Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
The Minnesota State Colleges and Universities system is an Equal Opportunity employer and educator.
December 30, 2015
January 7, 2016
Office365 – CIO Project Overview
AGENDA Roadmap
In Scope Migrations
Unified Single Tenant Overview
Migration Planning
Training & Communications
Questions
ROADMAPJAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC
EN
HA
NC
EM
EN
TS
MIG
RA
TIO
NS
• Primary Email Selector
• Select Cloud-to-Cloud Email Migration Tool
• Leverage ISRS for Contact Cards
• License Management Tool
• Distribution List Syncing
• Launch SharePoint Accounts (Connect & OneDrive)
• Begin Connect Migration
• Hibbing Migration Completed
Non-User Mailbox Creation
SAINT PAUL MIGRATION (Staff / Faculty)
HENNEPIN MIGRATION
FOND DU LAC MIGRATION
VOIP Integration w/ Voicemail
Compliance Center
Select SharePoint Migration Tool
PROPOSED | NHED MIGRATION
PROPOSED | NHED MIGRATION
• Launch Yammer
PROPOSED | NHED MIGRATION
PROPOSED MIGRATION
PROPOSED MIGRATION
PROPOSED MIGRATION
IN SCOPE MIGRATIONS (as of 12/30/15)
In scope migrations include…
On-prem to cloud migrations of email
Cloud to cloud migrations of email*
On-prem to cloud migrations of SharePoint*
Cloud to cloud migrations of SharePoint and OneDrive*
Guided self-migrations
Out of scope migrations include…
Yammer content
Enterprise voice
* Dependent on selection of migration tools, but will not prohibit migration planning/discovery.
OVERVIEW | BENEFITS Common student experience from one campus to
another!
Single account for employees supporting multiple MnSCU institutions.
System-wide collaboration.
Processes and technology accessible system-wide as a common business practice.
OVERVIEW | CONSIDERATIONSInstitutions who choose to participate in the single tenant must agree to the following prior to migrating:
StarID should be considered public data – Registrar should validate prior to the migration.
Employees and Students will leverage the following credentials when accessing their Office 365 account
Employee UPN: %starid%@mnscu.edu
Student UPN: %starid%@go.mnscu.edu
Institution accepts any risks associated to an employee having access to emails and OneDrive content associated to a concluded role while still an employee within the MnSCU system.
Institution will use the defined naming conventions.
Institution has reviewed and accepted the defined Service Descriptions.
6
7
1 Stores cached credentials in Windows Credential Manager (WCM). If WCM is disabled (no ability to cache credentials), user willbe prompted each time application starts
App / Service User Experience
Outlook 2016/2013/2010, Exchange ActiveSync, POP, IMAP
Prompted for credentials on first connection (and at each password change/expiration) with checkbox to "Save Password"1
Employee UPN: %starid%@mnscu.eduStudent UPN: %starid%@go.mnscu.eduPassword: StarID Password
OneDrive for Business Prompted for credentials on first connection (and at each password change/expiration) with checkbox to "Save Password"1
Employee UPN: %starid%@mnscu.eduStudent UPN: %starid%@go.mnscu.eduPassword: StarID Password
Browser - Microsoft Online Portal, SharePoint Online, Office Web Apps
Web-based authentication
Skype for Business Prompted for credentials on first connection (and at each password change/expiration) with checkbox to "Save Password"1
Sign-in address: Primary Email AddressEmployee UPN: %starid%@mnscu.eduStudent UPN: %starid%@go.mnscu.eduPassword: StarID Password
OVERVIEW | USER AUTHENTICATION
OVERVIEW | GLOBAL ADDRESS LIST
8
OVERVIEW | DISTRIBUTION LISTSDistribution lists will be built and maintained in two ways…
Default lists via OIM group affiliation / provisioning rules (ex: RRCC-Campus-…AdmittedStudents, Affiliates, Alumni, Employees, Faculty, Retired, Staff, StudentEmployees, Student)
Custom via campus request (ex: RRCC-maintenance)
NOTE: All institution specific distribution lists will be set-up for internal use only unless told otherwise.
9
*mnscu.edu will not be leveraged for mail routing with Phase 1 (System Office and Rainy River migrations)**Shared Services generated SMTP addresses for new accounts: If participating institution is not synchronizing their directory data into Single Tenant Active Directory (STAD), the following naming convention will be used.
NOTE: SIP address will leverage the user’s selected primary address.
10
Naming Convention Example
UPN Employee: %StarID%@mnscu.eduStudent: %StarID%@go.mnscu.edu
Display Name Surname<comma><space>First Name<space>Middle Initial Smith, John L
Exchange Shared Mailbox 3-5 Letter of Campus<hyphen>Shared Account Name PINE-TRIO
Distribution List 3-5 Letter of Campus<hyphen>Distribution Group Name PINE-Help Desk
Conference Room 3-5 Letter of Campus<hyphen>Location<space><RM>Room
Name<hyphen>Capabilities
PINE-601 RM140-VC
Equipment 3-5 Letter of Campus<hyphen>Optional
Location<space>Equipment with enumerator
PINE-Projector1
Groups in O365 3-5 Letter of Campus<hyphen>Group Name PINE-PsychAb4022
Attribute Naming Convention Example
Assigned Proxy Address*
Employee
Student
%StarID%@mnscu.edu
%StarID%@go.mnscu.edu
Proxy Address**
Collisions
<firstname>.<lastname>@institution.edu
<firstname>.<lastname>[email protected]
OVERVIEW | NAMING CONVENTIONS
OVERVIEW | NEW PROCESSES
Licensing
Provisioning
Student Privacy
Requesting a Mailbox
eDiscovery / Legal Hold
OVERVIEW | LICENSINGThe License Management Tool will provide the following capabilities…
Manage both the base licensing level and a la carte licensing (product level).
