Microsoft 365 is a bundled suite of SaaS applications and services that businesses can subscribe to. Microsoft 365 offers Windows 10, Office 365, and Enterprise Mobility + Security, all bundled together. Microsoft 365 products and services enhance security and productivity and help to meet compliance requirements. In this post, I will provide a guide to all the features, capabilities, and opportunities within Microsoft 365. I will explain each major topic and technology and demonstrations for key scenarios. You’ll learn how to manage Microsoft 365 and assist you to pass Microsoft 365 exams and certifications.
Introduction to Microsoft 365 for IT Pros
Microsoft 365 is a SaaS bundle of Windows 10, Office 365, and Enterprise Mobility + Security sold on a subscription basis. In this blog, I will provide a general introduction to Microsoft 365, explaining what it is, product and services and benefits. Difference between Microsoft 365 and Office 365, how update from an existing Office 365 to a Microsoft 365 subscription. Components of Microsoft 365, security features, how Microsoft 365 supports a modern workplace and boost user productivity. This is a preparation for Microsoft 365 Fundamentals. Office 365 becomes Microsoft 365 on April 21st 2020 new name, new benefits, same price. Office 365 Business and Office 365 ProPlus will both become Microsoft 365 Apps. Microsoft will use the “for business” and “for enterprise” labels to distinguish between the two. Office 365 Enterprise E, Education A, Government G and Firstline workers F subscriptions will have no change.
Introduction to Microsoft365
Microsoft 365 is a SaaS bundle of Windows 10, Office 365 and Enterprise Mobility + Security that businesses can subscribe. There are three versions of Microsoft 365.
- Microsoft 365 Education, solution for educational providers.
- Microsoft 365 Business, solution for smaller business for up to 300 users.
- Microsoft 365 Enterprise, which is a complete solution for larger organizations.
A SKU is a stock keeping unit, which is useful for inventory management or in other words, a specific version of a product. The three SKUs available with Microsoft 365 are the Microsoft 365 Education, Microsoft 365 Business, and Microsoft 365 Enterprise.
Microsoft 365 Education is a solution for education providers such as colleges. It includes the core components of Office 365 Education, Windows 10 Education, and Enterprise Mobility and Security, where they’re offered as the A3 versions, which have fewer tools and solutions. The educational version includes some special additions, such as Minecraft Education Edition, which is aimed at promoting teamwork and creativity, and Microsoft Intune for Education, which includes some wizard-based tools to help institutions manage their classroom IT assets.
Microsoft 365 Business is a solution for small and medium sized businesses for up to 300 users. It includes the business versions of Office 365, Enterprise Mobility and Security, and provides a Windows 10 business license upgrade if you already have Windows 7 Professional, Windows 8.1 Pro, or Windows 10 Pro licenses. Many of the special business features and products included in the Business SKU are aimed at enabling smaller businesses who may not have an IT department to easily move to the cloud. Included are many business-focused applications, such as MileIQ for mileage tracking, Invoicing for your billing and payment, and Bookings, which offers an online booking system for your customers to make appointments.
Microsoft 365 Enterprise, is a complete solution of cloud services and applications for organizations of any size. There is an E3 and an E5 subscriptions in Microsoft Enterprise. The E5 versions of these products offers the most comprehensive set of services and tools, particularly in terms of security and analytics. E5 includes Azure Active Directory P2 and Azure Information Protection P2 license. It also includes other services, including Microsoft Cloud App Security, Customer Lockbox, MyAnalytics and Advanced Data Governance. Both of these SKUs also include on-premises server rights for SharePoint, Exchange, and Skype for Business.
If you need a service that is not included in your original SKU, you can always purchase just that one service as an add-on to an existing plan. For example, you can add Security, Analytics, and Voice functionality, and Advanced Compliance or Power BI Pro. With Microsoft 365 you can scale quickly and easily shrink or grow as your business needs change. To scale your Microsoft 365 for extra users or services, simply purchase additional licenses. Microsoft will immediately provide the cloud infrastructure and will manage the increased resource requirements. If you need to store extra data, there is no additional costs, as this is all included within the fixed monthly subscription.
We’ll be focusing on Microsoft 365 Enterprise.
Microsoft 365 Overview
Microsoft 365 is a collection of products and services bundled together into a single subscription. Microsoft 365 includes Office 365 ProPlus. This comes with Outlook, Word, Excel, PowerPoint, and OneNote. These apps can be accessed via the cloud or installed locally on multiple platforms including Windows 10, iOS and Android. You can also install the Office apps onto five different devices per user. Enterprises can also create team sites and intranets using SharePoint Online, collaborate using Microsoft Teams, and protect users’ email with Exchange Online. With Office 365 ProPlus, in addition to the popular Office apps, you also get access to 40+ other apps. These include apps such as Microsoft Stream, Power BI, Microsoft Flow, and PowerApps. Windows 10 Enterprise licenses are included with a Microsoft 365 Enterprise subscription. Windows 10 is a modern, cloud-enabled operating system that supports features such as biometric sign-in, touch, and universal applications. It also supports modern management and device deployment with Windows Autopilot. Windows Autopilot is a deployment method which reduces the amount of time needed to provision devices for your users. Administrators can quickly pre-configure settings so that devices can be shipped directly to users. Once these devices are signed in to your Microsoft 365 tenant, they’ll be auto-configured and enrolled into your mobile device management solution. Microsoft 365 also includes Microsoft Enterprise Mobility and security or EMS which is a suite of products including Azure Active Directory which offers cloud-based identity and access services, Azure Information Protection which offers document labeling, classification, protection and security, Microsoft Advanced Threat Analytics which provides real-time monitoring and protection against malware threats. Microsoft 365 Device Management which uses Intune to offer a mobile device and app management solution. Microsoft 365 Device Management uses Intune to manage devices and apps across multiple platforms including Windows 10, Android and iOS devices allowing devices to access company resources such as data and applications, ensuring that devices are compliant before they can access resources, protect corporate information by managing access restrictions, and controlling how users use and share data and manage applications on devices including app deployment, access and usage.
Core services of Microsoft 365
Let’s look at core services included with the Microsoft 365. Microsoft 365 Enterprise E3 or E5 subscription includes Windows 10 Enterprise licenses. Windows 10 includes modern security measures, such as BitLocker Drive Encryption, and Windows Hello. Application support, including universal Windows apps and tools such as AppLocker,application deployment functionality, using provision packages and PowerShell. And the ability to deploy modern devices with Windows AutoPilot. Windows 10 is delivered using the Windows as a service model. Previously, Windows version updates were released every few years. However, with the Windows as a service model, updates are released regularly, as and when they’re ready. Feature updates are scheduled twice a year, providing new functionality, and quality updates are released at least once a month, and provide patches and fixes and improve security functionality. The second core service included with Microsoft 365 is Office 365. Office 365 includes a set of apps and a set of services. A Microsoft 365 Enterprise E3 or E5 subscription includes Office 365 ProPlus. Office 365 applications include the familiar Outlook, Word, Excel, PowerPoint, and OneNote. OneNote offers additional notebook for storing notes, comments, digital clips, and more. And the Access database, but this is only available for Windows 10 PCs. Office 365 includes various services. These include Exchange Online, which is a cloud-based message and email server. SharePoint Online, which offers a full featured web-based collaborative platform. OneDrive for Business, which is a cloud storage service. Skype for Business, which facilitates online conferencing and calls. And Microsoft Teams, which is a collaborative platform, is replacing Skype. And Yammer, which is an internal social network service. The final core service included with Microsoft 365 is Enterprise Mobility and Security (EMS). EMS offers malware protection, information protection, device and application management, and controls. It also includes compliance and archiving functionality. With EMS, you get access to Enterprise grade malware and information protection. This includes the scanning of all attachments and URL links for malicious payloads. Unified labeling, which helps control and manage data, and prevents it from being shared externally. Information protection, which helps identify and protect sensitive data. And data loss prevention policies, which can be used to inspect the contents of your files and data. This can help accidental leakage or theft such as customer banking information. EMS also includes Microsoft Intune, which is a mobile device management, or MDM solution. Intune offers device and application protection by managing and controlling how devices, such as mobile phones and Windows 10 PCs, how the applications are accessed and used. Intune supports all popular platforms. Including Windows, macOS, Android, and iOS devices. Once enrolled, you can control devices through policies, and deploy and manage apps. Finally, many businesses are becoming subject to regulatory requirements such as HIPAA and GDPR, and they must manage their data in full compliance with these regulations. Enterprise Mobility and Security within Microsoft 365 provides archiving and data preservation functionality, and much more, to help you meet these obligations. The Service Trust Portal and Compliance Manager offers information and tools to help you become compliant.
Other Microsoft 365 services
Windows 10, Office 365 ProPlus, and Enterprise Mobility and Security, are the core services offered with a Microsoft 365 subscription. These services allow devices and applications to be deployed, managed, and protected. However, there are other services included with a Microsoft 365 subscription, that help provide authentication and analytical functionality. Azure Active Directory, or Azure AD, is the cloud-based authentication and identity service which manages user identities and provides access controls for all Microsoft 365 services and applications. The Azure AD services connects and integrates all Microsoft 365 services, applications, and users. All Microsoft 365 subscriptions include Azure AD, with an Enterprise E3 Level subscription giving you an Azure AD P1 license, and an Enterprise E5 license includes Azure AD Premium 2 license, which offers enhanced functionality. End users and devices need to be authenticated to gain access to your cloud-based resources and applications. Azure AD is the identity management layer. It provides identity to the user, device, and resource, contains database of users, devices and resources together with their associated permissions. Azure AD provides Single Sign-On (SSO), which allows users to only use one username and password, authentication token, to access all cloud services to which they’ve been granted access. These can be external services such as Office 365, your corporate Twitter or Instagram account, or an internal service such as your bespoke corporate cloud-based or on-premise app. Once you’ve implemented Microsoft 365, you can use analytical services to gain meaningful information from your stored data, and the usage of your Microsoft 365 services. Analytics can provide insights into how data is used, data patterns, and user interactions, which can be used to streamline and improve your processes. Microsoft 365 analytical services include: Workplace Analytics is an application that uses data from everyday work in Office 365 to identify collaboration patterns that impact productivity, workforce effectiveness, and employee engagement. Workplace Analytics helps you understand how your organization invests its time by giving you insight into how groups collaborate across the organization. Workplace Analytics quantifies Office 365 collaboration to give business decision-makers a powerful tool for evidence-based cultural transformation.; MyAnalytics (formerly Delve), which provides personal analytics for end users, identifying how users spend their time at work, and suggesting ways for them to work smarter. MyAnalytics gives employees insight into two of the key factors in personal productivity — -how they spend their time and who they spend it with; And Power BI, which is a powerful way to visualize your data and share insights across your organization. Business applications designed for the small and medium-sized businesses, including invoicing, bookings, and MileIQ for mileage tracking. Power Apps is a suite of apps, services, connectors and data platform that provides a rapid application development environment to build custom apps for your business needs. Easily create automated workflows with Microsoft Power Automate, previously Microsoft Flow, to improve productivity with business process automation. Microsoft ToDo is a cloud-based task management application. It allows users to manage their tasks from a smartphone, tablet and computer.
Collaboration with Microsoft 365
Microsoft 365 has been designed to provide better integration between multiple Microsoft services. This enhanced integration provides businesses with improved collaboration functionality allowing users to work together in a more productive way. The mobile device management services offered by Intune allow users to be connected on the go, able to access corporate information no matter where they’re located. Collaboration is where two or more people work together on a specific task or project. Team members collaborate to suggest ideas, and provide solutions. With Microsoft Whiteboard, a digital canvas, collaborate on ideas at work with Whiteboard for the web, integrated with Microsoft Teams. With Microsoft SharePoint online Share and manage content, knowledge, and applications to empower teamwork, quickly find information, and seamlessly collaborate across the organization. Both Teams and SharePoint team sites are organized by topic, project, organization, or some other focal point for a team of people. Hence, in any given organization, Teams and channels will often follow a similar structure to SharePoint team and project sites. In fact, this is inherent in the design. Every Microsoft Team automatically has a modern SharePoint team site associated with it; that’s where channel documents are stored. Each channel is associated with a folder in the SharePoint site’s document library. In addition, files sent between users outside of a Teams channel are stored in the sender’s OneDrive for Business folder. Microsoft SharePoint integrated with Microsoft Teams assist team members run projects more smoothly. In this way information on best practice can be shared and workloads can be distributed amongst team members, tagged in tasks to individual skills. There are several other collaboration tools included with Microsoft 365. These tools bring together the resources required by a team allowing them to work better together. These include, communication services with online meetings delivered from the cloud, using Microsoft Teams (replacing Skype for Business online), which can share calls, notes, files and images. You also have outlook for emails including shared inboxes, and resources such as conference rooms. You also have leadership connections providing a single solution for communication and engagement using Yammer, Office 365 and Microsoft Teams. Also learning and sharing, this is where you can crowdsource knowledge. Share best practices and information within your organization using SharePoint Online team sites. Emailing services with Exchange Online, which provides email and calendaring services for Office 365 ProPlus to share data, and arrange meetings and group events, and document storage within OneDrive for Business. Providing secure Cloud based storage accessible from anywhere across multiple platforms, which is shareable with others. Office 365 ProPlus is included with Microsoft 365. However, from time to time you may need to share or work together on documents with external collaborators who may not have access to the Office Suite of applications. To enable these collaborations Microsoft offer, Office on the web. Which includes free versions of the Office apps, which can be accessed online from anywhere by anyone. These are cut down versions of the full Office apps, so not all functionalities are available. However, they are a great resource for collaborative projects. Multiple people can use the same document at the same time, and input concurrently. You can also switch from working with the online version to the desktop version easily.
Enterprise Mobility allows employees to work from anywhere in the world using a variety of mobile devices such laptops, smartphones, and tablets. You can use Mobile Device Management to manage, control and secure your devices, applications, and data. Microsoft 365 includes Microsoft Intune. Intune allows you to manage iOS, macOS, Android, and Windows devices, such as Windows 10 PCs. You can enroll Apple devices, Android devices, and Windows devices, and even automate Windows deployment with Windows Autopilot. With software updates, you can deploy Windows updates, such as quality and feature updates to your remote devices. Once devices are enrolled into Intune they can be fully managed. This includes device configuration, where we can configure the behavior of devices by establishing rules and requirements, which is enforcing passwords on devices, implementing device encryption, and restricting the versions of the operating system on a mobile device allowed to access corporate data. Conditional access, we can use conditional access with device policies to block access for devices which do not meet your policy rules. And Microsoft Intune can be used to deploy, update, and manage your applications. Protection is critical for corporate data which needs to be protected from loss, corruption, leaks, and theft. That protection policies can be used to protect the access and security of data within apps such as your corporate email. Policies allow you to block app functionality. For example, restricting cut, copy, and paste within an app, requiring encryption, and preventing functionality such printing of organizational data. These policies allow you to manage app access and control which applications can be used on managed devices.
Microsoft 365 analytics
Analytics provides you with the ability to perform data interrogation. It allows patterns within information to be discovered and interpreted. You can then make business decisions based on these analytics. For example, discovering that one specific product in the warehouse is not selling very well and yet it occupies a lot of space, allows stock levels to be managed differently. There are a number of analytics tools and apps included with Microsoft 365. Within your Microsoft 365 subscription, on the Office 365 dashboard, you can see the common apps on the right-hand side. When you click all apps, we can see a multitude of different apps which you may not be familiar. Let’s review some of the analytics-related apps here. First, My Analytics. This is included in all Microsoft 365 Enterprise E5 subscriptions. It offers you productivity tracking tools, is able analyze data and suggest ways in which you can work differently and smarter. It allows you to focus on your activity, it allows you to plan your time in meetings, and also covers your wellbeing. How many days of productivity have you had? How many quiet days have you maintained? It analyzes how you spend your time and who you spend it with. For example, your collaborators within your network. MyAnalytics gives employees insight into two of the key factors in personal productivity — -how they spend their time and who they spend it with. By using MyAnalytics, you and your team can accomplish great things. Improve your relationships: Increase your collaboration time, improve your team meetings, and grow your network. Get more focus time: Find more time to eliminate distractions, stop multi-tasking, and focus on your core priorities. Improve your work-life balance: Improve your quiet days and reduce the time you spend working for better work-life balance and overall wellbeing.
Workplace Analytics helps you understand how your organization invests its time by giving you insight into how groups collaborate across the organization. Workplace Analytics quantifies Office 365 collaboration to give business decision-makers a powerful tool for evidence-based cultural transformation. Dashboards highlight potential problem areas through guided exploration, while custom queries offer flexible data access to create valuable analysis. By augmenting Office 365 data with business outcome data, practitioners can identify best practices, develop predictive models, and establish organizational benchmarks. With add-on consulting services, Workplace Analytics solutions experts will help you use this data to identify business opportunities, implement change, and measure success. Microsoft Workplace Analytics is a cloud-based service that provides rich, actionable insights into your company’s communication and collaboration trends that help you make more effective business decisions. Combining the organizational data that your company chooses to provide with email and calendar metadata from Office 365, Workplace Analytics enables analysts to provide business leaders with unprecedented insights about how people spend their time, and who they spend it with. These insights empower business leaders to drive strategies for sales, employee engagement, and productivity initiatives. You can explore the data with the Workplace Analytics dashboards, and dive deeper into your company’s behavioral metrics by using custom queries and query templates. Workplace Analytics provides the following ways to analyze and explore your data.
Home provides analysis scope information and research-based behavioral insights into how your organization gets work done, including employee experience, organizational agility, and customer focus insights. As a new user, you will only see the new Admin setup experience until you get Workplace Analytics set up for the first time.
Analyze includes the following data analysis tools: Explore dashboards help you analyze organizational data trends that are summarized by week, per meeting, by network connections, for management and coaching, and for external collaboration. Queries help you investigate organizational data to answer specific questions. The different query types of Person, Meeting, Group-to-group, and Person-to-group give you flexibility to look at data from multiple perspectives and generate powerful insights.
Plans currently provide a Teamwork improvement plan that enables teams to build better collaboration habits and master their time by using the combined power of Workplace Analytics and MyAnalytics. You can use Workplace Analytics to discover what challenges teams are struggling with, such as collaboration overload, and then enroll the teams in action plans with MyAnalytics to help address these challenges.
Settings enable you to customize Workplace Analytics with the following:
- Sources — View dashboards to verify that Office 365 and organizational data is loaded.
- Upload — Prepare and upload organizational and customer data.
- Analysis settings — Customize meeting exclusion rules to help ensure data accuracy.
- Admin settings — Configure system defaults and privacy settings.
The last tool I’ll cover is Power BI. Power BI is a powerful data visualization tool. It brings together unrelated sources of business data across an organization and then analyzes the data and collates it into live dashboards and reports. Let’s take a look. At Power BI home page there are number of favorites and projects. These are organized into workspaces. We can see Power BI dashboards and open them. This live dashboard allows us to interrogate it. It includes visualizations. These are charts, maps, and graphs which represent the data. We also have access to data sets where we can create new visualizations and also look at quick insights related to a set of data. We can access reports, which are a collection of visualizations on one page, which allows to share visualizations and reports. And tiles which are a single visualization as found within a report or dashboard.
Deepdive on Microsoft 365 and Office 365 Products and Services
Office 365 is Office applications in the cloud designed for business productivity and collaboration. It includes product and services like Word, Excel, SharePoint Online, Exchage online for email, Microsoft Teams for chats and meetings, and OneDrive for Business for storing files. It’s suitable for all device types and platforms, including PCs, smartphones, and tablets, including Android and iOS. Microsoft 365 a SaaS bundle of Windows 10, Office 365 and Enterprise Mobility + Security (Azure Active Directory, Azure Information Protection and Intune) that businesses can subscribe. Software as a service is a software delivery method where a third party, in this case Microsoft, hosts and distributes the applications over the internet on a subscription basis. Office 365 becomes Microsoft 365 on April 21^st^ 2020 new name, new benefits, same price. Office 365 Business and Office 365 ProPlus will both become Microsoft 365 Apps. Microsoft will use the “for business” and “for enterprise” labels to distinguish between the two. Office 365 Enterprise E, Education A, Government G and Firstline workers F subscriptions will have no change.
Microsoft 365 includes Microsoft 365 Apps (Office 365 ProPlus) that are Word, Excel, PowerPoint, OneNote, Publisher (PC only), Access (PC only).
Email and calendar Connect: stay organized with business-class email, calendaring, and contacts all in one place. Outlook, Exchange Online for Mail.
Meetings and Voice: Deliver elevated meeting experiences with sophisticated call functionality and a central hub for meetings, chat, content, and calling with Microsoft Teams.
Social and intranet: Connect and engage across your organization with an intelligent, mobile intranet and enterprise social networking. SharePoint Online is a web platform for storing and sharing data and collaborating. Yammer internal social networking for sharing ideas and news.
Files and Content: Access files from any device, at any time. Engage with intelligent video and create visually striking content in minutes. OneDrive for Business for file storage and file sharing. Microsoft Stream the video streaming service, makes it easy to create, securely share, and interact, whether in a team or across your organization. Microsoft Sway is a digital story presentation to Create and share interactive reports, newsletters, stories, and more. Microsoft Planner A simple, visual way to organize teamwork. Power Apps is a suite of apps, services, connectors and data platform that provides a rapid application development environment to build custom apps for your business needs. Easily create automated workflows with Microsoft Power Automate, previously Microsoft Flow, to improve productivity with business process automation. Microsoft ToDo is a cloud-based task management application. It allows users to manage their tasks from a smartphone, tablet and computer.
Advanced analytics: Work smarter with personal and organizational productivity insights. Make fast, informed decisions with advanced analytical capabilities. Explore your work patterns with MyAnalytics and learn ways to work smarter — -improving your focus, wellbeing, network, and collaboration. Microsoft Workplace Analytics is a cloud-based service that provides rich, actionable insights into your company’s communication and collaboration trends that help you make more effective business decisions. Collaborate with colleagues, model data, author content, share dashboards, publish reports, and perform ad-hoc analysis with a Power BI Pro. Create a data-driven culture by using Power BI Pro for self-service analytics and to easily share and collaborate on interactive data visualizations.
Device and app management: Help users be productive wherever they are while keeping corporate information secure. Flexible management and powerful security solutions let you deliver protected mobile experiences on any device. (Windows, macOS, IOS, Android) Microsoft 365 Admin Center Manage applications, services, data, devices, and users across your Microsoft 365 services. Microsoft Endpoint Manager helps deliver the modern workplace and modern management to keep your data secure, in the cloud and on-premises. Microsoft Endpoint Manager is a single, integrated endpoint management platform for managing all your endpoints. Endpoint Manager includes Intune, Configuration Manager, Desktop Analytics, Autopilot, features in the Device Management Admin Console and services you use to manage and monitor mobile devices, desktop computers, virtual machines, embedded devices, and servers. Microsoft Intune is a cloud-based mobile device management (MDM) and mobile application management (MAM). Intune is included in Microsoft’s Enterprise Mobility + Security (EMS) suite, and enables users to be productive while keeping your organization data protected. It integrates with other services, including Microsoft 365 and Azure Active Directory (Azure AD) to control who has access, and what they have access to, and Azure Information Protection for data protection. When you use it with Microsoft 365, you can enable your workforce to be productive on all their devices, while keeping your organization’s information protected. Windows Autopilot, fine-tuned user experience, and Windows Analytics Device Health. Windows Autopilot is a zero-touch, self-service Windows deployment platform. The Windows Autopilot process runs immediately after powering on a new computer for the first time, enabling employees to configure new devices to be business-ready with just a few clicks.
Identity and access management: Secure connections between people, devices, apps, and data. Increase your security and productivity with a single, holistic identity solution that gives you flexibility and control. Device Guard is one of Windows security features that is a combination of enterprise-related hardware, firmware, and software security features. When configured together, it will lock down a device so that it can only run trusted applications.
Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Device Guard and Credential Guard are features, that when implemented and enabled, reduce the exposed attack surface to malware by requiring additional protectors be enabled on the device.
Azure Active Directory (Azure AD) is cloud-based identity and access management service, which helps your employees sign in and access External and Internal Resources. External resources, such as Microsoft Office 365, the Azure portal, and thousands of other SaaS applications. Internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed by your own organization.
- Azure Active Directory Free. Provides user and group management, on-premises directory synchronization, basic reports, self-service password change for cloud users, and single sign-on across Azure, Office 365, and many popular SaaS apps.
- Azure Active Directory Premium P1. In addition to the Free features, P1 also lets your hybrid users access both on-premises and cloud resources. It also supports advanced administration, such as dynamic groups, self-service group management, Microsoft Identity Manager (an on-premises identity and access management suite) and cloud write-back capabilities, which allow self-service password reset for your on-premises users.
- Azure Active Directory Premium P2. In addition to the Free and P1 features, P2 also offers Azure Active Directory Identity Protection to help provide risk-based Conditional Access to your apps and critical company data and Privileged Identity Management to help discover, restrict, and monitor administrators and their access to resources and to provide just-in-time access when needed.
- Azure Active Directory B2C (Azure AD B2C) is an identity management service that enables custom control of how your customers sign up, sign in, and manage their profiles when using your iOS, Android, .NET, single-page (SPA), and other applications. Azure Active Directory B2C provides business-to-customer identity as a service. Your customers use their preferred social, enterprise, or local account identities to get single sign-on access to your applications and APIs. In Azure Active Directory B2C (Azure AD B2C), a tenant represents your organization and is a directory of users. Each Azure AD B2C tenant is distinct and separate from other Azure AD B2C tenants. An Azure AD B2C tenant is different than an Azure Active Directory tenant, which you may already have.
- Azure AD business-to-business (Azure AD B2B) collaboration to securely share your company’s applications and services with guest users and external partners from any organization, while maintaining control over your own corporate data. Azure AD B2B, the partner uses their own identity management solution, so there is no external administrative overhead for your organization. The partner uses their own identities and credentials; no need to manage external accounts or passwords and no need to sync accounts or manage account lifecycles.
Information protection Protect your sensitive data everywhere, even in motion and when shared. Gain visibility and control over how any file is being used with a comprehensive and integrated information protection solution. Data loss prevention for preventing sensitive data leakage. Data privacy for compliance and data protection regulations. Azure Information Protection helps you classify, label, and protect your data. Control and help secure email, documents, and sensitive data inside and outside your company walls. From easy classification to embedded labels and permissions, enhance data protection at all times with Azure Information Protection, no matter where it’s stored or who it’s shared with. Azure Information Protection is a cloud-based solution that helps an organization to classify and optionally, protect its documents and emails by applying labels. Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations. Office 365 Data Loss Prevention Helps prevent accidental or inappropriate sharing of information. To comply with business standards and industry regulations, organizations must protect sensitive information and prevent its inadvertent disclosure. Sensitive information can include financial data or personally identifiable information (PII) such as credit card numbers, social security numbers, or health records. With a data loss prevention (DLP) policy in the Office 365 Security & Compliance Center, you can identify, monitor, and automatically protect sensitive information across Office 365. Microsoft Cloud App Security comprehensive cloud security to help protect and control sensitive data in cloud apps. Microsoft Cloud App Security is a multimode Cloud Access Security Broker (CASB). It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all Microsoft and third-party cloud services. Microsoft Cloud App Security is a Cloud Access Security Broker that supports various deployment modes including log collection, API connectors, and reverse proxy. Windows Information Protection (WIP), previously known as enterprise data protection (EDP), helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps. Finally, another data protection technology, Azure Rights Management also works alongside WIP to extend data protection for data that leaves the device, such as when email attachments are sent from an enterprise aware version of a rights management mail client. With Office 365, your data is encrypted at rest and in transit, using several strong encryption protocols, and technologies that include Bitlocker, Transport Layer Security/Secure Sockets Layer (TLS/SSL), Internet Protocol Security (IPSec), and Advanced Encryption Standard (AES). Encryption of data at rest include files that you’ve uploaded to a SharePoint library, Project Online data, documents that you’ve uploaded in a Skype for Business meeting, email messages and attachments that you’ve stored in folders in your Office 365 mailbox, and files you’ve uploaded to OneDrive for Business. Encryption of data in transit include mail messages that are in the process of being delivered, or conversations that are taking place in an online meeting. In Office 365, data is in transit whenever a user’s device is communicating with an Office 365 server, or when an Office 365 server is communicating with another server. With Office 365 Message Encryption, your organization can send and receive encrypted email messages between people inside and outside your organization. Office 365 Message Encryption works with Outlook.com, Yahoo!, Gmail, and other email services. Email message encryption helps ensure that only intended recipients can view message content.
Threat Protection: Detect and investigate advanced threats, compromised identities, and malicious actions across your on-premises and cloud environments. Protect your organization with adaptive, built-in intelligence. Microsoft Threat Protection is a unified pre and post breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate and automatically respond to sophisticated attacks. With the integrated Microsoft Threat Protection solution, security professionals can stitch together the threat signals that each of these products receive and determine the full scope and impact of the threat; how it entered the environment, what it’s affected, and how it’s currently impacting the organization. Microsoft Threat Protection takes automatic action to prevent or stop the attack and self-heal affected mailboxes, endpoints, and user identities. Office 365 Advanced Threat Protection Protect your organization against sophisticated threats such as phishing and zero-day malware and automatically investigate and remediate attacks. Microsoft Defender Advanced Threat Protection is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. Microsoft Defender ATP uses the following combination of technology built into Windows 10 and Microsoft’s robust cloud service:
- Endpoint behavioral sensors: Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system and sends this sensor data to your private, isolated, cloud instance of Microsoft Defender ATP.
- Cloud security analytics: Leveraging big-data, machine-learning, and unique Microsoft optics across the Windows ecosystem, enterprise cloud products (such as Office 365), and online assets, behavioral signals are translated into insights, detections, and recommended responses to advanced threats.
- Threat intelligence: Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Microsoft Defender ATP to identify attacker tools, techniques, and procedures, and generate alerts when these are observed in collected sensor data.
Azure Advanced Threat Protection (ATP) cloud service helps protect your enterprise hybrid environments from multiple types of advanced targeted cyber attacks and insider threats. Azure Advanced Threat Protection (ATP) leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Azure ATP monitors your domain controllers by capturing and parsing network traffic and leveraging Windows events directly from your domain controllers, then analyzes the data for attacks and threats. Utilizing profiling, deterministic detection, machine learning, and behavioral algorithms Azure ATP learns about your network, enables detection of anomalies, and warns you of suspicious activities.
Device Guard, which protects device hardware against malicious code. Credential Guard which isolates and protects key systems and passwords, Windows Sandbox for providing sand box environment, Windows Hello for biometrics.
Gain visibility into your cloud apps and services, build insights with sophisticated analytics, and control how your data travels so you can respond to and combat cyberthreats. Secure Score Get the visibility, insights, and guidance you need to maximize your organization’s security posture and take full advantage of Microsoft 365 and Azure security. Microsoft Secure Score is a measurement of an organization’s security posture, with a higher number indicating more improvement actions taken. Following the Security Score recommendations can protect your organization from threats. From a centralized dashboard in the Microsoft 365 security center, organizations can monitor and work on the security of their Microsoft 365 identities, data, apps, devices, and infrastructure. Currently there are recommendations for Office 365 (including SharePoint Online, Exchange Online, OneDrive for Business, Microsoft Information Protection, and more), Azure AD, and Cloud App Security. Recommendations for other security products, like Azure ATP and Microsoft Defender ATP, are coming soon. The recommendations will not cover all the attack surfaces associated with each product, but they are a good baseline. You can also mark the improvement actions as covered by a third party. Microsoft Security and Compliance Center, Microsoft 365 compliance center provides easy access to the data and tools you need to manage to your organization’s compliance needs. The Office 365 Security & Compliance Center is designed to help you manage compliance features across Office 365 for your organization. Links to existing SharePoint and Exchange compliance features bring together compliance capabilities across Office 365. Assess your compliance risk with simplified assessment tools. Intelligently respond to requests and protect data across devices, apps, and clouds with Advanced eDiscovery, Customer Lockbox, Advanced Data Governance, Service Encryption with Customer Key and Privileged Access Management. The Microsoft Service Trust Portal provides a variety of content, tools, and other resources about Microsoft security, privacy, and compliance practices. Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Azure Sentinel is your birds-eye view across the enterprise alleviating the stress of increasingly sophisticated attacks, increasing volumes of alerts, and long resolution timeframes. Collect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds. Detect previously undetected threats, and minimize false positives using Microsoft’s analytics and unparalleled threat intelligence. Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cyber security work at Microsoft. Respond to incidents rapidly with built-in orchestration and automation of common tasks.
Microsoft 365 compliance
Most organizations need to meet regulatory compliance standards. These can be government standards, such as the General Data Protection Regulations, or GDPR in the EU, or the Health Insurance Portability and Accountability Act, or HIPAA, and the Sarbanes-Oxley Act in the U.S. There are also industry specific standards that need to be met. Microsoft 365 includes a dedicated security and compliance center within the Microsoft 365 portal. This allows you to manage security and compliance controls across Office 365 ProPlus, Windows 10, and EM + S services from one location. Within Microsoft 365 Admin Center under Admin centers in the Security and Compliance we can see the Microsoft 365 Security and Compliance center. All our data controls and information, including reports, are shown in one portal across Microsoft 365 and Office 365, including Threat management, and Service assurance. In addition, the Microsoft 365 security and compliance components each have a dedicated portal which you can access from Microsoft 365 Security and Compliance center. The Microsoft 365 Security and Compliance Center include specialist tools for data loss prevention, which helps identify and protect your organization’s sensitive information preventing it from being shared with the wrong people. Data governance which allows you to set data retention policies, data classification, which allows you to classify and label sensitive information types contained within your online documents. Threat management includes reports on the current status of your system and allows you to review quarantined items. Service assurance shows how Microsoft are meeting their own compliance obligations through the compliance reports and trust documents which you can use to help in your business. Data privacy provides access to the GDPR dashboard and allows you to respond to GDPR data requests, and finally, the search and investigation portal allows you to perform e-discovery content and audit logged searches in support of your data compliance requirements. Other tools are also included with Microsoft 365 to help you keep control of your data. These include Azure Information Protection, which protects sensitive information in emails and documents by using labels, encryption, and controls, Microsoft Cloud App Security, which allows you to monitor all cloud based traffic passing through your network firewall, and Secure Score which helps you to understand your organization’s security position by scoring your current security provisions. It also provides help and guidance on how you can improve your security protections. Outside of your Microsoft 365 subscription you can also access other Microsoft compliance resources. The Service Trust Portal provides information, tools, and resources which show you how to manage your own security compliance and privacy. The Service Trust Portal is divided into sections of compliance with Microsoft audit reports by independent third party audit assessors and also access to the Compliance Manager tool to help you track and manage your own compliance progress. You could also see industries and regions, which provide information on industry and region specific compliance information. Also within the Service Trust portal you can see documents and resources with Microsoft security and design information such as white papers, FAQs, and How-To articles regarding their service assurance. Microsoft Trust Center provides information about cloud service functionality which you can use to support GDPR compliance. My Library component is a document storage area where you can save relevant compliance documents for easy access and retrieval and the Admin is the administrative area to manage settings and access controls. To access the Service Trust Portal you can use the Service Trust portal or navigate from the Microsoft 365 Admin Portal. From the Microsoft 365 Security and Compliance Center, scroll all the way down on the left hand side and click Service Assurance. Here we can see the dashboard compliance reports, trust documents, compliance manager, and settings section. The dashboard allows you to configure industry and regional settings for your business. Select Region like North America. Select the market or industry that you belong to. And then click save. We can now access documents provided by Microsoft that relate to specific region and vertical market. Select the Compliance Manager, use the links here to direct to the Service Trust Portal. The Service Trust Portal allows to access a variety of tools and third-party audit reports and other resources that Microsoft provides to help with security, privacy, and compliance needs. The Compliance Manager, helping track and manage compliance controls within an organization. Here you can see the assessments dashboard of the compliance manager and it allows you to focus and record all information relating to a specific compliance requirement, such as GDPR. You can track your customer controls and delegate them to members of team, or set the Microsoft Managed Controls and see a fully worked example of how Microsoft implemented GDPR within their organization. You can see specific controls, the details relating to them, and also how they tested and implemented the control. Furthermore, if you want to export the whole report to Excel you can do this either for Microsoft controls or controls within your business. Click export and then launch Excel. Here we can see the Microsoft Managed Controls relating to the specific GDPR components that we need to be compliant for. We can see the description, compliance score, status implemented and also the test plan and the details of how Microsoft provided compliance with this standard. Compliance Manager provides an easy to use workflow control tool to help you track your compliance progress against multiple regulatory frameworks, including GDPR and HIPPA, all from a single dashboard. It also provides examples of how Microsoft managed their own compliance goals against a number of frameworks. Within Compliance Manager you can delegate compliance tasks that need to be completed to members of your team. You can track their progress and once tasks have been successfully completed, Compliance Manager is updated to show you your compliance progress, your organizational progress, and the example from Microsoft is available to download in Excel format from the Compliance Manager. In addition to the Office 365 Security and Compliance Center compliance administrators have access to the Microsoft 365 Compliance Center. Microsoft 365 Compliance Center, which is a specialized workspace for your compliance, privacy, and risk management needs. The Monitoring and reports section allows you to view data loss prevention issues and policy matches. It also pulls in information related to MCAS, or Microsoft Cloud App Security, and provides links directly to those tools. You can view your classification, labels, label policies, and review sensitive information types. You can view your data subject requests related to GDPR and other regulations, and review your tenant permissions for your security and compliance roles. The more resources item provides links to other resources such as your Security Center, Security and Compliance Center, Azure Active Directory, and Azure Information Protection.
Upgrading from Office 365 to Microsoft 365
Office 365 becomes Microsoft 365 on April 21st 2020 new name, new benefits, same price. Subscription cost will not change. Office 365 Business and Office 365 ProPlus will both become Microsoft 365 Apps. Microsoft will use the “for business” and “for enterprise” labels to distinguish between the two. Office 365 Enterprise E, Education A, Government G and Firstline workers F subscriptions will have no change. Many Office 365 subscriptions automatically become Microsoft 365 subscriptions. No action is needed from your end.
There are no changes to the following Office 365 for enterprise plans:
- Office 365 E1, F1, A1, G1
- Office 365 E3, A3, G3
- Office 365 E5, A5, G5
Existing Office 365 Business, Office 365 Business Essentials, Office 365 Business Premium, or Microsoft 365 Business plans do not need to take additional action. The changes will happen automatically.
Upgrading from Office 365 Enterprise to Microsoft 365 Enterprise is an upgrade of the license and subscription. At any time, you can sign up for a 30-day trial of Microsoft 365. You can do this within the billing section of your Office 365 admin portal. Once you are ready to upgrade, there are three ways to accomplish this. These are
- Ask your cloud solution provider (CSP). This is the vendor that you use for purchasing Microsoft services.
- If you purchased your Office 365 using volume licensing, then contact your Microsoft partner or Microsoft authorized education partner to arrange the upgrade.
- Call Microsoft Support and ask them to switch your licensing plans.
Originally published at https://github.com.