+ Post New Thread
Page 1 of 5 12345 LastLast
Results 1 to 15 of 73
Cloud Services Thread, Office 365 Email Segregation in Technical; Hi All, We are currently looking at moving to Office 365 and one of the things we want to maintain ...
  1. #1

    Join Date
    Nov 2008
    Location
    Derby
    Posts
    7
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Office 365 Email Segregation

    Hi All,

    We are currently looking at moving to Office 365 and one of the things we want to maintain from our current setup with the council is the ability to stop students from email staff or seeing the staff address book.

    Is this possible in Office 365 and if so how?

    Thanks in advance

    John

  2. #2

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    Unless something massive has changed then no. we were on a hosted VLE providers Live@ and could see the addresses of every other user in every other school!

    We set up our own live@ for testing and could not segregate staff & students.

    We left students on Live, and setup exchange for staff.

    Even on exchange it seems virtually impossible to hide one set of users from another. I broke exchange lots and lots with adsiedit trying to disable address lists.

    Novell Groupwise was able to do it without any problems, shame we were forced to move off it.

    Rob

  3. #3


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Google apps? Hide users from the Google Apps Directory - Google Apps Help

    They are several years ahead of Office 365

    Code:
     gam user <username>|group <groupname>|ou <ouname>|all users profile shared|unshared

  4. #4
    nicholab's Avatar
    Join Date
    Nov 2006
    Location
    Birmingham
    Posts
    1,468
    Thank Post
    4
    Thanked 97 Times in 93 Posts
    Blog Entries
    1
    Rep Power
    50
    Sorry I never under stood this one surely it is good for students to comunicate with staff?

  5. #5
    ozydave's Avatar
    Join Date
    Jun 2007
    Posts
    246
    Thank Post
    70
    Thanked 34 Times in 23 Posts
    Rep Power
    31
    On 365 you can hide staff with a powershell command.
    Set-Mailbox -identity joblogs -HiddenFromAddressListsEnabled $true
    Last edited by ozydave; 11th October 2012 at 09:47 PM.

  6. #6


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by ozydave View Post
    On 365 you can hide staff with a powershell command.
    Set-Mailbox -identity joblogs -HiddenFromAddressListsEnabled $true
    can you do that with an OU or Group though?

    Quote Originally Posted by nicholab View Post
    Sorry I never under stood this one surely it is good for students to comunicate with staff?

    Agreed. It does require a change in culture for some old staff though

  7. #7
    ozydave's Avatar
    Join Date
    Jun 2007
    Posts
    246
    Thank Post
    70
    Thanked 34 Times in 23 Posts
    Rep Power
    31
    can you do that with an OU or Group though?

    You can add custom attributes to users. I have got each year intake as a custom attribute. Maybe a way round it.
    Or
    Just create a sub domain and point that at 365. Then use one for staff and one for students

  8. #8


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by ozydave View Post
    can you do that with an OU or Group though?

    You can add custom attributes to users. I have got each year intake as a custom attribute. Maybe a way round it.
    Or
    Just create a sub domain and point that at 365. Then use one for staff and one for students
    So can you run the Set-Mailbox script on all of the users? or would you have export a list from the subdomain or custom attribute and run on all users and then specify that the script runs on (staff) user creation?

  9. #9

    Join Date
    Nov 2008
    Location
    Derby
    Posts
    7
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by nicholab View Post
    Sorry I never under stood this one surely it is good for students to comunicate with staff?
    Completly agree with you on that one, we currently have to set them up a student email address as well as there staff email so the students can send them home work etc. It would be much easier with a single email address

    Quote Originally Posted by ozydave View Post
    On 365 you can hide staff with a powershell command.
    Set-Mailbox -identity joblogs -HiddenFromAddressListsEnabled $true
    I had read this, but doesn't that stop staff from seeing each other in the address book, also if the students work out the staff email address (Which isin't hard) then they can still email them

    Quote Originally Posted by ozydave View Post
    Just create a sub domain and point that at 365. Then use one for staff and one for students
    Is this possible in Office 365?

    Think i might have a chat with Microsoft and see what they have to say

  10. #10
    jamesbmarshall's Avatar
    Join Date
    Feb 2010
    Location
    Reading, UK
    Posts
    516
    Thank Post
    26
    Thanked 228 Times in 158 Posts
    Rep Power
    85
    Each Office 365 tenant has one GAL - if you add multiple domains to a tenant they'll all share the same GAL. It is possible to hide users from the GAL, but you cannot prevent users from seeing the GAL; so if you hide staff your students will see each other, and staff will still see the students.

    On the one hand, supporting custom address book policies in Exchange Online would be a great thing, and whenever I get feedback about this I always pass it on. On the other hand, there is the camp, as this thread has thrown up, which thinks that actually preventing users from appearing in the GAL serves little-to-no purpose but actually negatively impacts productivity (after all, if you use a consistent naming convention for your users, it doesn't much to work out a user's email address...).

  11. #11

    Join Date
    Nov 2008
    Location
    Derby
    Posts
    7
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by jamesbmarshall View Post
    Each Office 365 tenant has one GAL - if you add multiple domains to a tenant they'll all share the same GAL. It is possible to hide users from the GAL, but you cannot prevent users from seeing the GAL; so if you hide staff your students will see each other, and staff will still see the students.

