Andy MaloneThe New Office 365 for IT Pro’s
Microsoft MVP (Enterprise Security)
Founder: Cybercrime Security Forum!
Microsoft International Event Speaker
MCT (18 Years)
Winner: Microsoft Speaker Idol 2006
See me speak @ Microsoft TechEd 2014
Andy Malone
Follow me on Twitter @AndyMalone
The Extras…Follow @AndyMalone & Get my SkyDrive Link
Register at the Glasspaper
Booth for more info & a
chance to win tickets!
Goals
Explore Connect Identity SharePoint Online
Administer Secure Tips n Tricks
Explore…
What is Office 365?Latest productivity services in Microsoft’s public cloud + the latest apps
Benefits of Office 365Latest productivity services in Microsoft’s public cloud + the latest apps
Understand where your data is stored
Energy In = Heat Out
Removing heat is critical
Environmental control is a major source of energy and water consumption
Innovative approaches increase overall efficiency over traditional computer room air conditioning (CRAC)
Rack Density and Deployment1.4 –1.6 PUEMinimized Resource Impact
ServerCapacity~2 PUE 20 year Technology
Containers, PODsScalability & Sustainability1.2 –1.5 PUEAir & Water EconomizationDifferentiated SLAs
ITPACs & ColosReduced Carbon, Rightsized1.05 –1.20 PUE Faster Time to Market Outside Air Cooled
Microsoft’s Datacenter Evolution
2011+
Generation 4
2008
Generation 3
1989-2005
Generation 1
2007
Generation 2
Density ContainmentColocation Modular
Office 365 Operates as a Datacenter within Microsoft Datacenters
• Shared Mechanical & Electrical
• Consumer Services:
• Different hardware
• Separate access control
• Separate network
• Separate storage
Office 365: Getting Started
Adding a Domain to Office 365
Identity…
Core identity scenarios with Office 365
Cloud Identity
Single identity in the cloud Suitable for small organizations with no integration to on-premises directories
Directory & Password Synchronization*
Single identitysuitable for medium and large organizations without federation*
Federated Identity
Single federated identity and credentials suitable for medium and large organizations
Windows Azure Active DirectoryOne Cloud Directory for every organization
What it is:
• The identity platform behind Office 365 & other Microsoft Cloud Services
• Able to integrate with enterprise identity platforms
• Enabler of single sign-on for Office 365 and other apps
What it isn’t:
• Windows Azure Active Directory is not your AD Domain Controllers running in the Windows Azure
• We do support AD running as a role on a VM in Windows Azure IaaS – but that is a separate discussion
Protocols to Connect to Windows Azure AD
Protocol Purpose Details
REST/HTTP directory access
Create, Read, Update, Delete directory objects and relationships
Compatible with OData V3Authenticate with OAuth 2.0
OAuth 2.0 Service to service authenticationDelegated access
JWT token format
Open ID Connect Web application authenticationRich client authentication
Under investigationJWT token format
SAML 2.0 Web application authentication SAML 2.0 token format
WS-Federation 1.3 Web application authentication SAML 1.1 token formatSAML 2.0 token formatJWT token format
WAAD Provisioning• Manual
– Simple Web based user interface– Bulk import of user– Best for small customers
• Scriptable– PowerShell module for windows– Programmable REST based API– Limited attribute set/object types
• Automated– Directory Synchronization with delta – Full fidelity of attributes and object types– Optimized for large object sets
Cloud Identity
OAuth2
SAML-P
WS-Federation
Metadata
Graph API
Directory & Password Sync
OAuth2
SAML-P
WS-Federation
Metadata
Graph API
Federated Identity
OAuth2
SAML-P
WS-Federation
Metadata
Graph API
Account Provisioning
What is Dirsync? (Azure Active Directory Sync Tool )
• Enables Simple & Rich Coexistence
– Provisions objects in Office 365 with same email addresses as the objects in the on-premises environment
– Provides a unified Global Address List experience between on-premises and Office 365
• Objects hidden from the GAL on-premises are also hidden from the GAL in Office 365
– Enables coexistence for Exchange
• Works in both simple and hybrid deployment scenarios
– Enabler for mail routing between on-premises and Office 365 with a shared domain namespace
– Enables coexistence for Microsoft Lync
Dirsync Password Synchronization
• No longer requires ADFS to provide SSO
– Does not sync plaintext passwords
– Dirsync syncs hashes of hashes of your user's passwords greatly reducing the risk of a password leaking
– You don't need to install any new software on your DCs or reboot DCs
– Users don't need to change passwords
– Password Syncing is 1 way. Users that have Password Sync enabled are required to change their passwords on premises in an AD connected machine.
