2017-08-14 Discuss approaches to achieve O365 Exchange campus independence

Determine the feasibility of password hash solution for Exchange Online authentication. If feasible, what is the level of effort

• Can we use synchronized identity with Azure AD and AD connect on premise?
• Password write back with Azure AD Premium

• Currently, we use federated identity. Moving to Synchronized identity involves changing too many things. Joe feels that maturity is not there in terms of this solution.
• Password writeback to campus is currently happening.
• For authentication, the solution is to create passive instances of Domain controller, DirSync, ADFS Web, ADFS DB and ADAPPS in AWS. On
• This is an Active/passive solution with campus being the primary and will require manual DNS switch.
• Effort is minimal and only requirement is 5 VMs
• Priya to add above VMs to AWS migration timeline to go with SCCM and DC
• Scope does not include routing to health sciences
• After AWS environment with 5 above instances is provided, WSG effort is around 2 months.
• ETA Dec 2017

Determine level of effort for recommended/available routing options, if Exchange Online is the first recipient of email to campus

• Can we use Exchange online protection and Exchange routing?

• Project ongoing to move MTA to Linux
• This migration effort will continue and once finished, migrate to AWS
• Change the DNS from exchange.uci.edu to ucirvine.onmicrosoft.com
• Will adapt native filtering/anti-spam techniques offered by the service provider (could be in later phase)
• Can setup test domain for testing
• Effort is around 2 months from AWS environment availability
• ETA Dec 2017

• Covered in Topic 1

• N/A

• N/A

• Derek and David on the security migration project
• AWS environment availability is a pre-requisite
• Effort is around 2 months from AWS environment availability