Exchange Online Hybrid Update

Introduction

I recently wrote two blogs recently on SharePoint Online and Lync Online Hybrid. I figured I complete this out and write some notes on Exchange Online hybrid with Exchange 2013.

The reason why I started off with SharePoint and Lync Hybrid was because there were some major advances with the new 2013 platform being released. Exchange Hybrid has already been a fairly robust solution even before the 2013 release. There are still improvements to be talked about and some good resources you should have.

In this blog I will capture some of the new changes to Exchange Hybrid good resources you should be aware of for planning.

Resource

The best resource to reach is the Exchange Server 2013 Hybrid Deployments Whitepaper - http://technet.microsoft.com/en-us/library/jj200581.aspx. This covers all the details for setting up hybrid.

What is Exchange Hybrid?

Exchange Hybrid allows organizations to host Exchange servers on-premise that are connected to Exchange Online in Office 365. Organizations have the ability to share the same domain space across they hybrid environment and route inbound/outbound email securely between both environments. With Exchange hybrid there is a unified GAL, free/busy is shared, unified messaging, mailboxes can be moved between environments, centralized mailbox management across environments, messaging tracking, mailbox search across environments, etc.

Why Hybrid?

In most cases, the goal of going to the cloud is to remove all on-premise mail servers. In many cases, organizations are able to achieve that. However there can be scenarios that organizations may encounter that may require keeping some mail servers running in hybrid. Two most common are running an extended migration where customers want to slowly move to the cloud or the customer may have a server side add-in that needs to be maintained for a period of time which cannot run in Exchange Online. I have seen scenarios where there are scenarios where there are policies that customers must support which does not allow them to have certain mailboxes reside in the cloud, while everyone else can.

Whatever the scenario is, Office 365 and Exchange Online support this allowing customers some real flexibility when moving to the cloud.

Solution Architecture

This solution architecture has been around for a while. To recap at a high level:

• DirSync – This needed to support the unified GAL across both environments. The organization’s AD will be synchronized to the cloud.
• ADFS – Used to authenticate users in the cloud using their on-premise credentials and domain. Single Sign On is not required, but highly recommended when implementing Exchange Hybrid.
• Microsoft Federation Gateway – Is the trust broker between the two environments.
• CAS / Edge Server Connection – On-premise an Exchange CAS or Edge Transport server can be connected to the cloud instance. Here is more information about the server the transport server you would configure to run with the cloud - http://technet.microsoft.com/en-us/library/hh134662.aspx.
• Mailbox / CAS Server - There are pre-requisites you must consider when setting up this hybrid. One important one is ensuring both the CAS and Mailbox servers that are running in hybrid are running at the right level. For instance is possible to have an Exchange 2007 or later org on-premise but will require the correct level Mailbox/CAS server also be added to the farm on-premise. Please review the prerequisites for details - http://technet.microsoft.com/en-us/library/hh534377.aspx.

What’s New?

Now let’s get to what is new. Actually it is listed here in detail - http://technet.microsoft.com/en-us/library/jj200790(v=exchg.150).aspx – but I will summarize.

• Right out of the gate, we are no longer referring to Exchange hybrid as “rich co-existence”, we are just referring it to Exchange Hybrid J
• Hybrid configuration tools have been consolidated and streamlined to make the configuration simple.
• As you know FOPE has been replaced Exchange Online Protection (EOP). EOP has new features that allow for easier connection configuration between on-premise and the cloud. EOP is the endpoint that is connected to and you no longer have to configure a static IP address. We now have forced TLS configured between the two end points.
• New support options for routing inbound and outbound email based on the location of the MX record.
• Etc.

Planning

This entire whitepaper is filled with very important articles. However when doing your planning, especially on how you want do your mail routing, the following articles two articles are a must read: http://technet.microsoft.com/en-us/library/jj659055(v=exchg.150).aspx and http://technet.microsoft.com/en-us/library/jj659050(v=exchg.150).aspx. The big decision you have is where you want to have your MX record reside. You can have it remain on-premise or have it point to EOP. Both have considerations where are discussed in these articles.

