Product Review: Cayosoft Administrator
Product Name: Cayosoft Administrator
Product Homepage: click here
Free Trial : click here
Cayosoft Administrator is a versatile product aimed at providing a comprehensive solution for IT administrators, service desk staff and self-service management of Office 365, Active Directory, Exchange and in particular, Hybrid environments.
With a web-based portal for access and a comprehensive rules and scheduling engine it aims to provide a very comprehensive solution for managing modern Office 365 Hybrid environments.
In this review we are taking the product through its paces to see whether it can meet some common day to day requirements many organizations find the need when migrating to Office 365.
The challenges of managing a Hybrid Exchange environment
Microsoft provide very comprehensive controls for managing a Hybrid Exchange environment both through the web interfaces and through PowerShell.
However, there are a number of challenges once you implement a Hybrid environment, or simply migrate all your mailboxes to the cloud.
For example, the typical manual workflow for creating a new Exchange Mailbox in Office 365 involves:
- Creating an Active Directory account
- Enabling the new AD account as a remote mailbox
- Waiting for Azure AD Connect to sync the account to Azure AD
- Granting an Office 365 licence to the newly created user in Office 365
- Waiting for the mailbox to create in Exchange Online, then configuring other typically essential options like enabling In-Place hold.
This becomes more complex when it comes to objects like Shared Mailboxes, which you cannot create in the local AD natively and need to either:
- Create an on-premises Shared Mailbox and then migrate it to Office 365.
- Create a new user mailbox (as described above) and then manually convert it to a Shared Mailbox as a final step.
Day to day management of a Hybrid environment can be complex too. This is because certain features are managed from the local Active Directory, and other features are managed from the Office 365 management console. This can be complex as you need to know exactly what you want to do, then pick the right management console. Often administrators will start with one then realise they need to use another. A good example is enabling an Archive mailbox. Although the button to enable it is in Office 365, you will get an error if you press it. You have to press the equivalent button to enable the personal Archive on-premises and await the next Azure AD Connect sync cycle.
Typically, organizations will need to either create custom scripts to meet requirements, buy a third-party tool or perform the steps manually. Although it’s possible to perform these steps for a smaller organization manually, once you have a large number of users, day-to-day management can be a significant burden.
Cayosoft Administrator 4.0 is a full-featured management and provisioning solution. Outside of the scope of what we’re covering in this review, it is capable of batch-creation and management of users, and claims to be able to connect to sources like your HR system to retrieve users and perform mass updates. It is also able to provide self-service functionality to users, such as password reset and self-service mailbox migration. As well as managing AD, Exchange, Azure AD and Exchange Online it has modules to allow management of Skype for Business Online.
You’ll find a full comprehensive list of what Cayosoft Administrator provides here.
In this review though we’ll walk through the installation process and then focus on the core day-to-day Hybrid management functionality included in the product.
Our example environment is a simple one. We’ve got a single Active Directory domain controller running Windows Server 2012 R2 with Azure AD Connect and AD FS installed. For Exchange we have a single Exchange 2016 Mailbox server configured for Exchange Hybrid with our Office 365 tenant. Our tenant has a mix of E3 and E5 licences available.
Setup and Configuration
Installation of the product is fairly straightforward. A core installer file and a licence key is provided.
Upon launching the installer, guidance on the setup process is provided. This breaks the installation into a number of steps – starting with links to videos to provide an overview of the installation process.
Figure 1: Launching the setup process
The setup process for each component is straightforward and uses a standard Windows installer.
Figure 2: The installation wizard
After setup completes, we are prompted to configure the web portal. We are then reminded of the pre-requisites for the web-based components, and provided the opportunity to automatically install them.
Figure 3: Performing the web registration
After installation completes, we’ll launch the Cayosoft Administrator application from the Start Menu.
This will take us into the initial configuration wizard, allowing us to specify defaults. On the first page we’ll configure some all-important settings. In the example shown below we’re configuring the AD settings, including configuring the all-important service account that will be used for operations.
Figure 4: Configuring AD defaults
We’ll also need to provide connection details for Exchange On-Premises, Office 365 and should we require it, the Migration Engine and SMTP server settings.
