Office 365

Office 365

Basic network monitoring for Office 365


Introduction to Basic Networking Monitoring for Office 365

One of the most significant objections heard from customers who don’t want to move to the cloud is simple: “what if my network stops working?” This seems like a fair question since, without a network that can reach Microsoft’s services, you won’t be able to get all that much work done (or even watch Netflix!) Reliable Internet connectivity is critical to many different essential business services, so most of us have some network monitoring in place. The problem with trying to monitor connectivity to a complex service like Microsoft 365 is that there are lots of endpoints to monitor. In our current forced-working-remotely world, your users are likely to disperse into lots of locations that require monitoring.

Note that the feature described here is officially in preview as of November 2020, so it may change at any time.

Microsoft decided to attack this problem differently: they have released the first version of a network monitoring toolset, first announced at Ignite 2019, that uses telemetry from Office desktop clients to report on connectivity between your clients, wherever they are, and the Office 365 “front door” location that the client is connecting to. In Microsoft-speak “front door” refers to the service entry point that a client connects to; one of the primary design goals for what Microsoft refers to as the Microsoft Global Network is to minimize network latency between a client and the front door. Once your Office 365 traffic enters the front door, Microsoft’s private network is supposed to efficiently get the traffic to and from the appropriate Microsoft 365 service resources, wherever they are. (This isn’t as straightforward as you might think because not every region has its own set of M365 services—look for more details on this in a future article).

Basic Network Monitoring for Office 365

The network monitoring tools appear in the Microsoft 365 admin center under the Health section in the left navigation bar. When you click on Network connectivity, you’ll see the connectivity dashboard, which will look something like this once it’s fully populated. How do you get it fully populated? Ah, there’s the question!

Basic network monitoring for Office 365 in Admin Center

There are two ways to make data appear in this dashboard:

  • You or your users can manually run a connectivity test from from a Windows machine.
  • Your end-users’ machines can contribute telemetry that the service uses to populate data.

Let’s take a look at each of these alternatives.

Manual connectivity tests

If you choose to manually run the connectivity test, you should first sign in using the link in the upper-right corner of the web page—if you don’t, you’ll still get test results, but they won’t be associated with your tenant. After signing in, you can tell the tester whether you want to allow automatic detection of your location and what domain you’re using, then click the “Run test” button. You’ll see an immediate map of your network connectivity and some basic data about its quality, and you’ll receive a prompt to download and run a small executable that performs some extra tests. The screenshot below will give you an idea of what this looks like:

Network connectivity test results for your location

In my tests, this required an upgrade to the .NET Core runtime on about 40% of my test machines; if you need the upgrade, the test executable will tell you. Once you start the executable, it will run more than 350 (as of this writing) connectivity tests covering almost all of the services and endpoints and give you a detailed report. The report contents are described pretty thoroughly in Microsoft’s documentation, so I won’t repeat them here, except to say they will be mostly incomprehensible to everyday users.

As long as you sign in first, those results will both be reported to you but also contributed to the Locations tab of the dashboard— locations that have at least one user-submitted report will show up with a “View results” link that shows a summary similar to this. As an administrator, you can control whether you consider user-submitted results as part of the summary data for a location.

Microsoft says that these user-specific tests provide more depth than the automatically gathered test data, so they are useful for tracing problems reported by a specific user.

Collecting data automatically

Instead of depending on users to manually run tests, you can automatically collect data but only under a specific set of conditions. The first condition is that you will only see data for specific locations known to the tool. How does it know what locations exist? One way is that you can manually add a location by specifying the physical location, the local IP subnets in use at that location, and the public IP addresses used to egress traffic from that location to the Internet. In that case, you need at least two Windows machines in the location running version 20.161 or later of the OneDrive for Business client. The location data you see will be based on the network information you provide when defining the location.

Another way is that you can let the service figure it out based on the client telemetry it sees. In that case, you need at least two Windows machines running version 19.232 or later of the OneDrive for Business client in that location. The Windows machines must have the Windows Location Service enabled, and they must be connected to the Internet using wi-fi. In this mode, all the machines in a single city will be treated as one location, and the location will be blurred to the nearest 300 meter by 300 meter square.

