O365 M365 Companion Guide
O365 M365 Companion Guide
O365 M365 Companion Guide
INTRODUCTION ...............................................................................................................6
Adoption .................................................................................................................11
PowerShell ..............................................................................................................17
Migration .................................................................................................................20
Service Requests.....................................................................................................27
2
CHAPTER 5 – AZURE ACTIVE DIRECTORY.....................................................................28
Azure MFA................................................................................................................30
Publishing Applications..........................................................................................32
OneDrive .................................................................................................................36
Teams ......................................................................................................................37
Autodiscover ...........................................................................................................40
Mailbox Archive.......................................................................................................41
Shared Mailboxes....................................................................................................43
Distribution Lists.....................................................................................................43
3
CHAPTER 8 – ONEDRIVE FOR BUSINESS AND SHAREPOINT ......................................44
SharePoint ..............................................................................................................45
CHAPTER 10 – TEAMS....................................................................................................52
Using Teams............................................................................................................55
Extending Teams.....................................................................................................55
Planner....................................................................................................................57
Stream.....................................................................................................................58
Delve .......................................................................................................................61
Yammer ...................................................................................................................62
4
Data Loss Prevention ..............................................................................................66
Auditing...................................................................................................................68
CONCLUSION .................................................................................................................80
ABOUT ALTARO...............................................................................................................85
5
INTRODUCTION
Welcome to this free eBook on Office 365 and Microsoft 365 brought to you by Altaro
Software. We’re going to show you how to get the most out of these powerful cloud
packages and improve your business. This book follows an informal reference format
set in addition to links directing to supporting information and further reading if you
The intended audience for this book is administrators and IT staff who are either
preparing to migrate to Office/Microsoft 365 or who have already migrated and who
need to get the lay of the land. If you’re a developer looking to create applications
and services on top of the Microsoft 365 platform, this book is not for you. If you’re
a business decision-maker, rather than a technical implementer, this book will give
you a good introduction to what you can expect when your organization has been
migrated to the cloud and ways you can adopt various services in Microsoft 365
THE BASICS
We’ll cover the differences (and why one might be more appropriate for you than
the other) in more detail later but to start off let’s just clarify what each software
6
is an email collaboration and a host of other services provided as a Software
as a Service (SaaS) whereas Microsoft 365 (M365) is Office 365 plus Azure Active
Windows 10 Enterprise. Both are per user-based subscription services that require
Exchange Server or SharePoint Server on-premises is to drop the idea that O365
is just a hosted Exchange or SharePoint. Some years ago, this was true, and O365
was simply Microsoft hosting Exchange, SharePoint, and Lync servers in their
with Exchange Online and SharePoint online providing some foundational building
blocks for that platform but there are many other services built on top that you’ll miss
A case in point is Microsoft Teams, a collaboration product that uses Exchange Online
to store retained data and chats, SharePoint to store documents, Planner for
lightweight project management, and Azure AD for identity. All that complexity
is managed by Microsoft, and you simply administer Teams as just another service.
This also means there’ll never be a “Teams server” for on-premises; the required
building blocks are just too complex for most businesses to deploy.
The other thing to let go of, if you’re coming from an on-premises background,
is planning for software upgrades every few years. Upgrading Exchange Server,
7
as an example, can be a large project (depending on the size of your environment),
taking months to plan and execute. O365 is a different world with smaller updates
coming every day or week, and your job thus changes to assess these changes,
HOW TO KEEP UP
I have worked with Exchange Server since version 5.5 (1997), and have got used
to the cadence of a new version every 2-3 years. I bought books and read up about
all the new features and changes in preparation for the next iteration. That approach
Nearly all software projects (and definitely O365/M365) are now aiming at frequent,
incremental changes. This brings several benefits. First, each update is minor,
and no big project plan for the “upgrade” is required. Secondly, the developers can
adjust course and add new features based on user feedback much faster.
Instead of being able to plan for and learn about a large set of new features coming
in the next big release, new features are released daily, and you have to understand
these and help your organization take advantage of them. There are several ways
to manage this – depending on your learning style. Some people learn by reading,
others by listening, others by watching videos, whereas some people prefer to learn
by doing tasks themselves (although in reality, most of us learn best with a blend
of all of these).
Here are some resources to add to your toolbelt for keeping up with changes in M365:
The M365 roadmap lets you filter on O365, EMS (Intune + AAD Premium), and Windows 10.
Office 365 Change Management Survival Guide is a comprehensive guide with links
to many resources.
What's new in Microsoft Intune details the weekly updates in Microsoft Intune.
(see chapter 5)
features.
And finally, the Message center in the portal (chapter 2) shows a stream of what’s
changing and new features – click the Edit Message center preferences to customize
which services you get updates for and who should get emailed the weekly digest –
out or ideally when they’re in the preview phase. There are two tracks for updates
released in O365, Standard and Targeted. The former is the normal rollout cadence
while the latter ensures that you get new features as soon as they’re ready.
10
In the past, the recommendation was to have a small, separate test tenant for this
where the whole tenant was in Targeted, if you have the budget this can be useful.
Today it’s more common to define members of the IT team and power users in your
business with Targeted release for select users. There’s also an option to ensure
that your local Office ProPlus installation receives updates ahead of the rest of your
users.
ADOPTION
If your challenge is helping others in your business to get on board the O365 train,
Microsoft has a great community and resources available to help you, and if you need
help to continue driving adoption across M365 workloads, join the free Champions
Program. There’s also an excellent free edX course to make you a Microsoft Service
Adoption Specialist.
Another great resource is Fasttrack which provides migration guidance for every O365
and M365 tenant (and Dynamics 365 and Azure), if you’re on O365 and have 150+
seats you can converse with a migration expert online and if you have over 500 seats
you can have an engineer assist you in the migration (remotely) and also in
11
CHAPTER 1 – WELCOME TO OFFICE AND
MICROSOFT 365
In this chapter, we’re going to look at the different flavors of O365 and M365,
how to pick between them and what value they’ll provide to your business.
Correctly implemented O365 or M365 is an enabler for your business, making it easier
for your staff to work in teams and collaborate both internally and with external
people in a secure manner. Apart from picking the right flavor of O365 or M365,
the key to successful adoption is planning, end-user training and ensuring that
chapters. We’ll also use the term SKU a lot, it stands for Stock Keeping Unit and
Your first waypoint here is between Business and Enterprise SKUs. The former tops
out at 300 users so if you have a larger business (or is expecting to grow), stick with
To clarify – Office ProPlus is the name for the desktop applications such as Word, Excel,
etc. that are available for Windows and Mac – some SKUs include it, and some don’t.
