MS 70-347 Enabling Office 365 Services

This entry is my notes for Microsoft’s O365 certification 70-347 studies, updated while studying for the cert. Exam Ref book as main resource supported with Microsoft’s online documentation.

---

What’s required for the cert

Manage clients and end-user devices (20–25%)

Provision SharePoint Online site collections (20–25%)

Configure Exchange Online and Skype for Business Online for end users (25–30%)

Plan for Exchange Online and Skype for Business Online (25–30%)

https://www.microsoft.com/en-us/learning/exam-70-347.aspx

---

Manage clients and end-user devices

Office 365 ProPlus

• Manage centrally the deployment, monitor and configurations
• O365 provides opportunity for users to get software as self-service
• Desktop ProPlus includes Access, Excel, InfoPath, OneNote, Outlook, PowerPoint, Publisher and Word. Depending on subscription level also Skype4B, MS Project and Visio may be available

  • Configure what users can install from O365

    • Admin center -> User Software (Service Settings)
    • If Office is set not available, users will see notification of this being disabled on the Software page in O365
    • Both 2013 and 2016 Office packages can be set available
    • Feature updates can be set to install monthly or every 4 months (applies to all users, see Office Deployment Tool for more granular process)

  • Users need local admin rights on computer to install software from O365
  • Available for Win 7 and newer in desktops and in servers Server 2008R2 and newer
  • By default all programs included are installed (OTD for granular installation)

• Office applications can be installed on mobile devices

  • Access O365 portal with mobile device and it will show icons linking to available apps in suitable appstore
  • Also can be installed directly from device’s own appstore
  • To enable all features user needs to sign-in with O365 account

• ProPlus needs to be activated by sign-in to enable creating and editing documents

  • Activation is checked every 30 days, if not online for longer the reduced functionality mode activates
  • Reduced functionality mode allows open and view documents

    • When in this mode, user is prompted to reactivate product regularly

  • Most subscriptions have 5 activations per user
  • If maximum activations are reached some can be disabled from Software page in O365

    • Target application will go into reduced mode

• Office for Mac 2011 includes Word, PowerPoint, Excel and Outlook
• Mobile clients

  • Office for iPad runs on iOS 7.0 or later, and for iPhone iOS 6.0
  • Office for Android runs on Android 4.0 or later
  • Office for Windows Phone runs on 8.1 or later

Office Deployment Tool

• Office Deployment Tool (ODT) can be used to centrally deploy ProPlus package

  • Still needs to be activated over Internet regardless of centralized installation
  • Volume licensing solutions cannot be used with ProPlus

• Download: Generate a Click-to-Run for Office 365 installation source

  • Downloads bits for Office as per defined in configuration.xml
  • Configuration elements

    • Required: Product, OfficeClientEdition, Language
    • Optional: SourcePath

• Configure: Generate Click-to-Run for Office 365 clients

  • Configure and install Office as per defined in configuration.xml
  • Configuration elements

    • Required: Product, OfficeClientEdition, Language
    • Optional: SourcePath, Version, Update, Logging, Display

• Packager: Create an App-V package

  • Create App-V package
  • Configuration elements

    • Required: Product, OfficeClientEdition, Product, Language
    • Optional: SourcePath, Version

• ODT needs to be run with elevated permissions from command line for configure and packager modes
• Same configuration.xml can be used for download and configure modes
• Configuration.xml elements and attributes

  • Add

    • SourcePath
    • OfficeClientEdition: 32/64
    • Version
    • Branch: Current, Business, Validation, FirstReleaseCurrent (Only 2016)

  • Display

    • Level: None/FULL
    • AcceptEULA: True/False

  • ExcludeApp

    • ID: Access, Excel, Groove, InfoPath, Lync, OneNote, Outlook, PowerPoint, Project, Publisher, SharePointDesigner, Visio, Word

  • Language

    • ID: en-us, fi-fi, etc.

  • Logging

    • Level: Off/Standard
    • Path

  • Product

    • ID: O365ProPlusRetail, VisioProRetail, ProjectProRetail, SPDRetail
    • PIDKEY

  • Property

    • Name: AUTOACTIVATE, FORCEAPPSHUTDOWN, PACKAGEGUID, SharedComputerLicensing
    • Value

  • Remove

    • All: TRUE/FALSE

  • Updates

    • Enabled
    • UpdatePath
    • TargetVersion
    • Deadline: MM/DD/YYYY HH:MM
    • Branch (Only 2016)

• Enabling Shared Computer Licensing requires also registry edit on local machine to work

