(This guide now may be out of date)
At Network Fish we love the details and tiny components that make efficient IT such an enjoyable challenge for us. Yes, we are a little nerdy! In order to showcase our love of tech, we present our Ultimate Guide to Office 365; from Sharepoint to Skype, Excel to Exchange, and Security to Subscriptions, our 15,000 word virtual bible presents everything you’ll need to know about the world’s largest software platform.
Productivity boosting software simplifies, accelerates, and automates daily work processes. As part of the mission, the software enhances communication, facilitates collaboration, promotes work organisation, tracks jobs, and visualises workflows for better understanding. Office 365 has set the global standard for productivity software enabling countless organisational entities to work faster and smarter every day with productivity services and applications which are now bundled with the traditional Office suite, forming Office 365.
Microsoft has joined the IT industry proponents who embrace the Cloud model for software and services and by doing so, it made Office 365 available as a subscription-based software pack for Windows and Macintosh. When individual or business users subscribe, they get free automatic updates, the ability to install the software on up to five computers, tablets, and phones. Office 365 stores data in the cloud by default, so teams can access their information and collaborate from any connected device.
However, there is also Office 2016, providing users with the traditional software experience. It includes the Microsoft core software suite, with one copy required for each PC or Mac. Rather than purchasing this software as a subscription, users pay once for it. To get future major version releases of the software, Office 2016 users must buy a software upgrade.
Purpose and scope of the guide:
The first part of this guide will define the Office 365 product and discuss its components and their essential features. Readers will also find a short history of the evolution of the Microsoft Office that will help them understand the present position of the product. A review of the name changes and revisions made to Office components in the 365 version will help readers avoid confusion.
This section also provides an overview of everything Office 365 offers, so that users can evaluate their needs and choices. Many Office 365 subscription options exist, so readers will find an overview of available plans, how the subscriptions management system works, and how to take advantage of the available free trial period. Readers will also find step-by-step instructions for using Office 365 applications to boost their productivity.
The second part of this guide covers technical aspects of the Office suite. Besides discussing built-in data security, user and administrator controls, and customisable features, the section will discuss identity management, data loss and its prevention, archiving, eDiscovery, utilisation, and which Office version to choose.
At the end of the second section, readers will learn about the various types of Exchange environments along with an evaluation of their advantages and disadvantages. Information about Exchange setup and migration will also receive coverage. Microsoft Outlook, a component of the Office suite, does not require the use of Exchange, but many businesses either already have it installed or have an interest in deploying it.
Throughout, this guide will inform about real life choices, restrictions, and potential problems readers might encounter while using Office and respond to those factors with recommendations and helpful information.
PART I: Familiarisation with the Fundamentals
In Chapter 1, we will start off by introducing the apps and services and their roles with useful tips on managing Office apps and features. In Chapter 2, there will be a familiarization with the course of changes to Office 365 since its original introduction, services that were rebranded, changed, new and upcoming 2016 versions of Office components. In Chapter 3, we will provide an overview of subscription plans with guidance on choosing a plan, managing subscription, and, finally, in the last Chapter, we will cover each Office 365 component’s prominent features with detailed instructions on how to use them to boost productivity.
Chapter 1: Managing Office 365 Apps and Features
The advent of the cloud computing era is exactly what the Web 2.0 era had in mind when it came of age in the early 21st century. It was only a decade ago when Web developers dreamed that computer users would be able to access applications as powerful as Microsoft Office from virtually any Internet-connected device. That day has arrived; nonetheless, there are still functional reasons that call for a desktop and cloud version of the world’s most popular productivity suite.
Tech giant Microsoft released its latest Office version in September of 2015. Microsoft Office 2016 is a powerful productivity suite designed to take maximum advantage of the Windows 10 architecture, which means that it can run on multiple hardware platforms while at the same time allowing users to collaborate on projects via the cloud and Office 365.
The new Microsoft Office releases may be a little confusing to some users. Whereas in the past Microsoft Office was a software suite for desktop and laptop computers, these days there are a few versions that interact with each other. A couple of years ago, Microsoft introduced Office 365 as an upgrade to Office 2013, which had to be downloaded and installed; the novelty was the release of a cloud technology that allowed online storage as well as the ability to create and edit documents across different platforms.
The initial cloud functionality of Office 365 in 2013 was somewhat limited, but it was successful in giving users a taste of the current Microsoft Office ecosystem, which became fully mature and interactive in 2016. The current Office flavours are:
Microsoft Office Mobile: A set of free apps developed for the major mobile platforms, including Android, iOS, Windows Phone, and Windows 10 (mobile). Needless to say, the best experience of Office Mobile is on a Lumia smartphone powered by Windows 10, for it can truly interact and sync with Office 2016.
Microsoft Office Online: A set of free cloud apps that do not require installation and can be accessed from any Internet-connected device equipped with a modern browser. These apps do not offer the full Office 2016 experience, but they do a good a job in terms of viewing and editing. Naturally, Office Online is best experienced on Windows 10 running the new Microsoft Edge browser.
Microsoft Office 365: A platform of software apps, services and technologies that can either be purchased and installed or accessed by means of a subscription. In 2015, Office 365 was upgraded to allow access to Office 2016 home users. At one point, the value-added services of Office 365 made a subscription attractive mostly for business users; however, the various plans these days make it also ideal for students, casual users, and enterprise-level players.
Microsoft Office 2016: This is the latest and most advanced version of the traditional office suite, which can be installed on various Windows 10 devices and used in conjunction with Office 365 subscriptions and any other Office version, including legacy suites. Some of the powerful new features that make Office 2016 a must-have include:
- Integrated communication
- Real-time collaboration
- Advanced version history editing
- Intuitive interface
- Advanced themes
Office 2016 Apps
It is important to understand that Office is no longer a software suite; it is rather a collection of apps, services and technologies that can boost productivity at all levels. Calling Office a technology platform or an ecosystem is more adequate, particularly when combined with an Office 365 subscription. True to its roots, Office kept the core apps:
Word: The most popular word processing tool in the world is still used for the creating and editing documents that primarily consist of text, graphics and tables. The ribbon menu that was introduced back in the Office XP days is still there, but it is now more intuitive and includes new features such as Tell Me and Smart Lookup, which make the ribbon less intrusive. Although real-time collaboration is possible in all the core Office applications, it works better in Word. Basic sharing and editing is possible through Office Online; advanced real-time collaboration by various authors and teams requires Office 365, SharePoint or OneDrive for Business.
Excel: Another staple of the business computing world is Excel, the ultimate spreadsheet and data analysis application. The Office 2016 features that make Excel a great app include: the new Forecast function that automates projections through various standard models, Power Pivot makes it easy to import data and play with variables, Power View simplifies the creation of user-friendly dashboards, Power Map provides powerful geolocation and mapping tools, and Power Query automates the Power Pivot processes.
PowerPoint: Virtually any document created with Office apps can be formatted in a way that allows quick showings. When a formal presentation to an audience is required, PowerPoint is still the most reliable application. Two new features that stand out for PowerPoint 2016 include Designer and Morph. The former allows the application of themes, formats and styles to spruce up and polish presentations while the latter is a tool that enables the import and creation of 3D animations.
OneNote: Online notepads and scrapbooks that allow synchronisation and sharing are all the rage these days; however, OneNote is the original enterprise-level notebook application, and the latest version allows the capture and storage of just about any data, from digital audio to online video and from file attachments to embedded Office 2016 objects. The ability to create group notebooks that can be shared via OneDrive and Office 365 makes OneNote ideal for business projects handled by various teams.
Outlook: When a business user logs into the Office 365 or 2016 portal, the first action he or she is bound to take will be to tap or click on the Mail tile to be taken to Outlook. This legendary application can be used for more than just email communications; it can be used to manage work calendars and contacts as if it were a basic Customer Relationship Management (CRM) tool. Setting up Outlook for enterprise use is as easy as connecting the app and its folders to OneDrive for Business or SharePoint; any files saved in these two cloud services can be given access through Outlook messages in the form of a link with access permissions.
Publisher: When business users need to create and distribute stylish documents with flair for the purpose of making a certain impact, the Word app may come up short. Fancy brochures, newsletters, memos, storytelling letters, printable calendars, and other attractive documents can be easily created on Publisher.
Access: Similar to Publisher, this application is only available in the Professional Edition of Office 2016. With Access, users can collect and manipulate data applying the rules and functions of Visual Basic and relational database engines.
Office Online: Just about anyone with a Microsoft account can take advantage of Outlook, Word, Excel, PowerPoint, and OneNote via Office Online. The features are limited, but they can be upgraded to a certain extent with an Office 365 subscription. When using Office Online, users can store and synchronise documents and projects with the OneDrive application, which was previously known as SkyDrive. Ideally, Office Online should be accessed from a Windows 10 device running the Edge browser.
Microsoft Office Communications Services
Office business users will have access to the following services, depending on the version and the Office 365 subscription level:
Yammer: This is a social networking application that can be setup for a business organisation. When Yammer is integrated with SharePoint, it can be used to create teams for remote project collaboration.
Skype: Microsoft Lync has been replaced with Skype for Business, an application that fully integrates with Office 2016 so that PowerPoint presentations can be displayed. Additionally, Skype for Business enables videoconferencing with whiteboards and file transfer. Advanced users can set up Skype as a full VoIP solution for the office.
Exchange: Enterprise users who need a unified solution for hosting and business communications should consider Microsoft Exchange for Office, which offers a robust online architecture that makes it possible for users to set up a Client Access Server environment that uses the cloud for support. Once Exchange Server 2016 is installed, enterprise administrators have three set-up choices: Mailbox Server, Edge Transport and Hybrid Scenario. To a certain extent, these choices can be combined to meet the communications and organisation demands of each company.
Advanced Cloud Storage and Collaboration
Although users can get a lot done with OneDrive, the ideal situation for business users is to upgrade an Office 365 subscription to gain OneDrive for Business for maximum storage, synchronisation, collaboration and control. For even more features, SharePoint enables business users to either leverage the cloud or setup an internal and secure platform for storage, organisation and collaboration through private browser sessions. With the right SharePoint configuration, enterprises that handle sensitive information can even check to see if there have been attempts by unauthorised members to access folders or documents.
Delve, Power BI and Dynamics CRM are special, third-party services offered through appropriate Office 365 subscriptions. These services provide value-added content and functions such as: data visualisation tools, advanced dashboards, social insights, productivity tools, modules to record client interaction, call centre scripts, operational performance metrics, and more. In the specific case of Dynamics CRM, the Office 2016 version integrates tightly into Outlook and offers even more functions through the Microsoft Cortana personal assistant. With Cortana and Dynamics CRM, business users can increase the automation level of their sales processes to make them more effective and less exhausting; essentially, tasks such as setting up a follow-up phone call or as reminder to review a client file can be accomplished with easy voice commands.
Whereas SharePoint offers BitLocker technology at the platform level to provide security and privacy, the Office 2016 Customer Lockbox is specifically designed to keep content safe on a personal and individual basis for every client and customer. For company-wide security management, Azure RMS can be installed to enact office policies to define levels of access and interaction. The advantage of Azure RMS is that documents remain protected and encrypted across devices even when they are sent outside of the organisation. Once Azure RMS is configured, all files and messages are automatically protected with defined encrypted libraries; furthermore, administrators can follow the path of documents as users handle them to see exactly who opened or edited them.
Office 2013 introduced the concept of using PowerPoint to deliver presentations to remote audiences online. The Office Presentation Service is free to anyone with a Microsoft account, and it is very easy to use. For Office 2016, Microsoft has gone beyond PowerPoint in terms of presentations. Since Office 2016 puts the mobile and cloud computing paradigms at the centre of the user experience, it is easy to understand the idea behind Sway. This hybrid app/service will probably replace PowerPoint as the standard in digital presentations. With Sway, the concept of delivering a presentation one slide at a time is replaced by a storyline. This new presentation concept allows real-time collaborations within projects that are always in the cloud. Sway presentations are delivered to just about any Internet-connected device that has a modern browser installed. Skype for Business also offers a presentation service that is more professional in form and execution than simply sending a PowerPoint show file by email. A microphone is required to deliver a PowerPoint presentation via Skype for Business; in Office 2016, the show can be scheduled from the actual file, and the audience members can be invited by name or telephone number. Similar options are available for Sway, which can be used for simpler, but more colourful and stylish presentations.
Visio: Rarely found in Office 365 plans, but purchasable separately, Microsoft Visio is a professional diagramming tool which can also be used to display and present almost anything with its capability to create 3D floor plans, organizational charts and anything in-between. It offers a myriad of smart shapes, pre-crafted diagrams, import of shapes or live information from external resources, e.g. Excel, as well as a quick import option, through which Visio identifies the given data, imports it, links it to shapes, applies graphics and converts diagrams into dashboards for real-time monitoring. Additionally, it works in browsers, across devices and others can add comments via SharePoint.
Organisation and Management Services
Zoom: Just before Office 2016 was released, Microsoft acquired Equivio, a developer of eDiscovery solutions. The Equivio Zoom platform for analytics and predictive coding is now part of Office, and helps users with data management, especially regarding legal case documents. Equivio Zoom can search and analyse data from Exchange, SharePoint, OneDrive, Skype and Outlook to help analyse unstructured data, identify redundant data and collect data relevant to cases, which can be exported out of Office for review. Equivio Zoom employs machine learning and gives users a great degree of control over data while displaying analysis functions such as structured data, theme organisation, relevance, and Boolean logic.
Project: Designed to assist project managers, Microsoft Project serves to develop plans, add tasks, assign resources to them with estimates, progress tracking, resource capacity forecasting and much more. It supports agile and waterfall methodologies and integrates with Visio and SharePoint. Project can be purchased separately and it also has an online version which has limits, but can be run anywhere from a browser.
Chapter 2: Navigating Office 365 Changes
The Road to Office 365
As the most comprehensive enterprise productivity solution in the market, Office 365 is the culmination of a series of efforts launched by Microsoft over a ten-year period. While many people believe that the 2010 release of Office 365 was in response to Google Docs and other Web 2.0 productivity solutions, Microsoft’s work on advanced hosted applications dates back to 2004.
Office 365 started with Exchange and the Windows Live paradigm. At one point, Microsoft offered Office Live Small Businesses, which was a combination of cloud email and hosting services. In 2010, Microsoft had observed Google Apps and Google Docs long enough to realize that the time was ripe to target enterprise customers with the Business Productivity Online Suite, which included Exchange, Sharepoint, Live Meeting, and Lync.
The initial versions of Office Web Apps were better than Google Docs, but they lagged significantly in comparison to the desktop version of MS Office. By 2013, however, Microsoft was ready to deliver Office 365 services that would put them far in front of Google. With the release of three subscriptions plans for various business needs, Microsoft added powerful features such as SkyDrive, eDiscovery, Yammer, and Power BI.
In preparation for Windows 10 and Office 2016, Microsoft upgraded and re-branded its services to match the cross-platform, app-driven, cloud computing paradigm of the 21st century. These days, Office 365 is a cloud platform that forms part of a business ecosystem, and its evolution has taken place as follows:
From Office Web Apps to Office Online
In the past, users had to login through SkyDrive and create or upload a document with Office Web Apps. These days, users can go directly to www.office.com and select the app they wish to work with: Word, Excel, PowerPoint, OneNote, Outlook, Sway, or Calendar. Documents can be uploaded or they can be edited directly from Outlook messages.
From SkyDrive to OneDrive
A brand name conflict with the British Sky Broadcasting Group prompted Microsoft to change the name of its cloud storage solution to OneDrive. The renaming was not the only change; the amount of storage was adjusted for free users and subscribers, thereby keeping up the competitive spirit against rivals such as Google and Dropbox. Some of the neat features added include automatic backup of mobile photo albums, advanced sharing functions, and the ability to jump to Office Online to manage documents. Office 365 users can get up to one terabyte of storage with subscription plans.
From Lync to Skype for Business
The app and service formerly known as Lync quickly became favourites among business users after being released to the enterprise world a few years ago. Lync was built on the Skype platform, which Microsoft had smartly acquired years ago. All the great features of Lync were transferred to Skype for Business, which adds new functions such as integration with desk phones, an intuitive interface, advanced call administration, and more. Overall, Skype for Business is a better app for video conferencing and for managing call centre teams; however, nostalgic users who miss the Lync chat features can switch back to the old interface.
From Outlook Web App to the New Outlook
Office 365 subscribers were the first to get a glimpse at Outlook on the Web, which has a few new features that are somewhat reminiscent of what Google Wave used to be. One of the most powerful new functions is the opportunity to be able to reply and edit an Office document simultaneously and in real-time. Online images can be dragged and dropped instead of being attached, and the new Sweep command can quickly organize batches of messages based on set rules and previous behaviours.
New Office Apps
Office 365 offers more than just upgrades; two new apps and a special browser extension make this enterprise ecosystem more useful and functional.
Sway: This new app is a cloud-native solution inspired by PowerPoint and OneNote. Sway is a new way to easily collaborate and create; it allows users to come together and create more than just documents. With Sway, business teams can tell engaging stories about projects, proposals, reports, statements, etc. This born-mobile application allows users to clip and collect content from a variety of sources. Sway can handle anything from digital photos to MP3 files and from PDF documents to spreadsheets. Thanks to responsive design, the content is neatly arranged automatically and ready to be displayed on just about any Internet-connected device. Sway is not a replacement for boardroom presentations; that is still within the realm of PowerPoint, but it is a welcome addition to Office 365.
Google Chrome Extension: Although the best Office 365 experience takes place within the new Microsoft Edge browser running on Windows 10, users are not limited to this particular configuration. Office 365 can be accessed from just about all modern browsers, and it performs quite well on the popular Google Chrome. To this effect, Chrome offers direct browser support for MS Office files; moreover, once the Office extension is installed, users can also create documents and even access their OneDrive accounts. With this extension, Chrome first opens Office documents in a secure sandbox environment to ensure that they are free of malware.
Planner: This new app is something that MS Office users have been clamouring for. The Office 365 Planner vastly improves the actions of setting up Outlook reminders and organizing calendar items. With the new Planner app, users can invite friends and business associates to work together on new projects. Planner is very visual and powerful; to a certain extent, it is similar to MS Project but not as technical or rigid. This app breaks down complex tasks into boards, cards and buckets that can be arranged and labelled in many ways. Documents created with Office apps can be easily integrated into Planner, and dashboards are automatically created to quickly get top-level updates.
Office 365 and the New Office 2016
To fully experience every effort that Microsoft has put into its premier enterprise productivity solution, the best setup would include an Office 2016 license running on Windows 10 plus a subscription to Office 365 accessed through the Edge browser and on Lumia mobile devices.
