Why Microsoft 365?
In our previous post, we described four distinct pillars in the Microsoft 365 bundles:
- Office 365
- Windows 10
- Device Management
- Security and Compliance
Most of us are already familiar with Office 365, which is all the software and services like Email, file sharing, chat, and so forth that we work with every day–the productivity suite. Many of us think we understand what Windows 10 is, but let’s dive deeper into each of the latter three listed above, so that we can have a clear picture of why you may want to consider the Microsoft 365 bundle upgrade, rather than relying only on Office 365.
Let’s talk about Windows 10–as a subscription? Yes. You read that correctly. Windows 10 can be purchased as a subscription. When you connect a Windows 10 Pro device to a Microsoft 365 licensed account, your edition will change from Windows 10 Pro to Windows 10 Business, or Enterprise (depending on which SKU you purchase). The edition distinction opens up new capabilities that can only be switched on and managed from the cloud.
Instead of joining a Windows 10 device to your local Active Directory domain, alternatively, you can join it to your “Azure Active Directory” domain, which is the domain that exists in the cloud to support all of your existing Office 365 apps and data. That means you can sign-in to your device using your Office 365 email address and password (and second factor if you have that configured).
This relationship renders the local on-premises Active Directory almost irrelevant unless you still need to support some legacy Windows Server-based applications. If you are still in a hybrid configuration (both on-premises servers and cloud-hosted apps), have no fear: you can also “hybrid-join” your computers to both domains.
Additionally, the Windows 10 cloud subscription license qualifies you for an upgrade from Windows 7, 8, or 8.1 Pro (not Home editions). So this can be an excellent way to help your organization make that transition to a modern Windows 10 OS if you haven’t already.
Last, the Windows 10 license included with Microsoft 365 entitles you to something new and snazzy called Windows Virtual Desktop–this is a virtual instance of Windows 10 that runs in Microsoft’s Azure cloud. The reason you might consider taking advantage of this service is if you still have some kind of “Windows Server” dependent application.
If you no longer want to run a server on-premises to host this legacy application, then you can run it in the cloud instead. Therefore, to connect to that cloud-hosted server, you would use your Windows Virtual Desktop. You can also stream the application from this virtual desktop in the cloud, right to your local PC. This technology has reached a pretty decent level of maturity, to the point where it can be difficult to tell the difference between this experience and a local application.
Microsoft 365 includes Device Management, also known as Intune, which can be used to effectively manage Windows, Mac, iOS and Android devices–and all from a single interface. Most small businesses have a mix of both company-owned devices, as well as personal “Bring Your Own Devices” (BYOD) in their environment. Intune provides us the flexibility to manage each differently–giving users a choice between how they interact with company resources, while still allowing the organization to protect and control their digital assets and data.
This new cloud-based Device Management is like Group Policy 2.0–if you don’t know what that means, let me put it to you this way: You never have to reconnect your devices to the local company network in order to get updates or refresh your settings–so you can always stay in sync with the company wherever you roam.
Security and Compliance
As you should be well aware by now, very few of the traditional mechanisms that we have relied on for security in the past apply to a 100% cloud-based business. Firewalls, antivirus, and so forth may still be necessary, but they can only take us so far, and they will only protect our users and endpoints under a few limited circumstances.
Therefore, in a cloud-centric subscription, you will need to rely on different kinds of protections than what we had in the past. One that probably everyone is already familiar with is Multifactor Authentication. MFA requires end users to provide another step of identification beyond a password (e.g., a text message or mobile app notification).
Other add-ons, such as Azure Information Protection (AIP), are focused on protecting data. AIP allows us to classify and label sensitive documents and emails–encrypting them and applying rights that follow the data around no matter where it is stored. When you label a document or email, whether it is sent to an Office 365 location or a third-party location such as Gmail or DropBox, the information will remain encrypted, and will not give up its secrets, unless the recipient is authorized to view the document (they would need to sign-in to read it). This technology also works on Adobe PDF files!
And it doesn’t stop there. Microsoft 365 includes powerful archive and retention policies–not just for Exchange (email) data, but all Office 365 data. Using retention, we can control preservation of emails and documents–this means even deleted data remains searchable and discoverable during the preservation timeframe. We can also automatically sunset (permanently delete) data that is older than a specified period of time (from the date created or the date last modified). This technology is compliant with SEC rule 17a-4, also known as WORM compliance.
And it doesn’t stop there, either. More advanced security software packages have been bundled in to protect endpoints and applications. For example, Office 365 Advanced Threat Protection (ATP) enhances email security with Anti-phishing protections and AI-driven zero-day malware detection technology. We have seen this product stop real threats numerous times–everything from bad web links, dirty attachments, and even spear-phishing attempts. It is available as an add-on of course to any Office subscription, but Microsoft 365 Business and Enterprise E5 will include it for you as part of one low price.
And that’s not even all of the security and compliance enhancements you get.
So as you can see, there’s a whole lot more than productivity apps bundled into Microsoft 365 plans. The capabilities we have here far surpass anything we can provide in a legacy, on-premises Windows Server infrastructure, at least for the price.
Very astute readers here may notice some overlaps between Office 365 Enterprise plans and these Microsoft 365 bundles. Yes, that is true. Azure Information Protection, for instance, is included in both. However, even the Microsoft 365 Business subscription gains you far more in the way of security and device management than Office 365 Enterprise E3 does, and yet those two bundles are the exact same price.
Therefore, the economy of buying the Microsoft 365 suite as a complete bundle over and above Office 365 is clearly relevant to many small and mid-sized businesses who are trying hard to manage technology spend. In other words, changing out your licensing does not necessarily have to break the bank, either.
Besides, the reality is: this is the direction that we’re moving as a digital, cloud-first and mobile-centric society. The cloud broke open our old paradigms and replaced them with something altogether new. Microsoft 365 is an end-to-end security, management, and productivity framework–all integrated as one solution. I believe that if your business runs primarily on Microsoft Windows and Office products, this is the SKU that most of us are going to gravitate toward over the next year.
We’ll talk more about what the migration path and options look like next time, and then discuss how you can get started on this journey.