When and why should you start with Microsoft 365 business Premium

Earlier I’ve brought the article: The value of Microsoft 365 E3 and E5. Due the request I’ve written this article about Business Premium. To respect the content of the previous article the creating the modern workplace is crucial to read before reading this one. Global value of the Microsoft 365 stack will be the same.

The value of Microsoft 365 Business Premium

1. High-level

• Cloud strategy to become a modern organization that will tackle the on-premises complexity and grow to a modern cloud-first organization.
• Some Microsoft 365 E3 or E5 features are included to enable and empower the people to reset their own password. Some are part of AD premium P1 features: Others are: Cloud App Discovery, Office 365 ATP, Application Proxy, Dynamic Groups, Passwordless authentication.
• WHY? This product is made for companies under 300 people. And has more value because of this specific offering in the market. The price is lower. It has features of Microsoft 365 E3/E5, but there are constraints because the cloud-only focus. This will push the investment to consolidate on-premises workloads to M365 Business Premium. You will read the details below.

2. Defend against threats

• Office 365 Advanced Threat protection to be protected with Safe Links, Safe Attachments, Anti-phishing intelligence.
• Advanced multi-factor authentication. You can choose to bypass MFA from trusted locations.
• You can enforce Microsoft Defender on your Windows 10 PCs with enhanced protection against ransomware and malware.

3. Protect business data

• Data Loss Prevention: Microsoft 365 Business Premium can automatically detect when an email you’re about to send includes sensitive data like credit card info, social security numbers, and dozens of other confidential data types. If you’re just conducting normal business. But, if you’re about to do something dumb, it’s a welcome safety net. There are even templates that can conform to geographic or industry-specific regulatory requirements.
• Encryption of email and documents: If you need to send sensitive data to a partner or customer outside your organization you can encrypt that email with just one click. This ensures that only the intended recipient with the right credentials can open the email.
• Information protection: You can use this function to control who has access to company information. Whether it’s in an email or a document. By applying restriction that prevents people form forwarding, copying and printing.
• Archiving: This is another function that’s been made simple for when you need to preserve email and documents for legal reasons, or if you need to access an employee’s email/files after they leave the company

4. Easily secure and manage your devices

• MAM: Mobile Application Mangement is typically used for devices that aren’t owned by your employees, like personal phones or laptops. This type of management gives you control of company-owned email and files—but personal “data,” like pictures and texts, are not controlled with MAM. With MAM, your workers can use their personal devices to do their job without worrying that IT is controlling it. If a MAM device is ever lost or stolen, it’s simple to wipe all the corporate data from it.

• MDM: Mobile Device Management: is the best option if your organization issues company-owned devices to your employees for work use. With MDM, you can centrally manage everything on the device, install apps on it, restrict the functions or usage, block recreational usage (kind of a buzzkill, but ok), just to name a few options. As with MAM, if an MDM device is ever stolen, wiping the corporate data or doing a full factory reset is easy.
  
• You are able to set a minimum of security requirements needed for a modern midsize organisation.

The Microsoft 365 Business Premium strategy

Microsoft 365 business Premium is created to help midsize organization with their challenging ambition to be more productive and secure. It’s a known fact that not all small business have the possibly to provide a M365 E5 license for everyone.

• Office apps and services
• Advanced security + management
• for 1-300 employees! Hard requirement!

Which features of E5 are included in Microsoft 365 Business Premium

• Shared Computer action – to active Microsoft 635 Apps when becoming active on a workstation.
• Manual retention policies and sensitivity labels
• Office 365 Data Loss Prevention (DLP) for emails and files
• Email archiving
• Basic Office Message Encryption
• Company Branding
• Self-Service Password Reset
• Office 365 Advanced Threat Protection (ATP) Plan 1
• Windows Defender Antivirus
• Device Guard
• Windows Information Protection
• BitLocker and BitLocker To Go
• Windows AutoPilot
• Windows Hello for Business
• Windows 10 Business Premium. Exact details here / FAQ
• Cloud App Discovery as announced in this article
• Dynamic groups as announced in this article
• Application Proxy as announced in this article
• Passwordless authentication as announced in this article
• Service description: Microsoft-365-business-service-description

Don’t choose Microsoft 365 Business Premium if…

• I’ve met a lot of people who don’t dare to advice Microsoft 365 Business Premium because for a long time there were less features than today. And they don’t follow the evolution.
• It is still difficult to grow to cloud-only. so take a good look to the things below that are not included.
• It is important to know that Microsoft 365 Business Premium is focusing on a cloud-strategy. When you have a mid-size organization who is willing to shift to modern cloud solutions they will be able to shift if they make the commitment to remove these integrations. This product is created to work for cloud scenario’s. Are you able to decommission all of these workloads?
• It looks difficult but the most services are replaced in cloud variants today. So it’s outdated technology with a high TCO.
• Exchange Server, SharePoint Server, and Skype for Business Server Client Access License (CAL) equivalency is not included/licensed.
• Windows Server, RMS, and Microsoft Identity Management CAL equivalency is not included/licensed.
• System Center Configuration Manager and System Center Endpoint Protection Management License (ML) equivalencyis is not included/licensed.
• Full overview here.

Microsoft 365 Business will include Azure AD Premium P1

Brad Anderson, Microsoft 365 Vice-President is referring to this blog: aka.ms/aadp1smbblog

if you're a part of a small/medium business, take a second to check out this good news:
Microsoft 365 Business is about to get full Azure AD Premium P1.
this is a VERY powerful capability, and you can learn more about it here: https://t.co/1dFYHvRXGW pic.twitter.com/5BU9AlDot9

— Brad Anderson (@Anderson) April 10, 2020

High-level decisions to be made

• Are you ready and able to stop investing heavily in your on-premises infrastructure?
• Do you want to stop using, Exchange, SharePoint, Skype for business on premises?
• Are you willing to shift your System center infrastructure to EndPoint Manager?
• And at least, most important: Are you able to stop thinking Hybrid AND on-premises? Than GO, DO IT! Good luck! I’ve helped almost 5 customers to grow to full cloud. with no footprint in their local-AD. they are super exited and happy! Simplicity = key to grow.

New product names

The new product names go into effect on April 21, 2020. This is a change to the product name only, and there are no pricing or feature changes at this time. Maybe later.

• Office 365 Business Essentials will become Microsoft 365 Business Basic.
• Office 365 Business Premium will become Microsoft 365 Business Standard.
• Microsoft 365 Business will become Microsoft 365 Business Premium.
• Office 365 Business and Office 365 ProPlus will both become Microsoft 365 Apps. Where necessary we will use the “for business” and “for enterprise” labels to distinguish between the two.
• Source: https://www.microsoft.com/en-us/microsoft-365/blog/2020/03/30/new-microsoft-365-offerings-small-and-medium-sized-businesses/

Enable Microsoft 365 Security – Example from Microsoft

Set up tenant:	Recommend settings – normal scenario	Recommended settings – high risk scenario
Decide between hybrid & cloud-only identity	Hybrid, Azure AD Connect	Hybrid, Azure AD Connect
Azure AD Connect – sign-in method	Password Hash Sync	Password Hash Sync
Azure AD Connect – single sign-on	Enabled	Enabled
Azure AD Connect – On-premises attribute for Azure AD username	userPrincipalName	userPrincipalName
Azure AD Connect – Password writeback	Enabled	Enabled
Decide on email migration strategy	Hybrid Agent	Hybrid Agent
Configure DNS domains	Situational	Situational

Configure identity protection – example from Microsoft

Configure identity protection:	Recommend settings – normal scenario	Recommended settings – high risk scenario
Plan for administrative access	Required	Required
Configure dedicated admin accounts	Recommended	Recommended
Multi-factor authentication (MFA) for admins	Security defaults	Required, Conditional Access
Multi-factor authentication (MFA) for users	Security defaults	Required, Conditional Access
Self-service password reset (SSPR)	Enabled-All	Enabled-All
Combined security information registration	Enabled-All	Enabled-All

Practical guide to securing remote work using Microsoft 365 Business Premium

This guide summarizes Microsoft’s recommendations for enabling employees at small and medium-sized businesses to securely work from home, using the features included in Microsoft 365 Business Premium is written above. Read the Microsoft Guide: Here with deep insights and knowledge of medium-sized business. Guide

Creating a security culture

Use the Chief Security Officer (CSO)

Something missing? Please leave a reply!