Module 1

Module 1: Planning and Provisioning Office 365

Module Overview

In this module, you will learn about setting up an Office 365 tenant for a trial or for a full deployment including
the key technical decision points in both pilot and deployment phases. This module introduces the core services
of Office 365 and how to configure DNS settings to add custom/vanity domains for use with all Office 365
services.

Objectives

After completing this module, students will be able to:

Describe the features and benefits of Office 365

Provision a New Tenant

Plan a pilot deployment of Office 365

Add a custom domain to an Office 365 tenant

Lesson 1 - Overview of Office 365

What is Office 365?

What is Office 365?

• Software as a Service (SaaS)
• Productivity Tools
• Cloud Storage
• Communication Services
• Launched 2011

Initially launched in as BPOD, Microsoft 365, formerly Office 365, is a line of subscription services offered by
Microsoft which adds to and includes the Microsoft Office product line. The brand was launched on July 10, 2017,
for a superset of Office 365 with Windows 10 Enterprise licenses and other cloud-based security and device
management products.

In April 2020, the consumer and small business plans of Office 365 were renamed Microsoft 365 to emphasize
their current inclusion of products and services beyond the core Microsoft Office software family (including cloud-
based productivity tools and artificial intelligence features). Most products that were called Office 365 were
renamed Microsoft 365 on the same day.

Microsoft 365 encompasses subscription plans that allow the use of the Microsoft Office software suite over the
life of the subscription, as well as cloud-based software-as-a-service products for business environments, such as
hosted Exchange Server, Skype for Business Server, and SharePoint, among others. All Microsoft 365 plans
include automatic updates to their respective software at no additional charge, as opposed to conventional
licenses for these programs, where new versions require the purchase of a new license.

The Office 365 branding remains in use for subscription plans targeting some enterprise markets. Purchased on a
subscription model Microsoft 365 focus on four main areas:

Devices. Microsoft 365 supports a anywhere, anytime, any device approach to productivity with support
for a wide variety of devices and platforms.

Cloud. Microsoft 365 is wholly designed as an on-demand cloud service that remaind evergreen (meaning
it is always up to date with the latest features and releases). Microsoft 365 is an enterprise-grade, cloud
productivity solution with robust security, guaranteed reliability, and compliance with industry standards such
as ISO-27001, EU Model clauses, the Health Insurance Portability and Accountability Act (HIPAA), General
Data Protection Regulation (GDPR), and Federal Information Security Management Act (FISMA).

Integration. Microsoft 365 offers integration across the included services and with many third party
products/services as well as custom applications.

Control. Features such as Data Loss Prevention (DLP), eDiscovery, archiving, and data-hold capabilities
ensures Microsoft 365 can provide a safe, secure and compliant way for organizations to control their data.

The core services in Microsoft 365 consist of cloud-based equivalents of Exchange Server, SharePoint Server, an
integrated directory service and Microsoft Office. Alongside Microsoft Azure and Dynamics 365 this enables
organizations of all sizes to either move their entire IT infrastructure to the cloud or to implement a range of
hybrid options, depending on their needs.

Office 365 is part of Microsoft 365. You can license Office 365 alone or as part of a Microsoft 365 subscription.
Microsoft 365 includes additional Security and compliance features as well as Windows licenses on top of Office
365. Whilst this course focuses on the features in the Office 365 component, it is also applicable to organizations
deploying and administering Microsoft 365.

Comparing Office 365 and Microsoft 365

Comparing Office 365 and Microsoft 365

Although there are variations in subscriptions (licences) generally speaking Office 365 is part of Microsoft 365.
Office 365 plus Windows and extended security & compliance tools in the Enterprise Mobility + Security (EM&S)
pack gives Microsoft 365.

The exceptions to this are licences which use the name Microsoft 365 and do not include Windows, such as
Microsoft 365 Business Basic and Microsoft 365 Business Standard, both of which include only the Office 365
features.

A useful tool to compare features is the M365 Maps site https://aka.gd/3uef56J which also splits the
component features of each license into Office 365, Windows and EM&S.