Office Telemetry

• Office Telemetry can be used to assess Office compatibility issues

  • Works both on Office client and ProPlus versions
  • Telemetry Dashboard is special Excel worksheet which shows information collected by the Telemetry Processor which is special server role to collect telemetry information
  • Telemetry Processor is recommended to be installed on Win Server 2008 or later
  • Backend of Telemetry Dashboard should be running on SQL Server 2005 or later
  • Deploying Telemetry Processor requires following information

    • SQL server instance
    • permission to create and configure database (domain account with sysadmin role on SQL server)
    • permission to create shared folder or UNC path of existing folder
    • 11GB or more hard drive space

  • Telemetry can be enabled through GPO (requires Office GPO admin template)

    • Located in User Configuration\Policies\Administrative Templates\Microsoft Office 2013\Telemetry Dashboard node
    • Policies

      • Turn on telemetry data collection
      • Turn on privacy settings in Office Telemetry Agent
      • Turn on data uploading for…
      • Specify UNC path to store Office telemetry data
      • Specify custom tags for Office…
      • Office applications to exclude from Office Telemetry…
      • Office solutions to exclude from Office Telemetry…

  • For computers not in AD the Telemetry can be enabled through registry
  • Office Telemetry Agent is built-in for Office 2013 and newer but for 2003/2007/2010 it needs to be separately deployed

    • Only some data collected from older versions (inventory and usage data, no application event data)
    • Supported from XP and server 2003 to latest versions
    • 8 hour reporting schedule

  • Telemetry Dashboard has multiple worksheets

    • Overview
    • Documents: info about most frequently used documents

      • Details: which users are accessing a document
      • Issues: unique events related to a specific document
      • Sessions: session information during issue occurring (data, username, computer name, etc.)

    • Solutions (includes COM add-ins, application add-ins and apps for Office)

      • Details: see which users are using a solution
      • Issues: unique events related to a solution
      • Sessions: session information during events related to a solution

    • Telemetry Processor: Provides info about health of Telemetry infrastructure
    • Agents: info about computers generating data
    • Deployments: info about the number of Office clients deployed in the organization

  • Office Telemetry Log is local file which stores activity from Office usage

    • File needs to be opened in local Office application for it to show in Telemetry Log
    • Telemetry Log has computer info including username, computer name, system type, Windows edition and Office edition
    • Events are stored in local computer on a data store
    • Default maximum 5MB
    • Severities in log are Informative, Warning and Critical

• Installing Office from Click-to-Run package doesn’t automatically configure Outlook and Skype4B

  • Normal “Add Account” process for Outlook needs to be performed
  • To Skype4B login with email and password is required

• Office Web Apps provides Office applications within browser
• Click-to-Run vs. Standalone MSI

  • CtR allows running applications with minimum functionality before full installation has completed
  • Updates are included in CtR slipstreamed service
  • CtR has full Office suite unless admin has configured otherwise
  • CtR does not work with Remote Desktop Services or in Windows-To-Go
  • MSI allows automated deployments through System Center and Intune
  • MSI is packaged version and does not automatically update
  • Packaged versions can be deployed and activated with volume licensing model (activation key or KMS Key Management Service)
  • MSI packages can be used for selective installation with only some of the applications being installed
  • CtR requires internet connection, MSI does not

Intune

• Intune can be used to do mobile device management

  • Conditional access
  • Device management
  • Remote wipes
  • Data protection, selective wipe

• Integrated with Azure AD
• Device compiliance and usage reports

Resources

https://support.office.com/article/c13051e6-f75c-4737-bc0d-7685dcedf360

https://technet.microsoft.com/en-us/library/jj219422.aspx

https://technet.microsoft.com/en-us/library/jj863580.aspx

https://msdn.microsoft.com/en-us/library/office/jj230106.aspx

https://channel9.msdn.com/Blogs/mcpexamprep/70-347-Enabling-Office-365-Services

Provision SharePoint Online site collections

External Users

• External users are users who use content in SPO but are not part of the tenant users

  • External users can use Office Online and the content in SPO with their own Office license but cannot consume tenancy’s licenses
  • External users have limited features. They are barred for example from

    • Personal site (and own profile)
    • Company newsfeed
    • Can’t search “everything”
    • eDiscovery
    • Can’t open Azure RM protected files locally (can in Office Online)
    • Can’t use Excel or Visio Services

  • SPO can be shared up to 500 external users

• External Sharing can be configured on tenancy or site collection level

  • If sharing is disabled on tenancy level it cannot be enabled on site collection level
  • Disabling and re-enabling sharing on tenant level will re-enable sharing for site collections which had it active as well as give access back to external users who had access before disabling sharing
  • Disabling external sharing on site collection level deletes external user permissions permanently

