Вы находитесь на странице: 1из 63

Hybrid

On Premises

Best experience across devices


Messaging

Voice
& Video

Content
Management

Online

Cloud on your terms


Enterprise
Social

Integrated best-of-breed solutions

Reporting
& Analytics

Migration option decision factors


Large
Medium
Small

Exchange
IMAP
Lotus Notes
Google
4 | Microsoft Confidential

Simple
Rich

DEPLOYMENT
PLAN
Migration
solution is part
of the plan

DirSync
Manual/Bulk
Provisioning
Automatic
Provisioning

On-premises
Single sign-on
On-cloud

Migration solutions

Hybrid

Staged
Cutover
Organizational
size in users
Time for
migration

Features

small

medium

<1 week

2 weeks

none

mailflow/GAL Sync

large

3 weeks

several months

free/busy, archive in cloud

Mailbox Migration to Exchange Online


Different Options for migrating your mailboxes
IMAP migrations
Cutover Exchange migrations
Staged Exchange migrations
PST Capture Tool
Remote move migrations

Simple and Hybrid Migration Comparison


IMAP migration

Cutover migration

Staged migration

2010 hybrid

Exchange 5.5

Exchange 2000

Exchange 2003

Exchange 2007

Exchange 2010

Exchange 2013

Notes/Domino

GroupWise

Other

Simple migrations

Migration performance maximum 0.5 GB/h

IMAP migration
Supports wide range of email platforms
Email only (no calendar, contacts, or tasks)

Cutover Exchange migration


Good for fast, cutover migrations (1 weekend)
Migration performance maximum 5-10 GB/h

Staged Exchange migration

Hybrid

Onboarding in groups (multiple weeks)


Requires Directory Synchronization with on-premises AD

Hybrid deployment
Long-term coexistence
Enables cross-premises calendaring, smooth migration,
and easy off-boarding

Additional options available with tools from migration partners

2013 hybrid

Outlook-based

Outlook/client-based

Migration batches in Exchange Online


The Migration dashboard:

In EAC, select
recipients | migration

Start migration
wizard
Choose migration
type and follow
prompts

Set of Migration Cmdlets

New-MigrationBatch

Start-MigrationBatch

Get-MigrationBatch

Get-MigrationStatus

Complete-Migration

Test-MigrationServerAvailability

Cloud Identity

Cloud Identity With


On-Premises AD

Federated Identity with On-Premises


AD

Users, groups, objects, identities mastered in


the cloud

Users, groups, objects mastered On-Premises


and identities mastered in the cloud

Users, groups, objects, identities mastered


On-Premises

IMAP features and benefits


Works with a large number of source mail systems
Works with on-premises or hosted systems
Users can be migrated in batches

On-premises migration tool is not required.

IMAP requirements and limitations


Access to IMAP ports (TCP/143/993)

SMTP domains configured in O365


tenant

Prepare a CSV file with list of users

Users + mailboxes must be


provisioned prior to migration

Max of 50,000 rows

Max message size 35 MB


Gather user credentials or setup
admin credentials

Email address, user name, password


Bulk provisioning, CSV parser,
manual, etc.
Very limited data migration scope

IMAP migration scope


Migrated
Mail messages
(Inbox and other folders)
Maximum of 500,000 items
Possible to exclude specific folders
from migration
(e.g. Deleted Items, Junk E-Mail)

Not migrated
Contacts, Calendars, Tasks, etc.
Excluded folders
Folders with a forward slash
( / ) in the folder name
Messages larger than 35 MB

IMAP migration flow


Initial
sync
Provision
users
+
mailboxes
in O365
(license
assigned)

Gather IMAP
creds and
prepare CSV

EAC
Wizard:
Enter server
settings and
upload CSV

Change MX
record
Delta
sync
every 24
hours

Mark
migration as
complete

Final
sync and
cleanup

Cutover Features and benefits


Simple and quick migration solution
High-fidelity solution all mailbox content is migrated

Typically best suited to small and medium organizations


Users are provisioned automatically during migration

Works with Exchange 2003 and newer / hosted exchange system


Identity management in the cloud (at least initially)

Cutover Requirements and limitations


Outlook Anywhere service on source system
(must have SSL certificate issued by a public CA)

Migration Account with Full Access or Receive-As


permissions to all mailboxes that will be migrated
SMTP domains configured in O365 tenant
Directory Sync tool disabled in O365 tenant

Up to 2000 mailboxes in source system

Cutover Exchange Migration architecture


On-premises Exchange org

Users, Groups, Contacts via


Outlook Anywhere (NSPI)

Exchange 2003 or later

Mailbox Data via Outlook


Anywhere (RPC over HTTP)

Cutover Accounts and passwords


Accounts provisioning
a.

Migration tool creates users, mailboxes, DLs and contacts

b.

Migration enables replies to migrated messages


(i.e. provision process brings over the Legacy DNs)

Passwords
a.

No access to passwords from source directory

b. New passwords created for all users


c.

A link to download passwords is sent to admin

d.

Users must change password on their first login

Cutover Migration data migration scope


Migrated
Mail messages and folders
Rules and categories
Calendar (normal, recurring)
Out-of-Office settings
Contacts
Tasks
Delegates and folder perms
Outlook settings (e.g. favorites)

Not migrated
Security Groups, DDLs
System mailboxes
Dumpster

Send-As permissions
Messages larger than 25 MB

Cutover data migration scope notes


Partial migrations are not possible
(no folder exclusion, no time range selection, etc.)
Mailboxes enabled for Unified Messaging cannot be migrated
Hidden mailboxes (not visible to tool) cannot be migrated
New cloud mailbox is created (new GUID) and data is copied
Existing cached-mode files (OST files) cannot be preserved

Cutover migration flow

Configure
Outlook
anywhere

EAC
Wizard:

Migration
tool
Enter server provisions
Test using
users
settings
ExRCA
and admin mailboxes
DLs
creds
Assign
contacts
migration
in O365
perms

Initial
sync
Change
MX
record
Delta
sync
every 24
hours

Mark
migration
as
complete

Final
sync and
cleanup

License
users

Staged Migration features and benefits


Simple and flexible migration for medium and large organization
solution to move all data.
Users are provisioned with Directory Sync prior to migration,
identity management remains on premises.
No limit on the number of mailboxes and no tools required.
Users can be migrated in batches (up to 1000 per batch)
Works with Exchange 2003 and 2007 only, on-premises or
hosted

Staged Migration requirements


Outlook Anywhere service on source system
(must have SSL certificate issued by a public CA)
Migration Account with Full Access or Receive-As permissions to all
mailboxes that will be migrated
SMTP domain(s) configured in O365 tenant

Directory Sync tool enabled in O365 tenant


Not possible with Exchange 2010 and Exchange 2013.

Simple co-existence. No Free / Busy or Calendar sharing.

Staged Migration architecture


On-premises Exchange org

Office 365 Directory


Synchronization
app

Users, Groups, Contacts via


AADSync

Mailbox Data via Outlook


Anywhere (RPC over HTTP)
Exchange 2003 or 2007

Mail routing: pre-coexistence


On-premises
MX Record:
contoso.com

User Object
Mailbox-enabled
ProxyAddresses:
SMTP: John.Doe@contoso.com

Exchange

Message filtering

Active Directory

Mail routing: on-premises to Office 365


On-premises
MX Record:
contoso.com

Exchange

User Object
Mail-enabled (not mailbox-enabled)
ProxyAddresses:
SMTP: John.Doe@contoso.com
TargetAddresses:
SMTP: John.Doe@contoso.mail.onmicrosoft.com

