Description: This is an article mainly about the outlook 365 login, which covers the administration options for deploying Microsoft 365 Business for you organization. It is an integrated solution, bringing together the best-in-class productivity of Office 365 with advanced security and device management capabilities.
In this session we’re going to talk about Microsoft 365 for business. It’s integration potential for SMB style clients. What we’re going to cover is that we’re going to go through an overview of the Microsoft 365 product.
We’re also going to look at how this product is licensed, then we’re going to spend the majority of our time looking at how we do some deployment options within Microsoft 365 for business. Let’s see a quick overview of the importance of Microsoft 365 into today’s environment.
We see lots of customers with disparate platforms running out of date or old operating systems and older versions of office, obviously a lot of these are still supported, but they have more vulnerabilities than the more current ones.
You’ll also see a large mixture of different sorts of software and also a mix of the way the desktops and the devices are managed, we also see a mixture of tools to try and provide security and management about our devices as well as options to provide productivity.
All of those disparate systems mean that it’s difficult to manage, it’s difficult to secure, the advantage of the Microsoft 365 product is that we can bring all of those under a single umbrella that effectively is managed using a single as your AD login.
Microsoft 365 includes three major products, the first one of these is office 365, you are familiar with the office 365 that includes the desktop apps, SharePoint, Skype, exchange online, teams and also some additional business apps that are available in the Microsoft 365 business plan.
We also include Windows 10 in that mix so that the user can make sure they’re up to date, so we include that in the licensing as well, we also include some of the best features of the enterprise and mobility suite.
They are particularly aimed at securing and managing the devices, there is some variation in what is available depending on the plans, how do we understand what the right version of the product is for our customers?
We start off with the traditional office 365, that’s going to give customers the ability to collaborate in teams to move their emails into the cloud, then we can add other Microsoft 365 for business, this works well for the SMB style customer and builds on the productivity that we’ve got through office 365.
When the needs of the customer exceed, what’s provided in the business version? We can look at the enterprise version, there is a business SKU and there are also enterprise SKUs of Microsoft 365.
That’s going to provide the higher-end functionality and features that you typically see with office 365 plus some advanced features that are unique to the Microsoft 365 Enterprise offering, how do we manage and control the licensing?
We typically start out with the office 365 business premium product, this is the same as it’s always been, this is a good entry level for especially SMB customers into the world of the cloud, if they need more advanced features, if they need legal hold on their mailboxes or unlimited size on their onedrive and their mailboxes, we can start looking at the enterprise the E3 and the E5 version of office 365.
These two products are the same and it’s important to understand the business need and value that these can provide for the customer, the addition is the Microsoft 365 for business, what that includes is office 365 business premium, plus some additional device management features, the ability to deploy Windows 10 PCs and manage those from a single admin experience that you’re used to in the office 365 environment.
There is an enterprise version of Microsoft 365, this is built on the office 365 E3 and E5 plans and includes advanced options such as improved data management security and potentially the cloud PBX functionality.
Thinking of Microsoft 365 as office 365 plus, Windows 10 and EMS, the Microsoft 365 Enterprise is the office 365 E3 or E5 with the full features of Intune plus the full features of Windows 10 enterprise.
This gives us a significant number of options that we can speak to our customers, office 365 may be a good starting place, but we’re finding that more and more customers are wanting to manage their devices as well as their information.
Microsoft 365 provides the ability to do that quickly and easily, it’s a matter of deciding what functionality is required, you can use the business skews more advanced, our features are rolled into the enterprise options.
You can continue to add on additional licenses from other office 365 products, for example we could add on advanced security management if it’s not in their advanced compliance threat, not a threat intelligence.
For example if we had a Microsoft 365 business offering, we could also then add on the advanced security management which would be a single add-on option, beware that the the prices mentioned are in US dollars.
Contact the appropriate distance or that information, we can combine all of these or we can roll these into some of the packages, the Microsoft 365 Enterprise E5 includes a lot of these advanced features, that’s the benefit of using the more advanced plans.
If we look at a matrix across all the products as well as the different offerings, we can get an idea of what office 365 provides out of the box, we’ve got the office 365 business premium and built on top of that.
The Microsoft 365 business includes some additional device management options, we step up to the office 365 E3 in Microsoft 365 E3, they build on each other, we’re in the enterprise to use, we’re getting Azure Active Directory, we’re getting the Microsoft desktop optimization package and so on.
When we step up to the full enterprise product, we get the full features including the Windows Defender advanced threat protection, the full version of EMS, we’re getting Azure Active Directory plan 2 and so on.
You get a good mix there to be able to work with the known quantity of office 365 and also add on the value of the Microsoft 365 in the business and in the enterprise plans, so if we want to look at some broad strokes, business premium and the Microsoft 365 product aimed at the SMBs.
The business premium, the pure office 365 offering typically is added to customers who have no IT particularly smaller 5 to 10, their compelling reasons to move to this environment are to make sure their offer software is up to date and to make sure their Windows applications and their desktops are also up to date.
These people typically also need support for their mobile devices, we’ll be done on mobile devices, Microsoft 365 will also work well in environments that are larger typically that have a single server environment.
It can be viewed as a potential small business server or placement, preventing users having to go in and refresh and get a new server, it works well in that environment because it can manage the information, give the users the productivity benefits and move things like the email off premises.
At the high end we have the 365 enterprise, this is going to be very part in the lead, you’re going to have to create the policies to push them out to the devices, you’re going to have manage that, there’s a lot more granularity in there.
This is where you’re going to see mixed operating systems, potentially hybrid environments, security is very important here, one of the big compelling reasons is to avoid the potential to upgrade servers and control the hardware for refresh and make that a much easier process to roll out for those environments.
The office 365 works well with typically the small users, next up is your Microsoft 365 for those users who want the additional security and also the device management and the high end, we have the enterprise which is generally very focused on the security side and managing all those devices very tightly.
That environment is the one that best suits the high end product like Microsoft 365 Enterprise, one of the common questions is how is this licensed? You would purchase the license through CSP and you would apply it to a user, you would license the user with a Microsoft 365 business license, simply turn it on, apply that to the user.
You can mix and match those licenses as required, you can mix and match office 365 and Microsoft 365 licenses standalone licenses, Enterprise licenses, you don’t lose any functionality by moving or incorporating Microsoft 365 into your environment.
The Microsoft 365 business for example includes a number of options when you do expand, you get things like staff hub, you get bookings, you get a version of Intune, forms, Yammer, teams, the full office 365 business plus the add-on features.
We’ve talked about how you also get a Windows license and some features of Azure Active Directory, it is as simple as applying licensing as you’re familiar, if we do this via the CSP program as we’ve always done, we can mix and match licenses and go with that flexibility as required.
Nothing has changed, now that we’ve covered off the licensing side, let’s spend a few moments talking about how we set this up as an admin in the backend, when we fire up the office, the Microsoft 365 admin Center, that looks very familiar.
You’ll notice at the top, there is a setup wizard, this is designed to obviously get you up and quickly get all the policies for your devices in there running quickly and easily, you’ll also notice there are a number of additional cards in the console.
One of these is the devices card, that’s going to be targeted to managing PC and mobile devices, the actual physical device, you’ll also notice that there is a Windows 10 upgrade, part of the Microsoft 365 license allows users to upgrade from windows 7, 8, 8.1 professional machines to Windows 10 Pro creators update in the case of Microsoft 365 business and to the Windows 10 Enterprise for the Microsoft 365 enterprise.
We’re focusing on the Microsoft 365 business version, the upgrade would be to Windows 10 Pro, we also get a number of ways of installing that, that’s all covered in the device card. If we follow the wizard along, these are the steps that will take you through, it’s going to ask you whether you have a custom domain, you can’t put that in, verify that.
Once that is complete, you’re then able to add new users, this will add a new user first name, last name, then we’ll also quickly license them, you don’t have to do this but that is part of the wizard to make it easy to get up and started.
You can simply license existing users. You can simply click on existing user and add a Microsoft 365 business license to them quickly and easily using the wizard, if you haven’t done any email migration, that is also available or you can do that at a later time.
This gives you that option to roll it all in and do it all at once using the wizard, once you’ve gone through that, this is probably one of the first new items we’ve got here, so we want to use the wizard to protect our work files and our mobile devices.
This is focused on creating a policy for Windows 10, devices for iOS and Android. That’s going to typically encrypt the devices to make sure the information on there is protected, it also is going to prevent you or prevent the user from copying and pasting information from corporate applications into personal applications.
We’re focused on the files for the mobile devices, the security for that requiring a PIN number to access applications and potentially making those devices secure by wiping them after failures or inactivity.
The way to configure that is a quite simple option of simply sliding on or off and maybe setting a few other timed options, all you need to do is to go through and select any of those options whether they’re on or off.
When you’ve made that selection and go to the next item, it will be saved as a new policy, we step into the settings for the Windows 10 devices specifically, we’re going to look at protecting the files using Windows Defender.
We’re going to protect the Microsoft edge browser and we’re going to be able to set the idle time on screen saver, use Cortana and again determine the update frequency for our Windows 10 devices.
You’ve also got the option to install office on your Windows 10 devices, this means that you can then set up policies so that when the user is assigned, a licensed office will be pushed automatically to their Windows 10 device.
The options are a simple selection of our yes or no option slider and some minor options like time intervals, once you’ve done that, select next and that will save a new policy for you, you’ve now reached the end of the setup and things are ready to go.
Now you’ve set up your policies, users can log into the system and those policies that you have set will be maintained and then deployed to new users that you add to the system, so what’s it going to look like for someone who wants to use an iOS when they join that device to the Microsoft 365 business environment that you’ve set up?
Typically the user can download the office 365 apps outlook and SharePoint and those things from the store when they go in and add the corporate accounts, the office 365 as your ad account is going to be prompted to go through a bit of a sign-up process.
In the case of Outlook on iOS, it’s going to ask us to get started, we need to determine whether we want to get notified and enter the corporate email, you’ve set up your Microsoft 365, you add the account.
The message they’ll receive is that the organization is controlling that app on that device, an indication to the user is that there is the information controlled via the settings in the Microsoft 365 business portal.
Push to continue, if you set the pin requirement, they’ll put in a pin, that will be their easy way to access the device, we’ll set up the configurational apply the policies to that device and make sure that it is secure.
Let’s look at the initial setup for an Android device, user is going to download the applications from the Google Play Store, the outlook sharepoint and so on. When they launch those apps, in this case you have the outlook.
They’ll begin be prompted to sign in using their company credentials, when that happens, they’re going to be asked to install the Intune app, they need to go to the store, they need to download that and install that.
This will enroll them in the device management for that environment, they’ll need to reopen outlook, this is will be step through if you have the pin option set for your applications, you need to put in a pin and reopen outlook so that they can then get access.
Once they’ve gone through that, they’ll be able to access their mailbox and go through a quick tutorial, one of the other big differences with setting up devices is also going to be autopilot, we’ve talked about the way to set up the policies for an iOS and an Android device.
We’re now going to look at how we can roll out Windows 10 control and management on new devices. The way we do this is with autopilot, a user buys a new Windows 10 machine out of the box experience.
Prior to going in and allowing the user to log in and power that device up, we need to go to the Microsoft business store, you log into that using the admin credentials you use for your Microsoft 365 environment.
You’ll get access to the Microsoft Store for business, for that tenant you have an option to manage, select that, that will take you to a list of the organization and applications, but that one of the options on the left hand side is the device.
We need to select that, when we select that, we are taken to the autopilot area at the moment, there are no devices in there, what we need to do is to select the option to add a device, when we add a device, we will be prompted to create a default deployment group.
We’ll also be prompted to upload a device file, a device file is a CSV file that contains the Machine serial number so that machine can be identified easily when it connects to the Internet, what the process will be going forward is that if you have a new machine from a distributor or a vendor, they’ll provide you with that CSV file.
You simply upload that into the business store but what is going to happen is that the providers the device manufacturers will automatically upload or make those configuration files, the device files available for you automatically online.
They’ll put them into the store, we’ll make it easy for them to be uploaded directly into the business store, but for the time being you may have to do that matter of uploading a CSV of that machine.
That should be provided by the device manufacturer, there are some PowerShell scripts that you can run, if you have your own machines maybe white-label or you want to reprovision some machines that they take advantage of autopilot, that is a very simple powershell script that you can run that will extract that information out before you sysprep it and give it to a user.
So we upload a simple CSV file, that is successfully detected and put into our portal, what we need to do is that we need to create an auto deployment profile, we simply select the option to create a new profile.
At the moment we have to give the deployment profile a name, we can set a number of options, we can set the option to skip the privacy settings and disable the local admin account if we want, you’ll love it.
You’ll notice that it’s automatically under Skip Cortana, Onedrive or OEM for us as well, once we’ve made those options, we simply create that profile, when we’ve created that profile, we apply that to the machines.
Notice that you can have obviously multiple machines in this environment, you can also have multiple policies, you can mix and match this as required, over time the number of options that are available to you will continue to increase.
There are going to be more options in there as this service grows, but for the time being go in there, upload the machine file, create your policy and then deploy that policy against the machines, once you’ve done that, what you’ve set in place is the fact that when a new user takes a clean windows 10 machine out of the box for example, they’re taken through a number of steps connect to the internet.
It will get that policy, apply that to machine and reduce the amount of questions, they power up the machine, they’re asked for some very simple questions about their language and the layout, they’re also asked to connect to the internet.
Once they’ve connected to the internet gone through those basic steps, they’re prompted for their email address, that email address will be their log on to Microsoft 365, this is their azure ad account.
Once they log in with that, it will recognize that ask for their password, then we’ll get to the Windows 10 desktop, it’s simple, so from a user’s point of view, all they will need to do is to go in there and power on the Machine, connect to the internet and then log into it with their Microsoft 365 credentials.
The machine will be recognized thanks to the file that was uploaded to the business portal, then it will automatically add it to the azure ad of the tenant, it will apply any policies that have been set in the background.
Potentially it will start deploying office, we can not only deploy our iOS management, we can also do that on Android and we can push out and manage the initial configuration of Windows 10 environment thanks to autopilot.
Microsoft 365 is also going to give us the ability to do the deployment of office on the desktop as well remotely, when you go into Microsoft 365, there is additional tile, this device actions tile, you have the ability to remove company data.
That’s going to remove any corporate files around the devices that are under management, we can do a factory reset, we can make sure that that machine’s nice and clean, no corporate data or apps on there and the information on there is removed so that that can be reprovision to another user.
The final option you’ve got is to manage the office deployment, when we select that, we have the option to go in and select the option to install office as soon as possible or to uninstall office, most cases you’re going to want to select the option to install office as soon as possible.
You also have the option to add this policy to a group of users, the good thing is that you don’t have to apply to all users or won’t necessarily apply to all users, you can create security groups in your office 365 environment that this policy will apply to.
Maybe you have remote workers, you put them all into a group, you can add the group to this deployment policy and select to install office as soon as possible for that group, but you can also select everybody if you wish.
Once you’ve got that, you go in and create that policy and save that, once that has applied, what will happen is that any machine that is connected to the environment and logging in via their Azure ad credentials.
Once the policy has been deployed, you will find in the background if we’re looking at task manager or I launched run in the background, it will do a click to run install of office for that environment.
That gives you that ability to run office, we’ve set that policy in our management console, when a Windows 10 device is connected to your ad and log in with your ad user in the background, that policy will start, it will launch the click to run and start installing our office on the desktop.
When that has completed and the user tries to run office for the very first time, this is getting their acceptance of the user License Agreement, all they need to do is to accept and to start using any of the office applications.
When they do that, the application will boost normal, the good thing is that they will automatically be logged in to that office environment with their Microsoft 365 credentials because they’re logging into the machine with the azure ad credentials to start with.
It’s going to make it nice, easy and no additional login prompts, once they’ve got in and started, the Windows 10 machine will be logging in with Azure ad, that will pass credentials into the office application and dramatically reduce the amount of prompts that a user may receive to gain access to their environment.
If we have a look at a example of a live running console, I’ve logged into the area using my standard office 365 login, I have my users, if I go into any of these users, all of that is standard as before.
When it comes up, you’ll see that the products licenses are assigned which are the Microsoft 365 business, if we expand that, I have all those options that I can turn off and turn on, if we scroll down a bit, I also have an additional option, I have the device settings for that user.
In this case it’s using a desktop, I can potentially manage that if I want, we can easily add users if required, if I go in and look at the billing, we have a look at the subscriptions, you’ll notice that the Microsoft 365 is a subscription like any other office 365’s subscription.
Look at the licenses, all this should be very familiar, we go back to the home, we have the ability, we have an additional tile called device policy, if I go into the device policies, I can see the policies that have already been set up in this case the application management for Windows 10.
If I click in there, the group that it applies to in this case is all users, I’ll be able to go in and edit the policy name, I can go in and change potentially the copying of company data, I can restrict that, I can determine office documents access control, protected data and so on.
Typically Microsoft apps are accessing office 365 environment, if I want to add an additional policy, what I’m going to do is that I’m going to go in and add an application management policy, in this case I’ll make it iOS, I can pull this down and select from a number of policy types.
We’re going to take the iOS 1 in this case, I can choose to protect files, I can force users to save their files into onedrive for business, I’m going to save them locally, if I go down, I can control how a user works with their apps on that environment.
I turn those on, for the iOS devices I’ve also got to deny access to work files on jailbroken or rooted devices, I can also determine which applications I’m working for or controlling on the iOS device, it is nice and easy simply by making my selections.
When I finish, I simply add, that policy will be included in my environment, if you went through the initial wizard set up, these policies will generally be created for you, you can go in and create additional policies, apply them to different groups, that gives you that flexibility.
But you’ll get a number of these created by default when you run through the setup wizard with your Microsoft 365, that’s an additional tile, under the device policies we have the device actions, I’ve got the options, these are already deployed by autopilot.
I can factory reset or I can remove company data, it’s going to ensure that any company data on that device is removed for me, I get a nice indication of the OS version as well, it is so simple to work on those device actions.
We have as mentioned the ability to remove the company data to a factory reset, there’s our option to deploy the office on the desktop, the last additional tile we’ve got is our Windows 10 upgrade, we can install the upgrade or we can share a link.
We could write the installation media, I can put on the USB stick and provide that, remember that the Microsoft 365 license is going to allow a user to upgrade their version of Windows 7, 8, or 8.1 pro to a Windows 10 machine.
It will include that on top of all the benefits, they’re getting in office 365 plus the management back-end that you’ll get in looking after these devices, but apart from that in the Microsoft 365 environment, this is very similar and very familiar to you from the office 365.
If you’ve never seen the EMS the enterprise mobility suite or Intune, that is now managed directly through the azure console, the important thing to remember with Microsoft 365 business is a view only area.
In the enterprise you get the full features and functionality, but in the business we can just go in and view the policies that are set in the admin console, I’ve logged in to the azure portal using the same admin credentials for my tenant.
I’ve gone to Microsoft Intune, what I’m going to do is to go in here and look at the mobile apps, if I go into mobile apps, I select app protection policies, we go in there and we should see a familiar policy that we set up in the admin console.
If we expand this a bit, I have my application management for iOS and for Windows, I set that option to save as it’s selected to save those options to onedrive for business, this is effectively the back end.
These are the subsets of features that you get as part of Microsoft 365 for business, but remember that there is not the ability to make any changes or update, they don’t flow backwards, they flow from the admin Center into Intune when it comes to Microsoft 365 for business.
However, with the Microsoft 365 Enterprise, you get the full version of Intune, you can manage it directly and get far more granular control, but you have not yet seen the Intune portal, this is all done in the azure back-end.
We get a lot of control from devices to mobile apps to conditional access to all of these, most of these features are controlled and depending on the licenses that we have, if we have the enterprise, we have full access to these options.
We have the Microsoft 365 business license, then we have a restricted set and we can’t make any changes, all changes have to be made in the console and they have to be made typically in the device policies area.
That’s where you’ll be managing it for Microsoft 365 business, let’s have a bit of a wrap-up and cover off what we’ve talked about today. The idea with Microsoft 365 is that it’s going to give you the best of office 365.
It’s going to build on the value of the business premium, the E3 and the E5, it’s going to add additional features, it’s going to add additional security, it’s going to add the ability to manage and maintain your devices.
One of the big issues, one of the big needs is to manage these devices, because all users are using these with corporate information, those devices are outside the environment, they’re not typically connected to a domain controller that makes it hard to manage.
That’s where the Microsoft 365 policies can come in and control and allow you to manage those devices quickly and easily all with the included license, this gives you those additional features.
You can also seamlessly deploy Windows 10 using autopilot, the machine boots out of the box, it will be configured as per your policy, you also have the ability to deploy office on the desktop to those devices as well, thanks to the click to run abilities and the options in the Microsoft 365 console.
This is going to make it much easier to roll out devices no matter where they are and whenever the user wants to be able to do that, it gives them a better out-of-the-box experience, it targeted at those users who probably don’t connect on a regular basis to the local environment, so they’re out roaming around.
Obviously this is a limited subset of what the product can do especially when it comes to the enterprise product, but even so the Microsoft 365 business product has a lot more features and functionality.
Hopefully you’ve got some idea of how easy it is to manage that some idea of what the user experience is, the big takeaway now is its building on office 365, the teams, the SharePoint exchange online and all that sort of stuff.
It’s now adding device management, your controlling those devices with policies, your being able to deploy devices and control corporate information easily, in the Microsoft 365 business arena that’s all done in the same console in a very easy-to-use interface.
It makes life nice and easy, if you need that additional functionality, it’s easy to upgrade to the office 365 enterprise offerings, remember that you can mix and match licenses, you can have either some users with office 365 or some users with standalone.
There are not a lot of limitations, that is pushed in via the normal CSP style, this is very similar to what you’re familiar with, add that additional functionality on top of all that, remember that the skew also gives you the ability to upgrade Windows 7, 8 and 8.1 pro machines to Windows 10 to get those machines current.
Make sure they’re up to date and that’s going to give them the best of all features, it allows them to join to Azure ad directly, that ability will also give you the flexibility potentially to eliminate an on-prem domain controller.
In that environment where Windows 10 machines can join directly to Azure ad, it’s a question of whether the local domain controller is required going forward, there’s probably less and less requirement.
In an enterprise that may not be the case initially, but certainly in the long term the domain controller will certainly have reduced influence, will have reduced need, more of its moving to your ad for the simple reason that your ad can be deployed, managed and utilized across the internet.
It’s not a requirement for it to be bound to a on-premises – main controller, so moving forward to consider that, think about the role of the domain controller, it can be eliminated with direct connection to Azure ad which is very much a part of the Microsoft 365 for business.
Hopefully you’ve got lots of information. There are trials available that you can go and test this stuff out for yourself, that’s going to give you a better idea on how to deploy it, the most exciting thing certainly is the autopilot, the ability to deploy the Windows 10 environment for users.
Remember this is still early days for this product, it’s going to improve, it’s going to add additional features, as we go forward it’s already built on top of the office 365 opportunities, so there are more opportunities to talk to customers, to show them these products, to show them how it can improve the security and compliance of their environment and manage their devices.
It’s an additional opportunity for resellers to sell additional services and manage those devices and information on an ongoing system as well as implement things like Microsoft teams and all the stuff that comes with the office 365 environment.
Certainly strongly encourage for you to do some research, have a look at this product, deploy it for yourself and then start going out and talking to customers about the opportunities and the value. Thanks for reading. Please feel free to leave your comments below.