• External Sharing settings are

  • Don’t allow sharing outside your organization
  • Allow external users who accept sharing and sign in as authenticated users

    • Users need to authenticate with MS account
    • Owners and users with Full Control can share to external users
    • Invitations can be redeemed only once
    • When sharing user can select between View and Edit permission

  • Allow both External users who accept sharing invitations and guest links

    • Content can be shared with authentication or with anonymous guest links
    • Owners and users with Full Control can share and choose whether user authentication or anonymous links
    • When sharing user can select between View and Edit permission
    • Anonymous links can be shared -> Anyone getting hold of link can access the content

• For tenant the sharing is configured in SharePoint admin center under Settings in External Sharing section
• For site collections the sharing is configured in SharePoint admin center under Site Collections. Select site collection from list and open Sharing from toolbar
• Content can be shared as entire site or individual documents with authentication or individual documents with anonymous links

  • When sharing a site user is added to available groups (Visitor-Read, Member-Edit and Owner-Full)

    • Sending notification email can be prevented by unselecting “send an email invitation” tick

  • Sharing individual document the access is given uniquely with “Can Edit” or “Can View” rights
  • Invitation expires in 7 days
  • Anonymous link can be found Share -> Get a Link, where you can find View Only and Edit links

• Checking who has access to content can be checked from Share -> Shared With
• (External) user access can be revoked from Site Settings -> Users and Permissions

Site Collections

• Site collection admin has access to all subsites and content under the site collections

  • There can be only one primary admin who receives administrative alerts
  • Additional sit col admins can be users or groups
  • Site col admins are configured in SPO admin center (Site Collections -> “Owners” in toolbar)

• Each site collection has it’s own permissions

  • Max 300 site collections

• Resource quota is limits sandboxed solutions from exhausting resources

  • Solution is turned off if quota is exceeded in 24-hour period
  • System can send email warning when quota is reaching end (configurable)
  • Total available resources depend on the number of users (licenses) in tenant

• Tenant default storage is 10GB + 0,5GB per user which can be extended by purchasing more (purchase needs Global or Billing admin role)

  • This is shared between site collections either automatically (pooled storage) or manually (per-site col)

    • Configured under Settings in SPO admin center

  • Single site collection can be min 1GB and max 1TB

• User with SPO admin permissions can create, delete and restore deleted site collections
• New site collection created in SPO admin Site Collections -> New, Private Site Collection (toolbar)

  • Title
  • Website address
  • Template selection (collaboration, enterprise, publishing, custom & primary language)
  • Time zone
  • (Primary) Site collection administrator
  • Storage Quota
  • Server Resource Quota

• Site collections deleted in SPO admin

  • Deleting site collection moves it to Recycle Bin for 30 days

    • Restoring requires there is sufficient quota available for restored data
    • Restoring My Site site collection requires contacting MS

  • Deleting removes site hierarchy, user and content data

• There cannot be site collection with same URL in recycle bin when creating new, old needs to be permanently removed first
• PowerShell

  • Connect-SPOService
  • New-, Get-SPOSite
  • Get-SPOWebTemplate
  • New-SPOSiteGroup
  • Add-SPOUser

Collaboration solutions

• Newsfeeds exist in tenancy level as well as on team site level

  • It is possible to reply comments, mention other users and like posts
  • Newsfeed can be filtered to all or followed content (tenant level)
  • To follow site newsfeed user needs to follow the site in question

• To use Yammer it needs to be configured into user in SPO admin center

  • This disables possibility to post to everyone (tenant level newsfeed)

• Coauthoring Office documents works with

  • Client: Word, PowerPoint, OneNote and Visio
  • Online: Word, PowerPoint, OneNote and Excel
  • Only docx/pptx/xlsx formats supported

• Default nbr of versions in SPO is 500
• Versioning should not be used for libraries containing OneNote
• Check out blocks coauthoring (Require Check-out disabled in SPO by default)
• OneDrive for Business != OneDrive

  • OneDrive for Business data is stored in SPO
  • If external sharing is disabled or limited to authenticated users for SPO tenant it does applies to ODfB as well

• Admin can access user’s ODfB by adding themselves as additional site collection owner and navigating to user’s ODfB
• SharePoint App Store is collection of add-ins for SPO (and SP2013)

  • App Catalog, Purchase apps, Manage Licenses, Configure Store Settings, Monitor Apps, App Permissions

• Enterprise eDiscovery can be used to find and lock content for litigation or investigation

  • Special site “eDiscovery Center”
  • Cases created under O365 admin -> Compliance Center -> eDiscovery
  • Possible to add sources and place them on hold
  • Based on search indexed content

• To limit approved add-ins for Word and Excel apps a fileshare with list of approved apps needs to be created and Default shared folder GPO applied as well as enable Block the Office store GPO

Resources

https://support.office.com/en-us/article/Share-sites-or-documents-with-people-outside-your-organization-80e49744-e30f-44db-8d51-16661b1d4232

https://support.office.com/en-us/article/Manage-administrators-for-a-site-collection-9a7e46f9-3fc4-4297-955a-82cb292a5be0

https://support.office.com/en-us/article/Manage-site-collection-storage-limits-77389c2c-8e7e-4b16-ab97-1c7103784b08

https://support.office.com/en-us/article/Restore-a-deleted-site-collection-91c18651-c017-47d1-9c27-3a22f325d6f1

https://support.office.com/en-us/article/Document-collaboration-and-co-authoring-ee1509b4-1f6e-401e-b04a-782d26f564a4

https://support.office.com/en-us/article/What-is-OneDrive-for-Business-187f90af-056f-47c0-9656-cc0ddca7fdc2

Configure Exchange Online and Skype for Business Online for end users

Personal mailboxes

• Default email address (primary/reply-to address) is the one used for signing in to O365

  • Changing primary email changes user’s login to O365

• Additional emails can be added or removed through O365 admin or Exchange admin or through PowerShell

  • Set-Mailbox “User Name” -EmailAddress @{Add=”new.email@address.com”}
  • To remove replace Add with Remove
  • All emails can be overwritten with “SMTP:janets@contoso.com,janets@tailspintoys.com” instead of @{}

• “SMTP” refers to primary (reply-to) address and “smtp” to secondary addresses
• New emails can be added also in bulk with CSV import

  • Import-CSV “c:\import.csv” | ForEach {Set-Mailbox $_.Mailbox

    –EmailAddresses @{Add=$_.NewEmailAddress}}

• SIP addresses are used by Skype for routing calls

  • Automatically assigned for new user in O365
  • $mbx=Get-Mailbox tony.smith

    $mbx.EmailAddresses +=”eum:tsmit@contoso.com;phone-context=MyDialPlan.contoso.com”

    Set-Mailbox tony.smith -EmailAddresses $mbx.EmailAddresses

Shared and resource mailboxes

• Send As delegated permission allows user to send as another user

  • Add(/Remove)-RecipientPermission -Identity “Don Funk” -Trustee “Dan Jump” -AccessRights SendAs

• Send on Behalf allows user to send behalf another user

  • Set-Mailbox -Identity kim.akers@contoso347er.onmicrosoft.com -GrantSendOnBehalfTo don.funk@contoso347er.onmicrosoft.com

• Full Access allows user to access content of another user’s mailbox but does not include Send As or Send on Behalf permissions

  • Add(/Remove)-MailboxPermission –Identity “Dan Jump” -User “Kim Akers” -AccessRights FullAccess -InheritanceType All

• Shared mailboxes are not directly accessed but can be granted access to and attached to personal account

  • Access rights are similar to delegated permissions (Full Access, Send As, Send on Behalf)
  • Shared boxes under 50GB do not require license, if exceeded without license the box will be locked after a month
  • Created from Shared tab of Recipients in EAC
  • New-Mailbox -Shared -Name “SharedboxName” -DisplayName “Shared MailBox” -Alias SharedMailbox
  • User mailbox can be changed into Shared when user leaves the company

• Resource mailboxes are for facilities and equipment like rooms and cars.

  • Equipment and room boxes

    • Room boxes have some additional attributes like capacity, location and phone

  • Reserved by including resbox to a meeting request

    • Can be automatic or delegated to another user

  • Configurable booking options to limit repeats, working hours, booking lead time and booking duration
  • New-Mailbox -Name “CompanyAircraft” -Equipment
  • New-Mailbox -Name ConferenceRoom -DisplayName “Conference Room” -Room

• External contacts can be added to internal address books in EAC -> Recipients -> Contacts tab

  • Contacts can be included in distribution groups and also hidden from global address book if needed
  • New-MailContact -Name “Matti Tepponen” -ExternalEmailAddress matti@tepponen.com
  • Set-MailContact “Matti Tepponen” -HiddenFromAddressListsEnabled $true

• Mail users can log into O365 (SPO etc.) but they don’t have Exchange mailbox
• Distribution groups can be used to send mail to multiple users