On the other hand, all plans include Office Online (recently renamed to just “Office” –
12
not confusing at all), so Word, PowerPoint, etc - running in a browser. These online
On the business side, there’s Business, which gives you Office ProPlus on your PC
but only OneDrive in the cloud, not SharePoint or Exchange. Business Essentials
gives only Office (Online) but includes Exchange, OneDrive, SharePoint and Teams
in the cloud. And finally Business Premium provides Office ProPlus together with
On the Enterprise side (which is only a name - for example you could have five
lawyers in an SMB using Enterprise E5) there’s ProPlus which only gives you ProPlus
and OneDrive file storage but no other cloud services. E1 gives you Office (Online) and
Exchange, OneDrive, SharePoint, Teams, Yammer and Stream, E3 gives you ProPlus in
addition to E1’s cloud services and E5 adds PowerBI as a cloud service, along with
This page covers all the plans, including tailored versions for education, government,
The most important point is that the different SKUs within each family aren’t mutually
exclusive. In a small manufacturing business, you may have the factory workers on
Business Essentials, the office staff on Business and the executives on Business
Premium and in a larger business, users would be spread across E1, E3 and E5 licenses.
13
FLAVORS OF MICROSOFT 365
Building on top of the O365 plans above, M365 adds Windows 10 Enterprise, Intune
and Azure Active Directory Premium. For Business, there’s only one flavor, M365
Business, which adds security features, device management, and policy enforcement
from Intune on top of O365 Business Premium. Read more about what is included
in M365 Business.
On the Enterprise side, there’s F1 (for “Frontline” workers) which gives you Office
Analytics (ATA), Azure Information Protection P1 and Intune on top of O365 E1.
E3 adds Active Directory Premium P1, Advanced Threat Analytics (ATA), Azure
Information Protection P1, Windows 10 Enterprise and Intune on top of O365 E3.
Finally, E5 adds Active Directory Premium P2, Azure Advanced Threat Protection,
It’s tempting to think that “I’m a small business so I can save a few dollars with the
Business SKUs,” but you need to be aware of the limitations. Once you opt for the O365
or M365 Business plans you can’t add phone system (PSTN) calling or Data Loss
Prevention (DLP), eDiscovery and retention policies. Your OneDrive for Business
is also limited to 1TB per user in Business, whereas in Enterprise you can increase
14
Be aware that you can move licenses between different SKUs (both upgrade and
downgrade) and that you can upgrade Business SKUs to Enterprise SKUs.
This discussion has been around the full SKUs and what features they contain,
but it’s also possible to purchase individual features such as just Azure Active
of (some) of the users in your business you can tailor an exact package with just the
The summary of this chapter is not to assume that if you’re a small business you
should automatically opt for the Business SKUs. It’s important to investigate what
features will serve your business needs and don’t be afraid to mix different SKUs
15
CHAPTER 2 - MANAGING O365 AND M365
Once you have your tenant set up in O365/M365 you’ll need to manage it, in this
chapter we’ll show you the different interfaces you can use.
If you don’t have an O365/M365 tenant, please sign up for a trial tenant - simply click
“Try for free” under E3 or E5. These trial tenants only last for 30 days, although you
WEB PORTALS
For both O365 and M365 the main portal is admin.microsoft.com, which you can also
reach from www.office.com, by clicking on the Admin tile. On the left-hand side are
links to manage Users, Groups, Billing and Settings, etc. and further down under
Admin centers are links to the individual portals for Exchange, Teams, SharePoint,
OneDrive and others. Depending on your SKU you will have slightly different links
show up.
Highlights for day-to-day work include the ability to multi-select users (Users - Active
users) and change their licensing for instance. You can manage invited external users,
that have had documents shared to them from OneDrive or SharePoint for instance
under Users – Guest users. You can restore a recently (30 days or less) deleted user.
16
You can also manage Groups and Shared mailboxes, like “sales@mycompany.com”
that is accessed by several different people and Resources such as Rooms and
Billing is the area where you can purchase additional licenses, manage your
Subscriptions and Payment methods and Support is where you lodge service
requests.
Settings is an area where you can configure different services and add-ins whereas
The Reports section has both usage and security reports while Health has two
important areas; Service Health shows you if there are any problems in the cloud
with your resources and Message Center has a list of updates and changes that are
coming.
Each individual Admin center lets you manage an individual service such as Azure
Active Directory or Flow. This site has updated links for most of the different portals
that you can access directly without going through the main portal.
POWERSHELL
For small tenants, you’ll probably never have to venture beyond the web portal,
but if you have large amounts of users, you’re going to want to automate common
17
True to form, Microsoft has a legacy way of doing this, the MSol or MSOnline module
and the newer AzureAD module. Not all legacy functionality (at the time of writing)
is available in the newer module. You can, however, have both modules installed on
For the older module start by installing the Microsoft Online Services Sign-in Assistant
Connect-AzureAD
Connect-MsolService
Get-AzureADUser
Which will give you a list of the users in your tenant. Full instructions are here,
18
Connecting with PowerShell
Once you’re connected there are many tasks that you may want to do and automate
such as managing user accounts and licensing, creating SharePoint sites and
migrations (chapter 3) and setting Skype for Business information. Note that several
To work around the issue of multiple PowerShell modules and connections, several
people have come up with various solutions - I’m partial to this function by Brad
Wyatt that you simply add to your PowerShell profile. It lets you pick which services
and Practices (PnP) team. You can find it here. The official SharePoint online cmdlets
are focused on creating / managing sites and users whereas the PnP cmdlets are
useful for working with artifacts inside sites that have already been created.
19
CHAPTER 3 - MIGRATING TO O365/M365
If you’re a new business this chapter won’t apply to you – simply create user accounts
in the cloud, join your Windows 10 devices to AAD and manage your iOS and Android
MIGRATION
Most businesses, however, have investments in existing on-premises technologies
and need to migrate to O365. This chapter will review your different options and
provide actionable ways of accomplishing it. Resources for the following migration
• Cutover migration
• Staged migration
• Hybrid migration
• PST-based migration
• IMAP migration
• Third-party tools
20
If you don’t have Exchange on-premises, i.e., you’re using Lotus Notes / Domino,
another email system, G Suite or another cloud email solution you’re looking
Most of the other migration methods rely on directory synchronization where your
on-premises AD accounts are synced to Azure AD, which we’ll cover in chapter 4.
If you’re still on Exchange 2003 or 2007 (which are no longer supported releases)
a Staged setup allows you to migrate mailboxes in batches, once you’ve configured
user’s Outlook profile to point to O365 when their mailbox has been migrated.