– “In my opinion not as secure as ADFS”
Provisioning Office 365 with Dirsync
|Online
SharePoint Cloud Continuum
CONTROL
CO
ST
-EF
FIC
IEN
CY
SharePoint (On-premises)
Value Prop:• Full h/w control – size/scale
• Roll-your-own HA/DR/scale
Value Prop:• 100% of API surface area
• Easy migration of existing apps
• Roll-your-own HA/DR/scale
SharePoint (Windows Azure)
Value Prop:• Auto HA, Fault-Tolerance
• Friction-free scale
• Self-provisioning, mgmt @ scale
SharePoint Online (Office 365)
Layers of SharePoint Online
Services1+ services run within VM role Hundreds of services interacting
Virtual Machine RolesVMs performing different roles Units of scalability called “Networks”
PhysicalDatacenters Machines Physical network
SharePoint Online components• SharePoint – actual bits & features
– Same bits used in on-premises deployments– All features must conform to service fabric horizontals—”cloud ready”
• Service Fabric – components needed to run service– Deployment & Environments – Topology– Identity & Sign In– Provisioning Tenants & Users – Tenant Admin– Upgrade– High Availability & Disaster Recovery– Telemetry, Incident Management, Debugging & Patching Code in the Service
• Zoom in on topology, provisioning & upgrade– Deep dive into system topology & deployment, customers onboarding & upgrades
Office Web Apps• Consumer / Windows Live– Publicly available to any Live ID user– Free with SkyDrive & Outlook.com
(Hotmail)– Iterative release cadence
• On-Premise / Private Cloud– Runs as Office Web Apps Server– Integrates with SharePoint,
Exchange, File shares, etc.
– Minimal changes during life cycle
• Office 365 / Public Cloud– An option within the service– Monthly per-user subscription– 90-day service update cycle
34
Browser Requirements for Office 365
• Internet Explorer 8
• Safari 5
• latest Chrome
• Latest Firefox
SharePoint Online Topology
WFE
App Server
Crawl WFE
CA
Timer Jobs
Sandbox
Content:
Fed App
Fed Query
Fed CA
Fed Idx
Federated Services:
SQL SQL
SQL:
SQL SQL AD AD
Directory:
Stamp 1:
WFE
App Server
Crawl WFE
CA
Timer Jobs
Sandbox
Content:
Fed App
Fed Query
Fed CA
Fed Idx
Federated Services:
SQL SQL
SQL:
SQL SQL AD AD
Directory:
Stamp 2..N:
Network 1..N:
AD Sync
Prov.
SCOM
ULS
SPDiag
WER
DNS
SMTP
Admin
Backup
NLB
NLB
Datacenter 1..N:
WFE
App Server
Crawl WFE
CA
Timer Jobs
Sandbox
Content:
Fed App
Fed Query
Fed CA
Fed Idx
Federated Services:
SQL SQL
SQL:
SQL SQL AD AD
Directory:
Stamp 1:
WFE
App Server
Crawl WFE
CA
Timer Jobs
Sandbox
Content:
Fed App
Fed Query
Fed CA
Fed Idx
Federated Services:
SQL SQL
SQL:
SQL SQL AD AD
Directory:
Stamp 2..N:
Network 1..N:
AD Sync
Prov.
