BitTitan DeploymentPro is a module of Device Management and the Device Management Agent (DMA) that remotely configures Outlook email profiles after you perform a mailbox migration to Office 365.
DeploymentPro currently only supports Microsoft 365 commercial tenants as the Destination. Hosted Exchange, Exchange On-Premise, and GCC High tenants are not supported.
F3 also known as KIOSK licenses are not supported for DeploymentPro.
Important
Due to the many configurations that may be present in your environment, it is highly recommended that you test as early as possible to see if DeploymentPro will work in your specific environment before the migration of user mailboxes. This will allow time for any issues to be addressed before your cutover.
This guide is intended to be used with the DeploymentPro FAQ, which covers special cases and other information relevant to your project. For guidance and questions about DMA, start with our Introduction to Device Management guide.
DeploymentPro configures Outlook email profiles to the new Destination server and moves users’ AutoComplete, email signatures, and PST (Outlook Data File) files to the reconfigured email profile. However, DeploymentPro does not set the users’ default email signatures for new messages, replies, and forwards.
Important
Migration of AutoComplete entries is not guaranteed on every single device, and are not automatically migrated with the default DeploymentPro settings. Migration of Autocomplete entries may be manually enabled at the user’s own risk by disabling the advanced option “Disable Autocomplete entries migration” in MSPComplete, on the DeploymentPro settings page.
DeploymentPro does the following:
- Creates a new mail profile
- Configures the new profile to send and receive e-mail from Microsoft 365
- Sets the new profile as the default mail profile
- Attaches any existing locally stored PSTs from the current default mail profile
- Copies of the signatures from the current default mail profile
- Copies over auto-completes from the current default mail profile if the source is Exchange
- Sets Cached Mode to 1 year (12 months) for downloading mail for the new OST file in the new Outlook profile. Auto-completes were previously copied from the user's.NK2 file but are now copied from MAPI.
DeploymentPro does not:
- Install a new copy of Microsoft or Outlook
- Install service pack updates for Microsoft Office or Outlook
- Install the Microsoft 365 desktop setup utility
- Import existing PSTs into the Microsoft 365 mailbox
- Set the New Messages or Replies/Forwards default signatures. These need to be set manually DeploymentPro does, however, copy over the signatures from the current default profile. They just need to be chosen and set to be used for new messages and replies/forwards
- Attach existing network-stored, or externally-stored PSTs from the previous default mail profile These will be logged as errors in the DeploymentPro log files
- Force Outlook to use a default profile if the user has previously configured Outlook to prompt which profile they would like to use
- Maintain shared calendars or mailboxes
- Reattach any secondary accounts that were included in the originating profile
- Migrate any content from .nk2 files. This includes autocomplete information
- Server-side rules are migrated using MigrationWiz, depending on endpoints (Exchange 2010+, including Exchange Online). Client-Side Rules are not supported
- Reattach, import, modify, or delete the User's OST associated with the previous profile
- Support multiple devices in tenant-to-tenant migrations. DeploymentPro only supports one end-user device or one Outlook configuration per user.
DeploymentPro Licensing
DeploymentPro is included with the User Migration Bundle license. DeploymentPro cannot be purchased as a standalone service license, and it cannot be added to the single-use mailbox migration license. If you wish to remotely configure Outlook mail profiles using DeploymentPro after a migration, purchase the User Migration Bundle license.
Licenses are consumed when you schedule DeploymentPro by using Schedule Cutover.
Supported Systems & System Requirements
System Requirements
For DeploymentPro to configure Outlook to connect to Microsoft 365, each device must meet these system requirements:
- Microsoft Windows 8 or later (With the latest Windows updates). Windows 7 is no longer supported
- .NET Framework version 4.5 or later
- TLS 1.2 is enabled with the following registry (refer to Microsoft's TLS1.2 documentation for more information):
-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001 -
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001 -
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001 -
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
-
- These versions of Outlook:
- Microsoft Outlook 2019 (Deploymentpro cannot reattach PST or migrate Autocomplete)
- Microsoft Outlook 2016 (with March 2016 PU)
Additional Information
- Linux and Mac operating systems are not supported.
- Microsoft Outlook 2007 is not supported.
- Microsoft Outlook 2010 is not officially supported.
- Microsoft Store (UWP) Version of Outlook is not supported.
- Outlook 2019 has an issue with the command ExcludeExplicitO365Endpoint being set to 1 after the cutover. If this was set to keep an instance of on-premises Outlook from connecting to Microsoft 365 ahead of the cutover, you may be required to set it back to 0 for Outlook to successfully connect to the Microsoft 365 mailbox after using DeploymentPro.
Supported Destination Systems
DeploymentPro currently only supports Microsoft 365 as the Destination.
Exchange environments can have complex AutoDiscover settings, along with UPN and SMTP address mismatches, which can require troubleshooting and reconfiguration before DeploymentPro can be made to work against such environments.
A Proof of Concept will uncover any complications. Steps for testing DeploymentPro can be found outlined under Testing DeploymentPro with a small batch of users in the following KB article:
Prerequisites
This process does not support projects utilizing Basic Authentication. Steps for configuring DeploymentPro to use Modern Authentication/MFA with your destination tenant can be found later in this guide.
Important
If MFA is enabled for users in the destination tenant, each user must perform initial registration for MFA BEFORE the cutover date scheduled for the user in DeploymentPro.DMA will install to the following locations: "C:\Program Files (x86)\BitTitan" and "%LOCALAPPDATA%\BitTitan". There must be no policies, antivirus programs, or limitations in place that can block operations in these locations, such as AppLocker.
Complete these prerequisites before you get started with DeploymentPro:
- Follow the Create the Customer and Create the Endpoint directions in the migration guide for your scenario before beginning the DMA installment process.
- Review the system requirements for DMA and for DeploymentPro. These are listed below.
- Install DMA on the customer’s computers for the users who will need their Outlook email profiles reconfigured.
Confirm that the user’s computers are successfully running DMA
After DMA is installed on the users' computers, ensure that the users who will need their Outlook email profiles configured by DeploymentPro are listed in MSPComplete with a successful (Success or Timed Out) agent status.
Complete these steps to confirm the users running DMA:
- Select the appropriate workgroup, then click All Customers in the left navigation pane.
- Click the name of the customer for which you want to view users.
- Click the Users tab.
- Scroll through the list of users to identify users listed with a successful, unknown, or failed agent status, or with a .local, .corp, .internal, or other private network address.
- Success means the user is logged in and the DMA is communicating with our servers.
- Timed Out means that the user has been logged in and DMA was communicating with our servers, but the user has been logged off for more than 4 hours.
- Failed means that the DMA was not able to be installed. Usually, a security program or policy blocks the agent installation.
- Not Installed or Email Sent means the DMA installer has not been installed or run yet on the end user machine or this is a duplicate user entry. Duplicates happen when the agent is installed but is not able to match the user profile with the email address in the Users List.
- Users with a status of Failed or Not Installed will not have their Outlook email profiles reconfigured by DeploymentPro.
- If these users need to have their Outlook email profiles reconfigured by DeploymentPro, then you need to install DMA on those users' computers. If you have already tried to install DMA to those users' computers, then try to reinstall it using an alternate method. For example, if you previously tried to install DMA using a Group Policy Object (GPO), you can try re-installing it with an email instead, in case those users are not using domain-joined computers. You can also try performing a few troubleshooting steps as outlined in Troubleshoot connectivity between DMA and MSPComplete.
When you go to the DeploymentPro page you will only see the users that have DMA installed successfully (Success or Timed Out status). These are the only users that will have their profiles configured.
If you notice that the users showing up in DeploymentPro are under a different email address than what you have licensed, this is because DMA determines the email address for the user when it checks in. When this occurs, you will sometimes see that the users are not licensed in DeploymentPro even though they are showing as having a UMB license applied when you look at the users in MSPComplete or in your project. If this happens, please reach out to our Support team with the name of the Customer and a list of the affected users. Our support team will assist with getting the licenses set up so that you can schedule the users.
Launch DeploymentPro
The DeploymentPro page is refreshed to list the email addresses of the customers who are successfully running DMA and who are ready to run the DeploymentPro module. If the DeploymentPro module has not yet been set up, the setup screen will load for the configuration of the module.
Configuring DeploymentPro
- Select the appropriate workgroup, and then click the products icon () in the top navigation bar.
- Go to DeploymentPro. This will launch DeploymentPro.
- Select a customer from the list by clicking on the customer name. The status column will show enabled when a customer account has had DMA deployed.
- Enter the customer’s email domain.
- Select Destination Endpoint: Select the Microsoft 365 Destination endpoint. This endpoint must have Admin credentials entered.
- Expired or Temporary Password Settings: Choose the password setting that applies to your customer’s environment:
- Choose Enable users with temporary or expired passwords to set their own passwords. If your customer uses Microsoft 365 to manage user accounts and password policies. With this setting selected, the DeploymentPro wizard that runs on the customer’s computers will prompt users to enter a new password when their password is expired or set to temporary. DeploymentPro automatically updates Microsoft 365 with the password that users enter.
Important
Users must know their currently expired or temporary password. - Choose Do not allow users to set their own passwords if your customer manages their user accounts and password policies using ADFS. With this option selected, all user password resets are managed by the company’s IT department.
- Upload Logo: Click Upload Logo to upload your company’s logo for use in the DeploymentPro wizard that runs on users’ computers. In the Personalized DeploymentPro Client Interface section, upload your company logo and add supporting text. We strongly recommend doing this, because this is the logo and text that end users will see in a desktop pop-up when they are prompted to reconfigure their Outlook profiles. If you do not upload your logo, the default BitTitan logo will be included instead.
- Message: Enter a message to display a customized note in the DeploymentPro wizard that runs on users’ computers.
Schedule Users
After the DeploymentPro project is configured, we recommend that you schedule the users as soon as possible even if the email cutover (MX record cutover) won't happen immediately. Read the Troubleshoot DeploymentPro article for more information.
Complete these steps to schedule the DeploymentPro module:
- Select the appropriate workgroup, and then click All Customers in the left navigation pane.
- Click the name of the customer you wish to schedule.
- Click the Manage button in the top right corner of the page, then select Device Management.
- Click DeploymentPro in the left navigation pane.
- Add a checkmark next to the email addresses for which you want to run the DeploymentPro module, then click Schedule Cutover.
- We recommend running a proof of concept on a few test accounts. The steps for this are found in the DeploymentPro FAQ.
- In the Select a Date field, select a date and time for the DeploymentPro wizard to run on user computers. This date and time should happen soon after the email cutover (MX record cutover) date and time. If you haven’t identified the email cutover date, select a date far in the future (i.e., a few months later than the expected cutover date). When you do this, also set a reminder to return to the DeploymentPro page and reschedule the date and time for the DeploymentPro wizard once you've identified the exact date and time for the email cutover. Scheduled time is based on the local time of the machine that is scheduling the request.
- Click Schedule Cutover. To run the DeploymentPro module, you must either have DeploymentPro licenses available on your account or have applied User Migration Bundle licenses to each user. Standalone DeploymentPro licenses are consumed automatically when an unlicensed user is scheduled.
After DeploymentPro is scheduled, and before the scheduled start date/time, the email addresses should be in the "Scheduled" phase on the DeploymentPro page. When the scheduled start date/time is reached, the email addresses will be in the "Running" phase. If some of the email addresses listed don't progress to the "Running" phase, you may need to perform some troubleshooting actions to get them to the appropriate phase.
Next steps
Perform the mailbox migration. Follow the steps in the appropriate migration guide for your customer’s Source and Destination.
Soon after the email cutover date and time, the DeploymentPro wizard will guide the customer’s users through the configuration of their Outlook email profiles. As users complete the DeploymentPro wizard, their email addresses will progress to the “Completed” phase on the DeploymentPro page.
Installing DeploymentPro with Modern Authentication, MFA, or 2-Factor Authentication Enabled
DeploymentPro now supports the use of MFA and 2FA. The steps for this differ from projects without enabled MFA or 2FA; this project type is covered above. This process uses Modern Authentication.
Prerequisites
Deploy MFA-enabled build to targeted customers
- Follow the deployment directions for DMA to deploy either via email or GPO.
- If the customer already has DMA installed, it will be automatically updated within 6 hours.
End-user machine prerequisites
- Microsoft Windows 8 or later (With the latest Windows updates), including TLS 1.2 support. For more information, see Microsoft's update information
- .NET Framework version 4.5.2 or later
- Supported Outlook versions:
- Microsoft Outlook 2019 (DeploymentPro cannot reattach PST or migrate Autocomplete)
- Microsoft Outlook 2016 (with March 2016 PU)
Destination tenant prerequisites
- Modern Authentication must be enabled
- Sign in as a Global admin to DeploymentPro Admin Consent to grant permissions for all users in the organization.
Once an admin clicks on the above link and logs in, a pop-up will show the following window:
If you click Accept, you will be redirected to www.bittitan.com. After this process is complete, you can review the same app in Azure AD. If you do not accept, each end user will be required to consent. If this consent is not granted, DeploymentPro will not work.
- Navigate to the Azure Portal.
- Select Microsoft Entra ID.
- Select Enterprise Applications.
- In the search bar, look for the DeploymentPro.
- From the left sidebar, look for Permission and select it.
- Select the following Graph permissions.
DeploymentPro MSPComplete settings required
- BitTitan will enable the DeploymentPro Preview in the backend.
- The Advanced Option “Enforce Modern Authentication” must be turned on:
- Go to DeploymentPro > Settings.
- Make sure Use Modern Auth (allows for MFA) is turned on.
- Click Save and Continue.
Cutover steps
Please refer to DeploymentPro Guide for DMA installation and scheduling the cutover date. During cutover, the end user will receive a pop-up on their PC. We suggest sending all end users who are being migrated the following instructions:
We are in the process of migrating your account. During this process, a pop-up window will appear on your PC.
Complete the following steps when this happens.
- On the pop-up, click Next.
- You will now be asked for your credentials.
- Enter your Outlook account username and password.
- After entering your password, if you have multifactor or 2-factor authentication enabled, you will be asked to verify your login from your phone.
- Follow the instructions to verify your account from your phone.
- The pop-up will show successful verification.
- You will now be asked to close Outlook and Skype/Lync. Click Close the Applications.
- The pop-up will show a successful configuration. Click Finish.
Once the user has completed these steps, continue with the instructions below.
Post-Cutover steps
Remove Enterprise Application from Azure Portal
- In the Azure portal, click Enterprise Applications.
- Click DeploymentPro.
- Click Properties.
- Click Delete.
- Click Yes when asked "Delete DeploymentPro?"
Remove Enterprise Application with Powershell
- Launch PowerShell.
- Connect PowerShell to Azure AD.
- Enter the command: Connect-AzureAD.
- Enter the admin credentials in the prompt.
- Enter the command: Get-AzureADServicePrincipal -SearchString DeploymentPro.
- Look for the ObjectId of the app you want to remove and enter the following command: Remove-AzureADServicePrincipal -objectId <the object id>.
Sample Email
This section offers guidance and examples for user communication, as well as specifications for the logo used within the email. This text should be sent in an email message to your end users the day before their Outlook profiles are scheduled for reconfiguration.
