15 Microsoft Ignite sessions every Exchange admin should see (2017)

Thrive as an enterprise organization in Microsoft Exchange Online
If you could only watch one session then it should be this one. In this session, Jeff Kizner reveals a slew of announcements for Exchange Online. Announcements include; highly requested coexistence features for Exchange hybrid and, new advances in a tenant to tenant migrations. Jeff demonstrates a mailbox move between two Office 365 tenants using MRS and PowerShell.

• Mailbox Plans (4:06 mins)
  • Set-MailboxPlan can now assign a retention policy to a mailbox when the mailbox is provisioned.
  • Set-CASMailboxPlan (new cmdlet) can now configure whether ActiveSync, IMAP, and POP are enabled on a mailbox when it is provisioned in Office 365.
• Client Access Rules (6:52 mins)
  • Additional rule conditions for matching source IP, protocol, recipient filters, or, username
  • Great for only allowing certain protocols from certain locations (e.g. ActiveSync from satellite offices)
  • You can have up to 20 client access rules
  • Best practice to have an “Allow PowerShell” rule in priority 1 (don’t lock yourself out!)
• Creating a custom app for message classification (16:00 mins)
  • Jeff demonstrates a custom app that uses the Outlook On Send feature to take action when a user clicks the send button in Outlook
  • On Send must be enabled in the OwaMailboxPolicy assigned to the user
  • Available since Exchange 2016 CU5
• Hybrid delegation (26:40 mins)
  • Jeff discusses and demos advancements in hybrid delegation (full access, auto-map, send as, send on behalf)
• On-premises policies will come over to Office 365 (46:06 mins)
  • Hybrid wizard will ask you which on-prem policies you want to copy into Office 365 (e.g. OWA, ActiveSync and Retention policies)
  • User’s mailbox, when moved to Office 365, will retain their existing policy assignments
• Hybrid publishing (50:52 mins)
• Hybrid recipient management (54:16 mins)
  • Jeff’s team is working towards allowing admins to make changes to attributes in Office 365 and have those attributes sync back to on-prem. This will remove the need to keep Exchange on-prem for recipient management.
  • Jeff’s team is also looking at changing the source of authority on synchronized objects to Azure Active Directory.
• Migrating data between tenants – mergers and acquisitions (59:33 mins)
  • Jeff demonstrates a mailbox move between two Office 365 tenants using MRS and PowerShell.

Scott Schnoll’s Exchange tips and tricks
Scott provides us with his top tips for Exchange. Topics include:

• Server roles in Exchange 2016 (1:41 mins)
• How Exchange is developed (2:41 mins)
• Exchange 2016 Lifecycle (3:56 mins)
• Changes in Exchange 2016 CU7 (4:51 mins)
  • Forest functional level is now 2008 R2 or higher
• Announcing Exchange 2019 (8:48 mins)
  • Preview shipping mid-2018
  • General release second half of 2018
• Bug in Windows Server 2016 that caused IIS to crash – KB3206632 (10:20 mins)
• iOS11 issue with HTTP/2 (11:22 mins)
  • Microsoft turned off HTTP/2 across all Exchange Online servers
  • Microsoft recommends administrators disable HTTP/2 across all on-premises Exchange servers until Apple resolves this issue
  • Microsoft is working with Apple to help them resolve the issue
• New calendar improvements across all Outlook clients (15:16 mins)
• Administrator configured out of office replies (18:00 mins)
• Message Latency in logs (19:47 mins)
• Running antivirus on the operating system (21:00 mins)
  • Windows Server 2016 comes with a built-in fully-fledged antivirus
  • Make sure to configure antivirus with all path, process and file type exclusions
• Health mailboxes (23:22 mins)
  • Do not alter their AD account in any way
  • Do not alter their password or account lockout settings
  • Do not move or alter their mailboxes in any way
• Stalled mailbox migrations to Office 365 (26:40 mins)
• Protocol Agnostic Workflow (PAW) (30:24 mins)
  • New mailbox migration code in Office 365 that improves stability and throughput
  • Individual users can be removed from a batch
  • Batch completions can be scheduled
  • Better reporting
  • Microsoft will automatically enable this for your tenant but only if your tenant has no active or completed batches
• OAuth (35:26 mins)
• Hybrid license key and hybrid diagnostics wizard (39:20 mins)
• When to decommission Exchange on-premises (42:00 mins)
• PST elimination tools (44:27 mins)
• Deprecation of RPC over HTTPS – Outlook Anywhere (46:32 mins)
• Mailbox encryption coming soon to Office 365. You can encrypt with either:  (53:00 mins)
  • Microsoft managed key
  • Customer provided key
• Using Azure VM for DAG witness (55:04 mins)
• Changes to lagged copy behavior (56:15 mins)
• Recovering an Exchange Server with newer CU (59:58 mins)
  • This is possible and supported
  • Admin version will still show old CU build until you go to a newer CU later on
• New anti-phishing behavior in Office 365 (1:01:09 mins)
• Connecting to Security & Compliance Center via PowerShell (1:07:29 mins)
• Azure Information Protection – AIP (1:08:17 mins)
• Advanced Find in Outlook deprecation and reinstatement (1:12:38 mins)
• New TAP program for migrating public folders to Office 365 Groups (1:13:14 mins)

Modern authentication for Exchange Server on-premises
Greg Taylor discusses two new modern authentication scenarios coming to Exchange on-premises. One scenario which will be available to Exchange 2013 and 2016. And a future scenario that will be available in Exchange 2019. No bunnies were harmed in the delivery of this session.

• Importance of Modern Authentication (2:39 mins)
  • Allows Outlook to authenticate with a token
  • An easier route to enable Outlook for Multi-Factor Authentication (MFA)
  • Relies on strong network connectivity
• Two implementations of modern authentication will ship (7:10 mins)
  • Exchange 2013 / 2016 implementation expected by December 2017
  • Exchange 2019 implementation will ship when new release ships second half 2018
• Overview of how modern authentication works (10:00 mins)
  • Modern auth will only work with MAPI over HTTP.
  • No RPC over HTTP support.
  • Exchange will use modern auth for all client connections, regardless of whether they originate from inside or outside the network.
• Example of modern auth during autodiscover (15:35 mins)
  • Authorization type of “Bearer” is Outlook instructing Exchange that it can do modern authentication
  • Exchange responds to the client with STS authorization URL (for example AD FS)
• Explanation of token exchange (17:46 mins)
  • The access token has a lifetime of 1 hour (default TTL)
  • When the Access token expires the client uses their Refresh token to request a new Access Token (re-authenticate)
  • The refresh token is valid for 14 days (default TTL)
  • Password change:
    • Immediately invalidates the Refresh Token.
    • Access token remains valid for the remainder of its duration (up to 1 hour)
• Deep dive into two versions of on-prem modern auth (23:30 mins)
  • Exchange 2019 will ship with an on-prem implementation of Modern Auth
    • AD FS 2016 required
    • Outlook 2016 / 2019 required
      • Outlook 2013 and older will not work
    • Exchange 2013 / 2016 can be in the organization (no Exchange 2010)
    • Device registration is required
  • Exchange 2013/2016 will ship with a hybrid implementation of Modern Auth
    • Will require hybrid connectivity with Office 365
    • AD FS not required (can just use Password Sync with Azure AD Connect)
    • Exchange HCW must be run to enable OAuth
    • On-prem SPNs registered with Azure AD (configuring this is shown at 39:05 mins)
    • Exchange 2010 is completely unsupported and must be removed from the environment – no coexistence
• OAuth tokens rely on TLS for encryption (32:13 mins)

Exchange Online Multi-Geo Capabilities
Brian Day discusses the new multi-geo capabilities of Exchange Online. In this session we learn how mailboxes can be moved into other regions to satisfy data residency requirements. Brian emphasizes that this capability is not intended to improve client connectivity but purely for compliance requirements.

• What is Exchange multi-geo? (1:00 mins)
  • Multi-geo is about data residency
  • Multi-geo is not for performance purposes
  • Control the region a mailbox resides (not the datacenter)
  • Mailbox does not automatically move regions
  • General availability Q1 2018
• Multi-geo under the hood (10:00 mins)
  • Exchange Online cross region account forest
• Enabling a tenant for multi-geo (13:35 mins)
  • Tenant moved to cross region account forest. New cmdlets available:
    • Set-MsolCompanyMultiNationalEnabled
    • Set-MsolCompanyAllowedDataLocation
    • Get-MsolCompanyAllowedDataLocation
  • Azure AD Connect v1.1.524.0 or greater
  • Reconfigure AAD Connect to sync Preferred Data Location (PDL) attribute
  • PDL attribute updated on user objects and synced to Office 365
  • Mailboxes automatically moved based on PDL attribute
• Clients still point to outlook.office365.com (21:28 mins)
• Frequently asked questions (25:00 mins)
  • No limit on the number of geos per tenant
  • No minimum seats per geo
  • The user, shared & Office 365 groups can move geo
  • China, Germany & US Government excluded
  • Home (default) geo cannot be moved
  • Mail flow (EOP) remain with default geo
  • Users can be provisioned directly into a specific geo
  • On-prem mailbox can be migrated directly to a specific geo
• Demo of multi-geo (34:15 mins)
  • If PDL value is empty, user is in default geo

Exchange High Availability and Storage for Insiders
Lin Chen and Kathleen Voelbel discuss highly available storage in Exchange. Topics include:

• Exchange Online footprint (2:27 mins)
• Response to hurricane Harvey – site switchover (4:00 mins)
• Workload Management (6:42 mins)
  • Workloads managed based on resource availability
  • Non-user workloads throttled when resources are low
  • Database reseeds to be managed by Workload Management going forward
    • Only throttle if the database has healthy redundant copies
    • Throttling can be configured
  • Database divergence scanning to be managed by Workload Management going forward
    • Database divergence scanning looks for logical corruption and divergence between all database copies
  • Database rebalancing
    • Databases rebalanced automatically when CPU sustains 99% utilization
    • Databases moved 2 at a time
    • WLM checks CPU utilization every 10 minutes
    • WLM will keep moving databases until CPU utilization has dropped below 89%
• Network high availability (19:25 mins)
  • Case Study: Helsinki datacenter outage
  • WLM will throttle lag copy replication and mailbox moves during high network utilization
• Search improvements (26:25 mins)
  • Full-text indexing was previously run against each database and stored separately from the database
  • Full-text indexing now occurs in the transport pipeline against each message in real time
  • The index of each message is stored in the recipient’s mailbox
  • Because the index is now stored in the mailbox it is transferred to each passive copy through log shipping
• Mailbox encryption coming soon to Office 365. You can encrypt with either: (30:00 mins)
  • Microsoft managed key
  • Customer provided key
• Bing integrates into Office 365 search (30:49 mins)
  • Codename: BigFunnel
  • 50% of mailboxes moved over to BigFunnel today
  • Bing brings search intelligence to Office 365
    • 2x search speed
    • Fewer resources required for search
    • 1/5th code required for search
  • Search for your Office 365 tenant content from Bing.com
• Storage improvements (35:00 mins)
  • Exchange Online to supplement traditional spindles with SSDs
  • MetaCache DataBase (MCDB) to use SSD storage
    • Secondary metadata database (stored on SSDs) for mailbox database (stored on spindles)
    • Message bodies and attachments will always remain in the mailbox database on spindles (90% of all Exchange data)
    • Metadata such as message headers, mailbox tables, and BigFunnel search indexes will be stored in the MCDB on SSDs
      • Search latency decreased by 50%
      • User logons decreased by 50%
    • The MCDB copies its data from the mailbox database
      • Should the MCDB (or SSD) ever fail that data will be rebuilt again from the mailbox database
      • Users will access the mailbox database until the MCDB is rebuilt
  • ESE database cache improvements (45:25 mins)
• Administrators can now recover items from a user’s recovered deleted items folder without user interaction (53:20 mins)
  • Get-RecoverableItems & Restore-RecoverableItems
• Troubleshooting tips (1:00:27 mins)

Design your Exchange infrastructure right (or consider moving to Office 365)
Boris Lokhvitsky and Robert Gillies discuss design best practices for Exchange on-premises. Topics include:

• Evolution of Exchange design (Exchange 2003 – 2016) (8:20 mins)
• Design for simplicity (12:10 mins)
• Eliminate failure domains (17:23 mins)
  • Place your DAG members in different racks (different power, network, cooling, etc)
• Exchange’s building block architecture (19:10 mins)
  • Scale out, not up
  • Better to go with more servers with lower specs than with fewer servers with higher specs
  • More servers equal higher availability
• PLA is Microsoft Consulting Services’ Exchange guidance (20:35 mins)
  • Builds on the Preferred Architecture
  • 4 database copies across 2 sites; witness in the 3rd site
  • Unbound namespace
  • Direct Attached Storage (not SAN)
  • JBOD (not RAID)
  • Layer 7 Load Balancing
  • System Center for monitoring
  • Exchange Online Protection for message hygiene
• Exchange storage design (24:00 mins)
  • DAS vs SAN
  • JBOD vs RAID
  • SATA vs SAS vs SSD
• SAN considerations (28:54 mins)
  • 256 KB stripe size required
  • 64 KB NTFS allocation size
  • Deduplication is unsupported
  • Test SAN with JetStress
• Native Data Protection vs RAID (32:17 mins)
  • 3 database copies eliminate the need for RAID
  • Consider DAG an application level (or software) RAID
  • RAID adds overhead
  • Pull a disk from the RAID when testing with JetStress to account for RAID rebuild overhead
• Cache requirements (34:00 mins)
  • JBOD disks may need to be presented as single disk RAID 0 to use controller cache
  • Controller cache must be flash or battery backed (FBWC or BBWC)
  • Configure cache at 100% write operation
  • Do not use pinned, preserved or disk cache
• Thin vs Thick provisioning (35:54 mins)
• Recommended disk layout (38:12 mins)
  • RAID 1 for OS, Exchange install, transport queue and logs
  • One hot spare for DAG AutoReseed
  • JBOD (RAID 0) for Exchange DBs and logs
• Site resiliency (40:00 mins)
  • Bound vs Unbound namespace
  • Database copies across sites
• Backups vs Native Data Protection (47:13 mins)
  • Passive copies protect from hardware failure and physical corruption
  • Lagged copies protect against logical corruption, viruses, or, accidental deletions
  • SafetyNet protects transport pipeline and can replay messages recently delivered to the database
• BitLocker considerations (50:53 mins)
• Virtualization (54:11 mins)
  • Running Exchange in Azure
  • Exchange in AWS is unsupported
• Compliance (1:01:50 mins)
• Network (1:05:10 mins)

What’s new and what’s coming in the Microsoft Outlook family of apps
In this session, JJ Cadiz, Alessio Roic, Allen Filush and, Madhuri Tondepu discuss the Outlook roadmap. Topic includes:

