How to get started with Microsoft 365
If you have been following along with our series on Microsoft 365, you now know what it is, and why you might want it. And if you attended my presentation at our recent TechPulse event, you also know that this product represents a big evolution from legacy to modern networks–if you are trying to get rid of physical servers on-premises or in your datacenter, then this is the place to start!
But, Microsoft 365 includes a TON of software beyond your traditional Office 365 subscription—it may feel overwhelming. So where exactly do you start?
Step 1. Upgrade to Windows 10 Pro
If you are not there already, then without a doubt, this is the place to start. Windows 10 upgrade rights are included in the Microsoft 365 license, and if you are still using Windows 7 in your environment, then just know that your deadline is fast approaching for getting off that legacy OS. Having the upgrade rolled out first will help you to extract the best possible experience with Microsoft 365.
For example, Windows Hello can provide easier, more secure ways to sign-in to the PC (that do not rely on a password). Additionally, apps such as OneDrive in Windows 10 will have better compatibility and more features, like Files On-Demand (automatically sync just the files that you use, leaving the rest in the cloud).
Upgrading is normally not a big deal since app compatibility between Windows 7 and 10 is very good (95+ %)—but you do want to make sure that you have good hardware (don’t run an upgrade on a device that is already 3, 4 or 5 years old—at that point, just buy new hardware—trust me).
Step 2. Enroll your devices for modern management
Whether you are upgrading to Windows 10 or just moving existing Windows 10 computers from a legacy domain/workgroup, you will also want to join your PC’s to Azure Active Directory. This means that you can sign in to your PC using your Office 365 email address and password, and at that point your computer will no longer depend on your legacy Active Directory server for login. Now you can push software and policies to those devices from anywhere.
While you are at it for the PC’s, you might as well enroll your mobile devices too. You can choose a full management model where you get similar controls to what you have with Windows 10, or, a “soft” management model where you only manage the business apps, like Outlook and OneDrive for iOS and Android.
Either model will allow you to remotely remove corporate data, leaving the rest of the device intact. The full management model gives you more leverage over the device, and the ability to enforce stronger restrictions/policies.
With devices enrolled, we can also enable Conditional access, which is a powerful tool that can protect your cloud-based assets. Essentially, you could say “Only allow managed devices to access my cloud apps.” This limits your overall attack surface pretty quickly.*
Step 3. Migrate your data and make the shift to modern apps
Most of us already have our email in Office 365, but if not it’s usually the first step. After that, do you have an old file server that you need to migrate? No worries. Data migration does not have to be a large ordeal. Most orgs can speed this up simply by making two choices that simplify life greatly:
- Adopt modern applications such as OneDrive and Teams; this will make it easy to store documents and find/share information with other individuals or groups of people (without relying on email).
- Bring along only those datasets which you really need to work with over the next 2-4 weeks; this allows people to get up and running quickly in the cloud—migration of “dead data” that hasn’t been accessed in over a year or more, we believe, is often best avoided.
Note, we do have tools that will help migrate other “bulk” datasets into the cloud, as needed. Most of the time, this means doing an intake to discover which files are most important, and where those files should land cloud-side, as well as putting parameters around it (only content modified within the last 12 months, for instance). Now with your data in the cloud, you can access it anywhere and from any device using the web, the OneDrive client, or other modern apps such as Teams.
Step 4. Continue to fine-tune security
Rome wasn’t built in a day, and you can’t eat a five-course meal all at once. Just get started with those three steps above, and start moving through this list after those are completed, at your own pace. There are a lot of capabilities packed into this subscription! Don’t worry. If you were able to upgrade to Windows 10, get your devices enrolled and protected, and your data migrated, then you’re doing just fine. And it wasn’t that hard, was it?
When you’re ready to take security a step further, I would suggest enabling Advanced Threat Protection as soon as your timetable allows. This product helps to protect our people against phishing, zero-day malware and other threats.**
Next, turn on Azure Information Protection. AIP empowers users to protect emails and documents using the concept of a sensitivity label. For instance, documents labeled as Confidential cannot be shared outside of the organization, even accidentally. Why? Because the label encrypts the content. You can also create custom labels which allow you to share with more constrained groups of people (e.g. Finance department eyes only) or even outside/external users (e.g. partner organizations).
Moving on, we can setup Single Sign-On (SSO) to third-party SaaS apps, which means better sign-in experience for end-users, as well as better visibility and control over the apps. You might even want to look at other add-ons like Microsoft Cloud App Security to extend this visibility and control even further.
And it won’t stop there. As you get more comfortable with this new software bundle, you’ll find more features and pieces that could potentially apply to your organization. Plus, other products are sure to be released into the bundle in the future (as we’ve already seen this happen over the last year or so).
If you need help moving down this path and planning out any of the steps described here, don’t hesitate to contact your sales rep or reach out to us for more information.
Thanks for reading! And here’s to the future—Cheers!
*In order to get Conditional access, the Business plan requires Azure AD Premium P1, at the time of this writing. This feature is already included with the Microsoft 365 Enterprise plans E3 and E5.
**Advanced Threat Protection is included with Microsoft 365 Business and E5, but not E3. It is available separately as an add-on however.
***Microsoft Cloud App Security is an add-on to any subscription, and is included only with E5