Home > Sample chapters

Provisioning Office 365

In this chapter from Exam Ref 70-346 Managing Office 365 Identities and Requirements, learn the basic process of setting up an Office 365 tenancy. To master this objective you’ll need to understand some of the prerequisites, such as what you’ll need to think about before signing up for an Office 365 subscription, what an Office 365 tenant name is, what the different administrator roles are, and what to manage regarding tenant subscriptions and licensing.

Setting up an Office 365 tenancy is straightforward as long as you have a good understanding of what you need to have ready before you provision the tenancy, and what steps you need to take immediately after you provision the tenancy so that you can start seamlessly moving workloads into the cloud.

Objective 1.1: Provision tenants

This objective deals with the basic process of setting up an Office 365 tenancy. To master this objective you’ll need to understand some of the prerequisites, such as what you’ll need to think about before signing up for an Office 365 subscription, what an Office 365 tenant name is, what the different administrator roles are, and what to manage regarding tenant subscriptions and licensing.

Setting up an Office 365 trial

To set up an Office 365 trial, you need to have access to the following things:

  • An email account that will be associated with the trial You should sign up for a brand-new email account that you will use only with the trial. To ensure that the email account remains secure, you should also configure this account to use two-factor authentication. Outlook.com email accounts support two-factor authentication, including text-messages and time-based codes generated by apps that are downloadable from each mobile operating system vendor’s app store. You should avoid associating a subscription, even a trial subscription, with a personal email account because trial subscriptions can eventually become ongoing corporate subscriptions.
  • A mobile device that can receive SMS messages This device will be used to verify your identity.

Once you have the prerequisite elements to set up an Office 365 enterprise trial, perform the following steps:

  1. Navigate to https://products.office.com/en-us/business/office-365-enterprise-e3-business-software and click Free Trial.
  2. On the Welcome page, shown in Figure 1-1 (be aware that Office 365 screens are liable to change as the product evolves), provide the following information and click Next:

    • Region Note that you will be unable to change the region associated with the subscription after signup. This should be the geographical region in which the organization for which you are creating the subscription is based. For example, if you were in Hobart, in the state of Tasmania, Australia, you would choose Australia.
    • First name Input your first name.
    • Last name Input your last name.
    • Business email address Input the email address to be associated with the subscription. This should not be a personal account, but should be a secure account created expressly for the purpose of being associated with the subscription. This account will be used if you need to recover the tenancy’s global administrator account password. Because the global administrator is able to take any action, you want to ensure that the account that the recovery password can be sent to is secure and is only accessible to authorized people.
    • Business phone number Input the phone number to be associated with the subscription.
    Figure 1-1

    FIGURE 1-1 Welcome page

  3. On the Create Your User ID page, shown in Figure 1-2, specify the following and click Next:

    • User name This will be the username of the global administrator account. For an organization, the name for this account should not be a standard user name, but should be appropriate for an account that will have the highest level of permissions.
    • Company name This will be your organization’s onmicrosoft.com name. You’ll be able to configure Office 365 to use a more traditional domain name at a later point in time.
    • Password The password must be 8-16 characters, combine upper case and lower case letters, numbers, and the following symbols: ! @ # $ % ^ & * - _ = [ ] | \ : ‘ , . ? / ` ~ " ( ) ;.
    Figure 1-2

    FIGURE 1-2 Create your user ID

  4. On the Prove You’re Not A Robot page, shown in Figure 1-3, provide a mobile phone number where you can receive a text message and click Text Me. The important takeaway from this page is that the secret to humanity defeating the eventual robot uprising is that robots are unable to read text messages.

    Figure 1-3

    FIGURE 1-3 Prove you are not a robot

  5. When you receive the text message, enter the verification code and then click Create My Account on the page shown in Figure 1-4.

    Figure 1-4

    FIGURE 1-4 Enter the verification code

  6. On the Save This Info page, shown in Figure 1-5, review the information, which will include your Office 365 ID and the Office 365 sign-in page.