After the initial configuration completes, the Cayosoft Administrator main console launches. This is used to define the policies and settings, such as the rules used to apply settings to users, the roles that web users have, options and workflow used in the web interface and to define lists, data and view reports:
Figure 5: The Cayosoft Administrator Console main dashboard
We can also navigate to the Web interface and login to ensure it works as expected. You’ll see the view is oriented around management of our environment rather than the application itself, with options for Active Directory, Mailbox Migration, My Organization, Office 365 and a self-service section:
Figure 6: The Cayosoft Administrator web interface
With Cayosoft Administrator installed, let’s take a look at what we can do with it.
Example Usage Scenarios
Based on some real-world customer requirements we’ve put together a few fairly normal usage scenarios we’d expect most organizations would need:
- Provisioning users and licensing
- Enforcing policies
- Day to day user management for users in a Hybrid environment
- Creation of shared mailboxes in the cloud
- Delegation of specific functionality in the UI
Provisioning and enablement of users
As a basic test to see what the product can do out of the box, we’re going to attempt to create the configuration to allow us to create a new AD user with Exchange Online mailbox automatically created with an E5 licence assigned.
We’ll need to navigate to the Cayosoft Administrator Console first to set up the correct rules so that the functionality works correctly in the web client. We can use pre-configured rules within the console and simple set up our own specific logic.
In the example below, we want to limit the scope for Office 365 user creation to a specific OU to match my Azure AD Connect sync scope. We’ll also enforce the associated licensing rule.
Figure 7: Configuring an out-of-the box rule
The enforce licence rule is fairly straightforward. Using the built in rule we’re able to generate the specific set of licensing the user will have applied. You’ll see in the example below Cayosoft Administrator has automatically detected the new E5 plan and allows us to select the individual licence bundle options:
Figure 8: Selecting licence options automatically retrieved
In addition to the two rules above we’ll also spend some time configuring the defaults for all rules we want to use. As well as preparing rules for use by the web interface we can ensure that the rules run on a schedule – for example to ensure any users created outside of the provisioning process get the correct licence applied.
After configuring the rules we’ll switch to the web interface. This is the interface that most IT administrators or service desk personnel will use on a day-to-day basis. After login we’ll navigate to Active Directory and choose to create a New User:
Figure 9: Creating a new user
After choosing New User a popup will appear providing the opportunity to enter user details. In particular, we’ll see we have the option to create an on-premises or Office 365 mailbox:
Figure 10: Choosing to create a new Office 365 mailbox
On the subsequent page of the wizard we’ll have the chance to set additional attributes and a password. You’ll notice that the Country/Region can be set in AD at the time of user creation. A handy feature here is the ability to configure the rule to pick this up from AD and stamp it on the user in Office 365.
Figure 11: Completing the new user details input
After choosing Create, we’ll be shown the progress for user creation. One surprise here is that the creation task is performed while you wait. Due to the lengthy wait for Azure AD Connect’s sync engine, Cayosoft administrator creates the user directly in Office 365 as well as the local AD.
Figure 12: Monitoring user creation progress
At this point we’re pretty much ready to pass the login details to the new user.
However, if we want to be nosy and see what it’s done under the hood we can first navigate to AD Users and Computers. We find John Smith has indeed been created as a standard AD user:
Figure 13: Examining the created user in AD
Following the user to Exchange On-Premises we can see if an associated Remote Mailbox has been created. The remote mailbox contains the correct on-premises attributes that are normally picked up by Azure AD Connect when syncing to Office 365. As expected we see a Remote Mailbox ready and waiting.
Figure 14: Examining the created remote mailbox in on-premises Exchange
Normally at this point Azure AD Connect’s sync engine will come along on the next scheduled run and create the new user in the cloud.
Cayosoft have skipped this step and connected directly to Office 365 and created the user for us. If we log in to the Office 365 portal, we’ll see John Smith has been created as a Cloud user:
Figure 15: Examining the new Cloud ID in Office 365
If we dig a little deeper and examine the user location and licence, we’ll see that the correct licence has been applied:
Figure 16: Examining the Office 365 licence and usage location options
If you’ve some experience with Office 365 Hybrid deployments then you may be slightly concerned that the new Office 365 user is showing as a cloud user. This is intentional, and during the set up of the rule we are provided with the option to set something known as the ImmutableID.
This attribute is used to match the on-premises AD environment to the Office 365 Azure AD accounts. Cayosoft Administrator uses the ObjectGUID as per the default for DirSync, Azure AD Sync and Azure AD Connect.
