ranjbMemberApril 12, 2018 at 8:51 am #167500
We about to embark on an Office 365 rollout to the whole organisation and vastly improve our client estate. So I am looking for some suggestions on some challenges on how best we approach these. Apologises in advance for the technical list….
We have an existing tenant setup (****.onmicrosoft.com) in Azure but is based on our old organisation name. We want to create new tenant name to reflect the new organisation name. The name is yet to be decided.
We have a few existing E1 (used) / E3 (not used and recently purchased) under existing tenant and want to understand once new tenant is created, how we would transfer licensing to new tenant. We also have EMS and dynamics 365 licenses setup in existing tenant. We prepared to keep these services in existing tenant and run them simultaneously if that will be the simpler approach.
We currently use Azure AD Connect (formerly DirSync), this connects our on premise AD into Azure, it is setup with Filtering so only some OUs are sync to Azure. Our AD as it stands currently is setup with the old domain name.
Due to incoming requirement for Office 365, our strategy is to create a new AD domain in the same Active Directory forest as we are also doing a Windows 10 deployment so we see this as the perfect opportunity to start with a new domain. It will be two way Domain trust so all resources in existing domain can be trusted in new domain and vice versa. It is our hope we can then create a second on premise Azure AD connect server using filtering to the new AD Domain and we’ll then move users/computers from the old to the new domain once we port users across to Windows 10. Looking at the Topology best practise guidance I believe this is supported as long as the user only appears in one tenant. Would there be a better way to set this up? Our preference is not to create a new AD forest and new domain as the administration and management of this would be far greater.
We plan to use MFA on Office 365, however want to investigate the various avenue’s we can use as not all of our user base have a corporate phone so some will need to use personal phones for SMS or using an authenticator app. Does this need to be setup for all users or can it be switched off at the request of a user? On the back of this we want to investigate the possibility of users resetting their AD passwords through Office 365 so this task can be achieved anywhere on any device without the reliance of internal network. We currently have enabled password write back and password hash sync.
We currently have an ADFS 3.0 setup with Web Application proxy and plan to use this to achieve SSO on the internal network for Office 365.
We currently make use of the Application proxy feature in our existing tenant to make our internal SharePoint 2013 application available externally. Eventually we like to port over the configuration of this to the new tenant. Would this be possible? Going forward we probably want to make use of SharePoint online but are concerned about the considerations we need to take with regards to backup and recovery.
We aware of the security abilities built into Office 365 such as classifications, DLP, data governance, threat management, E discovery. Can these tools be setup after deployment. Is there any requirement to set these up at the start?
We currently use Intune and these are managed via EMS licenses in Office 365. The strategy is to move to using an alternative solution using Trend Micro mobile security solution and decommission Intune.
Finally our plan is to do a phased approach to Office 365, starting off with One Drive and Share point Online and slowly introduce the new technologies as we become more familiar and iron out any deployment issues.
As you can see I have lots of questions and having had a look and done some planning work I sort have an idea of what the options are but its always useful to get some other views on this hence my questions so appreciate any responses on all or some of the questions I have.
You must be logged in to reply to this topic.