1

I have a client that wants to migrate services away from their on-prem server (active directory and exchange 2010 on SBS 2011 Standard) and into the cloud. The migration itself is not an issue.

The issue is maintaining some degree of security/privacy with email access through Outlook on shared workstations. After moving away from AD this will need to be considered.

I have two options as far as I'm aware for Windows accounts:

  1. Create a Windows Account for every user (about 10) on every Workstation (three or four), to allow an individual Outlook profile to be created and secured. Management headache but security is maintained.

  2. Create a common Windows Account on each workstation used by all users, with multiple Outlook profiles. Management is much easier, but individual privacy is completely lost.

I believe I can configure Exchange Online to require a password, but does this provide any security for messages already downloaded to the machine?

Is there another option?

Edit - Multiple versions of Outlook in use 2010 / 2013 / 2016.

khargoosh
  • 157
  • 1
  • 8

2 Answers2

1

Remote Desktop Services (RDS) is the 3rd option you're looking for, and the one that will meet your requirements.

The following are two common RDS scenarios:

  • Install Office 365 ProPlus on an RDS server.
  • Install Office 365 ProPlus on a shared virtual machine.

https://technet.microsoft.com/en-us/library/dn782858.aspx

Noor Khaldi
  • 3,829
  • 3
  • 18
  • 28
  • Thanks Noor. I don't think this solution will meet the clients desire to move away from on-prem server infrastructure however. – khargoosh Aug 24 '16 at 07:07
  • Can't see it happening any other way if you want to maintain security, perhaps RDS inside a VM on the cloud instead of a local infra? – Noor Khaldi Aug 24 '16 at 07:12
  • I think that's taking it too far in the other direction with high reliance on cloud infra. Suddenly users can't work at all if the upstream connection fails! I might have to just go with option 1 :-( – khargoosh Aug 24 '16 at 07:26
1

If the workstations are Windows 10, then I would suggest joining them to an Azure AD instance. This will allow them to function as part of an AD domain (of sorts, the functionality isn't 100% identical between on-prem AD and Azure AD) which will include allowing workers with Azure AD accounts to authenticate to the Azure AD-joined workstations and enjoy the security of individual profiles/accounts on the machines, painless auth to Office 365 email accounts, etc.

Have a look at https://blogs.technet.microsoft.com/enterprisemobility/2015/05/28/azure-ad-join-on-windows-10-devices/ for more info

Rob Moir
  • 31,664
  • 6
  • 58
  • 86
  • Another good suggestion, but they are all Windows 7 Pro! Shoot. – khargoosh Aug 24 '16 at 07:20
  • @khargoosh some kind of compromise might be in order then? Either upgrade to W10 or set up something similar to Noor's suggestion in Azure (you'd still need to create a DC in azure that way to do that nicely imo) – Rob Moir Aug 24 '16 at 07:27