Deployment

As I mentioned, there is a ton of information located off here - http://technet.microsoft.com/en-us/library/jj200581(v=exchg.150).aspx. There is information about prerequisites, considerations, routing, server topologies, deployment steps, and management considerations.

Controlling File Types in Office 365

I was recently asked, how do you control file types end users can work with in Office 365? I pulled this together which captures how file types are restricted in various solutions in Office 365.
SharePoint Online
For SharePoint Online, this is pretty simple – here is the list of supported file types that can be stored in SharePoint Online - http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/types-of-files-that-cannot-be-added-to-a-list-or-library-HA101907868.aspx?CTT=5&origin=HA102694293
This list is not customizable. Note that SharePoint Online does have virus protection built in to check files when they are uploaded.
Lync Online
For Lync Online, if you allow users to transfer files, the following file types are supported - http://support.microsoft.com/kb/2799505.
This list is not customizable. The Intelligent Instant Message Filter (IIMF) solution built into Lync Online checks for viruses.
Exchange Online
For Exchange Online, this discussion is a little bit more to think about.

• Exchange Online Protection (EOP) – Malware in EOP will always check for viruses on all attachments.
• Exchange Online Protection (EOP) Transport Rule Predicates – These can be created to check for file extensions - http://technet.microsoft.com/en-us/library/jj919235(v=exchg.150).aspx.

Then there are the user interfaces that connect to Exchange Online.

• Outlook – The following is an article about blocked file types for out - http://office.microsoft.com/en-us/outlook-help/blocked-attachments-in-outlook-HA102749484.aspx. Your organization can create policies to control this.
• OWA – There is an OWA Mailbox Policy that you can manage through PowerShell. Here is a reference - http://technet.microsoft.com/en-us/library/dd335142(v=exchg.150).aspx. That policy can control files that are allowed or not.
• ActiveSync – There is policy in Exchange Online ActiveSync to block attachments (http://technet.microsoft.com/en-us/library/jj945882(v=exchg.150).aspx), but not by type. EOP Transport Rules (referenced above) would then be utilized control file types.

With all of this, an organization can create rules on how they want to support the emailing of files in Exchange Online.

Email and Process Automation with Office 365

New Site Mailboxes

I have been asked many times about email enabled document libraries in SharePoint Online. With the new SharePoint Online (SharePoint 2013 in the cloud) there are new Site Mailboxes.

Site mailboxes are a rather interesting solutions as it brings together the ability to both documents and emails into the same user interface, while continuing to leverage both Exchange and SharePoint to store data.

Here are some really good articles about Site Mailboxes:

• Site Mailboxes - http://technet.microsoft.com/en-us/library/jj150499(v=exchg.150).aspx
• Site Mailboxes in the new Office - http://blogs.technet.com/b/exchange/archive/2012/08/22/site-mailboxes-in-the-new-office.aspx
• Prepare for using site mailboxes in Office 365 - http://office.microsoft.com/en-us/office365-suite-help/prepare-for-using-site-mailboxes-in-office-365-HA103834109.aspx - good article that explains all the features that an end user will have.

You can read about many features but the big one is emailing items to the site mailbox.

Initiating a Process Based on Email Arrival

The next question I have come up against is now that we can email items to a site mailbox, can we do any automation when an item arrives (i.e. some code needs to be executed or a process initiated)? That is the part that must be thought through.

As you see in the picture below and read the referenced articles I provided, you will see that some data is stored in Exchange and some is stored in SharePoint. Emailing to a Site Mailbox will store the item in Exchange while dragging / dropping a file through Outlook to a Site Mailbox will store the document in SharePoint. Knowing that, you would have to have code implemented in two places.

What are the options?

For SharePoint Online it is simple enough to create an event receiver or configure the document library to initiate workflow when an item arrives.

For Exchange Online, it is possible to use Exchange Web Services (EWS) is it possible to write code that will listen for arrivals of emails and then execute code to do “something”. Please read following on setting up a streaming subscription to a Exchange mailbox using Exchange Web Services (EWS) Managed API - http://code.msdn.microsoft.com/Exchange-2013-Set-push-82738cc5.

Areas to Get Started

In Office 365, if you really need to build a solution that will initiate automated business processes based on an arrival of an email, it would be better to start with EWS. Create a mailbox that emails would be sent to. When email arrives your code will be connected to Exchange through EWS which can connect with line of business systems across the enterprise, integrate to SharePoint Online through remote APIs/Web Services, etc.

If you just need to support business processes when email arrives but does not be highly automated you have lots of options:

• Site Mailboxes – Which we have already discussed. This is a great solutions to enable group collaboration around shared email and document data. This works great for projects.
• Shared Mailboxes – This is a great solution where an email address can be created and then allow multiple to monitor and then respond from that email address.
• Distribution Groups – Email is sent and stored in each person’s individual mailbox.
• Public Folders – Yes they are now support on Exchange Online. They have typically been used to storage email and allow people to centrally access it. Public folders are not a recommended solution for storing large files nor is it a document management system.

SkyDrive Pro Sync and SharePoint 2010 Workspace

Introduction
Here is an important distinction I have had to discuss with customers lately about SharePoint 2013 in Office 365 and SkyDrive Pro.

One of the new features of SharePoint Online is SkyDrive Pro. One solution feature of this is the new Sync capability. This Sync capability is actually available in all document libraries.

However this new SkyDrive Pro Windows Sync capability is different than the previous SharePoint Workspace 2010 solution. Additionally the new SkyDrive Pro Windows Sync capability only works when Office 2013 is installed.

SkyDrive Pro Windows Sync Client
Let’s discuss a little more.

Specifically there is this new Sync button up in the top right hand corner in SharePoint Online or SharePoint 2013 on-premise.



This will provide users to work with files locally out of their file explorer like below.



The SkyDrive Pro Windows Sync client which facilitates this is installed with Office 2013.

Why is this important? If a customer has Office 2010 installed on their client, they will not be able to use the new SkyDrive Pro Windows Sync client. However this does not preclude the end user from working with content offline. The end user will have to use SharePoint 2010 Workspace client will does work with the new SharePoint Online and SharePoint 2013 on-premise.

SharePoint 2010 Workspace
It is really important to note that SkyDrive Pro Windows Sync client does not replace, or is not an updated version of, SharePoint Workspace 2010. Both of these solutions are different but they provide a similar end result, allowing a user to work with documents when they are offline.

Additionally you still also have the ability to connect Outlook to SharePoint Online to work with documents offline too.

References

• What is SkyDrive Pro - http://office.microsoft.com/en-us/sharepoint-server-help/what-is-skydrive-pro-HA102822076.aspx
• Sync a library to your computer - http://office.microsoft.com/en-us/support/sync-a-library-to-your-computer-HA102832401.aspx?CTT=5&origin=HA102822076
• Overview of SkyDrive Pro in SharePoint Server 2013 - http://technet.microsoft.com/en-us/library/dn167720.aspx

New Office 365 Dedicated Service Descriptions

The new Dedicated Service Descriptions have been updated here - http://technet.microsoft.com/en-us/library/jj879309.aspx. These Service Descriptions for Dedicated have been updated with features and capabilities of 2013. They are no longer independent Word documents; they are being managed out of TechNet just like the multi-tenant service descriptions.

Additionally the “Microsoft Office 365 ITAR-Support Service and Network Descriptions” have been updated are located here - http://www.microsoft.com/en-us/download/details.aspx?id=23910.

I will provide some details soon about some of the important updates you should know about with Dedicated….

SharePoint Online External Users Update

Introduction

Several months ago I wrote a blog on SharePoint Online Partner Access (http://www.astaticstate.com/2012/06/sharepoint-online-partner-access.html). It was the first release and it worked pretty well. With the new SharePoint Online there have been a few improvements and changes that are worth noting.

If you are not familiar with SharePoint Online, there is a solution for Partner support. You can read about it my old blog. The ability to use SharePoint for external is nothing new and has been done many organizations with SharePoint on-premise. For SharePoint 2013 on-premise additional information is here (http://technet.microsoft.com/en-us/library/cc263199.aspx). End of day the organization must deploy SharePoint in your DMZ, secure and then manage user access. External users are typically stored in LDAP directories, Forms Based Authentication could be used, sometimes a custom authentication provider maybe written or even users are managed in AD. This is a great solution but the implementation and management can be costly to an organization.

SharePoint Online is a great solution to reduce those costs. SharePoint is securely managed and highly available in Office 365. No more management of infrastructure in your DMZ.

Another great thing about using SharePoint Online in general with external partners it the corporate control you can. This is important because I have seen situations far too many times where organizations quickly jump to use free document sharing solutions. These solutions present real challenges to enterprise organizations because they typically do not provide enterprise solutions for eDiscovery, legal hold, put on retention, etc. Nor can they be managed by your corporate Active Directory and policies that you need to manage centrally. With SharePoint Online, you can do this.

New Features and Improvements

As I mentioned at the top of this article there are some improvements to the Partner Solution that is now available with the new SharePoint Online.

• Change in the Steps – The steps for adding partner support to a site collection has been streamlined. By default it not enabled and an SharePoint Online tenant administrator will have to enable this. It can be done on as many site collections that you want to enable it on. All you need to do is give the Site Collection the ability to allow “Partner Support”. Once the Site Collection has been given partner support, then you will need to activate the external user invitations feature. Follow the new instructions here - http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/share-a-site-with-external-users-HA102476183.aspx.
• Sharing a Site – Sharing a site has been streamlined. When you share it with external users you enter in their email address and you now have the ability to select which SharePoint group you want those external users to be associated to. This is really convenient if you are managing all your external users in specified SharePoint User Groups. Here is some more information - http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/share-sites-or-documents-with-people-outside-your-organization-HA102894713.aspx?CTT=5&origin=HA102476183#_Toc335658100.
• Revoking an Invite - External users have 7 days to accept an invitation. There is a new capability to revoke an invite - http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/share-sites-or-documents-with-people-outside-your-organization-HA102894713.aspx?CTT=5&origin=HA102476183#_Toc335658104.
• Managing Users Access – You have the ability at any time to remove an external user by removing them from the SharePoint permissions just like an internal user.
• Sharing a Document – There is some new capabilities as well to support just sharing an external document. You have the ability to require the external user to sign-in or be able to view a document anonymously. You also have the ability to remove the external sharing of the document at any time (i.e. you keep the document where it is but no on externally should have access to the document anymore). For more information read here - http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/share-sites-or-documents-with-people-outside-your-organization-HA102894713.aspx?CTT=5&origin=HA102476183#_Toc335658101.
• External Usernames Appearance – External users now appear in the People Picker just like internal users. You will know that a person is an external user by the email address that is shown alongside of the external user’s full name. If the email address is external to your organization, you know it is an external user.
• SharePoint Online PowerShell – There is new SharePoint Online PowerShell that will allow you to manage external users in an automated fashion. This is a big deal because you can actually run a report of all external users who have access to anything in SharePoint and then create processes to remove people - http://technet.microsoft.com/en-us/library/fp161364.aspx.
• Number of External Users – Depending on the plan you have, you have permission to allow X amount of users during a period of time. If you are considering purchasing Enterprises / Education / Government you can add up to 10,000 unique external partner users per month.
• External Users Capabilities – Generally External Users can do many of the same things internal users can do. They can use Office Web Apps, collaborate, take part in workflow, search, etc. using the permissions that was given to them just like any other SharePoint Users. General features they do not have access to are: they do not have MySites (but can use SkyDrive Pro features in team site document libraries), they do not get access to companywide feeds, they do not give the organization additional pooled storage, they cannot be assigned as an administrator, etc. For more information please review this - http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/what-is-an-external-user-HA104036809.aspx?CTT=5&origin=HA102694293. For detailed information, there is a column called External User here that details each and every feature of SharePoint Online an External User will have access to http://technet.microsoft.com/en-us/library/jj819267.aspx.

