Click here to monitor SSC
  • Av rating:
  • Total votes: 23
  • Total comments: 2
Jaap Wesselius

Managing Office 365

03 August 2011

As you start to use Office 365 more extensively, it becomes crucial that you understand all of the options for managing your new cloud-based infrastructure. Jaap Wesselius has done the research, and explains all.

In my previous articles I explained a bit about Exchange and Lync in Office 365. However, I didn’t cover managing the Office 365 environment, so this might be a good opportunity to explain a bit more about that. In Office 365, you can manage your whole environment using the Web Portal. When it comes to Exchange Online, you also have the Remote Powershell and the Exchange Control Panel as management options, whichever you’re most comfortable with. I’ve been trying out all three, so I’ll take you on a quick guided tour to help you find your feet.

Microsoft Online Portal (MOP)

When you subscribe to the Office 365 service, you’ll get an administrator account that can be used to manage the Office 365 environment. This is initially done through the Microsoft Online Portal (MOP), which can be accessed via the URL https://portal.microsoftonline.com.

Make absolutely sure that you do not delete the assigned administrator account, as this is the only account that can fully manage your Office 365. Even if you’ve assigned administrative roles to other users, these won’t be the same!

The online portal, which is pretty much self-explanatory, is the first management tool you’ll see in Office 365. I’ve previously explained how to create new domains, new users, and manage your subscriptions, and you can read all about that in an earlier article on Simple-Talk.

Microsoft Online Portal

Figure 1. The Microsoft Online Portal (MOP)

Unsurprisingly, in the Microsoft Online Portal you can manage the various components in Office 365, i.e. Exchange Online, Lync Online, Sharepoint Online, and the Office Web Apps - depending on your subscription, of course. In fact, in the MOP there’s also the option to manage your Office 365 subscriptions (or plans), via the Subscriptions area of the portal, as can be seen on the left of Figure 1. Just as a quick guide, in case you’ve not delved into the Office 365 subscriptions options yet, there are basically three plans available:

  • P-Plan – this plan is targeted towards individual professionals and small businesses. It only contains the most basic online software, like Exchange online, Sharepoint Online and Lync Online. Other limitations include a lack of 24x7 support, the fact that the plan is limited to 25 users, and that your DNS needs to be transferred to Microsoft. However, because it is a relatively small offering, the price is also fairly low: US$6 per user per month;
  • E-plan – this plan is targeted towards midsize businesses and enterprises. In fact, various E-plans are available, ranging from basic services to the full package. Pricing ranges from US$10 per user per month (for E1) to US$27 per user per month (for E4, which is the complete package);
  • K-plan – finally, this is a Kiosk plan, also part of the midsize and enterprise offering, specifically targeting “deskless” workers or employees who use shared PCs. As a result, Kiosk plans only offer web-based access to the Exchange mailbox and Sharepoint environment. Prices are US$4 per user per month (for K1, the basic Kiosk plan) and US$10 per user per months (for K2, which includes access to Office Web Apps).

Naturally, more information can be found on the Microsoft website.

Support

Given that it’s aimed at bigger, perhaps more demanding organizations, part of the E-plan is 24x7 support. While it is possible to find all kinds of online resources using the MOP, it is also possible to submit Service Requests (SR), which you can use to report an incident to the 24x7 Microsoft Office 365 Support Department, who will handle the request.

Since the datacenters are operated by Microsoft there’s no real need to actively monitor the platform. Depending on your preferences and requirements, this might even be one of the big draws to migrating some or all of infrastructure into the Cloud. However, you do want to know whether all services are available and functioning normally, and it is possible to check the platform’s Service Health via the MOP, and get an overview of all services within Office 365 (see figure 2, below).

