Office 365 migration – design your local network to improve performance

Optimizing Office 365 network performance comes down to removing unnecessary impediments.

User data and processing in Office 365 is distributed between many Microsoft datacenters. There is no single network endpoint to which client machines can connect. Services are dynamically optimized by the Microsoft Global Network to adapt to the geographic locations from which they are accessed by end users.

Shortening the network path to Office 365 entry points by allowing client traffic to egress as close as possible to their geographic location can improve connectivity performance and the end user experience in Office 365. By treating Office 365 connections as trusted traffic, you can prevent latency from being introduced by packet inspection and competition for proxy bandwidth. Allowing local connections between client machines and Office 365 endpoints enables traffic to be dynamically routed through the Microsoft Global Network.

The optimum connectivity model is to always provide network egress at the user’s location, regardless of whether this is on the corporate network or remote locations such as home, hotels, coffee shops and airports. Generic Internet traffic and WAN based corporate network traffic would be separately routed and not use the local direct egress model. This local direct egress model is represented by Microsoft in the diagram above.

Office 365: 10 hands on tips for a successful migration

These are my top 10 tips and learnings made by leading Office 365 migration projects:

1. Plan your User Identities

Identities are everything in Office 365. Spend more time on planning the identities than on any other service. While for SharePoint/Exchange/Skype/etc. you will be able to do some changes during the migration, if you need to change something for the identities or authentication it can become a nightmare as it affects everything in Office 365.

e.g. you cannot change the sourceAnchor attribute (it is immutable during the lifetime of an object)

2. Use idFix to fix your Active Directory before uploading the users to the cloud.

IdFix is used to perform discovery and remediation of identity objects and their attributes in an on-premises Active Directory environment in preparation for migration to Azure Active Directory.

https://www.microsoft.com/en-us/download/details.aspx?id=36832

3. Create a proof of concept (Poc)

Test the complete migration procedure in a lab or test environment. You will be able to use the environment also for additional testing or issues that might encounter post migration.

4. Evaluate 3rd party tools and ask for trial licenses

Sometimes the Microsoft tools are not enough and you need to go for third party tools. Contact the sales persons and ask for a demo. Many times the sales persons are also the ones that can give you a free trial to evaluate the tool in your test environment.

5. Create a migration runbook for sysadmins

IT administrators from other locations should be able to perform a complete migration by following the steps in the runbook. It doesn’t need to have a specific format, but it needs to be very well documented so every newbie would be able to follow it.

6. Migrate some test users and the IT administrators first

Do not start the velocity migration before getting the confirmation from the local departments that all processes and tools work as expected.

7. Office 365 throttling

Office 365 uses various throttling mechanisms to help ensure security and service availability. You might fight out during the migration that data is being transferred to the cloud at a low speed, and not because of your local network. There are various methods to overcome those throttling policies (e.g. for Exchange you can ask Microsoft support to „relax” the throttling for your tenant during the migration).

8. Change Management

Take care of your users. Communicate all change to users and train them before the migration itself. Remember that a successful project is being measured through happy users.

9. Have a disaster recovery and backup plan

Mistakes can happen. But if they happen, you need to solve them fast.

10. Use the FasTrack Center Benefits

If you have 500 or more Office 365 licenses per tenant, you qualify for the FastTrack center migration services. Do not hope that FastTrack will do the migration for you 😊

Their benefits are described here: https://docs.microsoft.com/en-us/fasttrack/fasttrack-benefit-for-office-365

Configure folder redirection to OneDrive. Sync your Desktop, Documents and Favorites folders to the cloud.

In a recent customer project, we have redirected the user’s personal Desktop, Documents and Favorites folders to the cloud using OneDrive. Users can get to their files from anywhere and the files are safe in OneDrive if anything happens to the devices.

Configure folder redirection in 3 steps

  1. Prevent users from changing the location of their OneDrive folder
  2. Create an environment variable for the OneDrive folder
  3. Configure redirection of Documents, Desktop & Favorites folders to OneDrive
1        Prevent users from changing the location of their OneDrive folder

We will configure a group policy to make sure users sync their OneDrive to the default location and do not change the location of their OneDrive folder.

