1. 6/27/ :15 PM
BRK3332
Ten critical areas for those moving from Exchange on-premises to Office 365 Or how your admin world changes utterly…
Tony Redmond
@12Knocksinna
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2. Tony Redmond Executive at HP, Compaq, and DEC for many years
Lead author for “Office 365 for IT Pros” eBook
MVP since 2004
Columnist for Petri.com

3. Assumptions and Goals Your migration is complete
You might or might not run a hybrid environment
You need some new challenges to fill in all the time released from server and software maintenance…
This is not a deep-dive into any specific topic – 2-3 slides per topic!
Instead, the goal is to increase awareness of operating conditions that are significantly different after you move to Office 365

4. A New World
Office 365 used to be close to the on-premises Exchange and SharePoint products, but it isn’t now
Exchange and SharePoint are “basic workloads” within Office 365
Most of Microsoft’s engineering efforts for Exchange and SharePoint focuses on cloud
Office 365 and Exchange Online are massive
Office 365 develops at a rapid cadence
Licenses and add-ons control access to functionality

5. Topics for Discussion Backups Expanding archives
Distribution Groups and Office 365 Groups
Content Searches
Data Loss Prevention
Classification Labels
Auditing
PowerShell
Mobile architecture
Keeping up with Change

6. Backups in the Cloud

7. 1. Backups
Microsoft uses Native Data Protection to safeguard Exchange Online mailbox databases – no backups
Office 365 is divided into datacenter regions, each with at least two datacenters
Four mailbox database copies (1 lagged), split across datacenters
Single Item Recovery
14-day (30-day max.) Deleted Item Retention
SharePoint Online does have backups – but restores are for complete site collections
Use holds to keep items for longer
Use Inactive mailboxes to retain ex-employee data

8. 1 Backups
ISVs offer cloud backup solutions for basic Office 365 data, streaming data across the internet to their datacenters
Issues:
Lack of support for integrated applications (Groups, Teams, Planner)
Do you need backups for cloud data?
Can APIs and networks supporting backups for 100 GB mailboxes, expandable archives, and tons of documents
Cost

9. Expanding Archives

10. 2. Expanding Archives
Keeping all your data inside Office 365 makes data governance easier and cheaper
Office 365 Import Service and ISV tools can process and ingest information from multiple sources:
PSTs
Documents
Social networking and instant messages
Archive mailboxes are the natural target for much of this data

11. 2. Expanding Archives
Auto-expanding archives are an option for Exchange Online tenants who need to store massive amounts of data
Largest expandable archive now well over 1 TB
Configurable for the tenant or for individual mailboxes (one-way switch)
Can’t transfer an expandable archive to on-premises Exchange
Clients see a single large archive mailbox but search restricted inside a single folder
[PS] C:\> Set-OrganizationConfig –AutoExpandingArchive
[PS] C:\> Enabl box -Identity "Kim Akers" – AutoExpandingArchive

12. 3. Expanding Archives
Users begin with a normal archive mailbox. As data moves into the archive, a mailbox assistant monitors capacity and, when necessary, creates a new auxiliary mailbox
The auxiliary mailbox is linked to the archive by a GUID
Exchange automatically moves data from the archive to the auxiliary to rebalance storage; MRS synchronizes the data for up to 60 days to eliminate possibility of data loss
[PS] C:\> Get-MailboxLocation -User TRedmond | Sort MailboxLocationType -Descending | Format-Table MailboxGUID, MailboxLocationType
MailboxGuid MailboxLocationType
0370f d-cf0e5310a8d4 Primary
afc1e e-b990-85de223e809d MainArchive
bb e-b ddadd11 AuxArchive

13. The Future of Distribution Groups

14. 3. DLs and Office 365 Groups
Distribution Groups are the workhorse of Exchange
Office 365 offers Outlook Groups as an upgrade option
Team site (Files), notebook, mailbox, Teams, Planner, Stream, etc.
Outlook Groups mobile client and Outlook for iOS and Android
Groups appear as DLs in an on-premises GAL
Microsoft wants Office 365 tenants to use Groups
Upgrade only viable when source DLs
Are not nested
Only include cloud mailboxes
Other conditions

15. 3. DLs and Office 365 Groups
Office 365 (Outlook) Groups are limited to 1,000 members
Office 365 (Yammer) Groups have higher limits because they do not store conversations in the group mailbox
Dynamic Office 365 Groups are available, but require Azure AD Premium licenses for every member in the scope of queries used for these groups
Not an issue for tenants with EM+S
AAD policy available to control group creation – use it!
Strong use case still remains for DLs

16. Compliance, starting with Searches
Microsoft added compliance functionality from Exchange 2010 on. Much of what you see in Office 365 comes from the principles established in Exchange, influenced by SharePoint and extended or modified to handle other Office 365 locations

