1

PLANNING A
M I G R AT I O N T O
 2

DOUG
HEMMINGER
Based out of Chicago
SharePoint and Office 365 Solution
Architect and Evangelist for SPR
Consulting

Email: doug@doughemminger.com
Twitter: @DougHemminger
Blog: www.sharepointdoug.com
3

P R O J E C T D E S C R I P T I O N

| Select your licensing model

SETUP YOUR | Designate your tenant name
PRODUCTION OFFICE | Setup custom domains

365 TENANT
4

SELECT YOUR
LICENSING MODEL
 5

DESIGNATE YOUR
TENANT NAME
| Designate an onmicrosoft.com domain:
”tenantname.onmicrosoft.com” where “tenantname” is
your tenant name that you create.
| Tenant name must be unique across all organizations.
| Your tenant name is used in SharePoint online
(“tenantname.sharepoint.com”) and One Drive for
Business (“tenantname-my.sharepoint.com”)
| Tenant name cannot be change after it is initially setup
 6

SETUP CUSTOM DOMAINS

| Verify that you own the domain by setting up a TXT or MX

record
| Change your domain’s name servers to Office 365 (or
setup service endpoints manually)
| Can have up to 900 domains
7

P R O J E C T D E S C R I P T I O N

| Evaluate features and decide which ones will be

EVALUATE FEATURES enabled
| Establish roles and responsibilities for
administration and data ownership
 8

EVALUATE FEATURES

Mail Productivity Collaboration Content Messaging

Outlook Word SharePoint OneDrive Skype
Exchange Excel Delve Video
PowerPoint Teams
OneNote Yammer
Access
Flow
PowerApps
Planner
Sway
 9

EVALUATE FEATURES

| Some features can be controlled through

licensing (Teams, Sway, SharePoint
Exchange, etc.)
| Other features are controlled through
PowerShell and settings (Groups, Sites etc.)
10

ESTABLISH ADMINISTRATIVE
RESPONSIBILITIES

Global Administrator

Billing User Password Service SharePoint Power BI Skype Exchang

Admin Admin Admin Admin Admin Admin Admin e Admin

Site Site Site

Collection Collection Collection
Admin Admin Admin
11

P R O J E C T D E S C R I P T I O N

| Simplify and protect access

SETUP INFORMATION | Allow collaboration and prevent leaks
PROTECTION | Stop external threats
| Secure admin access
| Consider Retention Policies
 12

SIM PLIFY AND PROTECT

ACCESS
| Disable identities in Azure Active Directory that are not active
| Enable self-service password reset in Azure Active Directory
| Use Intune to protect data on mobile devices, desktop computers, and in applications
| Configure Multi-Factor Authentication (MFA)
 13

SIM PLIFY AND PROTECT

ACCESS
| Configure Multi-Factor Authentication (MFA)
| Recommend enabling for highly privileged accounts
(e.g., Global Admins) at a minimum
 14

ALLOW COLLABORATION AND

PREVENT LEAKS
| Configure permissions for
SharePoint and OneDrive for
Business libraries and documents
| Configure external sharing policies
to support your collaboration and file
protection objectives
 15

ALLOW COLLABORATION AND

PREVENT LEAKS
| Configure device access policies for SharePoint Online and OneDrive for Business
| Configure Data Loss Prevention (DLP)
| Use labels to implement classification-based retention and protection
| Office 365 Labels
| Azure Information Protection
 16

CONSIDER RETENTION
POLICIES
| Comply proactively with industry regulations and
internal policies
| Reduce your risk in the event of litigation or a
security breach
| Help your organization to share knowledge
effectively and be more agile
17

CONSIDER RETENTION
POLICIES
| Apply a single policy to the entire organization or
just specific locations or users.
| Apply a policy to all content or just content
meeting certain conditions, such as content
containing specific keywords or specific types of
sensitive information.
 18

STOP EXTERNAL THREATS

| Add Exchange Online Advanced Threat Protection for your organization

| Use Office 365 Advanced Security Management
 19

STAY COM PLIANT

| Conduct eDiscovery in Office 365

| Audit user and administrator actions in Office 365 for compliance
| Apply security restrictions in Exchange Online to protect messages
 20

SECURE ADMIN ACCESS

| Secure privileged access

| Separate duties of administrators by role — SharePoint Online, Exchange Online, and Skype for
Business Online
| Review the Office 365 administrator audit logs
21

P R O J E C T D E S C R I P T I O N

| Secure sufficient internet capacity for each office

VALIDATE NETWORK building or location
INFRASTRUCTURE | Consider the acquisition of redundant network
links for high priority office locations
22