While manual measurements can show up in the admin center after a few minutes, automatically gathered results can take up to 24 hours.

Working with insights

After you’ve started to gather some data, the Insights tab will start to show data; you’ll also see location-specific insights when you view the details for a specific location. Insights include a network map that shows you what front doors are optimal for your location, what front doors you’re actually connecting to, and any weird egress routes that may exist. You’ll also see workload-specific insights, if any exist; for example, my work tenant currently shows me that users in Slovakia and Alabama are both routed to a non-optimal front door for SharePoint traffic.

There are five location-specific insights currently supported (plus one specific to tenants in China):

  • Backhauled network egress
  • Better performance detected for customers near you
  • Use of a non-optimal Exchange Online service front door
  • Use of a non-optimal SharePoint Online service front door
  • Low download speed from SharePoint front door

In addition, there are tenant-level insights for SharePoint and Exchange Online performance.

The future

Some of the additional data items shown in the portal, such as the average latency for Exchange Online connections, fall into the “fun fact” category; in the majority of cases, it doesn’t matter to your users whether your ExO latency is 28ms or 32ms. However, the insights, such as “you’re connecting to a front door on the other side of the ocean from your location,” are valuable because they can lead you to find and fix networking problems that may lead to poor performance and user complaints. As Microsoft continues to extend this feature to gather more data for more workloads and—more importantly—turn that data into useful insights, I expect the value of this feature to continue to increase.

Source Practical365

read more
Office 365

Microsoft OneDrive Gets Handy New Group Sharing Tools


Microsoft is tweaking the sharing experience in its OneDrive cloud service. According to the company, users can now create groups before they share files. This makes it possible to share files with groups of people more easily.

By allowing users to create groups before, OneDrive makes it easier for users to find these groups when sharing files. Microsoft points out there are two ways to create groups in the app, through a Microsoft Account to invite family members, or through creating a group from contacts.

Below are the specifics of those two methods:

  • “To set up your family, go to, then select Create a family group and follow the directions. Note: All members of the group need a Microsoft account, and each will need to accept your invitation to the group to access it. (You can also set up a family group on Xbox or with the Family Safety app.)
  • To set up a friend group, see the article how to create an group. Groups can be family, friends, classmates, your kids’ sports league, your sports league, old college buddies, new game night pals—anyone you want to stay connected with. Note: you will need a free or paid Outlook account.”


When a group is generated, the group will become available in the Share menu in OneDrive. However, it seems this tool is only available for the web version of the service. Users can choose “Anyone with a link can edit” or “Anyone with a link can view.

When searching for an individual through name or email, all group members will surface to allow more efficient sharing.

Microsoft says the new sharing feature is already available for free. It will also work through the OneDrive sync option in Office apps like Word, Excel, and PowerPoint. However, this functionality will not be available until mid-2021.

Source Winbuzzer

read more
Office 365

Microsoft Office Apps Get Trackpad Support on Apple’s iPadOS


Microsoft is rolling out some new updates for its Office applications on Apple’s iPadOS. Specifically, the update brings one of the most anticipated features to the tablet-specific platform… trackpad support.

The ability is coming to both Microsoft Word and Microsoft Excel on iPadOS. You may remember Microsoft began testing this support back last month. It is worth noting since then PowerPoint support for the trackpad has also been added.

Microsoft is sending out the update is phases, so some iPad users will see the changes before others.

Trackpad support for Office apps on iPadOS is a major step. We previously reported on Microsoft also wants Word and Excel to have mouse and trackpad support on iPadOS. Microsoft promised a fall release at the time and has stuck to that timeline.

It is worth noting Apple only brought its own cursor and trackpad support to iPadOS in March. While Microsoft may not want the iPad to become closer to a laptop, there’s no doubt Word and Excel will become more usable with a trackpad functionality. In other words, this move will benefit both the iPad and Microsoft’s apps.

Improving the Platform

Microsoft clearly has long term plans to make Office apps more functional on iPad. In fact, the company has been one of Apple’s biggest supports with iPadOS. Apple reflected this at launch of the platform, pointing to the significance of Word and Excel working with a trackpad.

Microsoft has also given Office apps Split Screen support, and OneDrive Multiple Windows support on the platform.

Source Winbuzzer

read more
Office 365

Microsoft Forms is Now Widely Available to Everyone


This week, Microsoft Forms has left preview and is now officially launching. The survey creator is heading to users through the Microsoft Office mobile app or on the web. This new tool is completely free for all users.

However, you will need a Microsoft Account to access Microsoft Forms, at least if you want to create your own surveys and quizzes.

It is also worth noting subscribers to Microsoft 365 Personal and Microsoft 365 Family get some more templates and tools such as allowing more people to share and complete their designs.

Microsoft Forms is a platform that helps professionals and educators create content in minutes. Forms can be surveys, feedback forms, or quizzes. They can be shared with anyone and form owners can see results of completed forms in real time.

For users interested in using Forms, the official website is here. I had a quick run around the tool and my admittedly basic creation is below (go easy, it took me around a minute!).

Some of the best features of Forms include Quick Poll and Branching. The former integrates with Outlook and allows users to create real-time polls quickly. When typing an email in Outlook, the Quick Poll add-in button can be used to generate poll questions with answer options.

Forms Pro

Last year, Microsoft rolled out the Pro version of Forms. Available globally through the Dynamics 365 Enterprise license, Microsoft Forms Pro is also available to other Office 365 users.

Dynamics 365 users can access Microsoft Forms Pro for free, although they are limited to 2,000 survey responses per month. Office 365 users can buy that same amount of responses for $100 each month, which is about 5 cents per response.

Source Winbuzzer

read more
Office 365

Microsoft Word and Excel Trackpad Support Testing on iPadOS


Apple has pushed the idea that the iPad is an alternative to a laptop for years, without ever really convincing anyone. With the launch of iPadOS a year ago, the company took its argument up a notch. Now iPad has functionality and multi-tasking. It’s not a laptop, but it’s getting closer.

Even Microsoft is on board, giving some Office apps Split Screen support, and OneDrive Multiple Windows support. Earlier this year, we reported on Microsoft also wants Word and Excel to have mouse and trackpad support on iPadOS.

At the time, we said the support would likely come this fall. And so it seems, with Microsoft now testing trackpad support through iPadOS TestFlight.

According to MacRumors, Microsoft has been testing the support on beta versions of its Word and Excel Office apps. Both apps are in preview on version 2.42, available on Apple’s beta service TestFlight.


It is worth noting Apple only brought cursor and trackpad support to iPadOS in March. While Microsoft may not want the iPad to become closer to a laptop, there’s no doubt Word and Excel will become more usable with support. In other words, this move will benefit both the iPad and Microsoft’s apps.

Microsoft clearly has long term plans to make Office apps more functional on iPad. Cursor support, Split View, and separate applications could all be available before the end of the year.

While Apple and Microsoft are currently trading blows over Cupertino’s steep App Store revenue rules, Apple clearly sees Microsoft as an important developer for iPadOS. In fact, when the operating system was launched, the company’s Craig Federighi suggested Microsoft Word integration with Split Screen was something users would like.

“Two Microsoft Word documents side-by-side, I mean that’s enterprising right there!”

Source Winbuzzer

read more
Microsoft TeamsOffice 365Sharepoint

Using sensitivity labels with SharePoint sites, Microsoft Teams, and M365 groups – Part 1


Sensitivity labels in Microsoft 365 have been around for quite some time. Essentially they enable users to apply protection to emails and documents that they’re working on by assigning a label to that content.

The purpose of this ensures that only people authorized to view or consume that content do so. You can configure sensitivity labels to apply encryption and content marking to specific emails and documents, which you assign to users or groups with varying permissions levels using labeling policies.

Depending on the level of Microsoft 365 licensing in place, these labels can be either manually applied by the end-users themselves, or automatically based on built-in sensitive information types.  You can read more about the licensing requirements for Microsoft Information protection here.

Upcoming Webinar: How to Prepare for Office 365 License Renewal – September 21 – 10:30 AM ET / 15:30 PM BST / 16:30 PM CEST. Hosted by Microsoft MVP Paul Robichaux.

The evolution of sensitivity labeling can be traced back to Information Rights Management within Office 365, then Azure Information Protection in the Azure portal, and finally, Unified labeling via the Microsoft 365 Security and Compliance Center.

Up until recently, however, it was only possible to apply sensitivity labels to emails or documents. Microsoft has now introduced the ability to use sensitivity labeling at a ‘container level’, which means that you can apply for labels’ protection at a higher level than the document or email. In Microsoft 365, when we refer to containers, this currently relates to the following three features or services.

  • SharePoint Online Sites
  • Microsoft Teams
  • Microsoft 365 Groups

This blog series will show you how sensitivity labeling works at the container level and configure existing labels. We’ll also show how this relates to any existing labeling applied at the document level and some useful tips on the M365 audit logs’ auditing capabilities.

We will start in the M365 Compliance Center, enabling some existing labels for use with containers.

Microsoft 365 Compliance Center

Over the past couple of years, the Microsoft 365 Security and Compliance Center has been my go-to portal for information governance and protection. Whist this portal remains available, the evolution of so many features relating to both Security and Compliance has led Microsoft to provide specific outlets to administer these functions. Therefore, we now have the separate Security Center and Compliance Center.   

To demonstrate Sensitivity labeling at the container level, I will be working from the Compliance Center by completing the following steps.

  1. Log on to the Compliance Center as a Global Administrator, Compliance Data Administrator, Compliance Administrator or a Security Administrator. This will take you to the portal as shown below.

2. Next, click on Solutions > Catalog > Information protection > View.

3. Now click on Open solution.

4. In the example below, we can see many of the labels and sub-labels already available in my tenant, currently providing encryption and content marking to emails and documents.

5. If we select the General / HR sub-label, we can note its existing settings as below.

6. If you are already familiar with Sensitivity labels, you will note a newer section in this dialog called Site and group settings. Click on Edit label, and this will open the label wizard in the following image.

7. Keep clicking Next until you reach the Site and Group settings.

8. Move the slider to the on position, and this will present you with the options to configure the Site and Group settings.

9. You can choose some privacy options from the dropdown menu to access the Site or Group where this label will be applied. These options are shown in the following table.

Public This will allow anyone in the organization to access the Site or Group where this label is applied.
Private This setting restricts access to only approved members in your organization
None This setting will allow the user to decide who can access the Site when the label is applied.

10. In this example, we will set this label to be applied privately, meaning that only members will access the Site.

11. We can also choose whether we want Sites and Groups protected by this label to be accessed by people outside of the organization.  In this example, we will leave this option unchecked.

12. Finally, we have some controls to address which allow us to choose how any unmanaged devices when they attempt to access Sites or Groups protected by this label.

Note: To use this option, you will also need to configure the SharePoint feature, which uses Azure AD Conditional Access to block or limit access to SharePoint Online and OneDrive content from unmanaged devices.  Further guidance on how you can configure this feature may be found here.

13. Now that you have configured the Site and group settings for your label, click through the wizard, and on the Review your settings page, click Save label.

So, that’s how you can set up an existing label to be Site and Group ready.  Now, let’s take a look at how this works in the first of our three M365 containers, which are SharePoint sites.

Applying sensitivity labels to SharePoint sites

Now that we have a configured label for use with sites and groups, we can apply that label to an existing SharePoint site within our M365 tenant, or whilst creating a new site.  In the following example, I will choose to create a new Team Site to demonstrate how this can be done.

We need to complete the following steps.

  1. Logon to the SharePoint Admin Center and navigate to Sites > Active Sites.  Please refer to my previous blog series How to create Modern SharePoint Online Team Sites for instructions on how to connect to the SharePoint Admin Center. Click on Create.

2. Click on Team site.

3. Enter the details to create your Team Site as shown below. In this example, we will create a site called Human Resources. Under the Sensitivity setting, we will select the General \ HR label, which we created earlier.  Note that this selection results in the Privacy settings field is greyed out. This is because we set the chosen label as Private – only members can see this Site. Therefore, the privacy method is automatically applied.