17. 4. Content Searches
Search and hold capabilities inherited from on-premises Exchange and SharePoint servers deprecated
Content searches are faster, more scalable, and cover more locations
EXO, Public Folders, Groups, SPO, OD4B (*permissions), Skype for Business IM, Teams
Number of mailboxes
Average search time
100
30 seconds
1,000
45 seconds
10,000
4 minutes
25,000
10 minutes
50,000
20 minutes
100,000
25 minutes

18. 4. Content Searches
Security and Compliance Center is the fulcrum for cross-Office 365 data governance functionality (note: different RBAC groups)
Use content searches for simple searching
Use eDiscovery cases to coordinate the searches, holds, and exports needed for investigations
Exports to PST or MSG files ( ) or to files
In-place holds available for all locations supported by content searches, but are placed through eDiscovery cases
Exchange-specific retention and legal holds also available

19. 4. Content Searches
Searches in KQL syntax with keywords and qualifiers to find content
Exchange and SharePoint support different keywords
Preview search results works like it does for Exchange on-premises
Searches can be targeted to specific folders or sites
Search results can be limited with filters
Advanced eDiscovery available (E5 or add-on) to deal with mega-investigations

20. Search-Mailbox
The Search-Mailbox cmdlet persists in Exchange Online and is the only way to permanently remove information found by searches from user mailboxes
You can add a delete action to a content search with PowerShell, but only for soft-delete
Delete actions apply to all content locations

21. Data Loss Prevention

22. 5. Data Loss Prevention (DLP)
Exchange DLP uses transport rules (ETRs) to enforce checking for sensitive content; checks also integrated in OWA and Outlook
Exchange DLP supports document fingerprinting
Office 365 DLP policies cover Exchange, SharePoint, and OneDrive for Business, but functionality differs with ETR-based checking
DLP checks integrated into file sharing dialog
Checks against multiple data types and classification labels
No document fingerprinting (yet)
DLP is important in the context of PII protection for GDPR

23. 5. Data Loss Prevention
Office 365 DLP policies cover Exchange content now and are executed after ETR-based policies
Gradually, Office 365 DLP policies will replace ETR-based policies
Use Office 365 policies whenever possible!

24. A Surplus of Labels

25. 6. Classification Labels
Exchange Messaging Records Management (MRM) introduced in Exchange 2007 and rewritten in Exchange 2010
Retention policies and tags processed by the Managed Folder Assistant (MFA)
SharePoint Online supports deletion policies to control removal of information
Classification labels are part of the Office 365 Data Governance framework to help tenants “Keep what you want, remove what you don’t”
Designed to work across all workloads

26. 6. Classification Labels
Office 365 Classification Labels have actions and retention periods
Placed on messages, folders, documents, and group conversations
Action can remove or keep information or do nothing (visual indicator)
Can trigger manual disposition by human (remove, extend, or apply new label)
Can be applied manually or through auto-label policies based on sensitive data type or keyword query (E5)
Can mark items as permanent records
Content searches can find items with specific classification

27. 6. Classification Labels
Labels are published to locations using Office 365 retention policies
Force labels to appear in UX
MFA must process mailbox before labels appear in OWA or Outlook; labels act like personal retention tags
Can apply to all locations or selected locations
Can impose preservation lock on marked content (limited ability to change policy settings)

28. Auditing

29. 7. Auditing Exchange includes both mailbox and administrative auditing
Admin auditing enabled by default, you have to enable mailbox auditing
Office 365 has a unified audit mart with ingestions from multiple workloads, including Exchange
Events normalized using common schema during ingestion
A tenant with 200 users can easily generate > 5,000 audit events daily
SharePoint Online is the most verbose application – much poorer coverage in other applications
You still have to enable mailbox auditing for Exchange
Events turn up in the audit mart between 15 minutes and a few hours after generation and stay there for 90 days

30. Admin Activity Recorded User Activity Recorded
7. Auditing
Workload
Admin Activity Recorded
User Activity Recorded
Azure Active Directory
Yes
Exchange Online
Yes (Admin Audit Logging)
Yes (Mailbox Audit Logging)
SharePoint Online and OneDrive for Business (including sync. client)
Skype for Business No
Sway
Yes (Coming soon)
Power BI for Office 365
Microsoft Teams
Yammer
eDiscovery (searches and cases)
N/A
Teams
No (* sign-ins)
Dynamics 365
Flow
Coming
---

31. 7. Auditing Fast Channel Slow Channel Management Activity API
Pipeline (Azure Micro services)
O365 services
DataMart
Fast Channel
Shredder
Tenant 1
Service bus
Tenant 2
Tenant 3
Audit Search
Reports
Dashboards
Security & Compliance Center
Applications
Management Activity API
Microsoft OMS
Microsoft Cloud App Security
External partners
Non-Office 365 Apps
mbx2
shard1
shard2
shard3
Slow Channel
Office 365 workloads
Azure AD
Exchange Online
SharePoint &
OneDrive for Business
Security &
Compliance Center
Power BI

32. 7. Auditing
Search Audit log (Security and Compliance Center) for online searches of the Office 365 audit mart
Export results to CSV file
Search-UnifiedAuditLog PowerShell cmdlet also available to search for audit events
Retrieve batches of audit data (5,000 entries)
Audit data in JSON format

33. 7. Auditing
Searching audit entries rapidly becomes tiresome and prone to human error, so some auditing help might be needed
Office 365 Advanced Security Management (E5)
Quadrotech Security and Audit
Alert Policies (E5) automate scanning for patterns of events recorded in audit log
“external volume of file deletion”
Activity Alerts check for specific events recorded in audit log (can be created from SCC Search Audit Log option) and notifications to named individuals
Can arrive well after the event

34. PowerShell for All

35. 8. PowerShell
PowerShell used extensively within Office 365 to solve administrative problems
Remove items from mailboxes, search audit logs, perform common operation on hundreds of objects, etc.
PowerShell set for Exchange on-premises contains hundreds of cmdlets that you don’t find in Exchange Online
Exchange Online has its own unique cmdlets too – like those to control Office 365 Groups (Set-UnifiedGroup, etc.)
Other important endpoints:
SharePoint Online, Security and Compliance Center (SCC), Azure Active Directory, Rights Management, Skype for Business
See

36. 8. PowerShell
More extensive throttling exists in the cloud than on-premises
Azure AD PowerShell module exists in V1 and V2
V1: -MSOL cmdlets
V2: -AzureAD cmdlets
The functionality available in the two versions are not identical
Important to use SCC endpoint when dealing with compliance functionality
Content searches, eDiscovery cases, classification labels

37. Managing Mobile Devices

38. 9. Mobile Devices
ActiveSync is great, but it is an old protocol and is now the “lowest common dominator” connection protocol used by companies like Apple, Samsung, and Google
Outlook for iOS and Android use a different architecture to access mailbox data
Focused Inbox support
Complete mailbox contents is indexed and available for searching
Other Office 365 mobile clients use a mixture of APIs such as the Microsoft Graph

39. 9. Mobile Devices
EAC Mobile Device Access policies are good enough for ActiveSync devices, but they are not well suited to Office 365 mobile clients
Intune is the preferred option

40. Keeping up to date with an Ever-changing Cloud

41. 10. Keeping Up to Date
Office 365 changes rapidly and often and sometimes without warning
Documentation and blogs are not always accurate (blogs decay quickly)
The Office 365 Roadmap is your friend, but changes occur outside the roadmap
Message Center in Office 365 Admin Center is more precise for your tenant
Use weekly update ed as a heads-up
First Release and Standard Release (and mixed)
Test tenants
Licenses control functionality
Using AAD Groups for license management

42. 10. Keeping Up to Date
Service Health Dashboard (SHD) and the question of knowing what’s happening inside Office 365
Should you worry about the Office 365 Service Level Agreement (SLA)?

43. Random But Important Stuff
Multi-factor authentication and conditional access (including for PowerShell)
Much easier to use Rights Management (Azure Information Protection)
Need to rework processes to secure ex-employee data
Inactive mailboxes and other data sources that need to be secured
Widespread use of machine learning within Office 365, including analytics products
Office 365 Power BI adoption pack
Office 365 Secure Score

44. Cloud Skills In-depth knowledge of at least one basic Office 365 app
Exchange, SharePoint/OneDrive for Business, Skype for Business
Broad awareness of newer apps like Groups, Planner, Teams, StaffHub
Knowledge of Azure Active Directory (accounts, external sharing, license management)
Hybrid connectivity (if needed)
PowerShell (to the level of basic scripting)
Tracking new developments – Stream, PowerApps, Flow, etc.

45. Summary and Takeaways Topic Comment Backups
None for Exchange Online – but do you need them?
Archives
Expandable in the cloud
Distribution Groups
Office 365 Groups might be better…
PowerShell endpoints
Limited cmdlet set for Exchange compared to on-premises; separate endpoint for Security and Compliance Center
Searches
Content searches for EXO, SPO, Groups, OD4B, Teams
DLP
Unified DLP policies taking over from Exchange Transport Rules
Classification Labels
Apply to EXO, SPO, OD4B, Groups – but not like mailbox retention policies and tags
Auditing
Unified Office 365 audit mart and audit searches for everything
Mobile
ActiveSync now lowest common denominator; Outlook is the king
Change
Just get used to constant change because Office 365 is “evergreen”…

46. In Closing
The radically different nature of Office 365 needs a different administrative mindset to Exchange or any other on-premises environment
Office 365 is where development focuses and where new functionality appears
Embrace change and keep your eyes open…

47. Thanks! Come talk to me at the Quadrotech booth (119)…

48. Please evaluate this session
Tech Ready 15
6/27/2018
Please evaluate this session
From your
Please expand notes window at bottom of slide and read. Then Delete this text box.
PC or tablet: visit MyIgnite
Phone: download and use the Microsoft Ignite mobile app
Your input is important!
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.