Service Health at Office 365

Figure 2. Service Health at Office 365

In fact, while we’re on the topic of uptime and service health, it’s worth noting that planned maintenance is announced via the MOP, which also gives you access to a maintenance history. For example, looking at figure 3, we can see that maintenance is planned for Lync Online on July 30 2011 at 1 a.m. PST:

Upcoming planned maintenance on Lync Online

Figure 3. Upcoming planned maintenance on Lync Online

Administrative Roles

The first user that is created during provisioning of the new Office 365 organization is automatically the administrator account. This “super user” can manage the entire organization in Office 365. However, to spread out the burden of responsibility, it is possible to assign specific administrator permissions to users, enforced by the use of these roles:

  • Billing administrator – responsible for purchases, subscriptions, support tickets and monitoring service health;
  • Global administrator – top level administrator who can manage the entire organization. Please note that the permissions are the same as the initial administrator created during provisioning, except that the initial admin is the initial point of contact from a Microsoft perspective;
  • Password administrator – resets passwords, can manage service requests and can monitor the service health;
  • Service administrator – can manage the service requests and can monitor the service health;
  • User Management administrator – can create new users (but cannot assign administrative roles), manage user accounts, reset passwords and create service requests.

As you can see, there’s a certain amount of overlap within these roles, such that you can created a clearly defined permission hierarchy within your organization, should it be necessary. These administrative roles can be assigned during the provisioning of a new user, or assigned to existing users using the MOP:

Assign administrative roles during user provisioning

Figure 4. Assign administrative roles during user provisioning

Exchange Control Panel

For managing mailboxes in Office 365, you can use the Exchange Control Panel (ECP), which is basically the same as in an on-premises Exchange implementation. However, there are actually a few interesting features available through the Office 365 ECP which are not available in the on-premise version of Exchange Server 2010. For example, you can create new users via the Office 365 ECP, which is not possible in an on-premise version of Exchange Server 2010.

You can access the ECP via the MOP by looking under the Management heading, and selecting the user > More options. When you then click on Change Mailbox Settings, you are automatically redirected to the ECP. It is also possible to switch directly to the ECP via the Outlook Web App (OWA): when you’re logged on to the administrator’s mailbox, you can select Options in the upper right corner of the screen, and then select See All Options (see figure 5).

Access the ECP from within OWA

Figure 5. Access the ECP from within OWA. You have to have administrative privileges to get here.

In the Options page (which is identical for all users) there’s another option regarding what to manage, which dynamically reflects your permissions. For example, when you’re the organization administrator, it is possible to select Manage My Organization (See figure 6).

Select Manage my Organization to manage the Exchange environment in Office 365

Figure 6. Select "Manage my Organization" to manage the Exchange environment in Office 365

The fun part here is that you can create new users accounts using the ECP – an action which is (unfortunately) not possible with on-premise Exchange 2010. Another unique feature in the Office 365 ECP is the E-mail migration wizard, which enables you to migrate existing mailboxes from Exchange 2003 or Exchange 2007 to Office 365. The Outlook Anywhere (also referred to as RCP/HTTPS) protocol is used for this, but there’s also an IMAP4 option for migrating mailbox data.

Create new mailboxes using the Exchange Control Panel

Figure 7. Create new mailboxes using the Exchange Control Panel. Note the E-mail migration button in the Ribbon!

Powershell

Finally, just like with an on-premise Exchange Server 2010 implementation, you can use Powershell to manage the mailboxes in Office 365. However, since Office 365 is hosted in Microsoft’s datacenters, the remote version of Powershell needs to be used.

This means that you have to open Powershell locally, create a new session with all the remote parameters, and then create the connection with this session. Since the Office 365 credentials are needed, we have to first store these in a variable, which is then used in the command to setup the session.

However, the first step is to open the Execution Policy on your workstation. By default it doesn’t let you run any remote scripts, so it has to be enabled using the Set-ExecutionPolicy cmdlet:

Set-ExecutionPolicy RemoteSigned

Bear in mind that this only has to be done once on any given workstation, and then the Powershell session can be setup:

$Cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange
-ConnectionUri https://ps.outlook.com/powershell -Credential $Cred
-Authentication:Basic -AllowRedirection

Import-PSSession $Session

Compare this to my blog post on Remote Powershell in an on-premise environment, and you’ll see that there’s no real difference!

