So as an Exchange administrator within a mid-size organization, I thought that the whole topic of Office 365 (aka. Email/SharePoint/Lync in the cloud) was an interesting request to come across my desk.  The first thing that came to mind was what about security, compliance and 3rd party systems that integrates with my current Exchange On-Premises implementation?  So this really started me thinking about what this topic means for the organization I work for, but on a larger scale what is means to any organization.  This article will dive into some of the key considerations for Office 365 as it relates to email and get you started  thinking about what is best for your organization.


Organization Size and SLA’s

As I started investigating this topic I quickly learned that the general perception was that Office 365 as it related to email is that it is especially great for small companies.  This was for many reasons, but the two that stand out are cost affordability and the fact that these organizations have few 3rd party systems that integrate with their current Exchange On-Premises configurations.  For large to mid-sized companies the conversation changed a bit primarily related to organizational SLA models.  Microsoft offers a 99% SLA, but this is not on ALL services to be available at the same time.  For example, they will not guarantee that Active sync, Outlook Web App and mailboxes will have 99% up-time cumulatively.  Active sync could be down, but mailbox access could be up.  These are all considerations, but the question is what is acceptable to your organization.  With all the facts up front you can better set expectations for your company; regardless of size, if you choose to move your email into the cloud.

Security and Compliance

In my research I have also learned that Microsoft has done a great job with Office 365 to meet security and compliance regulations.  Microsoft can help you meet security regulations through isolated consumer data, Information Rights Management, 2-factor authentication and more.  They also offer compliance features such as eDiscovery and auditing/retention.  Their security model does meet specifications for both Sarbanes-Oxley and HIPPA.  They also will ensure that your data is isolated from other organizations mail data.  Microsoft has really gone out of their way to provide their customers comfort from a security aspect related to Office 365.

Also from a security perspective they offer a couple of options related to accounts that will be used to authenticate with Office 365.  They have a tool called Dirsync that uses SSL to synchronize with your Active Directory environment or they will setup separate accounts for you on their system.  It’s nice to know that there are options within this space as well as there are advantages and disadvantes to both.  For example, without the Dirsync integration users will likely need to authenticate to get to their email.

Third-party integration of products

Examples of 3rd party products that might integrate with your On-Premises Exchange implementation are Blackberry, Goodlink, system-based relays, 3rd party systems that deliver voicemail to your mailbox and 3rd party paging systems to name a few.  It will be very important for you to consider all 3rd party systems that send mail through your Exchange system, because it is possible that you may have something that will not.  If you are looking at Office 365, I would suggest that you work closely with Microsoft to determine if you will be able to integrate all of your 3rd party applications with their product option.

Hybrid Office 365

Another interesting option that is available to organizations is Hybrid Office 365.  This will allow you keep Exchange On-Premises, but will allow you to archive older email to the cloud.  From a technical perspective this requires an onsite server called an Exchange Hybrid server and then based upon the needs and decisions of your organizations auditing and retention policies you can store the older and less like used data in the cloud.  Of course there are legal considerations surrounding this option, but as stated above Microsoft has gone above and beyond to meet the regulatory compliance needs for any sized organization.  So this can be a really great option if it meets the needs of your business.

3rd Party Vendors other than Microsoft and Email in the Cloud

As you probably know Microsoft isn’t the only player with Email in the cloud.  If you are going to consider other 3rd party vendors for this make sure you really do your homework.  Make sure that what you are getting from your partner involves your ability to meet all the considerations noted above.  For example, isolated data that meet compliance and regulatory guidelines will be important, understand their SLA’s, maintenance models and Exchange versions and their 3rd party product integration options before deciding against Microsoft as your Office 365 provider.


So whether or not to move to your organizational email to Office 365 or leave it On-Premises will truly depend on your organizations requirements for SLA’s, compliance and regulatory guidelines and 3rd party integration expectations.  There will be cases where Office 365 will be a perfect fit and other situations where it may not be.  Take the time to determine what is best for your organization.