Congratulations! You’ve just wrapped up what may be your last email migration project by migrating from your legacy on-premises email platform to Exchange Online. So now what?
Skeptics might think that as an Exchange administrator, if there is no on-premises Exchange, you just migrated yourself out of a job; the reality is that this couldn’t be further from the truth. The role of an Exchange administrator is still very much necessary, it’s just a different set of responsibilities and tasks.
While the mundane tasks of applying service packs and monitoring disk space have mostly vanished into the clouds, there’s a whole new set of responsibilities and technologies to focus on.
Changes in Routine Maintenance
As much as some might like to think that moving to the cloud means there is no routine maintenance, you still have some regular tasks to keep everything running smoothly.
Since Microsoft is managing most of the change on the cloud side, one of your tasks is keeping track of these changes. In a recent post, “Office 365 – How to Stay Informed of Changes”, I cover how I stay on top of these changes for my particular role.
If you’re using DirSync, it’s an area that requires some basic monitoring. While DirSync only runs every 3 hours and failures will not likely create an outage, it’s still important to maintain a clean sync between your on-premises Active Directory and Azure Active Directory. If every sync cycle generates an error report, it’s difficult to discern when an actual issue is occurring. So clean up those sync errors!
Active Directory Federation Services (AD FS)
If you’re using AD FS for authentication to Exchange Online, it’s as critical as your on-premises Active Directory; if AD FS is unavailable, you won’t be able to access Exchange Online. One area that is occasionally overlooked is the expiration of the token-signing certificate within AD FS. Make sure you know the expiration date of this certificate (default expiration is one year) and the process for renewal. I usually recommend that clients change the expiration to the same date as their public service communications certificate so the changes are a coordinated event.
If Exchange Hybrid is a long-term plan for your organization as opposed to just an interim migration state, there are some maintenance tasks in keeping a healthy hybrid environment. Your hybrid servers should be routinely patched and monitored just like any other Exchange server where you’re keeping an eye on critical areas like utilization, available disk space, message queues, certificate expirations, etc.
I’ve yet to meet an IT professional that has enough time to tackle all the tasks he or she wants to. It seems there is always “the list” of items that you want to get to but the everyday tasks get in the way. Now that those everyday tasks have been reduced (not eliminated), it’s time to check some items off your list.
The areas below are just some of the technologies that IT can implement to allow your business to operate more efficiently or securely:
- Multi-Factor Authentication (MFA)
- Rights Management Services (RMS)
- Message Encryption
- Data Loss Prevention (DLP)
- Mobile Device Management (MDM)
- Enterprise Social
We take you through 10 best practices, considerations, and suggestions that can enrich your Microsoft Teams deployment and ensure both end-user adoption and engagement.
In many cases, these technologies are already included in your Office 365 subscription and can be implemented with minimal investment beyond the deployment hours. Each of these areas could be a project on their own depending on the size of the organization, below is a summary of each area.
It’s no secret that automation can make everyone’s job easier and reduce errors that come from manual operations. Maybe you’re very familiar with PowerShell already, if so you’ll find that there is little that you can’t do in Office 365 via PowerShell; your first task might be to streamline your licensing process. If you’re coming off a legacy “pre-PowerShell” product like Exchange 2003, get ready for a new world of opportunities and start building up your personal script library.
Office 365 includes an ever-expanding list of precanned reports that you may find helpful. In particular when deploying a new service, it’s good to be able to report on usage and adoption. Beyond the reports available to you in the tenant, there is a Reporting Web Service that allows you to create more customized reports with a little bit of effort.
Multi-Factor Authentication (MFA)
With what seems to be a weekly news story about passwords being compromised, it’s hard to argue the multi-factor authentication shouldn’t be on every organization’s roadmap. Microsoft added MFA to most Office 365 plans back in February of this year. The idea is basically that you can use your mobile phone as a secondary token device during authentication. The current “App Passwords” process for applications like Outlook leaves a bit to be desired but changes are scheduled. It’s still worth looking into this one now to start understanding how it works.
Rights Management Services (RMS)
A feature that I’m really surprised is not implemented by my organizations is RMS. The idea is that the intended security around a file or email stays with that item. Within the scope of Exchange Online, this might include restricting the ability to forward a specific email or putting an expiration on particular email.
If you use an Office 365 plan such as E3 or E4 that is licensed for Azure RMS, Office 365 includes the option of Message Encryption. This is essentially the process where the recipient receives an HTML link to go read the encrypted email, even if they’re an external party. Messages are set to be encrypted through a transport rule based on a subject keyword (i.e. “SECURE:”) or message classification.
Unless you migrated from Exchange 2013 on-premises, Office 365 likely has a whole set of eDiscovery components that are new to you. These components can provide opportunities to move away from legacy products and processes you may currently be using to meet your eDiscovery needs.
Data Loss Prevention (DLP)
If your organization is not utilizing DLP today, it’s a feature that can help reduce inadvertent emailing of confidential data. Microsoft includes a number of policy templates to detect data covered under HIPAA, PCI-DSS and others. Additionally, common corporate forms can be “fingerprinted” to more accurately identify data. DLP Policy Tips can be used to notify users that their email is policy out of compliance and a variety of actions can be taken on the non-compliant email.
Mobile Device Management (MDM)
With the BYOD movement in full swing, Mobile Device Management is becoming increasingly important. Microsoft’s offering in this space is the Enterprise Mobility Suite (EMS) which consists of Azure AD Premium, Microsoft Intune and Azure RMS. Microsoft seems to really enhancing this offering in 2015 with the recent announcement: Introducing built-in mobile device management for Office 365.
As Microsoft embraces their “Work like a network!” initiatives, expect to see more crossover between Exchange, SharePoint and Yammer. The new “Groups” feature that is currently being rolled out is an example of this. Providing your users with these type of collaborative features can enable them to work more efficiently.
- Microsoft has touched on this topic in the past, check out the session “Engineers vs Mechanics – the evolving role of IT with Office 365” from the Microsoft Exchange Conference (MEC) earlier this year.
- Also from MEC, Microsoft has a quick one-minute video that is obviously meant to be entertaining but it still hits the core point: YouTube: “Secret Switch”
- There’s still work to do and lots of it.
- The type of task shifts from routine maintenance to implementation of new features.
- Implementing new features allow you to broaden your skill set and allow your business to operate more efficiently or securely.
Did you find this article helpful?
Leave a comment below or follow me on Twitter (@JoePalarchio) for additional posts and information on Office 365.