Sample Notification Email
Dear Outlook user,
This message is to let you know that your Outlook profile will be automatically reconfigured to connect to our new email system on XXXXXX/xxxxxxx (replace this text with the date/time that you have scheduled for the profile configuration).
The process will also include automation for reattaching any PST files and bringing over the cached autocomplete addresses from your previous profile into your new profile.
At the date and time specified, a pop-up window will appear on your desktop, displaying our company logo and a "Welcome to DeploymentPro" message.
We've provided you with step-by-step instructions to help you reconfigure your Outlook profile. We recommend that you print these instructions so that you can refer to them when it's time to reconfigure your profile.
The pop-up window you will see will look something like this: (replace this screen with your company logo).
Once you click Next, the subsequent page will prompt you to select your credentials.
Add your Destination email password in the Password field and click the Next button.
Once your credentials have been validated, you will see a page that looks like this:
You can now begin your Outlook profile reconfiguration by clicking the Next button.
- If you do not have Outlook open, the profile configuration will proceed.
- If you currently have Outlook open, you will see this:
You should then click the Close the Application(s) button. Outlook and Skype for Business/Lync will be closed for you, and the profile configuration will proceed.
The configuration could take several minutes. During this time, your new profile is being created based on your previous default profile. Here's what is happening:
- Any PST files that were attached to your previous default profile are reattached to the new profile.
- Autocompletes (cached addresses) are imported over to the new profile.
Once the new profile has been created, you will see something like this:
Click on the Finish button to launch Outlook. Your new profile will be configured to access the new Destination email system.
/end email
Logo
The following specifications are supported when adding a logo to be used by DeploymentPro:
- The optimal size for the logo: 800x200.
- Accepted format: .png (Portable Network Graphics).
- Maximum file size: 256 KB.
- This information is correct but does not explain that if you do not want your logo stretched, make it the full 800 pixels wide and 200 pixels high.
If you do not upload your logo or your customer's logo, a default BitTitan logo will be used instead. This could cause some confusion if it is not communicated to end users.
The logo and message will be displayed to end users during the reconfiguration of their Outlook profiles.
These settings can be set during the initial configuration of DeploymentPro when it is first launched against the customer account from your MSPComplete dashboard. It can also be configured at any time by clicking on Settings in your customer DeploymentPro user dashboard, and then clicking on the Upload Logo button, in the Client Interface Configuration section of the DeploymentPro Configuration page of MSPComplete.
You could have a different logo and message text for each batch of users by following these steps:
- Configure the settings.
- Select your users.
- Click the Schedule Cutover button and follow the prompts.
You can change the domain name for users by clicking the Users option in the top navigation bar, check-marking the user to change, clicking on the pencil (Edit) icon, and then changing the primary email address. Once changed for all users, return to the DeploymentPro project (click on All Products > select DeploymentPro > select your customer from the list displayed on the page > follow the prompts. At the user list page, in the field labeled Search (in the top right-hand side of the DeploymentPro user list page), enter the @domainname (change this domain name to reflect the name of the domain for these users) to search for. All users with that domain name will then be displayed and can be selected for profile configuration.
Troubleshooting
Error: Modern Auth Failing - The client and server cannot communicate, because they do not possess a common algorithm
Cause
-
Windows default TLS version is not pointing to TLS 1.2.
-
Despite setting the TLS version to 1.2, the issue will still arise in the following scenario:
-
Net framework is <=4.5.2
-
When the below keys are missing or disabled:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001
-
Resolution
Add the following registry keys and ensure TLS version 1.2 is enabled.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001
Uninstalling DeploymentPro
There is no uninstall process specific to DeploymentPro. However, DMA can be uninstalled through your MSPComplete customer dashboard, by following these steps:
- Log in to your MSPComplete dashboard.
- From the list of customers in the left-hand navigation panel, select your customer.
- From the list of options in the top navigation bar, click Computers.
- Checkmark the box next to the computer name that you want to uninstall DMA from. You can click View Users to see which users are using each computer.
- Click the Uninstall Device Management button.
- In the modal pop-up window, click the Yes, Uninstall the agent button.
Manually uninstall the Device Management Agent from customer computers
DMA may fail to uninstall using the process outlined above for various reasons. You have to manually uninstall DMA if the agent continues to run on a computer after requesting an uninstall from the customer's computer Page.
Complete these steps to manually uninstall DMA from customer computers:
- Download the DMA installer from MSPComplete by following the instructions in the How do I deploy the Device Management Agent with a Group Policy Object? article. This does not have to be the same installer you used for the original installation; it can be run with any DMA installer from any project.
- Open Command Prompt as an Administrator.
- Navigate to the directory containing the executable that you downloaded in Step 1.
- Type the full executable file name appending -uninstall as shown below and press Enter.
This ends all DMA processes, removes the service and scheduled tasks, and deletes associated files except for a few minor setup logs that shouldn't cause issues by being left behind.
We recommend that you keep DMA installed, even after modules, such as HealthCheck for Microsoft 365 and DeploymentPro, have been run.
If a Group Policy Object (GPO) was created to auto-install DMA on computers that are not running DMA, this will cause DMA to be reinstalled. To exclude a computer from a GPO, follow the directions in the TechNet article here.
Further modules will be added to DMA in the future, which will feed your MSPComplete dashboard with cross-sell and upsell suggestions and provide information about your customer end-user environment.
Manually Removing Log Files
The log files for DeploymentPro are stored in the following directory: C:\Program Files (x86)\BitTitan\DeviceManagementAgent\log
These can be deleted by running the PowerShell script under Option 1, or manually, as directed in Option 2 below.
Option 1
Download and run the following PowerShell script.
To run this PowerShell script, follow these steps:
- Click the link to the script here.
- In the resulting pop-up window, click the down arrow.
- From the drop-down list, select Save As.
- Save to your preferred download directory.
- Right-click PowerShell, and then click Run as administrator.
- Within PowerShell, change to the directory that contains the file DMACleanAndUpdateV4.ps1.
- Execute script by running .\DMACleanAndUpdateV4.ps1.
- You may need to set the execution policy to Unrestricted before the script can be executed successfully. To do this, type Set-ExecutionPolicy -ExecutionPolicy Unrestricted into the PowerShell session.
- Check the log directory (C:\Program Files (x86)\BitTitan\DeviceManagementAgent\log) to ensure that all files have been removed.
The PowerShell script will do the following:
- Check for administrator privilege, and prompt for credentials to be entered (if the user account does not have admin privilege)
- Stop the DMA service, and all Agent components and modules
- Check for log files in the directory, and if they exist, then remove the log folders and files
- Launch the update for DMA and restart the service
Option 2
Manually delete the log files using either Windows Explorer or the Command Console.
Command Console Instructions
These can be manually deleted by using an account with elevated privileges.
To run a command console window with elevated privileges, follow these steps:
-
Click Start, click All Programs, then click Accessories.
-
Right-click Command prompt, then click Run as administrator.
-
If the User Account Control dialog box appears, enter administrator credentials, then click Continue.
- Change to the directory listed above, and delete all of the files within this directory.
Important
Care must be taken with this step because you have elevated privileges. Before deleting any files, make sure that you have changed to the exact directory listed above.
More information on deleting files from the command console can be found in the TechNet article here.
More information on removing directories from the command console can be found in the TechNet article here.
Windows Explorer Instructions
Information on deleting files using Windows Explorer can be found in the Office support article here.
Stopping DeploymentPro
There are three things you can do to stop DeploymentPro from running if you have decided to postpone your cutover or to not use it at all:
- Set the Configuration Date to the future with Schedule Cutover in the DeploymentPro page of MSPcomplete.
- Uninstall the Device Management Agent (DMA) from MSPComplete on the Computers page.
- Manually uninstall the DMA.