Category Archives: Exchange Server tips tutorials and expert advice

Exchange Server tips tutorials and expert advice

Cloud App Discovery spotlights shadow IT users

Do you know what end users do with a company’s data? Do they use Dropbox to share documents with clients? Discuss…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

trade secrets via Slack? Plan secret projects on Trello? The Cloud App Discovery feature in Office 365 reveals certain shadow IT practices admins need to know to secure the enterprise.

End users often enlist cloud services to perform their jobs, but the practice of introducing unsanctioned apps invites risk. It circumvents security practices, which potentially opens the company to an unexpected compliance issue or a cyberattack. Cloud App Discovery uncovers shadow IT without the need to implement agent-based software on users’ computers and mobile devices.

Here’s how to identify and monitor use of unauthorized cloud services within the organization — and what to do about it.

Find hidden app usage with Cloud App Discovery

Office 365’s E3 subscription includes Cloud App Discovery, a component of Cloud App Security. This service interprets log files from web proxy servers, firewalls and network devices, such as wireless access points and switches, to create a visual picture of the shadow IT services used in the organization.

Cloud App Security dashboard
Figure 1. The Discover tab in Office 365 Cloud App Security presents a visual summary of shadow IT services used in the organization.

The Office 365 version of Cloud App Discovery indicates services that have similar functions to Office 365 apps, especially productivity services. Therefore, the discovered apps section does not include nonproductivity applications. We’ll show how to uncover those later in this article.

Create reports of productivity apps

Cloud App Discovery uses logs taken from a network device that sits between end users and the internet. The Cloud App Discovery service supports common log file formats, such as those generated by Cisco access points, open source web proxy servers or third-party cloud services, such as Symantec Websense.

The admin then accesses the Cloud App Discovery feature from the Security & Compliance Center. Download a log file from the network device in a format that Cloud App Discovery supports, navigate to the main console and choose Discover > Create new snapshot report.

Search for and specify the log format from the list, then upload the log file. Office 365 takes up to 24 hours to process and display the results.

Log file upload
Figure 2. To create a new snapshot report, search for the log format you want to use, and upload the log file.

Navigate to Discover > Manage snapshot reports to see the uploaded file. Office 365 shows processed reports as Ready.

Manage snapshot reports
Figure 3. The snapshot reports section indicates when the admin uploaded the report and its status.

The report shows the productivity apps in use from the Office 365 platform and from other cloud services. Select an app to open an Excel spreadsheet for more details, such as how many users accessed the service, how many times users accessed it and the amount of traffic uploaded to and downloaded from the service.

Discovered apps
Figure 4. View the report to see the productivity apps that are in use and to see detailed information about each app.

Automate the log upload process

Organizations that subscribe to Enterprise Mobility and Security (EMS) E3 can extend Cloud App Discovery’s functionality in several powerful ways.

The continuous reports feature automates log uploads through a customized VM with a syslog server and an HTTPS uploader.

To configure continuous reports, use the Discover > Upload logs automatically option in Cloud App Security. The admin adds a data source, which replaces the uploaded log file. The admin then defines a log collector and links it to the data source, which generates the information to deploy the Hyper-V or VMware VM.

After the VM deploys, configure one or more network devices to send data to the log collector in the format that matches the defined data source. Figure 5 shows an example of a Cisco Meraki device set up to send URL data in syslog format to the log collector’s VM IP address.

Configure URL data
Figure 5. Configure a network device to send data to the VM IP address for the log collector.

After about 24 hours, results from logged data will appear in the Cloud App Discovery section. The admin accesses both real-time and historic information related to app usage.

Cloud App Discovery dashboard
Figure 6. The Cloud App Discovery dashboard shows current app usage statistics and provides access to historical information.

See the threat level of shadow IT services

Aside from productivity services — such as webmail, cloud storage and content sharing — Cloud App Discovery also provides visibility into other areas. The EMS-based version of the tool detects internet of things devices, cloud service use from providers such as Amazon Web Services and visits to websites.

Cloud App Discovery ranks the discovered services based on risk score from one to 10. A lower score indicates a more suspicious application. The Cloud Discovery service determines the rank through assessment of security policies, such as where the data resides, who has access, who has control and whether organizations can prevent unauthorized access.

Apps designed for enterprise use, such as Google’s G Suite, get good scores. Services that provide less organizational control, such as WhatsApp, receive poor grades.

WhatsApp is considered a risky service because no one has administrative control. For example, a financial advisor who communicates with a client over WhatsApp could breach regulations because the business cannot record the conversation for future discovery.

View the detailed report on each service, and decide whether to approve the cloud service.