Figure 17: Examining the ImmutableID set in Office 365
This means that on the next Azure AD Connect scheduled sync, the new user in Office 365 will be linked to the on-premises user and will be marked as Synced with Active Directory:
Figure 18: Viewing the new user after a sync has completed
A common requirement from Office 365 customers is to enforce the use of In-Place hold or Litigation Hold. This is not something that can simply be specific in the local Active Directory and synced, and often requires custom scripts to implement.
For our test we want Cayosoft Administrator to ensure all users have a specific set of litigation hold settings applied. We’ll follow a simple wizard to pick the hold policy rule, then configure some custom settings. In the example below we have chosen to enable litigation hold for all users for a duration of at least 6 years.
Figure 19: Creating a rule for enabling in-place hold
You’ll see above the option to Enforce the rule. This allows us to schedule it to automatically run in the background. Once scheduled, we can example either the in-built reports, or view the mailboxes directly. For our test we’ll double check our new mailbox for John Smith and ensure that he has the hold automatically applied:
Figure 20: Verification that the hold has been applied
Day to day management
A needlessly complex task can be editing a mix of settings, some mastered on-premises and some only accessible in Office 365.
As an example we’ll change SMTP addresses for a user and also edit their ActiveSync access permissions. This would normally require an administrator to login to the on-premises Exchange Admin Center and then login to Office 365 to make changes.
To perform the changes through Cayosoft Administrator we’ll navigate to AD Users, then search for the user, then after selecting the user select the Mailbox option:
Figure 21: Managing an individual user
Under the hood the web interface will retrieve the latest information from both on-premises Exchange, AD and Office 365. This is presented in a tabbed interface providing access to Email Addresses, Mailbox Usage, Features, Mail Delivery Options, Restrictions, Delegation Options and Automatic Replies.
As we want to edit email addresses and then enable ActiveSync we’ll stay on the first tab and add a new email address to the user:
Figure 22: Editing email addresses
Next, we’ll navigate to the Features tab and set ActiveSync to Enabled:
Figure 23: Editing Client Access options
Although this doesn’t look impressive to a casual observer it is very impressive as tasks like this are normally very frustrating to most IT admins when managing a Hybrid environment. The simplicity of a single interface to manage AD properties and Exchange functionality (wherever it may be) will remind many of the fondly remembered Exchange 2003 snap-ins for AD Users and Computers.
This simplicity spans the product, with Shared Mailboxes being another example. As mentioned above Shared Mailbox creation can be a particular challenge in a Hybrid environment. In Cayosoft Administrator you simple get the option to create it on-premises or in Office 365. Under the hood the product will take care of the intricacies involved when the Create button is pressed.
Figure 24: Creating a new Shared Mailbox in Office 365
The functionality provided for management of Exchange Hybrid environments is very impressive and out of the box covers most functionality organizations large and small need. The full list of features is too comprehensive to list here, and the product appears fairly easy to customize or add additional functionality to. All the core challenges listed above are covered.
Management of newer features such as Office 365 groups would be welcome, as the Office 365 management tools are notably weak at the moment. It’s also probably worth highlighting that the Office 365 management functionality is aimed in particular at UC-teams looking after Exchange and Skype for Business Online, as at present there is little functionality to manage core services like Office Pro Plus, Yammer, SharePoint Online and OneDrive for Business. It’s reasonable to expect that a Service Desk will need to de-activate old Office Pro Plus installations as users eventually hit five installations, and pre-provisioning OneDrive for Business would be a welcome addition.
However, the above functionality isn’t commonly asked for as part of core provisioning activity. Automated licensing and simplification of management are asked for a lot, along with the automated application of hold policies and the product excels in these areas.
Cayosoft Administrator comes with product support, along with a web-based knowledge base and comprehensive documentation including setup and concept videos. The pointers to the documentation were a welcome addition to the product. During use of the product pointers to knowledge base articles were also provided, helping avoid the need to search for answers or open a support case.
With a straightforward setup process, out of the box ruleset covering most scenarios and a great looking, intuitive web interface, Cayosoft Administrator is arguably better than Microsoft’s own tools for Office 365 management. It’s a product we would happily recommend to either use as a standalone product or to complement existing tools.
MSExchange.org Rating 4.8/5