4. Complete through the wizard to finish creating the Team site, and then open the Team site by searching for it in the SharePoint Admin Center. As you can see below, we now have our new Team site ready, and it is appropriately labeled under the Site name as Private group | General \ HR.

5. This label setting’s effect is that the Site is accessible only to members of the Site, and the Site cannot be shared externally as per the label settings. To demonstrate this, I will try and add an external email address as a member of the Site. I do this by clicking on the cogwheel and selecting Site permissions.

6. Next, I click on Invite people > Add members to Group.

7. Now, I will click on Add members.

8. Here I will add my own Gmail email account, then click Save.

9. What happens is that you can’t add my Gmail account as a member due to the settings we defined in the General / HR label.

So, that’s how sensitivity labeling works with Site and Group settings within a SharePoint Online team site.


In this post, we’ve explained the principles of applying sensitivity labels at the container level within Microsoft 365. We showed you that there are currently three containers to which sensitivity labels can be applied.  These are SharePoint Sites, Microsoft Teams, and M365 groups.

We demonstrated how you could modify an existing sensitivity label in the M365 Compliance Center and enable it for Site and group settings. We also explained you can configure this when setting up any new labels from scratch.

Finally, we showed how to apply the sensitivity label to the first of these three containers by setting up a new SharePoint Online Team Site.

In part two of this blog series, we will show you how to apply the sensitivity label to the two other container options: Microsoft Teams and M365 groups.

Source Practical365

read more
Office 365

Microsoft Defender Application Guard Reaches M365 Office in Preview


Microsoft Defender Application Guard (previously under the Windows Defender branding) is reaching public preview for Office users this week. Microsoft says the tool is available for Microsoft 365 subscribers to test.

Using Microsoft Defender Application Guard, customers can sandbox untrusted documents keeping them away from a system. Through this virtual container, documents across Office apps can be vetted if they come from an unknown source.

Defender AG functions in Microsoft Word, Excel, and PowerPoint. It also functions within emails, allowing users to safely and securely open attachments in Microsoft 365. When the tool opens a document, it fires a notification to users. If the user trusts the source, they can remove the AG warning.

“To help protect your users, Office opens files from potentially unsafe locations in Application Guard, a secure container that is isolated from the device through hardware-based virtualization. When Office opens files in Application Guard, users can securely read, edit, print, and save those files without having to re-open files outside the container.”


Unfortunately, Microsoft is limiting the availability of the tool. Specifically, the company says the tool is available on to Microsoft 365 E5 or E5 Security users. That’s a shame because this is the kind of security tool that would be useful for all businesses and even personal users.

Clearly, Microsoft wants Application Guard to be an exclusive to entice organizations to the E5 subscription.

There are some requirements to test the preview. Firstly, users must be running Windows 10 Enterprise version 2004 on build 19041 or newer. Office 365 version 2008 (build 16.0.13212 or newer), and the KB4566782 security update must also be in use. needs to be installed.

Customers will need a machine offering at least an Intel Core i5 or equivalent, along with 10GB of storage space and at least 8GB of RAM.

Source Winbuzzer

read more
Office 365

Microsoft Excel STOCKHISTORY Beta Provides Data Overview of Stock Values


Microsoft has revealed a new feature coming to its Microsoft Excel app for Office and Microsoft 365. Called STOCKHISTORY, the tool will help Excel users see a visualization of their data for a company over a spread of time.

STOCKHISTORY tops into the Stocks data type in Microsoft Excel and also the dynamic arrays ability that came to the app last year. As the name suggests, STOCKHISTORY will compile stock values from different dates and present them all in Excel.

Dynamic arrays is an important part of the new tool. The feature allows formulas to output values across cells as a list:

“Using dynamic arrays, any formula that returns an array of values will seamlessly “spill” into neighboring unoccupied cells, making it as easy to get an array of values returned as it is to work on a single cell. You can immediately harness the power of dynamic arrays by using one of the new FILTER, UNIQUE, SORT, SORTBY, SEQUENCE, SINGLE, and RANDARRAY functions to build spreadsheets that would previously have been nearly impossible.”


In a blog post, Microsoft details the signature details of STOCKHISTORY in Microsoft Excel:

  • stock: The identifier for the financial instrument targeted. This can be a ticker symbol or a Stocks data type.
  • start_date: The earliest date for which you want information.
  • end_date (optional): The latest date for which you want information.
  • interval (optional): Daily (0), Weekly (1), or Monthly (2) interval options for data
  • headers (optional): Specifies if additional header rows are returned with the array.
  • property0 – property5 (optional): Specifies which information should be included in the result, Date (0), Close (1), Open (2), High (3), Low (4), Volume (5).

STOCKHISTORY is available to Microsoft 365 users in beta preview. However, Microsoft points out the tool is currently only available to 50% of users on the Office Insider Fast Ring on Windows. The company does not say how it decides which customers receive the ability first.

Microsoft has been working on expanding the stock capabilities of Excel. Last year, the company announced a partnership with Refinitiv and Nasdaq. Under the partnership, those companies will bring real-time stocks to the Office app.

Since then, users of Excel can track up-to-date stock information across major U.S. exchanges in Nasdaq and stocks data from Refinitiv.

Source Winbuzzer

read more
Office 365

Microsoft Updates OneDrive for Business, Admin, and Consumer Users


Microsoft yesterday announced a feature-rich update for OneDrive. Microsoft 365 users using business, personal, and admin accounts can access a slew of new tools. In a blog post, Microsoft revealed the extensive changes coming to the cloud storage solution.

“We’re excited to announce new OneDrive features across Microsoft 365 that bring a more connected and flexible files experience to business users, more control to admins, and a more personal touch to everyone at home.”

Microsoft says the features will be rolling out to the app during this month.

Business Users

On the business side, Microsoft 365 users can now easily add shared folders with an “Add to OneDrive” button. Furthermore, file sharing and access management is now available in Microsoft Teams.

  • “New “Add to OneDrive” will allow users to easily add shared folders to OneDrive.
  • Familiar OneDrive file sharing and access control experience in Teams.
  • OneDrive will soon support read and write sync for shared libraries that contain required metadata.
  • File access will be maintained for shared users even if the file location is changed.
  • Upload file size limit is increased from 15 GB to 100 GB in OneDrive and SharePoint.
  • Ability to turn off comment notifications for individual files.
  • Ability to share links copied from your browser address bar with your internal colleagues (if admin-enabled).”

Admin Changes

Admins working with OneDrive will also be getting some new tools. For example, a new dashboard is available to check sync app version and the sync status. Users can also see top sync errors across devices.

Microsoft says a new feature coming soon will allow admins to implement multi-factor authentication policies. Lastly, all admin controls in OneDrive will also be available in the SharePoint admin center.

  • “New dashboard to check sync app versions, sync status, and top sync errors on individual devices.
  • Admins will soon be able to implement automatic expiration of external access, multi-factor authentication policies, like prompting one-time passcodes (OTP) and more.
  • All OneDrive admin capabilities, including controls for sharing, access, sync, and storage, will be available in the SharePoint admin center, consolidating admin tools in one place.”

Consumer Users

Consumers have not been left out of this round of OneDrive updates. Specifically, users can now predefine a group of people to share files to. Dark Mode for the web version of the service is now live.

  • “New feature will lets you predefine a group of people from your personal life and then easily share files, photos, videos, and albums with that group.
  • Dark Mode to OneDrive for the web across commercial and personal accounts.
  • Newly released features like OneDrive’s file detail pane and activity feed let you see your file activity and comments in single view.”

Source Winbuzzer

read more
Office 365

The Top 6 Considerations for Migrating between Office 365 Tenants – Part Two


In Part One of this series, we discussed the prerequisites for a migration. Such as, which apps can go, which can’t and what challenges you may be faced with. In this instalment, we’ll take a deeper dive into domains and identity creation and management, and velocity.

1. Domains

One of the bigger challenges in an Exchange Online migration (often correctly considered to be the easiest of the workloads to move) is maintaining a single domain across multiple tenants. This is a common issue in larger migrations when you need to migrate users across several days or potentially weeks.

