As you start to use Office 365 more extensively, it becomes crucial that you understand all of the options for managing your new cloud-based infrastructure. Jaap Wesselius has done the research, and explains all.
In my previous articles I explained a bit about Exchange and Lync in Office 365. However, I didn’t cover managing the Office 365 environment, so this might be a good opportunity to explain a bit more about that. In Office 365, you can manage your whole environment using the Web Portal. When it comes to Exchange Online, you also have the Remote Powershell and the Exchange Control Panel as management options, whichever you’re most comfortable with. I’ve been trying out all three, so I’ll take you on a quick guided tour to help you find your feet.
Microsoft Online Portal (MOP)
When you subscribe to the Office 365 service, you’ll get an administrator account that can be used to manage the Office 365 environment. This is initially done through the Microsoft Online Portal (MOP), which can be accessed via the URL https://portal.microsoftonline.com.
Make absolutely sure that you do not delete the assigned administrator account, as this is the only account that can fully manage your Office 365. Even if you’ve assigned administrative roles to other users, these won’t be the same!
The online portal, which is pretty much self-explanatory, is the first management tool you’ll see in Office 365. I’ve previously explained how to create new domains, new users, and manage your subscriptions, and you can read all about that in an earlier article on Simple-Talk.
Unsurprisingly, in the Microsoft Online Portal you can manage the various components in Office 365, i.e. Exchange Online, Lync Online, Sharepoint Online, and the Office Web Apps - depending on your subscription, of course. In fact, in the MOP there’s also the option to manage your Office 365 subscriptions (or plans), via the Subscriptions area of the portal, as can be seen on the left of Figure 1. Just as a quick guide, in case you’ve not delved into the Office 365 subscriptions options yet, there are basically three plans available:
- P-Plan – this plan is targeted towards individual professionals and small businesses. It only contains the most basic online software, like Exchange online, Sharepoint Online and Lync Online. Other limitations include a lack of 24x7 support, the fact that the plan is limited to 25 users, and that your DNS needs to be transferred to Microsoft. However, because it is a relatively small offering, the price is also fairly low: US$6 per user per month;
- E-plan – this plan is targeted towards midsize businesses and enterprises. In fact, various E-plans are available, ranging from basic services to the full package. Pricing ranges from US$10 per user per month (for E1) to US$27 per user per month (for E4, which is the complete package);
- K-plan – finally, this is a Kiosk plan, also part of the midsize and enterprise offering, specifically targeting “deskless” workers or employees who use shared PCs. As a result, Kiosk plans only offer web-based access to the Exchange mailbox and Sharepoint environment. Prices are US$4 per user per month (for K1, the basic Kiosk plan) and US$10 per user per months (for K2, which includes access to Office Web Apps).
Naturally, more information can be found on the Microsoft website.
Given that it’s aimed at bigger, perhaps more demanding organizations, part of the E-plan is 24x7 support. While it is possible to find all kinds of online resources using the MOP, it is also possible to submit Service Requests (SR), which you can use to report an incident to the 24x7 Microsoft Office 365 Support Department, who will handle the request.
Since the datacenters are operated by Microsoft there’s no real need to actively monitor the platform. Depending on your preferences and requirements, this might even be one of the big draws to migrating some or all of infrastructure into the Cloud. However, you do want to know whether all services are available and functioning normally, and it is possible to check the platform’s Service Health via the MOP, and get an overview of all services within Office 365 (see figure 2, below).
In fact, while we’re on the topic of uptime and service health, it’s worth noting that planned maintenance is announced via the MOP, which also gives you access to a maintenance history. For example, looking at figure 3, we can see that maintenance is planned for Lync Online on July 30 2011 at 1 a.m. PST:
The first user that is created during provisioning of the new Office 365 organization is automatically the administrator account. This “super user” can manage the entire organization in Office 365. However, to spread out the burden of responsibility, it is possible to assign specific administrator permissions to users, enforced by the use of these roles:
- Billing administrator – responsible for purchases, subscriptions, support tickets and monitoring service health;
- Global administrator – top level administrator who can manage the entire organization. Please note that the permissions are the same as the initial administrator created during provisioning, except that the initial admin is the initial point of contact from a Microsoft perspective;
- Password administrator – resets passwords, can manage service requests and can monitor the service health;
- Service administrator – can manage the service requests and can monitor the service health;
- User Management administrator – can create new users (but cannot assign administrative roles), manage user accounts, reset passwords and create service requests.
As you can see, there’s a certain amount of overlap within these roles, such that you can created a clearly defined permission hierarchy within your organization, should it be necessary. These administrative roles can be assigned during the provisioning of a new user, or assigned to existing users using the MOP:
Exchange Control Panel
For managing mailboxes in Office 365, you can use the Exchange Control Panel (ECP), which is basically the same as in an on-premises Exchange implementation. However, there are actually a few interesting features available through the Office 365 ECP which are not available in the on-premise version of Exchange Server 2010. For example, you can create new users via the Office 365 ECP, which is not possible in an on-premise version of Exchange Server 2010.
You can access the ECP via the MOP by looking under the Management heading, and selecting the user > More options. When you then click on Change Mailbox Settings, you are automatically redirected to the ECP. It is also possible to switch directly to the ECP via the Outlook Web App (OWA): when you’re logged on to the administrator’s mailbox, you can select Options in the upper right corner of the screen, and then select See All Options (see figure 5).
In the Options page (which is identical for all users) there’s another option regarding what to manage, which dynamically reflects your permissions. For example, when you’re the organization administrator, it is possible to select Manage My Organization (See figure 6).