Licencing Office 365

Licensing Office 365

Education Business Enterprise

• Personal • Free/Student • < 300 Users • E3
• Family • Paid/Staff • Basic • E5
• Standard
• Premium

There are various subscriptions available with commercial licencing primarily split between

Business
Targeted at small and medium-sized organizations

Up to 300 users

Enterprise
Targeted at large organizations

Over 300 users

Other subscriptions types include:

Microsoft 365 Home

Microsoft 365 Education

Microsoft 365 Government

Microsoft 365 Nonprofit

Most subscription types include different tiers with different features. In the Enterprise subscription type there
two tiers, E3 and E5. Both Office 365 and Microsoft 365 licences in the E3 and E5 tiers, with E5 being the
premium license in both and including more features than E3. E5 exclusive features are typically those which look
to provide management at scale features such as automatic labelling of content for compliance purposes.

This course is based on the Office 365 E3 subscription. To review the features in the Office 365 E3 licence see
https://aka.gd/33OT8AJ . Or use the M365 Maps site https://aka.gd/3uef56J

Licences can be bought directly from Microsoft (called Web Direct), through an authorized partner or via an
Enterprise Agreement.

Office 365 subscriptions are primarily priced per user.

We will review the security, compliance and identity protection features and their licencing in Module 8: Security
& Compliance in Office 365.

Which license(s) do you have?

You can review the licences assigned to you using View Account under your user menu on the Office.com
portal.

Lesson 2 - Core Services of Office 365

The Core Services of Office 365

What are the Core Services of Office 365?

The core services can be deemed to be Exchange, SharePoint, OneDrive, Teams and the Office Apps with access
to all Office 365 Services controlled by Azure Active Directory.

Azure AD

Azure Active Directory (Azure AD) is Microsoft's multi-tenant cloud-based directory and identity management
service. For IT Admins, Azure AD provides an affordable, easy to use solution to give employees and business
partners single sign-on (SSO) access to thousands of cloud SaaS Applications like Office365, Salesforce, DropBox,
and Concur.

Active Directory Domain Services is the traditional deployment of Windows Server-based Active Directory on a
physical or virtual server. Although AD DS is commonly considered to be primarily a directory service, it is only
one component of the Windows Active Directory suite of technologies, which also includes Active Directory
Certificate Services (AD CS), Active Directory Lightweight Directory Services (AD LDS), Active Directory
Federation Services (AD FS), and Active Directory Rights Management Services (AD RMS). Although you can
deploy and manage AD DS in Azure virtual machines it's recommended you use Azure AD instead, unless you are
targeting laaS workloads that depend on AD DS specifically.

Azure AD Concepts

Identity . A thing that can get authenticated. An identity can be a user with a username and password.
Identities also include applications or other servers that might require authentication through secret keys or
certificates.

Account . An identity that has data associated with it. You cannot have an account without an identity.

Azure AD Account . An identity created through Azure AD or another Microsoft cloud service, such as
Office 365. Identities are stored in Azure AD and accessible to your organization's cloud service subscriptions.
This account is also sometimes called a Work or school account.

Azure subscription . Used to pay for Azure cloud services. You can have many subscriptions and they're
linked to a credit card.

Azure tenant . A dedicated and trusted instance of Azure AD that's automatically created when your
organization signs up for a Microsoft cloud service subscription, such as Microsoft Azure, Microsoft Intune, or
Office 365. An Azure tenant represents a single organization.

Exchange Online

Exchange Online
• Hosted Messaging
• Exchange Online Protection
• Exchange Online Archiving

Exchange Online offers a hosted messaging solution which includes email, calendar, contacts and tasks for use
across multiple devices and platforms. Exchange Online Protection is built in to filter out spam & malware, and
online archiving is also available, depending on licensing.

Exchange Online can be deployed in cloud only or hybrid modes with the cloud servers being hosted in the
Microsoft data centers.

See Service Descriptions for Exchange Online https://aka.gd/3u45zTO , Exchange Online Protection
https://aka.gd/3rgWYLT , Exchange Archiving https://aka.gd/3G6gtL5

Microsoft SharePoint Online

 SharePoint Online
• Collaboration Platform
• Powers File Storage across
365
• SharePoint Framework

SharePoint Online is a platform upon which collaboration and content management deployment can be based. It
is the technology that powers file storage across Office 365 including OneDrive and Teams. We use SharePoint
Online for intranet sites, knowledge management, applications as well as content management systems and it is
extensible with the SharePoint Framework.

See Service Description for SharePoint https://aka.gd/3g6nmkV

OneDrive

OneDrive
• Personal SharePoint Site
• Powers Modern Attachments
• Name of Sync tool and Mobile app

OneDrive can be described as 'My Document in the cloud'

As technically it is a document library in the personal SharePoint site assigned to each user, some do not consider
OneDrive a service in its own right but rather a feature of SharePoint Online.

OneDrive is also the name of the application used for synchronisation of file with Office 365 to PC & Mac, plus a
mobile device app which can be used for browsing files across Office 365 and offline access to those files.

See Service Description for OneDrive https://aka.gd/3Hb5QIn

Microsoft Teams

Microsoft Teams
• Communication &
Collaboration
• "Single pane of glass"
• Launched March 2017

Microsoft Teams was launched in March 2017. It offers a combination of communication and collaboration
experiences as well as integrating with other tools including non Microsoft tools & services. Often referred to as
the "Single pane of glass", Teams is the hub for collaboration and communication (incl meetings).

See Service Description for Microsoft Teams https://aka.gd/3G7MCC3

Microsoft 365 Apps for Enterprise

Microsoft 365 Apps

• Microsoft Office
• Multiple Platforms
• Not in all Licenses

Microsoft 365 Apps for enterprise (formerly Office 365 ProPlus) is a business subscription plan that charges per
user rather than per device. It provides subscribed users with more Microsoft Office apps and services than other
options.

Microsoft 365 Apps for enterprise subscribers install all the associated Microsoft products and services on up to
five Windows or Mac computers, five iOS or Android tablets, and up to five iPhone or Android smartphones.
It should be noted that there are also web app (online) versions of Word, Excel, PowerPoint, and OneNote.

See Service Description for Office Apps https://aka.gd/33QXYNS

Additional Tools and Services

Additional Tools & Services Dynamics 365 Power Bl

Viva Topics Sway Planner My Analytics

Viva Delve Yammer Cortana

Connections

Project Whiteboard Stream

Viva Insights

Publisher Editor Kaziala

Viva Learning
Bookings ToDo
Power Automate Visio

Power Virtual
Power Apps Forms agents
Lists

There are many other tools and services in & around Office 365. The main ones will be considered in Module 7 of
this course. These additional tools include:

Yammer - An internal social networking tool

Project Online and Project for the Web - Project Management Tools

Visio Online - Business drawing tool

Dynamics 365 - Business tools including CRM and ERP

Publisher - For producing in-house publications

Sway - Multi Media publications

Planner - Collaborative Task Management

To Do - Personal Task Management

Cortana - Digital Personal Assistant

Power Platform - for building custom tools and applications

Power Virtual Agents - chat bots

Power Automate - automate tasks across the Microsoft cloud and beyond

Power Apps - custom application development tool

Power BI - Business information analytics and reporting

Microsoft Viva
Viva Learning - collaborative learning

Viva Insights - productivity and wellbeing

Viva Topics - knowledge management

Viva Connections - linking the SharePoint intranet, Yammer & Teams

 Microsoft Stream - for video content

Microsoft Forms - for digital forms, polls and quizzes

Editor - content proofing

Whiteboard - digital whiteboard

Microsoft Lists - for business lists

Microsoft Bookings - appointment scheduling tool

Delve - profile and search tool

Kaizala - SMS based chat tool

Lesson 3 - Requirements for an Office 365 Tenant

Trial/Demo vs Production Tenant

When setting up a trial or demo tenant, it is advisable to decide in advance it this may become a production
tenant. When you are setting up a tenant some of the information you put in at the very start cannot be easily
changed and has implications for the future. You should carefully consider:

One of the most important parts of setting up your Office 365 tenant is the organisation name. Essentially
this name becomes part of the URL for all SharePoint sites, Teams and OneDrive sites. It has to be unique,
identifiable as yours (ie you cannot use Microsoft or BritishAirways) but also, cannot not too long. Whilst you
can add a custom domain later, the URL will still show the aforementioned sites. When you enter this
information, Microsoft 365 generates a default domain name based on the company name you supply. The
default domain name will end with .onmicrosoft.com .

The country as it cannot later be changed and determines data residency (where your data is stored) unless
you later implement Multi-Geo features

Contact details as they will be used for billing and subscription queries and should be an account which is not
tied to an individual user so continuous access can be maintained

The first 'user' set up during sign up should not be an actual user. This account will become the primary
company admin account and if assigned to a user who later leaves this can be problematic.

You must also enter a password. Passwords should be at least 10 characters long and contain a random
mixture of uppercase and lowercase letters, numbers, and special characters. Here are a few
recommendations for keeping your organization as secure as possible.

1. Maintain an 8-character minimum length requirement

2. Don't require character composition requirements. For example, *&(A%$

3. Don't require mandatory periodic password resets for user accounts

4. Ban common passwords, to keep the most vulnerable passwords out of your system

5. Educate your users to not reuse their organization passwords for non-work related purposes

6. Enforce registration for multi-factor authentication

7. Enable risk-based multi-factor authentication challengesThese will be discussed in a later module.

You will also need to provide a mechanism for validating the sign-up. This can be text message or phone call,
so you will need a mobile device to complete this process.

Payment details, if purchasing direct this needs to be a payment card. You can change the card and if your
subscription reaches required value Billing Support can move you to an invoice method. If you purchase via a
partner the billing method is set by the partner.
The fields displayed in the sign-up process will vary depending on the country/region you select at the beginning
of the process. Tenant location determines where your data will be stored. The following table includes a list of
the different fields for which you must provide values when you sign up for a new tenant account.

Can be
Field Value Required Type
changed

Country/ Region Name Yes No Drop-down list

Text field, 50- character

First/ Last names Tenant admin name Yes Yes
limit

Email Tenant admin email Yes Yes Text field

Address 1,
Tenant address
Address 2, Yes No text
information
Address 3

City Company City Yes Yes Text

State/ County Company state Yes Yes Drop-down or text

Zip/ Postal code Company Zip Yes Yes Text

Phone Contact phone Yes Yes Text

Organization Name of the tenant

Yes Yes Text
name company

There are many resources to assist with planning, deployment and adoption, most of which have been
consolidated into the Microsoft Adoption site and the Microsoft Fasttrack site

Custom Domains

Planning for Custom Domains

Consider the following when planning custom domains:
• Additional Root domains
• Subdomains
• Domain adding order
• DNS record hosting
• Domain numbers
• DNS console access Domains

• Not registering DNS + Mddomsn 3 Buydomjtn Q Refresh

• Not changing all records

• DNS record propagation

Office 365 supports multiple custom domains per tenant including subdomains. If you are using subdomains you
must first add the main domain then add the subdomains. When adding a custom domain name to Office 365
you need to configure DNS entries to confirm ownership of the domain to and then to point services to Office
365. You will need access to modify your DNS records in the public DNS zone to add a custom domain.
Some domain hosting organizations support direct configuration from Office 365, but others do not and the exact
process can be very different depending on your domain host.

Remember that some DNS settings and hosters require up to 72 hours to propagate although this is less
commonplace nowadays.

To add a custom domain to your Office 365 tenant, use ethe following steps:

1. Verify you have access to update the DNS records

2. Start the domain set up wizard. You will be prompted to add a DNS entry to verify ownership of the domain.

3. Once the domain is verified the wizard will provide automatic configuration or configuration guidance with
required entries.

4. The wizard will check for the updated entries to confirm the configuration.

5. Once verified you can use the domain for users and groups.

Whilst the DNS requirements do not change frequently it is recommended that you review the official
guidance for configuration requirements in order to plan. When adding the domain name the wizard will give
instructions on records to create and update and you should check the domain settings in the Microsoft 365
admin center periodically to ensure that domains remain healthy and requirements for existing domains have not
changed.

The following table summarizes the main DNS entries needed and their purpose.

Record Type Purpose

Direct incoming mail to Exchange Online

MX
Can also be used for domain ownership verification

CNAME Autodiscovery for adding accounts to mail clients and Application Sign In

Normally used for domain ownership verification, though an MX record can be used.
TXT Sender Policy Framework (SPF) entry for email anti-spam protection.
To configure hybrid Exchange

A Single Sign-On configuration

For instant messaging to direct to the appropriate application and support cross¬
SRV
organization messaging

Network Requirements
 Network Requirements
• Office 365 URLS and IP Address
Ranges
• Updated monthly
• New endpoints added 30 days
prior to activation

Office 365 is a cloud-based service and internet communication is required for the services to function.

You will need to verify that your network permits traffic to the required endpoints. You may also need to optimize
the way firewalls and other network devices handle traffic to these endpoints in order to maximize performance.

The published list of endpoints is updated (if needed) at the beginning of each month with endpoints published
30 days in advance of being active. This information is available from https://aka.gd/3IMV37m

For more information on network planning for Office 365 see https://aka.gd/35ID04l

Feature Updates

Feature Updates
• Release Preferences
• Standard Release
• Targeted Release for All
• Target Release for Selected Users

• Update Channels
• Monthly Channel
• Semi-Annual Channel
• Semi-Annual Channel (Targeted)

©a fc

The Microsoft Cloud is Evergreen. Planned updates are published on the Microsoft 365 roadmap and also
to the message centre in the Microsoft 365 admin centre.