For smaller environments, the Cutover approach is the easiest. Microsoft talks
about this method for less than 2000 mailboxes (Exchange 2003+), but in the real
world it’s probably appropriate for 100-150 mailboxes or so, depending on internet
bandwidth. The idea here is that you move everyone’s mailbox from on-premises
If you’re on Exchange 2010+ and your plan is to move all mailboxes to the cloud over
a few weeks, consider the Express hybrid option. If you’re larger and are looking at a
a hybrid state for an extended period of time, and you need the ability to move
mailboxes from the cloud back to on-premises (offboarding) consider full Hybrid.
This provides rich co-existence with a unified Global Address list, sharing of Free/busy
calendaring information and mailbox moves that are seamless for end-users when
their mailbox has been moved. They’re just prompted to restart Outlook.
21
Hybrid Configuration Wizard
Microsoft’s documentation will point you to the O365 Hybrid Configuration wizard
(Portal – Setup – Data migration – Exchange) which you download from the O365
portal. It’ll step you through the individual steps you must take, depending on
the route you’re taking, including the hybrid flavors as well as Staged and Cutover.
IMAP migrations let you move from non-Exchange systems that support IMAP with
a limit of 500,000 objects per mailbox and a maximum email size of 35 MB.
22
If you have PST files with email on-premises you can migrate them to Office 365;
there’s even a PST Collection tool to track them down on your network and collect
them. If you have lots of them you can even ship them on disks to Microsoft.
Once you have completed your migration, you’ll need to consider your Mail Exchanger
(MX) DNS record which will have been pointing to your on-premises mail server and
You may also need to revisit your Autodiscover DNS records, which is how Outlook
and other email clients find the right Exchange server automatically.
23
CHAPTER 4 – SUPPORT AND
TROUBLESHOOTING FOR O365/M365
The biggest challenge for us in IT is the loss of control that the cloud brings.
If you have a problem on-premises with email you can check every part of the chain
to see where the problem lies. Once you have migrated to O365/M365 it’s now
a shared responsibility between you and Microsoft. In this chapter we’ll look at two
self-help tools that I use when there’s trouble and then look at how you open and
TEST CONNECTIVITY
For email and Skype for Business, connectivity is a common cause of issues.
Microsoft offers a free tool; Microsoft Remote Connectivity Analyzer (MRCA or RCA).
Outlook and Outlook Autodiscover functionality and both inbound and outbound
SMTP email, etc. Pick the test you need to perform and enter the required
information. Depending on the test you may need to enter a valid username and
password – I suggest resetting the password of this account after you’ve completed
the troubleshooting. The Captcha verification lasts for 30 minutes so that if you’re
doing several runs as you change values you won’t have to verify that you’re a human
every time.
The test output is comprehensive and should help you pinpoint the issue quite
quickly.
25
CLIENT-SIDE TOOLS
If the issue isn’t connectivity related and instead you suspect an issue on a particular
client device you should use the Support and Recovery Assistant for Office 365 (SARA)
which will help identify Outlook, Dynamics 365, OneDrive for Business and Skype
for Business issues as well as Office ProPlus problems. It’s a simple download (40 MB)
which you run on the affected device; it takes you through a few questions to track
issues (that aren’t due to a service side misconfiguration – see RCA), SARA is pretty
26
SERVICE REQUESTS
When you have exhausted the self-service options, click on the “Need help?” button in
the lower right-hand corner of the portal. Start by entering a description of your issue,
which might give you some results for common issues and their solution.
Once you hit enter the Contact support option at the bottom lights up. Enter your
contact information and preference between phone and email. You can also attach
screenshots or log files (up to five, each less than 25 MB), pick a time-zone and
In my experience, the support for O365 is very good and generally tracks down
the problem a lot faster than I would on my own searching forums and trying different
solutions.
Behind the scenes – if the support engineer needs access to a server that hosts your
data, they use a “lockbox system” where they apply for access, and a supervisor
approves the request for a limited time. If you’re on O365 / M365 E5 you may have
turned on Customer Lockbox, which will involve you in that process and you have
If on the other hand the problem is located on your end the support engineers can
use a remote desktop client (that you install) to connect to your server or client PC
27
CHAPTER 5 – AZURE ACTIVE DIRECTORY
Behind O365/M365 lies a directory which holds user accounts, groups and other
security constructs. While they have similar names, Azure Active Directory (AAD)
is very different when compared to AD on premises. In this chapter we’ll look at AAD
none of which are cloud friendly. AAD operates over HTTPS, can be accessed from
a REST API and supports modern authentication protocols such as Security Assertion
and OAuth for authorization. It also supports federation so you can connect it
There are three types of authentication that AAD supports: Cloud-based, Directory
synchronization and Single Sign-On (SSO) with AD FS. The first one is appropriate
when you don’t have AD on-premises (or you want to retire it), and you create
accounts in the cloud only. It’s definitely the one with the simplest setup.
The other two require you to link your on-premises AD to your AAD tenant through the
28
AAD CONNECT – YOUR UMBILICAL CORD
AAD Connect has had several predecessors over the years with different names –
if you find an installation using DirSync or AAD Sync make sure to upgrade to AAD
Connect as those tools are no longer supported. AAD Connect supports connecting
You can install the tool directly on a DC or on a member server. There’s no true
active/active HA option (yet), but you can set up a second installation of AAD Connect
on a separate server in Staging mode and do a manual failover if the primary server
AAD Connect will synchronize user and group accounts in OUs you select (or the
entire directory – not recommended) to AAD. You then assign licenses to those users,
NOTE: That this also means that on-premises is always the place to create
There are a few choices in how you handle passwords in AD. The simplest one
hashes, hashes them again with a modern algorithm and stores the hash of the hash
in the cloud. This gives your users SSO (even though technically it’s “same sign-in”
as the two user accounts are in two different directories). Another benefit of this
method is that Microsoft can alert you when credentials are found on the web/dark
web with accounts from your tenant where the passwords match.
29
If you’re adamant that your user’s passwords can’t be stored in the cloud (not even
agents on several (minimum 3, maximum 40) Windows Server 2012 R2+ servers
(no inbound ports required) and when a user signs in at www.office.com for instance,
AAD will verify that the correct password is given by communicating with your AD
Both PtA and Password hash sync optionally lets you enable Seamless Single Sign-On
(Seamless SSO) where the user logs on to AD and when they access www.office.com
The traditional way of not storing password hashes in the cloud is to use
AD Federation Services (ADFS). This is much more complex and requires several
servers to be set up on-premises (or as VMs in Azure) but does offer more flexibility.
federation with O365 is not a huge project, but if you’re just using it for SSO to O365
AAD Connect will deploy AD FS for you as part of the setup wizard for a basic
deployment.