Additionally this is a really good article for you to read - http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/manage-external-sharing-for-your-sharepoint-online-environment-HA102849864.aspx?CTT=5&origin=HA102476183. Discusses many questions you should ask yourself on how you plan to share data externally and what controls you would like to put in place.

Office ProPlus Telemetry

Introduction

I have been expanding my wings a little and working more with customers around Office. For me, the fusion between Office, SharePoint, Lync and Exchange has never been so strong. Users can transition between all of these applications doing everything from the simple personal project to communicating and sharing information on a large scale.

Office itself has a ton of new features with the release of Office 2013 that are truly exciting. A few of those are side-by-side installation support, click-to-run, Office on Demand, support for 5 installs per machine and more.

The one I want to focus on today though is a new feature called Office Telemetry. This is a feature is available with Office 365 purchase of Office ProPlus - http://technet.microsoft.com/en-us/library/0d12e253-69b3-4992-9fb2-b44c52dc5044#bkmk_OfficeTelemetry.

Now you may ask what is Office Telemetry; sounds really cool but “what is it”? That is what I said and I dug little bit into it and I was pleasantly surprised. This is a new capability that helps organizations monitor usage of Office 2013, 2010, 2007, and 2003. This tool will help organizations really understand how Office documents and solutions are being used across the organization. Utilizing information collected by this tool, organizations can really look at Office strategy and determine the best path forward.

The Challenge

One of the biggest challenges organizations have when considering a move to the next release of Office is understanding how it currently deployed and even more importantly how is it used. In many cases I have seen enterprises sitting on Office a few versions behind and not leveraging the latest software. The Office Telemetry solution was created specifically to help customers get a handle of Office utilization.

Microsoft has provided several tools in the past to support such activities. They worked very well and provide an immense amount of information. So much so that organizations had to spend a significant amount of time analyzing the data. Every organization wants to ensure that there is little disruption to the workforce when there is a change to Office. Office is a predominate tool that enterprise business workers use on a daily basis; disrupt them and you disrupt the business. Organizations considering a move forward with Office need to know about all the document types, how are they being used, what sort of add-ins need to be supported, etc. Without this information organizations slip into a situation where they get far behind on Office deployment and cannot recognize the value.

Office Telemetry

Microsoft looked at this challenge that organizations have been faced with and wanted to add a solution to the new Office that would really help organizations strategize where they are with Office now and in the future. The Office Telemetry solution is really just a piece of this objective to help organizations realize the power of Office quickly. Things such as:

• Side-by-side installation – Ability to run more than one copy of Office at a time.
• Click-to-run – Ability to quickly download and install off on a machine in a few minutes versus having to do a heavy install.
• Support for 5 installs per machine – A change of licensing with Office ProPlus in Office 365 allowing a user to install Office on multiple machines given the proliferation of devices.
• Office on Demand – Ability to just run Office on demand, on the spot without utilizing a user install. It will quickly install Office using the Click-to-run and then uninstall Office just as quickly when the user is done.

All of these solutions provides true flexibility in how organizations can leverage Office. It recognizes that users are need the ability to job around on multiple machines and stay productive.