Setting up the Remote Powershell

Figure 8. Setting up the Remote Powershell. You can see the session is redirected to a server in Amsterdam

Now that we have a remote Exchange Management Shell available, we can use Exchange cmdlets to manage the Exchange 365 environment. Any Powershell you’ve used to manage your local Exchange 2010 environment can be brought to bear in your Office 365 setup, so I won’t dwell upon the fine details. Finally, once you've done everything you need to, you can end the remote Powershell session by entering the following command:

Remove-PSSession $Session

Of course you can also just close the Powershell window, but this is a more elegant way, and you can be sure that the connection to the datacenter is really closed.

CSV Files and Bulk Management

Managing users using the MOP is possible as long as you don’t have too many users to manage. When you want to create a lot of users in Office 365, a better alternative would be to use a CSV file import. The CSV obviously needs to contain all the necessary information regarding the users, and users are created on-the-fly as the CSV file is being imported. To access the CSV import process, open the MOP and navigate to the Management > User > New User > Bulk add users option - this triggers the appropriate import wizard. There’s a strict format required for the CSV file, and on the first page of the wizard there’s an option to download a blank CSV file as a template. After filling in this blank file with the appropriate data, you can use the Browse button to upload the file from your local machine to the Office 365 environment.

Importing a CSV file for bulk user management

Figure 9. Importing a CSV file for bulk user management

Now that the file is imported, it’s just a matter of following the wizard which, when finished, will show an overview of the newly create users and their (automatically generated) passwords.

These users are succesfully created from a CSV file

Figure 10. These users are succesfully created from a CSV file.

Directory Synchronization

Management becomes more interesting when integrating Office 365 with an existing on-premise infrastructure, partly because it is possible to link an on-premise Active Directory with Office 365 to synchronize user accounts between both environments. This is a long term solution, and makes it possible to create a Rich Coexistence environment, which is just a new Microsoft term for integrating Office 365 with an on-premise environment. This means that when it comes to, for example, Exchange, there can be mailboxes both on-premise as well as in Office 365. In addition, since there’s a directory synchronization (or dirsync) solution, users in either environment can see the full Global Address List, meaning that a user with an Office 365 mailbox can still see users with on-premise mailboxes.

Directory Synchronization can best be combined with Single Sign-on to create a true Identity Management solution. If this is done, then users can logon to their desktop in the office using the on-premise Active Directory environment, and then smoothly access Office 365 resources without having to logon a second time. You can use Active Directory Federation Services (ADFS) to accomplish this but, since Directory Synchronization and ADFS are quite complex products, I will get back to this topic in a future article.

Managing Lync and SharePoint

So far, most of the topics I’ve included in this article are focused on Exchange Online and, quite frankly, I think Microsoft has done quite a good job here. On the other hand, when it comes to managing Lync Online and SharePoint Online, you can only use MOP. In fact, I explained Office 365 and Lync Online, including the management options available, in a previous article on Simple Talk, so I won’t retread that ground.

However, let’s take a quick look at SharePoint online (and I do mean quick). Using the MOP you can manage all Site Collections, Infopath Forms, Web Services and User Profiles. To give you a taste of what’s currently possible with SharePoint Online, it’s worth mentioning that, using the Sharepoint Online Administration Center, you can create a SharePoint Site which can be shared with all users in the organization. In addition, SharePoint Online can be integrated with Office 2010 on your desktop, but it is also integrated with Office Web Apps by default. In fact, SharePoint Online is used when storing documents created using Office Web Apps.

However, rather than dig deep into Sharepoint Online here (as it’s not a small topic), I’ll be guiding you through it in a future article. Indeed, since the Office Web Apps are tightly integrated into SharePoint Online, I’ll most likely be covering that in the same future article.

Conclusion

As you can see, there are several options available to manage your Office 365 environment. You can manage Office 365 manually using the Microsoft Online Portal (MOP), which is fine if you don’t have too many users. At the point when you need to add a large number of users in one step, you can use the CSV import. When you’re going through this process, a CSV file containing all the appropriate data can be created on-premise, potentially exported from existing Active Directory records or an HR application, for example.

When it comes to the individual components of Office 365, the management options are a bit more varied. While the suite as a whole has had a lot of great work put into manageability, when it comes to Exchange in particular you have a lot of options: you can either use the Exchange Control Panel (ECP), or the real diehard administrators can use the Remote Powershell features.

