Chat now with support
Chat with Support

Binary Tree Power365 Current - Help Center

Help Center Home Power365 Platform Tenant-to-Tenant Directory Sync Migration for Active Directory Release Notes Known Limitations Support

Premium Migration and Integration Pro

What is required to set up a Premium Integration Pro Project?  

The following information provides details on the additional component requirements related to deployment of Premium Integration Pro projects. Premium Integration Pro projects offer two (2) additional services on-top of the Premium Integration projects, which includes Email Rewrite Services for tenant-to-tenant Domain Sharing and automated Domain Cutover services which orchestrate the consolidation of Exchange Online Accepted Domains from one tenant to another.

All previous requirements outlined for the platform, integration and migrations are still applicable. To review those requirements, see the Additional Information section below.

 

Domain Sharing (Email Rewrite Services)  

To deploy Email Rewrite Services (ERS) between tenants the following will need to be ready prior to the configuration of the service.

During initial project set up you may choose to configure ERS now, if you are ready or later after the initial discovery is complete.

ERS Deployment Checklist:

The following checklist provides a quick reference to the items or decisions required to begin configuration of ERS.

  1. Procure one (1) SSL single domain certificate for each tenant environment using one (1) of the accepted domains.
  2. The password associated with the SSL certificate will be required when uploading each certificate.
  3. Choose which domains will particulate in ERS.
  4. Deploy DKIM DNS TXT records for each tenant environment during project set up.

Once ERS is configured and deployed, the next step is to prepare eligible users.

ERS User Preparation Checklist:

  1. Identify which users will utilize ERS.
  2. Run the Prepare action for all users. This will create your missing users and update your existing users for GAL visibility, mail routing coexistence and free/busy services.
  3. To enable the service, simple add the user as a member of the ERS group.

 

SSL Certificates  

To successfully configure the Email Rewrite Service, a valid SSL certificate must be procured for all source and target tenants. The certificate must contain a single accepted domain, one (1) for each tenant. The selected certificate cannot contain subject alternative names (SAN). The common name (Subject Name) must match one (1) of the Exchange Online accepted domains configured within the tenant.

This certificate is utilized to secure the Exchange Online connectors over TLS that will be used to transfer message between the Email Rewrite service and each tenant. The new certificates will be uploaded to the project using a PFX formatted certificate. PFX files contain the public key file (SSL Certificate file) and the associated private key file (password).

The requirements for the certificate are as follows: (Names are for example purposes only.)

  • Common Name: contoso.com
  • Cryptographic service provider: Microsoft RSA SChannel Cryptographic Provider
  • Bit length: 2048 or higher
  • Must be valid for Server Authentication and Client Authentication.
  • Must be signed by a trusted public root CA.
  • Must contain a private key (password).
  • Must not expire before the end of the project.
  • Must have a Friendly Name defined.

Important Tip: The domain listed on the certificate cannot be moved as part of a Domain Cutover process. If you plan to move all accepted domains, you should plan to acquire a certificate for a newly created accepted domain to use as a placeholder. This domain will not be moved or used; it will be used only as the subject for the TLS certificate.

 

DKIM (Email Signatures)  

Power365’s Email Rewrite Service ensures email authenticity after rewrites by signing messages using a Domain Keys Identified Mail (DKIM) certificate. To properly sign emails, a DKIM certificate will automatically be generated and assigned to each participating domain(s) in the source and target tenants.

Each participating Accepted SMTP Domain from the source and target tenants will require a DKIM TXT record be created in your public DNS. During project configuration, Power365 will generate all the required parameters to easily and quickly publish your TXT records for each domain.

 

DNS  

To complete set up of ERS the DKIM/Email Signatures DNS txt record must be published in the source and target public DNS. Once the records are published, Power365 will automatically verify the records. Once verified you will be able to complete the project’s ERS configurations.

The following is an example of the TXT record parameters required to publish the record. Your key will be unique to your project.

