Luca Argentiero lucaa@microsoft.comTechnical SpecialistMicrosoft Schweiz GmbH

Office365 – Die nächste Generation von Produktivitätstools in der Cloud

Microsoft Office 365BRINGING TOGETHER CLOUD VERSIONS OF OUR MOST TRUSTED

COMMUNICATIONS AND COLLABORATION PRODUCTS WITH THE LATEST VERSION OF OUR DESKTOP SUITE FOR BUSINESSES OF ALL SIZES. 

Technologies Included in Microsoft Office 365

• Store your important documents, and share expertise using personal My Sites

• Share documents, task lists, and schedules to keep business units in sync using team sites

• Work effortlessly with partners and customers by creating sites to share information securely

• 10GB per tenant + 500 MB per user

• 25GB Mailbox• Outlook and Outlook Web App• Premium antivirus/anti-spam (Forefront)• Shared calendars, contacts, and tasks• Mobile email for most mobile devices including

BlackBerry, iPhone, Nokia, Windows Phone• Email archiving and compliance capabilities

• Instant messaging and presence• PC-to-PC audio and video calling • Click-to-communicate from Outlook, SharePoint, and

other Office Applications • Online meetings with PC-audio, video conferencing and

screen sharing• Single click meeting creation and join from Outlook• Calendar integration with Outlook and Exchange

• Flexible service offering with pay-as-you-go, per-user licensing

• The complete Office experience with services integration in Office 365

• Simplified user set-up to preconfigure services• Always the latest version of the Office apps, including

Office Web Apps• Familiar Office user experience to access services

Single user interface to purchase, administer and user with role-based access control | Single sign-on with on-premises Active Directory® | 99.9% financially backed SLA | 24x7 IT Pro Support | Regional data centers

in multiple locations

CONTROL AND EFFICIENCY

Protection and CompliancePremium Anti-Spam and Antivirus Protection

High-accuracy spam filteringMultiple virus-scanning enginesIncluded with Office 365 subscriptionAdmin center provides advanced policy rules and reporting

External

World-Class Data Centers and Infrastructure

$2.3 billion (USD) investment in cloud infrastructureRegional data centers in multiple locations in North America, Europe, and AsiaExceptional hardware in data centersSafer, more secure and reliable infrastructure

Security ProgramA Risk-Based, Multi-Dimensional Approach to Help Safeguard Services and Data

Security Monitoring and Response, Threat and Vulnerability Management

Access Control and Monitoring, File and Data Integrity

Account Management, Training and Awareness, ScreeningSecure Development Life Cycle, Access Control and Monitoring, Anti-MalwareAccess Control and Monitoring, Anti-Malware, Patch and Configuration ManagementDual-factor Authentication, Intrusion Detection, Vulnerability ScanningEdge Routers, Firewalls, Intrusion Detection, Vulnerability Scanning

Video Surveillance, Biometrics, Access Control

Security Management

Office 365 Service-Level Agreement

Monthly Uptime Percentage

Financially-backed, 99.9-percent service uptime service-level agreement (SLA)Offered per customer, per monthScheduled downtime of less than 10 hours per calendar year is not considered downtime for SLA purposes

Less than 99.9 percentLess than 99 percentLess than 95 percent

Service Credit

25 percent of monthly fee50 percent of monthly fee100 percent of monthly fee

*See Service Level Descriptions for each service for definitions and clarifications, including uptime formula

Office 365 Disaster Recovery and Data Retention

Data in Office 365 is backed up to disc at regular intervals within the primary data center.*Data is backed up to the secondary data center at regular intervals.*In the event of a catastrophic event, Office 365 will failover to the secondary data center.

Recovery Time Objective (RTO): How soon will the service be operational?Recovery Point Objective (RPO): How much data might be lost?

*See Service Level Descriptions for each service for definitions and clarifications, including uptime formula

Service Data Retention RTO RPOExchange Online Deleted Item Recovery = 14 days

Deleted Mailbox Recovery = 30 Days4 Hours 2 Hours

Microsoft SharePoint® Online

Deleted Item Recovery = 30 days 24 Hours 12 Hours

Microsoft Lync™ Online

N/A 72 Hours 24 Hours

24x7 Support Provided by MicrosoftIT-level support, staff dedicated

to Office 365 supportWorldwide phone numbers or online

24x7 support

Rich community forums

Service health dashboard

Broad community of partners available to help you

Office 365 DemoA Look at the Office 365 Portal

Office 365 Desktop SetupUpdates client PCs with Windows and Office products to work with Office 365 Services.

Uses Microsoft Windows Server® Update Services and Windows Update to detect, download, and install updates.Installs only updates that are required to connect to and use services.

Configures clients for subscribed services.Run on demand by end users with minimal system footprint.Local administrators give permission to install.Supports IT administrator deployment (elevated privileges).

Licensing and Versions

Office 365 for small businessesOffice 365 for small business includes

Exchange Email, Calendar& Contacts

25 GB Mailbox ActiveSync Mobile Support SharePoint Team Sites 1

Office Web Apps Online Access databases Lync Rich Client 2

Online meetings 2/3

Desktop Sharing Self-Help and Community

Support

KEY CAPABILITIES

1 One site collection, authenticated external user access enabled for up to 50 unique users/month. 2 no Audio3 Online meetings limited to 50 participants.

Office 365 (Plan P1)

$6/user/month

• 1-25 users (max of 50 allowed)•No IT needed• Easy to try out• Simple and easy to use•Works with Microsoft Office• Financially-backed 99.9% uptime guarantee

User Segments: Right Features for the Right Users

Information WorkerKiosk Worker

User Segment Offers: Plan K Family• 500 MB mailbox• Outlook Web App only• POP support• Messaging, calendar, contacts• Forefront antivirus & anti-spam• SharePoint Access (0MB storage)• Site search capabilities• Office Web Apps

Rich feature offering that meets a user’s full messaging and collaboration needs

Low cost offering to users that do not have messaging and collaboration

capabilities today

User Segment Offers: Plan E Family• 25GB mailbox• 500MB SharePoint storage• Client Connectivity• Mobility• OCS Capabilities• Exchange & SharePoint capabilities• Office Professional Plus• On-premises access rights

Key Differentiator

s

Information Worker PlansE Family PlansK Family Plans

Office Web Apps

SharePoint Online Kiosk

Plan K1

Plan K2

Components

Exchange OnlineKiosk

Office Web Apps

Email, calendar, AV/AS, Personal

Archive

Collaboration Portal

Conferencing

IM & presence

Office Pro Plus

Forms, AccessExcel, & Visio

Services

V.mail & Advanced Archive

Capabilities

Voice (not CH)

Plan E1

Plan E2

Plan E3

Plan E4

Enterprise Plans Kiosk Plans

New Flexible Purchase OptionsMonthly or annual billing optionsBuy only what you need and scale up or down as needed

Note: Plans E1 and K1 are equal to current BPOS offers, some new Office 365 features may require additional plan purchase.

Plan E1CHF13,25/user

Plan E2CHF21,00/user

Plan E3CHF34,25/user

E-mail, Calendar, Contacts, AV/AS

SharePoint Sites Conferencing IM and Presence Office Web Apps Office Professional Plus (as a service)

Forms and workflow Access/Visio/Excel Services Available Add-ons:

Additional document storageAdditional Extranet usersBlackberry Sync Service

Plan K1

CHF5,25/user

Plan K2CHF13,25

/user

Exchange Online Kiosk

SharePoint Online Kiosk

Office Web Apps

How to authenticate

Authentication Options with Office 365

Microsoft Online IDsSign In with Cloud Identity• Authentication in the cloud• On-premises ID and Office

365 ID• Prompt for credentials• Absence of two-factor

authentication• Password policy • Enforced globally by Microsoft• Not configurable by

customers

Federated IDs (New)Sign In with Corporate ID• On-premises authentication• No authentication prompt • On-premises only password

management • Possible two-factor

authentication• Requires on-premises Active

Directory® Federation Services 2.0 server(s)

Identity Options Comparison1. Microsoft Online IDs

Appropriate for• Smaller organizations with

no on-premises Active Directory

Pro• No servers required on

premisesCons• Lack of single sign on

(SSO)• Lack of two-factor

authentication• Two sets of credentials with

differing password policies• IDs mastered in the cloud

2. Microsoft Online IDs

+ DirSyncAppropriate for• Medium to large

organizations with on-premises Active Directory

Pros• Users and groups mastered

on premises• Enables co-existence

scenarios

Cons• Lack of single sign on

(SSO)• Lack of two-factor

authentication• Two sets of credentials with

differing password policies• Server deployment

required

3. Federated IDs + DirSyncAppropriate for• Larger enterprise

organizations with on-premises Active Directory

Pros• SSO with corporate

credentials• IDs mastered on premises• Password policy controlled

on premises• Two-factor authentication

solutions possible• Co-existence scenarios

enabledCon• High availability server

deployments required

Identity Architecture: Identity Options

• Microsoft Online IDs• Microsoft Online IDs + DirSync• Federated IDs + DirSync

On premises

AD

Microsoft Online

Directory Sync

Identity platform

Provisioningplatform

LyncOnline

SharePoint® Online

Exchange Online

Active Directory

Federation Server 2.0

Trust

Admin Portal

FederationGateway

DirectoryStore

Authentication platform

Microsoft Online ServicesOnline ID

Dirsync (Directory Synchronization)

Directory SynchronizationManages online users in Active Directory

Eliminates the need to manage users and groups in two places

Powers unified global address listSimplifies user provisioningEnables rich coexistence scenariosDesigned for single-forest topologiesCustomer’s Active Directory is the replication master

Microsoft OnlineDirectory Service

Active Directory

DirSync tool runs on local server

When to Use DirSync Onboarding Options

Small Company

• Requires only the provisioning of users• Office 365

Administration Portal• Everyone onboarded at

once• No retention of legacy

mailbox data

Pros• Easy to deploy• Good for smaller

organizationsCon• Loss of old content

Small to Medium-Sized Company• Ability to provision users in

bulk

Pro• Easy to onboard a larger

number of usersCons• End-user dissatisfaction

with missing data• No coexistence

Long-Term Coexistence• Implementation of DirSync

by administrator • Provisioning of all users,

groups, and contacts to Office 365

Pros• On-premises identity

management• Included coexistence• Free/Busy coexistenceCon• Required on-premises

appliance as a long-term commitment

DirSync should be viewed as a long-term commitment. The customer has chosen to enable identity coexistence and master their identities on premises.

DirSync Installation Details

• Microsoft .NET Framework 3.5 (reboot) and Microsoft Windows PowerShell™ v1.0 (no reboot)

• Not a domain controller• Domain-joined machine

DirSync can synchronize from source forests running the following versions of Windows Server:• Microsoft Windows Server 2008 R2• Microsoft Windows Server 2008• Microsoft Windows Server 2003 • Microsoft Windows Server 2000

• Microsoft SQL Server® 2008 R2 Express • Microsoft Identity Lifecycle Manager 2007

(version created specifically for Microsoft Online)

• No customer purchase beyond providing a server

• Microsoft Windows Server 2008 x86• Microsoft Windows Server 2003 SP2 x86

Supported Operating Systems Prerequisites

Source Forest Synchronization Single file download

Demo DirSync

AD Federation

Federated ID Benefits

• Users don’t need to remember separate cloud passwords.

• Administrators can retain existing domain security policies.

• Supports multi-factor authentication for Outlook

Web App.• Allows administrators to block user access outside

the corporate network.• Requires corporate infrastructure.

Users are authenticated by local Active Directory Federation Services server.

No Microsoft Outlook® sign-in tool is required.

Active Directory Federation Services 2.0

Microsoft OnlineDirectory Service

Active Directory Federation Services 2.0 Deployment Options

• Single-server configuration• Active Directory Federation Services 2.0 server farm and load balancer• Active Directory Federation Services 2.0 proxy server (offsite users)

Enterprise DMZ

AD FS 2.0 ServerProxy

Internaluser

ActiveDirector

yAD FS

2.0 Server

AD FS 2.0

Server

AD FS 2.0 ServerProxy

Customer Active Directory StructuresMatching Domains

• Internal domains and external domains are the same (for example, contoso.com).

Sub Domain• Internal domains are sub-domains of external domains (for

example, corp.contoso.com).Local Domain• Internal domains are not publicly registered (for example,

contoso.local).Multiple Distinct Login Domains• Users are given mixed domains for logon User Principal Names

(UPN). • For example, some users may log on with the domain

contoso.com, and other users may log on with the domain fabrikam.com; both groups of users will be in the same Active Directory forest.

Multiple Forests• Not currently supported

Active Directory ConsiderationsMatching domain• No special requirementsSub-Domain• Domains must be registered in order (that is, primary domains

then sub-domains).Local Domain• Domains cannot be registered and cannot be used for federation.• All users must receive new UPN.Multiple distinct domains• Registering multiple distinct domains requires deployment of

separate Active Directory Federation Services 2.0 servers per distinct domain.

Federated Identity Requirements• Single Forest Active Directory • Active Directory directory synchronization

(DirSync) Server • Part of the domain, but not a Domain Controller• Microsoft Windows Server® 2008 or Windows Server

2003 SP2• Active Directory Federation Services 2.0 server

• Windows Server 2008 for Active Directory Federation Services server

• Active Directory 2008 or Active Directory 2003• Load-balanced servers for high availability• Active Directory Federation Services Proxy server for

offsite users• Service Connector installed on workstations• Certificate from trusted Certificate Authority (CA)

General Rules• Each user must have a UPN.• UPNs must match a validated domain in Office

365.• Users need to understand that they must use UPN

to log on to Office 365.

Tools and Docs

Service Description for each Service (beta):http://www.microsoft.com/downloads/en/details.aspx?FamilyID=6c6ecc6c-64f5-490a-bca3-8835c9a4a2ea

Deployment Guide (beta):http://community.office365.com/en-us/f/183/p/1541/5095.aspx

Deployment Readiness Tool (beta):http://community.office365.com/en-us/f/183/p/2285/8155.aspx#8155

Q&A

© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after

the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.