Figure 7 lists the services with usage statistics and threat level:

Discovered apps tab
Figure 7. The Discovered apps tab lists the services used on the company network with details on the traffic used and the risk score.

Take action against shadow IT

Administrators should take action when armed with data from Cloud App Discovery. If workers use Trello, Slack and Box, then admins should deploy the corresponding Office 365 services — Planner, Teams and OneDrive for Business, respectively.

However, IT should still take action even if the business can’t make these Office 365 apps immediately available. In that case, let end users know that the company plans to roll out Microsoft services to replace shadow IT apps. Explain the benefits of the move, such as service integration across the Office 365 suite.

The EMS-integrated capabilities give admins a way to configure security alerts when workers use these unsanctioned apps. Part of the continuous reports feature partially controls the use of apps. For example, an admin creates a rule that identifies when a user downloads a lot of data from Office 365 and then uploads a lot of data to Dropbox. When the rule detects this activity, the admin gets an alert and notifies the security team to block that user’s access to Office 365.

Next Steps

Slack or Microsoft Teams: Which one makes more sense?

Shadow IT dangers present best opportunity to use cloud access security brokers

Regulate shadow IT to reduce risk

Office 365 admin portal updates offer new insights

the data center. But Microsoft’s updates to its Office 365 admin portal give IT visibility into the platform to assist with training and troubleshooting.

Office 365 reduces an organization’s on-premises infrastructure and applications, such as email servers and SharePoint, in favor of a hybrid or pure cloud play. With this shift, admins spend more time monitoring the status of Office 365 services to stay abreast of disruptions and outages that potentially affect users.

The service health dashboard is a critical part of the Office 365 admin portal for administrators. It provides a single place to check the status of their online services and determine if a disruption impacts the business. Recent enhancements to the portal relate to the overall health of the services, and others focus on ways for admins to encourage user adoption of the platform.

Microsoft overhauls the Office 365 service health overview

The summary view of the Office 365 service health dashboard gives admins an indication of any trouble at a glance. This area displays any recent incidents and advisories from Microsoft and also includes messages about planned maintenance to the platform. Microsoft notifies customers at least five days prior to any work that affects service performance.

If there is an ongoing issue, administrators drill into the service to get additional details. Microsoft also provides access to historical data of service problems that admins further segment with date filters.

Office 365 service disruption
Figure 1. The summary view of the Office 365 service health section indicates when a disruption occurred.

Power BI dashboards share user insights

Other updates in the Office 365 admin portal include new service usage dashboards to enable administrators and business leaders to see statistics on end-user activity in the different workloads.

Administrators must configure the free Power BI subscription and activate the Office 365 adoption content pack — found under the Reports > Usage section on the left navigation menu — to produce the dashboards.

After the setup, the Power BI service pulls in usage data to populate dashboards with valuable insights related to user activity in Exchange, Skype for Business, OneDrive, SharePoint and Yammer; user adoption by product, department and region; and assigned licenses. The dashboards are then available through PowerBI.com or from a mobile device or a tablet that runs an iOS, Android or Windows platform.

Power BI dashboards
Figure 2. PowerBI.com displays the dashboards related to Office 365 service usage.

Through Power BI, administrators gain access to advanced interactive capabilities. If the admin asks a question, the system responds with data visualizations. For example, Power BI generated the chart in Figure 3 in response to the request for “Total active users by product.”

Active users query
Figure 3. Power BI generates visual data based on queries from the administrator, such as active users for each product.

Microsoft also improved the visibility into directory synchronization services. The health of this service is critical because it relates to the connectivity and synchronization between Active Directory in the client’s environment and Office 365. A problem with this service can result in issues with user account synchronization.

Administrators monitor this area under Directory Synchronization services in the service health section.

More visibility on the horizon

Microsoft’s roadmap indicates the company plans to release more features in the Office 365 service health section to provide:

  • specific user monitoring capabilities;
  • access to user-level details;
  • automated service health notifications via SMS or email; and
  • ability to send faster incident reports.

The new usage reports gauge the level of end-user engagement with different services and products. Some system engineers still have the native Office 365 admin portal reports to track service use if they prefer it over Power BI.

Control Office 365 costs — or pay the price

Administrators who move to Office 365 need to acclimate themselves to the nuances of the SaaS-based cost structure…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

on Microsoft’s cloud platform — or ignore it at their budget’s peril.

Office 365 is an attractive option for a business with an older Exchange Server platform winding down on its lifecycle. Microsoft offers several different subscriptions that charge a flat rate, but some a la carte services cost extra. With that in mind, admins must also monitor these additional Office 365 costs to ensure they don’t spiral out of control.

Admins can’t predict the overall total cost of ownership over several years without first evaluating several areas. For one, Office 365 offers more services bundled together under different plans. Microsoft considers some of these add-ons that require additional purchases, which adds complexity to Office 365 licensing.

IT decision-makers must evaluate what they need from Office 365, and that includes a careful cost analysis and upfront sizing — this consists of provisioning of cloud services, migration work and third-party services for Office 365 backups. For most IT projects, the business only approves a technology purchase or investment when tangible returns justify the project’s costs. As a result, admins should review all aspects of Office 365 costs, including the areas listed below.

Define the right licenses for the right users

Not every user needs the more advanced services, such as the analytics product Power BI Pro. Put users in categories, then determine the appropriate license for each group.

Identify the Office 365 licenses that each user needs based on their roles and requirements. Map out which plans go to what users to lock in Office 365 costs. Not every user needs the more advanced services, such as the analytics product Power BI Pro. Put users in categories, then determine the appropriate license for each group.

The Office 365 Enterprise E3 plan costs $20 per user per month and includes services such as the on-premises Office suite, Skype calling and Sway presentation app — which is overkill for some workers. Some users don’t need the on-premises Office applications; for those employees, Microsoft offers an Enterprise E1 plan that costs $8 per user per month.

Perform frequent audits

When a business moves to Office 365, the IT team needs to learn how to manage and monitor the platform’s services. Admins should use Office 365’s reports to conduct a quarterly or even monthly review of licensing use.

The Office 365 adoption content pack in Power BI builds customized dashboards that provide insights into application activations and how departments and locations use Office 365. Admins should use this data to find underutilized services to discern if employees can work without some services to reduce costs.

Monitor services with variable costs

[embedded content]

How the adoption content pack helps
admins track service adoption.

Every Office 365 subscription goes for a flat rate, but additional workloads bring extra charges. Advanced features — such as Advanced Threat Protection, Advanced Security Management, Cloud PBX and Power BI — often make Office 365 costs add up.

For example, the public switched telephone network feature in Office 365 Enterprise E5 often brings extra expenses. Workers get a set number of minutes for domestic and international calls, but when users exceed that limit, Microsoft adds additional charges to the monthly bill. Admins must monitor consumption to ensure these variable Office 365 costs don’t get out of hand.

Take advantage of licensing tools

The Office 365 license manager in the admin portal lets administrators assign licenses and see the current consumption of licenses, which makes the assignment process less confusing. Admins well-versed in PowerShell also have the option to allocate licenses via that management tool. Microsoft additionally provides a group option based on the categories created by the IT department.

Next Steps

Prepare well before an Office 365 move

Find tips on the Office 365 migration process

Different rules for Office 365 VDI deployment

Migrate to Exchange 2016 and beat the rush

The clock is ticking if you still run Exchange 2010. Extended support for that messaging platform expires in January…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

2020. It makes sense to move to Exchange 2016 now, whether you plan to put your email system in the cloud in the future or not.

A company that waits until the end of support for Exchange 2010 limits its choices and invites the administrative headaches of a rushed migration. Explore your options, and discover the perks of a messaging platform designed in the cloud era. Exchange 2010 shops should plan to migrate to Exchange 2016 sooner rather than later.

Don’t panic, but get ahead now

Exchange 2010 launched in 2009, and the requirements for a messaging platform today are different. Businesses should go through an extensive planning checklist before they migrate to Exchange 2016. They must determine if they require new hardware, if virtual infrastructure replacements will work with Exchange 2016 and how to handle third-party archiving tools, such as Enterprise Vault. Suddenly, that end-of-support date isn’t as far away as it seems.

Additionally, Exchange 2016 leaves mainstream support in 2020 and enters extended support until 2025. If you migrate to Exchange 2016 now, you benefit from a fully supported product in its prime rather than jumping from one elderly edition to another.

Say an Exchange 2010 business wants to get to Office 365 eventually. It will be easier to get there if it migrates to Exchange 2016 first.

Expect a more complex migration if you wait until 2020 and want the most advanced on-premises version of Exchange. Based on Microsoft’s history, the company could launch a new version of Exchange in 2020. Do not presume Microsoft will allow users to migrate directly to that platform from Exchange 2010. If the past is any indication, companies will need to hop to Exchange 2013 or 2016 first.

Avoid combination of Office update and mailbox migration

Say an Exchange 2010 business wants to get to Office 365 eventually. It will be easier to get there if it migrates to Exchange 2016 first. The on-premises server ensures a simple, supportable migration path to Office 365. That’s because new versions of Microsoft Office likely won’t support Exchange 2010. For a direct move from Exchange 2010 to Office 365, Microsoft could require the administrator to deploy a new version of Office. Don’t get stuck with the pain of an Office version switch as you simultaneously push mailboxes to the cloud.

Acknowledge that Exchange Online isn’t for everyone

However, it doesn’t make sense for every shop to go to Exchange Online, now or in the future. Small businesses don’t always have fast and reliable internet connectivity. Midsize companies host Exchange on existing infrastructure because it’s a low-cost option. Enterprises often move a few mailboxes to Exchange Online but need to maintain an on-premises presence to meet legal or contractual requirements.

Get the latest innovations in Outlook

Outlook has come a long way on its web, desktop and mobile versions since Microsoft launched Exchange 2010. Outlook on the web comes with modern functionality, such as rich text formatting and improved cross-browser support. Exchange 2016 aligns closely with the features in Exchange Online and Outlook.com.

Some other benefits to an Outlook upgrade include easier image placement and link previews in email messages. Integration with Office Online Server enables rich document viewing and inline document editing in email replies.

[embedded content]

Exchange on premises or Exchange Online?

Outlook borrows inbox management features from Office 365, such as the sweep function to delete unwanted email. Outlook add-ins integrate with cloud services and third-party apps from both Outlook on the web and Office 2013 or higher.

Gain from a simplified deployment model

Exchange 2010 enabled admins to split server roles, which complicated the deployment process. Exchange 2016 changed that model with the Mailbox role, which bundles all the services to run client access, transport, unified messaging and the traditional mailbox role.

Microsoft also publishes its Exchange Preferred Architecture (PA), which simplifies highly available deployments. With this arrangement, there’s no need for intelligent load balancers to handle traffic for Exchange Server; a round-robin domain name system manages client access. This model benefits multisite deployments with easy failover between sites. Administrators who manage a multisite database availability group deployment with Exchange Server know that failover and failback URLs are a pain. Exchange Server 2016 removes this difficulty and enables URL sharing across data centers.

Reduce hardware and backup requirements

Exchange 2010 uses significant space for backup storage and RAID disks. An Exchange 2010 highly available deployment typically has at least two database copies — and usually three or more for a multi-data center deployment. These databases often run on RAID 10 on expensive virtual infrastructure. With this setup, Exchange 2010 requires six to eight times the amount of raw storage required for just the databases.

A PA deployment of Exchange Server 2016 does not use traditional backup software or RAID technology to protect data. This Exchange version works directly with the underlying disks, with spare disks defined within Exchange instead of the RAID array. It uses the automatic reseed feature to restore failed databases with online disks. This enables admins to use a redundant array of inexpensive servers with Exchange 2016 instead of a virtualized configuration that is not tuned or optimized to work with the platform.

Take advantage of cloud-tested compliance, DLP functionality

Organizations that use traditional journaling and archiving software usually migrate that functionality to Exchange Online when they move to the cloud.

Journaling includes in-place hold — introduced in Exchange Online and Exchange 2013 and refined over time — which keeps an immutable copy of the original email message even if the user deletes it. This is similar to litigation hold in Exchange 2010 but with several improvements, such as retention of blind carbon copy information, ability to set a time length on a hold and the enhanced discovery capability.

Exchange 2016’s data loss prevention (DLP) technology detects sensitive data, such as Social Security numbers or credit card numbers. DLP prevents that sensitive information from entering the email system and stops users from sharing it outside the organization. Many organizations already use DLP to meet requirements such as the General Data Prevention Regulation.

Plug into the cloud to use its tool set

If you adopt Office 365 but can’t move all — or any — mailboxes to the cloud, migrate to Exchange 2016 to benefit from its cloud-integrated features with a hybrid setup.

For example, the modern attachments feature shares files from OneDrive for Business, Microsoft’s cloud storage service. It appears as a normal attachment, but instead of the user’s mailbox, it is stored and shared from OneDrive.

Administrators in a hybrid setup will appreciate the simplified management, while users will benefit from Office 365 features.

Next Steps

Know your Exchange 2016 hardware requirements

Check that Exchange 2016 deployment

How Log Parser Studio helps troubleshoot Exchange

Create an Office 365 backup policy before it’s too late

Some Office 365 adopters assume a move to Microsoft’s cloud comes with automatic data protection. But administrators…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

must prepare backups or find out the hard way when messages and other important material are lost — with no chance of recovery.

Microsoft protects files against breaches, hardware failures and data center disasters. But don’t expect the company to cover everything, at least not by default. To date, Microsoft has no backup offering for Office 365. Admins can apply an In-Place Hold to retain and recover mailboxes, but Microsoft only includes retention and preservation policies in its enterprise plans. Organizations that don’t subscribe to the enterprise plans still rely on the SharePoint and OneDrive services, however, and can’t afford to lose those documents. Administrators must develop an Office 365 backup policy to ensure corporate data is safe.

How assumptions cause problems

A North Carolina manufacturing plant recently discovered how an absent Office 365 backup policy will disrupt the business.

Eight months after the company moved to Office 365, an accounting manager asked IT to retrieve the mailbox of a former employee to review the messages with a particular client. The manager saw major gaps in dates between email messages and noticed the log of sent items went back just a few months. The manager contacted the IT admin, who did not know how to recover the missing messages. After talking to Microsoft support, the admin learned Exchange Online purges deleted email messages older than 44 days unless there is an In-Place Hold on the mailbox.

IT must understand what Microsoft provides — and just as importantly, what it doesn’t provide — for backup.

IT must understand what Microsoft provides — and just as importantly, what it doesn’t provide — for backup. Administrators cannot assume that Office 365 protects all data automatically. IT can restore a deleted mailbox within 30 days. After that time, Microsoft can recover it within 14 days. Once that window passes, the mailbox disappears.

Take steps to defend and retrieve data

The move to Office 365 intimidates many administrators: They must set up everything from Active Directory to new security policies for the collaboration platform. But don’t leave a comprehensive Office 365 backup policy off this long to-do list.

Use these actions to develop an Office 365 backup policy that ensures IT can protect and recover important files and messages:

  • Define your data governance plan with specifics around retention policies and data archives.
  • Check with compliance on regulatory requirements for data retention.
  • Identify the workloads to protect. Include business content in SharePoint and OneDrive — not just email messages.
  • Compare the features in Office 365 backup providers, such as Veeam, Backupify, CloudAlly and Metalogix.
  • Test backup procedures on one — or all — users and against the various services. This helps determine if the offering performs as expected.
  • Set up notifications in Office 365 when major deletions of files and email messages occur.
  • Add alerts for Office 365 backups.
  • Perform restore drills for protected workloads.

Some companies prevent email deletion, while others subscribe to third-party archives to journal email messages and keep copies of other data. Microsoft enables easy access to providers for these backup offerings.

Next Steps

A guide for administrators moving to Office 365

Be aware of these Office 365 limitations

Backup tools to consider for Office 365

Dig Deeper on MS Office 365

Why keep that server after an Exchange Online migration?

Think it’s time to pull the plug on that faithful Exchange Server setup after an Exchange Online migration? Not…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

so fast.

Exchange Server mailboxes that stay in the data center give administrators some flexibility — there’s no need to push everything into the cloud and toss the key — and some Exchange-related functions can perform better on premises.

Here are four reasons to explore an Office 365 hybrid deployment instead of a complete Exchange Online migration.

Hybrid setup provides a mailbox choice

Some businesses prefer the option to keep a few mailboxes on the on-premises Exchange Server and maintain that system rather than rebuild the connection from scratch. A hybrid deployment lets a business natively offboard mailboxes from the Microsoft cloud back to the on-premises Exchange Server. Admins use the remote move migration wizard on the Office 365 tab in the Exchange admin center to send mailboxes to the data center. Without a hybrid setup, the administrator must create new mailboxes and import user information.

Address the large public folder problem

An IT team can sink a lot of time and effort into a comprehensive plan to move large Exchange public folders into Office 365. However, once mailboxes move to the cloud, they can still retain a connection to the on-premises public folders. This means a company can execute its Exchange Online migration but delay the public folder redeployment until a later date — or keep the public folder in the data center if the migration project isn’t feasible.

Don’t forget about application relay

Many businesses routinely use application servers in the data center to relay email messages through Exchange Server. Exchange Online supports message relays from on-premises application servers, but there are throughput limits on the cloud platform. If the message throughput exceeds Exchange Online’s cap, the application servers will need Exchange on-premises infrastructure to handle the load.

Hybrid arrangement can ease management

Some organizations use directory synchronization between Active Directory on premises and Azure AD. In this scenario, the source of authority for directory objects in Azure AD remains with the server that runs AD in the data center. Microsoft recommends admins maintain at least one on-premises Exchange Server after the migration for ongoing management of mail-enabled objects in Exchange Online, such as user mailboxes.

Next Steps

Consider key features in Office 365 migration tools

Weigh these factors before moving off Exchange

Stay with Exchange or explore options?

Dig Deeper on Exchange Server Deployment and Migration Advice

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever’s puzzling you.

Office 365 admins can evolve as platform expands

A move to Office 365 can leave administrators feeling nonessential in the cloud productivity platform. But it’s not all bad news: The switch can spur IT teams to develop skills and empower end users to take full advantage of cloud services.

Microsoft has added a number of new services to the Office 365 suite over the years, creating an integrated enterprise collaboration platform. The company recently delivered SaaS offerings for business analytics with Power BI, a phone system through the Cloud PBX service, Skype for Business and the Yammer enterprise social network. With each new service rollout, end users must understand the capabilities of the applications.

This means that, as Microsoft pours development resources into its cloud products, Office 365 admins see their duties shift from system troubleshooters to internal marketers. Rather than wait for employees to file tickets, Office 365 admins must be internal marketers who sell users on the benefits of each app.

Administrators also can take on system integration functions. Microsoft developed a series of APIs to link its services to other products. Office 365 admins can use these tools to improve key areas, such as system security, or to work with business managers to develop procedures, such as an automated document workflow.

Translate high uptime into me time

Microsoft promises 99.9% uptime to Office 365 customers. What’s the perk of this high availability? It frees the support staff to focus on improving company processes, said Tim Clark, president of consulting firm C3 Solutions. IT staff learns about the latest features in the rapidly growing Office 365 collaboration platform and then shares those findings with users to maximize application use.

In-house app stores can ease the IT workload

Microsoft created an application store with its partners to offer a variety of tools and apps, which have a few benefits for admins. An in-house app store gives Office 365 admins a way to deploy and maintain corporate apps more easily. It simplifies the choices for users with a list of approved apps that the IT staff supports. Additionally, administrators can track downloads and employee usage trends.

The app store not only solves issues that have plagued users, but it also enables companies to keep up with trends in social media and remote workforces. Employees often get frustrated when scheduling meetings; the third-party add-in FreeBusy Scheduling Assistant uses automation to make the process less of a chore.

Also, social media has blurred the lines between personal and business offerings. For example, Starbucks developed an Office 365 application for users to schedule meetings at the local store. The Zomato Restaurant Finder helps executives determine where to go for a business lunch.

But enterprise app stores have downsides. They must work with a wide assortment of technologies and vendors. And supporting such heterogeneous environments — without breaking the budget — is difficult. For instance, allowing end users to bring any type of phone into the organization could strain Office 365. Therefore, a company can limit the number of phones it supports. Additionally, companies might need to add applications that Microsoft does not directly endorse.

What is Microsoft’s Office 365 strategy anyway?

Since the emergence of Office 365, there has been some question about what Microsoft’s plan for these services is all about. In this podcast, Scott Robinson, a SharePoint and BI expert, notes, “Microsoft has done a lot of repackaging, and sometimes, that is just to cover the fact that they haven’t finished a product.”

“Enterprises may want to integrate Slack into their collaboration platform,” said Joshua Trupin, research vice president at Directions on Microsoft.

Other integration needs can arise. Typically, consumer mobile device apps act independently of one another, but businesses must integrate them with Office 365. For example, if a company wants to tie its order management app to the logistics product, the customer often has to build and maintain these links.

Regimented approach can tame costs

Most organizations have a mix of apps — some run on premises and others in the cloud. Develop a standardized approach to provision and manage these apps, and keep a close eye on the licensing agreements to avoid any unexpected bills from cloud app vendors.

To track and ensure license compliance, Office 365 admins can use financial management tools from suppliers — such as Cloudability, Cloudyn and VMware with vRealize Business for Cloud — to keep cloud costs in line.

The notion that public cloud is less expensive than other alternatives also has been challenged recently. Some businesses that operated without a strict cloud pricing arrangement discover these offerings cost more than anticipated.

Office 365 compliance issues deserve your attention

It’s no longer enough to evaluate email servers on just the basic features. Cyberattacks and data leaks are on the rise, and the explosive growth of data means IT admins must reconsider security protections and compliance concerns in their email servers.

Those worries are acute for a business considering a move from an on-premises platform to Microsoft Office 365. Admins should be aware of the potential challenges that await once their company’s data migrates to the cloud, such as Office 365 compliance.

Businesses routinely accumulate vast quantities of data, and that increases regulatory pressures to protect digital assets. Exchange admins were accustomed to managing the security and compliance of just one workload on premises; in the cloud, the number of workloads mushrooms, and the list of Office 365 services that contain company data includes SharePoint, Skype and OneDrive. With Office 365, IT admins are responsible for data governance, and they need to consider new areas of security and compliance.

Microsoft invests $1 billion annually in cybersecurity research and development. The company regularly introduces new features and enhancements for Office 365 security. IT admins can use these modern accoutrements as ammunition to convince their business that it is worth the investment. But before making the move, administrators must address important questions about Office 365 compliance and security.

Navigate Office 365 compliance aspects

With Office 365, IT administrators have one common information protection layer.

Microsoft moved away from a decentralized administration model for on-premises Exchange, where each workload in the platform had its own security and compliance management console. There is now one centralized portal where admins can see all aspects of Office 365 compliance and security.

This portal offers admins a single place to set up and configure the policies related to Office 365 areas, such as SharePoint, OneDrive and email messages. Admins can also use the Office 365 Admin mobile app to access the management console and make adjustments on the go.

Make a data governance plan

As an important preliminary step, many early Office 365 adopters advise IT admins to put together a data governance plan. You’ll want all the policies needed to meet the business requirements in place before the data migrates. The Microsoft FastTrack team or third-party vendors can assist.

With on-premises Exchange, admins’ only compliance concern is with email messages. But for Office 365 compliance, admins must consider data elsewhere, such as Skype for Business, files and SharePoint content, that Microsoft’s data centers manage and store. IT administrators need to expand the scope of their compliance and security policies beyond Exchange and set policies for other workloads. Office 365 offers flexibility and enables some policies to be applied to multiple workloads; this eliminates the duplication of work when creating specific compliance policies.

IT admins are used to digging through troves of user activities and system logs to identify compliance and security issues. Office 365 eases that burden and offers incident and auditing capabilities, such as searchable audit logs, that are easy to use and navigate. IT administrators can now receive alerts on data deletions, departure of sensitive content to external users, or when a user signs in from a risky IP address.

Know what else is covered

In addition to features that protect and monitor compliance in services such as SharePoint, OneDrive and Skype for Business, Microsoft announced in 2017 it will extend that ability to some external data as well. The Advanced Data Governance feature in Office 365 enables administrators to ingest external data from places such as Facebook, Bloomberg, Twitter and LinkedIn; store it within Office 365 cloud storage; perform searches; and apply compliance policies to it.

Intelligence-infused services are nothing new to Microsoft, which seems to recognize the importance of artificial intelligence and how it enables administrators to perform smarter searches and detect abnormal activities. Advanced Threat Protection, Advanced eDiscovery, automatic data classification, and Advanced Security Management use AI to assist with early detection, discovery and prevention.

Manage security needs quickly

An on-premises environment typically requires admins to spend time managing multiple security and compliance platforms. With Office 365, IT administrators have one common information protection layer; a centralized administration portal manages all security and compliance needs for cloud workloads.

Surprisingly, these security components don’t require much from IT, as the tools and intelligence services automate, detect and remedy many issues that admins traditionally handled manually. Not only is there a more comprehensive security layer, but IT admins have more time to efficiently adapt to external threats.

The base Office 365 packages do not include every security and compliance feature. Determine which features your business needs and whether they require licenses to enable advanced capabilities. While Office 365 E5 includes several advanced security and compliance features, there are others — such as advanced threat analytics and Azure Active Directory premium services — that Microsoft considers add-ons, which will cost extra.

As more businesses move their email servers to the cloud and adopt cloud-based workloads within Office 365, there is demand for better visibility and improved security. IT administrators recognize they must adjust their security and compliance practices. But that brings the challenge of relying on one vendor and trusting it with the data. So far Microsoft has taken appropriate steps to invest in its Office 365 compliance and security capabilities, and all IT administrators can do is implement the recommended services based on best practices and recommendations.

Close ranks with key Office 365 security features

Businesses receive enormous convenience and cost control benefits from Office 365, but a move to the cloud also increases the company’s attack surface. This heightened exposure makes it imperative that administrators learn how best to implement the Office 365 security features.

Don’t sit back and expect adequate protection with the default security configurations in Office 365. Admins must tailor Office 365 security features to shield data on the platform from outside threats.

How does Office 365 affect business security?

Modern businesses cannot function as islands, surrounded by antimalware, antivirus and a secure perimeter and demilitarized zone for external users to access certain servers.

An enterprise that depends on Office 365 requires a more intelligent security approach that extends from the service provider to the users, who work on many different devices. Administrators need to discover and hold sensitive information, ensure compliance, prevent data loss and then identify and respond to potentially malicious traffic or use patterns quickly.

Advanced Office 365 security features include multifactor authentication, encryption to protect data at rest and in flight and data loss prevention to stop users from sending sensitive material over email or in unauthorized storage devices.

Office 365 enterprise users must balance features with price

Office 365 meets the requirements for compliance certifications, including those imposed by the Health Insurance Portability and Accountability Act, the Federal Risk and Authorization Management Program and the International Organization for Standardization/International Electrotechnical Commission 27001.

Suspicious activity afoot?

Administrators can manage and audit Office 365 security features with remote PowerShell, but the Office 365 Security & Compliance Center provides a GUI tool to enforce corporate policy and monitor potential threats. The portal provides seven major pages related to security and compliance:

  • Alerts page: This section warns you when a user violates policies that IT creates. Administrators can also view alerts, understand how each was generated and take remedial action. Office 365 includes a series of default alerts and will inform you when a user receives administrative privileges and when it detects malware or unusual file activity.
  • Permissions page: Administrators can grant users various permissions in compliance-related areas, such as device management and data retention. Elevated users can perform only the tasks assigned by the administrator. IT can alter or rescind permissions as business needs change.
  • Threat Management page: Dashboard, Threat explorer and Incidents tools let administrators oversee risks detected within Office 365.
  • Data Governance page: This area enables admins to import data into Office 365; archive and retain important messages and attachments as part of content lifecycle management; and establish supervision policies that review both inter- and intraoffice messages for inappropriate or sensitive content.
  • Search and Investigation page: This allows administrators to locate messages and search audit logs. For example, use the content search to comb mailboxes, folders, SharePoint Online sites and OneDrive for Business content in the company’s Office 365 subscription. Export results to another computer for further examination. Use audit logging to view user and other administrative activities involving files, folders, sharing, SharePoint, Azure Active Directory, Sway and PowerBI.
  • Reports page: This enables administrators to follow application use, identify suspicious app activity and provide notifications and alerts about unusual app use. The page generates reports that show how the organization’s employees use Office 365.
  • Service Assurance page: This page provides details about Office 365 compliance efforts. These include Microsoft security practices for customer data stored in the messaging platform; third-party audit reports of security; and security, privacy and compliance controls used by Office 365.

Migrate to Exchange 2016 with all the facts

Even if your current Exchange setup works reliably, all Microsoft products drop off support eventually. When your messaging platform hits its expiration date, where will you go next?

Microsoft and security experts advise businesses on a legacy platform to shift to a supported platform. But it’s no simple process to migrate to Exchange 2016, even if you decide to stay on premises. For example, if you have Exchange 2007, you’ll need to perform a two-stage maneuver in the Exchange 2016 migration.

In years past, a company’s only option for Exchange was to upgrade to the next version. But with Microsoft’s Office 365 offering, where Exchange Online lifts the email server into the cloud, the decision is not that straightforward. Admins see the value in reduced maintenance, and access to security features such as Advanced Threat Protection. However, not everyone in IT welcomes the cadence of new feature arrivals and the reliance on PowerShell for some administrative tasks.

If you elect to make an Exchange 2016 migration, hardware choices will give the platform optimal performance. Also, be sure to test the platform thoroughly.

IT experts and consultants share these four tips on how to decide between on premises and cloud; what Exchange 2007 admins should do now that support has ended; the Microsoft requirements that can be ignored; and what to do after an installation is complete.

1. Weigh upgrade options: On premises or cloud?

There are more options than ever for a corporate email platform. A business that has used Exchange Server for years can move its messaging system to a low-cost — or free — service hosted by a provider, such as Google’s Gmail. But, in addition to features and price, legal and compliance issues need to be included in Exchange admins’ decision-making process — which can make Microsoft’s Office 365 a better fit. Office 365 ties a company’s calendar, conferencing and collaboration systems into its email — but shifting on-premises services to the cloud takes some effort.

2. Abandon the Exchange 2007 ship before it sinks

Once Microsoft ends product support, a business that remains on an outdated platform risks becoming vulnerable to attack. If a company still uses Exchange 2007, the IT org must decide if it will move to a supported on-premises platform — or go to Exchange Online. A switch from Exchange 2007 to Exchange 2016 requires an intermediate step — the administrator needs to move mailboxes to Exchange 2013 then migrate to Exchange 2016. Microsoft provides tools for an Office 365 migration — and possibly financial help if you qualify.

3. When you can ignore Microsoft’s advice on Exchange 2016

As with all its server products, Microsoft provides guidelines for Exchange 2016 operation. Some businesses have good reason to sidestep these recommendations and deploy Exchange another way. For example, Microsoft does not endorse running Exchange in a virtualized environment; however, many businesses have done this for years with little consequence. Still, admins should check that the hardware or hypervisor vendor does provide support before breaking with Microsoft’s safer model.

Also verify that there’s adequate storage to run Exchange 2016 — Microsoft says a 30 GB system partition will work, but admins should have at least 100 GB. Otherwise, the databases will need to move to a separate disk.

4. Trust, but verify after Exchange 2016 installation

After a business selects an Exchange 2016 migration, executes the deployment and moves over its mailboxes, everything is ready to go, right? Not so fast. Go through a post-install checklist and confirm the configuration will work as expected. Open the Exchange Management Shell and follow a couple quick steps to verify the install was clean. Check that the organization’s domain name is on the accepted domain list, and apply OS and Exchange Server patches before anything starts up in production.

Powered by WPeMatico