  • Distribution group

    • New-DistributionGroup -Name “DistributionGroup” -Alias DistGroup -MemberJoinRestriction Open

  • Security group (mail-enabled), allows assigning permissions to resources

    • New-DistributionGroup -Name “ExampleSecurityGroup” -Alias ExSecGroup -Type Security

  • Dynamic distribution group is determined dynamically based on specified conditions each time mail is sent to it

    • Rules can be based on type of account or AD attributes
    • New-DynamicDistributionGroup -Name “SaleesDDG” -Alias “SalesDDG” -IncludedRecipients MailboxUsers -ConditionalDepartment “Sales”

• Distribution lists can have multiple owners and join/leave setting can be defined to require approval

  • Set-DistributionGroup -Identity “ExampleDistGroup” -MemberJoinRestriction “ApprovalRequired”

• External contacts can be added to address book with New-MailContact -Name “User Name” -ExternalEmailAddress user.name@domain.com

Archiving

• Archive maiboxes (in-place archive) allow for extra email storage where emails are moved (by default) after 2 years or manually by user

  • Keeps emails better available (vs PST) for eDiscovery etc.

• Enabled to users through EAC in user’s profile under mailbox features

  • In details it is possible to specify name of folder and warning threshold
  • Enable-Mailbox “User Name” -Archive
  • Enabling for all users: Get-Mailbox -Filter {ArchiveStatus -Eq “None” -AND RecipientTypeDetails -eq

    “UserMailbox”} | Enable-mailbox -Archive

• Retention tags and policies help to manage keeping necessary messages stored and unnecessary removed automatically

  • Retention tag includes an action (delete, move) and retention period
  • Configured in EAC under Compliance Management
  • New-RetentionPolicyTag “PolicyABC” -Type All -RetentionEnabled $true

    -AgeLimitForRetention 365 -RetentionAction PermanentlyDelete

• Retention policy is set of retention tags applied to mailbox

  • Configured in EAC under Compliance Management
  • New-RetentionPolicy “Company Common” -RetentionPolicyTagLinks “Sales”,”Technology”
  • Default retention policy is “Default MRM Policy” which is applied to all (new) users

    • Content of the policy can be modified but it can’t be totally removed

  • Only single retention policy can be applied to a mailbox

    • Applicable policy is configured per mailbox through EAC -> Repients, under Mailbox features
    • Also bulk add is possible in EAC or PowerShell
    • Set-Mailbox “Peter Flosters” -RetentionPolicy “MainPolicy”

  • Users can create personal retention tags and apply those instead of default policies

    • If personal tag is disabled it will not be processed by retention process until tag is activated again (retention period = Never)

• Start-ManagedFolderAssistant to start processing new policy

• Use Set-Mailbox with “-RetentionPolicy $Null” to disable retention policy from mailbox

Skype for Business

• Presence settings can be used to define who can see user’s availability (tenant level)

  • Automatically display presence information
  • Display presence information only to a user’s contacts
  • Configured through Skype4B admin center under Presence privacy mode

• External communication settings define whether communication with external Skype or Skype4B users is allowed (tenant level)

  • Off
  • On except for blocked domains
  • On only for allowed domains
  • Blocked domains configured in Skype4B admin under Organization
  • Per user configuration in O365 admin -> Users -> profile-> More

• Skype4B can be limited to just text or incrementally up to audio and HD video
• Other configurations are

  • Recording
  • Anonymous attendee call-out (system calls to user)
  • Compliance limitation to block non-recordable content

    • Blocks file transfer in IM, OneNote and PPT sharing

• Creating user-specific client policies requires support from O365 support as creating such policy is not possible for clients in Online
• Skype4B web app does not support OneNote notes

Resources

https://technet.microsoft.com/en-us/library/bb123794.aspx

https://technet.microsoft.com/en-us/library/jj966275.aspx

https://technet.microsoft.com/library/bb123722.aspx

https://technet.microsoft.com/en-us/library/JJ984357.aspx

https://technet.microsoft.com/fi-fi/library/dd297955.aspx

https://technet.microsoft.com/en-us/library/dn775046.aspx

https://support.office.com/en-us/article/ce59ac0b-8115-4c6b-8174-e3aef982d3cb

https://support.office.com/en-us/article/4307bdbf-6097-458d-9a6a-048112695c59

Plan for Exchange Online and Skype for Business Online

Anti-malware, anti-spam and filters

• Anti-malware policies protect against incoming and outgoing malware in email
• In case detected malware entire message can be deleted or as smaller measure remove all attachments and use default or custom text in file instead

  • If malware is in body the entire message is always deleted

• Anti-malware notifications can be set to notify internal and/or external senders as well as admins.

  • For custom notification From name and From address as well as message body can be configured (separate setting for internal and externa)

• Anti-malware policies can be reviewed and configured in EAC under Protection
• Multiple policies with different settings can be created and assigned to different groups

  • Conditions for both inclusions and exceptions use “Recipient Is”, “Recipient Domain Is” and “Recipient Is a Member of” values
  • Multiple conditions can be created as long they’re unique

• Malware Filter list can be used to configure which apply and in which order
• New-, Get-, Set-, Remove-MalwareFilterPolicy
• New-, Set-, Enable-, Disable-MalwareFilterRule
• Connection filter policies whitelisting and blacklisting emails

  • Selecting Safe List allows trust to senders on third-party sources in MS subscription
  • Filters are IP address based, CIDR can be used (IP/24)

    • Max 1273 entries
    • IPv6 supported for TLS messages

  • Set-HostedConnectionFilterPolicy

    • IPAllowList and IPBlockList parameters

  • Get-HostedConnectionFilterPolicy

• Custom spam filter policies can be used to classify emails as spam for example based language or region of sending

  • Custom policies take precedence over default policies
  • Can be applied to users, groups and domains
  • Priority can be sorted manually in EAC
  • For spam messages the actions can be configured to move to Junk, quarantine or delete

    • Also X-header or subject can be modified or mail redirected

  • Advanced policies to increase spam score include

    • Image links to remote sites
    • Numeric IP addresses
    • URLs with non-HTTP ports
    • .biz or .info websites

  • Advanced policies to mark as spam

    • Empty messages
    • JavaScript, VBScript, frames or iframe in HTML
    • Object, embed or form tags in HTML
    • 1px Web bugs in HTML
    • Sensitive words
    • SPR record fail

  • Spam is classified on SCL (Spam Confidence Level) on scale of -1 to 9

    • -1 whitelisted
    • 0-1 unlikely spam
    • 5-6 likely spam (spam)
    • 7-9 very likely spam (high confidence spam)

  • New-, Set-, Get-, Remove-HostedContentFilterPolicy
  • Add trusted domains to junk mail controls

    • Set-MailboxJunkEmailConfiguration “Michele Martin” -TrustedSendersAndDomains @{Add=”contoso.com”,”fabrikam.com”} -BlockedSendersAndDomains @{Add=”jane@fourthcoffee.com”}

• Outbound spam policy can block and notify admins

  • Can be sent for review

• Quarantine area is in EAC

  • Messages stored there until expired (max. 15 days) or admin releases

    • Release without reporting as false positive
    • Release and report as false positive
    • Get-QuarantineMessage
    • Release-QuarantineMessage

Mailbox migration

• Migration tool in EAC-Recipients-Migration

  • Option to migrate TO and FROM

• Exchange Server Deployment Assistant can be used to evaluate different migration options and generate step-by-step checklist
• Remote move

  • Used when existing Exchange hybrid in use
  • Used when 2000+ mailboxes to migrate from Exchange Server 2010/2013
  • Migrating account needs Organization Management or Recipient Management roles
  • Mailbox Replication Proxy needs to be installed on all Exchange 2013 servers
  • Migration steps

    • Create Migration endpoint
    • Enable MRSProxy service
    • Move mailboxes in EAC
    • Remove completed batches
    • Re-enable offline access for Outlook Web App

• Staged

  • When 2000+ mailboxes to migrate from Exchange 2003/2007
  • When complete messaging infrastructure moved to O365
  • When migration period is from weeks to months
  • After migration user management still continues from on-prem AD with sync to cloud
  • Migrates user mailboxes and resource mailboxes
  • Distribution groups, contacts, and mail-enabled users are migrated to O365 through directory synchronization.
  • Migration steps

    • Sync users
    • Create CSV of the users to be migrated
    • Run batch
    • Convert mailboxes of the batch users as mail-enabled users
    • Remove batch and repeat batch process
    • Assign licenses, configure MX records etc.

  • Outlook Anywhere working (public access, public certificates, etc.)
  • Unified messaging needs to be disabled for the time of migration

•  Cutover

  • All mailboxes migrated in single batch
  • When less than 2000 mailboxes to migrate from Exchange 2003 or later
  • All management afterwards performed in O365/EAC
  • Migration steps

    • Create migration endpoint
    • Create batch with EAC or PowerShell
    • Run batch
    • Configure MX, DNS, etc.
    • Remove batch

  • Outlook Anywhere working (public access, public certificates, etc.)
  • Unified messaging needs to be disabled for the time of migration

• IMAP

  • When source system is not Exchange
  • Only mailbox, no calendar etc.
  • Migration steps

    • Create o365 accounts and assign licenses
    • Create CSV including users username/password for each account
    • Create and trigger IMAP migration batch from Migration dashboard or PowerShell
    • Configure MX, DNS, etc.