Microsoft release features in waves which they call Rings at different times during their development. Ring 0
is for the teams working on the features, whilst full availability (known as General Availability) for a
standard worldwide tenants is Ring 4
With Microsoft 365, you receive new product updates and features as they become available instead of doing
costly updates every few years. You can manage how your organization receives these updates. For example,
you can sign up for an early release so that your organization receives updates first. You can designate that only
certain individuals receive the updates. Or, you can remain on the default release schedule and receive the
updates later.

Any new release is first tested and validated by the feature team, then by the entire Microsoft 365 feature team,
followed by all of Microsoft. After internal testing and validation, the next step is a Targeted release (formerly
known as First release) to customers who opt in. At each release ring, Microsoft collects feedback and further
validates quality by monitoring key usage metrics. This series of progressive validation is in place to make sure
the worldwide-release is as robust as possible.

Standard release. This is the default option where you and your users receive the latest updates when
they're released broadly to all customers.A good practice is to leave the majority of users in Standard release
and IT Pros and power users in Targeted release to evaluate new features and prepare teams to support
business users and executives. This is Ring 4.

Targeted release. With this option, you and your users can be the first to see the latest updates and help
shape the product by providing early feedback. You can choose to have individuals or the entire organization
receive updates early. This is Ring 3.

To configure the first release settings for your organization, in the Microsoft 365 admin center, select
Organization profile from the Settings menu. You can edit the release preferences for all users or
configure specific users to receive the first release updates.

For more information about release preferences see https://aka.gd/3HgFCUI

In addition to configuring Microsoft 365 update settings, you can control the update behavior for Office apps
using update channels . Update channels define how often updates occur for Office apps that are deployed
to users in your Microsoft 365 tenant:

Monthly channel. Monthy channel is ideal if you want to provide your users with new Office features
each month, but only want to receive one update per month on a predictable release schedule.Updates are
released on the second Tuesday of the month. This monthly update can include feature, security, and non¬
security updates.

Semi-annual channel. Semi-Annual Channel is recommended only for those select devices in your
organization where extensive testing is needed before rolling out new Office features. For example, to comply
with regulatory, governmental, or other organizational requirements. Or, in those cases where there are other
reasons why your organization can't provide your users with new Office features on a more frequent basis
than twice a year.Updates to Semi-Annual Enterprise Channel are released on the second Tuesday of the
month. In January and July, the monthly update can include feature, security, and non-security updates. In
other months, the update can include security and non-security updates.

Semi-annual channel (targeted). This channel contains the same updates as the semi-annual channel,
but it releases earlier, in March and September. The targeted channel is meant to give pilot users and
compatibility testers access to semi-annual channel features before the semi-annual channel release.

Update channels can be set in the Microsoft 365 Admin Center by choosing Office installation options under
Services from the Settings menu , in Office configuration, via Group Policy or by editing registry entries on
PCs. This flexibility allows for a range of update channels to be used within a single organization.

For more information about update channels see https://aka.gd/3IPfVek

Lab

Lab 1: Configure an Office 365 Tenant

Lab scenario
Throughout the labs in this course, you will take on the persona of Holly DA&acbnm'sEnterprise
Administrator. You have been tasked with deploying Microsoft 365 using a virtualized lab environment.
Adatum'sproject team has decided to implement Microsoft 365 in a pilot project that will not only provk
them with experience using the product, but also enable them to match their business requirements wr
Microsoft 365 feature set. In this exercise, you will begin implementing Microsoft 365 within the pilot pre
by setting up^datum'sMicrosoft 365 trial tenant.

Objectives

Exercise 1: Exercise 2: Exercise 3

Provision an Office Configure a Custom (optional):
365 Tenant Domain Exploring the Office
365 Admin Centers

Review

Lab Review

Question: In the lab, you configured a new tenant and added a custom domain. What would you need to
configure to ensure your users could access the services?
Question: In the lab, you configured a new tenant. If you were using the tenant as a trial for proof of
concept only, would you need to plan in advance?

Module Review

Question: What services are core to all Microsoft 365 and Office 365 subscriptions?
Question: Do you need a custom domain to use Office 365?
Question: Office 365 plus Windows and which bundle makes up Microsoft 365?

Shared Experiences : Be sure to share any experiences and tips (or questions) you may have from set up of
Office 365 tenants in the past.