UTORexchange and UTORmail Decommissioning
Note: This archived page is for the 2019 email decommissioning project and is no longer being updated. For the 2021 UTORmail decommissioning project, please see: https://easi.its.utoronto.ca/initiatives/utormail/.
With the implementation of Office 365/UTmail+ across the University, the University began decommissioning the institutional legacy email services, UTORexchange and UTORmail on February 1, 2019.
UTORexchange will be decommissioned as of January 2020 and all email accounts still residing on UTORexchange will be closed and permanently deleted.
Guidelines and Policies affecting the decommissioning of institutional legacy email services
Guideline on Access to Email for University of Toronto Employees
Access to technology resources such as email is a privilege offered to University of Toronto employees based on their employment status. When an employee’s employment relationship with the University ends, they are no longer entitled to retain access to University of Toronto email services.
The granting, termination, and changing of utoronto.ca email access for employees occurs when Human Resources determines eligibility. Although ITS performs the technical actions for these processes, since these actions are driven by employment status, determinations about when they should occur will be informed by Human Resources.
Loss of Email Access Due to Account Abandonment
When an email account is abandoned by an individual, they are no longer considered eligible to use that account. An individual is deemed to have abandoned their account if they have not successfully logged into the account with their UTORid and password over a period of six months. Logging-in means successfully connecting to read messages or confirming that all messages are to be forwarded elsewhere.
MX Record Migration Project
We have completed a 6-stage process to having our MX records directed to Microsoft which permitted the enabling of Exchange Online Protection (EOP) and other e-mail security features. Multiple steps were taken to ensure each functioned correctly before proceeding to the next. The following info outlines each step and when it occurred.
- Stage 1: Updated routing of mail being sent to @utoronto.ca and @mail.utoronto.ca addresses
All messages being sent to @utoronto.ca and @mail.utoronto.ca accounts have been routed directly through UTmail+ (O365) rather than through our on-prem infrastructure.
This change occurred on Tuesday, July 16th, 2019. - Stage 2: Updated routing of mail from UTMail+ to UTORmail
All messages being sent from UTmail+ accounts to UTORmail accounts have been routed directly to UTORmail accounts.
This change occurred on July 22nd, 2019. - Stage 3: Updated routing of mail from UTORexchange to UTORmail and external recipients
All messages being sent from UTORexchange accounts to UTORmail accounts and external recipients have been routed through UTmail+ (O365).
All messages from UTORexchange destined for external recipients are now scanned by Exchange Online Protection (EOP). Note that EOP may block senders who are sending bulk or suspected spam to external recipients.
This change occurred on July 23rd, 2019. - Stage 4: Updated routing of mail from UTORmail and external recipients to UTORexchange
All messages being sent from UTORmail accounts and external recipients accounts to UTORexchange have been routed through UTmail+ (O365).
This change occurred on July 24th, 2019. - Stage 5: Updated recipient information in UTmail+
Updates to recipient information allows for the direct routing of messages being sent from UTmail+ accounts to UTORmail accounts.
This change occurred on Tuesday, July 25th, 2019. - Stage 6: Updated routing of mail from external senders to UTmail+
All messages being sent from external accounts to UTmail+ accounts have been routed through UTmail+ (O365).
This change occurred on July 31st, 2019.
This final change included the activation of a number of new features through Exchange Online Protection (EOP) which is the primary filter for suspected spam (SCL of 5 and above), phishing, virus and unwanted bulk (BCL of 7 and above) emails.
- Advanced spoof filtering (suspected spoof emails are delivered to the junk folder)
- Bulk filtering (unwanted bulk emails are delivered to the junk folder)
- Phishing or potential viruses (suspected phishing emails or emails containing viruses are quarantined)
- Personalized allow and block lists (individuals now have the ability to personalize their own “white list” email addresses and block list email addresses or domains through Outlook or OWA
- Message reporting (allows individuals to report false positives or false negatives for messages that have been incorrectly marked as SPAM or non-SPAM)
- Blocking executable attachments (attachments are quarantined)
- Zero-hour auto purge (ZAP) (detects phishing messages or messages containing malware that have already been delivered to the Inbox, and then renders the malicious content harmless)
- TLS 1.2 encryption for external mail flow
- The ability to modify custom spam filter levels is no longer available.
Background
Reports
Over the period of the consultation for Student e-Communications, the group released four (4) reports based on their findings. The reports are referenced below, including the CIO’s response and the recommendations.
List of Reports and Recommendations:
- Report #1 – Student e-Communications (February 26, 2010)
- CIO’s Reponse to the Student e-Communications Report (February 26, 2010)
- Report #2 and Recommendations, Student e-Communications Services (Web) (May 12, 2010)
- Report #3 Student e-Communications Consultation w Appendices (September 15, 2010)
- Report # 3: Appendix 1 – Email Threat-Risk Assessment (September 15, 2010)
- Report # 3: Appendix 2 – Privacy Impact Assessment (September 15, 2010)
- Report # 3: Appendix 3- Student Survey Summary (September 15, 2010)
- Report #4 – Student e-Communications (February 7, 2011)
- Threat-Risk Assessment v 2.1 (Final) (June 3, 2011)
- Privacy Impact Assessment v 3.1 (Final) (May 30, 2011)
Migration Event Review – May 2017
Executive Summary
Primary Objective
Migration of student and alumni accounts in Office 365 from US-based facilities to Canadian data centres with the establishment of a UofT tenant in Canada.
Expected Duration of the Outage
The migration commenced on Friday, 28 April at 6:00PM and was expected to conclude with services restored in the newly established Canadian tenant at 6:00PM Monday, 1 May.
Actual Duration of the Outage
UTmail+ was available again, less the backlog of email cached during the outage, by about 4:00AM, Thursday, 4 May.
Primary Cause
The number of accounts being migrated significantly affected the duration of the outage. Tenant-to-Tenant migrations between different data centre regions is a relatively new innovation from Microsoft and was only available to Canadian clients as of May 2016. Office 365 migrations are complex and require the synchronization of data across multiple interconnected services within Office 365. Sequence and timing are critical with the multiple interdependencies of the service components.
In the production environment, migration processes are subject to the competing resources within the tenant, the capacity forest, the layers of Office 365 and Azure Directory Services. Synchronization issues within Office 365 accounted for significant drag on the time to complete. The synchronization delay resulted in the inability to clear all remnants of the @mail and @alum references from the US tenant during the process – a necessity for breaking the connection with the US tenant prior to establishing accounts on the Canadian tenant.
Tenant size, movement between the US and Canadian-based data centres, and propagation and synchronization of data across multiple Office 365 components ultimately accounted for the extended time required to perform the migration.
Secondary Effects
Actions taken to speed the migration process included re-provisioning of licenses to some accounts that were apparently lacking following the return to operation. The licenses were eventually provisioned but were held up by the delays in data transfer and synchronization. Remediation prior to their provisioning led to secondary complications post-restoration. These complications these were all rectified in the following days.
Current State
Office 365 in the Canadian tenant is fully operational. Planning for the Faculty and Staff migration are underway. The few remaining migration clean-up issues are defined on the Known Issues page in the IT Service Centre.
Lessons Learned
- Plan for Greater Outage Duration — For a unique event such as this tenant-to-tenant migration, additional outage time should have been secured and promoted. Had the migration completed sooner there would have been a realized benefit, but additional mitigations might have been taken by individuals to work around the outage had they expected additional time without email.
- Expand Communications and Communicator Resources During Event – Because the event extended beyond the expected duration, a stated update schedule, e.g., “Updates will occur every 2 hours until event conclusion” would have provided additional assurance to students and some level of certainty as to when the next update would occur.
- Timing and Alternatives – There was speculation/conversation about the timing of the outage. Internally, the project team and leadership recognized that this was the optimal window to perform the migration, but this was not fully shared with the affected communities. More communication about the rationale behind the migration and its timing would have alleviated some concerns.
O365 Tenant Migration to Canada Issues Status |
||
|---|---|---|
| Issue | Description | Status and Action |
| Missing Folders in Office 365 | Reports that mail copied to some folders in inboxes is incomplete. | Resolved. |
| Inbound Messages Rejected | Some messages are looping in the delivery cycle. This is related to the licensing problem reported. | Resolved. |
| SPAM Mail | Some user are reporting issues with spam mail. | Resolved. |
| Office ProPlus desktop apps cannot be downloaded | Link is not available to eligible UTmail+ clients | Resolved. |
| Error Message when logging in | A number of users were reporting a Microsoft license error message:”X-OWA-Error: Microsoft.Exchange.Clients.Owa2.Server.Core. OwaUserHasNoMailboxAndNoLicenseAssignedException |
Resolved. |
| Forwarding Messages from Office 365 Account | Users forwarding their Office 365 accounts were not seeing messages. | Resolved. Some forwarding settings were not populated properly. Log into your Office 365 account at mail.utoronto.ca to re-enter the forwarding options. See the instructions on setting up forwarding. |
| No Access to UTmail+ Archive | Users would like to know when they can access their old UTmail+ account contents. | Resolved: This feature has been enabled and is available to all users. See the instructions on how to access the UTmail+ Archive. |
| Inbox Rules Not Transferred | User settings for inbox rules were not carried over. | Resolved: Users need to recreate their inbox rules. Instructions on creating rules are on the Help Desk Knowledge Base. |
| External Mail Delivery to Alumni Domain | Reported issues with @alum.utoronto.ca accounts not receiving external email. | Resolved. |
| Rich Client Access to UTmail+ | Rich Clients (Outlook,iPhone, MacMail etc.) were unable to connect to mailboxes in Office 365. | Resolved: Timing issue for DNS changes to propagate to services through the web. |