If you’re not re-branding and continuing to use the same email domain, it’s impossible to host the same domain in two tenants, so how can we work around this.

A popular solution is to use a third-party Office 365 tenant to tenant migration solution to do address rewriting on inbound and outbound mail. In this scenario, you would typically use a sub-domain or alternate domain in the “target” tenant and rewrite outbound mail at the routing solution, so it appears to come from the original primary domain.

If you know this is going to be a temporary solution that can’t be worked around, another option would be to build and configure an Exchange Edge server, potentially in Azure, and route mail through the Edge server. You can read more information on how to do this here.

This would be preferable as you are normally tied into longer 1-3 year agreements with third-party providers, whereas you could decommission the Edge Server as soon as you were done. But you would need to weigh up the cost of licensing the server and Exchange against the other options.

In most scenarios, we see customers opting to increase migration velocity (more on this later) to reduce the impact and use a sub-domain, or similar, where there isn’t a third-party solution already in place. This means that any change in domain is only temporary for a short time, and no additional cost or complexity is introduced.

2. Identity Creation and Management

When speaking to customers about Office 365 migration plans, my key point to them is ‘Identity is everything’. This differs a lot from on-premises.

Identity is the entry point and control to everything within Office 365 and beyond. If you’re using Azure AD as your authentication provider for other enterprise applications, it’s critical you get the configuration of identity and ongoing management correct.

It can seem daunting at first, for example, you could have hundreds of users from separate directories that you need to work through to ensure there are not going to be any duplicate values. You must ensure you understand where the identities are going to be managed. Do you need to maintain an on-premises Active Directory, or are you going to remove AD completely and go with cloud-only identity management? You will often see when consolidating two different organisations new duplicate names that you didn’t have before, and you’ll need a strategy for identifying these and selecting which person gets the “non-standard” identity (i.e.

Begin by determining where your “source of authority” lives. Typically, if this is an environment that already exists then the users here will become your “primary” accounts, and any duplicate values that arrive from the additional directory, will become secondary. Make sure you plan out how you will get any new identities into the new source, or if you even need to. For example, if you are currently running AAD Connect in two different AD forests to two different tenants, could you switch to using a single AAD Connect with multi-forest sync, or even use the new Azure AD Cloud Provisioning Agent?

There is a multitude of options, and there are not necessarily any right or wrong answers. The key is to ensure you have selected a strategy, planned out how you will implement it, and fully understand all the impacts of your chosen solution.

3. Velocity

The velocity of migration is always a difficult decision, regardless of what type of migration you’re executing. With tenant to tenant migrations, this can be particularly challenging as the native user experience isn’t as pleasant as Exchange Hybrid for example. And there are normally a lot more workloads involved due to the nature of moving across tenants.

At the highest level, your options are:

  • Big Bang: migrating all your users in a single cutover, normally performed over a weekend. This is achieved by pre-syncing as much data as possible in advance, reducing the volume of data to be migrated at cutover. This approach reduces coexistence requirements and would answer the limitations for domains in a single tenant mentioned above. However, it will mean supporting all of your users in one day and would restrict your ability to pilot the migration and the additional risk created by moving so much data in one go which could impact whether everything is moved in time.
  • Batched Approach: migrating users in batches is more controlled, and you can be adjusted to meet the business needs. You have less data to move at one time, and you have smaller numbers of users to support through the change. But you do incur additional complications in enabling coexistence for migrated and non-migrated users, the additional complexity in configuring mail flow across the two tenants, and the additional business cost to spreading the effort over a longer period.

As with a lot of these considerations, there is no right or wrong answer, and I have seen both options implemented successfully across several different clients. What you should ensure though, is that the approach is going to work for your project and your users, that you can meet the needs of the business, and de-risk the project as much as possible, whilst still ensuring success in a timely and cost-efficient manner.

In the final instalment of this tenant to tenant migration series, we’ll look at the last three considerations: ensuring you’re going to the right tenant, end user devices, and user communications and education.

Source Practical365

read more
1 2 3 6
Page 1 of 6