Getting Started with Microsoft 365 Business Premium

Microsoft 365 Hero 1 1280x720 2

Microsoft 365 Business Premium, previously known as Microsoft 365 Business, is a subscription service packed with productivity and security management features. It’s designed specifically for organizations with fewer than 300 users, and it is more feature-rich than Microsoft 365 Enterprise E3.

In this article, I’ll show you how to set up Microsoft 365 from scratch. Then you’ll learn how to add new users and assign licenses, configure security controls, and finally how to enable Microsoft Intune for managing mobile devices.

What’s included in Microsoft 365 Business Premium?

The Microsoft 365 business suite of products includes Microsoft 365 Business Basic, Microsoft 365 Business Standard, and Microsoft 365 Business Premium. Each of these offerings targets the small to medium enterprise market, and they’re limited to a maximum of 300 licenses per tenant.

Cost-wise, Microsoft 365 Business Basic is the most affordable subscription priced at $6 per user per month. For approximately double the monthly fee, you can access Microsoft 365 Business Standard for $12.50 per user/month. Nearly double that cost again and you’ve got Microsoft 365 Business premium at $22 per user/month.

You can see a comparison of the three different Microsoft 365 Business plans below:

FeaturesM365 Business Basic M365 Business Standard M365 Business Premium
Microsoft Teams collaborationIncludedIncluded Included
Office Web AppsIncluded Included Included
Office Desktop AppsIncluded Included
Microsoft Defender for BusinessIncluded
Microsoft Defender for Office 365Included
Enterprise Mobility & Security

Azure AD Premium:
– Multi-Factor Authentication
– Conditional Access
– Self-Service Password Reset
Intune:
– Mobile Device Management
– Endpoint Analytics
Included
Windows 10 BusinessIncluded
Microsoft Business Feature Comparison

With the inclusion of Microsoft Defender for Business, Microsoft Defender for Office 365, and Azure Active Directory Premium Plan 1, Microsoft 365 Business Premium offers significantly more features than its cheaper counterparts.

How to sign up for a 30-day trial

It’s really easy to get started with Microsoft 365 Business Premium, as there’s a free 30-day trial that will give you full access to all the features you need.

Initial steps

  1. Open the Microsoft 365 Business Trial signup page.
  2. Scroll to Microsoft 365 Business Premium and choose Try free for one month.
Microsoft 365 Business trial signup page
Microsoft 365 Business trial signup page
  1. On the signup page, enter any email address that does not currently have a Microsoft 365 subscription – this is just used for login verification. You’ll be setting up a new email address as part of the trial.
Enter any email address that doesn't currently have a Microsoft 365 subscription
Enter any email address that doesn’t currently have a Microsoft 365 subscription
  1. At the Let’s get you started prompt, choose Set up account.
After entering your email address, click on Set up account
After entering your email address, click on Set up account
  1. In the Tell us about yourself section, enter the required details and choose Next.
  2. Verify your information by completing the verification steps.

Specify how you’ll sign in

In the following step, you need to determine the Username and Domain Name that will be used for you to sign into the new environment. The Username portion sits in front of the @ symbol. The Domain Name portion sits after the @ symbol and always ends with “.onmicrosoft.com”.

The Domain Name you choose must be globally unique. Microsoft will provide suggestions, but you’ll be able to change your domain at any time with your own customized domain.

When combined, the Username and Domain Name form a User Principal Name (or UPN), which is often likened to an Email Address. In the example below, my UPN is “[email protected].”

You need to choose a User Principal Name (UPN)
You need to choose a User Principal Name (UPN)

Whilst this UPN is the method you, as the administrator, will use to authenticate to the new environment initially, it is not necessarily the format that my users will use to sign-in. As part of the tenant setup, we can configure a Custom Domain such as “firstcoffee.co.uk” to make user sign-ins more friendly.

Once you have settled upon a Username and Domain Name, just choose Save and choose a password.

Adding a payment method

Quantity and Payment is the next section. It’s important to understand that by continuing, you’ll be agreeing to a contract with Microsoft for the provision of the Microsoft 365 Business Premium service. Payment information is required as, unless you cancel the trial, it will convert until a 12 month paid subscription.

The Quantity and Payment selection screen
Quantity and Payment selection screen

In the Quantity and Payment section, choose any number of licenses up to 25. As long as you choose a number up to 25, you’ll be eligible for the trial and no payment is required at this stage.

It’s worth noting that, regardless of the number of licenses specified here, 25 licences are provided for the duration of the 30 day trial.