    On the one hand, supporting custom address book policies in Exchange Online would be a great thing, and whenever I get feedback about this I always pass it on. On the other hand, there is the camp, as this thread has thrown up, which thinks that actually preventing users from appearing in the GAL serves little-to-no purpose but actually negatively impacts productivity (after all, if you use a consistent naming convention for your users, it doesn't much to work out a user's email address...).
    Thanks for this information, this was what i was thinking.

    If we were to setup 2 tenat's with either differnt domains or a sub-domain how would this affect single sign on? Staff would have their AD account tied to their Staff Email then if we configured a student email account for them, how would they be able to access this?

    Thanks in advance

    John

  12. #12
    nicholab's Avatar
    Join Date
    Nov 2006
    Location
    Birmingham
    Posts
    1,468
    Thank Post
    4
    Thanked 97 Times in 93 Posts
    Blog Entries
    1
    Rep Power
    50
    Personally I thing it might be time for this daft situation to stop and suggest that it would help with staff student to collaborate. What happens when a staff member e-mails a student they then have the staff members e-mail address. The 1st school I worked in we had a staff and student e-mail system it made life easier as you could contact a students easily. I would be making the case that the solution is not technically elegant and difficult to implement losing the benefits of the cloud they might buy that!
    Last edited by nicholab; 12th October 2012 at 12:21 PM.

  13. #13
    jamesbmarshall's Avatar
    Join Date
    Feb 2010
    Location
    Reading, UK
    Posts
    516
    Thank Post
    26
    Thanked 228 Times in 158 Posts
    Rep Power
    85
    Quote Originally Posted by jhithersay View Post
    If we were to setup 2 tenat's with either differnt domains or a sub-domain how would this affect single sign on? Staff would have their AD account tied to their Staff Email then if we configured a student email account for them, how would they be able to access this?
    There are lots of things to consider in this scenario - more than I can cover properly here unfortunately. If you're looking at this level of complexity (i.e. multiple tenants, single sign-on, different domains, etc.) then I'd really recommend you look into using a partner company to help you deploy if you don't feel you can pull it off on your own!

    There is lots of documentation available online, and I've tried to bring it all together under one roof to make it easier to find: Office 365 for education Deployment Resources - UK Education Cloud Blog - Site Home - MSDN Blogs

    Briefly, it is possible to have two tenants and staff and students split between the two but there are technical trade-offs in doing this. If it were me doing this in my school I'd try and tackle the cultural argument of whether or not there should be a shared GAL separately from the technology. You need to thoroughly evaluate how important a split GAL (and therefore, separate tenants) is vs. the ease of being able to share information, communicate and collaborate with services like Lync Online and SharePoint Online - both services that would be affected by your tenancy design.

    Hope that helps!

  14. Thanks to jamesbmarshall from:

    jhithersay (12th October 2012)

  15. #14


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by jamesbmarshall View Post

    Briefly, it is possible to have two tenants and staff and students split between the two but there are technical trade-offs in doing this. If it were me doing this in my school I'd try and tackle the cultural argument of whether or not there should be a shared GAL separately from the technology. You need to thoroughly evaluate how important a split GAL (and therefore, separate tenants) is vs. the ease of being able to share information, communicate and collaborate with services like Lync Online and SharePoint Online - both services that would be affected by your tenancy design.

    Hope that helps!
    Like I say - its a few years behind Google apps which lets you segregate OU's with ease, based on their Active Directory memberships.

  16. Thanks to CyberNerd from:

    jhithersay (12th October 2012)

  17. #15

    Join Date
    Nov 2008
    Location
    Derby
    Posts
    7
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by jamesbmarshall View Post
    There are lots of things to consider in this scenario - more than I can cover properly here unfortunately. If you're looking at this level of complexity (i.e. multiple tenants, single sign-on, different domains, etc.) then I'd really recommend you look into using a partner company to help you deploy if you don't feel you can pull it off on your own!

    There is lots of documentation available online, and I've tried to bring it all together under one roof to make it easier to find: Office 365 for education Deployment Resources - UK Education Cloud Blog - Site Home - MSDN Blogs

    Briefly, it is possible to have two tenants and staff and students split between the two but there are technical trade-offs in doing this. If it were me doing this in my school I'd try and tackle the cultural argument of whether or not there should be a shared GAL separately from the technology. You need to thoroughly evaluate how important a split GAL (and therefore, separate tenants) is vs. the ease of being able to share information, communicate and collaborate with services like Lync Online and SharePoint Online - both services that would be affected by your tenancy design.

    Hope that helps!
    I thought you would say something like this, i would prefer a single tenant for simplicity and i am going to fight the powers that be over the need for a split GAL but i thought i would ask the question to see if my thoughts were right.

    Thanks for your help and we do have a partner already, they have set us up on a trial so we can have a play

SHARE:
+ Post New Thread
Page 1 of 5 12345 LastLast

Similar Threads

  1. Replies: 26
    Last Post: 12th March 2014, 11:36 PM
  2. Office 365 email account for spiceworks helpdesk
    By scholes99 in forum Cloud Services
    Replies: 5
    Last Post: 13th June 2013, 10:26 AM
  3. Migrating staff email to office 365
    By tj2419 in forum Cloud Services
    Replies: 16
    Last Post: 6th October 2012, 03:25 AM
  4. Replies: 2
    Last Post: 31st May 2012, 01:27 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •