MS-100 Setup Microsoft 365 Tenancy and Subscription

May 25th, 2019 | Posted by admin in Exchange

We will see how to setup Microsoft 365 Tenant. Office 365 is a cloud-based service from Microsoft that offers access to Office applications like word excel and other productivity tools like Skype Online, Exchange Online and One Drive for Business online. Office 365 includes plans for use at home and business. Services available or enabled to you based on the subscription plan that you are choosing from Microsoft.

If you are already using Windows 10 Enterprise, Office 365 E3 and Enterprise Mobility + Security E3 / E5 then you can skip this as you are already using the M365 workloads.

This topic is all about setting up the Office 365 tenant and Subscriptions.

Configure subscription and tenant roles and workload settings

  • Configure subscription and tenant roles includes the process of Sign up for Microsoft 365 Enterprise and managing the Roles for the Microsoft 365 Tenant Roles.
  • Microsoft 365 Enterprise Tenant is nothing but having Windows 10 Enterprise, Office 365 & Enterprise Mobile + Security.
  • You can be an existing customer already having the above M365 workload enabled in different forms. If you are new organization migrating to Office 365, you can approach Microsoft / Partner to subscribe for Microsoft 365 Enterprise tenant.
  • M365 subscription is like Signing up for the E3 or E5 trial and enable the services that is required for your tenant.
  • Tenant Roles management is required where you designate respective users are Global Administrator and others as designated administrator like Exchange Online Admin / SharePoint administrator.
  • M365 workload setting is enabling \ deploying the services like Windows 10 Enterprise, Office 365 (EXO, SPO \ OD4B & Teams) & Enterprise Mobile + Security to end users.

Microsoft 365 Subscription:

For home, we have three products as Office 365 home, Office 365 Personal and Office Home & Student 2016 for PC

For Business, Microsoft has three products as Office 365 Business, Office 365 Business Premium and Office 365 Business Essentials

For Enterprise, Microsoft has four products as Office 365 Pro Plus, Office 365 Enterprise E1, Office 365 Enterprise E3 and Office 365 Enterprise E5.

Microsoft 365 Enterprise E3 Subscription:

Most of the companies normally prefer Office 365 Enterprise E3 Plan because that has the required services that can operate an enterprise Organizations. Below services are included in Office 365 Enterprise E3 Plan

You can run the below command to check the service status.

(Get-MsolAccountSku | where {$_.AccountSkuId -eq ‘TenantName:ENTERPRISEPACK’}).ServiceStatus

Microsoft 365 Enterprise E5 Subscription:

Office 365 Enterprise E5 Plans includes all the servers available in Enterprise E3 Plans plus

Customer Lockbox, Advanced Data Governance and Security, Office 365 Cloud App Security, Power Bi Pro, Audio Video Conferencing and Fast Track deployment support.

Enterprise Mobility and Security Subscriptions:

Enterprise Mobility and Security E3 Subscription:

  • Azure Active Directory Premium P1 – AAD Premium P1 provides a secure single sign on to cloud and on-premise apps. MFA, Conditional access and advanced security reporting.
  • Microsoft Intune: Intune provides mobile device and app management to protect corporate apps and data on any device.
  • Azure Information Protection Premium P1: AIP Premium P1 provide encryption for all files and emails across cloud and on premises storage location. Cloud based files tracking can be achieved.
  • Microsoft Advanced Threat Analytics: ATA provides protection from advanced targeted attacks by using user behavioral analytics

Enterprise Mobility and Security E5 Subscription:

  • Azure Active Directory Premium P2: AAD Premium P2 provides AAD Premium P1 features + Identity and Access Management with advanced protection for users and privileged identities.
  • Azure information Protection Premium P2: AIP Premium P2 provides AIP Premium P1 features + intelligent classification and encryption for files and emails shared inside and outside organization.
  • Microsoft Cloud App Security: CAS provides enterprise grade visibility, control and protection for your cloud applications.

Microsoft 365 Tenant Roles:

Below Azure AD Tenant Roles available and we can designate respective admins roles for each service.

Tips: For existing Office 365 customers, if you are already using Windows 10 Enterprise, Office 365 & Enterprise Mobile + Security then you are already using Microsoft 365 Subscription.

Evaluate Microsoft 365 for organization

If you are new to Microsoft 365 Enterprise or to a specific product or feature, one of the best ways to gain understanding is to build it out yourself.

Existing customers may already setup those workloads and you know how to setup services. Microsoft 365 Services evaluation available for 30 days free retail. You can approach Microsoft to extend the trial to a max of 6 months.

Plan and create tenant

Understand the Microsoft 365 enterprise workloads and plan to enable the services required for your organization. Approach Microsoft or Partner to get the required subscriptions.

Start by registering the tenant with Office 365 Trial and add other workloads that is under Microsoft 365.

Creating Tenant is the same process that you sign up for the Office 365 Trial and Microsoft will assist you on adding the subscription to your tenant when you subscribe for a trail or purchase the subscription.

Upgrade existing subscriptions to Microsoft 365

Customer already using Office 365 like EXO and SPO can approach Microsoft / Partners to upgrade their existing services to Microsoft 365.

Approaching Microsoft or Microsoft Partner is the only available option to upgrade existing Office 365 subscription to Microsoft 365.

Monitor license allocations

License will be assigned on the individual account and we have an option to use group based licensing where assigning the license on a Group will assign the license to all the members of the group.

Group can be Security group or an Azure AD Dynamic Group. Dynamic Groups in Azure AD run rules against user object attributes to automatically add and remove users from groups

Azure AD Audit logs can be used to monitor who changed the license on the Group enabled with license.

To assign license using PowerShell

Set-AzureADUserLicense -ObjectId “” -AssignedLicenses $licenses

Tips: Azure AD PIM required Azure AD P2 License / EMS E5 license, which includes Azure AD P2

Conditional Access Policies included in Azure AD P1 / EMS E3, which includes Azure AD P1

You can follow any responses to this entry through the RSS 2.0 You can leave a response, or trackback.

Leave a Reply