• Outlook roadmap for 2018 (2:26 mins)
• A new simplified user interface (5:22 mins)
  • Three line ribbon reduced to a single line (can be customized)
  • Only common buttons displayed
  • New interface demoed at 7:13 mins
  • Left navigation redesigned
• Outlook for Mac (9:36 mins)
  • New search bar
  • Ability to read mail and calendar items in Mac widget bar
  • Parity with Outlook for Windows
  • Outlook for Mac feature demo at 17:00 mins
    • Modern attachments
    • OneNote integration
    • Inserting tables
• Search improvements (20:00 mins)
• Calendar sharing improvements (21:30 mins)
  • Can now see delegate calendars via mobile
• Demos: (24:50 mins)
  • Group cards and user management
  • Using Office 365 groups in Outlook
  • Adding calendar items to personal calendar from a group calendar
  • Creating an Office 365 group from Outlook
  • Managing group email notifications
  • Recipient suggestions
  • Modern attachment permission management
• Improved anti-phishing (38:00 mins)
  • Simplified ATP safe links
  • New tooltips
  • New anti-phishing feature demo at 41:25 mins
• Demo on Windows Information Protection at 43:40 mins
• New classification menu mockup (45:25 mins)
• Intelligence (48:25 mins)
  • Cortana integrated with Outlook
  • Time to leave notifications
  • Cortana can schedule meetings
  • Expanded support for events (integration with Eventbrite and OpenTable)
• Office 365 & LinkedIn integration (57:00 mins)
  • LinkedIn information brought into a contact card
  • Enhanced contact card shows recent files, emails and, other interactions
• Add-ins & Actionable messages (1:01:00 mins)

Investigate tools and techniques for Exchange performance troubleshooting
In this session, Nasir Ali, Jeff Mealiffe, Bob Samer and, Justin Turner discuss the tools and techniques used by the Exchange escalation team when troubleshooting performance problems. Topics include:

• Preventing performance problems (2:30 mins)
  • Use the Exchange Server calculator
  • Scale-out vs scale up
  • Exchange 2016 supports 192 GB RAM
• Change HP ProLiant Gen9 BIOS NUMA Group Size from “Clustered” to “Flat” (9:35 mins)
• Virtualization best practices (11:10 mins)
• Load balancing best practices (14:18 mins)
• DAG & DB performance best practices (15:58 mins)
• Updates & .NET framework (18:54 mins)
• Common causes of performance issues (21:00 mins)
  • Cumulative Update level
  • .NET Framework version
  • Power settings in BIOS and Windows
  • CPU sizing
• Health Checker script (28:00 mins)
• Case Study: Health Manager Service Crash (29:30 mins)
  • Troubleshooting with WinDbg (Windows Debugger) at 35:10 mins
  • Troubleshooting with ProcMon (Process Monitor) at 38:50 mins
  • Solution: Reinstall SCOM agent with APM disabled
• Case Study: Exchange Performance and AD (41:38 mins)
  • 1644 Event Logging and script (54:30 mins)
• Exchange online release methodology (1:02:58 mins)
  • Features released in multiple rings
    • Ring 0 = Feature Team
    • Ring 1 = Office 365 Team (3,000 users)
    • Ring 2 = All of Microsoft
    • Ring 3 = Select tenants

Troubleshooting complex Exchange operational issues
In this session Microsoft MVPs Ingo Genoworth and Andrew Higginbotham discuss troubleshooting methodology, drawing upon their personal experiences in the field.

• Reviewing IIS logs (4:14 mins)
• Using IIS for statistical analysis (6:54 mins)
• Exchange logging (9:02 mins)
  • %ExchangeInstallPath%Logging
  • Broken down by protocol
• Troubleshooting OAuth certificate failures (11:54 mins)
  • OAuth issue caused hybrid free/busy lookup failures and use of Modern Attachments
  • Resolution: Run New-MsolServicePrincipleCredential in the tenant for the new cert
• Troubleshooting Outlook authentication prompt (14:36 mins)
  • Kerberos errors in event logs
  • Used Get-IISStats.ps1 script
  • Resolution: DC reboot
• EWS performance issues (17:36 mins)
  • Exchange was throttling application
  • Resolution: Change how the application was requesting data from EWS
• Frequent lockouts for user (19:26 mins)
  • IIS logs identified device failing authentication
  • Resolution: Remove mailbox from old device
• Performance counters (20:36 mins)
• Tools (23:36 mins)
  • Log Parser Studio
  • SysInternals Suite
  • Health Checker Script
  • Get-ExchangeEnvironmentReport.ps1
  • Get-IISStats.ps1
  • Get-EWSStats.ps1
• .NET Garbage Collection (27:00 mins)
• Troubleshooting with Fiddler (29:25 mins)
• Exchange Server Calculator (30:45 mins)
  • Has your message profile changed?
  • Have the IOPS requirements increased?
• Storage troubleshooting (36:05 mins)
  • Storport Tracing
• Virtualization troubleshooting (44:38 mins)
  • CPU overcommit – size based on physical cores
  • Do not overcommit physical cores more than 2:1
  • %RDY should be below 3% (vCPU wait for physical core)

Secure Exchange on-premises as well as Microsoft secures Exchange Online
Andrew Higginbotham and Raji Dani discuss securing Exchange on-premises and how Microsoft secures Exchange online. Be sure to check out the demos at the end. Office 365 tenant admins will be able to penetration test their own tenants (coming January 2018).

• Bitlocker (3:20 mins)
• TLS and SSL (5:37 mins)
• Mailbox encryption coming soon to Office 365. You can encrypt with either:  (9:30 mins)
  • Microsoft managed key
  • Customer provided key
• Antivirus (11:05 mins)
• IDS / IPS / Firewall (15:44 mins)
  • Microsoft’s “Red Team” perform penetration testing in Office 365
  • AttackBot provides automated Office 365 penetration testing
    • Randomized attack scenario and target
  • Office 365 Security response model
• Publishing on-premises Exchange (25:52 mins)
• Change management (28:48 mins)
  • Secure code
  • Governance
  • Code review
  • Features released in multiple rings
    • Ring 0 = Feature Team
    • Ring 1 = Office 365 Team (3,000 users)
    • Ring 2 = All of Microsoft
    • Ring 3 = Select tenants
• Modern Authentication (35:15 mins)
  • Required for multi-factor authentication
  • Coming soon to Exchange on-prem
• Multi-Factor Authentication (36:52 mins)
• Safe Links & ATP (39:21 mins)
• Data Loss Prevention (40:08 mins)
• Rogue Administrator (40:33 mins)
  • On-Prem
    • Mailbox and admin audit logging
    • RBAC only protects Exchange tools
    • Separation of admin roles/duties
  • Office 365
    • Lockbox is just-in-time, least privileged scoped access that must be approved
    • The customer can track activity via API
    • Customer Lockbox (E5) additionally requires customers to approve what the Microsoft engineer can do
• Demos
  • Secure Score (49:45 mins)
  • Perform penetration testing against your Office 365 tenant (Jan 2018) (54:15 mins)
  • Mail sniper (1:05:25 mins)

Exchange and Outlook mega “ask the experts”
Brian Day, Scott Schnoll, Jeff Mealiffe, Greg Taylor, James Colgan, Christophe Fiessinger, Wey Love, Angela Taylor, Ross Smith IV, JJ Cadiz, Alessio Roic, Julia Foran, Lexi Torres, Jason Creighton, Paul Tischhauser, Gabe Bratton and, Allen Filush answer questions from the audience. Steve Conn moderates. Questions include:

• Outlook for Mac & Office 365 (7:10 mins)
• Delegates not working in Skype for Business online (8:55 mins)
• Focused Inbox & Outlook for desktop (9:55 mins)
  • Coming in March to deferred channel
• Exchange Online Protection quarantine (10:40 mins)
• Using Cloud Witness with Exchange (11:54 mins)
  • Not supported at present
• Outlook for Mac calendar issues after migrating (13:05 mins)
• Room Finder for meetings under 30 minutes (14:22 mins)
• Using Office 365 for SMTP relay & need to keep Exchange on-prem (15:44 mins)
• Journaling in Exchange Online (19:45 mins)
• RPC over HTTP deprecation (22:04 mins)
  • Can connect to RPC over HTTP after October
  • No support from Microsoft after October
• WAN Optimization for Exchange Online (26:20 mins)
• Extending New-RemoteMailbox for shared mailboxes (29:08 mins)
• Outlook behavior during migration to Exchange Online (+Skype client restart) (30:22 mins)
• Outlook for Mac & MAPI over HTTP (33:00 mins)
• Groups in hybrid (33:30 mins)
• Lagged copy issues (35:48 mins)
• Scoping send connectors (38:48 mins)
• Tenant to tenant migrations (39:52 mins)
• Data sovereignty (40:42 mins)
• Renaming a forest with Exchange on-prem (45:14 mins)
  • Unsupported
• Online Archive & Outlook for Mac (46:24 mins)
  • Not supported at present
• The frequency of admin Outlook prompts & maintaining on-prem servers (48:55 mins)
• Outlook OST size & shared calendars (51:55 mins)
• Retention policies affect both primary & archive mailboxes (53:28 mins)
• Data Loss Prevention (55:00 mins)
• How long can a mailbox be AutoSuspended (56:08 mins)
• Forwarding calendar invites via ActiveSync (57:09 mins)
  • Works in Outlook for iOS/Android
  • Do not forward invites is a control
• Cross-forest public folder migrations (1:00:04 mins)
• User managed distribution groups & Exchange Online (1:01:46 mins)
• Linked mailboxes & Azure AD Connect (1:04:00 mins)
• Modern auth in Exchange on-prem (1:06:50 mins)
• Device reporting in InTune (1:07:27 mins)
• Bypass ATP for trusted senders (1:09:00 mins)
• Exchange and Windows Server Core (1:10:03 mins)
  • Unsupported in Exchange 2013 / 2016
• Edge transport & Windows Server 2016 (1:10:55 mins)

Microsoft Exchange: Through the eyes of MVPs
Andrew Higginbotham, Ingo Gegenwarth, Michael Van Horenbeeck, Jeff Guillet and, Steve Goodman answer questions from the audience. Tony Redmond moderates. Questions include:

• Government agencies and the cloud (3:12 mins)
• Maintaining on-prem Exchange in hybrid (9:40 mins)
• Delegations & migrating to Office 365 (11:15 mins)
• Tenant to tenant migrations (14:00 mins)
• Migrate away from public folders (16:35 mins)
• Resource forest & Office 365 migrations (21:03 mins)
• Getting rid of resource forest after Office 365 migration (25:38 mins)
• Publishing Exchange hybrid without inbound connections (30:54 mins)
• Native data protection vs cloud backups (37:30 mins)
• Patching Exchange on-prem like Exchange online (40:05 mins)
• Future of Exchange on-prem (44:00 mins)
• Securing Exchange hybrid (48:07 mins)
• Journaling in Office 365 (53:26 mins)
• Removing a DAG (55:40 mins)
• Reducing mailbox size before migration (1:02:09 mins)
• Best way to handle spam in Office 365 (1:05:00 mins)
• Exchange in Azure (1:08:03 mins)
• Symantec Enterprise Vault (1:10:20 mins)
• Exchange on-prem anti-malware (1:12:50 mins)

The epic Exchange preferred architecture debate
Ross Smith IV, Aaron Chow, Jeff Guillet, Mike Cooper, Lin Chen and, Phoummala Schmitt discuss the preferred architecture for on-premises Exchange. Topics include:

• Exchange 2016 now supports 192 GB RAM (1:10 mins)
• Administrators can now recover items from a user’s recovered deleted items folder without user interaction (1:45 mins)
  • Get-RecoverableItems & Restore-RecoverableItems
  • This will come to on-prem eventually
• Panel debate  (7:15 mins)
  • SSD vs spindles
  • DAS vs SAN
• Questions from the audience (12:27 mins)
  • Native data protection
  • SAN deduplication
  • Lagged copies
  • AutoReseed
• Lin Chen discusses preferred architecture in Exchange Online (18:56 mins)
  • 2 billion mailboxes
  • 200,000 back-end servers in Exchange Online
  • 4 geo-redundant copies (1 lagged copy)
  • How updates are performed in Exchange Online
• Questions from the audience (22:00 mins)
  • Reserving virtual resources for Exchange
  • RAM guidance in Exchange 2016
  • On-premises vs cloud feature parity
  • Symmetric vs asymmetric design
  • Backups vs Native Data Protection
  • What mailbox size does the panel give their users
  • How does the panel perform cumulative updates?
  • Minimum CU level to support 192 GB RAM in Exchange 2016
  • Best way to eliminate PSTs
  • Exchange in Amazon Web Services (unsupported)
  • How does the panel monitor Exchange? (+thoughts on Managed Availability)
  • How does the panel use test environments?
  • Stay on-premises with the preferred architecture or go to Office 365
  • How does the panel use archives?
  • Automate Exchange installation
  • Exchange 2016 on Windows Server 2016
  • Losing a lagged copy

Running Exchange hybrid over the long term
In this session Michael Van Horenbeeck discusses maintaining hybrid for the long term. Topics include:

• What is hybrid Exchange (2:45 mins)
• Common hybrid struggles (5:23 mins)
• Hybrid security (9:33 mins)
• Securely publishing hybrid (13:15 mins)
• When to rerun the hybrid configuration wizard (20:12 mins)
• Do I need to upgrade hybrid servers (22:16 mins)
• Reasons to keep a server on-prem (24:50 mins)
• Cross premises permissions (33:25 mins)
• Free/Busy and the Hybrid Mesh (37:42 mins)
• Provisioning mailboxes via hybrid (42:55 mins)
• Merger, acquisition & divestiture examples (44:10 mins)
  • Identity (51:35 mins)
    • Think about your sourceAnchor (e.g. objectGUID)
  • ADFS vs PTA vs Password Sync (59:15 mins)
  • Migrating mailboxes (1:05:22 mins)
  • Multi-forest hybrid (1:11:40 mins)
  • Edge Transport  (1:13:15 mins)

Inside Exchange Online
Matt Gossage and Ananth Sundararaj discuss the inner workings of Exchange Online. Discussions included:

• Office 365 footprint (4:00 mins)
• Service up-times (9:30 mins)
• Monitoring the service (11:00 mins)
• Case Study: Helsinki datacenter outage (14:20 mins)
• Case Study: Support Analysis (20:45 mins)
• Demo: How engineers troubleshoot incidents in Office 365 (Office 365 Substrate Pulse) (24:30 mins)
• The speed of light (32:00 mins)
  • How to make the service as fast as possible
  • Includes networking and storage
• Intelligent routing (33:30 mins)
  • 150 public peering locations for low latency
  • Anycast DNS on Cafe (ACDC)
  • Local and regional caches
  • Optimizations for connection reuse
  • Shortest path to database
• Demo: Anycast DNS on Cafe (41:45 mins)
  • Routing to best “front door”
  • Mailbox moved to best location for user
  • Has reduced round trip latency by 100ms in NAM
  • As much as 300ms reduction in LATAM
• MetaCache Database (MCDB) (45:35 mins)
  • Secondary metadata database (stored on SSDs) for mailbox database (stored on spindles)
  • Message bodies and attachments will always remain in the mailbox database on spindles (90% of all Exchange data)
  • Metadata such as message headers, mailbox tables, and BigFunnel search indexes will be stored in the MCDB on SSDs
    • Search latency decreased by 50%
    • User logons decreased by 50%
  • The MCDB copies its data from the mailbox database
    • Should the MCDB (or SSD) ever fail that data will be rebuilt again from the mailbox database
    • Users will access the mailbox database until the MCDB is rebuilt
• Productivity Intelligence (50:45 mins)
• Bing integrates into Office 365 search (51:52 mins)
  • Codename: BigFunnel
  • 50% of mailboxes moved over to BigFunnel today
  • Bing brings search intelligence to Office 365
    • 2x search speed
    • Fewer resources required for search
    • 1/5th code required for search
  • Search for your Office 365 tenant content from Bing.com
• AI & machine learning in Office 365 (56:20 mins)
• Demo: Machine Learning in Office 365 (1:05:00 mins)
• Exchange Server 2019 (1:14:00 mins)
  • Preview shipping mid 2018
  • General release second half of 2018