Global License Manager will assign licenses to campuses for allocation.
Institution License Manager will assign allocated license, as needed, to users affiliated to their institution.
Licenses will be automatically assigned based on the institution and group membership.
FUTURE STATE: Reporting, tracking, auditing performed by Global Licensing Manager.
OVERVIEW | PROVISIONING
OUT OF TENANT (Connect access) provisioning rules will be based on a common set of rules.
IN TENANT provisioning rules will be based on institution approved rules.
Phase 1: Mailboxes will be disabled and license will remain unless notified by institution.
FUTURE STATE: licenses will be removed unless notified otherwise. Once the license is removed, the mailbox can be reattached within 30 days.
Shared Services can grant delegate access to separated employee mailboxes upon request.
Email address can be created by the institution or Shared Services
OVERVIEW | STUDENT PRIVACY
If a student has ANY privacy indicator at ANY campus (in or outside of the tenant) they will be hidden from the global address list.
If the student would like to participate in the global address list they will need to contact the appropriate campus who will need to ensure the ISRS privacy indicator is removed from the students ISRS record.
OVERVIEW | REQUESTING A MAILBOX
Requests for new shared mailboxes, resource mailboxes and contacts can be submitted by approved campus contact(s) via Office 365 SharePoint request form: https://mnscu.sharepoint.com/teams/SO-O365CoreTeam/_layouts/15/start.aspx#/SitePages/Home.aspx
Once submitted, we will assume the request is approved by the campus.
All other requests should be submitted to Shared Services for evaluation.
FUTURE STATE: Completing the form with automatically create the requested mailbox.
OVERVIEW | eDISCOVERY
Basic process for institutions requiring Legal Hold or eDiscovery within the single tenant:
Submit requests to System Office (via Ramon).
System Office will work with the Office 365 Shared Services Team to ensure the Legal Hold or eDiscovery is set.
MIGRATION PLANNING
17
MIGRATION PLANNING Contact Office 365 Project Manager
Melinda Clark
651-201-1784
Campus will be contacted to schedule a Kickoff Meeting and Discovery Workshops based on the campuses ideal migration date.
Tentative migration dates will be identified during Discovery Workshops.
18
19
MIGRATION PLANNING
TASK OWNER(S) PARTICIPANTS DURATION
INITIATION PHASE
Kickoff Meeting Core Team Migrating Institution’s Team 1 hour
ASSESSMENT PHASE
Conduct Discovery Workshops Core Team Migrating Institution’s Team 4 hours over 2 days
Finalize Enablement Plan Core Team & Migrating Institution’s Team
1 week
REMEDIATION PHASE
Complete Prep & Remediation Tasks Migrating Institution’s Team TBD w/in Discovery
Establish Training & Communications Plan Migrating Institution’s Team TBD w/in Discovery
ENABLEMENT PHASE
Complete Enablement Tasks Core Team TBD w/in Discovery
Pilot Core Team & Migrating Institution’s Team
TBD w/in Discovery
Architecture Review Core Team Migrating Institution’s Team TBD w/in Discovery
MIGRATION PHASE Core Team & Migrating Institution’s Team
MIGRATION PLANNINGAn example of pre-migration and remediation tasks include:
Conduct Discovery Workshops.
Review and accept terms and conditions – includes ensuring StarID is public data.
Need list of O365 feature groups to determine which will be scripted.
Review current provisioning rules for mailboxes (account expirations, non-enrolled students, etc).
Provide list of all SMTPs.
Determine who will create proxy email address (campus or Shared Services).
Determine if local AD needs to be updated with all email addresses.
Ensure all active employees and students are identified within the appropriate groups for migrating to the correct STAD account.
Review and ensure identified ISRS data is up-to-date (department, title, etc).
Export export scripts / remediate issues.
20
TRAINING & COMMUNICATIONS
Campus to assess the needs and requirements for different roles based on future state processes and establish a training and communications plan.
An Office 365 Toolkit can be leveraged for materials.
The tool kit can be found on the Office 365 TeamSite
Materials include…
FAQs
Training videos
Examples of campus communications
NOTE: Over the next few weeks you will see the toolkit evolve to make it easier to search and obtain content.
QUESTIONS
22
QUESTIONSQ: Can the single tenant support Cisco Unity?
A: In Feb. 2016 we will be completing VOIP integration with voicemail which can be leveraged for campuses currently using Cisco Unity.
Q: How will we handle preferred names for users with multiple affiliations and different preferred names?
A: Per ISRS business rule, only one preferred name can be defined on an ISRS record – it is considered core data.
Q: Can we incorporate unique identifiers (from a proxy address) within the display name so that we can easily differentiate users with the same name.
A: Currently we are not incorporating these, but we are incorporating the middle initial when available. We can look into whether or not it is feasible to include the unique identifier.
Q: How will the unified single tenant handle PSEO students?
A: Default provisioning rules will treat PSEOs as any other student.
Q: Will there be anyone looking at O365 MDM and or Intune as part of shared services? And, if it is “in scope” how would user/device policy’s work among an employee with multiple affiliations?
A: Mobile Device Management (MDM) is not currently in-scope but we will investigate to determine if it allows flexibility for deployments at multiple campuses.
23