Microsoft 365 Business Premium, previously known as Microsoft 365 Business, is a subscription service packed with productivity and security management features. It’s designed specifically for organizations with fewer than 300 users, and it is more feature-rich than Microsoft 365 Enterprise E3.
In this article, I’ll show you how to set up Microsoft 365 from scratch. Then you’ll learn how to add new users and assign licenses, configure security controls, and finally how to enable Microsoft Intune for managing mobile devices.
The Microsoft 365 business suite of products includes Microsoft 365 Business Basic, Microsoft 365 Business Standard, and Microsoft 365 Business Premium. Each of these offerings targets the small to medium enterprise market, and they’re limited to a maximum of 300 licenses per tenant.
Cost-wise, Microsoft 365 Business Basic is the most affordable subscription priced at $6 per user per month. For approximately double the monthly fee, you can access Microsoft 365 Business Standard for $12.50 per user/month. Nearly double that cost again and you’ve got Microsoft 365 Business premium at $22 per user/month.
You can see a comparison of the three different Microsoft 365 Business plans below:
|Features||M365 Business Basic||M365 Business Standard||M365 Business Premium|
|Microsoft Teams collaboration||Included||Included||Included|
|Office Web Apps||Included||Included||Included|
|Office Desktop Apps||Included||Included|
|Microsoft Defender for Business||Included|
|Microsoft Defender for Office 365||Included|
|Enterprise Mobility & Security|
Azure AD Premium:
– Multi-Factor Authentication
– Conditional Access
– Self-Service Password Reset
– Mobile Device Management
– Endpoint Analytics
|Windows 10 Business||Included|
With the inclusion of Microsoft Defender for Business, Microsoft Defender for Office 365, and Azure Active Directory Premium Plan 1, Microsoft 365 Business Premium offers significantly more features than its cheaper counterparts.
It’s really easy to get started with Microsoft 365 Business Premium, as there’s a free 30-day trial that will give you full access to all the features you need.
In the following step, you need to determine the Username and Domain Name that will be used for you to sign into the new environment. The Username portion sits in front of the @ symbol. The Domain Name portion sits after the @ symbol and always ends with “.onmicrosoft.com”.
The Domain Name you choose must be globally unique. Microsoft will provide suggestions, but you’ll be able to change your domain at any time with your own customized domain.
Whilst this UPN is the method you, as the administrator, will use to authenticate to the new environment initially, it is not necessarily the format that my users will use to sign-in. As part of the tenant setup, we can configure a Custom Domain such as “firstcoffee.co.uk” to make user sign-ins more friendly.
Once you have settled upon a Username and Domain Name, just choose Save and choose a password.
Quantity and Payment is the next section. It’s important to understand that by continuing, you’ll be agreeing to a contract with Microsoft for the provision of the Microsoft 365 Business Premium service. Payment information is required as, unless you cancel the trial, it will convert until a 12 month paid subscription.
In the Quantity and Payment section, choose any number of licenses up to 25. As long as you choose a number up to 25, you’ll be eligible for the trial and no payment is required at this stage.
It’s worth noting that, regardless of the number of licenses specified here, 25 licences are provided for the duration of the 30 day trial.
Complete this section by adding a payment method and choosing Start Trial.
Unless you’re hoping to continue the use of Microsoft 365 Business Premium once the 30-day trial period is over, it’s important to complete a few steps to ensure you won’t be charged or begin a 12-month subscription.
When you reach the Confirmation details step, choose Manage your subscription.
From the Your Products page, choose the More actions option from the ellipsis menu, then choose Edit recurring billing.
By default, the recurring billing option is set to On, meaning renewal will be automatic and purchased 30 days from the start of the trial. Select Off at this prompt to ensure the trial will cancel after the initial free period.
Next, you need to confirm that the trial will expire by reviewing the updated Your Products page. Take a look at the Purchased Quantity and Subscription Status columns to check the trial quantity and expiration date.
With the trial now configured, we can assign licenses for up to 24 additional users in the Microsoft 365 Admin Center, in addition to our Administrative account. We’ll start by creating two test users and assigning licenses to them.
Our first test user is Jenny Tester, and the second one is Paige Tester. You can use these examples or create your own, either way, be sure to make a note of the credentials you set for future testing.
