What License Should You Deploy?
Licensing has changed radically from the methods you’ve gotten used to. You probably had a tool (possibly just a spreadsheet) to keep track of all server and client access licenses: CALs. There was no physical relationship between how many mailboxes you had in operation and how many CALs you actually had. Obviously, you would do regular true-ups to align your use with your licensing obligations to Microsoft as the business expanded. But in Office 365 you can’t even give a user access to Office 365 resources without a license. But what license should you deploy? Here’s an overview of the (many) options:
For users who just need basic browser-based access to email, an E1 license might suffice. No downloadable versions of Microsoft Office are available with this license, but Skype and Teams are available in the browser and the mailbox size can be as large as 50GB.
If your users need a local installation of Office, an E3 license is necessary. In addition to downloadable Office software, the package also includes eDiscovery, archiving, legal hold, and a maximum mailbox size of 100GB.
Several other tiers and packages are available. Those mentioned here are merely the most common. But the takeaway here is to prepare an Active Directory group for each license type you’ll need—including add-on license ‘packs’ such as Mobility or Azure Premium—and populate the groups with the user IDs. Next, license that group in Office 365 in order to know precisely how many licenses you have, how many you need, and who has what license. In this manner, you’ll also be able to tell if you’re short any licenses— and thereby can take the necessary corrective steps—even before you’ve performed any migrations.
Another tangential aspect of licensing is that of shared mailboxes and resources. While user and service accounts do incur a license cost, the shared mailboxes and resources do not. Bear this in mind when calculating your licensing needs. When you plan the migrations be sure to convert the mailboxes to shared and room, or equipment resources as soon as the cut-over completes. You will discover that some applications (likely legacy) cannot be used with shared mailboxes. Unfortunately, you’ll have to assign a license to these mailboxes but won’t be able to convert them to shared in Office 365.
Management Model – Delegate Functions
Office 365 offers the capability to delegate far more functions than before so it’s important to ensure you won’t be burdened with managing the whole environment by yourself. Assign users in finance responsibility for billing. Think carefully about which roles to assign to current Active Directory admins; the User Management Administrator role is probably more appropriate than Global Admin, who has rights over everything. Similarly, assign Exchange Admin and SharePoint Admin to those administrators rather than the Global Admin role. Your admins will know they have been granted administrator rights because the Admin Tile will appear on their personal Office 365 portal, and they will see only links to tasks to which they have been assigned.
File Storage – Take a Look at Your Sharing Policy in OneDrive
You have a lot of data stored in Windows or on other file servers and NAS systems. When moving to OneDrive in Office 365, your users will not only be able to store their files in the cloud, but may also—if you permit it—share data with users inside and outside your organization. When you set up your tenant take a look at the OneDrive admin console when setting up your sharing policy. The default is pretty wide open so you’re going to want to dial that down to a level your organization is happy with. More than just email can be configured with a retention policy, so get that in place before migrating users to the cloud. The same goes for DLP policies and data that might be subject to legal hold. In terms of policy and retention, everything you can do in Exchange, you should also plan for in OneDrive.
Of course, you might not want to use that storage. Perhaps your file services aren’t ready or appropriate to move to the cloud. In this case, simply disable OneDrive. Work through the options with the business and implement before migrating any users.
Mobile Device Management
Be aware, moving your personal data to Office 365 exposes it to greater threats and challenges. You may already have a solution for managing devices that roam outside your company properties, and if so, great. All the major vendors offer solutions for managing access to Office 365, though some charge for the add-on security. But what if you don’t have a device management solution, or even an enforceable policy? Until now, you’ve been able to permit email on mobile and home devices with great ease through ActiveSync and OWA. But without additional high-maintenance infrastructure, access to collaborative resources such as SharePoint and Skype have been out of reach. Look very closely at what you want to allow onto devices your company does not own or what to permit outside the confines of the company environment on devices they do own. Plan to allow the same level of functionality in either case, and also plan to permit access to data located inside the company VPN. Review some basic security on the devices and require a configuration policy to set a PIN, PIN expiry, minimum device OS version, and so forth. If the devices are owned by the company, the company has the right to enforce policies. If users are allowed to use their own devices to connect to company data, they are obliged to accept some restrictions in return for the access.
Measure twice, cut once! You only get one chance to get your Office 365 deployment right so it’s vital to spend as much time as you need to map out your infrastructure, what services to migrate, and when to do the migrations. Gather all the info you can from your current Exchange environment: mailbox sizes, users on legal hold, and users with archived mailbox. Purge your Active Directory of extraneous user accounts and groups you don’t need to replicate up to Azure AD. Understanding your licensing requirements matters because this represents a significant monthly cost to the business. Work with stakeholders—such as application or systems owners—who need to receive faxes, send helpdesk tickets and forward that data to mailboxes or SharePoint sites that will now be in Office 365.