Office 365 for EducationEdmonton Catholic Schools

Microsoft Office 365 for Education

Edmonton Catholic Schools

Agenda: the technical perspective

Live@EDU – Edmonton Catholic SchoolsOur Live@EDU to Office 365 UpgradeOffice 365 Deployment IssuesFuture Plans

ContextEdmonton Catholic Schools

87 Schools36,000 Active Students4398 Active Staff Members

Microsoft Outlook live: 10GB hosted Exchange mailboxMicrosoft Office Web Apps: Word, Excel, PowerPoint, OneNoteWindows Live SkyDrive: 25GB of cloud-based storageWindows Live Spaces: blogging, friends, photo and video sharingWindows Live Messenger: IM and video chat

Windows Live

Other WL services

Live@edu Admin

SkyDrive Live@edu Outlook Live

Tenant

school.ecsd.net

User Mgmt

Web Client

Exchange creates Windows Live IDs

PowerShell & Exchange Control Panel

Admin

Windows Live ID

Live@EDU – Edmonton Catholic Schools2 on-premise servers:

Directory SyncILM 2007 FP1OLSync

Single-Sign OnWindows SSO Toolkit

SchoolWeb Portal

Live@EduMailbox

Directory

Student’s PC

school.ecsd.net

Windows Live SSO

Challenges we encountered at the time:Students couldn’t access live services directly.SkyDrive accessibility.Some mobile devices had issues with office web apps.

Live@EDU – Edmonton Catholic Schools

Plan A4

Plan A2

Students Free

Faculty/Staff Free

Alumni Free

Upgrade from Live@edu

Plan A3

Enrollment for Education Solutions (EES) or MOSA service agreement needed post upgrade to add on a stand-alone or suite subscription

Estimated retail prices listed above per user, per month

7

Office 365 for Education: Licensing

Free $2.50/month $3.00/month

Free $4.50/month $6.00/month

Office 365 for Education: Licensing

Windows Live

Other WL services

Live@edu Admin

SkyDrive Live@edu Outlook Live

Tenant

Windows Live

Other WL services

Windows Live ID

SkyDrive

MSOID

Exchange OnlineTenant

Office 365

O365 Admin

Before Upgrade After Upgrade

school.ecsd.net

User Mgmt

Web Client

Exchange creates Windows Live IDs

Administrator cannot create or manage Windows LiveIDs

In-place tenant conversion to Office 365

PowerShell & Exchange Control Panel

Admin

Office 365 provides a clear distinction between individual and school identities. Office 365 is an organization managed service.

Windows Live ID

school.ecsd.net

User Mgmt

Web Client

Admin

Office 365 for Education

Office 365 - Edmonton Catholic SchoolsDiscovering the Environment

Provides analysis of on-premises environmentLDAP queries

Active Directory Topology, User objects, Workstation Info, Object counts, Network port analysis, DNS Records

Download from http://community.office365.com/en-us/f/183/p/2285/8155.aspx

Office 365 - Edmonton Catholic SchoolsExchange 2010

• Exchange Best Practices Analyzer• Exchange Connectivity Tester

• https://www.testexchangeconnectivity.com/• Exchange Server Updates

• Hybrid Configuration Wizard• Exchange Server Deployment Assistant

• http://technet.microsoft.com/en-gb/exdeploy2010/default.aspx#Index• Microsoft Forefront Online Protection for Exchange

• Available with our current ECAL; included with Office 365

Office 365 – Edmonton Catholic SchoolsLive@EDU Upgrade

Microsoft Timeline for UpgradeCancelled our Live@EDU service

Re-enrolled in Office 365 for Educationecsd.netschool.ecsd.net

Windows Live

Other WL services

Live@edu Admin

SkyDrive Live@edu Outlook Live

Tenant

Windows Live

Other WL services

Windows Live ID

SkyDrive

MSOID

Exchange OnlineTenant

Office 365

O365 Admin

Before Upgrade After Upgrade

school.ecsd.net

User Mgmt

Web Client

Exchange creates Windows Live IDs

Administrator cannot create or manage Windows LiveIDs

In-place tenant conversion to Office 365

PowerShell & Exchange Control Panel

Admin

Dual Identity: IT Administrator ExperienceOffice 365 provides a clear distinction between individual and school identities. Office 365 is an organization managed service.

