Assess Remediate Enable Migrate

Assess

• Infrastructure

• Desktop

• Identity

• Messaging

Integration

Remediate

• Infrastructure

• Desktop

• AD

• Messaging

Optimization

Enable

• Service

Provisioning

• Messaging

Integration

Migrate

• Migrate

content

Assess Remediate Enable Migrate

• Separate credential from on-

premises credential

• Authentication occurs via cloud

directory service

• Password policy is stored in Office

365

• Does not require on-premises server

deployment

• Same credential as on-premises

credential

• Authentication occurs via on-

premises directory service

• Password policy is stored on-

premises

• Requires on-premises DirSync server

• Requires on-premises ADFS server

Cloud Identity Cloud Identity + DirSync Federated Identity

Scenario

Smaller organizations with or without on-premises Active Directory

Medium to Large organizations with Active Directory on-premises

Large enterprise organizations with Active Directory on-premises

Benefits

Does not require on-premises server deployment

“Source of Authority” is on-premises

Enables coexistence

Single Sign-On experience

“Source of Authority” is on-premises

2 Factor Authentication options

Enables coexistence

Limitations

No Single Sign-On

No 2 Factor Authentication options

Two sets of credentials to manage

Different password policies

No Single Sign-On

No 2 Factor Authentication options

Two sets of credentials to manage

Different password policies

Requires on-premises DirSync server deployment

Requires on-premises ADFS server deployment

in high availability scenario

Requires on-premises DirSync server

deployment

• Microsoft Online Portal • Active Directory tools

• Exchange Management

Tools

• Identity management

solutions

• Microsoft Online

Services Module for

Windows PowerShell

• Remote PowerShell

http://technet.microsoft.com/en-us/library/hh852469.aspx

12

Assess Remediate Enable Migrate

Access Remediate Enable Migrate

Access Remediate Enable Migrate

IMA

P m

igra

tio

n

Cu

tover

mig

rati

on

Sta

ged

mig

rati

on

20

10

Hyb

rid

20

13

Hyb

rid

Exchange 5.5

Exchange 2000

Exchange 2003

Exchange 2007

Exchange 2010

Exchange 2013

Notes/Domino

GroupWise

Other

Sim

ple

Mig

rati

on

sH

yb

rid

IMAP MigrationSupports wide range of email platforms

Email only (no calendar, contacts, or tasks)

Cutover Exchange Migration (CEM)

Good for fast, cutover migrations

No migration tool or computer required on-premises

Staged Exchange Migration (SEM)

No migration tool or computer required on-premises

Requires Directory Synchronization with on-premises AD

Hybrid Deployment

Manage users on-premises and online

Enables cross-premises calendaring, smooth migration, and easy off-boarding

18

19 | Microsoft Confidential

Exchange

IMAP

Lotus Notes

Google

Large

Medium

Small

On-Premise

Single Sign-On

On-Cloud

DirSync

Manual/Bulk Provisioning

Automatic Provisioning

Simple

Rich

19

In EAC, select

recipients | migration

Start migration

wizard

Choose migration

type and follow

prompts

Set of Migration Cmdlets

New-MigrationBatch

Start-MigrationBatch

Get-MigrationBatch

Get-MigrationStatus

Complete-Migration

Test-MigrationServerAvailability

• Works with a large number of source mail systems

• Works with on-premises or hosted systems

• Users can be migrated in batches

• On-premises migration tool is not required

On-premises migration tool is not required

Access to IMAP ports (TCP/143/993)

Users + mailboxes must be provisioned in advance Bulk provisioning, CSV parser, manual, etc.

SMTP domains configured in O365 tenant

Gather user credentials or setup admin credentials

Prepare a CSV file with list of users EmailAddress, UserName, Password

Max of 50,000 rows

Max 10 MB in size

Migrated Mail messages

(Inbox and other folders)

Maximum of 500,000 items

Possible to exclude specific

folders from migration

(e.g. Deleted Items, Junk E-

Mail)

Not Migrated Contacts, Calendars, Tasks, etc.

Excluded folders

Folders with a forward slash

( / ) in the folder name

Messages larger than 35 MB

25

Delta

sync

every 24

hours

Mark

migration

as

complete

Change

MX

record

Gather

IMAP

creds and

prepare

CSV

26

Provision

users

+

mailboxes

in O365

(license

assigned)

Wizard:

Enter

server

settings

and

upload

CSV

Initial

sync

Final

sync and

cleanup

Simple and quick migration solution

High-fidelity – all mailbox content is migrated

Designed for small and medium organizations

Users are provisioned automatically during migration

Works with Exchange 2003 and newer

Identity management in the cloud (at least initially)

On-premises migration tool is not required

Up to 1000 mailboxes in source system

Outlook Anywhere service on source system(must have SSL certificate issued by a public CA)

Migration Account with Full Access or Receive-Aspermissions to all mailboxes that will be migrated

Directory Sync tool disabled in O365 tenant

SMTP domains configured in O365 tenant

30

On-premises Exchange Org

Users, Groups, Contacts via Outlook

Anywhere (NSPI)

Mailbox Data via Outlook Anywhere

(RPC over HTTP)

Office 365

Exchange 2003 or later

32

Migrated Mail messages and folders

Rules and categories

Calendar (normal, recurring)

Out-of-Office settings

Contacts

Tasks

Delegates and folder perms

Outlook settings (e.g. favorites)

Not Migrated Security Groups, DDLs

System mailboxes

Dumpster

Send-As Permissions

Messages larger than 35 MB

Partial migrations are not possible (folder exclusion, time range)

Mailboxes enabled for Unified Messaging cannot

be migrated

Existing cached-mode files (OST files) cannot be

preserved

Admin needs to distribute new passwords to users

Users create their new Outlook profile using O365 username and new passwords (Autodiscover)

All mail is downloaded from the Office 365 mailbox (i.e. the OST file must be recreated)

Wizard:

Enter

server

settings

and admin

creds Delta

sync

every 24

hours

Mark

migration

as

complete

Change

MX

record

Initial

sync

Final

sync and

cleanup

License

users

Configure

Outlook

Anywhere

Test using

ExRCA

Assign

migration

perms

Migration

tool

provisions

users

mailboxes

DLs

contacts

in O365

Simple and flexible migration solution

High-fidelity – all mailbox content is migrated

Designed for medium and large organizations

Users are provisioned with Directory Sync in advance

No limit on the number of mailboxes

Users can be migrated in batches (1000 per batch)

Works with Exch 2003/2007 only

Identity management on-premises

Outlook Anywhere service on source system(must have SSL certificate issued by a public CA)

Migration Account with Full Access or Receive-Aspermissions to all mailboxes that will be migrated

Directory Sync tool enabled in O365 tenant

SMTP domain(s) configured in O365 tenant

Does not work with Exchange 2010

39

On-premises Exchange Org

Users, Groups, Contacts via DirSync

Mailbox Data via Outlook Anywhere

(RPC over HTTP)

Office 365

Exchange 2003 or 2007

Office 365 Directory

Synchronization

App

CSV format› EmailAddress, Password, ForceChangePassword

One user per line

Max of 1000 users in each CSV

Smart-check against the Office 365 directory

Migrated Mail messages and folders

Rules and categories

Calendar (normal, recurring)

Out-of-Office settings

Contacts

Tasks

Delegates and folder perms

Outlook settings (e.g. favorites)

Not Migrated Security Groups, DDLs

System mailboxes

Dumpster

Send-As Permissions

Messages larger than 35 MB

Partial migrations are not possible (folder exclusion, time range)

Mailboxes enabled for Unified Messaging cannot

be migrated

Existing cached-mode files (OST files) cannot be

preserved

Admin needs to distribute new passwords to users

Users create their new Outlook profile using O365 username and new passwords (Autodiscover)

All mail is downloaded from the Office 365 mailbox

(i.e. the OST file must be recreated)

Configure

Directory

Sync

Wizard:

Enter

server

settings

and admin

creds Delta

sync

every 24

hours

Mark

migration

as

complete

Change

MX

record

Initial

sync

Final

sync and

cleanup

License

users

Configure

Outlook

Anywhere

Test using

ExRCA

Assign

migration

perms

46

47

• Delegated authentication for on-premises/cloud web services

• Enables Free/Busy, calendar sharing, message tracking, online

archive, and moreFederation Trust

• Manage all of your Exchange functions, whether cloud or on-

premises from the same place - Exchange Administration Center

(EAC)

Integrated Admin

Experience

• Online mailbox moves

• Preserve the Outlook profile and offline file (OST)

• Leverages the Mailbox Replication Service (MRS)

Native Mailbox

Move

• Authenticated and encrypted mail flow

• Preserves the internal Exchange messages headers

• Support for compliance mail flow scenarios (central transport)Secure Mail Flow

48

On-premises Exchange Org

Users, Groups, Contacts via DirSync

Office 365

Existing

Exchange

2007 or

later

Office 365 Directory

Synchronization

App

Exchange

2013 CAS

and MBX

Secure Mail Flow

Sharing (free/busy, MailTips, archive, etc.)

Mailbox Data via MRS

2. Deploy Exchange 2013 servers

Install both E2013 MBX and CAS servers

Install E2010 EDGE servers

Set an ExternalUrl for the Exchange Web Services vdir

E2010 or

2007 Hub

Internet facing site

Intranet site

Exchange 2010

or 2007 Servers

1. Prepare

Install Exchange SP and/or updates across the ORG

Prepare AD with E2013 schema

4. Publish protocols externally

Create public DNS A records for the EWS and SMTP

endpoints

Validate using Remote Connectivity Analyzer

5. Switch autodiscover namespace to E2013 CAS

Change the public autodiscover DNS record to resolve

to E2013 CAS

6. Run the Hybrid Configuration Wizard

E2013

CAS

3. Obtain and Deploy Certificates

Obtain and deploy certificates on E2013 MBX and CAS

servers & E2010 EDGE servers

Clientsautodiscover.contoso.com

mail.contoso.com

1 2

3

4

5

6

E2010 or

2007 CAS

E2010

or 2007

MBX

E2013

MBX

SP/RU

SP/RU

Office 365

Autodiscover &

EWS SMTP

E2010

EDGE

7

2. Deploy Exchange 2013 servers

Install both E2013 MBX and CAS servers

Install E2010 EDGE servers

Set an ExternalUrl for the Exchange Web Services vdir

E2010 or

2007 Hub

Internet facing site

Intranet site

Exchange 2010

or 2007 Servers

1. Prepare

Install Exchange SP and/or updates across the ORG

Prepare AD with E2013 schema

4. Publish protocols externally

Create public DNS A records for the EWS and SMTP

endpoints

Validate using Remote Connectivity Analyzer

5. Switch autodiscover namespace to E2013 CAS

Change the public autodiscover DNS record to resolve

to E2013 CAS

6. Run the Hybrid Configuration Wizard

E2013

CAS

3. Obtain and Deploy Certificates

Obtain and deploy certificates on E2013 MBX and CAS

servers & E2010 EDGE servers

Clientsautodiscover.contoso.com

mail.contoso.com

1 2

3

4

5

6

E2010 or

2007 CAS

E2010

or 2007

MBX

E2013

MBX

SP/RU

SP/RU

Office 365

7. Move mailboxes

Autodiscover &

EWS SMTP

E2010

EDGE

7

http://technet.microsoft.com/en-us/library/hh852466.aspx

http://onramp.office365.com

https://www.testexchangeconnectivity.com/

http://technet.microsoft.com/en-us/exdeploy2013

http://technet.microsoft.com/en-us/library/hh974317