Describe Microsoft 365 apps and services

In its original form, introduced in 2017, the Microsoft 365 product was marketed to enterprise customers and consisted of the following components:

• Office 365 Enterprise

• Windows 10 Enterprise

• Enterprise Mobility + Security

The object of the product is to provide users with a comprehensive workflow that combines cloud-based services, artificial intelligence, and machine learning capabilities. To do this, these three components actually consist of a variety of front-end and back-end applications and services, as described in the sections of this chapter.

In 2020, Microsoft announced the rebranding of the Office 365 consumer and business products to Microsoft 365, so there are now three tiers of Microsoft 365 products: Home, Business, and Enterprise, which can lead to some naming confusion. As of this writing, Microsoft is phasing out the Office brand entirely in favor of Microsoft 365 product names.

Skills in this chapter:

• Skill 2.1: Describe productivity solutions of Microsoft 365

• Skill 2.2: Describe collaboration solutions of Microsoft 365

• Skill 2.3: Describe endpoint modernization, management concepts, and deployment options in Microsoft 365

• Skill 2.4: Describe analytics capabilities of Microsoft 365

Skill 2.1: Describe productivity solutions of Microsoft 365

Microsoft Office is the earliest ancestor of Microsoft 365 and includes Microsoft Word, Excel, and PowerPoint. These became known as productivity applications, which are still at the core of Microsoft 365 products.

However, productivity has changed in the decades since the first Microsoft Office release, and so have the tools that users need to be productive. Microsoft 365 has evolved into a large collection of applications and services that can provide users with the means to be productive.

Describe the core productivity capabilities and benefits of Microsoft 365, including Microsoft Outlook and Microsoft Exchange, Microsoft 365 apps, and OneDrive

Microsoft 365 is not just a collection of workstation applications; it’s designed more to be a comprehensive productivity solution for users, as well as a management solution for administrators. For users, the most visible element of Microsoft 365 is the familiar set of Office applications: Outlook, Word, Excel, and PowerPoint, applications they have probably been using for years. However, many Microsoft 365 components operate beneath the immediately visible applications, which help to protect the users and their data and provide them with intelligent communication and collaboration services.

Windows 11 Enterprise

Windows 11 is the operating system that enables users to access both the Office productivity applications and the services provided by the other Microsoft 365 components. The Microsoft 365 E3 and E5 product plans include an upgrade to the Enterprise edition of Windows 11. The Enterprise edition of Windows 11 includes security measures, deployment tools, and manageability functions that go beyond those of Windows 11 Pro, providing administrators of enterprise networks with centralized and automated protection of and control over fleets of workstations.

The Windows 11 Enterprise E3 operating system included in Microsoft 365 E3 is an upgrade to an existing Windows 11 Pro installation. The Microsoft 365 E5 product includes an operating system upgrade to Windows 11 Enterprise E5, which includes all of the E3 features plus Microsoft Defender for Endpoint.

Some of the additional features included in Windows 11 Enterprise are described in the following sections.

Security

All Windows 11 editions include Windows Defender, which protects the operating system from various types of malware attacks. However, compared to Windows 11 Pro, Windows 11 Enterprise includes several enhancements to the Windows Defender software, including the following functions:

• Windows Defender Application Guard This enables enterprise administrators to create lists of trusted Internet sites, cloud resources, and intranet networks. When a user accesses an untrusted site using Microsoft Edge or Internet Explorer, Windows 11 automatically creates a Hyper-V-enabled container and opens the untrusted resource within the protected environment that the container provides. If the untrusted resource turns out to be malicious, the attacker is isolated within the container, and the host computer remains protected.

• Windows Defender Application Control (WDAC) This provides defense against malicious applications by reversing the standard trust model in which applications are assumed to be trustworthy until proven otherwise. WDAC prevents a system from running any applications, plug-ins, add-ins, and other software modules that have not been identified as trusted using a policy created with Microsoft Intune or Group Policy. Windows 11 version 22H2 includes Smart App Control, a feature based on WDAC that uses Microsoft’s security service to determine whether an app is too dangerous to run.

• Microsoft Defender for Endpoint Windows 11 includes the client-side components of Microsoft Defender, a private cloud-based threat prevention, detection, and response engine. Windows 11 includes endpoint behavioral sensors, which collect behavioral information from the operating system and forward it to the Defender back-end servers in the enterprise’s private cloud for analysis. Defender also protects the files in key system folders from unauthorized modification or encryption by ransomware and other attacks, applies exploit mitigation techniques to protect against known threats, enhances the network protection provided by Windows Defender SmartScreen, and performs automated real-time investigation and remediation of security breaches.

Updates

Windows 10 and 11 perform system updates differently from previous Windows versions, replacing the major service packs released every few years with semiannual feature updates. The Windows Update process is automated by default for the typical Windows user, but network administrators can still intervene in the process for testing update releases before they are generally deployed.

Microsoft provides the following tools for the administration of updates:

• Windows Update for Business This free cloud-based service enables administrators to defer, schedule, and pause update deployments to specific workstations. Administrators can use the service to allow the installation of updates on designated test systems only and then deploy the updates later if no problems arise. Administrators can pause their deployments indefinitely if there are problems with particular updates.

• Windows Server Update Service (WSUS) This free, downloadable service enables administrators to manage system updates internally by downloading releases to a WSUS server as they become available, testing them as needed, and then deploying them to workstations on a specific schedule. WSUS enables administrators to exercise complete control over the update deployment process. Also, it reduces the update’s Internet bandwidth used by downloading releases only once and then distributing them using the internal network. Administrators can install multiple WSUS servers and distribute update preferences and release schedules among them, making the system highly scalable.

While administrators can use these tools to manage updates on workstations running any version of Windows, there are additional enhancements for Windows 11 Enterprise workstations, including its manageability with the Desktop Analytics tool. Desktop Analytics is an enhanced service incorporating all the upgrade compatibility and monitoring functionality of Windows Analytics, along with deeper integration into the Microsoft management tools, such as Configuration Manager, and a “single pane of glass” interface that provides administrators with a comprehensive view of the Windows 11 and Microsoft 365 update status.

Some of the update monitoring functions supported by Desktop Analytics are as follows:

• Upgrade Readiness Desktop Analytics collects information about Windows, Microsoft 365, and other applications and drivers and analyzes it to identify any compatibility issues that might interfere with an upgrade.

• Update Compliance Desktop Analytics gathers Windows 11 information about the progress of operating system update deployments, as well as Windows Defender Antivirus signature and result data, Windows Update for Business configuration settings, and Delivery Optimization usage data. After analyzing the information, Desktop Analytics reports any update compliance issues that might need administrative attention.

• Device Health A Desktop Analytics solution that uses the enhanced diagnostic data generated by Windows 11 to identify devices and drivers causing regular crashes. The tool also provides potential remediations, such as alternative driver versions or application replacements.

Management

Microsoft 365 provides many enhancements to the enterprise management environment, enabling administrators to simplify deploying and configuring Windows 11 Enterprise workstations. One of the primary objectives of Microsoft 365 is to automate many of the routine tasks that occupy a great deal of an administrator’s time.

• Windows Autopilot This is a cloud-based feature designed to simplify and automate deploying Windows 11 workstations on an enterprise network. Instead of having to create and maintain images and drivers for every computer model, Autopilot uses cloud-based settings and policies to reconfigure the OEM-installed operating system into a user-ready workstation, even installing applications and applying a new product key to transform Windows 11 Pro to the Windows 11 Enterprise edition.

• Microsoft Application Virtualization (App-V) This enables Windows workstations to access Win32 applications that are actually running on servers instead of local disks. Administrators must install the App-V server components and publish the desired applications. A client component is also necessary, and Windows 11 Enterprise includes the App-V client by default, so no additional installation is necessary. However, the client has to be activated; administrators can activate clients using either Group Policy settings or the Enable-App cmdlet in Windows PowerShell.

Windows 10 Upgrade

The Microsoft 365 Business plans do not include the full Windows operating system package because the assumption is that potential deployers already have or will be purchasing computers with a Windows OEM operating system installed. However, Windows 10 or higher is required for the end-user workstations to function with the Microsoft 365 services, so the Microsoft 365 Business plans include upgrade benefits to Windows 10 Pro for computers currently running Windows 7 or Windows 8.1 Pro.

Exchange Online

Exchange Online is a cloud-based implementation of Microsoft’s flagship messaging and collaboration server product. All Microsoft 365 Enterprise and Microsoft 365 Business plans include Exchange Online access for all users. This eliminates the need for organizations to install and maintain their own on-premises Exchange servers.

As with Microsoft Azure, Exchange Online uses shared servers in Microsoft datacenters to host the mailboxes and other services for multiple subscribers. The Exchange Online services available include the following:

• Mailboxes Each user is provided with mail storage, the amount of which is based on the subscriber’s Microsoft 365 plan. An In-Place Archive provides additional storage for mail. Exchange also supports shared mailboxes for groups of users who share responsibility for incoming mail.

• Calendars Users can maintain events and appointments and share them with other users to create a unified scheduling and collaboration environment.

• Shared calendars Users can share their calendars for scheduling, task management, and conference room booking. Exchange Online also provides a global address book, group management, and mailbox delegation.

• Exchange Online Protection (EOP) EOP scans incoming email for spam and malicious code and forwards, deletes, or quarantines potentially dangerous messages based on rules established by administrators.

• Unified Messaging (UM) UM enables administrators to combine email messages with voice mail so each user can store both message types in a single mailbox. UM provides standard voice mail features, including call answering, and enables users to listen to their messages from the Outlook Inbox or by using Outlook Voice Access from any telephone.

• Data Loss Prevention (DLP) DLP enables administrators to create DLP policies that protect sensitive company information by using deep content analysis to filter messaging traffic based on keywords, regular expressions, dictionary terms, and other criteria and then take specific actions based on the type of information detected. For example, a DLP policy can identify email messages containing credit card numbers and either notify the sender, encrypt them, or block them outright. More complex policies can identify specific types of company documents and use virtual fingerprinting to identify their source.

Microsoft maintains two Exchange Online subscription plans: Plan 1, which is included with Microsoft 365 Business, and Plan 2, which has additional features and is included with Microsoft 365 Enterprise. The features included in each plan are listed in Table 2-1.

TABLE 2-1 Exchange Online plans for Microsoft 365

Exchange Online Plan 1 (Microsoft 365 Business)	Exchange Online Plan 2 (Microsoft 365 Enterprise)
50 GB of mailbox storage per user	100 GB of mailbox storage per user
In-Place Archive	Unlimited additional user storage in In-Place Archive
Access via desktop Outlook, Outlook on the web, and Outlook Mobile	Access via desktop Outlook, Outlook on the web, and Outlook Mobile
Individual user calendars	Individual user calendars
Shared calendars	Shared calendars
Exchange Online Protection	Exchange Online Protection
	Unified Messaging
	Data Loss Prevention

Microsoft 365 administrators do not have direct access to the Exchange Online servers, but they can access the Exchange admin center from a link in the Microsoft 365 admin center to manage Exchange-specific settings using a web-based interface, as shown in Figure 2-1.

In this interface, administrators can perform tasks such as the following:

• Create and manage user accounts

• Grant management role permissions for administrators and users

• Configure mail flow options to integrate on-premises mail servers or third-party mail services into the message-handling solution

• Enable calendar sharing with outside organizations or between users on-premises and in the cloud

• Manage hierarchical and offline address books, address lists, and address book policies

• Create and manage a public folder hierarchy for document sharing and collaboration

• Create and manage client access rules to restrict access to Exchange Online based on client platform, IP address, authentication type, location, and other criteria

Microsoft Outlook

Users can access Exchange Online services using the Microsoft Outlook application included with the Office productivity tools, as shown in Figure 2-2, the web-based Outlook client, or Outlook Mobile. This enables users to access their mail, calendars, and other services from virtually any device, including smartphones and tablets running iOS, Android, or Windows.

SharePoint

Microsoft SharePoint is a web-based collaboration tool originally introduced in 2001 as an on-premises server product. SharePoint in Microsoft 365 is the cloud-based equivalent included with nearly all of the Microsoft 365 Business and Enterprise plans.

SharePoint is a service that administrators and workers can use to create document management, distribution, and collaboration websites. At its simplest, SharePoint users can create a document library on the web and upload their files to it. The files are then accessible from any device with access to the site. As SharePoint is part of Microsoft 365, editing a library document opens it in the appropriate Office application, whether online or installed on a desktop.

Users can share their library files with other users with varying degrees of access by assigning permissions to them. A scenario in which an organization or user wants to post documents to a library for many users to access is called a communication site. For example, a company could use SharePoint to create a library of human resources documents for all employees to access. SharePoint includes customization capabilities that enable administrators to design websites with modern graphical components, as shown in Figure 2-3.

Even more useful, multiple people can edit a single SharePoint document simultaneously, providing a collaborative environment that enables groups to work together. By creating a team site, a designated group of users can work simultaneously on documents that only they can access. SharePoint maintains multiple versions of the files in a library so users can review the iterations of a document throughout its history.

Communication and team sites are linked in SharePoint by hub sites, which provide centralized navigation to the subordinate sites and downstream searching. The SharePoint service included in Microsoft 365 can host multiple hub, collaboration, and team sites, as shown in Figure 2-4.

Because SharePoint is integrated with the other Microsoft 365 components, users can take advantage of their security and manageability features. The documents uploaded to SharePoint sites are protected against malicious code by the same antimalware engine used by Exchange Online and Data Loss Prevention. Outlook integration enables users to schedule and deliver team events to members’ calendars. SharePoint also can control group memberships and document permissions with user identities taken from Active Directory and Azure Active Directory.

The SharePoint plan included with the Microsoft 365 Enterprise products includes unlimited personal cloud storage. A SharePoint library can have up to 30 million files and folders, although there are limitations when the number goes beyond 100,000. Individual files can be up to 15 GB, and SharePoint can maintain up to 50,000 versions of each file. SharePoint groups can have up to 5,000 users, and users can be members of up to 5,000 groups. Therefore, SharePoint supports enormous installations serving as many as 500,000 users.

OneDrive

OneDrive, shown in Figure 2-5, is Microsoft’s cloud-based storage service. All the Microsoft 365 Business subscriptions include one terabyte of cloud storage per user. Microsoft 365 Enterprise subscriptions include 5 TB of cloud storage per user, with up to 25 TB available by administrator request.

OneDrive is also the default cloud storage location for Microsoft 365 applications. For example, users can save Word, Excel, PowerPoint, and OneNote documents to OneDrive storage and share them with other users. This allows multiple users to access and edit a document simultaneously.

OneDrive support is included with the Windows operating systems 8.1 and later. OneDrive client applications are available for Windows and macOS desktops that provide users with access to their cloud storage and other features, such as file synchronization. Mobile versions of the OneDrive app are also available for Android and iOS, which enable users to access their cloud storage anywhere.

OneDrive is intended to be a personal cloud storage service, while OneDrive in Microsoft 365 is another form of Microsoft cloud storage implemented within SharePoint and provides additional collaboration features intended for business users, such as Content Approval.

Using the Microsoft 365 admin center

Because Microsoft 365 consists mostly of cloud-based services, administrators use web-based controls to manage them, and users can use web-based portals to access them. The individual services included with Microsoft 365, such as Exchange Online and SharePoint, are also available as separate products, so they have their own administrative portals called admin centers. However, the Microsoft 365 admin center is the main administrative portal for the product, and it provides access to all the individual portals as well.

When you sign on to the Microsoft 365 admin center at admin.microsoft.com, you see the Home screen shown in Figure 2-6, with a navigation menu in the left pane and a series of cards containing controls on the right. Administrators can place their most frequently used controls on the Home page by dragging items from the navigation menu to the right pane to add more cards.

The navigation pane contains menus for control categories, with dropdowns for specific control types. The categories are as follows:

• Users Enables administrators to create, manage, and delete user accounts. By assigning licenses to accounts, users will be granted access to Microsoft 365 or other applications and services. Assigning administrative roles to users grants them privileges to access certain additional controls.

• Devices Enables administrators to add new devices, individually or in bulk, such as smartphones and tablets, create policies for securing the devices, and manage individual devices by resetting them, removing corporate data, or removing them entirely.

• Teams & Groups Enables administrators to create Microsoft Teams teams and various types of groups, including Microsoft 365, security, mail-enabled security, and distribution list groups, assign owners to them, and configure privacy settings. They can also create shared mailboxes for access by all members of a specific group.

• Roles Enables administrators to assign built-in Azure Active Directory roles to users to provide them with access to additional admin centers and other resources.

• Resources Enables administrators to create and configure rooms and equipment for assignment to meetings and create SharePoint sites and collections.

• SharePoint The SharePoint admin center provides full control over SharePoint, but this interface can control site sharing and remove external users.

• Billing Enables administrators to purchase additional Microsoft applications and services, manage product subscriptions, monitor available product licenses, and manage invoices and payments.

• Support Enables administrators to find solutions to common Microsoft 365 problems and create and view requests for service from Microsoft technicians.

• Settings Enables administrators to configure service settings and add-ins for the entire enterprise, configure security settings, and monitor partner relationships.

• Setup Enables administrators to monitor their Microsoft products and manage the licenses for those products, purchase or add Internet domains, and migrate data from outside email providers into Microsoft 365 accounts.

• Reports Enables administrators to generate various reports, such as email activity, active users, and SharePoint site usage, over intervals ranging from 7 to 180 days. Reports like these can indicate who is using the Microsoft 365 services heavily, who is near to reaching storage quotas, and who might not need a license at all.

• Health Enables administrators to monitor the operational health of the various Microsoft 365 services, read any incident and advisory reports that have been generated, and receive messages about product update availability and other topics.

• Admin Centers Enables administrators to open new windows containing the admin centers for the other services provided in Microsoft 365, including Security, Compliance, Azure Active Directory, Exchange, SharePoint, and Microsoft Teams.

Describe core Microsoft 365 Apps, including Microsoft Word, Excel, PowerPoint, Outlook, and OneNote

Much of the Microsoft 365 infrastructure is invisible to end users; their primary exposure is to the standard Office productivity applications, such as Word and Excel. The selection of productivity applications included with Microsoft 365 depends on the subscription plan the administrators choose for the organization.

Using the Microsoft 365 portal

Once an administrator has given users Microsoft 365 accounts, they can access the Office productivity applications and sign on to the Microsoft 365 user portal at https://portal.office.com. After a user signs in with the email address created by the administrator as part of their account, the Microsoft 365 portal appears, as shown in Figure 2-7.

The Apps tiles on the portal’s Apps page provide the user access to the web-based versions of the Office productivity applications: Microsoft Teams, Word, Excel, PowerPoint, Outlook, OneDrive, and OneNote. Beneath the icons is a Get Work Done area providing the user with access to recently used, pinned, and shared document files stored in the user’s OneDrive cloud.

Farther down on the Apps page is an Explore By Category section that displays tiles for the other Microsoft 365 apps by default, as shown in Figure 2-8.

Clicking one of the application tiles on the Apps page opens the online version of the application. All Microsoft 365 subscriptions provide users access to the web and mobile versions of the Office productivity applications. With these versions, users can access the applications on virtually any device from any location with Internet access.

If the users’ subscription includes the desktop versions of the applications, the Microsoft 365 portal permits the user to install the Microsoft 365 applications on up to five systems. On the portal’s home page, clicking Install Apps and selecting Premium Microsoft 365 Apps opens the Get Started With Microsoft 365 page, as shown in Figure 2-9.

The installation includes all the on-premises Office applications, including Word, Excel, PowerPoint, Outlook, OneNote, Access, Publisher, and OneDrive. This is the only way for a Microsoft 365 user to run the Access and Publisher applications because they don’t have web or mobile versions.

Using the Microsoft 365 Applications

The collection of user productivity applications, now known as Microsoft 365 Apps for Business and Microsoft 365 Apps for Enterprise, is one of the core elements of the Microsoft 365 subscription products. Formerly known as Office 365 for Business and Office 365 ProPlus, this element is most visible to users because it provides the applications they probably use every day. For administrators, productivity applications are a crucial part of the Microsoft 365 deployment process because they can use all the cloud-based services included in the Microsoft 365 product.

The various Microsoft 365 subscription products contain application packages that can differ slightly. For example, the Microsoft 365 Business Basic subscription includes only the web and mobile versions of the productivity apps, not the installable desktop versions.

The Office applications for web and mobile use are limited in their advanced features compared to the installed versions, but they enable users with a Microsoft 365 license full access to their documents using any Internet-connected computer or mobile device with a web browser. Users can also save documents in their OneDrive cloud storage for access later.

Most of the other Microsoft 365 packages include the desktop versions, and the core applications are the same; the differences are the additional applications and services that are included in the bundle. Microsoft 365 subscriptions include the following elements:

• Word Word processing

• Excel Spreadsheets and charting

• PowerPoint Presentation graphics

• Microsoft Teams Chat, messaging, and collaboration

• Outlook Email and scheduling

• Access Database management

• Publisher Desktop publishing

• OneDrive Cloud storage

Other Microsoft 365 business and enterprise packages include various combinations of the Microsoft cloud services discussed earlier in this chapter. The Microsoft 365 E5 package, for example, adds the following:

• Exchange Online This cloud-based email and calendaring service provides enterprise users with mailboxes and calendars they can access and share using virtually any device.

• SharePoint This cloud-based collaboration tool enables administrators and users to create websites and maintain document libraries.

• Viva Connections This cloud-based employee information feed is built on SharePoint and integrated into Microsoft Teams.

• Viva Engage This is a cloud-based enterprise social networking service that Microsoft is positioning as the successor to Yammer.

• Power Platform This is a low-code end-user development environment that includes Power BI Pro, a data mining and business analytics package; Power Apps, an app development tool; Power Automate, a tool for automating repetitive tasks; and Power Virtual Agents, a tool for creating chatbots.

• Stream This video streaming service enables enterprise users to upload, view, and share video content.

• Planner This cloud-based team management application includes file sharing and communication capabilities.

• To Do This is a cloud-based task management application.

The Microsoft 365 Enterprise E5 package includes all these elements, plus licenses for Windows 11 Enterprise and Enterprise Mobility + Security. The product is designed to enable all these components to work together intelligently and provide users with advanced communication and collaboration capabilities.

Comparing Microsoft 365 with on-premises Office

Microsoft 365 is the subscription-based version of the on-premises Microsoft Office application suite that has been available for decades. Office was originally designed as an on-premises business productivity product consisting of Word, Excel, and PowerPoint applications. All these applications were once standalone products, but by bundling them into the Office package, a single license gives a user unlimited access to all the applications. This simplifies the deployment and licensing process for IT purchasers and administrators.

The most recent release of the on-premises bundle is Microsoft Office 2021, but many corporate IT departments are still using previous versions, such as Microsoft Office 2019 or 2016. The package includes desktop versions of Outlook, Word, Excel, PowerPoint, Publisher, and Access for either Windows or Macintosh. These Office products are purchased outright, so no ongoing subscription fee exists. Office 2021 is available in multiple editions with varying contents. Enterprise administrators typically select Office Professional 2021, which is volume licensed.

Microsoft is clearly attempting to urge the Office market toward its subscription-based products. The list of features and benefits that are not included in the Office 2021 package but available in Microsoft 365 is a long one and includes the following:

• Automatic feature updates Microsoft 365 packages all receive regular feature, quality, and security updates at monthly or semiannual intervals determined by the enterprise administrator. By default, Office 2021 automatically downloads quality and security updates monthly from the Microsoft Content Delivery Network (CDN), but it does not receive feature updates. Major upgrades, such as from Office 2019 to Office 2021, require purchasing a new license.

• Licensed devices The Microsoft 365 licenses permit each user to install the Office productivity applications on up to five devices, meaning a single license can be used for a user’s office, laptop, and home computers—and even two smartphones or tablets. The Office 2021 license only permits the installation of the applications on one Windows or Macintosh computer.

• Operating system support While the Microsoft 365 products include Windows 11 Enterprise and require that operating system for many collaboration features, the Office 2021 product can be installed on any Windows 11 or 10 computer (version 1809 or later).

• OneDrive cloud storage Any registered user can obtain OneDrive cloud storage, but Microsoft 365 subscribers receive 1 TB of storage. Unlicensed users and Office 2021 licensees are only permitted 5 GB.

• Technical support The Microsoft 365 business packages include 24/7 online and telephone support and the FastTrack deployment service. The Office 2021 license has more limited support options.

• Email hosting and calendaring Most Microsoft 365 packages include the Exchange Online cloud service, which provides email and calendaring. For Office 2021 users, this service is only available as a separate subscription for an additional fee. There is also an on-premises Exchange Server product that is sold separately.

• Collaboration tools Most Microsoft 365 packages include cloud-based collaboration services such as SharePoint and Microsoft Teams. For Office 2021 users, these services are only available as separate subscriptions for additional fees. SharePoint is also sold separately as an on-premises server.

• Reduced functionality mode With Microsoft 365, if a user’s subscription lapses, if an administrator removes a user’s license, or if the computer on which the Office applications are installed does not connect to the Internet at least once every 30 days, the Office productivity applications go into reduced functionality mode and display a message like the one shown in Figure 2-10. In reduced functionality mode, the user can open, view, and print existing documents, but all editing functions are disabled, and the user cannot create new documents. The Office 2021 applications never revert to a reduced functionality mode, and users are not required to connect to the Internet.

While individual users might see these omissions as considerable drawbacks to the Office 2021 product, this is not necessarily so for enterprise administrators. In some cases, administrators might prefer that the Office applications not receive feature updates because of the additional support and training issues they might cause. Every new support issue in the enterprise is multiplied by hundreds or thousands of users, so the sudden appearance of substantial changes or new features in the Office applications can be more trouble than it’s worth.

As to the additional cloud services provided in many of the Microsoft 365 packages, such as those providing email and collaboration, many organizations already have solutions for these services in place and do not want to pay for features they do not need or want. Microsoft technical support for individual users might also not be necessary because enterprise administrators typically provide that support themselves. Many large organizations also obtain Office 2021 by purchasing a volume license, which might include incident support, should it be needed.

Compare core services in Microsoft 365 with corresponding on-premises services

Microsoft 365 is based primarily on cloud services, but some of the services are also available as on-premises products. For example, an organization can use Exchange Online for email and scheduling or install its own servers and run an on-premises version of Exchange. The same is true for SharePoint and Azure Active Directory, both of which also have on-premises equivalents. As with any trade-off situation, both sides have advantages and disadvantages.

Deployment

A cloud-based service is always simpler to deploy than an on-premises server-based product because the service is provided to the subscriber in an installed and operational state. There is no need to design an infrastructure, obtain hardware, or install server software. An administrator can begin to work with the service immediately after subscribing to it, creating user objects, Exchange mailboxes, or SharePoint sites that are up and running in minutes instead of days or weeks.

Updates

One significant advantage to using the cloud-based version of any of these applications or services is that they are regularly and automatically updated with the latest software version. Administrators are relieved of the need to download, evaluate, and deploy updates as they are released. With a cloud-based solution, an organization subscribes to a service, not a software product, so the provider is responsible for maintaining and updating the service’s functionality. In many cases, the cloud-based version of a service receives new features sooner, and on-premises software products might not receive certain features at all.

For an on-premises service installation, a responsible update strategy requires testing and evaluation of new software releases and might require service downtime for the actual update deployments.

Cost

Costs—both initial and ongoing—are another decisive factor in deploying any of these services. Cloud-based services require the payment of a regular subscription fee, and sometimes there are additional fees for add-on features. A subscription allows organizations to implement a service with a minimal initial outlay because no hardware costs or server licenses are required.

Fees for cloud-based services are predictable and simplify the process of budgeting. Installing the equivalent on-premises service is a more complicated affair. An organization obviously must first purchase the server software license and the computers on which the software will run, as well as an operating system license and client access licenses for all the users. This can be a significant initial outlay.

Depending on the organization΄s requirements, there might also be additional costs. A large enterprise might require multiple servers to support different physical sites, multiplying the initial outlay cost. Backing up data and storing it also adds to the cost.

There are also fault tolerance and disaster recovery issues to consider. By default, most cloud-based services from Microsoft are supplied with a 99.9 percent service level agreement (SLA), meaning the service will experience no more than 0.1 percent of downtime in a given period. The infrastructure Microsoft uses to maintain that consistent performance is of no concern to the subscriber. Duplicating that performance level with on-premises servers will require redundant hardware and possibly even datacenters. Not every organization requires this same level of consistent performance, but even a more modest uptime guarantee will increase the expenditure for an on-premises solution.

Finally, there is the issue of the people needed to design, install, and maintain on-premises services. For example, deploying Exchange servers is not a simple matter of just installing the software and creating user accounts. Depending on the organization΄s size, multiple servers might be needed at each location, and the design and configuration process can require administrators with advanced skills. These people will be an ongoing expense throughout the life of the service.

While cloud-based services can provide a great deal of performance for the price, this is not to say that they are always cheaper than on-premises servers. In the long term, cloud-based services can reach a point where they are more expensive. Cloud service fees are ongoing and perpetual, and while expenditures for on-premises servers might begin with a large initial outlay, they can come down to a much lower level once the servers and the software have been purchased and deployed.

A comparison of the relative costs also depends on the organization΄s requirements and existing infrastructure. For a large enterprise that already maintains datacenters in multiple locations with experienced personnel, deploying a new service in-house might be relatively affordable. The initial outlay for an on-premises service might be unfeasible for a newly formed company with no existing IT infrastructure.

Administration

Compared to on-premises server administrators, who can work directly with server software controls, Microsoft 365 administrators use web-based remote interfaces to work with cloud services. Microsoft 365 admin center provides access to the various tools for all the services included in the product, such as Exchange Online admin center and SharePoint admin center, as shown in Figure 2-11. These tools enable managing configuration settings and creating virtual resources, such as mailboxes and directory service objects.

However, administrators of cloud services do not have access to the underlying resources on which the services run. They cannot access the operating system of the computers on which their services are running, nor do they have direct access to the files and databases that form their service environments. For example, while administrators can create mailboxes for users in the Exchange Online admin center, they cannot access the mailbox databases containing the users’ messages.

The web-based interfaces are not necessarily a drawback for all administrators. It is entirely possible to manage a cloud-based service without ever requiring access to the service’s underlying data structures. In addition, Microsoft maintains responsibility for those data structures, ensuring their availability and security. In an on-premises service deployment, it is up to the local administrators to replicate the data structures for high availability purposes and implement a load-balancing solution to maintain a similar level of performance.

Here again, the differences between the two service environments depend on the experience and preferences of the people responsible for them. Experienced Exchange Server administrators, for example, might be wary of using a cloud-based Exchange implementation that would isolate them from the servers, the operating system, and the traditional Exchange controls. However, an administrator relatively new to Exchange might welcome the simplified access the Exchange Online admin center provides.

Security

One of the most critical factors in the decision to use cloud-based or on-premises services is the location of sensitive data. For many organizations, the security of their data is not just a matter of their own benefit. Sometimes, contractual and regulatory constraints can make cloud-based data storage impossible. For example, a company with a government contract might be required to maintain personal responsibility for its stored data; it cannot pass that responsibility on to a third-party cloud provider.

However, in cases with no legal constraints, storing data in the cloud can provide protection equivalent to several different on-premises security products. Antivirus protection, message encryption, Information Rights Management, and Data Loss Prevention are just some of the security mechanisms that the Microsoft 365 cloud services can provide, all of which would require additional maintenance and expense to implement for on-premises servers.

Service comparisons

Not all the cloud services included in Microsoft 365 are available in on-premises versions. Microsoft Teams and Microsoft Streams, for example, only exist as cloud services. However, some of the core Microsoft 365 services have existed as standalone server software products for years, and organizations planning a Microsoft 365 deployment might want to compare the cloud services to their corresponding on-premises versions, as in the following sections, before committing to one or the other.

Office Applications

As noted earlier, the Microsoft Office suite is a collection of productivity applications available as a standalone product for many years. Office 365—and, eventually, Microsoft 365—were introduced as subscription-based products enabling users to access the same applications in several ways. In most of the Microsoft 365 plans, it is still possible to install the applications on a Windows or Macintosh computer for online or offline use, but they are also available in the cloud for access on any device using a web browser. In addition, there are also non-Windows versions of the applications available for use on Android and iOS devices.

With the standalone Office product, currently called Office 2021, you pay only once and receive the productivity applications, such as Word, Excel, PowerPoint, Access, Publisher, and Outlook, but that’s all. The Office 2021 license is limited to a single device installation, while Microsoft 365 enables you to install the applications on up to five devices.

Free security updates to the current versions of the applications are released regularly, but not as frequently as the updates for Microsoft 365, which can also include new features. In the event of a major upgrade release, such as from Office 2019 to Office 2021, there is an additional charge for the standalone product. A Microsoft 365 subscription ensures that you always have the latest software version.

Office 2021 is available in several versions for different audiences, with differing price points. Basic versions, such as Office Home & Student 2021, include some of the applications (Word, Excel, and PowerPoint only), while Office Professional 2021 includes the entire suite of productivity applications but none of the Microsoft 365 cloud services. At this point in the life of the Office product, Microsoft is targeting Office 2021 at enterprises that “are not ready for the cloud” and that purchase volume licenses for the entire organization. Because Office 2021 is feature-locked, the applications do not change, which is something that corporate licensees might prefer to avoid interrupting their users’ productivity with new feature releases.

Microsoft 365 is available in several different subscription plans that provide cloud services in addition to the productivity applications, such as Exchange-based online email and extra OneDrive storage. The version of the productivity applications included in Microsoft 365, called Microsoft 365 Apps for Business, is integrated with all the cloud services described earlier in this chapter, including Exchange Online, SharePoint, OneDrive for Business, and Microsoft Teams. Integrating the Office applications with these services provides users with advanced intelligence and collaboration features unavailable with Office 2021.

Exchange

All the issues described earlier in this section apply to a comparison of Exchange Online with the on-premises version of Exchange. An Exchange Server deployment can be an elaborate and expensive affair requiring multiple servers and extensive configuration, while administrators can have Exchange Online up and running in less than a day.

Exchange Online provides each user with 50 or 100 GB of storage. In an on-premises exchange installation, the size of users’ mailboxes is regulated by the administrators, who often do not want to expend that much storage space, which many users might never need.

Also, unlike Exchange Server, Exchange Online can create Microsoft 365 groups, enabling users to work with shared resources. This can be a valuable resource for administrators. For example, a technical support team can add its members to a Microsoft 365 group. Administrators then grant the group the permissions necessary to access a shared Exchange mailbox, a SharePoint team site, and other resources. When members enter or leave the group, the permissions to access those resources are automatically granted or revoked.

On Exchange Server, by default, user mailboxes exist on one server and are therefore vulnerable to hardware failures, system faults, and other disasters that can render them temporarily unavailable or even lead to data loss. For this reason, an enterprise exchange deployment often requires additional servers to maintain duplicate mailboxes, a reliable backup strategy, and in some cases, duplicate datacenters, all of which add to the cost of the installation. By default, Exchange Online replicates mailbox databases across servers and datacenters, ensuring the continuous availability of the service. This, too, is an issue that some Exchange administrators would prefer to address themselves rather than leave to a service provider, but the market for organizations that like the idea of a turnkey solution and are willing to trust cloud services is growing constantly.

SharePoint

As with Exchange, SharePoint is available as an on-premises server product and as a cloud-based SharePoint service. The main advantages of the cloud version are the same as those of the other services: simplified deployment, automatic updating, data redundancy, web-based administration, and so forth.

Microsoft is presenting its cloud-based products as the next wave in business computing, and SharePoint in Microsoft 365 is now the flagship of the venerable SharePoint product. New features like the Modern experience in site design appear in the cloud version of SharePoint first. However, in the case of SharePoint, this does not mean that SharePoint Server is being left behind.

SharePoint Server 2019 includes features enabling it to work with Microsoft 365 cloud services. For example, administrators can redirect the MySites link in SharePoint Server to OneDrive so that users will be directed to cloud storage rather than to the on-premises server. A hybrid cloud search capability also causes a Microsoft 365 search to incorporate the index from an on-premises server into the standard cloud search.

Active Directory

Beginning with the Windows 2000 Server release, Active Directory Domain Services (AD DS) functioned as an identity management solution for enterprise resources. After creating an AD DS domain controller from a Windows server, administrators create a hierarchy of forests and domains and populate them with logical objects representing users, computers, applications, and other resources. With those objects, AD DS functions as an intermediary between users and network resources, providing authentication and authorization services when users attempt to access them. Azure Active Directory (Azure AD or AAD) is an Identity as a Service (IDaaS) mechanism that performs the same basic authentication and authorization functions for the Microsoft 365 cloud services, but it does so in a different way.

There are no forests or domains in Azure AD. After an organization subscribes to Microsoft 365 (or any of the individual Microsoft cloud services), an administrator creates a tenant using the Create A Tenant page, as shown in Figure 2-12. In Azure AD, a tenant is a logical construct representing an entire organization. Administrators of the tenant can then use the Azure portal to create user accounts and manage their properties, such as permissions and passwords. The accounts provide users with single-sign-on capability for all Microsoft services.

