Transitioning to Office 365 is a demanding experience for everyone involved, whether they’re the consultant or administrator working with the administration console or the end-user trying to figure out what all these new applications are. But why not make it an entertaining one rather than one everybody is forced to endure? So, in no particular order, here’s our top tips for making it fun:
Know Your Audience
It all starts with the level of enthusiasm the internal IT team has for the move to cloud-based services. This is never a given. If key personnel involved in ongoing operations and support are lackluster in their enthusiasm, you know you’re in for a challenge and should provide more detailed documentation and guidance than might otherwise have been the case. If they’re Exchange administrators, they probably assume they’re a dying breed and are next for the pink-slip. In reality, their lives are going to get busier and their roles more diverse. What the Exchange administrators won’t be doing of course is backing things up, keeping an eye on database sizes, and updating anti-viral software. But even they can be kept enthused by bringing the other Office 365 features into the enterprise. After all, you’re using Office 365 not just for email, but progressively for SharePoint, Skype, Teams, and all the other solutions in the ecosystem.
Clean Your Directory
The Active Directory you’re handed will need some housekeeping. It just will. No one person in any organization can expect to be the sole “AD Cop.” There will always be duplicates, orphans and other flotsam and jetsam in the Directory. Ensure that before doing anything with the Office 365 tenant there are as few errors as possible in the Organizational Units to be synchronized. Sure, the IdFix tool will take care of a lot of things, but there’s no substitute for a visual check—what us veterans call the “MK1 Eyeball1” and a bit of common sense. That said, make sure you do indeed run the IdFix and correct everything it finds. If you find objects that will take time to resolve and the timescale of the projects are such that you can’t wait, simply move the problem objects into an OU that’s not being synchronized to Office 365 and resolve the issue when time permits. Next, consider the OU structure itself. Have you got objects in an OU or even whole OUs themselves that really do not need to be synchronized into Azure AD? Restructure your OUs so you don’t have to go through and select or deselect nested OUs—because that’s where most mistakes are made.
The security team could well ask for some form of penetration testing, a code vulnerability report, for instance. This usually means they’re just checking boxes. The good news is that, as a person planning and/or executing the deployment, you’re absolutely not the person to be conducting such tests. It’s simply a conflict of interest. Instead, educate the customer about the security (even refer to my colleague JP’s article about Microsoft’s Red and Blue Teams). If the customer must have the analysis done then refer to this Microsoft TechNet article and engage an entirely separate party to perform the checks.
So Many Devices & Applications, So Little Time
There are always a lot of devices and applications that want to relay through—or at least submit messages to—on-premises Exchange. Naturally, this has to change or else you’ll run out of Exchange mailboxes. You’ll need to plan which method (see here) to select for each application or device, so it’s important to perform an intensive discovery process to find everything that hits the Office 365. This should be an early priority in your migration planning. Once you start moving users you’re going to have your hands full. If you can take care of the services, devices and applications up front you won’t neglect them later and wind up with unhappy users who aren’t getting messages from non-email sources.
Could We Just Maybe Add…
Always be wary of scope-creep. Nobody wants to deploy the whole of Office 365 in one hit because there’s just too much there. Give consideration to hiding “Tiles” before you have moved anyone to the platform. Hiding other big-ticket items, SharePoint and OneDrive, is shown here. That’s not to actually remove the functionality but it will offer some breathing space between the time you move the mailboxes and the time you get ready for the next project. Note though, that if you’re using Microsoft Teams, hiding tiles doesn’t stop users from creating their teams and getting on with business. They can still store files within the context of Teams. So if you’re thinking of deploying Teams before performing a full SharePoint roll-out, you should certainly feel comfortable doing so.
Those Network Guys
Resist the network guys! OK, resist some of them. A lot of network teams still focus on a centralized egress to the Internet because it worked for them in the past, and prior technical and political decisions required it. Hub-and-spoke, in other words. But what’s the point of having an Office 365 deployment which can be accessed from anywhere on the Internet when the network team forces you to sit in a remote office and access your email via corporate HQ (or the main company data center)? A critical part of the process will be to ensure the network topology is modified to allow access to Office 365 resources in as efficient a manner as possible.
Licenses, Licenses, Licenses
Are you buying E5 licenses—maybe even EMS add-on licenses—for everyone? That’s going to get very expensive very quickly. Carefully assess which licenses you actually do need. If most users are performing basic functions—perhaps from kiosk systems which stay logged-on but where users close the browser once they’ve finished—then an E1, perhaps just an F1, license is potentially all that’s necessary. Users without an extensive need to run business analytics and advanced eDiscovery activities aren’t going to need top-of-the-line E5 licenses. An E3 is likely perfectly fine. Sure, licensing is complicated, but it’s worth the extra time. Remember that you’re paying a sum of money each month to Microsoft rather than just a one-off purchase of CALs like back in the old days.
Note from the editor:
1Short for “Mark One Eyeball” or “Mark I Eyeball”. Refers to using unaided vision to spot something, as opposed to binoculars, radar, etc… “Mark I” is based on military nomenclature for being the first version of a vehicle or weapon. See here for more information.