The Minnesota State Colleges and Universities system is an Equal Opportunity employer and educator.

December 30, 2015

January 7, 2016

Office365 – CIO Project Overview

AGENDA Roadmap

In Scope Migrations

Unified Single Tenant Overview

Migration Planning

Training & Communications

Questions

ROADMAPJAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC

EN

HA

NC

EM

EN

TS

MIG

RA

TIO

NS

• Primary Email Selector

• Select Cloud-to-Cloud Email Migration Tool

• Leverage ISRS for Contact Cards

• License Management Tool

• Distribution List Syncing

• Launch SharePoint Accounts (Connect & OneDrive)

• Begin Connect Migration

• Hibbing Migration Completed

Non-User Mailbox Creation

SAINT PAUL MIGRATION (Staff / Faculty)

HENNEPIN MIGRATION

FOND DU LAC MIGRATION

VOIP Integration w/ Voicemail

Compliance Center

Select SharePoint Migration Tool

PROPOSED | NHED MIGRATION

PROPOSED | NHED MIGRATION

• Launch Yammer

PROPOSED | NHED MIGRATION

PROPOSED MIGRATION

PROPOSED MIGRATION

PROPOSED MIGRATION

IN SCOPE MIGRATIONS (as of 12/30/15)

In scope migrations include…

On-prem to cloud migrations of email

Cloud to cloud migrations of email*

On-prem to cloud migrations of SharePoint*

Cloud to cloud migrations of SharePoint and OneDrive*

Guided self-migrations

Out of scope migrations include…

Yammer content

Enterprise voice

* Dependent on selection of migration tools, but will not prohibit migration planning/discovery.

OVERVIEW | BENEFITS Common student experience from one campus to

another!

Single account for employees supporting multiple MnSCU institutions.

System-wide collaboration.

Processes and technology accessible system-wide as a common business practice.

OVERVIEW | CONSIDERATIONSInstitutions who choose to participate in the single tenant must agree to the following prior to migrating:

StarID should be considered public data – Registrar should validate prior to the migration.

Employees and Students will leverage the following credentials when accessing their Office 365 account

Employee UPN: %starid%@mnscu.edu

Student UPN: %starid%@go.mnscu.edu

Institution accepts any risks associated to an employee having access to emails and OneDrive content associated to a concluded role while still an employee within the MnSCU system.

Institution will use the defined naming conventions.

Institution has reviewed and accepted the defined Service Descriptions.

6

7

1 Stores cached credentials in Windows Credential Manager (WCM). If WCM is disabled (no ability to cache credentials), user willbe prompted each time application starts

App / Service User Experience

Outlook 2016/2013/2010, Exchange ActiveSync, POP, IMAP

Prompted for credentials on first connection (and at each password change/expiration) with checkbox to "Save Password"1

Employee UPN: %starid%@mnscu.eduStudent UPN: %starid%@go.mnscu.eduPassword: StarID Password

OneDrive for Business Prompted for credentials on first connection (and at each password change/expiration) with checkbox to "Save Password"1

Employee UPN: %starid%@mnscu.eduStudent UPN: %starid%@go.mnscu.eduPassword: StarID Password

Browser - Microsoft Online Portal, SharePoint Online, Office Web Apps

Web-based authentication

Skype for Business Prompted for credentials on first connection (and at each password change/expiration) with checkbox to "Save Password"1

Sign-in address: Primary Email AddressEmployee UPN: %starid%@mnscu.eduStudent UPN: %starid%@go.mnscu.eduPassword: StarID Password

OVERVIEW | USER AUTHENTICATION

OVERVIEW | GLOBAL ADDRESS LIST

8

OVERVIEW | DISTRIBUTION LISTSDistribution lists will be built and maintained in two ways…

Default lists via OIM group affiliation / provisioning rules (ex: RRCC-Campus-…AdmittedStudents, Affiliates, Alumni, Employees, Faculty, Retired, Staff, StudentEmployees, Student)

Custom via campus request (ex: RRCC-maintenance)

NOTE: All institution specific distribution lists will be set-up for internal use only unless told otherwise.

9

*mnscu.edu will not be leveraged for mail routing with Phase 1 (System Office and Rainy River migrations)**Shared Services generated SMTP addresses for new accounts: If participating institution is not synchronizing their directory data into Single Tenant Active Directory (STAD), the following naming convention will be used.

NOTE: SIP address will leverage the user’s selected primary address.

10

Naming Convention Example

UPN Employee: %StarID%@mnscu.eduStudent: %StarID%@go.mnscu.edu

Display Name Surname<comma><space>First Name<space>Middle Initial Smith, John L

Exchange Shared Mailbox 3-5 Letter of Campus<hyphen>Shared Account Name PINE-TRIO

Distribution List 3-5 Letter of Campus<hyphen>Distribution Group Name PINE-Help Desk

Conference Room 3-5 Letter of Campus<hyphen>Location<space><RM>Room

Name<hyphen>Capabilities

PINE-601 RM140-VC

Equipment 3-5 Letter of Campus<hyphen>Optional

Location<space>Equipment with enumerator

PINE-Projector1

Groups in O365 3-5 Letter of Campus<hyphen>Group Name PINE-PsychAb4022

Attribute Naming Convention Example

Assigned Proxy Address*

Employee

Student

%StarID%@mnscu.edu

%StarID%@go.mnscu.edu

cx1113ag@mnscu.edu

cx1113ag@go.mnscu.edu

Proxy Address**

Collisions

<firstname>.<lastname>@institution.edu

<firstname>.<lastname>.2@institution.edu

Karen.Cavalli@dctc.edu

Karen.Cavalli.2@dctc.edu

OVERVIEW | NAMING CONVENTIONS

OVERVIEW | NEW PROCESSES

Licensing

Provisioning

Student Privacy

Requesting a Mailbox

eDiscovery / Legal Hold

OVERVIEW | LICENSINGThe License Management Tool will provide the following capabilities…

Manage both the base licensing level and a la carte licensing (product level).

