Deep Dive Into Office 365 Deployment (Part 3)

by [Published on 21 July 2016 / Last Updated on 21 July 2016]

In the third part of this article series, we'll talk about mapping common business requirements from the customer to Office 365 Services.

If you would like to be notified when Nirmal Sharma releases the next part of this article series please sign up to the WindowsNetworking.com Real time article update newsletter.

If you would like to read the other parts in this article series please go to:

In part 1 of this article series, I explained a little on Microsoft Cloud Services and customer requirements. The customer would like to avail Office 365 services such as Email, Lync, SharePoint, and dynamic CRM and also be able to build a Hybrid cloud environment. The requirements from the customer indicates that the customer should be able to host users at both on-premise and cloud and also plan to keep Exchange and SharePoint services on-premise to build a Hybrid cloud environment. By taking a close look at the requirements document, explained in the Part 1 of this article series, my first task was to do an assessment of the customer production environment. I explained the results of the assessment in Part two of this article series.

From this point onwards, we are going to take a steady approach that will help us build the foundation for deploying Office 365 components. We are going to explain several stages that we will be used throughout the deployment of Office 365 components to meet customer’s requirements. The stages that we are going to discuss throughout the rest of the article series are mentioned below:

  • Stage 1: Mapping Business Requirements to Office 365 Services
  • Stage 2: Proposal Summary
  • Stage 3: Acceptance Criteria
  • Stage 4: Planning Phase
  • Stage 5: Deployment Phase

Now that you have done an assessment of the customer environment, it is time to map common customer business requirements to the Office 365 Services. It is imperative that you go through each of the requirements highlighted by the customer and then map to Office 365 services.

Stage 1: Mapping Business Requirements to Office 365 Services

If you take a close look at the Office 365 offering, you know that the requirements highlighted by the customer are achievable by using services offered by the Office 365. The below table explains the customer requirement and the Office 365 services you can use to meet the requirement.

Customer Requirement

Solution

Remark

We need to sync our on-premise users to the Office 365. However, it is important to note that some of the users need to be controlled by using the Office 365 security policies and some users will be controlled using the security policies defined in on-premise Active Directory. For example, we would like to use the password policies defined in On-premise Active Directory to meet compliance and regulatory requirements.

 

Active Directory Synchronization using AADConnect and Microsoft ADFS solution to be deployed at On-Premise.

Using Azure Active Directory Connect, customer can sync on-premise users to Office 365 WAAD.

Customer can continue to use Password Policies defined at On-Premise Active Directory.

Although we have 28 locations around the world, but we would like to use Office 365 services for some locations. In other words, we would like to exclude location X and Y.

If we don’t want users from some locations to use Office 365 services, do not assign Office 365 licenses.

Users that do not need to use Office 365 services will be excluded from Directory Synchronization. We need to configure filtering when installing AADConnect.

We should be able to manage mobile devices for all locations via Office 365.

 

Office 365 has built-in functionality to manage Mobile devices, but it depends on how much control you need to implement over mobile devices.

This particular requirement must be discussed with customer as part of the Acceptance Criteria stage.

We have a few corporate applications that we want to deploy in Office 365 Cloud. We would like users to use their corporate Active Directory credentials rather than using Office 365 credentials to run these applications. In other words, we would like to have Single Sign On experience for all of Office 365 services we plan to use.

Deploy Single-Sign-On using ADFS. ADFS Servers to be deployed at On-Premise.

In the planning stage, we need to plan for SSL Certificates, number of ADFS and WAP Servers to be deployed, etc.

We do not want to move all of our infrastructure. We would like to keep Exchange and SharePoint services on-premise and integrate with Office 365 to build a hybrid cloud environment.

Use Exchange Migration tools to migrate On-Premise Mailboxes.

Use Exchange Server Deployment Assistance to plan for Hybrid connectivity.

 

Please note that we have roaming users in some of the locations and they should be able to access both on-premise and Office 365 services/resources.

Office 365 exposes public URLs for services. So Office 365 services can meet this requirement.

During the planning stage, do an assessment to know what these roaming users are and what Office 365 services they would like to use.

We want every user location to install and use Office Pro Plus from their computers and smart devices.

Office 365 enables users to download Office 365 software. You can enable setting for PC and Mac.

During the planning stage, discuss the requirements with the customer in detail.

Since our users are located across the world and business requires that users interact with each other, our employees should be able to collaborate with each other by using a community forum.

Use Office 365 Yammer social network service.

Office 365 Yammer ships with two plans; Yammer Basic and Yammer Enterprise. During the planning phase, select a plan that is appropriate.

We also need to ensure that we protect company information. Currently, we are using AD RMS in our environment, but we would like to migrate our AD ARM infrastructure to Office 365 RMS and be able to protect company information for both Cloud and On-Premise users.

Use Office 365 RMS to protect company information.

AD RMS can be migrated easily with a little planning.

Note that customer’s requirement is to protect corporate information on PCs as well as mobile devices.

We have heard about second factor or multi-factor authentication. We would like to implement a strong authentication mechanism for users other than just the user password.

Office 365 provides Multi-Factor Authentication or MFA in short.

It is necessary to take a few things into consideration before rolling out MFA for users. During the planning stage, discuss with the customer as to know how many users will use the MFA service.

We also need to have an email screening policy in place that helps us screen emails before they are delivered to employees/partners/suppliers.

Anti-Spam and Anti-Malware Protection feature of Office 365 Exchange Online can meet this requirement.

 

Adhering to legal and compliance requirements by delegating some tasks to the delegated teams such as compliance and auditing teams.

Use Office 365 admin roles.

During planning stage, decide the number of admin roles to be created.

Simplifying document management and improve collaboration.

Use Office 365 SharePoint Online service.

 

Now that you have evaluated all the requirements highlighted by the customer, go back to the customer with a proposal summary that explains the overall deployment approach you are going to use to meet all of the requirements. It is also necessary to call out any issues and concerns during the acceptance criteria phase.

In the next part, we are going to explain the basic steps for creating a proposal summary and acceptance criteria documents.

If you would like to be notified when Nirmal Sharma releases the next part of this article series please sign up to the WindowsNetworking.com Real time article update newsletter.

If you would like to read the other parts in this article series please go to:

See Also


The Author — Nirmal Sharma

Nirmal Sharma avatar

Nirmal Sharma is a MCSEx3, MCITP, and was awarded Microsoft MVP in Directory Services. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles for various online communities. Nirmal can also be found contributing to PowerShell based Dynamic Packs for ADHealthProf.ITDynamicPacks.Net solutions.

Advertisement

Featured Links