB mailboxes for free today and simple JBOD storage is a very low cost factor.
- Third-party archiving solutions or keep in Exchange? The Microsoft perspective is that archive mailboxes should be retain in Exchange. In case of big mailboxes and Outlook OST slider, there is no reason to use archive mailboxes anymore. If you are having strict compliance regulations for archiving, you can use Exchange, Exchange Online, or of course third-party archiving solutions.
Matt Gossage and Ananth Sundararaj show how Exchange Online works. The engineering leaders who design and build the infrastructure reveal the secrets of deep neural networks, machine learning, substrate, shards, and much more. They also share how these mystical creatures actually impact IT pros and users of Exchange and Outlook.
Continue reading “Microsoft Ignite 2017: BRK4029 – Inside Exchange Online”
I recently had a curious behavior in my customers Exchange 2010 SP3 hybrid environment with centralized mail transport for Exchange 2010 SP3 Edge servers enabled.
Before I describe the topic in more detail I would like to say thank you to the guys from Microsoft: Timothy Heeney, Scott Landry and Tom Kern helped me with my ‘little’ mail flow problem . Appreciate your help.
My customer is using a smtp gateway for external mail flow as usual. Some of the mailboxes have configured smtp forwarding like ForwardingAddress (mail contact) and ForwardingSMTPAddress (external smtp address directly set on the mailbox).
Read more at the atwork.blog
The growth of mobile devices such as smartphones and tablets changed the world rapidly. Most notably business users store important information on their devices such as emails, certificates, pictures, corporate apps and applications, etc. Maintaining control over their applications across corporate datacenters and public cloud platforms has become a significant challenge. IAM helps organizations to reduce helpdesk costs with self-service and single-sign-on experiences.
EMS – Enterprise Mobility Suite was introduced in the end of 2014. There is no specific product for EMS, it’s a collection of services you can choose.
Currently EMS contains the following services:
– Cloud Identity + Access Management: gives users self-service capabilities and single sign-on for any corporate resource for easier identity management – for cloud-only and hybrid identities.
– Mobile Device + Application Management: mobile device management, such as MDM in Office 365 and Intune to manage and protect corporate data and apps on almost any device.
– Information Protection: information security management across on-premises environment and cloud applications while protecting corporate data inside and outside of the organization.
– Desktop Virtualization: a scalable platform to deliver corporate applications simply and cost effectively – everywhere.
Continue reading “Microsoft Enterprise Mobility Suite (EMS) – Identity + Access Management (IAM)”