If your business is already using the third-party Identity service Ping, know that
the AAD Connect wizard offers Ping Federate as an option during installation.
AZURE MFA
One of the best things that AAD unlocks is the easy set-up of Multi-Factor Authentication
(MFA) for logins. Passwords are one of the weakest links in today’s IT landscape,
and the majority of the breaches we see are due to someone’s credentials being
This drastically reduces (by 99% according to Microsoft) the success of credential
attacks.
MFA can call your phone, send a text message with a code, or send a
As a baseline (and Microsoft literally has this as a baseline for new tenants today) all
etc.) MUST use MFA. This is free at all tiers of O365, is simple to set up, and the user
experience is relatively seamless if you install the app on your smartphone. If you’re
point but to maintain a good security posture, this step is non-negotiable – all
administrators MUST use MFA. As an aside I’ve been using MFA for my own business
tenant and all my client’s tenants that I administer for several years now.
Enabling MFA for your end-users requires some planning and end-user training.
The level of tech familiarity your users have and whether they’re normally working
from corporate offices influences what version of MFA you should implement.
Administrators always get MFA for free, if you’re on the Business SKUs MFA it is built-in
but both lack the advanced features that AAD Premium P1 (M365 E3) or AAD Premium
P2 (M365 E5) offer. These include One-time bypass, MFA for on-premises applications
and most critically Trusted IPs; which lets you define corporate office
31
Note that all MFA levels let you (if you allow this feature) remember MFA on a trusted
device for a set number of days (7-60). If a user has logged on to a device and
successfully performed MFA, they won’t be prompted on that device for the time
period and if the device is lost or stolen either the user or you can “un-trust” these
devices easily.
PUBLISHING APPLICATIONS
One of the most powerful features of AAD is the ability to publish applications (third
party and on-premises) to your end-users. These show up right next to the normal
32
Take a corporate Twitter account for instance, where several users have the username
and password to send tweets on behalf of the company. Not only will you need
to reset the password as soon as someone leaves the company (you don’t want them
tweeting after they’ve been fired) but you have little control over who else that
password is shared with. If you publish Twitter through AAD, and create an AD group
to put users in that should have access, you simply add a user to that group,
they’ll automatically have access to Twitter without ever knowing the password
and once they leave the company and their account is disabled they can’t access
it any longer. For some out of the 3200+ applications supported out of the box you
can even configure automatic provisioning so that when you add a user to the AD
PREMIUM FEATURES
AAD P1 doesn’t just unlock more MFA features, it also allows you to ban commonly
to reset their own passwords when they have forgotten them, integrate MFA with
Conditional Access and let users register for both MFA and self-service password reset
The P2 level adds the full experience of AAD Identity Protection where you get reports
and can block authentications based on the risk level of the user account and then
sign in or even trigger an “extra” MFA prompt based on the risk profile of the
authentication attempt. P2 also lets you enable Privileged Identity Management (PIM)
where you convert all administrative accounts to eligible accounts and users have to
33
Both P1 and P2 unlocks another powerful feature in AAD, Conditional Access.
This lets you build policies around application access (both cloud an on-premises
applications) based on the user account and what groups they’re a member of,
which application they’re accessing, the state of their device, their location,
the sign-in risk and which type of client application they’re accessing it from.
These “if this – then do that” rules greatly enhance the security of your data
by managing all the risk factors affecting identity and access in M365.
Such as making sure they’re given the right licenses, are added to the right groups,
and when it comes time to disable the account, the right steps are followed.
For a smaller O365 or M365 tenant chances are you’ll never even need to go to the full
Azure AD portal and instead you’ll just do your user management in the O365/M365
portal (chapter 2). It’s a good idea, however, to explore the “full” AAD portal over
at https://aad.portal.azure.com.
34
CHAPTER 6 – CLIENTS
There are many pieces of software you can use to connect to M365/O365.
In this chapter, we’ll look at these and how you manage them from a governance
point of view.
DESKTOP CHOICES
Microsoft recommends the latest version of Chrome, Edge, Firefox or Safari
If you have the rich Office desktop client installed all supported versions should work
with O365 but using the ProPlus version for both Windows and Mac that’s included
with Business Premium and E3+ is preferred. You can control which users get the
normal release (Semi-Annual Channel (SAC) / twice a year) and who gets the Monthly
channel for the most up to date flavor of Office as well as who gets to test the SAC
before it’s broadly rolled out with the Semi-Annual Channel (Targeted) flavor.
If you really want to live on the edge, you can enroll in the Office Insider program
If you have a large number of users, you may want to disable the option for users
add-ins – Office software download settings) and instead distribute it using a file
share. You’ll need the Office deployment tool and to edit the XML file that controls
35
the installation and available Office components you use https://config.office.com/.
Outlook Web App (OWA) or Outlook for the web deserves special mention as it’s
extremely capable and not a “watered down” version of Outlook that runs in
a browser. In fact, Microsoft often tests new features and approaches in the web client
because they can deploy changes much quicker. You can use OWA policies
You can control which protocols users can use to connect to Exchange with Client
Access Rules.
MOBILE CHOICES
For many years the preferred way of connecting to Exchange Online for email was
to use ActiveSync, a protocol that both the mail client on iOS and Android supports
(sort of – not all features were supported by each vendor). Over the last few years
Microsoft instead recommends using the free Outlook client app which lets Microsoft
introduce new features much faster, without having to wait for Apple or Google
to catch up. This app has been steadily growing in capability, including the ability
to connect to Gmail and other email services and is now used by over 100 million
people.
ONEDRIVE
There’s a legacy client (Groove.exe) for syncing your OneDrive files. Today it should
can control its behavior using this Group Policy template. If you want to make sure
that OneDrive is only used on Domain joined PCs you can configure this in the admin
portal https://admin.onedrive.com.
TEAMS
The Teams application is Microsoft’s all-in-one collaboration client with support
for instant messaging chats, group chats, voice calls, video calls and if you have
the licensing, PSTN calling to and from normal phones. Teams is replacing Skype
for Business and starting in early 2019 the client is automatically installed when
you install ProPlus. If you need to deploy it manually using your favorite software
NETWORK CONNECTIVITY
A lot of internet traffic today uses HTTPS – encrypted HTTP, including all the
client-to-service traffic for M365. This is good for security, but many businesses
have implemented proxies that intercept HTTPS traffic for decryption and checking
for policy adherence which will considerably slow down your user’s experience
of O365/M365. If you have a large deployment you need to consult with your
networking/security teams and get them on board with the concept that not all
internet traffic is the same from a risk point of view and make sure they exempt
37
CHAPTER 7 – EXCHANGE ONLINE
Email reamins the lifeblood of business communication, even in this age of instant
messaging with Teams and Slack and numerous other communication tools.