The fun part here is that you can create new users accounts using the ECP – an action which is (unfortunately) not possible with on-premise Exchange 2010. Another unique feature in the Office 365 ECP is the E-mail migration wizard, which enables you to migrate existing mailboxes from Exchange 2003 or Exchange 2007 to Office 365. The Outlook Anywhere (also referred to as RCP/HTTPS) protocol is used for this, but there’s also an IMAP4 option for migrating mailbox data.
Finally, just like with an on-premise Exchange Server 2010 implementation, you can use Powershell to manage the mailboxes in Office 365. However, since Office 365 is hosted in Microsoft’s datacenters, the remote version of Powershell needs to be used.
This means that you have to open Powershell locally, create a new session with all the remote parameters, and then create the connection with this session. Since the Office 365 credentials are needed, we have to first store these in a variable, which is then used in the command to setup the session.
However, the first step is to open the Execution Policy on your workstation. By default it doesn’t let you run any remote scripts, so it has to be enabled using the Set-ExecutionPolicy cmdlet:
Bear in mind that this only has to be done once on any given workstation, and then the Powershell session can be setup:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange
-ConnectionUri https://ps.outlook.com/powershell -Credential $Cred
Compare this to my blog post on Remote Powershell in an on-premise environment, and you’ll see that there’s no real difference!
Now that we have a remote Exchange Management Shell available, we can use Exchange cmdlets to manage the Exchange 365 environment. Any Powershell you’ve used to manage your local Exchange 2010 environment can be brought to bear in your Office 365 setup, so I won’t dwell upon the fine details. Finally, once you've done everything you need to, you can end the remote Powershell session by entering the following command:
Of course you can also just close the Powershell window, but this is a more elegant way, and you can be sure that the connection to the datacenter is really closed.
CSV Files and Bulk Management
Managing users using the MOP is possible as long as you don’t have too many users to manage. When you want to create a lot of users in Office 365, a better alternative would be to use a CSV file import. The CSV obviously needs to contain all the necessary information regarding the users, and users are created on-the-fly as the CSV file is being imported. To access the CSV import process, open the MOP and navigate to the Management > User > New User > Bulk add users option - this triggers the appropriate import wizard. There’s a strict format required for the CSV file, and on the first page of the wizard there’s an option to download a blank CSV file as a template. After filling in this blank file with the appropriate data, you can use the Browse button to upload the file from your local machine to the Office 365 environment.
Now that the file is imported, it’s just a matter of following the wizard which, when finished, will show an overview of the newly create users and their (automatically generated) passwords.
Management becomes more interesting when integrating Office 365 with an existing on-premise infrastructure, partly because it is possible to link an on-premise Active Directory with Office 365 to synchronize user accounts between both environments. This is a long term solution, and makes it possible to create a Rich Coexistence environment, which is just a new Microsoft term for integrating Office 365 with an on-premise environment. This means that when it comes to, for example, Exchange, there can be mailboxes both on-premise as well as in Office 365. In addition, since there’s a directory synchronization (or dirsync) solution, users in either environment can see the full Global Address List, meaning that a user with an Office 365 mailbox can still see users with on-premise mailboxes.
Directory Synchronization can best be combined with Single Sign-on to create a true Identity Management solution. If this is done, then users can logon to their desktop in the office using the on-premise Active Directory environment, and then smoothly access Office 365 resources without having to logon a second time. You can use Active Directory Federation Services (ADFS) to accomplish this but, since Directory Synchronization and ADFS are quite complex products, I will get back to this topic in a future article.
Managing Lync and SharePoint
So far, most of the topics I’ve included in this article are focused on Exchange Online and, quite frankly, I think Microsoft has done quite a good job here. On the other hand, when it comes to managing Lync Online and SharePoint Online, you can only use MOP. In fact, I explained Office 365 and Lync Online, including the management options available, in a previous article on Simple Talk, so I won’t retread that ground.
However, let’s take a quick look at SharePoint online (and I do mean quick). Using the MOP you can manage all Site Collections, Infopath Forms, Web Services and User Profiles. To give you a taste of what’s currently possible with SharePoint Online, it’s worth mentioning that, using the Sharepoint Online Administration Center, you can create a SharePoint Site which can be shared with all users in the organization. In addition, SharePoint Online can be integrated with Office 2010 on your desktop, but it is also integrated with Office Web Apps by default. In fact, SharePoint Online is used when storing documents created using Office Web Apps.
However, rather than dig deep into Sharepoint Online here (as it’s not a small topic), I’ll be guiding you through it in a future article. Indeed, since the Office Web Apps are tightly integrated into SharePoint Online, I’ll most likely be covering that in the same future article.
As you can see, there are several options available to manage your Office 365 environment. You can manage Office 365 manually using the Microsoft Online Portal (MOP), which is fine if you don’t have too many users. At the point when you need to add a large number of users in one step, you can use the CSV import. When you’re going through this process, a CSV file containing all the appropriate data can be created on-premise, potentially exported from existing Active Directory records or an HR application, for example.
When it comes to the individual components of Office 365, the management options are a bit more varied. While the suite as a whole has had a lot of great work put into manageability, when it comes to Exchange in particular you have a lot of options: you can either use the Exchange Control Panel (ECP), or the real diehard administrators can use the Remote Powershell features.
On the other hand, SharePoint Online and Lync Online are only manageable via the MOP, but at the same time, there isn’t too much to configure in these products, so that’s actually not such a bit deal.
In two future articles I will explain the rich coexistence options which are possible between an on-premise environment and Office 365, and I will tell you all about Sharepoint Online. These will be posted after the summer holiday in August 2011.