speckytecky (4th June 2013)
Over the summer I have to implement Office 365 to replace our VLE & exchange email system that is being scrapped by the LEA. I was just wondering if anyone has already taken the plunge doing this at their school and if there are any pitfulls I need to be aware of. I have spoken to lots of companies about integrating this at our school and all want massive amounts of money which baffles me when it is free (A2 plan for education) see link: Compare Office 365 Education plans - Office.com
I can understand costs for supporting the product and for training of staff etc but I have been quoted in excess of £9500 to implement. We are a secondary school of around 530 pupils / 70 staff. Is this something I can undertake on my own without too much fuss??
Any ideas/feedback would be gratefully received.
Office 365 for Exchange is absolutely fine and your users will need little training on this. I ended up creating a few basic PDFs and users are using e-mail to a good level and Calendar sharing is extremely popular.
Unfortunately however (in my opinion) SharePoint/SkyDrive in Office 365 is just pants frankly. I've had numerous competent teachers look at it and it's overly complicated and little can be done to simplify the interface or options available. There are little resources online with regards to SharePoint online. Hopefully this'll change in future
I have already taken the plunge and implemented the Office 365 with A2 plan. Everything is set and in place and I plan on having a staged rollout over the next half term to iron out any bugs.
I personally didn't use any third party companies so it was all free Any help I needed I managed to get on eduGeek.
Your requirements depend on if you want to implement single sign-on. If you do then you are going to need at least one dedicated server (recommended 2 but not required in the first instance) that will run IIS and ADFS to link your local AD accounts with the online Azure directory system. This also requires obtaining an SSL certificate for the server and having an external URL which can resolve to your internal host (such as adfs.school.sch.uk)
Also, get comfortable with some Powershell if you aren't already. Some features can ONLY be set and adjusted via the shell, especially when working with users in bulk.
I have documented most of my setup so let me know if you want some more info.
It's very quick to get signed up, and you can be piloting with a few users in just a few hours. The advanced options like directory synchronisation and federated authentication can be added later if needed but trying to implement them up front can introduce unnecessary delays and complexity if all you want to do is get your hands on the service!
Microsoft partners provide great solutions to help you get on-board but it really depends on your requirements. For example, if you just want a basic email solution you can probably do this yourself in no time. If, on the other hand, you want a fully customised SharePoint Online solution then it might be worth engaging a partner to help.
Keep it simple, stupid!
Hi Mightymrp, thanks for the info, it would be really helpful to have an idea of how you set it all up and any info you could provide me would be gratefully appreciated. I already have a virtual server environment so adding 1/2 extra servers shouldn't be a problem as I would ideally like single sign on. I have spoken to lots of 3rd party companies but just not prepared / and do not have the funding to spend in excess of £9K.
Powershell is something I may need to swat up on! I'm going to get the trial setup this week and then go for A2 education plan. Is it possible to get this all setup and working within about 8 weeks?
To do a bit of ground work though, I would get a request sent for an SSL certificate now (unless you have one already?).
First off, you are going to need to decide on a URL which will be used for the ADFS pass-through. I went with https://adfs.schoolname.lea.sch.uk
You will need this to point to an IIS (or apache) web server on site which is accessible from the web. Depending on if you have full control over your internet connection or go via your LEA you may need to get ports opened up through the firewall.
To get a FREE SSL certificate, I used IPsca (SSL Certificate Authority low-cost, fully-validated 38$ SSL and 276$ Wildcard Certificates). They do a 2 year cert for Education for free When requesting your cert, I recommend asking for a Wildcard certificate (with a URL of *.school.lea.sch.uk), this way you can use the same certificate on any other webservers you have (I have used it on our VLE - Frog). All you need to be aware of is that you will need an email address creating first which matches either firstname.lastname@example.org or email@example.com Otherwise you won't be able to do the 'verify you are a school' gibberish when they email you.
To clarify the above a little:
1) Sign up to O365
2) Decide on your email format i.e. what the domain will look like @blahdeblah.uk
3) Create a webmaster account that you can access
4) Request an SSL wildcard certificate for *.blahdeblah.uk
5) Go through the verifying process until you receive the cert via email (takes 2 days max)
I will create some literature with more info for you
I already have most of the documentation that you require in order to get ADFS Setup:
Setup AD Federation Services with Office 365 | James Evans – EduTech's Blog
You will also need to configure Directory Sync:
- Enable Directory Sync within Office 365 (Login to Portal, Users & Groups, Activate Directory Sync)
- Download Software from Portal, Install Dirsync Software on to a Server
- Run Configuration Wizard (Office 365 Account & OnPremise AD Account Required)
- Run Sync
---- Wait for Sync to Occur, and it will happen every 3 hours (you can force it though) -----
Note: Dirsync can take up to 24 hours to activate, you won't be able to configure dirsync until this feature is activated.
Hope that helps,
That saves me a job lol Just looked at it and it's pretty much what I did
Depending on the complexity of your on premise exchange environment, going with an implementer can make a lot of sense. Especially if you are going the ADFS route. There are plenty of gotchas along the way. I would choose whatever route you think will be the easiest to maintain in the long run. Make the decision now on whether to federate and then you won't have to clean it up later. We were assisted by an implementer, however our environment was quite a bit larger than yours (20K students, 2500 staff). Your quoted price seems a little high, but fairly in line with what I would expect.
Does this new DirSync with Password Sync negate the need for ADFS? Will users just be able to go to Outlook and sign in?
it seems like ADFS is still necessary for SSO because there is no token sharing according to what I've read? However, would this eliminate my adfs servers from being the single point of failure (if adfs servers go down, users can still login)?
If you want users to not be presented with any login box etc. and have a seamless experience then this will require the AD FS Service due to the token pass-through etc.
Dirsync/PassSync - This will effectively sync the users UPN/Password to Office 365 allowing them to manage 1 set of credentials but it won't be a seamless login experience the users may be asked for username/password and likewise will have to use FULL UPN and not the Domain\Username method.
Yes, You will be promoted with a Login Prompt (usual Microsoft one) and the credentials they use for AD will be accepted as they will be in Sync. (obviously depending on how often it sync's will tell you how up to date it will be ;-))
If so that sounds nice and dandy and means we don't have to shell out for a 3rd party application to hold the AD passwords in case our network connection drops and users at home want to access their mail still
There are currently 1 users browsing this thread. (0 members and 1 guests)