Office 2016 users will notice that the desktop versions of the core apps are far more advanced than those offered at www.office.com even with premium subscription plans, and this is because developers are able to take advantage of hardware and operating system improvements that are not yet available for the cloud. Still, Office 365 inspired two major new features found in Office 2016: Tell Me, which is an advanced help and support system that works with queries, and Smart Lookup, which can intuitively bring information from the Web into documents.
Other major Office 2016 advances include:
Outlook 2016: The Office 365 Groups can now be accessed from desktops, laptops, tablets, and smartphones through respective apps, and integration with OneDrive files is seamless thanks to features such as Edit and Reply, which allows users to work on Office attachments at the same time they are composing replies.
Excel 2016: It is widely known that Excel gets smarter and more powerful with each new version of Microsoft Office, and this is particularly the case with Office 2016. Data visualization is more prominent in this version thanks to new chart types such as histogram, treemap, hierarchy, and others. The former Power Query add-in module is now a standard function named Get and Transform, which allows advanced data analysis. The Power BI data modelling service can be integrated from the desktop or from Excel Online. With the new Calendar Insights template, users can track their time and work efforts through a dashboard that they can pivot in order to create time scenarios for better productivity.
Visio 2016: The most powerful new feature of this diagram and flowchart app is that data can now be easily incorporated into projects with Quick Import. This smart wizard interprets data from various sources and assigns shapes as the information is being imported with a click; once this is accomplished, dashboards can be easily created to manipulate the data and change graphics around. Information Rights Management is a new feature that makes collaboration more efficiently by controlling how much information and access can be assigned to various individuals.
Project 2016: Although Microsoft now offers the Office 365 Planner for the creation and administration of planned undertakings, Microsoft Project is still one of the most sought-after software tools for project managers. Some of the new features included in the latest version of this app include: integration with the Tell Me Office query, a new way to establish agreements between the project manager and administrators, and an improved timeline view that allows pivoting of dates for outcome scenarios.
Exchange 2016: The new version of Microsoft Exchange assumes that users will be more inclined to access their mail and calendars via Web browsers. To this end, it is more cloud-centric as it simplifies the Mailbox Server roles and provides an Edge Transport feature. In terms of compliance, administrators can install and set internal rules to enable retention, indexing and permanent archival for eDiscovery purposes. Exchange 2016 includes BitLocker support for data protection.
Power BI: Microsoft has completely revamped the Power BI service, calling it a “new experience” that users must migrate to if they were subscribed to Power BI for Office 365 in 2015. The new service is no longer dependent on SharePoint; it focuses on the collaboration groups created in Office 365 and allows editing of spreadsheets from outside the Power BI website. Dashboards and reports can now be viewed from iPhones, iPads and Android-powered devices, but the mobile experience is always better on Lumia devices running Windows 10. The Power BI Pro version is extremely comprehensive as it includes SQL SAS and Azure connectivity, custom creation of data, grouping, and data streaming.
SharePoint 2016: Contrary to what some analysts had predicted, SharePoint is hardly going away; in fact, the new version provides greater functionality and seamless integration with Office 365. The new SharePoint resides and operates in the cloud and it can be easily accessed from mobile devices. The collaboration experience has been enhanced, and the roles assigned to users are automatically made compliant across all servers. SharePoint now works with OneDrive for site storage.
OneDrive: Free cloud storage quotas have been reduced to 5 GB; a new 50 GB plan will soon replace the 100 and 200 GB plans, but will not affect current customers. Now that OneDrive integrates with SharePoint, users can manage their sites from within, and they are no longer limited to managing files and folders; they can also create libraries according to access policies.
Yammer: Enterprise social networking is the way to do business in the 21st century, and the Yammer platform is the most ideal for this purpose. In 2016, the new focus is on creating teams derived from Office 365 groups, which means that users will now be able to sign in with their Office 365 accounts. Internally, Yammer features indexing and archival features for the purpose of compliance and eDiscovery. Real-time collaboration and access to feeds has been improved, and file sharing is not limited to OneDrive; files can also be shared via Dropbox. Yammer is now a service that is fully integrated with OneNote and Outlook.
Chapter 3: Choosing a Subscription Plan
Microsoft Office 365 – Current Subscription Plans
Choosing the right Office 365 subscription entails reviewing what the level of service and the features that each plan has to offer. The plans are arranged within three main groups: Home, Education and Business. The Home group includes two plans: Home and Personal; the Business group has plans for Small Business, Enterprise, Government, Nonprofit, and Kiosk.
Home Group Plans
The Office 365 Home plan is ideal for users who wish to share the apps and services with members of their household. In early 2016, pricing was set at £7.99 per month; the annual subscription offered a 16 per cent savings for £79.99. Prospective users can also use their credit cards to try this plan for free during one month. The apps included are: Word, Outlook, Excel, OneNote, PowerPoint, Publisher, and Access. The services include 1 TB of cloud storage on OneDrive, as well as Skype with 60 minutes per month. This plan grants access to apps and services for five desktops, laptops or mobile devices.
The Personal plan is for individual use. It includes full installation of Word, Outlook, Excel, OneNote, PowerPoint, Publisher, and Access in one desktop or laptop in addition to one smartphone and one tablet. Services include: OneDrive cloud storage up to 1 TB plus Skype with 60 minutes per month.
Education Group Plans
The Education plans are for academic institutions; as such, pricing will depend on the number of teachers, students and school staff members that will need access to the apps and services. The plans include the following Office Online cloud apps: Word, Excel, PowerPoint, OneNote, Sway, and Outlook. Depending on the level of subscription chosen, the Education plan may include services such as Skype, eDiscovery, Rights Management, OneDrive, social networking through Yammer, SharePoint third-party app support, and HD video conferencing. The academic volume licensing can be managed so that credentials expire when teachers and staff members no longer work at the school, and also when students graduate or transfer. The Office Online apps and services can be accessed from mobile devices, and full Office 2016 apps can be installed on up to five desktops in each school.>/p>
Business Group Plans
The three main plans in this group are: Business Essentials, Business, and Business Premium. The Essentials plan is the most affordable at just £3.10 per month with an annual commitment, and it includes Office Online access, 1 TB of OneDrive storage, Outlook mailbox with 50 GB of cloud storage, and video conferencing. The Business plan offers a full installation of Office apps on one desktop plus one smartphone and one tablet plus 1 TB of OneDrive storage for £7.00 per month, but it does not include email. The Premium plan includes fully installed apps plus an Outlook mailbox with 50 GB of cloud storage, video conferencing, and 1 TB of OneDrive storage for £7.80 per month. Business plans allow the porting of an existing domain name, and the subscriptions can be combined so that some employees can use Essentials while others use Business or Premium. Certain services such as Skype for Business, Yammer, eDiscovery, and others can be added as needed.
The Office 365 Enterprise plans include ProPlus, E1, E3, and E5 options:
ProPlus is £10.10 per month, and it includes a full installation of all Office 2016 apps on up to five desktops and mobile devices; it also includes access to Office Online, 1 TB of OneDrive storage, Sway, enterprise management, and Business Intelligence.
E1 plan offers Office Online access, 1 TB of OneDrive storage, Outlook mailbox with 50 GB of cloud storage, Skype for Business with video conferencing, intranet, Yammer, Sway, search Office Graph, video portal, and broadcasting of meetings for £5.00 per month.
E3 plan includes all E1 features plus a full Office 2016 installation including Access, an unlimited Outlook mailbox, enterprise management, Business Intelligence, compliance tools, and eDiscovery for £14.70 per month.
E5 plan includes all E3 features plus Power BI analytics, advanced security tools, PSTN conferencing access within Skype for Business, and Cloud PBX for switchboard-style communications.
Government organisations have two Exchange and two Office 365 subscriptions to choose from:
Online Plan 1 costs £2.20 per month, and it includes an Outlook mailbox with 50 GB of cloud storage plus the ability to view Office Online attachments.
Online Plan 2 costs £4.40 per month, and it includes an Outlook mailbox with 50 GB of cloud storage, the ability to view Office Online attachments, and access to compliance and information protection tools.
Enterprise E1 plan costs £3.70 per month; it includes the Online Plan features plus 1 TB of OneDrive storage, Skype for Business with video conferencing, intranet, Yammer, and search via Office Graph.
Enterprise E3 plan costs £12.50 per month and includes all features of the Enterprise E1 plan in addition to a full Office 2016 installation on up to five desktops and mobile devices, enterprise management, Business Intelligence, compliance tools, eDiscovery, and hosted voicemail with unified messaging.
Qualified nonprofit organisations can take advantage of two Office 365 plans granted as donations and two business plans at very affordable monthly subscription costs. The plans start as free trials and can be received as donations from Microsoft, but they can also be upgraded.
Nonprofit Business Essential plan is limited to 300 users; it offers access to Office Online apps, 1 TB of OneDrive storage, Outlook mailbox with 50 GB of cloud storage, Skype for Business with video conferencing, intranet, Yammer, and search via Office Graph.
Nonprofit E1 plan is available to unlimited users and offers the same features as the Business Essential plan plus a corporate video portal.
Nonprofit Business Premium Plan costs £1.30 per user and is limited to 300 seats; it includes a full Office 2016 installation on up to five desktops and mobile devices per each user in addition to the features offered by the Business Essentials plan.
Nonprofit E3 plan costs £3.30 per month per user, and it includes all the Business Premium features as well as enterprise management, Business Intelligence, compliance tools, and eDiscovery.
Kiosk plans are ideal for shared desktop environments:
Exchange Online Kiosk plan costs £1.30 per user per month, and it can accommodate unlimited users. This plan offers an Outlook mailbox with 2 GB of cloud storage, premium security suite, Exchange ActiveSync support for employees who use smartphones, and POP email support.
Office 365 Enterprise K1 plan costs £2.50 per user per month; it accommodates unlimited users and offers all the features of the Online Kiosk plan plus Yammer, SharePoint sites access, and Office Online apps.
Choosing the Right Office 365 Plan and Subscription
The Office 365 consumer group subscriptions (Home and Business) can be purchased by just about any user without restriction. The Education, Government and Nonprofit plans require users to meet a certain level of eligibility; making this determination is the first step to consider when evaluating which plan merits subscription. The next step is to consider the expenses, the number of users and the scope of intended use.
Individuals, students and self-employed professionals will probably benefit from a Personal plan that can be installed in one desktop or laptop plus one smartphone and one tablet. The Office 365 Home plan is better suited for households that wish to save on their subscription costs since it can be installed in up to five desktops or laptops plus five tablets and five smartphones.
The Education plans are for both students and teachers of qualified schools. The apps and services can be selected according to academic needs, and licensing costs can be adjusted according to the required volume.
The main Business plans can be combined to accommodate companies with more than 300 employees without having to pay for Enterprise plans at a higher cost. Enterprise plans can accommodate up to 10,000 employees.
Government plans are only available to qualified entities that operate at levels from municipal to national as well as certain international cooperation agencies. The entities that qualify for these plans must sign a contract that is authorised under jurisdictional laws.
Nonprofit organisations should take advantage of the free Office 365 trial while Microsoft determines eligibility. Nonprofits are not under any obligation to pay at the end of the free trial period, and many smaller organisations may qualify for a donation. Eligible nonprofits that operate on a larger scale can later upgrade their donations to a paid subscription that is very reasonable.
Kiosk plans are ideal for companies whose operations include shared desktops, thin clients or casual employees who need to access basic productivity tools on their smartphones, particularly under the Bring Your Own Device (BYOD) model. These plans can support unlimited users and can be combined with Enterprise plans.
Signing Up for Free Trials
Most Office 365 plans offer a free, one-month evaluation period. Generally, prospective users will need a Microsoft account and a credit card to register their free trial by visiting Office.com. For the convenience of users who wish to purchase a subscription after their free trial expires, the initial credit card information can be kept to continue billing or it may be changed at a later time. In the case of Government and Nonprofit plans, prospective users must contact Microsoft to go through the process of eligibility determination.
Once the Office 365 free trial starts, users can install apps on their devices and begin the evaluation process. To cancel the trial, users must access their Office 365 profiles and look for the auto-renew option under the “My Account” section; this option must be turned off before the end of the trial period.
Free Office 365 trials are offered on some new desktops, laptops and tablets powered by the Windows 10 operating system. The trial can be started by clicking on the Microsoft Office icon, but prospective users do not have to worry about turning off the auto-renew option because the trial ends automatically after 30 days. At that point, prospective users are offered a chance to register and purchase a subscription. Any files or documents stored in OneDrive can be retrieved by users at no cost if they decide against purchasing a subscription.
Office 365 Subscription Management
Managing an Office 365 account and subscription is simple; everything is done from the “My Account” screen. It is possible to switch between plans as long as they are in the same group. When upgrading or downgrading plans, it is important to remember that the previous features stop immediately and can no longer be accessed without switching again.
Generally, each account can be used to manage no more than one plan. Subscriptions can be purchased up to five years in the future, and the auto-renewal billing process can be stopped at any time; however, if the subscription was purchased from a third-party retailer, subscribers must turn off auto-renewal from the original point of purchase. There is no refund for annual subscriptions when plans are cancelled, but the time left can carry over to a new plan.
The Office 365 Home subscriptions can be shared with up to four other people via the Share Office 365 section of My Account, which sends invitations via email. It is important to note that one invitee can install Office apps on more than one device; however, doing so will take away an installation from the subscription plan, which is limited to five.
Shared subscriptions can also be taken away by means of deactivation or removal. When an installation is deactivated, users can still use Office apps to read and print documents. When an installation is deactivated, OneDrive storage is still available, but such is not the case with removal. This does not mean that removed subscribers will lose their files; however, they will lose their ability to upload and will need to download their data at some point.
When an Office 365 subscription comes to an end, users are given an opportunity to renew or else download their data within 90 days. To keep the subscription functional after expiration and before renewal, users should login at least once every 30 days.
Chapter 4: Boosting Your Productivity with Office 365
Depending on the subscription plan chosen, Office 365 offers services and components that can be greatly beneficial to business productivity. Learning more about what can be accomplished with each service and how they interact with Office documents can help in making an educated decision on what subscription plan to get.
Here are some of the most interesting features that Office 365 offers to boost productivity:
Microsoft has applied major upgrades and improvements to this favourite email, calendar and contacts application. One of the most talked-about new features available in Outlook is Clutter, which is available only to Office 365 subscribers and not for those who purchased a one-time Office 2016 license. Essentially, Clutter saves time by applying a smart filter to arrange messages. With Clutter, the email server acts upon algorithms that determine the importance and interest of each message received. The determination is based upon the messages that are routinely read or ignored; those messages that are less important are set aside into a special folder labelled “Clutter.” Since this is a cloud feature, it must be turned on or off from the Outlook Web App from the Settings – Options – Mail section. Since it may take a few days for the smart filter to learn the mail reading habits of new users, it helps to train the system by right-clicking on each message and choosing the Move to Clutter option.
It took a few years for social networks to be recognized as valid productivity tools by the enterprise world. Yammer has been around less than 10 years; within that time, however, it has become the premier social networking app for enterprise purposes, and its functionality has greatly expanded since Microsoft acquired it in 2012. As part of an Office 365 subscription, a Yammer network can be created for the benefit of users who have company email addresses; external users can be accepted on a strict invitation-only basis. Similar to other social networks, Yammer encourages positive reinforcement by means of the “Praise Button,” which can be used to send commend co-workers, associates and partners. Praise can be given on a number of actions: from company announcements to promotions and from completion of a project to a great idea. Yammer has been proven to be an excellent medium for driving innovation; to this effect, companies can use a single post to ask for input from staff members on a single topic, or they can highlight a single piece of user-generated content and learn about its impact from the social reaction.
Skype for Businesses
Ever since Microsoft acquired Skype, the former P2P voice chat service has grown into a mature solution for business communication and collaboration. Some of the most powerful features of Skype for Business include: ad hoc contacts, which can be done from the contact list or from the search results; setting up contact lists, which can be done from the Add to favourites or Add to Contacts options; presentations, which can be accomplished with a click of the “Present” icon at the bottom of the call screen, and the ability to invite up to 250 participants to a single video or voice conference. Of all the new Skype features, the ability to present just about anything, from desktops to interactive whiteboards is perhaps one of the most powerful.
SharePoint and OneDrive for Business
With OneDrive for Business, sharing a document for basic collaboration and editing is as easy as selecting the Add to My OneDrive option; however, this functionality is not the same as the real-time collaboration offered by SharePoint, as OneDrive is was not primarily intended for sharing. With SharePoint, users can go to a document library, open a file on Office Online, and see the number of people working on the document at any given time. Depending on the permissions set for each user, they may be able to edit on a semi-formal, formal, or commentary basis. On top of that, the versioning option shows when a file was changed in any way and by whom, along with their comments. If there are problems with the current version, previous ones can be viewed without overwriting the current one and the current one can be replaced with a previous one.
Business Intelligence Services
Delve is a very interesting new service offered for Office 365 business users. Delve is based on Office Graph, which is a Microsoft technology that is similar to the machine learning algorithms used by powerful search engines and artificial intelligence developers. In essence, Delve is a smart business researcher that gathers, collects and organises information, relationships and ideas that users may not see on a daily basis, and the data collected may even come from mobile devices. For business managers who must stay on top of everything that happens within their organisations, Delve is a great informational and time-saving tool; since it does not actively move to change file permissions or access private files, it never becomes intrusive to the point of violating privacy.
Power BI is another business intelligence service for Office 365 that is becoming more functional and powerful as time goes by. In essence, Power BI takes data and transforms it into dashboards, which can show detailed reports displayed as tiles. With Power BI, a company can connect to multiple datasets from other services such as Salesforce. Getting started with reports is as easy as following the sequence of importing data to create a new Excel spreadsheet; once this is accomplished, the data is ready to be transformed and explored. A nice extra within Power BI is provided by Quick Insights, a set of 32 detail-rich data visualisations with descriptions that can be displayed in seconds and easily modified with filters and pivots.
Microsoft Dynamics CRM
The greatest advantage of using this customer relations management solution is having one organised data storing place for prospecting and customer information, in which data is entered manually (e.g. records of phone calls with custom notes), imported from sources like social networks, an accounting system or Excel, to which data can also be exported into a spreadsheet. Among other features, there is an integrated dashboard creation option with charts, which uses the imported data. That is especially useful for sales, like the lead/opportunity labels for contacts, and there is also easy case creation, search and monitoring for service representatives. Once Dynamics CRM is properly configured, data about clients, customers and prospects can be managed to ensure that contacts are made timely and that follow ups are conducted periodically.
Professional Presentation Services
Office 365 offers two professional presentation options: the Visio app and the Sway service. Visio is a mainstay of the Microsoft Office software family, and it is still the best app for business charts, diagrams, network maps, 3D models, floor plans, flowcharts, etc. Also, its Quick Import option enables linking of resources like Excel, AD or SQL Server for real-time data displaying next to visualisations. Sway, on the other hand, is a very intuitive and attractive online service that can be used for quickly creating presentations. Both Visio and Sway offer online collaboration; however, the former is more effective for describing technical processes while the latter is better to tell engaging business stories.
Organisation and Management Services
Microsoft Excel and Project have been upgraded with new functions to expand their functionality. With Power Pivot, Excel now allows the import of very large datasets from various sources. With PowerView, the data gathered, filtered and connected with Power Pivot can be visualised in multiple charts. Power Map allows the integration of geographic data and Power Query can adjust data in relation to external changes with just one click.
Microsoft Project now offers Resource Engagements, which is a management feature that focuses on the staffing portion of a business project. This new feature adds a new ribbon to Microsoft Project, which replaces the traditional Resource Availability view the new Capacity Planning. Within this new view, project managers can view resources and their workloads expressed as heat maps. In this fashion, work can be assigned to certain resources without having to worry about overworking them or having others sit outside of the project with excessive non-working hours.
Office 365 User Assistance Services
Professional users who subscribe to Office 365 can enjoy the benefits of FastTrack, a dedicated customer success service that delivers substantial value. The Microsoft FastTrack centre is staffed by hundreds of engineers from all over the world; they are trained in providing remote assistance in a personalised manner.
FastTrack representatives contact Office 365 business users within 30 days of a new subscription becoming active. This service is available to customers who purchase subscriptions of at least 50 seats. FastTrack engineers work with subscribers to develop and commit to an Office 365 success plan set up for the deployment and implementation across an enterprise.
Part II: Delving Deeper
In the second part of the guide we will cover the more technical features and options, also with provided instructions to accomplish the jobs at hand. Chapter 5 concentrates on Office 365 security layers and how users control security and privacy. After that, Chapter 6 will be about guidance regarding Identity Management Models, followed by information about Data Loss Prevention and how the user can take steps to prevent sensitive data loss in Chapter 7. Chapter 8 explains how archiving and eDiscovery work and with instructions on how to utilise them, and, lastly, Chapter 9 explains On-Premises, Cloud and Hybrid Environments and provides requirements, considerations and instructions for their setup.
Chapter 5: Staying Safe with Office 365
General Information on Security
A subscription to Office 365 means that users will be entrusting their documents, data and important information to the Microsoft cloud. As with any other cloud service, it is reasonable to expect that many users will be concerned about security; after all, tech news media outlets routinely publish headlines about spectacular data breaches suffered by major cloud providers. Such concerns are valid; however, it is important to learn about the levels of security that Microsoft implements to its Office 365 cloud services.
The Microsoft servers that house Office 365 files and applications are located within ultra-secure data centres. The physical security at these centres is augmented with access control, motion sensors, biometric scanners, and many other security controls. Over the last two years, Microsoft has been able to maintain uptime levels higher than 99.96 per cent, and these levels are jealously controlled and verified by technicians.
The risk of emergency security threats is taken very seriously at Microsoft data centres. To this effect, one strategy applied by Microsoft is known as assumed breach practice or red teaming, which consists of undercover hackers working on behalf of the company to launch attacks against its data centres. The targets are typically Office 365 and Azure cloud services, and the red team tries everything to exploit vulnerabilities through tactics, techniques and procedures replicated from real-life events. The Microsoft security never knows if they are protecting against one of their own red teams or cyber criminals; this only revealed at the end of the exercises.
Office 365 and Exchange Online Protection
Data created and stored in Office 365 is primarily protected by BitLocker, Microsoft’s current encryption mechanism, which can be deployed with either Advanced Encryption Standard (AES) 128 or 256 bit security; this is for all the servers that hold email messages, Office documents, projects, instant messages, and conversations across OneDrive and SharePoint.
How the Service-Level Security Layers Protect the User
Office 365 users are protected by core methods of defence applied through three layers of security:
Physical Layer: As previously described, Office 365 physical security is handled by Microsoft in their data centres, which are staffed around the clock by technicians who must utilise multi-factor authentication for physical and remote login procedures in addition to biometric scanning and personal challenges. The data centres are set up in a way that the hardware and software are protected individually from subscriber data; in this fashion, attackers cannot access a system through another one.
Logical Layer: The logical security of Office 365 data is provided through lock box processes, which are greatly automated for the purpose of minimising human access and potential mistakes. All server processes are whitelisted to prevent the introduction of malicious code, and security teams are constantly looking out for avenues of malicious access through techniques such as perimeter security, port scanning, and intrusion detection.
Data Layer: As previously described, static data is protected by means of BitLocker AES 128 or 256 bit encryption. When in transit, data is protected by the secure socket layer (SSL) and transport layer security (TLS) protocols. Microsoft also practices constant disaster recovery and business continuity drills to ensure that data will always be available and secure for Office 365; this is all part of the service level agreement (SLA) between Microsoft and subscribers.
How to Customise Security Controls as User or Administrator
Malware and spam protection controls can be managed from the Office 365 Administration Centre (OAC); from here, administrators can also control the flow of spam messages, and they can also set up lists of blocked senders. Additionally, individual users can also manage their own lists of blocked senders from their Outlook inboxes.
Exchange Admin Centre (EAC)
Using the EAC, Office 365 subscribers can configure their own anti-malware policies for improved protection. The Protection – Malware Filter section of the EAC gives users control over the various policies. The default policy can be edited so that it applies to the entire company; also, admin users can create new policies for the purpose of applying them to select users and groups. These user-created policies can be named and given descriptions; their behaviour in so far as the Malware Detection Response can be set to delete the message, only the malicious attachment, or issue custom alerts so that individual users can update their lists of blocked senders.
Password Expiration Policies
Since Office 365 is a subscription-based system, proper password management is essential. Administrators can set passwords to never expire, but this is only recommended for users who are expected to work with the organisation only for a short time. Otherwise, passwords expire on a regular basis; settings can be changed by accessing the OAC and accessing the Service Settings – Password section. Aside from setting passwords to never expire, administrators can also set the number of days from 14 to 730, and they can also set the number of days before users get a notification that their passwords are about to expire.
Secure Multipurpose Internet Mail Extension (S/MIME)
Office 365 uses S/MIME, an electronic messaging protocol that allows users to handle correspondence that is digitally signed and encrypted. Administrators can increase the security of their organisation messaging systems by setting up S/MIME in all Outlook app versions from 2010 and 2013 as well as in their Outlook on the Web systems and their Exchange ActiveSync. This will require installation of a Windows Security Certificate that will issue public S/MIME encryption keys. The certificate must be published in an Active Directory Domain Service account, and a virtual certificate collection must be applied to validate the certificate before the endpoint Outlook or Exchange clients can be activated. Additional message protection in Office 365 can be obtained through Message Encryption, which allows TLS communications with trusted partners. This feature must be purchased along with a subscription to Microsoft Azure Rights Management, which costs about $2 per month for each user. With this feature, users can send confidential and encrypted mail seamlessly.
Office 365 Content Management Policies
Advanced document management and control features can be enforced for compliance within Office 365. Various policies can be created and applied to multiple content types within a collection, within a website, or within a library, collection, or list of documents. The most common policy is applied at the site collection level, which can be started from the Site Settings page; from here, users can access the Site Collection Administration – Content Type Policy Templates to create new policies along with descriptions. The features that can be specified include: Retention, Auditing, Labels, and Barcodes.
Office 365 Multi-Factor Authentication (MFA)
As with all cloud services, good security begins at the access level; to this effect, Office 365 offers MFA, which allows verification of login credentials via mobile calls, text messages or in-app notifications. There is a standard MFA for Office 365, but users can also purchase the higher Azure MFA. Setting up the standard Office 365 MFA can be done from the OAC – Users and Groups – Active Users section; from here, MFA requirements can be enabled, disabled and enforced for individuals.
Role-Based Access Control (RBAC)
Administrative roles are not limited to a single user in Office 365. From the OAC Active Users section, current administrators can assign new admin roles or take them away as needed. Admin roles require an alternate email account for password recovery as well as a mobile number for MFA.
The Microsoft SLA for Office 365 treats user data under a “Privacy by Design” policy, which implies that subscribers have full control to documents and other information they create, share and store. Furthermore, users can control the privacy of their data and communications by means of settings within OneDrive and SharePoint. The default data access levels are Read and Edit; other advanced permissions such as Full Control can be set by SharePoint admin users at the list, site, and personal levels. Greater customisation can be found in SharePoint in comparison to OneDrive.
Chapter 6: Choosing a Model for Identity Management
Identity management is a special feature of Office 365 and other subscription services offered by Microsoft. The purposes of identity management are varied; the two most important being security and control. Essentially, identity management allows an organisation to identify users and assign proper resources in accordance with work policies.
The three components of identity management are: access, authentication and authorisation. The access component refers to devices and networks while authentication involves the verification of that user’s identity by means of security credentials; authorisation refers to the actions and permissions assigned to users once they have been authenticated.
Office 365 administrators have a few identity management models to choose from. Each model presents options that may be suitable for various organisations. The choosing and switching of models are decisions that organisations can make in relation to their needs.
Office 365 Identity Management Models
The three identity management models available to Office 365 administrators are: Cloud, Synchronised and Federated Identity.
Cloud Identity model: allows the management of Office 365 users and their identities from the Online Admin Centre. The credentials are actually stored in Azure Active Directory, with Microsoft tasked with access and control. This model is ideal for administrators who wish to handle all the identity management tasks from the cloud and without having to depend on user directories that are handled as on-premises lists. With the Cloud Identity model, the deployment and management functions are simplified and do not require service installations. The reliability of Azure Active Directory is protected and guaranteed by Microsoft and its extensive data centres.
Synchronised Identity model: administrators can integrate an existing, on-premises directory with Office 365. Essentially, the user identities are managed within a directory located in an on-premises server. The credentials that are stored on this on-premises directory will be the same used by users to access Office 365 apps and services, but the verification is handled by Azure Active Directory. The credentials and password hashes are synchronised to the cloud by means of a special tool provided by Microsoft. The greatest benefit of the Synchronised Identity model is that it allows administrators to work with local directories that they must keep in accordance to existing policy; however, it requires the upkeep of a server and the implementation of consistency checks with Azure Active Directory.
Federated Identity model: administrators must manage their own on-premises identity service, which can be provided by a third-party developer, without synchronising with Azure Active Directory. This model is ideal for administrators who may already have Active Directory Federation Services in their local servers; one example would be administrators who are running a Microsoft Exchange Server or SharePoint application, or who are managing smart-card security solutions. The Federated Identity model is probably the most secure and complex, but it is also the most dependent on third-party technologies; it is ideal for organisations that use single sign-on as one of their best practices, but it may require them to implement advanced solutions such as the use of tokens or biometric scanners.
Identity Management Model Recommendations
The username/password paradigm of Internet security and access control is becoming dated. Technology news headlines these days are becoming dominated by cybercrime stories about hacking outfits that breach networks for the nefarious purpose of accessing username/password databases. Only the most spectacular breaches are reported; it is reasonable to believe that small businesses and organisations that keep access control lists and directories stored on local servers are amongst the most vulnerable.
Clearly, there is a need for enhanced identity management and access control when it comes to subscription services such as Office 365; after all, users of these apps and services often create documents and engage in long conversations about sensitive business matters that must be kept confidential at all times.
With the move towards cloud computing, security enhancements are moving beyond username/password credential systems of yesteryear. Of the three identity management models employed by Office 365, the Federated model is not only the most secure, but also moving in the direction of Internet access and control for the future.
The identity management models offered by Office 365 improve on the Yet Another Username and Password (YAUP) paradigm of online access and control that has been the norm since the 20th century. Each model is a step towards Single Sign-On (SSO), which is the antithesis of YAUP.
Office 365 administrators who manage small business organisations can easily adopt the Cloud Identity model to allow their users access to several apps and services. In the YAUP days, users would have needed different credentials to access their Outlook mail, Yammer accounts, Sway presentations, Word documents, etc. The Cloud Identity model assumes that the administrator is a reliable identity provider (IDP) that provides credentials managed by Azure Active Directory as the Relying Party (RP).
The three Office 365 identity management models establish a trust relationship between the IDP and RP to offer users SSO abilities. The SSO paradigm makes use of security assertion markup language (SAML) technology, which conforms to the organisation for the Advancement of Structured Information Standards (OASIS). SSO is at its best when applied through the Federated Identity model, which is a browser-based means of authentication with an IDP. The trust created through SSO in the Federated Identity model requires a reliable and compliant on-premises directory that syncs with an on-premises IDP. Ideally, SSO will become a Web standard through the widespread implementation of biometric devices such as fingerprint scanners.
Most small and medium-sized companies will find the Cloud Identity model suitable to their needs. In some cases, however, the synchronised Identity model is required for certain companies with compliance requirements that force them to keep directories on-premises. Microsoft does not expect all companies to be able to adopt the Federated Identity model at this time; therefore, the Cloud and Synchronised Identity models are probably more attainable.
Switching Between Office 365 Identity Models
Depending on operational requirements and business needs, Office 365 administrators are able to switch between identity management models. As previously discussed, one day all administrators will be able to choose and implement the Federated model for the convenience of their users; however, they may have to settle for the Cloud or Synchronised models until they can upgrade their systems with tokens or biometric readers.
For most Office 365 administrators, choosing an identity management model will come down to which one is the simplest to implement. Should the need arise to switch from one model to another, it is important to note that it is not possible to go directly from the Cloud model to the Federated model.
Switching from Cloud to Synchronised model can be accomplished by deploying the DirSync tool. Since the list of users is already stored in the cloud and managed by Azure Active Directory, the RP will attempt to establish trust by means of matching up existing users. To this effect, administrators can use the PowerShell tool to extract PrimarySMTP email addresses used to access Office 365; these addresses can then be imported into the Active Directory of the on-premises server.
The process of switching from the Synchronised to the Federated model is not complicated since the synchronization is a prerequisite. The on-premises server must be segmented by domain unless separate servers are already in use. In this switch, the administrator must indicate the RP to use for password validation, and the federation option must be selected in the Office 365 Admin Centre.
From the Federated to the synchronised model, administrators can use the PowerShell tool to convert the domain from Office 365 to standard, and passwords can be synchronised with DirSync in lieu of having all users reset their passwords individually. PowerShell can also be used to switch from the Synchronised to the Cloud model; this requires administrators to turn off synchronization in the Office 365 Admin Centre. This switch will require a 72-hour update of Office 365 services.
It is important to note that administrators who already have SSO for various cloud services or for apps within their IT infrastructure are not obligated to synchronize with Azure Active Directory. If business requirements state that Office 365 subscriptions must be kept separate, the best course of action would be to choose the Cloud Identity model and forego the password hash function offered by Azure Active Directory. Should this be the case, it is important to avoid redundant passwords.
Chapter 7: Managing Data Loss Prevention Policies
The Role of Data Loss Prevention
Data loss prevention (DLP) has been a feature provided by Microsoft to enterprise clients since 2013. DLP was first implemented in Exchange Server and Exchange Online; these days, the feature extends to Office 365, SharePoint and even MS Office 2016.
In general, DLP allows enterprises to set policies that enable them to handle sensitive information adequately. The idea is to provide integrity for messages and documents as they are transmitted, stored or edited as a collaborative effort. The basic DLP functions are: identification, monitoring and protection; they are enforced through a set of conditions, filters and transport rules.
Managing DLP Policies
The Compliance centre component of Office 365 allows administrators to apply DLP policies. Microsoft has designed these policies with certain business compliance standards in use across the enterprise world. Sensitive information that must be protected may include customer data, client information, credit card numbers, health records, and others.
A DLP policy allows compliance managers to identify whether information being handled in Office 365 is sensitive. If the process of identification is positive, the DLP policy will allow administrators to adjust settings to monitor and protect information deemed to be sensitive.
The rules implemented and enforced by DLP policies are based on location, conditions and actions. In the case of Office 365, the locations will likely be Exchange, SharePoint and OneDrive. The conditions are set to enable the DLP to look for specific content that matches certain formatting such as passport numbers or bank accounts. The actions are set by compliance officers to allow users to view, share or edit the information; furthermore, actions can be set to notify key personnel about information being accessed.
Basics on Setting up DLP Policies
The Office 365 Compliance centre can be accessed from the left navigation bar of the Admin Portal, under the Tools option. From here, the DLP option can be found and accessed for creation and administration of policies on documents. DLP policy management for emails and other messaging options is accessed through the Exchange admin portal, but this may be consolidated in the future.
Currently, the Financial and Medical industries are specifically listed as options for creating new DLP policies; there are also Custom and Privacy options to choose from. Office 365 users can expect that more of these options will become available in the future as business and regional standards disseminate.
When a new DLP policy is created, administrators are given a choice of services to protect, followed by the rules that can be customised with conditions. When the Create button is clicked, the new DLP policy will immediately be applied.
DLP Policy Creation Methods
Aside from creating new DLP policies from scratch, Office 365 administrators also have options to import policies from third-party vendors or using templates provided by Microsoft.
Creating a DLP policy from a template is an out-of-the-box process that can save administrators a considerable amount time since they do not have to build new rules from scratch. This creation method requires administrators to specify the compliance regulation, the type of data to handle and the organisational expectations.
Enterprises that have intricate and particular requirements for data protection and monitoring will likely have to create custom DLP policies in Office 365. In this case, administrators need to specify everything from the data types to the constraints. This process may not be as complex as coding, but it requires careful attention to compliance requirements.
Third-party vendors may provide DLP policies that conform to certain enterprise environments, ISO standards or government regulations. Office 365 allows the importing of such policies, which are often developed by Microsoft partners.
DLP Policy Tips
Similar to Exchange MailTips, DLP policies in Office 365 offer tips that can be used to notify users that they may be about to violate a compliance regulation. For example, if an Officer 365 subscriber is about to send an Outlook messages that contains sensitive information such as healthcare records, a DLP Policy Tip may be displayed to alert the user of the potential compliance issue.
DLP policy tips can also be created to do more than display messages. Tips can also be set to perform certain actions such as blocking a message from being sent, preventing a folder from being shared, notifying supervisors, or even providing the option to override a protective measure by notifying the administrator that the information in question is not sensitive.
Aside from enforcement, DLP policy tips can serve to educate users on compliance issues. Tips can be tested on a variety of devices since they are designed to work on the Outlook mobile app.
How Sensitive Content Detection Works
DLP policies can be as strong as their ability to identify sensitive content. Microsoft has been working on sensitive content detection since the early days of Exchange 2013; to this effect, the code architecture of Exchange 2013 and Office 365 provides deep analysis of content along with extensive criteria that can be applied as detection rules.
One of the issues that affect sensitive content detection at the enterprise level is the potential for false positive. When a DLP policy action is mistakenly applied without reason, users can become frustrated and may look for ways to circumvent compliance just so they can get their work done.
Microsoft tries to make as many sensitive content detection rules as possible, so that Office 365 administrators can provide them out-of-the-box. Many of these rules are related to standards such as credit card numbers and bank account numbering that adheres to the IBAN standard; altogether, there are more than 80 of these options. Microsoft has also coded checksum routines that look for certain keywords and patterns to identify sensitive content in documents or corporate communication.
Sensitive Information Rules and Document Fingerprinting
DLP policy files are created on XML documents that follow a certain schema. DLP templates allow administrators and developers to get started quickly; however, Microsoft recommends original rules that go beyond the basic rule structure for enterprises that are serious about compliance. The rule creation process starts with preparing test documents representing the target environment: one subset of documents contains the matching logic for the rule and the other does not. Afterwards, the rules that meet acceptance requirements are identified to identify the qualifying content, followed by establishment of a confidence level for the rules, based on the acceptance requirements. Lastly, the rules are validated by instantiating a policy with them and by monitoring of the sample content, after which rule or confidence level adjustments can be done to maximise detection and minimise false positives and negatives.
Document fingerprinting is a DLP strategy in which the DLP agent identifies a sensitive document’s unique word pattern and creates a “fingerprint” (XML file) based on that pattern, which is used to detect outbound documents with such patterns and a created transport rules and other policies can be applied. This strategy is particularly useful to organisations that frequently use standard forms or templates. Document fingerprinting works on just about all text-based files, and can also be applied to documents created and edited by means of collaboration.
Detection Approaches in SharePoint Online and OneDrive for Business
Microsoft continues to develop DLP for all services, apps and components of the Office 365 ecosystem. As announced in 2015, the DLP features are extended to OneDrive for Business and SharePoint online. On SharePoint, DLP works as a crawler that checks documents and communications for sensitive content. This integration also includes Dynamic CRM and eDiscovery services, and it extends to the search indexes so that unauthorised users are not able to see snippets of sensitive information as they enter queries.
The initial implementation of DLP for SharePoint Online includes 51 types of sensitive information such as credit cards and bank account numbers that adhere to the IBAN numbering standard. Administrators can take advantage of the DLP for SharePoint and OneDrive built into Enterprise Search to look for documents that may contain sensitive information in the eDiscovery centre. Various queries for sensitive content can be run, and the results appear under the SharePoint tab for evaluation.
Results from sensitive content queries can be exported into a report for a detailed review by compliance officers and administrators. Based on this report, various actions can be manually taken. For example, documents that contain sensitive information can be removed from shared sites or the permissions can be adjusted as needed.
Microsoft is working on extending DLP features across SharePoint so that they are as comprehensive as in Office 365; however, the current ability to manually search for sensitive content has been well-received by compliance professionals. If administrators have not yet activated the eDiscovery centre service, the initial application of DLP may take up to 90 minutes. The process begins with the assignment of permissions to users who need access to eDiscovery functions before selecting a template to create a case. Once an eDiscovery case has been created, a query can be created to search for sensitive content across SharePoint sites.
Chapter 8: Utilising Archiving and eDiscovery
The Need for Archiving and eDiscovery
As a comprehensive enterprise productivity solution, Office 365 provides features and services that cover many facets of business. Compliance is a major factor in today’s business climate, and this is something that Microsoft Office developers have been paying close attention to over the last few years.
Compliance with records retention, archiving and electronic discovery is something that every business organisation should be able to reasonably implement, particularly in common law jurisdictions in the Commonwealth of Nations and the Anglosphere. Office 365 takes advantage of the cloud computing paradigm to offer business subscribers a sensible solution to enterprise compliance needs related to archiving and electronic discovery. As long as regulators allow the use of cloud services for the purpose of meeting compliance requirements, Office 365 will probably meet the needs of most businesses.
Exchange Online Archiving
Archiving is a service that dates back to Exchange Server 2010; it is hosted on the reliable and ultra-secure Microsoft data centres around the world, and it offers 24-hour live support that is available to certain subscription levels. With this service, business organisations can keep all their important documents and communications in a single place along with user and transmission metadata that can be preserved for as long as it may be required.
Hosting documents, communications, records, and archives on Office 365 servers will make sense for most enterprises. The benefits are numerous; from scalable storage to integrated management and from technical support to remote access, complying with record retention policies, subpoenas and witness summons is not only possible but also efficient and cost-effective.
The basic Exchange Online Archiving Plan 1 offers a total of 50GB of cloud storage between Inbox and Archive folder content. Plan 2 offers more comprehensive compliance solutions with unlimited storage and extended features.
Office 365 eDiscovery
Electronic discovery, commonly known as eDiscovery, is a legal compliance process that deals with the production and exchange of information that is electronically stored. The eDiscovery process may be a result of investigations by law enforcement agencies, regulators, or local court orders related to litigation. When an organisation receives an eDiscovery subpoena, summons or court order, the burden is on the business principals to comply, and this may involve intricate production of data.
Office 365 offers various levels of eDiscovery that make it easy to comply with legal orders. The process starts with archiving and record preservation; it continues with analysis and production. To reduce liability and increase compliance, Office 365 eDiscovery offers features such as data management, real-time search, and In-Place Holds of select data. All these features can be accessed through an intuitive Web interface.
Both Archiving and eDiscovery are services that can be managed from the Exchange Administration centre (EAC) or from PowerShell; this is where administrators can enable archiving for specific users. Most administrators will initially set up Archiving to retain all documents and communications; however, this can later be optimised to comply with custom retention policies. Storage should not be a concern, particularly when cloud services are chosen; nonetheless, efficient retention policies may call for the omission of certain files for the purpose of respecting personal privacy to a compliant extent. Experienced Office 365 administrators can customise retention policies to respect privacy and to set limits specified by business needs.
Managing Office 365 Archiving Features
New subscribers who have had a local version of Outlook can import data to Exchange Online by means of the Import and Export Wizard. A Personal Store (.pst) data file is needed for this process; once this file is imported, the .pst data can be manipulated and the email messages can be dragged into the Archive folder. Alternatively, administrators can drag messages directly from an Outlook Mailbox into the Archive folder. Administrators who are actively complying with records retention can also set archive policies that can move certain email messages from mailboxes to the Archive folder automatically.
Certain business organisations may need to retain records on their own servers for the purpose of complying with local rules or company policy. Office 365 allows subscribers to create on-premises archives from the EAC. To do this, select Recipients – Mailboxes and click on New – User – Mailbox. At this point, the Alias box should be selected and completed before clicking on More Options. From here, click on Mailbox Database – Archive – Browse to select the local storage target of the on-premises archive.
Office 365 business subscribers no longer need to rely exclusively on .pst data files to archive company email communications. The In-Place Archiving feature is a historical, permanent and compliant email solution for single users, but not for shared mailboxes. In-Place Archiving is much more efficient than dealing with .pst data files, and it adds an important compliance dimension by allowing administrators to recover Deleted Items from local Outlook apps or from Outlook on the Web. When Deleted Items are retrieved, information such as when they were created and deleted can be retained for investigative purposes.
Managing eDiscovery Functions and Features
Exchange Online includes the In-Place Hold feature, which offers real-time protection of sensitive documents without creating an impact on workflow. With In-Place eDiscovery, administrators can search mailboxes for relevant content even within SharePoint environments. Standard eDiscovery queries provide not only relevant content but also statistics and the ability to export findings into a case file that is portable and can be transferred to hard drives or removable storage media for offline evaluation.
Creating an eDiscovery Case
Office 365 administrators can create investigation cases from the eDiscovery centre. Once a case is created, administrators can let auditors and legal staff run queries and export findings for examination. Each new case must have a title, a short description and a short URL. Once this is done, administrators must select an eDiscovery Case template and set User Permissions, which can be adjusted at the parent or specific level if other users must be included. Under Queries, a new item must be created and named before inputting the search terms and indicating the location URL. At this point, the administrator can click on Search to get the results and export them to an external case file. In many jurisdictions, prosecutors are familiar with eDiscovery Case files.
Since eDiscovery cases will primarily operate in cloud environments, administrators can capture data from multiple Office 365 apps and services. Everything from email messages to documents and from OneNote files to Skype conversations can be collected in real-time.
Office 365 eDiscovery is not limited to the cloud; it is also available on-premises and can be connected to Exchange for the purpose of extending queries across SharePoint, Office Online and even Skype. In fact, legal teams can also create eDiscovery Case Sites so that they can collaborate and formulate strategies just like within a SharePoint environment.
Enjoying the Ease of Operation and Maintenance
In the past, the records retention and eDiscovery processes were difficult and costly for many companies to operate and maintain. Office 365 alleviates these issues by providing businesses with powerful tools that allow them to focus on operations without having to worry about whether they can afford in-house legal and compliance teams.
Since most of the eDiscovery summons, investigations and court orders deal with corporate communications, the first step in terms of compliance is to manage an email solution that is conducive to archival. With Exchange Online Archiving, Office 365 subscribers can rely on Microsoft technology to provide the foundation of email compliance.
Accessing archived email from the Outlook application and from Outlook on the Web is an easy task that does not require users to learn new tools. The Office 365 user interface demystifies archival and eDiscovery through intuition; this allows administrators to quickly settle into their compliance roles.
Microsoft frequently releases software patches that are applied automatically to Outlook, Exchange and eDiscovery, which means that legal staff members and Office 365 administrators do not have to worry about their systems becoming out-dated and out of compliance. Access to archived data is consistent and almost universal with the solutions provided by Office 365.
Thanks to In-Place Archiving, the legacy Outlook .pst data files are being gradually phased out. What this means for business managers is that they will no longer be afflicted by the performance issues that arise when .pst files become very large. The ability to set retention policies helps administrators to efficiently organise information since they can easily choose the items that should be archived or deleted.
Chapter 9: Understanding On-Premises, Cloud and Hybrid Environments
Pros, Cons, and Setup of On-Premises Environments
The advantages of on-premises Exchange servers are mostly related to the degree of control the user organisation retains over the system. First of all, they control the hardware, software, and the recovery tools. That extends to customising inbox size limits and message restrictions, which can make a significant difference in the storage needed. If the user would like to incorporate third-party apps into the email system, then this setup is the most practical for doing that. Users also have total control over the security and the email data itself, so access is not handed to someone else. There are no external sources of downtime because maintenance and updates happen on the organisation’s schedule. One can take advantage of any and all Exchange features, and the new ones can be quite attractive. Lastly, maintaining Exchange on-site equals a significant speed boost.
On the other hand, this option is expensive both in terms of money and in terms of staff time. Skilled staff is needed at all times, because the user is in charge of support. It is also necessary to purchase and maintain all the supporting hardware, like the cooling and power systems, and the network infrastructure to support the Exchange servers. Anytime there is a significant update, the user prepares and executes the transition, while ensuring minimal impact to the user experience. Not only are these downsides costly, but also consume time that could be spent on something else, so one should consider whether the control features are worth the additional work and costs of keeping everything on-premises.
As for the installation, there are three types. The first one is the Mailbox server role and it is mandatory. An Edge Transport role and management tools can be installed on a different server.
For the Mailbox, first install the OS roles and features and restart afterwards. After that, .NET Framework version 4.5.2, is installed, followed by Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit. For the Edge Transport role, instead of installing roles and features, WindowsFeature ADLDS should be installed and continued according to the instructions for downloading the two supplementary pieces of software for Mailbox. To install the Exchange Management Shell on Windows Server 2012 R2 or Windows 8.1, only .NET Framework 4.5.2. is needed and, after that has been done, the chosen installation of Exchange is ready to be installed.
Firstly, an Active Directory schema update needs to be installed, for which the aforementioned .NET Framework and RSAT-ADDS are needed: there will be prompts for these when the initial setup for Exchange is run. Before applying the scheme update, the forest directory should be backed up, because permanent changes are made and a permanent, irreversible organisation name is chosen. Afterwards, Exchange and the Mailbox role are simply installed and the server is rebooted.
Pros, Cons and Setup of Cloud Environments
Another choice is the cloud-only environment in which all email services are performed through Office 365. This has its own set of pros and cons. On the plus side, money is saved on software and hardware compared to an on-premises install, as well as on staffing costs due to no need for on-site support. Microsoft guarantees 99.9 per cent uptime with financial backing. Remote log-ins are possible from almost any location and device. The cost of third-party apps can be integrated into the user’s subscription fee.
There are some disadvantages to consider, such as no control over data, which could possibly result in non-compliance with some data security protocols that matter to the user’s organisation. Also, there is a limit to the extent of possible linking into the email system with APIs. This might matter if, for example, a comprehensive CRM solution and incorporation of email would be desired. There is also the risk that subscription costs will change over time as the business grows. Lastly, it appears unclear how the data could be integrated back into the organisation if the contract is terminated.
While an on-premises environment gives greater control and the ability to incorporate more third-party tools, the cloud provides significantly lower costs and transfers the burden of logistics and management outside of the organisation. The right choice for an organisation will depend on the current costs, staff, objectives, as well as the sensitivity of the data contained in its emails.
The setup for moving from an on-premises system to a cloud solution is easier than the initial installation of the on-premises approach. If there are less than 2000 mailboxes that need to make the transition, it is best to do it all at once through a cutover migration. Every user will get a new user account for Office 365 and the licences will need to be assigned to every user whose mailbox migrated to the cloud, which is why it might not be practical for many mailboxes and 150 are recommended.
If, on the other hand, there are more than 2000 mailboxes, it is better to make the transition in parts. The Azure Active Directory tool is used to manage a staged migration in which a portion of the total mailboxes make the migration in each pass. Azure Active Directory will provide the link to enable synchronisation between the existing Active Directory domain and the Office 365 environment. However, only user and resource mailboxes can be migrated.
Pros, Cons and Setup of Hybrid Environments
A hybrid approach provides the user with some of the advantages of both systems. For example, control is kept over security and other tasks fall to the cloud. That allows you to focus money and staff time on the most important aspects of your email system. It is also easier to scale the costs, because staged migrations of users to the cloud can be carried as needed, which can control the subscription costs. This is also a useful point to test out some of the Exchange’s hosted features to decide whether they would be welcome in the entire system or not.
On the downside, it can be a challenge to set up and maintain a hybrid system because two infrastructures have to be managed at once. That also means financing two infrastructures at once, because of the required staff, hardware, and software for both. Hybrid solutions can get expensive depending on the proportion of users in the cloud and how extensive the on-premises needs are. Some users are in the cloud while others are not, which resulted in problems before, but with single sign-on or password synchronisation users can log on to both environments with the on-premises credentials. In the case with existing on-premises accounts, Directory synchronisation helps mirror accounts between the two environments, so there is no need to re-create or update accounts twice.
In cases when ADFS or Dirsync are used, an on-premises Exchange server should be kept even in the event of a complete migration to the Office 365 cloud. This is because the only supported way to edit the attributes of an object synced from on-premises Active Directory is that very on-premises directory. It is not possible to edit these Exchange attributes without using unsupported tools like ADSIEdit.
In any case, before beginning with the setup, it needs to be verified that all the prerequisites are met, starting with the latest cumulative update, or at the very least the one immediately prior; any earlier update is not supported. There needs to be at least one server in the Mailbox role and, if the Exchange version is 2013 or older, one in the Client Access role. The licence for Office 365 must support Azure Active Directory and the Azure Active Directory Connect tool must be deployed, and all necessary custom domains must be registered and the Autodiscover DNS records set to point to the Client Access server if not in Exchange 2016. The Exchange Admin Centre is connected to the user organisation and valid digital certificates are obtained from a digital authority. After that, the Hybrid Configuration Wizard can be run, which will provide guidance through the process. Another option is to enlist the services of the MS or third-party support team.
Productivity software and related services play an essential role in modern private and business life. Such a role naturally evolved as the use of computers, laptops, smartphones, and tablets progressively altered the hardware landscape. Microsoft has long ago established itself as the provider of software that users could quickly learn and use to become productive in the Information Age. The popularity of Office applications such as Word, Excel, and PowerPoint propelled them into their current iconic status as compatibility standards for the entire world.
Using Office, businesses and individuals can create documents, spreadsheets, presentations, and other materials that people can open, read, edit, and save anywhere in the world. Although such compatibility continues to factor into the decision to use Microsoft productivity software, many other compelling factors contribute to its enduring appeal. The suite has evolved to include more features and services, keeping pace with the rapid pace of technological development and continues to play a central role in business and private life. For example, modern collaboration tools have expanded the utility of Office, accommodating teams and helping them to work together efficiently. Using Office applications, multiple users can contribute, review and approve documents in a secure online environment.
With versions of its applications available for Android, iOS, and Windows Phone, Office has set another standard for mobile productivity. The emergence of smartphones and tablets with these platforms allowed users to work anywhere in the world, provided they have an Internet connection. Since so many people already use Microsoft productivity applications, mobile users can seamlessly integrate into modern workflows.
The emergence of cloud-based software has provided opportunities for software developers to earn steady revenue streams. In return, they provide users with a continual stream of security and feature updates that helps them stay on the cutting edge of productivity and performance. Although some users might balk at paying the monthly or yearly subscription fee for Microsoft Office 365, others can choose to buy Office 2016 and then selectively update to future versions as conditions warrant. Still, subscription plans range from the Outlook personal email service to an entire business ecosystem for the enterprise.
This guide covered a large portion of Office 365, familiarising users with the general user experience. Readers learned about a range of possible problems and potential solutions, giving them a realistic picture of what to expect while using Office applications.
Potential users must decide whether they want to pay the subscription price for the Office 365 suite and its accompanying features while considering their individual needs. The list of considerations influencing the decision includes the number of devices and users that need access to the software. Readers were also advised to consider how often they have bought Office upgrades in the past (if at all) to gauge whether the open-ended cost of the Office subscription provides sufficient value to rule out the traditional licencing model.
The ability to work from multiple locations using different devices ranks among the top reasons for choosing the Office 365 subscription. Businesses that depend on having the latest software updated with security and user features will need the subscription, as will those who must have the ability for multiple users and teams to collaborate and communicate.
By utilising the information found within this guide, individuals and businesses should be able to work more efficiently within the Microsoft productivity ecosystem and make informed decisions.