Windows Live ID

school.ecsd.net

User Mgmt

Web Client

Admin

User Accounts After Upgrade: Dual IdentityOnce the upgrade to Office 365 for education is complete, each end user will

have two identities; Personal Windows Live identity AND an institutional Office 365 identity

Terms of Use

Individual owned Organization owned

Management & Control

Self-managed Institution-managed

Services Windows Live services

Office 365 services

Identity Windows Live ID Org ID

Terms of Use Organization owned

Management & Control

Institution-managed

Services Windows Live services

Identity Windows Live ID

Live@edu: Single Identity Office 365 for education: Two Identities

Windows Live

Services

Org ID

Exchange Online

SharePoint Online

Online Services Platform

Lync Online

Live ID

Outlook Live

All Windows Live

Services

Service Management

Portal

Live ID

Live@edu IdentityWindows Live ID –

ManagedID: 102912@school.ecsd.netPWD: ADPassWord!

Windows Live

Other Windows Live

services

Windows LiveID

Live@edu Admin

SkyDrive

Live@edu Outlook Live

Windows Live

Other Windows Live

services

SkyDrive

Organization ID

Exchange OnlineTenant

Personal IdentityWindows Live ID – EASI

ID: 102912@school.ecsd.netPWD: ANewPassword

Office 365

Institution IdentityOrganization ID –

ManagedID: 102912@school.ecsd.netPWD: ADPassword!

Office 365 Admin

Before Upgrade After Upgrade

Dual Identity: End User Experience• We did do things a bit differently with our upgrade.• We recommend students create self-managed personal Windows Live account,

based on their school email address for SkyDrive etc.• An organization managed Office 365 account

Windows LiveID

Office 365 – Edmonton Catholic SchoolsDeployment Overview

SchoolWeb Portal

Live@EduMailbox

Directory

Student’s PC

Active Directory

Directory Sync

Office 365

Microsoft Federated Gateway

ADFS Internal

ADFS Proxy

LAN

DMZ

Student’s PC

1. Signed up for 3652. Provisioned ADFS 2.0 Internally for

SSO3. Provisioned ADFS 2.0 Proxy for

External Authentication4. Setup DirSync5. Enabled Replication with Office 365

Office 365 – Edmonton Catholic SchoolsDeployment Overview

Leverage our Hyper-V infrastructureOffice 365 Private Cloud

4 ADFS 2.0 Internal Servers - Hardware Load Balanced(F5)4 ADFS Proxy Servers - Hardware Load Balanced(F5)1 DirSync Server with SQL 2008 R2SSL Certificate from Third-Party CA

Existing AD Management toolsQuest Active Roles Server

Office 365 – Edmonton Catholic Schools

Jan 2011 Aug 2012

E-mail • Students were provisioned e-mails addresses (school.ecsd.net) on Live@EDU

• Didn’t require moving any email, calendars, or contacts

Windows Live • Access all live services via Live@EDU account.

• All windows live services were de-coupled• Email as sign in account

Password • AD Username/Password• Self-Service Password reset

• AD Username/Password• Windows LiveID Password• Self-Service Password reset

Provisioning • OLSync / ILM • DirSync

SSO • Windows LiveID SSO Toolkit • Moved to ADFS 2.0

Live@EDU

Office 365

Office 365 – Edmonton Catholic SchoolsEnd User Experience

We still provide a basic html landing page.Allows us to identify issues with devices that cannot connect; prior to any SSO workflows.

Updated URLslogin.microsoftonline.comoutlook.com/school.ecsd.netedmontoncatholicschools.sharepoint.comlive.skydrive.com

END USER EXPERIENCE SSO DEMO

Office 365 – Edmonton Catholic SchoolsSSO Current Issues

Active Directory

Directory SyncOffice 365

Microsoft Federated Gateway

ADFS Internal

ADFS Proxy

LAN

DMZ

Student’s PC

SharePoint

DMZ

DMZ

Exchange

webmail

myecsd.net

Internally Single Sign-On works as it shouldInternet facing servers are configured independently of each other.Students accessing resources externally may have to authenticate twice.

Office 365 – Edmonton Catholic SchoolsNext 6 months

Resolve the SSO issue externallyF5 LTM – Access Policy Manager(APM)

Configure F5 as External Landing Page

Enable Hybrid mode for ExchangeConfigure FOPE for Office 365Determine if faculty can be hosted off-premiseWindows 8Office 2013 Professional Plus

Office 365 – Edmonton Catholic SchoolsImplementation Considerations

Current investment in existing infrastructure.Exchange 2010

DAGCAS ArrayUM

SharePoint 2010Licensed WebPartsHardware SANInternal MySites

OCS 2007 R2Lync 2013 internal coexistence pilot stage.