AADSync

Message filtering

Active Directory

MX Record:
contoso.onmicrosoft.com
contoso.mail.onmicrosoft.com

Exchange Online Protection

Office 365

Exchange Online

Online Directory

Logon Enabled User


Mailbox-enabled
ProxyAddresses:
SMTP: John.Doe@contoso.com
smtp: John.Doe@contoso.onmicrosoft.com
smtp: John.Doe@contoso.mail.onmicrosoft.com

AADSync Web
Service

Mail routing: Office 365 to on-premises


Office 365
MX Record:
contoso.com

Exchange

User Object
Mailbox-enabled
ProxyAddresses:
SMTP: Jane.Doe@contoso.com

AADSync

Message filtering

Active Directory

MX Record:
contoso.onmicrosoft.com
contoso.mail.onmicrosoft.com

Exchange Online Protection

On-premises

Exchange Online

Online Directory

Logon Enabled User


Mail-enabled (not mailbox-enabled)
ProxyAddresses:
SMTP: Jane.Doe@contoso.com
smtp: Jane.Doe@contoso.onmicrosoft.com
smtp: Jane.Doe@contoso.mail.onmicrosoft.com
TargetAddresses:
SMTP: Jane.Doe@contoso.com

AADSync Web
Service

Staged Migration accounts and


passwords
Accounts provisioning
a.

Migration tool relies on AADSync to do provisioning

b.

For every on-premises mailbox to be migrated there needs


to be a MEU or Mailbox in Office 365

Passwords
a.

Target mailbox passwords must be specified for all users

b.

Administrators can force users to change passwords


on first login

Staged Migration batch file format


CSV format
a.

Email address, password, force change password

One user per line


Max of 1000 users in each CSV

Smart-check against the Office 365 directory

Staged Migration data migration scope


Migrated
Mail messages and folders
Rules and categories
Calendar (normal, recurring)
Out-of-Office settings
Contacts
Tasks
Delegates and folder perms
Outlook settings (e.g. favorites)

Not migrated
Security Groups, DDLs
System mailboxes
Dumpster

Send-As permissions
Messages larger than 25 MB

Staged Migration data migration scope


notes
Partial migrations are not possible
(no folder exclusion, no time range selection, etc.)
Unified messaging has to be disabled prior to move.
Hidden mailboxes cannot be migrated

New cloud mailbox is created and data is copied so


new Outlook profiles.

Staged Migration migration flow

Configure
Outlook
anywhere
Test using
ExRCA
Assign
migration
perms

EAC
Wizard:
Configure
Directory
Sync

Migrate
Batch

Enter server Convert onsettings,


prem
admin
mailboxes
creds, batch
to MEU
CSV

Delete
migration
batch
(optional)

License
users

Change
MX
record

User experience
In case of Staged / Cutover Exchange Migration:
Admin needs to distribute new passwords to users
Users create their new Outlook profile using O365 username and new

passwords (Autodiscover)

All mail is downloaded from the Office 365 mailbox

(i.e. the OST file must be recreated)

PST Capture Tool


Another method for migrating mailbox items to cloud
mailboxes is Microsoft Exchange PST Capture

PST Capture lets you search for and collect PST files on
computers in your on-premises organization and then import
the PST files to cloud mailboxes
a. You can also use PST Capture to import PST files to onpremises primary or archive mailboxes
http://technet.microsoft.com/enus/library/hh781036(v=exchg.141).aspx

Third party tools


There are some third-party migration tools and partners that can assist with
Exchange migrations from third-party platforms
SkyKick

BitTitan
Metalogix

Binary Tree
Dell

TransVault

More Info: Exchange Online migration performance and best practices

Exchange Online Protection overview


Microsoft Exchange Online Protection (EOP) is a cloud-based email filtering service
that helps protect your organization against spam and malware, and includes
features to safeguard your organization from messaging-policy violations.

EOP plans and features:


EOP standalone: Where EOP protects your on-premises

mailboxes.

EOP features in Exchange Online: Where EOP protects your

Exchange Online cloud-hosted mailboxes.

EOP Inbound filtering


Spam analysts
Email is routed to EOP DCs based on MX record resolution
(mail.protection.outlook.com)

Customer feedback
False +ve / -ve
IP-based edge blocking

Reputation blocking

Virus
scanning
AV Engine 1
AV Engine 2

URL block lists

Policy enforcement
Custom Rules

SPAM protection
Safe Sender/Recipient
Content scanning and Heuristics

Allows/Rejects
SPF & Sender ID Filter

AV Engine 3

Bulk Mail filtering


*International Spam*
Advanced SPAM management

Quarantine

Corporate network

Mail flow in EOP


Working with messages and message access options:
EOP offers a lot of flexibility in how your messages are routed.
Use Directory Based Edge Blocking to Reject Messages Sent to Invalid Recipients.
Manage Accepted Domains in EOP

Configure custom mail flow by using connectors

Best practices for configuring EOP


Synchronize recipients

SPF record customization to help prevent spoofing


Set anti-spam options

Set anti-malware options


Create transport rules
Phishing and Spoofing Prevention
Extension Blocking
Configure Bulk Mail Protection

Hybrid overview
Delegated authentication
for on-premises/cloud
web services.
Rich co-existence.

Online mailbox moves

Preserve the Outlook


profile and offline folders
MRS is used.

Exchange Admin Centre


for Office 365 & On
Premises environment.

Authenticated and encrypted mail


flow between on-premises and
the cloud
Preserves the internal Exchange
messages headers, allowing a
seamless end user experience

Hybrid server roles


On-premises Exchange organization
Office 365 Active
Directory synchronization
Existing Exchange environment
(Exchange 2007 or later)

User, contacts, & groups via AADSync

Secure mail flow


Exchange 2013
client access &
mailbox server

Sharing (free/busy, Mail Tips, archive, etc.)


Mailbox data via Mailbox Replication Service (MRS)

Office 365

Hybrid deployment process


Sign up for
Office 365

Register your
domains with
Office 365

Deploy
Office 365
Directory
Sync

General Office 365 deployment tasks

Install
Exchange
2013 CAS &
MBX Servers

(Edge opt)

Publish the
CAS Server
(Assign SSL
certificate,
firewall
rules)

Exchange specific deployment


tasks (deep dive on next slide)

Run the
Hybrid
Wizard

Exchange Online Reporting

Mail Reporting
Active and inactive mailboxes:
Number of active and inactive mailboxes over time. A mailbox is
considered inactive if a user has not logged in for more than 30 days.
New and deleted groups
Shows the number of groups created and deleted.
Mailbox usage:
Shows the number of total number of mailboxes exceeding their
storage quota, and mailboxes using less than 25% of their storage
limit.

Auditing Reports
Mailbox litigation holds
Shows the number of mailboxes which are under the
litigation hold.
Mailbox content search and hold
Specify a date range and get the result for the mailboxes
under the in-Place eDiscovery & Hold
* In-Place Hold and Litigation Hold not included with the
business plans. eDiscovery is included in the Business Plans.

Rules Reporting
Top rule matches for mail
Shows the number of rule matches for the received or sent mail.
Rule matches for mail
Shows the number if transport rule matches, grouped by rule severity.

Protection Reporting
Top senders and recipients
Shows the following depending on the type of report you select:
Top mail recipients: top 10
Top mail senders: top 10
Top Spam Recipients: top 10
Top Malware Recipients: top 10

Top malware for mail


Shows top 10 malwares in sent and received emails.

Key Takeaways:
Planning plays a very important role for a successful migration.

What needs to be migrated and what does not?


We have various options available to move to Office 365, what suits
best for customer requires a careful study of the environment

Office 365 has many reporting options available

Questions?
Andrei Nicolae
andrein@microsoft.com

?
Desires, Feedback, Recommendation