Editor's Note: The following is a guest post by Exchange Server MVP J. Peter Bruzzese as part of the MVP Award Program Blog's "MVPs for Office 365" series. J. Peter Bruzzese (Triple-MCSE, MCT, MCITP) an Exchange MVP, is the co-founder of ClipTraining, an Exchange and SharePoint Instructor for Train Signal, a well-known technical author for Que/Sams, SearchExchange and others, a product reviewer for MSExchange.org, a technical speaker for Techmentor, Connections and, at times, TechEd… and the Enterprise Windows columnist for InfoWorld. In his spare time… well, with all that… let’s be honest… J. P. B. has no spare time. ;-) Follow him on Twitter @JPBruzzese.
All hosted email solutions include some form of online management through custom built browser-based tools that range from awful to adequate when compared to on-premises management tools. Especially is this the case with Exchange 2010 where the Exchange Management Console and Exchange Management Shell provide such a wide array of configuration tools for an administrator to work with in their organization.
Office 365 is unique in that there is a built-in universal management tool for both on-premises and hosted Office 365 environments called the Exchange Control Panel (ECP). Released with the RTM of Exchange 2010 this is a browser based method of administration for Exchange that many admins aren’t even aware of yet, especially if they have been caring for legacy Exchange environments.
How-To Access the Exchange Control Panel
The ECP is connected to your Outlook Web App login. So, whether you are accessing your on-premises mail or Office 365 mailbox, if you do it through Outlook Web App you can perform the following steps to see the ECP (note: you have to have the proper permissions to perform most tasks within the ECP, however even users can be granted permission to perform tasks through role based permission settings).
So, to start with you want to log into your Microsoft Online Services portal as an administrator. You could log straight into your Outlook Web App but it’s good to get a glimpse first of what control you have through the initial Admin oriented tools.
The Admin Overview console for Office 365
As you can see in Figure 1, you have all the basic options and links available to you including the ability to reset user passwords, add new users, assign user licenses, configure security groups and domains and so on. But none of the real nitty-gritty options like ‘Create Transport Rules’ or ‘Configure Role Based Access Control’ that you might be hoping for. Not to worry, these are all located in the Exchange Control Panel. (Note: There are some cool Support links in the bottom left that are worth checking out, but these are not going to help you configure your organization’s messaging). Now you may be the kind of Exchange admin that says ‘hey, this is perfect! I just set up the account and that is all I need to do in my case.’ But if you prefer to do more, or need to do more for your organization to be able to work with and trust Office 365 then you perform the following steps from here.
Now keep in mind, the settings you see in the ECP with Office 365 are pretty much the same as what you see from an on-premises installation of Exchange 2010 SP1. SP1 included even further enhancements to the ECP than what we got with the RTM and so we will no doubt continue to see more control within that ECP. One notable difference is that the Office 365 ECP has a special link for Forefront Online Protection for Exchange (FOPE) that we’ll discuss in a moment.
Outlook Web App (OWA) for an Office 365 mailbox with administrative permissions
The Manage Myself settings
The Manage My Organization Exchange Control Panel
Features of the Office 365 ECP
There is so much to point out if you have never worked with the Exchange Control Panel before. We’ll go through an overview of the main features but in some cases these may be more than just features that you have to re-locate based upon your Exchange 2007/2010 knowledge but they may be new concepts that you have never even heard of before, like RBAC. Remember, just because you are going with a hosted solution, in this case hosted Exchange 2010 SP1, doesn’t mean you don’t have to know what’s new in Exchange. The more you know, the more you’ll be able to jump in with the ECP to provide a better experience for your organization.
Here are the main nodes and their options:
Users & Groups: Through this node you can work with mailboxes by creating new mailboxes (or importing a .csv of user accounts to create new ones). You can look into the details of a mailbox and make all sorts of adjustments to the mailbox as if you were working with the on-premises tools (shown in Figure 5). You can also configure Distribution Groups, External Contacts and E-mail Migration. As you might expect, E-mail Migration allows you to configure a connection to your on-premises solutions (including Exchange 2007 and later with Autodiscover, Exchange 2003 and later with manual settings and IMAP) and migrate mailboxes to the cloud.
The Users & Groups node with the mailbox details showing for a user
Roles & Auditing: Here is where you can configure Role Based Access Control (RBAC), which is the new permissions structure for Exchange 2010 (shown in Figure 6). It provides a much more flexible and detailed level of control than what we had with legacy Exchange versions and you can choose to place persons into built-in role groups with various roles assigned or create your own. You can configure Administrator Roles for Discovery Management, Records Management, UM Management and more. Under User Roles you can configure assignment policies for users and assign these. And then you have Auditing, which allows you to run a variety of different reports and export mailbox and administrator audit logs.
The Roles & Auditing node with RBAC built-in groups showing
Mail Control: If you have heard about, or had a chance to work with the incredible control provided through Transport Rules in Exchange 2007 and 2010 you will appreciate that through Mail Control you will have the ability to create rules as well. The rules you are able to create are designed to meet the focus and function of your hosted environment. In addition, on the Rules tab you can see Additional Security Settings (shown in Figure 7) that allow you to select and configure your FOPE settings. You can work with Domains & Protection settings from the Mail Control node, as well as Journaling, Discovery and Delivery Reports. Note: You’ll only see Discovery if you have been assigned the Discovery Management role group. Even if you are an administrator it is not automatic that you are assigned into that group. Once assigned, you will have to log back in to see the Discovery options and now you can perform multi-mailbox search within your organization.
The Mail Control Node with FOPE options to the right
Phone & Voice: From here you can configure UM Dial Plans, UM IP Gateways, ActiveSync Access and ActiveSync Device Policy. Of these, the ActiveSync Device Policy is interesting because you can create the policy through the browser options, as shown in Figure 8.
The Phone & Voice node with ActiveSync Policy settings being configured
Personally, I’ve worked with a lot of hosted email solutions. Part of my job as a technical author and product reviewer is to deep dive into all the features and see to what degree I have control over a mailbox once it is hosted, as opposed to on-premises because that is one of the biggest problems admins have with putting their mail in the cloud when they’ve had on-premises for so long, the relinquishing of control.
What I love about Office 365 is that it capitalizes on the control through a browser already built into Exchange 2010 SP1. And that control will no doubt grow with further Service Packs or flavors of Exchange, as we’ve seen already between RTM and SP1 and the enhancements provided.
So, if you are on the Public Beta of Office 365 and have administrative permissions, take a tour of the Exchange Control Panel to see how much control you really have over your users. If you thought all you were getting were those few simple options through the Admin Overview console you are no doubt relieved to see that isn’t the case at all.
As an alternative to ECP, consider using "Exchange Tasks 365", a new standalone desktop management tool for Office 365. The tool also supports bulk operation (ie applying the same settings to multiple objects) and management of on-premise Exchange 2010 servers, all from a single console.
To learn more, visit: www.u-btech.com/.../exchange-tasks-365.html