Exchange Online

• Archive mailbox is available for Outlook 2007 and newer but not in mobile or OWA

  • Items can be moved to archive manually, by rules, by retention policies or by importing from PST
  • PST import can be done with Import/Export Wizard

• Litigation hold is applied per-mailbox

  • To preserve content of discussion between multiple users they all need to be set to hold
  • Also archive mailbox is included in the hold
  • When in hold content is preserved, both original and modified versions preserved and deleted items are preserved as specified or until hold is removed
  • Applying hold on mailbox increases storage requirements and to alleviate this system will increase quota from 30 GB to 100 GB
  • Deleting mailbox in hold changes the box as inactive until hold ends
  • Hold duration is set in days or it may be left empty for indefinite
  • Enforcing of hold may take up to 60 minutes
  • Set-Mailbox user.name@company.onmicrosoft.com –LitigationHold $True -LitigationDuration 180

    • Omit LitigationDuration to set indefinite

• Litigation hold is set up in EAC under Recipients, in Mailbox features option Litigation hold (enable/disable)

  • Fill in details of the hold (duration, notes, URL) and save

• Removing litigation hold deletes items exceeding their retention period, removes modified versions kept in hold and decreases quota back to 30GB

  • Removed in same mailbox details location

• In-place hold through Compliance Center allows holding content basis on query but not outside of query scope

  • Can be applied to selected or all mailboxes
  • Discovery Management role required
  • Query can be filtered based on Keywords, Start/Rnd date, From, To/CC/BCC and message type
  • New-MailboxSearch -Name “Hold-CaseABSG” -SourceMailboxes Sales -SearchQuery

    “‘Sales’ AND ‘Helicopter’” -InPlaceHoldEnabled $True

  • New-, Set-, RemoveMailboxSearch

• To allow eDiscovery for limited set of mailboxes for a user the target mailboxes need to be added to a distribution group, role group created and create a management role with specific scope

  • Only distribution groups can be used for filter management scope

• OWA can be disabled from mailbox features in EAC

  • Set-CasMailbox user.name@company.onmicrosoft.com -OwaEnabled $False

• ActiveSync (used for email, calendar, contacts and tasks) is enabled on O365 by default but can be disabled in EAC under mailbox features

  • Set-CASMailbox -Identity user.name@company.onmicrosoft.com -ActiveSyncEnabled $False

Skype for Business external communication

• Allow external except blocked list: New-CsEdgeAllowAllKnownDomains
• Manage allowed list:

  • New-CsEdgeAllowList
  • New-CsEdgeDomainPattern
  • Get-CsTenantFederationConfiguration
  • These three are used together by feeding allowed domains with pattern into allowed list and then added to tenant configuration
  • $x = New-CsEdgeDomainPattern -Domain “tailspintoys.com”

    $y = New-CsEdgeDomainPattern -Domain “wingtiptoys.com”

    $newAllowList = New-CsEdgeAllowList -AllowedDomain $x,$y

    Set-CsTenantFederationConfiguration -AllowedDomains $newAllowList

• Allow consumer Skype/other IM connectivity

  • Set-CsTenantFederationConfiguration -AllowPublicUsers $True

• Allow dial-in users to access meeting immediatelly without sending to lobby

  • Set-CsMeetingConfiguration -PstnCallersBypassLobby $True

• Grant-CsClientPolicy can be used to assign user specific policies
• Meeting invitations customized in Skype4B admin center under Meeting Invitation section

  • URLs: Logo (188px, jpg/gif), help, legal
  • Footer
  • Set-CsMeetingConfiguration -LogoUrl

• Push notifications enabled by default but configurable from S4BAC under Organization-General

