User Setup and Deployment in Office 365
Office 365 is a great cloud service that everyone is talking about. If you work in IT, you have probably thought about trying it, but you are not that familiar with how user provisioning and management is handled and the different deployment methods.
In order to start using Office 365, you need to setup Office 365 user accounts for all of your users. This might seem like a monumental task, but fortunately Microsoft has a few methods to make this easy.
How you create or import your user accounts depends on how you are deploying Office 365. There are three different deployment methods:
- New Cloud Deployment – Starting from scratch (no existing user management solution)
- Migration – Migrating from a current solution (Active Directory, Lotus, Novell, etc.)
- Hybrid – Integrating with an on premise Active Directory (AD) & Exchange environment (Domain functional level of Windows Server 2008 and Exchange 2007 or later)
New Cloud Deployment
This is by far the easiest deployment method for Office 365. In this scenario, all of your users will get new cloud identities and email addresses. You can manually add each user through the Office 365 admin console or you can bulk add users using a CSV file.
Each user will be assigned a new email address using the firstname.lastname@example.org format. However, Microsoft makes it easy to register a domain name in Office 365 and apply it to all of your users’ email addresses.
All user management and provisioning is done through the Office 365 admin console or Windows PowerShell for Office 365, and there is no synchronization of information between Office 365 and any on premise systems.
Since this is the cheapest and quickest deployment method, it is a great solution for startups or small companies with no internal IT infrastructure and no current identity management solution.
Most companies will fall into this category. In this scenario, you have an on premise Exchange and Active Directory environment. You will import all of your users’ information from AD to Office 365 using the Directory Synchronization tool AKA dirsync, license them for Office 365 access, and then migrate all of their mailboxes up to Office 365 using one of three possible migration methods.
The three different migration methods are IMAP, Cutover, and Staged. The migration method that you choose will depend upon your current Exchange version, the amount of users you have, the size of their mailboxes, and the amount of time you have to move the mailboxes.
With this deployment method, you also have two options for managing passwords. You can use directory synchronization to sync your passwords from your on premise AD environment, or you can setup single sign-on using AD FS (Active Directory Federation Services) so all of the authentication requests are handled by your own domain controllers.
Hybrid – Integrating with an On Premise AD & Exchange Environment
The third type of deployment is called a hybrid deployment. Hybrid, in this case, means that you have some users who are licensed for Office 365 and their mail is handled by Exchange Online and others who are still using on premise Exchange servers. This is accomplished using the dirsync tool and by building out and running an AD FS infrastructure to federate your domain to Office 365.
This solution is the most complicated one to setup, but it provides more security and more flexibility for larger organizations with lots of users. It also gives you centralized management of both on premise and cloud Exchange functions.
I will cover each one of these deployment methods in more detail in my next few blog posts.
For information on getting started and figuring out which type of deployment method is right for your organization, try out the following deployment tools provided by Microsoft: