In this post, I’ll discuss one of the hottest subjects that my customers want to learn more about; Microsoft 365.
Complete User Management
What is the function of It when it comes to enabling end users to contribute to the organization? Our job is to:
- Provide them with the tools that they require
- Aid employees as required
- Protect the assets of the company
All too often, IT departments view each component of each of those functions as different tools. That started to change with Office Servers. When we combined Active Directory with email (Exchange Server), we realized that we could have a smarter communications system that understood us and our intentions. Along came Lync Server and SharePoint server and we not only communicated, but we collaborated as dynamic teams, not just as loosely coupled co-workers.
In response to external threats, Microsoft created a cloud alternative to Office Servers called Office 365. This was a game changer – now we can all have the latest version of Exchange Online, SharePoint Online, Skype for Business, and many other features were added such as Teams, Office Groups, Flow, and the Office suite on our devices. By being in the cloud, we can access those services from anywhere, with the knowledge that the smartest IT security minds in the business are protecting our data while it is in the cloud.
But that was just one part of the toolset. There are other requirements, such as provisioning and protecting devices, and securing those devices. We have tools for that, but often those are traditional corporate tools. Many corporations and small businesses don’t do the “corporate device” anymore, and end users are bringing their own laptops, phones and tablets to the office because those are the tools that work best for them. How do you provision such machines?
Threats have changed too. With mobility being a reality, users live outside of the edge firewall, not that blocking ports does much good anymore! We need a more intelligent protection of assets from today’s form of attack: identity theft and zero-day malware.
Bringing Solutions Together
When addressing those needs, we’ve cobbled together an unconnected collection of tools. We’ve forgotten that Active Directory provided us with the glue for a smarter system. Users need simple solutions with easy-to-use security – easy for the user is best because resistance by users will kill security. When Active Directory is coupled (by Azure AD Connect) with Azure Active Directory (Azure AD), we can create a single identity across the organization, the management tools, and potentially 3,000 third-party cloud solutions come under the control of corporate governance & control.
All of Microsoft’s cloud solutions are powered by Azure AD, and that means that a customer can have a single pane of glass for enabling users and securing company assets. Microsoft has been selling these tools for years, and adding to them with internal development and acquisitions. Quite honestly, some of these tools have been completely unknown to many Microsoft partners and customers because the Microsoft portfolio is huge. Microsoft realized this and decided to simplify things by offering two integrated bundles to customers under the banner of Microsoft 365.
The goal of Microsoft 365 is to bring together the following in an easy to understand and deploy package:
- Productivity (Office 365)
- Provisioning of devices
There are two versions of Microsoft 365 depending on the size or regulatory/business needs of the customer:
- Microsoft 365 Business: A plan based on Microsoft Office 365 Business Premium that is suitable for organizations up to 300 users.
- Microsoft 365 Enterprise: Based on Office 365 E3 and Office 365 E5, for larger organizations, and/or companies with specific regulatory requirements.
Microsoft 365 Business
If you work in the small/medium business sector, then this is the package that you will probably be interested in – you might opt for the Enterprise SKUs instead if you need some of the management/security/auditing/compliance features that it offers.
Office 365 Business Premium offers a large set of functionality, including Microsoft Office for PCs& Macs, phones, and tablets:
- Exchange Online with 50 GB mailboxes
- 1 TB of OneDrive for Business per user
- Skype for Business
- Microsoft Teams
There are many more smaller services such as Planner or Booker that can add great value to a business.
But Office is just the start! With Microsoft 365 Business you also get:
- Device management: Single console user/device settings management, self-service PC configuration via AutoPilot, and automatic deployment of Microsoft Office to Windows 10 PCs. Note that this management is not Intune as has been commonly and incorrectly reported.
- Security: Centralized management of Defender on Windows 10, and the ability to secure company data across devices.
If you want security then you’ll want the latest version of Windows. An upgrade to Windows 10 from Windows 7 or 8.1 Pro is included in Microsoft 365 Business.
Microsoft 365 Business is now available for companies with less than 300 users.
Microsoft 365 Enterprise
Being based on Office 365 E3 or E5, one can tell that Microsoft 365 Enterprise is intended for organizations that require more control and security. All of the features of Office 365 Business Premium are included, but one gets more, including:
- Office 365 Pro Plus
- Skype for Business Broadcast (10,000 attendees)
- eDiscovery & Legal Hold
- Classification, retention, and deletion policies.
- And more.
Note that the E5 SKU of Microsoft 365 Enterprise includes Office 365 E5. This adds:
- Power BI Pro
- Exchange Online Advanced Threat Protection (zero-day malware scanning)
- Office 365 Cloud App Security risk assessment
- A cloud-based PBX phone system
For management and security, Microsoft 365 Enterprise includes the Enterprise Mobility + Security (EMS) suite, with the E3 and E5 SKUs being available:
- Intune: Device management for PCs, phones, and tablets, software deployment, policy management, and secure selective wipe of personal devices.
- Azure AD Premium: Take control of identity across all services, enable multi-factor authentication, self-service password resets/group management, and much more.
- Advanced Threat Analytics: Detect unusual patterns of behaviour in your on-premises network.
- Azure Information Protection: Protect company data using templates/policy no matter where those documents go.
- Cloud App Security (E5 only): Assess third party cloud service usage, and enforce data policies.
Security systems would be useless without a secure endpoint, so Microsoft includes Windows 10 Enterprise in this bundle. Windows 10 E3/E5 offer the best Defender features (build 1709) for protecting a company against attacks against today’s entry point (the PC instead of the firewall), leveraging new pattern behaviour and AI-powered systems and hardware offloads to detect/contain threats against the business.
Microsoft 365 Enterprise is available today.
From a customer’s point of view, Microsoft 365 makes life easier. One bundle covers so many things and offers a lot of value. From a system integrator’s/partner’s point of view, they can have a single conversation with a customer to enable productivity and to protect the business. Not only that, but the customer is getting a lot of value for less than the sum of the total parts. Microsoft 365 offers an integrated solution to enable & protect employees and mobile company assets, that should provide 365 degree support against a new world of threats, that empowers the user instead of restricting them.