Global License Manager will assign licenses to campuses for allocation.

Institution License Manager will assign allocated license, as needed, to users affiliated to their institution.

Licenses will be automatically assigned based on the institution and group membership.

FUTURE STATE: Reporting, tracking, auditing performed by Global Licensing Manager.

OVERVIEW | PROVISIONING

OUT OF TENANT (Connect access) provisioning rules will be based on a common set of rules.

IN TENANT provisioning rules will be based on institution approved rules.

Phase 1: Mailboxes will be disabled and license will remain unless notified by institution.

FUTURE STATE: licenses will be removed unless notified otherwise. Once the license is removed, the mailbox can be reattached within 30 days.

Shared Services can grant delegate access to separated employee mailboxes upon request.

Email address can be created by the institution or Shared Services

OVERVIEW | STUDENT PRIVACY

If a student has ANY privacy indicator at ANY campus (in or outside of the tenant) they will be hidden from the global address list.

If the student would like to participate in the global address list they will need to contact the appropriate campus who will need to ensure the ISRS privacy indicator is removed from the students ISRS record.

OVERVIEW | REQUESTING A MAILBOX

Requests for new shared mailboxes, resource mailboxes and contacts can be submitted by approved campus contact(s) via Office 365 SharePoint request form: https://mnscu.sharepoint.com/teams/SO-O365CoreTeam/_layouts/15/start.aspx#/SitePages/Home.aspx

Once submitted, we will assume the request is approved by the campus.

All other requests should be submitted to Shared Services for evaluation.

FUTURE STATE: Completing the form with automatically create the requested mailbox.

OVERVIEW | eDISCOVERY

Basic process for institutions requiring Legal Hold or eDiscovery within the single tenant:

Submit requests to System Office (via Ramon).

System Office will work with the Office 365 Shared Services Team to ensure the Legal Hold or eDiscovery is set.

MIGRATION PLANNING

17

MIGRATION PLANNING Contact Office 365 Project Manager

Melinda Clark

651-201-1784

Melinda.clark@so.mnscu.edu

Campus will be contacted to schedule a Kickoff Meeting and Discovery Workshops based on the campuses ideal migration date.

Tentative migration dates will be identified during Discovery Workshops.

18

19

MIGRATION PLANNING

TASK OWNER(S) PARTICIPANTS DURATION

INITIATION PHASE

Kickoff Meeting Core Team Migrating Institution’s Team 1 hour

ASSESSMENT PHASE

Conduct Discovery Workshops Core Team Migrating Institution’s Team 4 hours over 2 days

Finalize Enablement Plan Core Team & Migrating Institution’s Team

1 week

REMEDIATION PHASE

Complete Prep & Remediation Tasks Migrating Institution’s Team TBD w/in Discovery

Establish Training & Communications Plan Migrating Institution’s Team TBD w/in Discovery

ENABLEMENT PHASE

Complete Enablement Tasks Core Team TBD w/in Discovery

Pilot Core Team & Migrating Institution’s Team

TBD w/in Discovery

Architecture Review Core Team Migrating Institution’s Team TBD w/in Discovery

MIGRATION PHASE Core Team & Migrating Institution’s Team

MIGRATION PLANNINGAn example of pre-migration and remediation tasks include:

Conduct Discovery Workshops.

Review and accept terms and conditions – includes ensuring StarID is public data.

Need list of O365 feature groups to determine which will be scripted.

Review current provisioning rules for mailboxes (account expirations, non-enrolled students, etc).

Provide list of all SMTPs.

Determine who will create proxy email address (campus or Shared Services).

Determine if local AD needs to be updated with all email addresses.

Ensure all active employees and students are identified within the appropriate groups for migrating to the correct STAD account.

Review and ensure identified ISRS data is up-to-date (department, title, etc).

Export export scripts / remediate issues.

20

TRAINING & COMMUNICATIONS

Campus to assess the needs and requirements for different roles based on future state processes and establish a training and communications plan.

An Office 365 Toolkit can be leveraged for materials.

The tool kit can be found on the Office 365 TeamSite

Materials include…

FAQs

Training videos

Examples of campus communications

NOTE: Over the next few weeks you will see the toolkit evolve to make it easier to search and obtain content.

QUESTIONS

22

QUESTIONSQ: Can the single tenant support Cisco Unity?

A: In Feb. 2016 we will be completing VOIP integration with voicemail which can be leveraged for campuses currently using Cisco Unity.

Q: How will we handle preferred names for users with multiple affiliations and different preferred names?

A: Per ISRS business rule, only one preferred name can be defined on an ISRS record – it is considered core data.

Q: Can we incorporate unique identifiers (from a proxy address) within the display name so that we can easily differentiate users with the same name.

A: Currently we are not incorporating these, but we are incorporating the middle initial when available. We can look into whether or not it is feasible to include the unique identifier.

Q: How will the unified single tenant handle PSEO students?

A: Default provisioning rules will treat PSEOs as any other student.

Q: Will there be anyone looking at O365 MDM and or Intune as part of shared services? And, if it is “in scope” how would user/device policy’s work among an employee with multiple affiliations?

A: Mobile Device Management (MDM) is not currently in-scope but we will investigate to determine if it allows flexibility for deployments at multiple campuses.

23