Complete this section by adding a payment method and choosing Start Trial.

Add a payment method and start the Microsoft 365 Business Premium trial
Add a payment method and start the trial

Remove the payment method from your Trial Subscription

Unless you’re hoping to continue the use of Microsoft 365 Business Premium once the 30-day trial period is over, it’s important to complete a few steps to ensure you won’t be charged or begin a 12-month subscription.

When you reach the Confirmation details step, choose Manage your subscription.

Choose Manage your subscription when you reach the Confirmation details step
Choose Manage your subscription when you reach the Confirmation details step

From the Your Products page, choose the More actions option from the ellipsis menu, then choose Edit recurring billing.

Choose edit recurring billing for your Microsoft 365 Business Premium subscription
Choose edit recurring billing

By default, the recurring billing option is set to On, meaning renewal will be automatic and purchased 30 days from the start of the trial. Select Off at this prompt to ensure the trial will cancel after the initial free period.

Toggle recurring billing to Off for your Microsoft 365 Business Premium subscription
Toggle recurring billing to Off

Next, you need to confirm that the trial will expire by reviewing the updated Your Products page. Take a look at the Purchased Quantity and Subscription Status columns to check the trial quantity and expiration date.

Check the trial quantity and expiration date for your Microsoft 365 Business Premium subscription
Check the trial quantity and expiration date

Configure trial users and assign licenses

With the trial now configured, we can assign licenses for up to 24 additional users in the Microsoft 365 Admin Center, in addition to our Administrative account. We’ll start by creating two test users and assigning licenses to them.

Adding new trial users

Our first test user is Jenny Tester, and the second one is Paige Tester. You can use these examples or create your own, either way, be sure to make a note of the credentials you set for future testing.

  1. Visit the Microsoft 365 Admin Center and browse to the Home screen.
The Microsoft 365 Admin Center Home screen
The Microsoft 365 Admin Center Home screen
  1. Under Your organization, choose Add a user.
Add a user on the Microsoft 365 Admin Center
Add a user on the Microsoft 365 Admin Center
  1. In the Set up the basics screen, enter the information for your first test user including the username and domain.
Enter the information for your first test user including the username and domain
Enter the information for your first test user including the username and domain

When completing the details for our first user, note the available options within the Domains dropdown box. We’re limited to the domain we set up when during the How you’ll sign in step earlier. We will update this once we’ve completed the setup of this user.

  1. Untick Automatically create a password.
  2. Choose a Password and choose Next.
  3. At the Assign product licenses screen, you need to ensure that the correct Location has been set automatically, then tick the box next to Microsoft 365 Business Premium.
Choose the correct location and assign the user a product license
Choose the correct location and assign the user a product license
  1. Complete the remaining wizard screens without making changes to the defaults.

Once complete, our first test user will be available and have a license.

Create a custom domain for easier login

A domain is the portion of an email address after the @ symbol, or after “www.”. They are typically used to make it easier for you or your customers to find your specific web service or app.

You can add a maximum of 5,000 domains to your Microsoft 365 subscription, but you can’t add a domain that you’re already using in another Microsoft 365 or Office 365 service.

Here are the steps you need to follow to use a custom domain with your Microsoft 365 Business Premium subscription:

  1. From the navigation pane, choose Setup.
Choose Setup from the navigation pane in the Microsoft 365 Admin Center
Choose Setup from the navigation pane
  1. Next, scroll to the Sign-in and security actions, then choose Get your custom domain set up.
Choose Get your custom domain set up
Choose Get your custom domain set up
  1. Review the user impact statement:

If you don’t connect your domain to ‎Microsoft 365‎, your users will sign in to their apps and use email with their default “‎yourdomain.onmicrosoft.com‎” domain.

It’s easiest to add a custom domain before you add your users. Otherwise, you’ll need to update your users’ username when you connect your domain.

  1. Choose Get Started.
image 23
Choose Get Started to connect your domain to Microsoft 365
  1. At the Add a domain prompt, enter the domain name that you would like to use. It’s important that you already own this domain before entering it here. If you don’t already own a domain, take a look at this guide to learn how to purchase one.
Enter the domain name you would like to use
Enter the domain name you would like to use

It’s possible that your domain registrar may be compatible with the Microsoft 365 domain verification process. GoDaddy, for example, supports automatic verification via the wizard.

When entering your domain, it is checked against the list of supported registrars. If supported, you’ll be asked how do you want to verify your domain.

