and creation of an Office 365 tenant (part 1)
and creation of an Office 365 tenant (part 1)
Cloud-based solutions for email are becoming more and more prevalent. Exchange Online (part of Office 365) is MIcrosoft's product - or service - in this market. In most cases, especially for medium and large sized businesses, there is already a "onsite" or "on-premises" messaging solution in place: possibly Exchange 2003, more likely Exchange 2007 or 2010. The challenge is to migrate the messaging system to the "Cloud", or more prescisely, in this case, to Exchange Online.
Of course, my assumption is that the existing messaging solution is a Microsoft product (some version of Exchange). Migrating from a non-Microsoft product would be well beyond the scope of this article and probably beyond the native Microsoft migration tools.
There are three primary migration options, ranging from an almost immediate transfer of email operations to Exchange Online to a coexistence scenario where the onsite and online versions of Exchange could interact for months or even years:
The terms are not quite self-explanatory but one might be able to guess what each one means. "Cutover" represents the most rapid transition, something that might be performed over the weekend. "Staged" refers to a migration in stages, or steps, or phases. The migration does not happen in a day or two, it may even take weeks (or months) to accomplish but the objective is to move all operations to Exchange Online. In the "Hybrid" scenario, some mailboxes may remain on premises for a long period of time.
The version of Exchange onsite may limit migration choices. In particular, the staged migration is only an option with Exchange 2003 or 2007. With Exchange 2010, only the cutover and hybrid options are possible.
In the majority of migration scenarios, at least some resources will remain onsite and Active Directory Domain Services in particular. This requires some sort of directory synchronization so user, contact and group accounts are available for use with Exchange Online in the Cloud.
Once again, we have three options:
- Cloud-based credentials only. I'll mention this option only as a basis for comparison, since no synchronization takes place. User credentials only exist in the Cloud, in Office 365. This would only be suitable for (probably very small) organizations that have no requirement to authenticate users onsite. Users would logon to their devices with local (not domain) credentials, or might not logon at all, and then access Exchange Online afterwards.
- DirSync. this tool synchronizes onsite account information, and more recently password hashes, to Office 365 so they can be used to authenticate users accessing Exchange Online. DirSync provides "Same-Sign-On" as opposed to "Single-Sign-On" functionality. We can use the same password to access onsite and online resources but we may have to logon more than once when accessing email. For example, I would logon to my laptop to access the desktop and when I open Outlook by clicking on my shortcut, I would have to enter the password again.
- Active Directory Federation Services (ADFS). This option provides "Single-Sign-On" functionality. When a user with an online mailbox attempts to open Outlook, ADFS allows Exchange Online to query onsite Active Directory just as Exchange would do if it were located onsite.
In the following lines, and subsequent posts, I will perform a staged migration from Exchange 2007 SP3 to Exchange Online (Office 365). As for directory synchronization, I will opt for the DirSync solution.
Users may have to logon more than once to read their email in Outlook but DirSync only requires one server, possibly an existing server. Even if the server in question fails, users can still access their email as long as their credentials have already been synchronized to Exchange Online. Of course, DirSync would have to be placed back in service so new user credentials, and changes to existing user credentials, could be synchronized as needed.
Note: the ADFS option requires high-availability and potentially as many as four additional servers and possibily a load balancer. Yes, one could conceivably run ADFS as another role on some existing domain controllers and even do without the proxy servers, not to mention the load balancer, but this would violate best practices in several respects, and probably place the organization at risk of a loss of service. In any case, I will not address this option in this article.
CREATION OF AN OFFICE 365 TENANT
The first step is to purchase an Office 365 business plan.
Of course, if you are acting as a simple individual, or on behalf of an educational or government organization, there are other plans.
Otherwise, the relationship between the customer and Microsoft is comparable to that between a renter and the building owner. Microsoft owns Office 365 and the customer rents space from Microsoft to run their business.
So the customer must become a "tenant" of Microsoft, of Office 365, to obtain the use of this space and associated services.
Note: these links were accurate at the time of this writing. They could change - just like the Office 365 interface.
1. Go to the Office 365 homepage.
Your region will probably be detected and the URL automatically adjusted.
2. Click on "Products", then "Compare Options".
3. Select the "Enterprise" tab, then "Hosted email" (Exchange Online Plan 1).
Note: this is the option that I've selected for this article. I could have opted for the trial version of another plan (the hosted email plan does not have a trial option) but it expires in 30 days and I intended to practice various scenarios for a longer period of time. Of course, if your organization requires more services than hosted email, you would want to examine the other plans.
4. Setup your account.
Enter the required information.
5. Customize your order.
I'll migrate two mailboxes for this exercise so I'll purchase two user licenses.
6. Review the order.
Note: personal information is summarized to the right - I've cropped the screenshot to remove this.
7. Read and accept the legal agreement.
Note: once again, my screenshot does not show all details, my credit card number for example.
There will be a confirmation page indicating that you will receive an email.
ACCESS OFFICE 365
Once the procedure outlined above is complete, we can access Office 365 (of which Exchange Online is a part) at the following address:
The URL will automatically be adjusted to the more secure HTTPS connection:
You logon using the same credentials selected when you configured your account just before purchase.
This completes the first phase of migrating to Exchange Online: creating a tenant.