It’s the lowest common denominator – the one tool that you can always use to reach
someone if you’ve got their email address. And email is a commodity – every business needs
it, but no business is going to be more competitive by being “better at it” than another.
from what you have today to the cloud, because of Microsoft’s large, existing footprint
If you have Exchange 2013+ on-premises, you can pick any of the migration
The full hybrid option lets you continue running your on-premises infrastructure
for as long as you’d like and move mailboxes in batches to the cloud on your own
schedule. You can even move mailboxes back to on-premises should the need arise.
As you’d expect there are many fine details to manage in a hybrid setup, including
38
BACKUP AND NATIVE DATA PROTECTION
One thing to realize about O365 is that Microsoft is going to make very sure that
you don’t lose your mailbox data which they do through the native data protection
in Exchange – keeping three copies of your mailbox data on separate servers, along
with a “lagged copy” (behind in time, for instances where the data is corrupted rather
They DON’T, however, keep backup copies of your data going back into the past
which may or may not be an issue for your business, depending on your regulatory
needs. There are several third-party services on the market which will do backups
of your Exchange and SharePoint online data. Altaro has a great solution for O365
backup, both for businesses and for Managed Service Providers (MSPs).
When you delete an item (email, calendar appointment, contact, etc.) in Outlook it’s
moved to Deleted Items. If you then empty deleted items (or delete a particular item)
it’s still recoverable for up to 30 days by default (14 days for mailboxes created before
2017) – go to the Deleted items folder and click on the blue link “Recover items
recently removed from this folder.” You can increase this time period up to 30 days.
AUTODISCOVER
Whether your Exchange server is in the cloud or on-premises it’s important that client
applications can find it – this is the job of the Autodiscover records in DNS.
There are a number of other DNS records required for O365 – find them in this article.
If you have a hybrid Exchange deployment, the Autodiscover records need to point
Mailbox Server.
MANAGING MAILBOXES
There are many tasks associated with mailbox management; one of them is quota
and E3+ have 100 GB quotas with unlimited archive mailboxes. The difference
between a mailbox and an archive mailbox is that the archive is only available when
you’re online. You can control how much mailbox data is stored offline on each device
40
Outlook offline cache setting
If you’re migrating large mailboxes to Office 365, ensure they’re smaller than 100 GB,
In the Exchange console, you can configure settings for a mailbox such as adding
email aliases, see quota usage, control which clients (OWA, Unified Messaging)
and the protocols (EAS, MAPI, IMAP, and POP) the user can use, message retention
and mailbox delegation. This last option lets you configure other users to Send As this
user, Send on Behalf where the recipient can clearly see that the email is sent
41
MAILBOX ARCHIVE
As mentioned earlier you can enable an Archive mailbox for mailbox content which
stopping users from adopting PST files as an archiving solution. Note that archive
folders are not available offline and not through EAS mail clients. The Outlook mobile
client (iOS and Android) also cannot access Archive mailboxes. You can enable
Set-OrganizationConfig -AutoExpandingArchive
You can also enable dynamic Archives on a per user basis. Note that the Archive folder
that’s created in a mailbox when you right-click an item and select archive
MAIL FORWARDING
Be aware that users can set up their mailboxes to forward mail to an external email
address (optionally delivering to both inboxes). This is something you should keep
an eye on because while there may be legitimate business reasons to forward mail,
it’s also a favored attack vector for hackers where they silently can monitor traffic
and then use that for various nefarious purposes. There’s a report in the Mail Flow
42
SHARED MAILBOXES
There are times when you’d like a mailbox that doesn’t “belong” to a particular user
such as sales@ or support@ where you have a team of users accessing the same alias.
As long as the Shared mailbox doesn’t have a larger quota than 50 GB or uses
an Archive mailbox, it won’t consume a license. It’s also one option for handling staff
that have left your company while you still need to monitor their email for incoming
to the appropriate staff will free up the license to assign to another user.
and the Offline Address Book (OAB). A contact is a pointer to an email address
but the user as O365 credentials to be able to access SharePoint Online or OneDrive
sharing such as Teams, Planner and others use Azure Business to Business (B2B)
DISTRIBUTION LISTS
Grouping email addresses together to facilitate communication with teams of people
is something that email systems have been doing for decades – in the Exchange
Online Admin Center (EAC) you can create Distribution Lists (DL). Note that the default
is to create an O365 Group instead and in fact, Microsoft is pushing to replace DLs
Sharing files and providing as intranet platform is a core part of O365, in this chapter
we’re looking at OneDrive for Business (OD4B) for personal file storage and sharing
document storage; 1TB for most SKUs. This quota can be increased for all users
Once you store files in OD4B, you can access them from any device, through clients
for Android, iOS, Windows, macOS, and a web interface. There are some limitations
on file names, types and sizes to be aware of. The OD4B sync client lets you see all
files on a device that you have synced, they can be in an Online-only state where
you see them, but they’re not actually present on the device. When you open such
a file, it’s downloaded and cached and thus locally available. A user can also pick
44
Cloud only local and pinned files in OD4B
You can restrict synchronization to only domain-joined devices. To help users manage
the contents of common folders you can use Known Folder Move (KFM) to synchronize
the content of the Desktop, Documents and Pictures folders to OD4B and thus
between devices.
SHAREPOINT
If you’re an on-premises SharePoint administrator, you’ll be familiar with managing
the underlying infrastructure of your servers as well as the complex web of sites and
document workflows that end users consume on top of it. If you’re only using
SharePoint in the cloud, you’ll likely have a very different experience where you see
(Teams, Groups, Planner) and perhaps as the platform for your company’s intranet.
The building blocks in SharePoint are sites where content is stored. You can control
the layout, theme, navigation, and security with classic and modern flavors. If you’re
starting out or creating new sites, Modern sites are the way to go, and there are a few
45
different types available such as Communication sites, Team sites, and Hub sites.
Part of a larger vision for SharePoint, the modern sites and pages are very useful
as they adapt to screen resolutions across smartphones and large computer screens.
Search lets you find sites, files (including OneDrive for Business files), people and
news content and if there are pictures in the content, Artificial Intelligence (AI) will
have extracted metadata. Additionally, text content (if present) from those images
Apps are add-ins/Web parts that expand the functionality of sites and Site
Be aware of the limits of SharePoint Online, particularly the total storage available
which is 1TB + 10GB per license purchased. The SharePoint admin center also comes
in a modern and classic flavor, with the former being rolled out to everyone
46
Also worth mentioning, search is an area that you want to spend some time
customizing so your end users have a good experience. Sharing is another area
that you want to control as how users can share content internally and (critically)
to O365 is the job of the SharePoint Migration Tool, as well as numerous third-party
services. If users accidentally delete files or ransomware has encrypted stored files
you can use the Restore Files interface to restore files and folders or entire libraries
from up to 30 days in the past. If you need more retention than 30 days, you’ll have
to use a third party such as Altaro Office 365 Backup. There’s also the Recycle bin
(93 days retention) for individual file restores and Restore Files for OneDrive, but it
only restores deleted items as they were. It is not designed for point-in-time recovery.
48
CHAPTER 9 - OFFICE 365 GROUPS
O365 Groups are a basic building block. In this chapter, we’ll look at the different uses
of them.
GROUP TYPES
An area that often confuses new O365 administrators is the different types of groups,
and can also be emailed which will mean all members will receive a copy
of the email
While you can create Office 365 Groups directly, you’re more likely to interact with
them as a building block, providing a single identity for all of O365, that services
such as Teams, Yammer, and others use. In addition, Outlook can use O365 groups,
SharePoint Modern Team sites are built on them, and Stream and PowerBI use them
to control access.
49
If configured thus, you can write O365 Groups back to your on-premises AD where
they manifest as distribution groups. You can’t nest O365 Groups into other groups,
and they can only contain actual O365 user accounts whilst Exchange Distribution
groups can contain user accounts, mail-users, and contacts (see chapter 7).
Unless you’ve changed the defaults, any user in your tenant can create an O365 group
which could lead to governance issues. You can instead designate users who can
create groups. You can also use various policy settings to control O365 Group behavior
in your tenant, such as expiration policies to manage the lifecycle of groups and
50
SHARING GROUP RESOURCES
It’s easy to share content from within an O365 group with external users. O365 groups
are effectively a shared repository of historical content. Anyone who is a member can
see all the content going back to when the group was first created. Each licensed user
in your tenant gives you five B2B guest licenses, and (currently in preview) you can
use one-time passcodes for external guests who don’t have a Google, Microsoft
Note: that guests have full access to all group content by default.
You can control which domains external users have to be (or can’t be from)
CREATING GROUPS
Today, when you create a group it’s private by default, meaning the Owners
of the group must approve a request to join. You can also make a group public where
anyone can join. You can change the tenant default which will ensure new groups
are public or you can change the group type after you’ve created it. Each group can
have up to 100 owners and over 1000 users, and individual users can create up
to 250 groups. Like other constructs in O365 you have 30 days to restore a group
once it’s been deleted while individual documents are housed in the SharePoint
To wrap up this section, Dynamic groups are worth mentioning. Dynamic Groups
are a neat way to ease the administrative overhead of managing group membership
manually, based on queries of AAD attributes. Although you should be aware that
business communication but without a doubt Microsoft’s Teams (which just turned
two years old) is the best yet. In this chapter, we’ll see what Teams can do for your
MEET TEAMS
A lot of development is going into Teams to make sure it’s the best place for groups
of people to work together. Here’s the glossy vision. If your business is accustomed
o using email as a collaboration tool prepare for some pushback as you start moving
A Team can have up to 5000 users, but in my experience, it works best with smaller
teams (up to say 50). There are client applications for Windows, Mac, iOS, and Android,
as well as a web-based interface. Like many things in O365 there are two components
to successful adoption, the technical side, and the user training side.
52
Teams Admin Center
Note: Skype for Business Online, which in some ways was the predecessor
to Teams, is being retired with a final date of July 31st, 2021. The on-premises
MANAGING TEAMS
Your main interface is the Teams portal, and there’s a PowerShell module available
for that as well. Underneath each Team is an O365 Group (chapter 9) with the chat
messages stored in Azure table storage, shared files in the Team’s SharePoint library
and personal files in each user’s OD4B. Voicemail and calendars are stored in each user’s
Exchange mailbox, with meeting recordings getting stored in Azure media services.
53
If you’re in a larger business, make sure to plan for governance of Teams early in your
deployment. Visit your Tenant’s Team’s Guest access settings to make sure you have
Each Team has a default General channel, and you can further create channels
to organize communications. Within each channel you can add tabs for Planner,
OneNote, PowerBI, Stream, Wiki, websites and third-party apps. You can turn on
Moderation for a channel in a team and pick who has to approve messages before
54
USING TEAMS
If you’re used to communicating via email here are some guidelines to be effective
with Teams. Use @ mentions to draw something to the attention of a specific Team
member (@AndyS), a channel or a whole team. Be generous with your Praise when
someone does something good for the Team, and if you want to acknowledge
a message just “Like” it, instead of adding to the noise with a text-based reply.
When you’re about to type something new – check if there’s already a thread related
to it and add to that instead, and use the text styling (or a GIF / Sticker / Meme) when
you want to get your point across and Sad, Angry or Happy reactions to contribute
EXTENDING TEAMS
You can also use Teams to make voice and video calls to other people in the Team and
if you add PSTN calling you can have Team be a softphone client to make and receive
phone calls from the phone network. Note that this is not available in all regions of
the world as Microsoft in effect has to be a telecom provider for PSTN calling to work.
You can further extend Teams with Bots that can interact with your users naturally
through chat or a notification bot that can push relevant information to your users.
On top of PSTN and Bots, teams can be enhanced with a wide collection of app
55
Teams Third-Party Add-Ins
With the advent of Slack (Team’s main competitor) and Teams, many people have
(again) proclaimed the death of email. As usual we tend to see the new technology
as a direct replacement for the old while the reality is more nuanced. I find Teams
more efficient for group-based work, the sharing of files and communication is far
superior to email but communication outside of projects I’m involved in still totally
relies on email. And you can use email to send messages to a channel in a Team.
One feature I find really cool is the ability to translate (just click the ellipsis) written
text to over 60 languages, which is highly useful for those organizations that span
56
CHAPTER 11 – OTHER OFFICE 365
APPLICATIONS
There are many other applications and services in the O365 portfolio.
PLANNER
Microsoft has had Project for large scale project management for many years,
but for small to medium undertakings it’s overkill (there’s a steep learning curve),
and this is where Planner shines. If you’ve ever used Trello, you should be comfortable
There’s a web-based interface, along with iOS and Android clients but no PC client.
If you add a Planner tab to a team, you can create a new plan or attach an existing
one. You organize tasks into buckets, assign tasks to different people and track
progress of those tasks. Tasks can also be viewed in a Schedule (calendar) view,
Other task management offerings from Microsoft includes To-Do (mobile, web,
57
A Plan in Planner
STREAM
This is the best way to share video inside your company, and it’s in many ways similar
to YouTube. There are clients for iOS and Android and a web interface, but currently
there’s no licensing in place for sharing videos with people outside your tenant,
When you upload a video, it’ll be processed, and if the people in it are speaking
English or Spanish it’ll automatically generate captions which are searchable through
Stream making it easy to find the right video. It’ll also attempt to recognize people
in the video and if successful will list those people with the video information.
Teams use Stream when you record a meeting or when you run a Live Event
58
KAIZALA
with poor connectivity; integration with Teams is coming. Think of this as a managed
version of WhatsApp.
POWERBI
Visualizing data is important for any modern business who wants to be data-driven
and PowerBI is Microsoft’s answer. There’s a desktop client where you build your
depending on what you’ve built and whom you want to share it with.
It is, however, a lot of fun to use, and the results can be extremely useful for many
PowerBI Dashboard
59
FLOW
having to write code. Simply drag in actions, connect them to external systems,
and schedule them to run regularly or be triggered by an event. There are lots of
templates to help you get started as well as connectors to hook into Microsoft and
Flow Templates
POWERAPPS
Ever wished you could equip your staff with a custom mobile app to gather or access
data in the field but realized the development costs were too high? PowerApps is the
that connect to SharePoint, Excel, O365, Dynamics 365 or SQL server on-premises
or in the cloud; or the Common Data Service platform. The resulting app runs on iOS,
60
PowerApps Templates
DELVE
Delve is an application that trawls through SharePoint Online and OD4B data and
It also replaces the user profile that’s used in SharePoint Online to find who’s good
at what in a business.
Delve interface
61
YAMMER
Before Teams, the only way to do “social networking” inside of O365 was Yammer,
think of this as Facebook for your internal business (with invited external guests).
The reality today is that if you’re just getting started, Teams is a better bet than
Yammer unless you’re a very large business where Yammer still has the upper hand
over Teams.
62
CHAPTER 12 - SECURITY FEATURES IN O365
In the early days of cloud computing, there was a lot of concern around the security of
data moved to “someone else’s datacenter.” I think it’s clear to most CIOs today that
the big providers do a much better job of IT security than most businesses can do (or
have the budget to do). Their incentive is also just as strong; if a large breach
happened it could affect many thousands of businesses which could have a huge
impact on their credibility and reliability, and so they spend a ton of money on
That doesn’t mean, however, that you can leave it all to Microsoft. There are some
areas that are still your responsibility, such as the endpoints that your users use
to access cloud services (which are always the most vulnerable parts of any
with O365 and user provisioning and de-provisioning. There are also many security
controls in O365 that you need to customize to suit your business, where you and
Microsoft share the security responsibility. In this chapter, we’ll look at these controls
Note: Don’t forget about AAD Premium P1 & P2 which you can purchase
in chapter 5.
63
MICROSOFT THREAT PROTECTION
If you’ve been confused by the number of “Advanced Threat Protection” (ATP)
products Microsoft have in O365 you’re not alone, and the umbrella term of Microsoft
Threat Protection doesn’t really make it any clearer. Here’s a short rundown
• Office 365 ATP – This provides protection for emails, SharePoint sites,
with your Security Information and Events Management (SIEM) tool and
Cloud App Security (MCAS) – a cloud-based cloud app security broker; Azure Security
Center and Azure Active Directory. We’ll cover some of these in this chapter and some
in chapter 13.
Once a document has been labeled you can use AIP or OME to protect it (see below),
This underused gem offers the ability to protect documents, no matter where they live.
level but as soon as a document is emailed to someone, or stored on a USB drive, that
control is lost.
65
With Azure Information Protection (AIP) you can set up labels and rules that encrypt
documents, and that carry their user access with them so that no matter how they’re
shared, only the right people have access. There’s AIP for O365, included with O365
E3/E5 and AIP for M365 E3/E5, see here for a feature list in each flavor.
If you’re getting started with AIP now, use the new unified labeling client.
It’s important to configure superuser accounts so that you can access documents
when a user leaves the company and to be especially careful when customizing
templates for AIP as recipients outside your organization may not be able to access
those, and therefore not be able to access the document you’ve sent them.
you can use O365 Message Encryption to send emails to anyone and know that only
that person can access that email. Like AIP you can also set up rules so that emails
with specific information in them (credit card numbers, social security numbers)
them when they’re about to share sensitive data through email, SharePoint Online,
OD4B, or Teams. It can also be integrated with AIP as Microsoft continues the journey
66
EXCHANGE ONLINE PROTECTION
Exchange Online Protection (EOP) is the mail hygiene solution for Office 365 and can
(chapter 7). There are a few settings you can control for EOP as well as some
additional configuration you should consider for complete spam protection such
Reporting, and Conformance (DMARC) and Domain Keys Identified Mail (DKIM).
67
OFFICE 365 ATP
O365 ATP protections (available in O365 E5 or as standalone add-ons) give you
Safe Links checks that links in emails and Office files aren’t malicious at the time
when users click on those links. Anti-phishing detects attempts to impersonate users
AUDITING
One of the great features of the unified platform of O365 is the ability to audit user
68
At a minimum, you want to configure alerting on AAD actions. Go to the Security and
Compliance portal – Search – Audit log search and see all the different activities you
can audit and report on, as well as create Alert policies for. Prior to January 2019,
you had to enable mailbox auditing to see user actions in their Exchange mailboxes,
69
CHAPTER 13 – SECURITY FEATURES IN
MICROSOFT 365
There are many security tools in O365, but when you move to M365 you unlock
a whole new set of advanced features for securing your business. In this chapter,
we’re going to look at these tools, (except for Intune which we’ll cover in the next
AZURE ATP
With M365 E3 you get licensing for Advanced Threat Analytics (ATA), an on-premises
server deployment that’ll monitor your Active Directory environment and catch
attackers in various stages of the kill chain. This includes reconnaissance, lateral
movement, and domain dominance. With M365 E5 you can step up to Azure ATP
which does a very similar thing for your AD domains, but without having to deploy the
server infrastructure on-premises, only lightweight agents. The rest is taken care of by
the ATP cloud service. Both products are very good at catching attackers in your
Windows network, and this is certainly a feature you should consider for maximum
security.
70
CLOUD APP SECURITY
Back when all your users stayed in the corporate office, all you needed to protect
them was a good firewall but in today’s world of “work anywhere, on any device”
you need a new type of tool to protect them; a cloud access security broker.
Microsoft Cloud App Security (MCAS) is part of M365 E5 and protects your users
in real-time when they access cloud services. The catalog of over 16,000 different
cloud services give admins a way to discover and manage Shadow IT (cloud services
that users have provisioned without the IT department knowing) across your user base.
can use. But where do you start? How do you know what’s most important to attend to?