When completing the details for our first user, note the available options within the Domains dropdown box. We’re limited to the domain we set up when during the How you’ll sign in step earlier. We will update this once we’ve completed the setup of this user.
Once complete, our first test user will be available and have a license.
A domain is the portion of an email address after the @ symbol, or after “www.”. They are typically used to make it easier for you or your customers to find your specific web service or app.
You can add a maximum of 5,000 domains to your Microsoft 365 subscription, but you can’t add a domain that you’re already using in another Microsoft 365 or Office 365 service.
Here are the steps you need to follow to use a custom domain with your Microsoft 365 Business Premium subscription:
If you don’t connect your domain to Microsoft 365, your users will sign in to their apps and use email with their default “yourdomain.onmicrosoft.com” domain.
It’s easiest to add a custom domain before you add your users. Otherwise, you’ll need to update your users’ username when you connect your domain.
It’s possible that your domain registrar may be compatible with the Microsoft 365 domain verification process. GoDaddy, for example, supports automatic verification via the wizard.
When entering your domain, it is checked against the list of supported registrars. If supported, you’ll be asked how do you want to verify your domain.
Now that we configured our custom domain to use with our Microsoft 365 Business Premium subscription, we can change the primary email address and username of our test users.
Here’s how to do it:
Note: You don’t need to add an alias here. This will not change the user’s login username and would simply give them an additional address to receive email.
By default, all Microsoft 365 environments created after 2019 have security controls enabled by… default. Tenants created prior to this date will not have these security controls enabled automatically, though the option is available. The controls are available at no additional cost, and provide a great foundational layer of security.
The following security controls are enabled and managed by IT admins:
All users in your tenant must register for Multi-Factor Authentication (MFA) in the form of the Azure AD MFA within 14 days. Registration is limited to the Microsoft Authenticator app. After the 14 days have passed, users will be prevented from signing in until they have completed registration.
Administrators have a greater level of access to the environment and therefore require increased levels of protection. With default security controls, administrators must complete an Azure AD MFA challenge every time they authenticate.
Legacy authentication refers to an authentication request from:
Legacy authentication methods don’t support Multi-Factor Authentication, therefore they’re often used by attackers to bypass security controls. Default security controls in Microsoft 365 for Business will block all legacy authentication protocols for all users.
Whilst administrators are valuable targets for account compromise, attackers frequently target standard or low-privileged users. These are often less protected, but the information that can be gained from them can be valuable to an attacker when preparing for further attack.
Security Defaults will require all users to satisfy an MFA challenge whenever it is deemed necessary – this is determined by a number of risk factors such as location, device, role, and apps.
Intune is part of Microsoft’s full-featured Endpoint Management platform, Microsoft Endpoint Manager. It supports the management of Windows, iOS, Android, macOS, and Linux devices via Mobile Device Management.
Azure Active Directory supports multiple Mobile Device Management (MDM) platforms, but Intune is enabled by default. You can verify this by visiting the Mobility (MDM and MAM) blade in the Azure Active Directory Admin Center.
The Mobility screen lists Microsoft Intune and Microsoft Intune Enrollment in some cases. Choose Microsoft Intune in this case.
Confirm that the MDM user scope is set to All.
As mentioned at the beginning of this article, Microsoft 365 Business Premium is packed full of features – too many to describe them all in detail here.
Of all the features available within Microsoft 365 Business Premium, those that are security-related stand out the most. Features such as Microsoft Defender for Business, which is essentially a slightly more feature-rich version of Microsoft Defender for Endpoint Plan 1, brings enterprise-grade security to the small business market.
Similarly, Microsoft Defender for Office 365 is of great value, giving additional protection for email and collaboration over and above the standard protections built into Exchange Online. Finally, Azure Active Directory Premium Plan 1 brings the Azure AD Multi-Factor authentication capability, along with Conditional Access and Self-Service Password Reset.
Now that we’ve completed trial signup, created users and assigned them licenses, secured the environment, and enabled Intune, we’re ready to begin trying out some of the features of Microsoft 365 Business Premium. From here, it’s a good idea to get familiar with the capabilities of Microsoft Endpoint Manager (Intune) – take a look at our guide which covers Managing Windows Devices with Microsoft Endpoint Manager (Intune).