The group policy is located under:

User Configuration\Policies\Administrative Templates\OneDrive\Prevent users from changing the location of their OneDrive folder

odb1

2        Create an environment variable for the OneDrive folder

Group Policy won’t let us redirect known folders directly to a different location under %userprofile%, so we need to create a new environment variable that contains the location of the folder under %userprofile%.

We’ll use item-level targeting in this environment variable to prevent folders from being redirected until the folder has been created by the sync client.

Under “User Configuration\Preferences\Windows Settings” create a new Environment variable called “OneDriveSync” and set the value to “%userprofile%\”.

e.g. %userprofile%\OneDrive – ranari

In the common tab check the box “Item-level targeting” and define a new item that matches the folder you have defined before “%userprofile%\”.

3        Configure redirection of Documents, Desktop & Favorites folders to OneDrive

Under “User Configuration\Policies\Windows Settings\Folder Redirection”, go to Properties and enable the setting “Basic – Redirect everyone’s folder to the same location” and set the Target folder location to “Redirect to the following location”. For the Root Path type in “%OneDriveSync%\Documents”.

On the Settings tab, clear the “Move the contents of Documents to the new location” check box.

Important:

Leaving this setting enabled could result in data loss when the contents of the Documents folder is merged with the OneDrive folder, if there are files with the same name in both locations.

Configure group policies similarly to redirect the Desktop or Favorites area.

Important Considerations

Note that it is not supported to have existing content automatically migrated by Group Policy to the OneDrive folder. With automatic file migration, there is a potential for data loss in cases where there are files in both locations that have matching file names.

Once the redirect to OneDrive is in place, we’ll need to migrate the user’s data from the original location on their local disk to the OneDrive folder.

Keep in mind that as new users and computers come online over time, users may still save files to their Documents folder before they configure the OneDrive sync client, and these files would then need to be moved to the OneDrive folder after the redirect takes place.

User Experience

After everything is set up, here is how the user experience will look like:

  1. The user logs in to Windows and gets the OneDrive set up page. odb10
  2. He types in his e-mail address first.lastname@ranari.com and clicks Sign in.
  1. If a new login window appears, types in the credentials again and clicks ok. (after adding the sites through GPO in the IE zones this step might not be necessary)
  1. Go through the Wizard without changing any settings, click Next every time.
  2. The Folder Redirection will be configured automatically on the next reboot.
  3. All the existing files need to be manually copied to the new locations. Or they can be copied via script, which I will cover in a separate article.odb12

Office 365 admin roles

 

I see confusion when it comes to Office 365 administrator roles. Let’s make things clear!

There are following types of admin roles for Office 365:

Administrator type Functions
global can do and has access to everything
billing makes purchases, manages subscriptions, manages support tickets, and monitors service health
password can only reset user passwords
user management resets passwords, monitors service health, adds and deletes user accounts, manages service requests
service used to open support tickets with Microsoft; has view only permissions
Exchange/Skype for Business/SharePoint/Power BI service manages the respective service

Admin roles can be assigned to users from the Office 365 portal or via PowerShell.

In the Office 365 portal

  1. Switch to the admin center.
  2. Select users > Active users.
  3. Click Add a user (for new users) or Edit a user (for existing users) > Roles.
  4. Select the desired admin roles.

This is a screenshot when adding a new user:

adduser

Using PowerShell

Add-MsolRoleMember -RoleMemberEmailAddress  <String> -RoleName <String>

Example:

Add-MsolRoleMember -RoleMemberEmailAddress  “john.doe@itconsultpro.com” -RoleName “SharePoint Service Administrator”

 

To get the list of all values for the RoleName parameter, use the Get-MsolRole cmdlet.

Add a filter on the results to retrieve only the administrator roles:

Get-MsolRole | Where-Object {$_.Name -like ‘*administrator*’}