Confessions of an IT admin – O365 implementation experience
(Last updated on July 2, 2021)
For its average user, over a 100 million of them, O365 equals seamless access to corporate data, and a ton of apps. For the IT administrator, it is a bigger attack surface, added complexities, and of course, a few surprises (no matter how many checklists you are following). In this blog post, I will be sharing my O365 implementation experience here at Specops – the kind of stuff you will not find in the user guides.
Let us get right into it!
Getting the deployment off the ground
We decided to move to O365 from our existing Exchange/DFS environment to make use of the enhanced mobility it allows with email, SharePoint, and OneDrive. As we have a highly mobile workforce, the ability to access and synchronise corporate data, with ease, is very important to our business.
We proceeded with a Hybrid Exchange deployment, despite the added complexities, for several reasons. First, it enabled us to perform live migrations of user mailboxes. Second, we had heard some horror stories about spam filtering in O365, and wanted to use third party spam filtering as incoming and outgoing mail is sent through the on-prem exchange server. Moreover, if you have sensitive data in your mailboxes that you want to keep firmly on your servers, a Hybrid Exchange deployment will allow you to keep those mailboxes on-prem. Finally, if someone leaves the organisation, you can move their mailboxes back on site so that they no longer consume a licence.
The sign-up process was relatively painless, but the Hybrid Exchange setup did cause a few headaches, as the default routing rules were not correct. After a bit of tweaking, we got everything functioning as required.
We also needed to think about backing up this new environment. After a bit of research, we went with CloudAlly. We have had to restore an entire SharePoint Site, and a few emails, and it has worked very well so far. Another useful tool that we used for our DFS to SharePoint migration was O365Migrator. This PowerShell tool was a massive help and allowed us to bulk upload our DFS directories to SharePoint Online.
The mailbox migrations themselves were a little strange. We could not get the migration tasks to work on the web interface, while the PowerShell interface worked just fine. These days though, it is the other way around – PowerShell migrations fail, but the web interface works.
We also had to integrate with an on-prem Lync 2013 system for full-unified communications. Voicemail proved particularly tricky to setup, so was getting the Skype for Business/Lync clients to connect with the right credentials to the new Office 365 tenant for conversation history and calendar integration. There were very few guides on this particular configuration, but we eventually found the right method. It turns out that the Skype client likes to cache usernames and credentials in all sorts of strange places.
Finally, at the time of our migration, there were a few available versions for the OneDrive for Business client. It is important to get the latest one as there were some really poor versions released, and the version numbering was dreadful e.g. Microsoft were recommending that you downloaded the “new new OneDrive for Business client” – that’s not a typo it really was “new, new”!!!
The user response
The user experience has been positive, especially once we unified the login names. They were very happy to have a 1TB mailbox – they never need to delete another email again! SharePoint Online has been useful for collaborative projects, and syncing files between multiple devices has worked pretty well, once they got used to the idea (using Office 2016 and Windows 10 also help in this respect).
The use of OneDrive as their home drive has also proved very popular. Again, having the ability to access their corporate data from their mobile devices, as well as from their laptop, has proved very beneficial to the business. There was some of the usual “it’s a bit slow” comments, but once they understood that the files were not held locally anymore, rather available from anywhere (if they authenticate correctly) the benefits outweighed the negatives.
At the end of the day, for many users it is just email and files. As long as it fits in with the way they want to work – highly mobile, from their phone, iPad, laptop, web browser – they are (usually) happy, even if it has been a nightmare to configure for us poor IT admins!
One thing every O365 admin should know
Keep your AD usernames, Office 365 UPNs, Lync/Skype for Business SIP addresses, and email addresses the same! If there are differences, the users will never work out what they need to use, and where they need to use it. Since our users were accustomed to short usernames, we thought that changing them to email address formats would create a lot of push back. It soon became apparent that users did not know which username to use in the various interfaces. For example, Microsoft asks on many Office 365 portals “enter your email address” when they really mean, “enter your Office365 UPN.” Unifying all usernames to the email address was the single most important thing to implement, preferably before you make the jump.
Also, remember that O365/Azure is constantly evolving. Forget about change control, things change very rapidly. Make sure you keep an eye on those emails you get from Microsoft, and sign up to the RSS feeds!