And wherein all the different portals (or PowerShell) do you go to configure each setting?
72
The answers to these questions are in the Secure Score portal, where you see
and can compare it to the global average across O365, the average for your industry
and for businesses of the same size. On the second tab you can see actions you
should take to improve your score, how many points each action will give you and the
Clicking on an action provides details as to what risks the control mitigates, which
compliance regulation it matches, the ability to click a button to go directly to the right
area to configure it and the option to tell the system that you have already mitigated
73
As you implement controls you score increases (it can take 24-48 hours), and you track
your progress on the History tab. Note that some controls are marked as “Not Scored,”
meaning that there’s no back end wiring for Microsoft to automatically detect that the
control has been implemented. Don’t let that stop you from improving your security,
as an administrator of O365, Secure Score is the BEST place to start improving your
I’d like to highlight another control (apart from MFA) that’ll gain you a quick win
to improve overall security – block legacy authentication. If you don’t have Office 2010,
older mail clients and Skype for Business deployed, turn this policy on which
available across O365 and M365. The sad truth is that most small to medium
businesses don’t implement nearly enough of the features they have already paid for,
and even large enterprises struggle to get these protections in place for all their users.
big time – most businesses are soft targets for the attackers.
74
CHAPTER 14 – INTUNE
M365 E3 and E5 bring you Intune, Microsoft’s Mobile Device Management (MDM) cloud
service. In this chapter, we’ll look at how it can help you manage devices
and PCs, mobile apps, protect company data and enforce security policies.
tablets, laptops) that are company-owned you can enroll them in Intune. This gives
you a great deal of control over the device, including the ability to manage settings,
apps and the option to wipe the device should it be lost or stolen. You can also use
Intune to manage OS updates for Windows devices, push out applications to devices,
configure Wi-Fi profiles and deploy certificates as well as block iOS jailbroken
If the device is a personal device, owned by the employee, they may not be comfortable
with enrolling the device so you can use Mobile Application Management (MAM)
75
iOS Compliance Policy in Intune
specific applications, with email being the classic example. Users want to access
business email on their personal smartphone so you put policies around it where
they can only use Outlook (free mobile app for Android and iOS) for example and
not the built-in mail apps. You can further protect corporate data so that a user can’t
copy business data to a non-business app (personal email app, etc.). If the device
is lost or stolen, you can wipe the corporate data off it while leaving personal photos,
etc. untouched.
76
Picking between MDM and MAM is going to depend on many factors such as your
userbase, your employment contracts, business and security needs and more;
make sure you spend some time in the planning phase to get it right.
PCs you can integrate Intune into your management workflow through co-management
to leverage the best of both worlds and prepare your environment for a gradual migration
to cloud management. Don’t confuse this with Hybrid MDM which is the older,
77
CHAPTER 15 – WINDOWS 10 ENTERPRISE
The last pillar of M365 is five Windows 10 Enterprise licenses for each user which will
a license assigned. In this section, we’ll cover what additional security features this
WINDOWS 10 ENTERPRISE
Enterprise adds Defender Application Guard, Defender Application Control and
Defender ATP on top of the security features you get in Windows 10 Pro. Application
Guard protects your users when browsing potentially malicious sites using Edge
Defender ATP is a fully-fledged Endpoint Detection and Response (EDR) tool for your
Windows and macOS devices, providing attack surface reduction and Machine Learning
78
Browsing in an Application Guard window
DirectAccess (DA) is a VPN that’s always on (if the device has an internet connection)
Whilst it’s not exclusive to Windows 10 Enterprise definitely look at Windows Hello
for Business to improve your user’s login experience as well as your security (Windows
Hello is a rare case of everyone wins in security) by moving away from passwords.
which extends the ability for Intune and SCCM to distinguish between corporate
and personal data on a Windows 10 device and build policies to stop sensitive data leakage.
79
CONCLUSION
as such we will be periodically updating this eBook to keep the information relevant
and up-to-date. Please visit the homepage of this eBook Office 365/Microsoft 365:
The Essential Companion Guide to ensure you have the latest version. If you have
feedback on any of the content included in this eBook, or you think there is something
We hope that this eBook and its links to further technical information will help guide
you on your journey to the cloud and once you have migrated, the continuing journey.
Good luck!
80
ABOUT THE AUTHOR
Paul Schnackenburg started in IT when DOS and 286 processors were the cutting
Paul writes in-depth technical articles, focused on Hyper-V, System Center, private
and hybrid cloud and Office 365 and Azure public cloud technologies. He has MCSE,
81
Altaro VM Backup - Trusted by over 40,000 SMBs
Altaro VM Backup for VMware & Hyper-V is hassle-free and affordable virtual machine backup solution.
Start your free trial today!
Virtual machine backup software packed with powerful features for VMware and Hyper-V.
View features
82
83
Altaro Office 365 Backup for MSPs
enables you to back up and restore
all your customers’ Office 365
mailboxes through a centralised
multi-tenant online console,
on a monthly subscription.
Developed for Managed Service Providers (MSPs), Altaro Office 365 Backup for MSPs enables
you to provide your customers with backup and recovery services for Office 365 mailboxes,
backing up their Office 365 emails to Altaro’s Microsoft Azure infrastructure.
Benefits of the Altaro Office 365 Backup for MSPs subscription program
www.altaro.com/office-365-msp
www.altaro.com 84
ABOUT ALTARO
Altaro Software is a fast-growing developer of easy-to-use backup solutions which
backs up and restores both Hyper-V and VMware-based virtual machines, built
specifically for MSPs and SMBs customers with up to 50 host servers. Altaro take pride in
their software and their excellent level of personal customer service and support, and it
shows. Founded in 2009, Altaro already services over 40,000 satisfied customers
worldwide and are a Gold Microsoft Partner for Application Development and
FOLLOW ALTARO
Like this eBook? There’s more!
Subscribe to our Hyper-V blog and receive best practices, tips, optimization guides and more!
Take your training to the next level on the Altaro Forums! Browse topics, read answers
85
PUBLISHED BY ALTARO SOFTWARE
http://www.altaro.com
All rights reserved. No part of this book may be reproduced or transmitted in any form
or by any means without the prior written permission of the publisher or authors.
but no warranty or fitness is implied. The information provided is on an “as is” basis.
The authors and the publisher shall have neither liability nor responsibility to any
person or entity with respect to any loss or damages arising from the information
FEEDBACK INFORMATION
We’d like to hear from you! If you have any comments about how we could improve
the quality of this book, please don’t hesitate to contact us by visiting www.altaro.com
sam@altarosoftware.com
86