AD DS uses protocols such as Kerberos and NT LAN Manager (NTLM) for communication between domain controllers and the other computers involved in authentication or authorization. This is appropriate for its functions because AD DS functions only within the organization’s premises; it is not designed to work with users outside of the enterprise or manage cloud-based services like those in Microsoft 365.

Obviously, Azure AD is designed to manage cloud services and can work with users located anywhere, employing different security protocols, such as Security Assertion Markup Language (SAML) and Open Authorization (OAuth). Because they are so different, Azure AD and AD DS are not functionally interchangeable, as are the cloud-based and on-premises versions of services such as Exchange and SharePoint.

Thus, for any organization with an existing on-premises AD DS deployment and considering implementing Microsoft 365, the administrators will have to work with both AD DS and Azure AD. Fortunately, this does not mean that it will be necessary to create duplicate user accounts in each of the directory services. Azure AD Connect links the two and provides each user with a hybrid identity that spans both on-premises and cloud-based services. This provides the user with single sign-on capability for all applications and services.

Describe work management capabilities of Microsoft 365, including Microsoft Project, Planner, Bookings, Forms, Lists, and To Do

Work management is a software tool class that enables users to organize, schedule, and manage tasks and projects. Most Microsoft 365 packages provide access to several work management tools, whereas others require an additional subscription.

Microsoft’s guiding philosophy behind these tools is that more time spent managing work means less time doing work. The work management tools discussed in the following sections streamline the process of organizing projects, assigning tasks, and creating schedules so that team members can devote more time to working.

Microsoft Planner

Microsoft Planner is a simple project management tool that enables users to create plans and populate them with tasks, events, and other elements from various Microsoft 365 services. The default view of a plan consists of vertical columns called buckets, each of which consists of tasks, as shown in Figure 2-13. Tasks can contain graphics, links, and files hosted by SharePoint.

Clicking the +Add Task button opens a dialog like that shown in Figure 2-14, in which the user specifies a task name and a due date and assigns it to specific users.

When a user creates a plan, the tool automatically creates a Microsoft 365 group, the members of which are those to whom the plan applies. The opposite is also true; when a user or administrator creates a Microsoft 365 group, the tool creates a plan for it. As with all Microsoft 365 groups, a group mailbox and calendar are also associated with it; plan users can use them to schedule appointments and events and receive email notifications.

A Planner plan can also be integrated into Microsoft Teams by adding a new tab to a team’s General page. Therefore, users can work with planned tasks while contacting other team members via chat or call.

Microsoft Project

While Planner provides basic task management capabilities, administrators requiring more extensive features can run Microsoft Project. Project has existed in various forms (even a DOS version) since 1984, making it one of the oldest Microsoft software products. Today, a desktop version, Microsoft Project 2019, is still available in Standard and Professional versions, and a Microsoft Project Server version is based on SharePoint. However, the primary product is Project for the Web, a cloud-based product available for an additional subscription fee.

While Microsoft Project is considered part of the Office environment, it is not included in any Microsoft 365 subscription products. The cloud-based Project for Web product is available in three subscription plans: Project Plan 1, Project Plan 2, and Project Plan 3. Plan 1 is web-only, whereas Plan 2 and Plan 3 include the desktop version of the application for up to five users.

Project includes a grid view similar to Planner΄s, in which vertical buckets contain rows of tasks. However, Project also includes a timeline view with an interactive Gantt chart display, as shown in Figure 2-15.

Project also manages scheduling and budgeting for large-scale projects. Users can establish dependencies between tasks so a scheduling delay added to one task pushes its dependent tasks forward in the schedule by the same amount of time. In the same way, changes in costs for particular tasks are updated in the project’s overall budget.

Project allows administrators to assign tasks to specific users or groups and integrates with Microsoft Teams so all involved users can receive updated information about the project. Project is also built on Microsoft Power Platform, enabling users to integrate it with their own Power Apps apps and create Power BI dashboards containing real-time project information.

Microsoft Bookings

Microsoft Bookings is a shared scheduling application enabling users to manage their appointments. The application can integrate with Microsoft Outlook or Microsoft Teams so that users can access their schedules through their already familiar interfaces.

In Bookings, each user has a booking page, as shown in Figure 2-16, containing the user’s appointments and availability.

Users can share their booking pages with selected other users or with everyone. Clicking the plus (+) button on the booking page opens an Edit Meeting Type interface, as shown in Figure 2-17, where the user can create a new public or private appointment.

Microsoft Forms

Microsoft Forms is a relatively simple application that allows users to create surveys, quizzes, questionnaires, and registrations using an interface like that shown in Figure 2-18. Users can share the forms they create in the application with others, who can access them using any web browser.

As a form receives replies, the responses appear in the application in real-time. Once all the responses arrive, the application can analyze the results and export them to Microsoft Excel.

Microsoft Lists

As the name implies, Microsoft Lists is a tool for creating lists of various types, such as the itinerary list shown in Figure 2-19, which is based on one of the templates included in the application. As with most work management applications, it is possible to integrate lists into Microsoft Teams or SharePoint.

Microsoft To Do

Microsoft To Do is a cross-platform task management application that allows users to create and manage task lists integrating information from Outlook, Microsoft Teams, and other Microsoft 365 applications and services, as shown in Figure 2-20. Once collated, a user’s task list is then available from any platform, including Android and iOS. Users can also share their task lists with colleagues and delegate tasks to other users.