Core Customer Scenarios for Identity Management

Users, groups, objects mastered On-Premises and identities mastered in the

cloud

Separate credentials for On-Premises and Office 365 Services

DirSync to synchronize AD objects into Office 365

Suitable for Medium to Large Organizations

Users, groups, objects, identities mastered On-Premises

Single identity for On-Premises, Office 365 Services

DirSync to synchronize AD objects into Office 365

Single Sign-on for On-Premises and Office 365 Services

Suitable for large organizations that require Single Sign On

If using SSO toolkit, use this option

Users, groups, objects, identities mastered in the cloud

Separate identity for Office 365 Services

No additional servers required on-premise

Different credentials and password policies for On-Premises and Online

Suitable for Small Orgs

Microsoft Online Identity Only Office 365 Identity With On-Premises AD 

Office 365 Federated Identity with On-Premises AD*

DirSync User

Microsoft Online

User

Microsoft Online

DirSync User

Microsoft Online

Office 365 – Edmonton Catholic SchoolsBest Practices

Have a minimum of 2 ADFS Internal and 2 ADFS ProxyDetermine if you will require more than 5 ADFS Internal Servers

Requires Full SQL if 5+ ADFS internal required

Use NLB or HLB to ensure High Availablity>50,000 objects DirSync requires Full SQL installation

Requires Directory Sync Quota increase from Microsoft

SummaryOffice 365 for Education Plan A2 is available for all faculty and students for freeSign-up for Free Trial even if you don’t have a 365 plan now:

Get your onmicrosoft.com premise ID while its still available.ecsd.onmicrosoft.com was taken; settled for edmontoncatholicschools.onmicrosoft.comOnce organization is validated as an education account “purchase” A2 licenses to ensure account isn’t disabledGet use to PowerShell

Get statistics about users, mailboxes and migration progressLicense users in bulkMass update Users

New Capabilities Since Release

*Feature is only available in Enterprise SKUs

Productivity & Collaboration

•

•

•

•

•

•

•

•

Access Anywhere

•

•••

•

•

•

GlobalAvailability

•

•

•

•

Enterprise Security & Reliability•

•

•

•

•

•

IT Control & Efficiency

•

•

•

•

•

•

•

•

•

•

•

•

Office Web Apps Updates

ODF support: View and edit ODF documents in Office Web Apps.

Chrome support: Using Office Web Apps with the Chrome browser.

IE9 native support: Using Office Web Apps with IE9 in native mode (vs. in IE8 mode).

Print from editor: Print Word document from edit mode (in addition to view mode).

Insert chart: Insert charts in Excel Web App

Fill handle: Copy and paste values and formulas by dragging the fill handle.

Print: Print presentations from PowerPoint Web App

Edit text in more shapes: Enabling users to edit text in more shapes, vs. just placeholder shapes.

Choose theme: Picking a presentation theme when you create a new document

Insert clip-art: Insert clip art in PowerPoint Web App

Office 365 - Resources

Title LocationOffice 365 TechCenter http://technet.microsoft.com/Office365

Office 365 Deployment Guide http://technet.microsoft.com/en-us/library/hh974318.aspx

Office 365 System Requirements

http://onlinehelp.microsoft.com/office365-enterprises/ff652534.aspx#BKMK_opsystems

Office 365 Single Sign-On with AD FS 2.0 whitepaper

http://www.microsoft.com/en-us/download/details.aspx?id=28971

Install the Microsoft Online Services Directory Synchronization tool

http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff652545.aspx

Planning for AD FS 2.0 Server Capacity

http://technet.microsoft.com/en-us/library/gg749899(WS.10).aspx

Office 365 Virtual Labs http://technet.microsoft.com/en-us/office365/hh699847.aspx

Sample PowerShell Scripts for Office 365 Deployment

http://technet.microsoft.com/en-us/library/hh974317.aspx

29

Student Tools in Office 365

Office 365 For

Education

Training & Rollout

The Future

Training & Rollout

School Technology Coach

MyECSD Portal

Resources

Student Training Resources

Newsletter

Training & Rollout

Teachers/schools excited about the potential of these tools for student use

Some staff nervous about email and publishing tools for students

Digital Citizenship Training Teachers/studentsResources for parents

Responsible Use Agreements Revised

Questions… further thoughts?

Thank you for your interest! Edmonton Catholic Schools