SCOM
ULS
SPDiag
WER
DNS
SMTP
Admin
Backup
NLB
NLB
Disaster Recovery Datacenter 1..N:
Grid Manager
Global Directory
Tenant Admin (UI)
Commerce backend
DNS (multiple)
OrgID Auth, Svc.
Incident Management
Azure (Windows/SQL)
CDN Services
Failure Scope
nonediskrackdc
Copy Count
124610+
Data CenterData Center
Rack 2Rack 1
Keeping Your Data Safe
Rack 3
save
RAID 10
synchronous
mirroring
asynchronous
log shipping
asynchronous
replicationscheduled
backupspoint-in-time
restore
recycle
bin
client side
cache
Office 365 SharePoint
|Online
Exchange —Work Smarter, Anywhere.
Tailor your solution based on your unique needs
Ensure your communications are always available
Manage increasing volumes of communications
Work together more effectively as teams
Protect business communications and sensitive information
Meet internal and regulatory compliance requirements
Do more, on any device
Keep the organization safe
Remain in control, online and on-premises
Copyright© Microsoft Corporation
Inline reply lets you compose
while staying in context
Quick Peeks that give you access to
your calendar, people and tasks
without leaving your inbox
Minimized ribbon is
just one touch away
Improved navigation takes less space
Touch Mode adds more space and
finger-friendly Quick Actions
Consolidate views from different
sources into a single contact card
Email, calendar, and contacts from
Outlook Web App
Additional features through native
integration with the device:
Stored credentials
Voice activated actions
Contact sync to native address book
Apps require Office 365 with the
latest update of Exchange Online
Copyright© Microsoft Corporation
Delegate administrative tasks to specialist users
Systems administrator
All
Copyright© Microsoft Corporation
Sender notifications
Admin notifications
Multi-engine protection from Exchange Online Protection (EOP)
Copyright© Microsoft Corporation
Block email based on language
Block email based on geography
New fingerprinting techniques from Exchange Online Protection (EOP)
Copyright© Microsoft Corporation
Policy details transparently
displayed to end user
Right click to assign policy to an
item, folder or to all your email
Centrally managed or user-assigned policies
Automated data retention and deletion
Copyright© Microsoft Corporation
A PolicyTip notifies you of a policy
violation while composing an email
Outlook PolicyTips notify users of policy violations before they happen
Copyright© Microsoft Corporation
DLP policy templates support major regulatory requirements
DLP reporting provides insight into organizational compliance
Templates based on regulatory
requirements
DLP reporting
Get instant
statistics
Use proximity searches to
understand context
Query results across
Exchange, Lync &
SharePoint
Laser focused refiners to help
find the data you need
Fine tune
complex queriesSearch Exchange, SharePoint, and Lync data from a single interface
Copyright© Microsoft Corporation
Update hybrid settings
experiences
Lync
Exchange Online
Top Tips & Final Thoughts• Choose Correct 365 Solution
• Sign up for a free trial
• Subscriptions yearly
• Options available for• Kiosk Plans (Basic browser based,
pop email etc)
• Home Premium
• Small Business (P Plans)
• Enterprise (E Plans)
Top Tips & Final Thoughts
• Product V.s. Service
• Clean House, users, mailboxes etc
• To SSO or not to SSO?
• Read the Planning Guides
• Region V.s. Compliance!
• Get your DNS Correct
• Watch out for Expiring SSL Certs
• Beware the Deleted Domains!
Review…
The Extras…Follow @AndyMalone & Get my SkyDrive Link
Tools
Exchange Remote Connectivity Analyzerhttps://www.testexchangeconnectivity.com/
Exchange Client Network Bandwidth Calculatorhttp://gallery.technet.microsoft.com/Exchange-Client-Network-8af1bf00
PST Capturehttp://www.microsoft.com/en-us/download/details.aspx
PowerShell Scriptshttp://technet.microsoft.com/en-us/library/hh974318.aspx
Please evaluate the sessionbefore you leave