    Figure 1-5

    FIGURE 1-5 Trial ready

Configure the tenant name

When you set up your Office 365 subscription, you specify a tenant name in the form of name.onmicrosoft.com where name is the name you want to assign to your organization’s tenancy. This name has to be unique and no two organizations can share the same tenant name. The tenant name cannot be changed after you configure your Office 365 subscription.

You can assign a domain name that you own to the tenant so that you don’t have to use the tenant name on a regular basis. For example, you might sign up to an Office 365 subscription with the tenant name contoso.onmicrosoft.com. Any accounts you create will use the contoso.onmicrosoft.com email suffix for their Office 365 mailboxes. However, once you’ve set up Office 365, you can assign a custom domain name and have the custom domain name used as the primary email suffix. For example, assuming that you owned the domain name contoso.com, you could configure your tenancy to use the custom domain name contoso.com with the contoso.onmicrosoft.com tenancy. You’ll learn more about using custom domains later in this chapter.

While you can configure a custom domain name to be the default domain name and use the custom domain name exclusively when performing Office 365 related tasks, you won’t be able to remove the tenant name. The tenant name chosen at setup remains with the subscription over the course of the subscription’s existence.

Tenant region

Tenant region determines which Office 365 services will be available to the subscription, the taxes that will be applied as a part of the subscription charges, the billing currency for the subscription, and the Microsoft datacenter that will host the resources allocated to the subscription. For example, selecting United States for a region will mean that your organization’s Office 365 tenancy is allocated resources in a United States datacenter. Selecting New Zealand currently means that your organization’s Office 365 will be allocated resources in a datacenter in Australia as this is currently the closest Microsoft datacenter to New Zealand.

Unlike other Office 365 settings, you cannot change the tenant region once you have selected it. The only way to alter a tenant region is to cancel your existing subscription and to create a new subscription.

Administrator roles

There are five Office 365 management roles. The Office 365 roles are as follows:

  • Global administrator Office 365 users assigned this role have access to all administrative features. Users assigned this role are the only users able to assign other admin roles. More than one Office 365 user account can be assigned the global admin role. The first tenancy account created when you sign up for Office 365 is automatically assigned the global admin role. This role has the most rights of any available role.
  • Billing administrator Office 365 users assigned this role are able to make purchases, manage subscriptions, manage support tickets, and monitor service health.
  • Password administrator Office 365 users assigned the password admin role are able to reset the passwords of most Office 365 user accounts, except those assigned the global admin, service admin, or billing roles. Users assigned the password admin role can reset the passwords of other users assigned the password admin role.
  • Service administrator Office 365 users assigned the service admin role are able to manage service requests and monitor service health.
  • User management administrator When assigned this role, users can reset passwords and monitor service health. They can also manage user accounts, user groups, and service requests. Users assigned this role are unable to delete accounts assigned the global admin role; create other admin roles; or reset passwords for users assigned the billing, global, or service admin roles.

To assign a user the global admin role, perform the following steps:

  1. In the Office 365 Admin Center, select the Active Users node under the Users node as shown in Figure 1-6.

    Figure 1-6

    FIGURE 1-6 Active Users

  2. In the Active Users node, select the user that you want to assign global admin privileges to and then click Edit.
  3. On the user properties page, click Settings.
  4. On the Settings page, select Yes under Assign Role and then select the Global Administrator role as shown in Figure 1-7 and provide an email address where password reset information can be sent. Ensure that this account is secure and protected by two-factor authentication. Click Save to apply the changes.

    Figure 1-7

    FIGURE 1-7 Global Administrator

Manage tenant subscriptions and licenses

You can manage Office 365 tenant subscriptions from the Subscriptions node, which is under the Billing node and is shown in Figure 1-8.

Figure 1-8

FIGURE 1-8 Subscriptions

When you are signed up to an Office 365 subscription that is not a trial subscription, you’ll also be able to view a node named Bills. You can use this node to review invoices by date. Organizations can pay for Office 365 by credit card or invoice. If you want to change the payment method at a later point in time, you will need to call Office 365 support as altering the payment method cannot be performed through the Office 365 Admin Center.

