DeploymentPro AMA: Outlook Configuration Discussion

A major benefit of BitTitan’s User Migration Bundle is access to DeploymentPro, our automatic Outlook configuration tool. This solution helps teams save time and effort post-migration while preserving overall margins on a project.

Recently, Customer Success Engineer and DeploymentPro expert Tim Huff led an ‘Ask Me Anything’ discussion on the BitTitan Community Forums to field questions about the tool and outline best practices. That discussion has been reorganized and copied below – see the original thread here in the BitTitan Help Center.

 

What Destination Domain name should be used – the alias @companyname.onmicrosoft.com or primary @companyname.com which also matches the current on-premises domain name?

DeploymentPro will only want the User Principal Name that will ultimately be used for that Mailbox. Outlook can only log into the mailbox with the UPN. The SMTP address can be different but is usually the same as the UPN.

In the case where you have a tenant-to-tenant migration while using the same domain name, there is no way to test it with the ultimate UPN. However, you can specify the .onmicrosoft.com address as the UPN and DeploymentPro will flip the profile. Once you have tested you can revert the profile creation using our KB and re-run it when the domain has been moved to the Destination.

 

For the full migration – does Deployment Pro reconfigure all of the workstations they use and have DMA installed or just the first one that they log into?

A user can have as many workstations or logins as they like and be covered by a single license. Example: you have your work laptop and a home machine, install DMA on them and they will check in under one user but show two devices. When you schedule DeploymentPro, it will pop up on both devices. You would need to log into every device.

 

If my GPO deployment does not install the Device Management Agent properly, what should I do?

GPO is a tricky business but our instructions work for about 85% of our customers. MS pushes their customers toward SCCM or third party products like Kaseya, BigFix, and others to deploy packages. The biggest issue with GPO is we are asking you to run a Scheduled Task and scheduled tasks are pretty finicky. There are some environments that just won’t work but we don’t have a way to identify them. We will give a best effort to help you with GPO but ultimately it’s your AD and we expect you to manage it accordingly.

 

What are some best practices when setting up my users prior to running their profile cutover?

Great question. Schedule the cut over the minute you know that future date and time. The Agent checks in about every 60 minutes. If you Schedule it for Now it could take up to 90 minutes to pop up the User Interface. That is frustrating if you’re expecting it to be immediate. So, by scheduling that date ahead of time, it will pop up at the exact moment you want it to. Once the agent has picked up that future date the heartbeat for DeploymentPro will reduce to 15 minutes. What this allows you to do is re-schedule if you decide to push the date out or move it up.

 

When a customer has a single domain name, Deployment Pro works great. When the customer has 15 primary domain names (think hotel chain), you have to reconfigure DP, select the appropriate accounts, and then schedule that group of users, repeat…Is PowerShell the only real way to get DP to handle multiple domains if you are not going to do it manually? Is there something on the road map for handling multiple domains?

Every time you schedule a user, it assumes the domain part of the UPN on the Settings page, you have to go there for every “wave” of users you are Scheduling and change it, schedule those Users, change the domain, schedule the next batch, rinse and repeat. We do have a feature request to improve – in the meantime, PowerShell to the rescue.

With PowerShell you have a CSV with only two values. Value 1 = Primary Email Address that is in MSPC, it does not matter if it is right or not, that value is basically the title of that entry on the page. Value 2 is whatever the UPN is for that User. You would not need to go to the Settings page at all. You could have a different CSV for every domain so you can look at them in a glance.

 

What should I do if the reported users do not have the proper UPN when reported by the DMA tool?

Understanding how the Agent reports the User back to MSPC. If your users are in MSPC we try to match them but many times they do not.

We first look for the value in SMTP:proxyaddresses field in AD and use it whether it matches or not, if this is not present then we look for the Email Address on the General Tab in Active Directory Users and Computers, if that is not present then we default to the UPN they log into their computer with like a .local or .corp. Sometimes this will not match the address in the Users container in your project. It will not hurt anything but it will not match so the license is on the wrong duplicate entry.

A non-domain joined computer will come back as username@COMPUTERNAME.gen, same issue.

You do not need to edit anything in the Users Container in MSPC. When you go to the DeploymentPro page only computers that have DMA running on them will show up. The only address that matters is the Destination UPN they login to their mailbox with. When you Schedule them you can edit the UPN to the correct value.

 

What does DeploymentPro look for when trying to cutover the user’s profile?

When the UI has popped up for the end User they will see a window that has a “Next” button. They will click and enter their password and hit next. Here is what happens with DeploymentPro.

Our code goes to the following URL https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml and passes the UPN and password using Basic Authentication. If MFA or Modern Authentication is enabled we will not be able to get the AutoDiscover information for that User and it will fail. You can manually test this by going to the URL and when it prompts for the UN and PW you will get an XML response of <ErrorCode>600</ErrorCode>. Once this is successfully accomplished Outlook takes over and creates a new profile. Our code then connects to the Source mailbox and gets the AutoComplete information in the hidden msg in the Inbox, we link the Signature to the profile and Outlook opens for the first time and downloads the new OST.

 

Do you any guidance or best practice advice on how long before migration should the DeploymentPro agent be tested and then deployed to the production environment ahead of a production cutover migration?

If I am wearing my Admin hat as a Customer using our product, I would say immediately and you couldn’t do it soon enough. Good Admins will test every possible scenario and would not believe anything they are told or read (they use our documentation as guidance). They Repro everything possible because when it’s time to configure the end user’s devices it is too late to fix the environment and would have to do the profile creation manually.

 

When you deploy the agent how does it know to report back into my console and not some other client? I have accounts in Outlook for about five or six different tenants. If multiple of those tenants have DeploymentPro projects, will my machine appear in all of them?

When you deploy the agent we use unique names for the setup file that looks like this – BitTitanDMASetup_42FB5DB4B82F1D68__.exe. Any device in the world that runs that setup file will report into the associated customer in MSPC. If you alter that name, it will fail to install. There is also an email version of the setup file that looks like this BitTitanDMASetup_U_E8C2F87A3B2E9F57__. This file is specific to that Customer AND User’s email address. While the email version is easier for the Admin, the end-user has to look for this email and click on the link to install the Agent. Another downside is if this User shares that link our system will believe it is the same person who it was sent to. I’ve seen someone share their personal email link to the entire company and they all ended up showing up as that one user. Yikes.

Outlook will only create the profile of the main account you are migrating and will not create the other accounts, they would have to be added manually.

 

If we keep the agent on the workstations then if a second or third user logs into that workstation who had an outlook profile to the old tenant, will the agent pop up for them and update their Outlook profiles too?

If other Users log in they will report to the Project but nothing will happen unless they are Scheduled. If they were scheduled, the pop up would run and it would create a new profile for them just like the first user. We do not update anything, Outlook creates a “new” profile and we never touch the old one.

 

Leave a Reply

Be the First to Comment!

avatar
  Subscribe  
Notify of