  • Name: selector1._domainkey
  • Type: TXT
  • TTL: 10
  • Value: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmvFUb+TkozfdnA0dA3AHOwAUYdfNVlBkR72+gqp2GxwK8yYPRI/E1/zp5DDZ/i8epWTR/F9u4jDJxjLqYF9d8m7qhJFjXxzWH2TbMQC4VgUfRtq5WAJmPUrCBdxxvMoOAKQ+aYagtXpv9HlH7PAKXsUFbqGGZ0GQFSvM0GKC7hQIZZQAB

Please Note: Power365 supports existing Exchange Online DKIM certificates and does not interfere with the ERS DKIM certificates. A unique selector will be provided if Exchange Online DKIM certificates are found.

 

SPF  

When planning the deployment of Email Rewrite Service (ERS) we recommend the following regarding Sender Policy Framework (SPF) records:

  • Update your existing SPF record to include the Binary Tree Power365 list of acceptable domains. This will prevent any hard failures when routing mail through the ERS relays.
    • Include the following domains with your SPF record from all source and target domains participating in ERS:

      • spf.power365-eu.binarytree.com
      • spf.power365.quest.com

Important Tip: Do not plan on utilizing the default “tenant.onmicrosoft.com” domain when deploying Power365 Email Rewrite Services (ERS). This is due to concerns regarding the external recipient domain's having SPF hard fail enabled. Click here for more details.

 

DMARC  

If your organization utilizes Domain-based Message Authentication, Reporting and Conformance (DMARC) to prevent email spoofing, then Power365 Email Rewrite Services (ERS) is DMARC ready.

There are no additional requirements to support DMARC with ERS, however it is highly recommended that the following related topics be reviewed prior to execution.

 

Domain Cutover  

There are no additional requirements to set up Domain Cutover services, however it is recommended that the following related topics be reviewed prior to execution.

Important Tip: The domain listed on the SSL certificate cannot be moved as part of a Domain Cutover process. If you plan to move all accepted domains, you should plan to acquire a certificate for a newly created accepted domain to use as a placeholder. This domain will not be moved or used; it will be used only as the subject for the TLS certificate.

 

Additional Information  

Basic Migration

Advanced Migration with Discovery

Premium Migration + Integration

Power365 Directory Sync Lite (Deprecated)

What is the status of Directory Sync Lite?  

As of May 29, 2020, Directory Sync Lite is no longer the standard deployment option for Premium Integration and Integration Pro projects.

All new projects created after May 29th, 2020 will utilize Power365 Directory Sync services to automate and orchestrate all preparation of directory objects for migration and coexistence services.

 

How does this impact existing Integration features like Prepare, Provision and Cutover orchestration?  

All existing Premium Integration automation functionality will continue to be supported. In fact, additional capabilities have been gained with the replacement of Directory Sync Lite. Read on for more information.

 

What new features and capabilities do I gain with Power365 Directory Sync orchestration?  

By utilizing Power365 Directory Sync instead of Directory Sync Lite you will gain the following additional features or capabilities:

  1. Now supports Tenant-to-Tenant hybrid, cloud only and mixed environment scenarios for migration and coexistence with domain sharing and cutovers.
  2. Real-Time Password Sync for Active Directory.
  3. Expanded Group Sync capabilities where all group types are supported including local and cloud groups along with Office 365 Groups and Teams.
  4. Expanded Address Book Sync capabilities to manage additional properties and more complex mixed environment scenarios including support for Microsoft Azure Active Directory Business-to-Business (B2B) guest accounts.
  5. Expanded properties and options for user’s personal contact information.
  6. Expanded Domain Move (Cutover) capabilities for mixed scenarios including but not limited to cloud-to-cloud and hybrid-to-cloud.
  7. Continuous Object Attribute Sync before and after migrations.
  8. Object attribute transformation of standards, defaults and property controls.
  9. Trustless SID History Migration options for Active Directory.
  10. Customizable Prepare, Provision and Cutover orchestration workflows.
  11. Add your own PowerShell scripts to your Prepare, Provision and Cutover orchestration workflows.

 

What should I do or know about Integration project deployments without Directory Sync Lite?  

There are a few items to note regarding the deployment of an Integration Project without Directory Sync Lite.

  1. Installation and configuration of the local agents are quicker, simpler and lighter. Reducing the overall deployment time and burden.
  2. A SQL server is no longer required for installation.
  3. Object change logs are now available within the main application interface and you are no longer required to review logs locally on a separate server.
  4. Local Agents can scale up to 5 nodes for redundancy and load-balancing.
  5. Cloud only deployments are now supported. Local Agents are only required for hybrid deployments of Microsoft 365 where objects are managed locally within Active Directory.
  6. The Project setup will require you to choose your target OUs for hybrid deployments so that Power365 knows where to create new User and Contact objects.
  7. Address Book Sync (i.e. GAL Sync) is now fully part of Power365 Directory Sync and no longer managed from Power365 Tenant-to-tenant. Which provides broader capabilities and options to manage more complex Address Book Sync scenarios.
  8. Distribution Group Sync is now fully part of Power365 Directory Sync and no longer managed from Power365 Tenant-to-tenant. Which provides broader capabilities and group type options including Office 365 Groups and Teams to manage more complex Group Sync scenarios.
  9. The option to keep a user’s Personal Contact Information such as Phone, Title and Department in sync during the migration project has been moved to Power365 Directory Sync where it is no longer limited by the migration lifecycle. With Power365 Directory Sync you may choose to sync these and many more attributes for as long as required, before and after a migration project.

 

I am using Directory Sync Lite instead of Power365 Directory Sync, what should I know?  

Use the following links to review the original Directory Sync Lite documentation.

Getting Started

Requirements

Installation

Configuration

Eligible Attribute List

Attributes by Action

Address Book Sync vs Prepare

Upgrading Power365 Directory Sync Lite

Outlook Setup Pro

Power365 optionally provides the user the ability to automatically configure their Outlook client to use the destination mailbox. For this feature to be successful, the following will be required on each user’s Windows workstation.

 

What is Outlook Setup Pro?  

Power365 Outlook Setup Pro is our older software tool used to configure the users's Outlook client. Desktop Setup Pro expands the capabilities of Outlook Setup Pro to now include the automatic configuration of OneDrive for Business and/or Microsoft Teams applications to connect to the new target tenant.

 

Is there any tenant level requirement needed to use the Outlook Setup Pro?  

Yes. “ApplicationImpersonation” role is part of the “Organization Management” admin role within Exchange Online for the Source tenant when the Outlook Setup Pro feature is enabled. This role is needed to send a hidden message to the source user mailbox to display the user’s target mailbox information when launched.

 

General Requirements  

  • Internet access to download the executable and connect to Microsoft 365.
  • The permission to download and run an executable (exe) file.
  • Disable any policies preventing Outlook Profile, OneDrive for Business, and Teams application changes or creation.
  • The end-user will need to be supplied with the new or temporary password for the new account residing in the destination Microsoft 365 tenant. (if applicable)

 

Minimum Software Prerequisites  

  • Outlook 2010 (32-bit or 64-bit) or higher
  • Windows 7 (32-bit or 64-bit) or Windows 10 (32-bit or 64-bit)
  • .NET 4.0.x or higher (4.6.x or higher recommended)

 

End-user Workstation Requirements  

  • Internet access using Port 443.
  • Internet access to the Power365 Outlook agent endpoint at https://power365.quest.com/api/outlook

  • Internet access to Exchange Online "Autodiscover" endpoints at:

    • Global: https://autodiscover-s.outlook.com/autodiscover
    • Germany: https://autodiscover-s.outlook.de/autodiscover
  • Local access to read\write the following registry keys on the end-user's workstation:

    • Outlook 2010: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem
    • Outlook 2013: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0
    • Outlook 2016: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0
    • Outlook 32-bit: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office
    • Outlook 64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office

Note: During this process, the Outlook Profile will be copied to a new Profile directed to the target account. Due to this configuration, a new OST download will occur based on your current cache settings, if enabled. To avoid network congestion try disabling or curtailing your cache settings to a lower amount of data then slowly increase it as needed. This can be accomplished through policies.

 

Supported Use Cases  

The following are the supported use cases when installing and executing the Binary Tree Power365 Setup Pro agent from the user cutover notification.

  1. Single User on a single workstation.
  2. Single User on a single workstation with multiple mailboxes to manage.

  3. Multiple Workstations for the same user.
  4. Different Users on the same workstation under their own Windows Profile.

Power365 Setup Pro supports environments that utilize Active Directory Federation Services (AD FS), Single Sign On (SSO) with mixed authentication modes being used such as Modern Authentication (ADAL), Forms Authentication and Windows Integrated Authentication.

 

Can I use the Outlook Setup Pro to re-configure my Outlook Profiles on the same workstation if I have multiple mailboxes?  

Outlook Setup Pro supports the scenario where a single user has multiple mailboxes and would to reconfigure the profiles on a single workstation. End user may choose their existing source mailbox Outlook Profile of their choice via the drop-down menu when they have multiple Outlook Profiles. Once the first profile has been reconfigured, user may launch Outlook Setup Pro again to reconfigure the remaining profiles.

To help the end user during this process, Outlook Setup Pro will only list the Outlook Profiles that have not been reconfigured and will not display profiles that were already reconfigured on the workstation. (See below for more detail)

User has two mailbox profiles configured on a single workstation and would like to use Outlook Setup Pro to reconfigure the profiles.

  1. After installing the Outlook Setup Pro on the workstation, end user may launch the application to reconfigure the profiles.

  2. Running the agent for the first time when the workstation has two mailboxes configured. In this case, C29Lyu0720MBX07 and C29Lyu0720MBX08. User may select the profile of their choice via the drop-down menu to reconfigure the first profile. In this case C29Lyu0720MBX07 is selected.

  3. User will complete the profile configuration and close the Outlook Setup Pro after it is done.

  4. After the first profile is reconfigured, user will launch the agent again to reconfigure the second profile. In this case, only C29Lyu0720MBX08 profile will be listed as C29Lyu0720MBX07 was already reconfigured.

 

Additional Information  

Outlook Setup Pro Setup

Desktop Setup Pro

What is Desktop Setup Pro?  

Power365 Desktop Setup Pro is our newest version of Outlook Setup Pro. Desktop Setup Pro expands the capabilities of Outlook Setup Pro to now include the automatic configuration of OneDrive for Business and/or Microsoft Teams applications to connect to the new target tenant.

 

What use cases does Desktop Setup Pro support?  

Users may have different or multiple workstations to configure. The following are the supported use cases when installing and executing the Binary Tree Power365 Desktop Setup Pro agent.

  1. Single User on a single workstation.
  2. Single User on a single workstation with multiple mailboxes to manage.
  3. Multiple Workstations for the same user.
  4. Different Users on the same workstation under their own Windows Profile.

 

What authentication methods does Desktop Setup Pro support?  

Power365 Desktop Setup Pro supports environments that utilize:

  1. Multi-Factor Authentication (MFA)
  2. Active Directory Federation Services (AD FS)
  1. Single Sign On (SSO) with mixed authentication modes, such as:

    1. Modern Authentication (ADAL)
    2. Forms Authentication
  1. Windows Integrated Authentication

 

How does Desktop Setup Pro work?  

  1. Administrators choose their Migration Options:
    1. At the time, when the user is finally moved to their target tenant, the Project administrator has the option to send the user an email where they may download the application and run it.
    2. The other option is for the Project administrator to silently install the agent application to each workstation before the final migration begins and when the user receives the email in their source mailbox, the agent will run automatically during the next logon.
  2. Cutover Begins: Either a cutover event is scheduled, or a project operator started one.
  3. User Receives Email: The end-user receives an email in their source mailbox.
  4. User Runs Agent: The user downloads and runs the agent or the agent auto-starts upon login.
  5. User Enters Password: Once the application begins, the user will be asked to provide their target credentials for authentication purposes.
  6. User Chooses which apps to configure: Next they will be asked if they would like to reconfigure their Outlook application, followed by Teams and finally OneDrive for Business. The user has the option to skip any of the application configurations they wish to perform later.

 

Is there any tenant level requirement needed to use the Desktop Setup Pro?  

Yes. “ApplicationImpersonation” role is part of the “Organization Management” admin role within Exchange Online for the Source tenant when the Desktop Setup Pro feature is enabled. This role is needed to send a hidden message to the source user mailbox to display the user’s target mailbox information when launched.

 

What is required to install Desktop Setup Pro?  

The following will be required on each user’s Windows workstation to run Desktop Setup Pro.

 

General Requirements

  • The permission to download and run an executable (exe) file (optional).
  • Disable any policies preventing Outlook Profile, OneDrive for Business, and Teams application changes or creation.
  • The end-user will need to be supplied with the new or temporary password for the new account residing in the destination Microsoft 365 tenant. (if applicable)

Important Tip: Try Power365 Real-Time Password Sync for Active Directory to keep your migrated hybrid users in sync so when they are finally moved, they keep their same password. Making the migration smoother and easier for everyone.

 

Licenses

Before starting cutover, each target user account must be licensed for each application that will be configured using Desktop Setup Pro. The following are required:

  • Exchange Online if configuring Outlook profiles
  • SharePoint Online if configuring OneDrive for Business application
  • Teams if configuring Teams application

Important Tip: Premium Integration Projects automatically assign these licenses to target user accounts during the provisioning step.

 

Software

The following outlines the minimum version requirements for different software packages installed on your end-user’s workstations.

 

Network

The following outlines the minimum network related requirements to run Desktop Setup Pro.

  • Internet access using Port 443.

  • Internet access to download the executable (optional).

  • Internet access to connect to Microsoft 365.

  • Internet access to the Power365 Outlook agent endpoint at https://power365.quest.com/api/outlook

    • Internet access to Exchange Online "Autodiscover" endpoints at:

      • Global: https://autodiscover-s.outlook.com/autodiscover
      • Germany: https://autodiscover-s.outlook.de/autodiscover (deprecated)
      • Local access to read\write the following registry keys on the end-user's workstation:

        • Outlook 2010: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem
        • Outlook 2013: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0
        • Outlook 2016: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0
        • Outlook 32-bit: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office
        • Outlook 64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office

Please Note: During this process, the Outlook Profile will be copied to a new Profile directed to the target account. Due to this configuration, a new OST download will occur based on your current cache settings, if enabled. To avoid network congestion try disabling or curtailing your cache settings to a lower amount of data then slowly increase it as needed. This can be accomplished through policies.

 

What options are available to deploy Desktop Setup Pro?  

There are two installation options to deploy Desktop Setup Pro to your end-user’s workstations.

  1. Silent – Administrators may preinstall the Desktop Setup Pro agent using a GPO via the Silent Installation option. This method will trigger at the next user log-in after the cutover email is sent.
  2. Direct Download – End-users may be sent a cutover email that includes a link to download the Desktop Setup Pro agent from our portal. This method is triggered when the end-user downloads and runs the agent.

 

I am already using Outlook Setup Pro. How does this impact my users’ experience?  

If you are actively migrating your users, we do not recommend testing this feature as this will impact your end-user experience and may cause disruption to your migration project. However, if you are the start or yet to start and have a need to automatically help your end-user configure your user’s Outlook, OneNote and Teams applications.

 

How do I upgrade to Desktop Setup Pro?  

Power365 Desktop Setup Pro is currently available through our public preview version. To request access please contact Support. Once you begin using Desktop Setup Pro, you would no longer use Outlook Setup Pro. Therefore, any silently installed agents will need to be updated.

 

Are there any limitations for Desktop Setup Pro?  

Please be aware of the following limitations of Desktop Setup Pro:

  • When the new target account is added for OneDrive, the migrated target files and folders are synchronized again, causing double files until the source is cleaned-up.

  • The end-user must remove source files and folders manually.

  • The source OneDrive account is not automatically disabled from synchronization.

  • Multiple Outlook profiles will be created if end-user runs the Desktop Setup Pro multiple times for the same account.

In addition, please review the most recent known limitations.

 

Additional Information  

Desktop Setup Pro Setup

Outlook Setup Pro

Known Limitations

Migration Profiles

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating