luca argentiero technical specialist microsoft schweiz gmbh office365 die nchste generation von...
DESCRIPTION
Technologies Included in Microsoft Office 365 Store your important documents, and share expertise using personal My Sites Share documents, task lists, and schedules to keep business units in sync using team sites Work effortlessly with partners and customers by creating sites to share information securely 10GB per tenant MB per user 25GB Mailbox Outlook and Outlook Web App Premium antivirus/anti-spam (Forefront) Shared calendars, contacts, and tasks Mobile for most mobile devices including BlackBerry, iPhone, Nokia, Windows Phone archiving and compliance capabilities Instant messaging and presence PC-to-PC audio and video calling Click-to-communicate from Outlook, SharePoint, and other Office Applications Online meetings with PC-audio, video conferencing and screen sharing Single click meeting creation and join from Outlook Calendar integration with Outlook and Exchange Flexible service offering with pay-as-you-go, per-user licensing The complete Office experience with services integration in Office 365 Simplified user set-up to preconfigure services Always the latest version of the Office apps, including Office Web Apps Familiar Office user experience to access services Single user interface to purchase, administer and user with role-based access control | Single sign-on with on-premises Active Directory ® | 99.9% financially backed SLA | 24x7 IT Pro Support | Regional data centers in multiple locations CONTROL AND EFFICIENCYTRANSCRIPT
Luca Argentiero [email protected] SpecialistMicrosoft Schweiz GmbH
Office365 – Die nächste Generation von Produktivitätstools in der Cloud
Microsoft Office 365BRINGING TOGETHER CLOUD VERSIONS OF OUR MOST TRUSTED
COMMUNICATIONS AND COLLABORATION PRODUCTS WITH THE LATEST VERSION OF OUR DESKTOP SUITE FOR BUSINESSES OF ALL SIZES.
Technologies Included in Microsoft Office 365
• Store your important documents, and share expertise using personal My Sites
• Share documents, task lists, and schedules to keep business units in sync using team sites
• Work effortlessly with partners and customers by creating sites to share information securely
• 10GB per tenant + 500 MB per user
• 25GB Mailbox• Outlook and Outlook Web App• Premium antivirus/anti-spam (Forefront)• Shared calendars, contacts, and tasks• Mobile email for most mobile devices including
BlackBerry, iPhone, Nokia, Windows Phone• Email archiving and compliance capabilities
• Instant messaging and presence• PC-to-PC audio and video calling • Click-to-communicate from Outlook, SharePoint, and
other Office Applications • Online meetings with PC-audio, video conferencing and
screen sharing• Single click meeting creation and join from Outlook• Calendar integration with Outlook and Exchange
• Flexible service offering with pay-as-you-go, per-user licensing
• The complete Office experience with services integration in Office 365
• Simplified user set-up to preconfigure services• Always the latest version of the Office apps, including
Office Web Apps• Familiar Office user experience to access services
Single user interface to purchase, administer and user with role-based access control | Single sign-on with on-premises Active Directory® | 99.9% financially backed SLA | 24x7 IT Pro Support | Regional data centers
in multiple locations
CONTROL AND EFFICIENCY
Protection and CompliancePremium Anti-Spam and Antivirus Protection
High-accuracy spam filteringMultiple virus-scanning enginesIncluded with Office 365 subscriptionAdmin center provides advanced policy rules and reporting
External
World-Class Data Centers and Infrastructure
$2.3 billion (USD) investment in cloud infrastructureRegional data centers in multiple locations in North America, Europe, and AsiaExceptional hardware in data centersSafer, more secure and reliable infrastructure
Security ProgramA Risk-Based, Multi-Dimensional Approach to Help Safeguard Services and Data
Security Monitoring and Response, Threat and Vulnerability Management
Access Control and Monitoring, File and Data Integrity
Account Management, Training and Awareness, ScreeningSecure Development Life Cycle, Access Control and Monitoring, Anti-MalwareAccess Control and Monitoring, Anti-Malware, Patch and Configuration ManagementDual-factor Authentication, Intrusion Detection, Vulnerability ScanningEdge Routers, Firewalls, Intrusion Detection, Vulnerability Scanning
Video Surveillance, Biometrics, Access Control
Security Management
Office 365 Service-Level Agreement
Monthly Uptime Percentage
Financially-backed, 99.9-percent service uptime service-level agreement (SLA)Offered per customer, per monthScheduled downtime of less than 10 hours per calendar year is not considered downtime for SLA purposes
Less than 99.9 percentLess than 99 percentLess than 95 percent
Service Credit
25 percent of monthly fee50 percent of monthly fee100 percent of monthly fee
*See Service Level Descriptions for each service for definitions and clarifications, including uptime formula
Office 365 Disaster Recovery and Data Retention
Data in Office 365 is backed up to disc at regular intervals within the primary data center.*Data is backed up to the secondary data center at regular intervals.*In the event of a catastrophic event, Office 365 will failover to the secondary data center.
Recovery Time Objective (RTO): How soon will the service be operational?Recovery Point Objective (RPO): How much data might be lost?
*See Service Level Descriptions for each service for definitions and clarifications, including uptime formula
Service Data Retention RTO RPOExchange Online Deleted Item Recovery = 14 days
Deleted Mailbox Recovery = 30 Days4 Hours 2 Hours
Microsoft SharePoint® Online
Deleted Item Recovery = 30 days 24 Hours 12 Hours
Microsoft Lync™ Online
N/A 72 Hours 24 Hours
24x7 Support Provided by MicrosoftIT-level support, staff dedicated
to Office 365 supportWorldwide phone numbers or online
24x7 support
Rich community forums
Service health dashboard
Broad community of partners available to help you
Office 365 DemoA Look at the Office 365 Portal
Office 365 Desktop SetupUpdates client PCs with Windows and Office products to work with Office 365 Services.
Uses Microsoft Windows Server® Update Services and Windows Update to detect, download, and install updates.Installs only updates that are required to connect to and use services.
Configures clients for subscribed services.Run on demand by end users with minimal system footprint.Local administrators give permission to install.Supports IT administrator deployment (elevated privileges).
Licensing and Versions
Office 365 for small businessesOffice 365 for small business includes
Exchange Email, Calendar& Contacts
25 GB Mailbox ActiveSync Mobile Support SharePoint Team Sites 1
Office Web Apps Online Access databases Lync Rich Client 2
Online meetings 2/3
Desktop Sharing Self-Help and Community
Support
KEY CAPABILITIES
1 One site collection, authenticated external user access enabled for up to 50 unique users/month. 2 no Audio3 Online meetings limited to 50 participants.
Office 365 (Plan P1)
$6/user/month
• 1-25 users (max of 50 allowed)•No IT needed• Easy to try out• Simple and easy to use•Works with Microsoft Office• Financially-backed 99.9% uptime guarantee
User Segments: Right Features for the Right Users
Information WorkerKiosk Worker
User Segment Offers: Plan K Family• 500 MB mailbox• Outlook Web App only• POP support• Messaging, calendar, contacts• Forefront antivirus & anti-spam• SharePoint Access (0MB storage)• Site search capabilities• Office Web Apps
Rich feature offering that meets a user’s full messaging and collaboration needs
Low cost offering to users that do not have messaging and collaboration
capabilities today
User Segment Offers: Plan E Family• 25GB mailbox• 500MB SharePoint storage• Client Connectivity• Mobility• OCS Capabilities• Exchange & SharePoint capabilities• Office Professional Plus• On-premises access rights
Key Differentiator
s
Information Worker PlansE Family PlansK Family Plans
Office Web Apps
SharePoint Online Kiosk
Plan K1
Plan K2
Components
Exchange OnlineKiosk
Office Web Apps
Email, calendar, AV/AS, Personal
Archive
Collaboration Portal
Conferencing
IM & presence
Office Pro Plus
Forms, AccessExcel, & Visio
Services
V.mail & Advanced Archive
Capabilities
Voice (not CH)
Plan E1
Plan E2
Plan E3
Plan E4
Enterprise Plans Kiosk Plans
New Flexible Purchase OptionsMonthly or annual billing optionsBuy only what you need and scale up or down as needed
Note: Plans E1 and K1 are equal to current BPOS offers, some new Office 365 features may require additional plan purchase.
Plan E1CHF13,25/user
Plan E2CHF21,00/user
Plan E3CHF34,25/user
E-mail, Calendar, Contacts, AV/AS
SharePoint Sites Conferencing IM and Presence Office Web Apps Office Professional Plus (as a service)
Forms and workflow Access/Visio/Excel Services Available Add-ons:
Additional document storageAdditional Extranet usersBlackberry Sync Service
Plan K1
CHF5,25/user
Plan K2CHF13,25
/user
Exchange Online Kiosk
SharePoint Online Kiosk
Office Web Apps
How to authenticate
Authentication Options with Office 365
Microsoft Online IDsSign In with Cloud Identity• Authentication in the cloud• On-premises ID and Office
365 ID• Prompt for credentials• Absence of two-factor
authentication• Password policy • Enforced globally by Microsoft• Not configurable by
customers
Federated IDs (New)Sign In with Corporate ID• On-premises authentication• No authentication prompt • On-premises only password
management • Possible two-factor
authentication• Requires on-premises Active
Directory® Federation Services 2.0 server(s)
Identity Options Comparison1. Microsoft Online IDs
Appropriate for• Smaller organizations with
no on-premises Active Directory
Pro• No servers required on
premisesCons• Lack of single sign on
(SSO)• Lack of two-factor
authentication• Two sets of credentials with
differing password policies• IDs mastered in the cloud
2. Microsoft Online IDs
+ DirSyncAppropriate for• Medium to large
organizations with on-premises Active Directory
Pros• Users and groups mastered
on premises• Enables co-existence
scenarios
Cons• Lack of single sign on
(SSO)• Lack of two-factor
authentication• Two sets of credentials with
differing password policies• Server deployment
required
3. Federated IDs + DirSyncAppropriate for• Larger enterprise
organizations with on-premises Active Directory
Pros• SSO with corporate
credentials• IDs mastered on premises• Password policy controlled
on premises• Two-factor authentication
solutions possible• Co-existence scenarios
enabledCon• High availability server
deployments required
Identity Architecture: Identity Options
• Microsoft Online IDs• Microsoft Online IDs + DirSync• Federated IDs + DirSync
On premises
AD
Microsoft Online
Directory Sync
Identity platform
Provisioningplatform
LyncOnline
SharePoint® Online
Exchange Online
Active Directory
Federation Server 2.0
Trust
Admin Portal
FederationGateway
DirectoryStore
Authentication platform
Microsoft Online ServicesOnline ID
Dirsync (Directory Synchronization)
Directory SynchronizationManages online users in Active Directory
Eliminates the need to manage users and groups in two places
Powers unified global address listSimplifies user provisioningEnables rich coexistence scenariosDesigned for single-forest topologiesCustomer’s Active Directory is the replication master
Microsoft OnlineDirectory Service
Active Directory
DirSync tool runs on local server
When to Use DirSync Onboarding Options
Small Company
• Requires only the provisioning of users• Office 365
Administration Portal• Everyone onboarded at
once• No retention of legacy
mailbox data
Pros• Easy to deploy• Good for smaller
organizationsCon• Loss of old content
Small to Medium-Sized Company• Ability to provision users in
bulk
Pro• Easy to onboard a larger
number of usersCons• End-user dissatisfaction
with missing data• No coexistence
Long-Term Coexistence• Implementation of DirSync
by administrator • Provisioning of all users,
groups, and contacts to Office 365
Pros• On-premises identity
management• Included coexistence• Free/Busy coexistenceCon• Required on-premises
appliance as a long-term commitment
DirSync should be viewed as a long-term commitment. The customer has chosen to enable identity coexistence and master their identities on premises.
DirSync Installation Details
• Microsoft .NET Framework 3.5 (reboot) and Microsoft Windows PowerShell™ v1.0 (no reboot)
• Not a domain controller• Domain-joined machine
DirSync can synchronize from source forests running the following versions of Windows Server:• Microsoft Windows Server 2008 R2• Microsoft Windows Server 2008• Microsoft Windows Server 2003 • Microsoft Windows Server 2000
• Microsoft SQL Server® 2008 R2 Express • Microsoft Identity Lifecycle Manager 2007
(version created specifically for Microsoft Online)
• No customer purchase beyond providing a server
• Microsoft Windows Server 2008 x86• Microsoft Windows Server 2003 SP2 x86
Supported Operating Systems Prerequisites
Source Forest Synchronization Single file download
Demo DirSync
AD Federation
Federated ID Benefits
• Users don’t need to remember separate cloud passwords.
• Administrators can retain existing domain security policies.
• Supports multi-factor authentication for Outlook
Web App.• Allows administrators to block user access outside
the corporate network.• Requires corporate infrastructure.
Users are authenticated by local Active Directory Federation Services server.
No Microsoft Outlook® sign-in tool is required.
Active Directory Federation Services 2.0
Microsoft OnlineDirectory Service
Active Directory Federation Services 2.0 Deployment Options
• Single-server configuration• Active Directory Federation Services 2.0 server farm and load balancer• Active Directory Federation Services 2.0 proxy server (offsite users)
Enterprise DMZ
AD FS 2.0 ServerProxy
Internaluser
ActiveDirector
yAD FS
2.0 Server
AD FS 2.0
Server
AD FS 2.0 ServerProxy
Customer Active Directory StructuresMatching Domains
• Internal domains and external domains are the same (for example, contoso.com).
Sub Domain• Internal domains are sub-domains of external domains (for
example, corp.contoso.com).Local Domain• Internal domains are not publicly registered (for example,
contoso.local).Multiple Distinct Login Domains• Users are given mixed domains for logon User Principal Names
(UPN). • For example, some users may log on with the domain
contoso.com, and other users may log on with the domain fabrikam.com; both groups of users will be in the same Active Directory forest.
Multiple Forests• Not currently supported
Active Directory ConsiderationsMatching domain• No special requirementsSub-Domain• Domains must be registered in order (that is, primary domains
then sub-domains).Local Domain• Domains cannot be registered and cannot be used for federation.• All users must receive new UPN.Multiple distinct domains• Registering multiple distinct domains requires deployment of
separate Active Directory Federation Services 2.0 servers per distinct domain.
Federated Identity Requirements• Single Forest Active Directory • Active Directory directory synchronization
(DirSync) Server • Part of the domain, but not a Domain Controller• Microsoft Windows Server® 2008 or Windows Server
2003 SP2• Active Directory Federation Services 2.0 server
• Windows Server 2008 for Active Directory Federation Services server
• Active Directory 2008 or Active Directory 2003• Load-balanced servers for high availability• Active Directory Federation Services Proxy server for
offsite users• Service Connector installed on workstations• Certificate from trusted Certificate Authority (CA)
General Rules• Each user must have a UPN.• UPNs must match a validated domain in Office
365.• Users need to understand that they must use UPN
to log on to Office 365.
Tools and Docs
Service Description for each Service (beta):http://www.microsoft.com/downloads/en/details.aspx?FamilyID=6c6ecc6c-64f5-490a-bca3-8835c9a4a2ea
Deployment Guide (beta):http://community.office365.com/en-us/f/183/p/1541/5095.aspx
Deployment Readiness Tool (beta):http://community.office365.com/en-us/f/183/p/2285/8155.aspx#8155
Q&A
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.