Andy MaloneThe New Office 365 for IT Pro’s

Microsoft MVP (Enterprise Security)

Founder: Cybercrime Security Forum!

Microsoft International Event Speaker

MCT (18 Years)

Winner: Microsoft Speaker Idol 2006

See me speak @ Microsoft TechEd 2014

Andy Malone

Follow me on Twitter @AndyMalone

The Extras…Follow @AndyMalone & Get my SkyDrive Link

Register at the Glasspaper

Booth for more info & a

chance to win tickets!

Goals

Explore Connect Identity SharePoint Online

Administer Secure Tips n Tricks

Explore…

What is Office 365?Latest productivity services in Microsoft’s public cloud + the latest apps

Benefits of Office 365Latest productivity services in Microsoft’s public cloud + the latest apps

Understand where your data is stored

Energy In = Heat Out

Removing heat is critical

Environmental control is a major source of energy and water consumption

Innovative approaches increase overall efficiency over traditional computer room air conditioning (CRAC)

Rack Density and Deployment1.4 –1.6 PUEMinimized Resource Impact

ServerCapacity~2 PUE 20 year Technology

Containers, PODsScalability & Sustainability1.2 –1.5 PUEAir & Water EconomizationDifferentiated SLAs

ITPACs & ColosReduced Carbon, Rightsized1.05 –1.20 PUE Faster Time to Market Outside Air Cooled

Microsoft’s Datacenter Evolution

2011+

Generation 4

2008

Generation 3

1989-2005

Generation 1

2007

Generation 2

Density ContainmentColocation Modular

Office 365 Operates as a Datacenter within Microsoft Datacenters

• Shared Mechanical & Electrical

• Consumer Services:

• Different hardware

• Separate access control

• Separate network

• Separate storage

Office 365: Getting Started

Adding a Domain to Office 365

Identity…

Core identity scenarios with Office 365

Cloud Identity

Single identity in the cloud Suitable for small organizations with no integration to on-premises directories

Directory & Password Synchronization*

Single identitysuitable for medium and large organizations without federation*

Federated Identity

Single federated identity and credentials suitable for medium and large organizations

Windows Azure Active DirectoryOne Cloud Directory for every organization

What it is:

• The identity platform behind Office 365 & other Microsoft Cloud Services

• Able to integrate with enterprise identity platforms

• Enabler of single sign-on for Office 365 and other apps

What it isn’t:

• Windows Azure Active Directory is not your AD Domain Controllers running in the Windows Azure

• We do support AD running as a role on a VM in Windows Azure IaaS – but that is a separate discussion

Protocols to Connect to Windows Azure AD

Protocol Purpose Details

REST/HTTP directory access

Create, Read, Update, Delete directory objects and relationships

Compatible with OData V3Authenticate with OAuth 2.0

OAuth 2.0 Service to service authenticationDelegated access

JWT token format

Open ID Connect Web application authenticationRich client authentication

Under investigationJWT token format

SAML 2.0 Web application authentication SAML 2.0 token format

WS-Federation 1.3 Web application authentication SAML 1.1 token formatSAML 2.0 token formatJWT token format

WAAD Provisioning• Manual

– Simple Web based user interface– Bulk import of user– Best for small customers

• Scriptable– PowerShell module for windows– Programmable REST based API– Limited attribute set/object types

• Automated– Directory Synchronization with delta – Full fidelity of attributes and object types– Optimized for large object sets

Cloud Identity

OAuth2

SAML-P

WS-Federation

Metadata

Graph API

Directory & Password Sync

OAuth2

SAML-P

WS-Federation

Metadata

Graph API

Federated Identity

OAuth2

SAML-P

WS-Federation

Metadata

Graph API

Account Provisioning

What is Dirsync? (Azure Active Directory Sync Tool )

• Enables Simple & Rich Coexistence

– Provisions objects in Office 365 with same email addresses as the objects in the on-premises environment

– Provides a unified Global Address List experience between on-premises and Office 365