VALIDATE NETWORK
INFRASTRUCTURE
Office 365 is a secure, reliable, high performance service that runs over the public internet. Microsoft
continues to invest to enhance these aspects of the service. All Office 365 services are available via
internet connectivity.
 23

VALIDATE NETWORK
INFRASTRUCTURE
| Ensure proxy and firewall devices are sized to handle the additional traffic.
| If your outbound proxies require user authentication you may experience slow connectivity or a loss
of functionality.
| If you're filtering outbound connections from computers on your network, bypassing this filtering to
the Office 365 domains will improve connectivity and performance.
 24

ESTIM ATE NETWORK

BANDWITH REQUIREMENTS
| Assess the number of clients that will use each internet egress.
| Determine which Office 365 services and features will be available for clients to use.
| Use the calculators and network tools to get a rough estimate for Exchange Online and Skype for
Business bandwidth needs.
| Measure the network utilization for a pilot group of clients.
| Use the measurements from the pilot group to extrapolate the entire organization's needs and re-test
to validate the estimations before making any changes to your network.
25

P R O J E C T D E S C R I P T I O N

| Ensure Active Directory is accurate and up to

IMPLEMENT IDENTITY date (OUs are organized, profile data is
MANAGEMENT complete, etc.)
| Consider identity management options and
configure
 26

ENSURE ACTIVE DIRECTORY

IS ACCURATE
| Active Directory user data is synced to Office 365 using Azure Active Directory Connect and appears
in profiles
| Profiles are only as good as the data replicated from Active Directory
| Manager field is used to build organization hierarchy
27

CLOUD IDENTITY

Sign On

User

Authentication

Azure Active Directory

 28

SYNCHRONIZED IDENTITY

Sign On

User

Authentication

Azure Active Directory Connect

Password Hashes

User Accounts

On Premises Directory Azure Active Directory

 29

FEDERATED IDENTITY

Sign On

User

User Accounts
AD FS

Azure Active Directory Connect

Password Hashes (Backup)

User Accounts

On Premises Directory Azure Active Directory

 30

PASS - THROUGH IDENTITY ( PREVIEW)

Sign On

User

User Accounts
Authentication

Azure Active Directory Connect

User Accounts

On Premises Directory Azure Active Directory

31

P R O J E C T D E S C R I P T I O N

| Microsoft Fasttrack
CONSIDER | Third Party tools
ADDITIONAL TOOLS
 32

MICROSOFT FASTTRACK

| FastTrack is a Microsoft program that provides a set of best practices, tools, resources, and experts
to help transition to the cloud.
| Customers who purchase 50 licenses or more of an eligible plan receive onboarding and adoption
assistance
| Customers with more than 150 licenses may also take advantage of data migration assistance as
needed
33

EVALUATE THIRD
PARTY TOOLS

C O N T E N T M I G R AT I O N
Sharegate, Metalogix, AvePoint

A C T I V E D I R E C TO RY & S S O
AD FS, One login, Okta, Hyperfish

I N V E N TO RY / M A I N T E N A N C E
SPDockit, Metalogix, ShareGate, AvePoint

BUSINESS PROCESS & TRAINING

Nintex, K2, Visual SP
34

P R O J E C T D E S C R I P T I O N

DEVELOP A ROADMAP
 35

DEVELOP A ROADMAP

| Moving email to the cloud

| Moving files to the cloud
| Collaborating in the cloud
| SharePoint
| Teams
| Groups
| Communicating in the cloud
| Skype for Business
36

OFFICE 365 ROADMAP

TIMELINE
Pre-Migration Month 1 Month 1-3 Month 3-5 Month 5-beyond

| Setup tenant Assign admin | Implement DLP

| Validate Network responsibilities | Establish Retention
Foundation

infrastructure Policies
| Implement Identity
Management
Dept A Dept B Dept D Dept F
Training

Dept C Dept E Dept G

O365

Dept H
Dept A Dept B Dept F
Business Team Sites Migration

Dept C Dept G
Dept D Dept H
Skype 4 SharePoint Email

Dept E
Dept A Dept B Dept D Dept F
Dept C Dept E Dept G
Dept H

Dept A Dept D Dept F

Dept B Dept E Dept G
Dept C Dept H
Dept A Dept B Dept D Dept F
Teams

Dept C Dept E Dept G

Dept H
37

To carry out

DELIVER
BEYOND above and over

THE BUILD

the end result as promised