Saturday, January 17, 2015
Office 365 - Hybrid Migration - Part 6: Client experience
In this blog post, I'll examine the client experience after the migration of a mailbox.
Only OWA (Outlook Web App - formerly Access) will be discussed. Unfortunately, because of certain limitations in my test network, Outlook will not connect to Office 365. It seems that with OWA, Internet "cookies" can transmit any necessary data through the connection opened with Office 365, thus requiring no further firewall reconfiguration at the perimeter. On the other hand, Outlook functions differently and would apparently require another 1 to 1 NAT relationship at the firewall. This was not possible for a number of reasons that I will not detail here (limit on number of external ISP-provided IP addresses, licensing issues on the firewall itself).
So with OWA then, this is how we would proceed.
Having logged in as the user migrated to Office 365, I create a desktop shortcut with the target URL shown below:
That is: http://outlook.com/owa/mitservnet.onmicrosoft.com
Of course, an Internet favorite could be used as well.
We could also enter the usual (for my domain) https://mail.mitserv.net/owa
In that case (for migrated users), we would be redirected to Office 365 anyway.
That's why I opted to create a simple and direct shortcut instead.
So the Office 365 portal displays and the user has to enter their credentials:
Once the user enters their username (and before they can enter their password), they are redirected to the local ADFS server where they have to enter their username again and then (finally...) their password:
The advantages of Single-Sign On (SSO) are not clear here. In fact, SSO does not seem to function with OWA at all, since I have to enter my username and password once to logon to the workstation itself, then the username a second time, and then a third time (with the password) when I provide my credentials to ADFS.
On the other hand, a call to Microsoft Tech Support confirmed that ADFS was at least configured correctly and I could indeed connect to the user's mailbox in Office 365:
At this point, the user can send and receive messages as usual.
I did notice one problem: if the user signs out (with "Sign Out" - see below), OWA would automatically re-open. I had to close the browser (IE11) to end my session.