• Objects hidden from the GAL on-premises are also hidden from the GAL in Office 365

– Enables coexistence for Exchange

• Works in both simple and hybrid deployment scenarios

– Enabler for mail routing between on-premises and Office 365 with a shared domain namespace

– Enables coexistence for Microsoft Lync

Dirsync Password Synchronization

• No longer requires ADFS to provide SSO

– Does not sync plaintext passwords

– Dirsync syncs hashes of hashes of your user's passwords greatly reducing the risk of a password leaking

– You don't need to install any new software on your DCs or reboot DCs

– Users don't need to change passwords

– Password Syncing is 1 way. Users that have Password Sync enabled are required to change their passwords on premises in an AD connected machine.

– “In my opinion not as secure as ADFS”

Provisioning Office 365 with Dirsync

|Online

SharePoint Cloud Continuum

CONTROL

CO

ST

-EF

FIC

IEN

CY

SharePoint (On-premises)

Value Prop:• Full h/w control – size/scale

• Roll-your-own HA/DR/scale

Value Prop:• 100% of API surface area

• Easy migration of existing apps

• Roll-your-own HA/DR/scale

SharePoint (Windows Azure)

Value Prop:• Auto HA, Fault-Tolerance

• Friction-free scale

• Self-provisioning, mgmt @ scale

SharePoint Online (Office 365)

Layers of SharePoint Online

Services1+ services run within VM role Hundreds of services interacting

Virtual Machine RolesVMs performing different roles Units of scalability called “Networks”

PhysicalDatacenters Machines Physical network

SharePoint Online components• SharePoint – actual bits & features

– Same bits used in on-premises deployments– All features must conform to service fabric horizontals—”cloud ready”

• Service Fabric – components needed to run service– Deployment & Environments – Topology– Identity & Sign In– Provisioning Tenants & Users – Tenant Admin– Upgrade– High Availability & Disaster Recovery– Telemetry, Incident Management, Debugging & Patching Code in the Service

• Zoom in on topology, provisioning & upgrade– Deep dive into system topology & deployment, customers onboarding & upgrades

Office Web Apps• Consumer / Windows Live– Publicly available to any Live ID user– Free with SkyDrive & Outlook.com

(Hotmail)– Iterative release cadence

• On-Premise / Private Cloud– Runs as Office Web Apps Server– Integrates with SharePoint,

Exchange, File shares, etc.

– Minimal changes during life cycle

• Office 365 / Public Cloud– An option within the service– Monthly per-user subscription– 90-day service update cycle

34

Browser Requirements for Office 365

• Internet Explorer 8

• Safari 5

• latest Chrome

• Latest Firefox

SharePoint Online Topology

WFE

App Server

Crawl WFE

CA

Timer Jobs

Sandbox

Content:

Fed App

Fed Query

Fed CA

Fed Idx

Federated Services:

SQL SQL

SQL:

SQL SQL AD AD

Directory:

Stamp 1:

WFE

App Server

Crawl WFE

CA

Timer Jobs

Sandbox

Content:

Fed App

Fed Query

Fed CA

Fed Idx

Federated Services:

SQL SQL

SQL:

SQL SQL AD AD

Directory:

Stamp 2..N:

Network 1..N:

AD Sync

Prov.

SCOM

ULS

SPDiag

WER

DNS

SMTP

Admin

Backup

NLB

NLB

Datacenter 1..N:

WFE

App Server

Crawl WFE

CA

Timer Jobs

Sandbox

Content:

Fed App

Fed Query

Fed CA

Fed Idx

Federated Services:

SQL SQL

SQL:

SQL SQL AD AD

Directory:

Stamp 1:

WFE

App Server

Crawl WFE

CA

Timer Jobs

Sandbox

Content:

Fed App

Fed Query

Fed CA

Fed Idx

Federated Services:

SQL SQL

SQL:

SQL SQL AD AD

Directory:

Stamp 2..N:

Network 1..N:

AD Sync

Prov.

SCOM

ULS

SPDiag

WER

DNS

SMTP

Admin

Backup

NLB

NLB

Disaster Recovery Datacenter 1..N:

Grid Manager

Global Directory

Tenant Admin (UI)

Commerce backend

DNS (multiple)

OrgID Auth, Svc.

Incident Management

Azure (Windows/SQL)

CDN Services

Failure Scope

nonediskrackdc

Copy Count

124610+

Data CenterData Center

Rack 2Rack 1

Keeping Your Data Safe

Rack 3

save

RAID 10

synchronous

mirroring

asynchronous

log shipping

asynchronous

replicationscheduled

backupspoint-in-time

restore

recycle

bin

client side

cache

Office 365 SharePoint

|Online

Exchange —Work Smarter, Anywhere.

Tailor your solution based on your unique needs

Ensure your communications are always available

Manage increasing volumes of communications

Work together more effectively as teams

Protect business communications and sensitive information

Meet internal and regulatory compliance requirements

Do more, on any device

Keep the organization safe

Remain in control, online and on-premises

Copyright© Microsoft Corporation

Inline reply lets you compose

while staying in context

Quick Peeks that give you access to

your calendar, people and tasks

without leaving your inbox

Minimized ribbon is

just one touch away

Improved navigation takes less space

Touch Mode adds more space and

finger-friendly Quick Actions

Consolidate views from different

sources into a single contact card

Email, calendar, and contacts from

Outlook Web App

Additional features through native

integration with the device:

Stored credentials

Voice activated actions

Contact sync to native address book

Apps require Office 365 with the

latest update of Exchange Online

Copyright© Microsoft Corporation

Delegate administrative tasks to specialist users

Systems administrator

All

Copyright© Microsoft Corporation

Sender notifications

Admin notifications

Multi-engine protection from Exchange Online Protection (EOP)

Copyright© Microsoft Corporation

Block email based on language

Block email based on geography

New fingerprinting techniques from Exchange Online Protection (EOP)

Copyright© Microsoft Corporation

Policy details transparently

displayed to end user

Right click to assign policy to an

item, folder or to all your email

Centrally managed or user-assigned policies

Automated data retention and deletion

Copyright© Microsoft Corporation

A PolicyTip notifies you of a policy

violation while composing an email

Outlook PolicyTips notify users of policy violations before they happen

Copyright© Microsoft Corporation

DLP policy templates support major regulatory requirements

DLP reporting provides insight into organizational compliance

Templates based on regulatory

requirements

DLP reporting

Get instant

statistics

Use proximity searches to

understand context

Query results across

Exchange, Lync &

SharePoint

Laser focused refiners to help

find the data you need

Fine tune

complex queriesSearch Exchange, SharePoint, and Lync data from a single interface

Copyright© Microsoft Corporation

Update hybrid settings

experiences

Lync

Exchange Online

Top Tips & Final Thoughts• Choose Correct 365 Solution

• Sign up for a free trial

• Subscriptions yearly

• Options available for• Kiosk Plans (Basic browser based,

pop email etc)

• Home Premium

• Small Business (P Plans)

• Enterprise (E Plans)

Top Tips & Final Thoughts

• Product V.s. Service

• Clean House, users, mailboxes etc

• To SSO or not to SSO?

• Read the Planning Guides

• Region V.s. Compliance!

• Get your DNS Correct

• Watch out for Expiring SSL Certs

• Beware the Deleted Domains!

Review…

The Extras…Follow @AndyMalone & Get my SkyDrive Link

Tools

Exchange Remote Connectivity Analyzerhttps://www.testexchangeconnectivity.com/

Exchange Client Network Bandwidth Calculatorhttp://gallery.technet.microsoft.com/Exchange-Client-Network-8af1bf00

PST Capturehttp://www.microsoft.com/en-us/download/details.aspx

PowerShell Scriptshttp://technet.microsoft.com/en-us/library/hh974318.aspx

Please evaluate the sessionbefore you leave