Assigning licenses

Office 365 users require licenses to use Outlook, SharePoint Online, Skype for Business (formerly Lync Online), and other services. Users who have been assigned the global administrator or user management administrator roles can assign licenses to users when creating new Office 365 user accounts or can assign licenses to accounts that are created through directory synchronization or federation.

When a license is assigned to a user, the following occurs:

  • An Exchange Online mailbox is created for the user.
  • Edit permissions for the default SharePoint Online team site are assigned to the user.
  • The user will have access to Skype for Business features associated with the license.
  • For Office 365 ProPlus, the user will be able to download and install Microsoft Office on up to five computers running Windows or Mac OS X.

You can view the number of valid licenses and the number of those licenses that have been assigned on the Licenses node, which is underneath the Billing node in the Office 365 Admin Center. This node is shown in Figure 1-9.

Figure 1-9

FIGURE 1-9 Licenses

You can assign a license to a user by editing the properties of the user. To do this, select the user’s account in the Office 365 Admin Center and then click Edit. On the Licenses tab of the user’s properties, you can assign a license by selecting the check box next to each license type. You can also remove a license by clearing the check box. Figure 1-10 shows the Licenses tab of the properties of an Office 365 user.

Figure 1-10

FIGURE 1-10 User license

Resolving license conflicts

License conflicts occur when you have assigned more licenses than you have purchased. Methods that you can use to resolve this problem include:

  • Purchasing more licenses This resolves the issue by ensuring that the number of licenses being consumed matches the number of licenses that have been purchased.
  • Removing licenses from existing users You can resolve license conflicts by removing licenses from existing users so that the number of licenses being consumed matches the number of licenses that has been purchased.
  • Deleting users In many cases, license conflicts occur because users who are no longer associated with the organization are still consuming licenses. Deleting these users from Office 365 will release the licenses assigned to these users.

Objective summary

  • The tenant name is the name that precedes the onmicrosoft.com name for the Office 365 tenancy. This name must be unique.
  • While the tenant name can be used as the organization’s email domain, you can also configure the tenancy to use a custom email domain for this purpose.
  • You will need to have a device that can receive SMS messages to prove that you are not a robot during the Office 365 setup process.
  • The first account setup for the tenancy will be assigned the global administrator role.
  • Users assigned the global administrator role have access to all administrative features.
  • Users assigned the billing administrator role are able to make purchases, manage subscriptions, manage support tickets, and monitor service health.
  • Users assigned the password administrator role are able to reset the passwords of most Office 365 user accounts (except those assigned the global admin, service admin, or billing roles).
  • Users assigned the service administrator role are able to manage service requests and monitor service health.
  • Users assigned the user management admin are able to reset passwords; monitor service health; and manage user accounts, user groups, and service requests.
  • You can assign and remove licenses by editing an Office 365 user’s properties.
  • Deleting a user removes all licenses assigned to that user.

Objective review

Answer the following questions to test your knowledge of the information in this objective. You can find the answers to these questions and explanations of why each answer choice is correct or incorrect in the “Answers” section at the end of the chapter.

  1. Which of the following cannot be changed after you deploy an Office 365 tenancy? (Choose two.)

    1. Tenant name
    2. Tenant region
    3. Global administrator
    4. Billing administrator
  2. Which of the following Office 365 user roles has the ability to change the password of users who are members of the global administrator role?

    1. Global administrator
    2. Password administrator
    3. User management administrator
    4. Service administrator
  3. Which role should you assign to help desk staff who should be able to reset the passwords of non-privileged Office 365 users without assigning any unnecessary privileges?

    1. Global administrator
    2. Service administrator
    3. Password administrator
    4. User management administrator
  4. Which role should you assign to staff who you want to be able to create non-privileged Office 365 users without assigning any unnecessary privileges?

    1. Global administrator
    2. Service administrator
    3. Password administrator
    4. User management administrator