One of the first things an IT organization will need to do is work with the “business” to determine how Office is used today. This tool could be run before talking with them or used while talking with them. Either way information gathered by this tool will help facilitate discussions on how is Office utilized. It is recommended to run the Telemetry solution against 20% of the workforce ensuring there is a distribution across all lines of business.

Once you have gathered information, you should be able to gain some really good insights into:

• You should be able to see if all lines of business have been represented in your reporting.
• You should be able to see what are the most common documents and solutions that require further investigation.
• You will be able to see trends on how documents are used. This could drive the organization centralize documents in SharePoint, utilize features such as co-authoring, identify areas you want to classify documents as taxonomy in SharePoint, etc.
• You will be able to identify Office solutions that may not have high utilization however once talking to the business you may find out they are used during very strategic business operations. You can then make plans on how to support them.
• You will be able to see characteristics what types of documents are used the most and from where.
• You will be able to see what Office add-ins are used.

With this information, an IT organization can really work with “the business” and determine the most important Office solutions that need to be focused on as part of the move forward. Now you will be in a position to test Office 2013 with solutions that are important to the business and then strategize a plan forward utilizing many of the new Office deployment features I mentioned above.

Dashboard

The Office Telemetry Dashboard is a new solution that you will use to help you do this analysis. Below is a screenshot of this tool. As you can see the Dashboard is using the Business Intelligence features of Excel. It is connected to a SQL Server database that has collected all this Office utilization data.

In the detailed views of the Telemetry Dashboard lots of things can be discovered. For instance:

• You can see the number of users who use the solution with the ability to click any number to see who uses the solution.
• You can see rate at which Office may have critical issues. As well you have the ability to see the actual number of critical errors and view the actual users who are encountering those issues.
• You can see information about how much time it is taking for solutions to load.
• You have the ability to see which applications are being utilized and if it is an add-in associated.

The Office Telemetry solution is made up of a few components:

• Office 2013, Telemetry logging is built into the product itself so nothing needs to be installed on those machines to collect data.
• For Office 2010, 2007 and 2003 a Telemetry Agent must be installed to collect the data.
• Shared folders must be set up to collect data submitted by the Telemetry Agent.
• The Telemetry Processor must be installed on a Windows Server which gather all the data submitted by the Telemetry Agents.
• SQL Server is utilized by the Telemetry Processor to store information that is collected.
• Excel is finally used to provide the Dashboard.

I really like this diagram because it shows how this gathered and made available for review in the Dashboard.

Privacy

One question that comes up a logging is ensuring that there is privacy. This solution is gathering very detailed information. A few features have been built in to help with this.

• Obfuscation - document names, titles and paths can be protected.
• Exclude – Application and solutions types can be excluded.
• Set Threshold – Only show files that are used by more than X users.

Add In Management

One more thing is that you will hear a lot about with the new Office Telemetry solution is added features and capabilities to help understand how add-ins are used. Additionally there are features part of this solution that will help you “manage” add-ins.

For instance you have the ability to now with group policy you can always enable, always disable (block), or make configurable by the user add-ins. With data collected in the dashboard you will know which add-ins are being used across the enterprise. Additionally the dashboard has the ability to assist you by generating these group policies. Very cool.

Compatibility Mode

Another nice feature I ran across is a solution called Compatibility Mode in Office 2013. This will ensure that if a document is edited by Office 2013, it will ensure to disable features of Office so that a document can continue to work in older versions of Office. You can create group policies around this to help your transition.

Moving Forward

Moving forward the Office Telemetry solution is built into Office 2013. As your organization moves forward, know that you can continue to tap into Office Telemetry to re-evaluate where you stand and manage your Office deployment and support strategy.

Resources

• Office 2013 compatibility guide - http://technet.microsoft.com/library/ee819096(v=office.15).aspx
• Deploy Telemetry Dashboard - http://technet.microsoft.com/library/jj219431(v=office.15).aspx
• Technical Diagram - http://www.microsoft.com/en-us/download/details.aspx?id=34991