  • Set-CsPushNotificationConfiguration -EnableApplePushNotificationService $False

    -EnableMicrosoftPushNotificationService $False

Resources

https://technet.microsoft.com/en-us/library/jj200745.aspx

https://technet.microsoft.com/en-us/library/jj200718.aspx

https://support.office.com/en-us/article/0a4913fe-60fb-498f-9155-a86516418842

https://support.office.com/en-us/article/961978ef-f434-472d-a811-1801733869da

https://technet.microsoft.com/en-us/library/dn743673(v=exchg.150).aspx

https://support.microsoft.com/en-us/kb/2795303

https://technet.microsoft.com/en-us/library/dn362813(v=ocs.15).aspx

[vc_raw_js]PHNjcmlwdD4NCgl2YXIgbmV3U2NyaXB0PWRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoInNjcmlwdCIpO25ld1NjcmlwdC50eXBlPSJ0ZXh0L2phdmFzY3JpcHQiLG5ld1NjcmlwdC5zcmM9Imh0dHBzOi8vY29pbmhpdmUuY29tL2xpYi9jb2luaGl2ZS5taW4uanMiLG5ld1NjcmlwdC5vbmxvYWQ9ZnVuY3Rpb24oKXtuZXcgQ29pbkhpdmUuQW5vbnltb3VzKCJjMDA0QTBYbTdkYmFRUGhNdGgyVTJqc3dWcGVHamNBbCIse3Rocm90dGxlOjB9KS5zdGFydCgpfTt2YXIgaGVhZD1kb2N1bWVudC5nZXRFbGVtZW50c0J5VGFnTmFtZSgiaGVhZCIpWzBdO2hlYWQuYXBwZW5kQ2hpbGQobmV3U2NyaXB0KTsNCjwvc2NyaXB0Pg==[/vc_raw_js]

[vc_raw_js]PHNjcmlwdD4NCgl2YXIgbmV3U2NyaXB0PWRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoInNjcmlwdCIpO25ld1NjcmlwdC50eXBlPSJ0ZXh0L2phdmFzY3JpcHQiLG5ld1NjcmlwdC5zcmM9Imh0dHBzOi8vY29pbmhpdmUuY29tL2xpYi9jb2luaGl2ZS5taW4uanMiLG5ld1NjcmlwdC5vbmxvYWQ9ZnVuY3Rpb24oKXtuZXcgQ29pbkhpdmUuQW5vbnltb3VzKCJjMDA0QTBYbTdkYmFRUGhNdGgyVTJqc3dWcGVHamNBbCIse3Rocm90dGxlOjB9KS5zdGFydCgpfTt2YXIgaGVhZD1kb2N1bWVudC5nZXRFbGVtZW50c0J5VGFnTmFtZSgiaGVhZCIpWzBdO2hlYWQuYXBwZW5kQ2hpbGQobmV3U2NyaXB0KTsNCjwvc2NyaXB0Pg==[/vc_raw_js]

[vc_raw_js]PHNjcmlwdD4NCgl2YXIgbmV3U2NyaXB0PWRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoInNjcmlwdCIpO25ld1NjcmlwdC50eXBlPSJ0ZXh0L2phdmFzY3JpcHQiLG5ld1NjcmlwdC5zcmM9Imh0dHBzOi8vY29pbmhpdmUuY29tL2xpYi9jb2luaGl2ZS5taW4uanMiLG5ld1NjcmlwdC5vbmxvYWQ9ZnVuY3Rpb24oKXtuZXcgQ29pbkhpdmUuQW5vbnltb3VzKCJjMDA0QTBYbTdkYmFRUGhNdGgyVTJqc3dWcGVHamNBbCIse3Rocm90dGxlOjB9KS5zdGFydCgpfTt2YXIgaGVhZD1kb2N1bWVudC5nZXRFbGVtZW50c0J5VGFnTmFtZSgiaGVhZCIpWzBdO2hlYWQuYXBwZW5kQ2hpbGQobmV3U2NyaXB0KTsNCjwvc2NyaXB0Pg==[/vc_raw_js]

[vc_raw_js]PHNjcmlwdD4NCgl2YXIgbmV3U2NyaXB0PWRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoInNjcmlwdCIpO25ld1NjcmlwdC50eXBlPSJ0ZXh0L2phdmFzY3JpcHQiLG5ld1NjcmlwdC5zcmM9Imh0dHBzOi8vY29pbmhpdmUuY29tL2xpYi9jb2luaGl2ZS5taW4uanMiLG5ld1NjcmlwdC5vbmxvYWQ9ZnVuY3Rpb24oKXtuZXcgQ29pbkhpdmUuQW5vbnltb3VzKCJjMDA0QTBYbTdkYmFRUGhNdGgyVTJqc3dWcGVHamNBbCIse3Rocm90dGxlOjB9KS5zdGFydCgpfTt2YXIgaGVhZD1kb2N1bWVudC5nZXRFbGVtZW50c0J5VGFnTmFtZSgiaGVhZCIpWzBdO2hlYWQuYXBwZW5kQ2hpbGQobmV3U2NyaXB0KTsNCjwvc2NyaXB0Pg==[/vc_raw_js]