Category: Exchange


Office 365 Preview: eDiscovery and Legal Hold

Filed Under: BPOS/Office 365, Exchange, Lync by Matt — Leave a comment
November 12, 2012

In the upcoming Office 365 update, using the 2013 backend architecture, Office 365 administrators will be able to take advantage of a new set of Compliance Management capabilities.  Data Loss Prevention, part of an earlier blog, is included in these new features, as is enhanced auditing, journal rules, retention tags/policies, and a new version of in-place eDiscovery and Legal Hold.  Legal Hold is now expanded to include items such as Lync (with some limitations), and easier to work with.

The Compliance Management section is found in the Exchange administrative features in the Office 365 Preview:

You can see I’ve already created some different searches for client demos.  For this blog, I’m going to walk you through how the Lync eDiscovery search is created,  but also show you where the other options can be configured.  The process is easily repeatable, and all configured through the GUI.

When you create a new search, you’ll see 4 options available:

1. Name (and Description)

2. Mailboxes – you can determine whether All Mailboxes or individual users are part of the search.  This allows for multiple policies (i.e. overlapping legal holds) to apply to the same user.

You can also see how many In-Place Holds apply to an individual user by viewing Exchange Admin Center -> Recipients -> Click on a user and view the In-Place Hold section that populates on the right side of the screen.  If you select View Details, you get this:

You can see the policy named In-Place Hold is applied to my test account.

3. Search Query – here is where you configure the desired results of the search/hold policy being created.  You can see that the search is fairly robust, with Keywords, Dates, From, To and Message Types being available.

The available Message Types, including Lync, are here:

4. In-Place Hold – as its name would indicate, here is where you define whether this is an eDiscovery search or an In-Place Hold (Legal Hold) policy.  Note that you can make this a “soft”, or rolling, legal hold without engaging Microsoft support channels or using PowerShell simply by specifying a number of days for the policy to apply.  Again, remember you can have overlapping policies on individual users, without manual intervention.

Now that the search is created, we can easily preview the search results from an account with the proper permissions applied:

And, finally, we can view the results of Lync conversations between the two users identified in the search:

The IM conversation show indicates sources from which the IMs were sent.  This is important, because not all sources are currently covered.  I was able to see IMs and generated phone calls from a full desktop client (Lync 2013 and Lync 2010), as well as Lync MX (from my Surface RT).  I was not, however, able to audit conversations generated from a Lync Mobile application.  This example shows the receiving end of a Lync Mobile IM conversation (received on the Lync 2013 desktop client), but the original IM is not found when viewing results for Johnny Test User.  What this means is that any IM conversations between two or more users using Lync Mobile would never be caught by the current Compliance Management capabilities.  Above and beyond that, this is not a tool meant to track phone usage, as any calls generated by Lync Phone Edition will also not be tracked.

Lync 2013 version support for Compliance and Archiving can be found here: http://technet.microsoft.com/en-us/library/gg425836.aspx

So, as you can see, eDiscovery and Legal Hold have gotten much easier in Office 365 Preview…but I’m sure it still won’t prevent people from saving subfolders/years of data in their Deleted Items folder!

Tags: , , , ,
Comment

Office 365 Preview: Integrated Apps for OWA

Filed Under: BPOS/Office 365, Exchange by Matt — Leave a comment
October 29, 2012

Office 365 Preview: Integrated Apps for Outlook Web App

Microsoft has introduced the concept of app downloads, similar to mobile device app stores, to the Outlook Web App (OWA) experience.  While a few applications are pre-installed, the Microsoft Office Store (http://office.microsoft.com) has additional options available for download and deployment to OWA users.

Pre-installed Applications – Bing Maps:

Bing Maps, a pre-installed application, is an excellent tool for any email that has an address included.  In the even that no address is present, Bing Maps doesn’t even show up; if there is an address, however, you can easily view the location on a map with a single click.

No Address Included in Message:

Address Included in Message:

Installing New Apps for OWA:

Additional apps will come as developers contribute, but some familiar names can already be found. LinkedIn is an app that I have downloaded from the Office Store and installed on Exchange Online for deployment to the Office 365 users.  The process is very easy.

1. Find the app you want to install and click on Add:

2. Confirm installation after authenticating in the Office 365 Preview:

3. Configure your deployment preference.  You can see here LinkedIn is deployed to Everyone:

4. Enable the app:

5. Now I can do a LinkedIn search against email senders/recipients without leaving my email:

As enterprises explore additional functionalities (i.e. as the Office Store grows), they will be able to see massive opportunity to integrate business functionality directly in to OWA.  This is not simply a gimmick (<cough> OWA Themes), it is yet another move by Microsoft to make Office 365 an Enterprise-level suite of applications that bring efficiency and productivity to every business environment.

 

 

 

Tags: , ,
Comment

Office 365 Preview – 2013 Architecture

Filed Under: BPOS/Office 365, Exchange, Lync by Matt — Leave a comment
August 8, 2012

Now that the Office 365 Preview site is up for those that want to see what the new wave of Office 365 looks like, I am taking the opportunity to provide a high level preview for those that are interested.  This is by no means an in-depth look at any new features (those will be next), but rather a bird’s eye view of things to get excited about.  The screen prints below are rather small, but you can click on them to expand to a larger size.

For those that have taken part in the Office 2013 preview (http://www.microsoft.com/office/preview/en), the new Office 365 environment will offer many similarities.  Obviously all the Microsoft teams are working together on the upcoming wave of software/services rollouts to ensure a consistent look and feel.

Additionally, the often annoying characteristic of multiple windows popping up when navigating the Office 365 portal has been changed to a more streamlined single-window pane.  You can see below that the majority of the administration options are presented in the same location, with the selected user’s data displaying off to the right.

Of course, a separate window still pops up for editing the user, but I like the more neutral tones and classier fonts:

Ok, enough of the “look and feel” you say, and on to the new stuff!  Well, in case you didn’t see it in the earlier screen print, Office 365 is now supporting Public Folders! (That’s right…despite years of being told they would go away at some point even for Exchange on-premises…).  Now you will be able to create Public Folder Mailboxes and populate them with Public Folders:

Data Loss Prevention templates are now available to actively monitor all email for sensitive content and enforce protection requirements.  A subset of the templates are seen here:

As has been Microsoft’s tendency, they have again added even more functionality in to the GUI, rather than leaving admins as dependent on PowerShell as they were in previous versions.  For example, you can now create Equipment mailboxes straight from the GUI:

Lync Online provides more customization, and includes more GUI access to their newly available Lync Online Plan 3 (Lync to Phone).  Additionally, Meeting Invitation customization is now available:

Although SharePoint isn’t my forté, it’s clear to see that a change has been made here as well:

Above and beyond the Office 2013 download being available, Office 365 now also includes SharePoint Designer 2013 as well:

The whole experience is very exciting, as Microsoft continues to rapidly grow their Office 365 offerings while staying competitively priced in the market.  I’m anxious to see what the final product will look like!

Tags: , , , ,
Comment

Quest MessageStats: Own Your Exchange Environment

Filed Under: BPOS/Office 365, Exchange, Quest by Matt — Leave a comment
April 16, 2012

When I work with clients on Exchange upgrades/migrations, I go through a standard list of questions to get their current state environment.  These questions are important in terms of appropriately sizing a messaging environment, and very often the clients end up estimating numbers because they don’t have any empirical data to work with.  Enter Quest and their MessageStats software.

MessageStats aggregates Exchange data and provides easy to use reports at the click of a button.  A few of the reports available can be seen in the Report List image.  Many of the current state assessment questions can be easily answered with these stock reports.  Want to know average message size or how many messages are sent/received per day?  One click.  Want to know top senders and/or receivers?  I can provide a graph and specific details easily.

 

 

 

 

 

 

 

Above and beyond the stock reports is the ability to create my own meaningful reports for “at a glance” environment reporting and even provide some internal numbers to allow for financial assessments.  For a per-mailbox cost, this tool pays for itself in the amount of effort it saves (and how good it makes me look when management asks questions about Exchange).

 

 

 

 

 

 

 

 

 

 

 

 

 

 

I recommend this tool to every client I work with, and offer to set up the free 90-day demo environment to show them how it is effective and easy to use.  It can be used for Exchange 2007/2010 and/or Exchange Online (Office 365).  There are additional reporting packs not only for OWA, but also for OCS 2007/Lync 2010 and a variety of other Exchange-integrated applications.  Project Leadership Associates is a Quest partner and can assist with not only MessageStats deployments, but also any of their other tools used for managing a messaging solution.

http://www.quest.com/messagestats/

 

 

Comment

Office 365 Deployment Considerations

Filed Under: BPOS/Office 365, Exchange, Lync, Migration by Matt — Leave a comment
April 3, 2012

During my client interactions, a couple of recurring confusions continue to plague the decision making process to move to Office 365.  I wanted to take a moment to document them for other to get some fast answers.

1. Directory Synchronization is Required for Single Sign-On with Office 365.

The two main components of SSO with Office 365 are Directory Synchronization and Active Directory Federation Services 2.0 (ADFS 2.0).  They are both necessary for a client to log on to Office 365 using their current Active Directory credentials.  The key road block for some clients is that Directory Synchronization synchronizes the entire directory; all users, all groups.  Yes, there are ways around this; no, they are not supported by Microsoft.  Additionally, Directory Synchronization is limited to a single AD Forest at this time.  Future functionality may provide solutions to these two concerns, but they are facts that have to be communicated today.

2. Lync Federation is Not the Same as Active Directory Federation Services.

Lync Federation is  the ability to IM other companies that also use Lync Online or Lync on-premises, as well as see Presence and limited status information (depending on the configuration settings).  This is not SSO.

3. Exchange Federation is (also) Not the Same as Active Directory Federation Services.

Exchange Federation allows Exchange Online and Exchange 2010 environments to share Calendaring information, depending on configuration settings.  This is not the same as SSO.

3. Lync On-Premise and Lync Online Cannot Share the Same SIP Domain

At this time, Lync On-Premise and Lync Online cannot share the same SIP domain.  In order to have coexistence between the two within a single organization, two separate SIP domains and Lync Federation between those domains needs to be configured.  This will likely change in the future.

4. ADFS 1.0 is Not Used for Office 365

ADFS 1.0 is the version available in Windows Server 2008 within the Roles configuration settings.  This will not work for Office 365 federation configuration.  ADFS 2.0 is a separate download that will need to be installed.

Hopefully these points will help clear up any confusion during your planning process and allow you to focus on the other hurdles that come along with any migration effort.

What other deployment confusion have you seen in the field?  I’m always ready to learn from someone else’s hard work…

Tags: ,
Comment

December Updates for Office 365

Filed Under: BPOS/Office 365, Exchange by Matt — Leave a comment
December 8, 2011

As promised, Microsoft continues to roll out new and improved functionality in Office 365 as it is available.  The following updates summarize what is planned for December (through April, technically).  The link at the end will show you all the updates rolled out since Office 365 was officially released.

 

Exchange Hybrid Configuration Wizard* (Not available for Professional and Small Business users)
This new wizard will help streamline the hybrid deployment process by simplifying the configuration of Exchange Online features and services, including calendar and free/busy information sharing, mailbox moves, secure mail flow and Exchange Online Archiving.
* This update will roll out to customers over the next several months.  We expect that all customers will receive the update by April 2012.

Additional Information:
To lean more, refer to the EHLO Blog Released: Exchange Server 2010 SP2

For more detail on the Exchange Hybrid Configuration Wizard, refer to TechNet What’s New in Exchange 2010 SP2

 

 

Exchange enhancements to email migrations*
Two new enhancements to migration features will bring greater efficiency to email migrations.
1.  Enhanced Management Capabilities: The new Exchange Online migration dashboard helps to improve administrative efficiency during a cutover Exchange migration, a staged Exchange migration, or an IMAP migration. Tenant administrators can schedule multiple migration batches, obtain migration status information for migration batches, view per user details, and see skipped items. Improved reporting and diagnostics tools also improve the troubleshooting experience.
2.  Number of Concurrent Migrations: Administrators can now use Exchange Management Shell to increase the value for a migration batch to as high as 50.
* This update will roll out to customers over the next several months.  We expect that all customers will receive the update by April 2012.

Additional Information:

To lean more, refer to the EHLO Blog Exchange Online December 2011 Service Update

For more detail on email migrations, refer to the Help article E-Mail Migration Overview

 

 

Exchange enhancements to multi-mailbox search* (Not available for Professional and Small Business users)
Users can now launch a separate window to preview message hits and statistics for each query. Search performance has also been improved with reduced impact of retried query failures, as well as enhancements to scalability and availability.
* This update will roll out to customers over the next several months.  We expect that all customers will receive the update by April 2012.

 

Additional Information:
To lean more, refer to the EHLO Blog Exchange Online December 2011 Service Update

For more detail on multi-mailbox search, refer to the Help article Multi-Mailbox Searches

 

 

Exchange retention policy and tag management*

We have improved the mailbox retention settings so it is easier to manage user mailboxes in an organization. Users can now use the mail control settings in Exchange Control Panel to create and manage retention tags and policies.
* This update will roll out to customers over the next several months.  We expect that all customers will receive the update by April 2012.

Additional Information:

To lean more, refer to the EHLO Blog Exchange Online December 2011 Service Update
For more detail on retention policies, refer to the Help article Set Up and Manage Retention Policies in Exchange Online

 

 

Exchange group naming policy*

Administrators can now standardize and manage the names of distribution groups—also known as public groups—created by users in their organization. They can require that a specific prefix and suffix be added to names for distribution groups when created, and block specific words from being used. This feature helps to minimize the use of inappropriate words in group names.
* This update will roll out to customers over the next several months.  We expect that all customers will receive the update by April 2012.

Additional Information:

To lean more, refer to the EHLO Blog Exchange Online December 2011 Service Update
For more detail on setting up a group naming policy, refer to the Help article Create a Naming Policy for Distribution Groups

 

 

Exchange high availability architecture enhancements*  (Not available for Professional and Small Business users)
We have extended the high availability architecture for Exchange Online across additional sites to provide greater resilience in the event of network failures. Administrators and end users may notice changes to server names in URLs and in protocol settings, although bookmarks for Outlook Web App should not be affected. The connection for client applications and devices, including those configured to connect directly to server addresses, will automatically redirect when the mailbox is migrated to the latest software. A very small percentage of mobile devices are not 100% compliant and may have to be reconfigured to connect to a changed pod address.
* This update will roll out to customers over the next several months.  We expect that all customers will receive the update by April 2012.

 

Additional Information:

Refer to the Help article Mobile Phone Setup Wizard for connection procedures

To lean more, refer to the EHLO Blog Exchange Online December 2011 Service Update

 

 

Outlook Web App in Internet Explorer 9 App Mode*
Outlook Web App can now be pinned to the task bar using Internet Explorer 9 App Mode. This feature gives users the ability to launch Outlook Web App with one click and run it with fewer distractions because it is separated from other browsing sessions. It also keeps users informed of incoming email and IM when minimized or hidden, and offers quick access to common Outlook Web App commands from the taskbar.
* This update will roll out to customers over the next several months.  We expect that all customers will receive the update by April 2012.

Additional Information:

To lean more, refer to the EHLO Blog Exchange Online December 2011 Service Update

 

 

Sender photos in Outlook Web App*
Users can now match faces to names in their organization with photos displayed next to sender information in emails. The display of photos is enabled by default, but administrators can modify the settings of Outlook Web App mailbox policy to disable this feature.
* This update will roll out to customers over the next several months.  We expect that all customers will receive the update by April 2012.

Additional Information:

To lean more, refer to the EHLO Blog Exchange Online December 2011 Service Update

 

User Name Self-Update for Admins
Admin users now have the ability to update their own alias after adding a domain. Previously, Admins required another Admin user to make this change or they needed to create one in the case of a single-user account. To complete this task, sign in to Office 365 and go to the user management experience. Selects your username and click edit.  In the edit experience, you can change your username from yourname@yourcompany.onmicrosoft.com to yourname@yourcompany.com.  Once you have clicked save, you will need to sign out and sign back in to complete the change.

 

Microsoft Online Services ID moniker changing to user ID
We have changed text in the product and in the sign-up pages from “Microsoft Online Services ID” (MOS ID) to “user ID” to reduce confusion around what the MOS ID is.

See all the Office 365 changes implemented here: http://community.office365.com/en-us/w/office_365_service_updates/service-updates-for-office-365-for-enterprises.aspx

 

Tags: , , , ,
Comment

Using PowerShell with Exchange Online and Office 365

Filed Under: BPOS/Office 365, Exchange, PowerShell by Matt — Leave a comment
August 1, 2011

One of the great new capabilities in Office 365 is the extensive list of available PowerShell cmdlets for not only managing your Office 365 tenant, but also Exchange Online individually.  Where in BPOS it was recommended to setup DirSync and extend your schema to include Exchange 2007 attributes, now you can use PowerShell commands to manage your Exchange Online environment almost as if it were on-premises; using the Exchange 2010 Management Console is an option as well.

Recently a client was hesitant to move directly to an ADFS 2.0 implementation, which would’ve allowed him to utilize his local Active Directory password policy via federation.  However, despite his caution, he was not forced in to a Microsoft 90-day complex password policy separate from AD because PowerShell allowed him to turn off the complex password policy.  (Note: that functionality may not exist long-term in Office 365)  I do not condone any environment using a non-complex password policy, but the point is that this small business had the flexibility to override default settings and do what worked best for their business on an “as-needed” basis.

Managing groups of users via scripting for tasks other than migration is now a simple process, as is dumping data out for reporting.  Whereas BPOS required a local schema extension for Exchange or a manual, one-by-one process to work through objects such as External Contacts, now they can be managed in bulk without additional changes to your local Active Directory environment.  Office 365 has truly delivered a robust Exchange environment to the cloud.

The full list of commands available can be found here: http://help.outlook.com/en-us/140/dd575549.aspx.

Tags: , , ,
Comment

Hybrid Solutions When Considering “The Cloud”

Filed Under: BPOS/Office 365, Exchange, Migration by Matt — Leave a comment
May 31, 2011

There are many cloud solutions for email today, and no two vendors are competing more for your business than Microsoft and Google.  Each of these vendors has their benefits, but there is one key consideration that every business should take in to account.  When you move completely to “the cloud”, you move your application in to an environment dependent on an Internet connection.  If you lose Internet connection, you lose functionality.  If the provider loses connection, you lose functionality.  The former scenario can be avoided in a variety of manners, such as redundant hardware internally and/or redundant network connections.  When it comes to the latter scenario, both Microsoft and Google have had their mishaps and both handle the scenario in different ways; each has their own merits, but the loss of functionality has consequences that extend beyond vendor relationships and refund options.  Microsoft has two answers to this problem.

1. Outlook Cached Mode

Microsoft Outlook allows for a Cached Mode, which keeps a local copy of all the account information in a special file (.OST).  This means that in the event of a network outage, a user still has a local copy of everything to the point of the outage.  The user may not be able to send email, but they can refer to previous emails, check contacts and view their calendar.  Web-based clients obviously do not allow for this scenario.  Functionality is still reduced, but you don’t leave users in a completely non-functional state.

2. Hybrid E-Mail Solutions

Rather than being completely dependent on a “cloud solution”, Microsoft allows Office 365 to coexist with an on-premise Exchange environment, provided that certain technical requirements are met.  Not only does this mean that you can intermingle your accounts between environments, but also that you are not chained to the Microsoft-provided service.  In the event that Office 365 were unavailable, you could stand up necessary accounts internally.  The extent to which a disaster recovery solution was established would depend on your business needs, but the point is the option exists.  No other “cloud solution” allows for a coexisting on-premise environment.

If dependency on the Internet and a foreign entity handling your application services has you hesitant towards moving to “The Cloud”, it is important to remember that hybrid options exist to mitigate risk.  The extent to which you are looking to offset administration and hardware responsibilities is only limited by your company’s business requirements, rather than technical limitations.  With “The Cloud” and Microsoft’s Office 365, now “the sky is the limit”, so to speak.

Tags: , , ,
Comment

Exchange Hosted Archiving Replacement Strategy

Filed Under: BPOS/Office 365, Exchange by Matt — Leave a comment
April 13, 2011

 

Archiving strategy in Office 365 is particularly important when considering journaling, because Exchange Online does not allow for journaling to an Exchange Online mailbox at this time.  This means no “dual-delivery” strategy for all sent/delivered mail to a single mailbox without an on-premise Exchange 2010 environment or a 3rd party solution.  The strategy moving forward is to establish nested Retention Tags and Retention Policies, configuring the necessary compliance structure with consideration for both the Primary Mailbox and the Personal Archive.  Discovery will be accomplished using the Legal Hold and Multi-Mailbox Search capabilities, rather than managing an clumsy journal mailbox. Office 365 will offer a 50GB personal archive during beta, a 25GB total mailbox size, including personal archive, for E1 users and allegedly an unlimited personal archive for E3 users.  E3 is also required for Legal Hold and Multi-Mailbox Search capabilities.

Tags: , , , ,
Comment

Exchange Online UM Supported Certificates

Filed Under: BPOS/Office 365, UM by Matt — Leave a comment
March 22, 2011

Digital certificates are required to allow for encryption in the communications between an environment’s on-site telephony infrastructure and Exchange Online’s UM component (establishing MTLS). Self-signed certificates are not supported for Office 365.  In fact, at this time the only root Certificate Authority (CA) that is loaded on the Office 365 session border controllers (SBC) is issued by GTE CyberTrust Global Root. Therefore, the certificate that you load on any SBC that will communicate with Exchange Online UM must also be issued by this CA. Such certificates can be obtained from Verizon Security Services.  Microsoft plans to expand the list of supported CAs in the future, but any plans for Exchange Online UM should include this specific CA for certificate planning at this time.

Tags: , , ,
Comment