Posts Tagged Role-Based Access Control
I may have a better appreciation of the things I can do within my Office 365 environment due to my past life as an IT administrator, but I thought it would be good to point a few of those features out and describe why they may mean something to the average business user. The application that is most attractive out of the Office 365 suite has to be Exchange Online. This hosted email service is available as a base component of all of the suites on offer and is probably the “first cab off the rank” when a customer looks to a cloud offering.
Exchange Online launched in New Zealand back in April 2009 and it formed part of what was then known as BPOS or Business Productivity Online Suite. This product was based on a multi-tenanted version of Exchange 2007. In the middle of last year Office 365 launched and with it came a better Exchange Online experience, offering some of the great features you would get with an on premise installation of Exchange 2010. As with any hosted offering the products get better over time and since the release of Office 365 certain features have been added to the suite. These features are make it easier for non-technical employees to administer the functionality of what would be normally complex back-end systems all via a web portal.
Mobile device management
One of the biggest advances in email technology over the past few years has been the introduction of Mobile access. Microsoft set the standard in my opinion with ActiveSync, blowing away the previous market leader RIM (aka Blackberry). With the RIM offering you needed middleware to connect and manage the mobile handsets, furthermore they needed to be Blackberry handsets. ActiveSync on the other hand is now licensed by Microsoft to many handset providers including Apple’s iPhone and iPad, Google Android devices and obviously Windows Phone 7 devices. ActiveSync allows the management of devices from the Outlook Web App experience, remote wipe etc as well as push notification and contact/calendar/contact sync. As an administrator you are also able to restrict access to mailboxes by mobile devices as well.
While Office 365 supports Blackberry devices, the “native” support is for ActiveSync devices as shown above. There has also been an announcement recently to introduce the ability to connect mobile devices via ActiveSync to the Kiosk Worker plan at $3.06 per user per month for a 1Gb mailbox. The kiosk worker plan is great for a mobile worker who is rarely in the office and doesn’t use a desktop PC on a regular basis, it won’t let you connect Outlook to the mailbox but the Outlook Web App is more than enough for occasional users. For more information on Exchange Online Plans visit www.office365.com
Legal Hold and Archive
Legal hold is something that I believe should be part of any email solution. In the press you hear often how emails can get people, and more importantly businesses into and sometimes out of trouble. The legal hold functionality of Exchange Online is provided by the premium product in either the Exchange Online Plan 2 stand alone product or the E3 and E4 suites. Do not confuse legal hold with the personal archive capability.
Personal Archive – Provides the ability for users to manage the retention of mail in their mailboxes. Personal archive is available to all suites and product versions of Exchange Online with the exemption of the Kiosk Plans. (Kiosk Plans are able to add the archive product separately). For P1 plans of Exchange Online the Archive and Mailbox capacity is a combined total of 25Gb, Plan 2 is unlimited.
Legal Hold – Provides legal hold capabilities to preserve users’ deleted and edited mailbox items (including email messages, appointments, and tasks) from both their primary mailboxes and personal archives. Administrators can use the Exchange Control Panel or Remote Power Shell to set legal holds on individual mailboxes or across an organization. The administrator can then choose to notify the user of the legal hold or not.
Deleted Item Retention – Provides the end-user with the ability to recover a deleted item from any folder for up to 14 days. This timeframe can be changed using remote Power Shell commands or via a Service request.
Multi-mailbox search is available in Exchange Online. This comes in useful when investigation is undertaken by Human Resources or a legal investigation takes place. This is a very powerful feature and can be accessed via a web portal (under the Exchange Management Portal from your Admin Site) or via remote power shell cmdlets. The e-discovery power shell scripts can also be used to find and remove email items from multiple mailboxes that match a certain criteria. For more information see: http://www.microsoft.com/exchange/en-us/email-archiving-and-retention.aspx
Exchange Online is protected by The Microsoft Forefront Service for anti-spam and malware. This product can be tuned via the Exchange Management portal which is accessible to administrators through the Admin Portal. Most businesses I have dealt with have paid an additional cost to filter un-wanted email from their inboxes using a product hosted by a third-party (ISP or other hosted provider) or in some instances another product sitting on a separate server. This feature comes with all product versions of Exchange Online and in my experience hasn’t failed me yet. The administrator is able to configure the Forefront product to alert users if any spam has been filtered by way of email or indeed turn the feature off altogether and let the spam be dealt with by the Junk Mail folder within Outlook.
Role Based Access
Exchange Online uses a Role-Based Access Control (RBAC) model that allows organizations to finely control what users and administrators can do in the service. Using RBAC, administrators can delegate tasks to employees in the IT department as well as to non-IT employees. For example, if a compliance officer is responsible for mailbox search requests, the administrator can delegate this administrative feature to the officer. It is important to note that many of the features above need to be restricted to certain people within your organization.
These are but a few enterprise features delivered by Exchange Online that expands the value email has to a business. Anywhere access, reliability and security are components of what a robust email solution needs to provide. The pricing for Office 365 Exchange Online products are below (New Zealand $).
- Kiosk (deskless) Users – 1Gb Mailbox for Mobile device access using ActiveSync and Outlook Web App – NZD $3.06 per user per month
- Exchange Online Plan 1 – 25Gb Mailbox for users connecting via Outlook and Mobile devices, includes personal archive – NZD $6.11 per user per month
- Exchange Online Plan 2 – Unlimited mailbox for users connecting via Outlook and Mobile devices, includes personal archive and legal hold ability – NZD $12.25 per user per month.