Confessions of an IT admin – O365 implementation experience

For its average user, over a 100 million of them, O365 equals seamless access to corporate data, and a ton of apps. For the IT administrator, it is a bigger attack surface, added complexities, and of course, a few surprises (no matter how many checklists you are following). In this blog post, I will be sharing my O365 implementation experience here at Specops – the kind of stuff you will not find in the user guides.

Let us get right into it!

Getting the deployment off the ground

We decided to move to O365 from our existing Exchange/DFS environment to make use of the enhanced mobility it allows with email, SharePoint, and OneDrive. As we have a highly mobile workforce, the ability to access and synchronise corporate data, with ease, is very important to our business.

We proceeded with a Hybrid Exchange deployment, despite the added complexities, for several reasons. First, it enabled us to perform live migrations of user mailboxes. Second, we had heard some horror stories about spam filtering in O365, and wanted to use third party spam filtering as incoming and outgoing mail is sent through the on-prem exchange server. Moreover, if you have sensitive data in your mailboxes that you want to keep firmly on your servers, a Hybrid Exchange deployment will allow you to keep those mailboxes on-prem. Finally, if someone leaves the organisation, you can move their mailboxes back on site so that they no longer consume a licence.

The sign-up process was relatively painless, but the Hybrid Exchange setup did cause a few headaches, as the default routing rules were not correct. After a bit of tweaking, we got everything functioning as required.

We also needed to think about backing up this new environment. After a bit of research, we went with CloudAlly. We have had to restore an entire SharePoint Site, and a few emails, and it has worked very well so far. Another useful tool that we used for our DFS to SharePoint migration was O365Migrator. This PowerShell tool was a massive help and allowed us to bulk upload our DFS directories to SharePoint Online.

Unexpected challenges

The mailbox migrations themselves were a little strange. We could not get the migration tasks to work on the web interface, while the PowerShell interface worked just fine. These days though, it is the other way around – PowerShell migrations fail, but the web interface works.

We also had to integrate with an on-prem Lync 2013 system for full-unified communications. Voicemail proved particularly tricky to setup, so was getting the Skype for Business/Lync clients to connect with the right credentials to the new Office 365 tenant for conversation history and calendar integration. There were very few guides on this particular configuration, but we eventually found the right method. It turns out that the Skype client likes to cache usernames and credentials in all sorts of strange places.

Finally, at the time of our migration, there were a few available versions for the OneDrive for Business client. It is important to get the latest one as there were some really poor versions released, and the version numbering was dreadful e.g. Microsoft were recommending that you downloaded the “new new OneDrive for Business client” – that’s not a typo it really was “new, new”!!!

The user response

The user experience has been positive, especially once we unified the login names. They were very happy to have a 1TB mailbox – they never need to delete another email again! SharePoint Online has been useful for collaborative projects, and syncing files between multiple devices has worked pretty well, once they got used to the idea (using Office 2016 and Windows 10 also help in this respect).

The use of OneDrive as their home drive has also proved very popular. Again, having the ability to access their corporate data from their mobile devices, as well as from their laptop, has proved very beneficial to the business. There was some of the usual “it’s a bit slow” comments, but once they understood that the files were not held locally anymore, rather available from anywhere (if they authenticate correctly) the benefits outweighed the negatives.

At the end of the day, for many users it is just email and files. As long as it fits in with the way they want to work – highly mobile, from their phone, iPad, laptop, web browser – they are (usually) happy, even if it has been a nightmare to configure for us poor IT admins!

One thing every O365 admin should know

Keep your AD usernames, Office 365 UPNs, Lync/Skype for Business SIP addresses, and email addresses the same! If there are differences, the users will never work out what they need to use, and where they need to use it. Since our users were accustomed to short usernames, we thought that changing them to email address formats would create a lot of push back. It soon became apparent that users did not know which username to use in the various interfaces. For example, Microsoft asks on many Office 365 portals “enter your email address” when they really mean, “enter your Office365 UPN.” Unifying all usernames to the email address was the single most important thing to implement, preferably before you make the jump.

Also, remember that O365/Azure is constantly evolving. Forget about change control, things change very rapidly. Make sure you keep an eye on those emails you get from Microsoft, and sign up to the RSS feeds!

(Last updated on August 9, 2023)

Tags: ,

darren james

Written by

Darren James

Darren James is a Senior Product Manager at Specops Software, an Outpost24 company. Darren is a seasoned cybersecurity professional with more than 20 years of experience in the IT industry. He has worked as a consultant across various organizations and sectors, including central and local governments, retail and energy. His areas of specialization include identity and access management, Active Directory, and Azure AD. Darren has been with Specops Software for more than 12 years and brings his expertise to the support and development of world-class password security and authentication solutions. 

Back to Blog

Related Articles

  • Press Release: Specops Software launches Multi-Factor Authentication for Office 365

    Stockholm, Sweden – December 18, 2017. Specops Software announced today the launch of Specops Authentication for Office 365. This new software helps companies transition to Office 365 (O365) while keeping user data in their on premise Active Directory to take advantage of existing user management and authentication controls. Robust, dynamic multi-factor authentication (MFA) ensures users…

    Read More
  • Why choose 3rd party MFA for O365?

    The adoption of SaaS services requires organizations to house user data in the cloud. Without the right strategy in place, this can mean user management and authentication processes – outside the confines of IT. Take the move to O365, and its creation of a tenant in Azure AD. Maintaining it alongside the on-premises Active Directory…

    Read More
  • User management and authentication for O365: Microsoft or 3rd party?

    Office 365 (O365) adoption is continuing across organizations, now with more than 100 million active users. These organizations will reap the benefits of a cloud service – freed up internal resources, and easy access to updates with minimal maintenance – but, they can’t ignore the inevitable complications of hybrid identities. Whether using the cloud, synchronized,…

    Read More