  1. Choose to Sign in to [your registrar], and complete the wizard steps to verify your domain.
Choose Sign in to your registrar to verify your domain
Choose Sign in to your registrar to verify your domain
  1. Once your domain setup is complete, choose Done.
Domain setup is now complete
Domain setup is now complete

Update the primary email address and username of your users

Now that we configured our custom domain to use with our Microsoft 365 Business Premium subscription, we can change the primary email address and username of our test users.

Here’s how to do it:

  1. From the Microsoft 365 Admin Center home screen, choose Users, then select the user you’d like to modify.
  2. In the flyout menu, choose Manage username and email.
Choose Manage username and email of your user
Choose Manage username and email of your user
  1. Update the Primary email address and username to match your new custom domain.

Note: You don’t need to add an alias here. This will not change the user’s login username and would simply give them an additional address to receive email.

We've now changed the primary email address and username for this user
We’ve now changed the primary email address and username for this user

Understanding default security controls

By default, all Microsoft 365 environments created after 2019 have security controls enabled by… default. Tenants created prior to this date will not have these security controls enabled automatically, though the option is available. The controls are available at no additional cost, and provide a great foundational layer of security.

The following security controls are enabled and managed by IT admins:

Enforcing Azure Multi-Factor Authentication registration for all users

All users in your tenant must register for Multi-Factor Authentication (MFA) in the form of the Azure AD MFA within 14 days. Registration is limited to the Microsoft Authenticator app. After the 14 days have passed, users will be prevented from signing in until they have completed registration.

Forcing Administrators to use Multi-Factor Authentication

Administrators have a greater level of access to the environment and therefore require increased levels of protection. With default security controls, administrators must complete an Azure AD MFA challenge every time they authenticate.

Blocking legacy authentication for all users

Legacy authentication refers to an authentication request from:

  • Clients that don’t use modern authentication.
  • Clients using older mail protocols such as IMAP, SMTP, or POP3.

Legacy authentication methods don’t support Multi-Factor Authentication, therefore they’re often used by attackers to bypass security controls. Default security controls in Microsoft 365 for Business will block all legacy authentication protocols for all users.

Requiring all users to perform Multi-Factor Authentication when appropriate

Whilst administrators are valuable targets for account compromise, attackers frequently target standard or low-privileged users. These are often less protected, but the information that can be gained from them can be valuable to an attacker when preparing for further attack.

Security Defaults will require all users to satisfy an MFA challenge whenever it is deemed necessary – this is determined by a number of risk factors such as location, device, role, and apps.

Enabling Intune

Intune is part of Microsoft’s full-featured Endpoint Management platform, Microsoft Endpoint Manager. It supports the management of Windows, iOS, Android, macOS, and Linux devices via Mobile Device Management.

Azure Active Directory supports multiple Mobile Device Management (MDM) platforms, but Intune is enabled by default. You can verify this by visiting the Mobility (MDM and MAM) blade in the Azure Active Directory Admin Center.

Check the Mobility (MDM and MAM) menu in the Azure Active Directory Admin Center
Check the Mobility (MDM and MAM) menu in the Azure Active Directory Admin Center

The Mobility screen lists Microsoft Intune and Microsoft Intune Enrollment in some cases. Choose Microsoft Intune in this case.

Choose Microsoft Intune in the Mobility (MDM and MAM) screen
Choose Microsoft Intune in the Mobility (MDM and MAM) screen

Confirm that the MDM user scope is set to All.

Check that the MDM user scope is set to All.
Check the MDM user scope

Review Microsoft 365 Business Premium services

As mentioned at the beginning of this article, Microsoft 365 Business Premium is packed full of features – too many to describe them all in detail here.

Of all the features available within Microsoft 365 Business Premium, those that are security-related stand out the most. Features such as Microsoft Defender for Business, which is essentially a slightly more feature-rich version of Microsoft Defender for Endpoint Plan 1, brings enterprise-grade security to the small business market.

Similarly, Microsoft Defender for Office 365 is of great value, giving additional protection for email and collaboration over and above the standard protections built into Exchange Online. Finally, Azure Active Directory Premium Plan 1 brings the Azure AD Multi-Factor authentication capability, along with Conditional Access and Self-Service Password Reset.

Now that we’ve completed trial signup, created users and assigned them licenses, secured the environment, and enabled Intune, we’re ready to begin trying out some of the features of Microsoft 365 Business Premium. From here, it’s a good idea to get familiar with the capabilities of Microsoft Endpoint Manager (Intune) – take a look at our guide which covers Managing Windows Devices with Microsoft Endpoint Manager (Intune).