On the other hand, SharePoint Online and Lync Online are only manageable via the MOP, but at the same time, there isn’t too much to configure in these products, so that’s actually not such a bit deal.

In two future articles I will explain the rich coexistence options which are possible between an on-premise environment and Office 365, and I will tell you all about Sharepoint Online. These will be posted after the summer holiday in August 2011.

Jaap Wesselius

Author profile:

Jaap Wesselius is an independent consultant from The Netherlands focusing on (Microsoft) Business Productivity solutions. Prior to becoming an independent consultant, Jaap worked for 8 years for Microsoft Services in The Netherlands, specializing in Exchange Server. Jaap has a Bsc in Applied Physics & Computer Science, is an MCSE, MCITP and MCT, and has consistently been awarded the Microsoft MVP Award (Exchange Server, fifth year now) for his contributions to the Dutch Exchange community. For his Dutch blog posts, you can visit www.exchangelabs.nl. Besides Exchange Server, Jaap is also very active in virtualization and is a founder of the Dutch Hyper-V Community. If you'd like to get in touch, you can reach Jaap via email at Simple-Talk@jaapwesselius.nl, or on twitter as @jaapwess.

Search for other articles by Jaap Wesselius

Rate this article:   Avg rating: from a total of 23 votes.


Poor

OK

Good

Great

Must read
Have Your Say
Do you have an opinion on this article? Then add your comment below:
You must be logged in to post to this forum

Click here to log in.


Subject: Another Management Tool
Posted by: OrenChapo (view profile)
Posted on: Monday, May 13, 2013 at 4:38 PM
Message: Another 3rd-party tool, mostly focused on Exchange recipients management (Office 365 and on-premise) is U-BTech's Exchange Tasks 365:

http://www.u-btech.com/products/exchange-tasks-365.html



Subject: 3rd party solutions
Posted by: viktor_f (view profile)
Posted on: Friday, April 11, 2014 at 2:12 AM
Message: Thank you for the great topic! I would also suggest some 3rd party tools like:
1) Softerra Adaxes 2014.1. http://www.adaxes.com/info_whats-new.htm
2) Message Ops Office 365 Password Synchronization Tool http://www.messageops.com/software/office-365-tools-and-utilities/office-365-password-synchronization

 

Top Rated

PowerShell One-Liners: Variables, Parameters, Properties, and Objects
 PowerShell isn't a conventional language, though it draws inspiration widely. Many people learn it, and... Read more...

Migrating to Microsoft BPOS - Part II
 In his last article, Johan gave us a crystal clear guide to preparing to migrate from an on-premises... Read more...

Emulating the Exchange 2003 RUS for Out-of-Band Mailbox Provisioning in Exchange 2007
 Exchange's Recipient Update Service was important in Exchange 2000 or 2003 in order to complete the... Read more...

The Postmasters
 The Exchange Team introduces themselves, and keeps you up-to-date Read more...

For this Exchange Server Archiver, “Transparency” Fits
 Sometimes, it is a great relief when a user of your software gives it a tough test and then reports... Read more...

Most Viewed

Upgrade Exchange 2003 to Exchange 2010
  In this article, the first of two in which Jaap describes how to move from Exchange Server 2003... Read more...

Upgrade Exchange 2003 to Exchange 2010 - Part II
 In Jaap's second article on upgrading straight from Exchange Server 2003 to 2010, he explains how to... Read more...

Goodbye Exchange ExMerge, Hello Export-Mailbox
 ExMerge was a great way of exporting a mailbox to an Exchange PST file, or for removing all occurences... Read more...

Exchange E-mail Addresses and the Outlook Address Cache
 Because Exchange auto-complete cache uses X.500 addresses for e-mail sent to addresses within the... Read more...

Using Exchange 2007 for Resource Booking
 The process of booking various resources to go with a meeting room just got a whole lot easier with... Read more...

Why Join

Over 400,000 Microsoft professionals subscribe to the Simple-Talk technical journal. Join today, it's fast, simple, free and secure.