Successfully deploy Microsoft 365 Business in your SMB - BRK3368

Successfully deploy Microsoft 365 Business in your SMB - BRK3368

Show Video

Hi. Good morning everybody. Hello. We, made it, Friday, morning I really, appreciate, all of you coming like special appreciation, because Friday, I'm writing right after the attendee party is hard to, attend so I really appreciate, your commitment to SMB, and Microsoft. CCC FEHB business. Actually. Anybody fans, of the show Friday. Night Lights. Few. Fans I, did. Consider we did consider changing, the name of the session to Friday morning, lights you. Know small business, big dreams cannot, lose, but. We got vetoed, by our, managers so this. Is allowed. To use that yeah. So, welcome, good, morning my, name is Shaka idea I'm the Senior Product Marketing Manager for, Microsoft. 85 business I focus, on product strategy, and. I have a thief, do you want introduce yourself hi I'm Steve Silas I'm a program, manager in the Windows identity, team on the, windows team my. Team owns, Azure, Active Directory joined, for Windows we own all the security, and Windows all. That fun stuff ok. The. The goals of this session. We, wanted to lay out prescriptive. Guidance for, deployment, of Microsoft, PC spare business we. Had a session last evening you, know talking about what Microsoft, 365 business, is you. Know what are what's the value and what are the security features and added recently all of the goodness and we also went into some of the signaling some of the security features as well so the goals of the sessions to lay out the entire, end-to-end. Deployment. Guidance on, the steps that you should take while, you're deploying, it for your customers, but. Also will. Be specifically, focusing, on the, hybrid device. Configuration. So that's kind of our focus because we covered some of it last evening as well and. So before. We get started though we, do want to make, you aware of this. New SMB. Tech community, that our team is building, we're, all coming together to, build and. Help IP, prost like you who are focused on small and medium businesses. Farmer, community, so if you have any questions. Specifically, on any SMB, solution or business premium and even, Microsoft yz5 business this is a place to ask the questions because we. Check the questions we check all of the. Responses. And we answer, them pretty quickly so if you have any even, after the session we just have 45 minutes I'm sure there's gonna be a lot of questions, so the best place to go ask your questions, is this, and start.

The Thread and we, will respond, to it so just a plug for the SME community that we tried to drill so. One. Of the things one of the goals of today's session that. We want to talk about is understanding the deployment, steps and we. Want to sort of lay out what the deployment, steps are it's. Essentially, you. Can look at it in terms of a three step process the, first thing is setting. Up off the general policies, and and setup, process. So setup your users and set up the security policies, for them second. Is look. At setting up office, 365, course service if you haven't already done that so you're enabling them the product of any capabilities, and third look at sort of the windows device configuration. And what device configuration, makes the best given, that this is Microsoft, 365, business, and you have the ability to take advantage of cloud management, capabilities. The. Third the, the second key takeaway, from the session we want you to have is, that Microsoft, 365, business, supports on-premise, Active Directory I know, when we g8 last year there, was a lot. Of talk about not, supporting hybrid. Configurations. We just want to unequivocally, say, that we support hybrid. Configurations, right now and we support on from this Active Directory and. There. Are two ways to do that and on-premise. When amis talk about on-premise, Active Directory the primary conduit to that is, going to be a Windows, 10 device and you, have choices, on, how, that Windows. 10 device connects, to the cloud so, we're going to talk about cue methods, today option, a and option B whether. It's, enabling, an azure ad join or a hybrid azure ad join so we're going to be focusing, on that today so just doing some level set on you. Know how deep we're going to go technically, and where we're going to focus on primarily. On the device configurations. Cuz we've, had a lot of questions on. That so, let's, get started what, are the steps to, deploy, Microsoft. 365, business and just. A warning we're going to get through step 1 and step 2 fairly, quickly because this was covered last. Evening and if you haven't if. You didn't, did not attend it recommend. Looking. At the the, video or we can chat later but. Essentially. The. Steps to, configure we, would put it down as this okay step, one is configure. Users. And policies, we, have a simple admin console in Microsoft, 365, business, it will take you to a step by step process so, we have step 1 2 3 4 5 so just follow those steps first and enable. Those policies, enable. Your users identity. Set up those centralized policies, that is necessary, for them and then, look, at enabling the, office, 365 services. In, terms of looking. At mailboxes. Enabling, wonderful business teams very, important, teams, as a part of it so enabling, all those productivity, scenarios. And. Then look at, how. The Windows, Device will then access all of this goodness and what strategy, makes sense and finally. We're, looking at how you can, any. Bowl the office, client applications, as a part of step 4, so. Let's. Get started. In. Terms of configuring, users and policies, so. Again. As we said that, one, of the one. Of the beauties, of Microsoft's pcs 5 business or what we're trying to build here is a simplified, admin, process, right, because. The feedback that we've we've gotten often, is that the. Components. If you look at Microsoft 365, business, it has it's, not just office 365, it is the Microsoft, 365, stack that before, I'll be talking about this week right it has in team capabilities. It. Has. Your. Azure, ad capabilities. A IP all, of those goodness are now part of it and. So in. Order to in, order to bring all of these services together our, goal, is not to stand, to two separate portals we want to help, you create, like a guided, path in order to set up and so one. Of the one. Of the primary ways you can do that is to the. Simplified, admin, portal that we have and we'll take you through, it. We'll take you through the setup process and, so, well, the first thing you would do is you, will go through the normal process that. You would for office 365 how many of you have deployed office cc5 here just. To level set fairly, everybody, great so, we, don't have to spend, that much time on things like you all are aware of setting up DNS I'm sure, you, have set up your users, to, Active Directory in. The you, know enable them to Azure ad connect, how. Many of you are using Azure ad Connect for your customers. Popular. Choice and. So you will follow, the same process for step wanted to and then you will hit the step for, five, of.

Microsoft's, Gt5 business which is different, from, what you're familiar with in BP, and, so here, you we have enabled simplified. Toggles, for you so in order to protect your files you, can enable file, protection policies, and this, is actually, bringing in those intern capabilities. Without actually going into the interim portal so you all you have to do is enable those toggles, and automatically. Protection. From your files is set up similarly. You have the ability, to protect, your devices, as well so essentially. If you want to configure your security, policies, for Windows 10 device here's, where you would do it so essentially, we have simplified, that so you don't have to go to in tune for some capabilities. But. Of course like. We talked about yesterday we, have enabled. A lot of new security value, ads and we're still in the process of, bringing them into the, centralized, management in, Microsoft, 365, business our centralized. Admin, experience in Microsoft. 365, business, so things like ATP a IP. DLP. Intune. MDM. Capabilities. For mobile. Device management for example if, you still need those those additional. Capabilities. Then. Now the process, is to go to the, separate areas. Like this security. And compliance portal, the intern portal and we also talked about this last evening so here's the story of how this space, is evolving, did. Any of you go to the, mg, c c 5b m. 365. Admin, experienced the new admin experience that they were talking about anybody. Okay. So great so. One, of the things is we, if, even. On the enterprise, side not just for the SMB, space. Where, we, were actually bringing, together the, entire goal is to have a single portal so you don't, have to go into, these separate portals and, so we're, we're, essentially. Building, on what we had in entry 65 business, so as a part of this new admin, experience it's, going to roll out 2m 365, business as well so you have those. Cards, you have the customization. Features you can get all of the analytics and reporting all, of the goodness that, was. Announced it's going to be part of MCC Feb business and I think the preview starts sometime in. Next month in October so look. Out for that so you'll start seeing that, toggle, for the new admin experience but. The goal is. We. Have a lot of these features available. To, you to enable so you don't have to go to the security, and compliance portal, and all of that but, till that new experience, rolls out just. Clarifying, you. Will have to go, into, and enable this in in. The various portals that we discussed, yesterday so, just putting a clarification, because yesterday. We did discuss all of this but, we. Said you know go to the security and compliance portal, go to Intune and all of that but, from, a roadmap perspective, what we're looking at is all of this is going to most. Of the scenarios are going to come under, the, the new admin experience so look out for information, on that and we're going to post all of that information on the SMB. Tech community, so please, follow it because we will be putting a lot of updates there, so. Again. All of you are familiar with deploying, office 365, so we're not going to run through that the playing office365. A. Business. Premium is a component of Microsoft 365. Business, the service plans are identical, so all of the all. Of the features, that are in business premium R&M, 365, business, and, essentially, you will configure it very similarly, you. Will configure, mail. A wonderful, business and teams highly, recommend, teams. As. Your, communication. Hub because you. Know we are it's. It's a focus of the company but it's also the future of unified communications for. For.

Microsoft. And. Migrating. Mail and. File, shares highly. Recommend that one. Of the features. One. Of the sessions I would recommend, also looking at is the known folder. Migration, that. Was talked about if. You're not aware if, you're looking at how to move local, files over to the cloud Steven. Rose has a great. Session. Or a blog post on tech community, about the new an own, folder move so, how do you recommend looking at that as well and. So I'll. Hand it over to. Steve. Now to, talk about especially, deploying. And configuring, vendors. 10 because that's the heart of Microsoft. C-65 business and to just remind you again. One. Of the components, of Microsoft's, easy for business is, the. Device management, capability. That, you get so you get full device management Windows. Mac, iOS and. Android, and what we're focusing on is how to sort of enable. Natively. The Windows 10 components. Or. The windows configuration components. So you can take all of the goodness in, terms of cloud management, and security policies, and all of that so I'll hand it over to Steve all right thank you, so. In. Order to take advantage of. Microsoft. 365 business, one of the things you really need to do is get to Windows 10 there's. A number of reasons for that. But they've, fall into four main categories and, the first is single sign-on, earlier. Versions of Windows different. Platforms, such as Mac Linux, they. Don't have the native integration that Windows 10 does you can immediately. Sign in to wind, and get access to all of your cloud resources, that are tied to Azure Active Directory such as Exchange, SharePoint any. Of these services you browser. You log in you're good the, other thing is you get centralized management and deployment of your policies, across all of your devices, so that's so. That's your PCs that's your Mac's that's. Your phones so, Android, iOS all, these devices you can apply a single policy that Apple you can have a single policy that you apply everywhere, so. That you're not having to run around managing them in you, know three, or four different applications, 50 different policies, you can have a centralized, baseline. Policy, that, says something. That required, that your business requires, one. Of the other things is uniform, configuration, of all your Windows devices you, can set a single baseline, so going back to that policy you, set a single baseline of saying I want everyone on this version of Windows our. Preference is that you're at the latest version of Windows because you get all the goodness from all the new features but. If you have specific requirements, you can stay on a specific version you. Can keep up to date you get all your patches you get all your pall security. Patches you get all the new feature updates, and. You're not running around managing, you, know ten.

Different Patch levels four four, four dozens of different machines, and. The other thing is that you have a consistent pall a security. Profile for for, everything you're doing for all your users one single user has, a, policy, applied everywhere so on your desktop on the web throughout, your Active Directory sort, of exchange you can have. In. Tune conditional, access policies. Applied. And it, just it. Just is applied, everywhere. So. How. Do you do it first, thing is you need to Azure, ad join, your devices so in, order to do that the very first thing is you need to get on Windows 10 specifically. Windows 10 Pro, if. You're on earlier, versions of Windows 7, Windows 8.1 pro, you can very easily just. Migrate. On up to Windows, 10 it's free if. You're on versions, such as home you can buy an upgrade to the pro license, we have an option to do that and. Once you're on Pro all you're doing is you're signing into Windows Windows. 10 with your azure ad account. At. That point it's joined. Once. You join it you'll get all your device policies, so. Through, in tune if you've ought to enrolled as part of the policy set up earlier on and in. One. Of the earlier steps. And. At. That point your apps will start coming down you'll, get you'll, get office. Installed, all, those. Fun things. So. Most. People these. Days. Usually. Fall into one, of two camps if you're a small business if, your startup, if you're if you're, slowly. Starting, to grow. In size you may not have Active Directory around, it's very easy to get on to Azure Active Directory you just set. Up your accounts you join and that's, it in, a number of cases you also have on Prem as your active Prem. Active Directory and we'll come to that in a moment well first. One. Of the things that, I want to show you is. How. Do you actually do that how, do you get. Your. Your. Machines. Join to Azure Active Directory so. All. Right. So. Why. Do we have dogs because they're awesome, so. The picture you just saw before that's Milton that's that's ash is very. Very, friendly puppy the, one that I have on screen is Riley that's my my, little girl, so. I have. A machine I just, I just turned it on I just grabbed it from from. You know I just installed the DVD booted, it from usb whatever however you want to do it there's a few options you can go through you can use autopilot you can get straight from the store. You can refresh from from any existing inventory, but this is this is just our out of box experience and and what, I'm gonna do is I'm just gonna log in, so. This is just a, an. Account that I have set up it's just in a tenant it's, asking, me for my password if. You have things. Like how, many of you seen our password list story, yeah. Couple of people okay, so. I'm just signing in. If. You if you're if you have policies that require MFA. Multi-factor off I typed, in my password wrong, I. Promise. I know what my password is there we go and. That's. All it takes you, sign in it's pulling down policy, it's loading up. In. The background once I get to my desktop and start pulling down policies, it'll start pulling down applications. This. Will take a moment and. I will come back to this and, show. You the results. So. This is Milton. So. Like I said there are different ways you can do this if you're using. Autopilot. How many have heard of autopilot. Yeah. Few people quite a few people actually it's. A really cool way. To get. Windows. Set up very easily out of the box directly from the manufacturer. Some. Of the other versions so if you already have. Existing. Users like local users or if you happen to be having if you already have an Active Directory domain, set up. You. Go through the settings so as an example, you. Go to settings you go to work. Workers, school accounts you hit connect. Once. You hit connect it pops up with this window there's. A bottom there's a there's a link at the bottom that says join this account to add your Active Directory you click that.

You. Entry emails and, then. It'll. Go through it the last thing is provisioning, policy if you need to roll it out in bulk you. Create a personal policy you stick it in each machine and it just goes. So. That's. If you don't have as your Active Directory I'm assuming majority, of you have Azure, Active Directory, or. Your customers do well actually ok so some. In. The case of actually, having a direct having. Active Directory on-prem, which, a lot of customers already do there's two different ways you can go about, getting. This, set up and the very first one is. Not. So not having, the device being, active. Directory domain, joined, and just. Joining two to Azure Active Directory this, is our recommended, option, and, I'll explain why in a moment so, the, basic idea of how this works is you, still have access to all your on-prem resources, you, can access your network shares, you can access printers. You can do all these different things and, the way that it works is this thing called Azure Active. Directory Connect, and so, what happens is when you join your device to Azure Active Directory. As. Your ad Connect, will take the information that it's received from that join and bring, it back down to Active, Directory and. Once. You start logging in it'll, use your credentials, to log into Active Directory when, you log into Active Directory it'll. Give you all the necessary things your Kerberos TGT your. Ntlm, hashes all these things that allow you to access your resources and. It's just a seamless experience, the. Other value is you, don't have to worry about. Policy. Management from from, group policy you can use Intune for everything a simplified. Management experience. You, can do deployment, through all your apps you even have to you, don't have to worry about any of this legacy. Compatibility. Issues. So. How, does that work again, you've got an upgrade to Windows 10 Pro that's. Always the prerequisite, you have to have a sure ad connect deployed it's a very simple setup you need a server you, run the wizard the. The setup wizard that you you configure some of the options there's there's a few different things you need to set up summer summer requires some aren't required you, run through that you join the device to Azure Active Directory and you're, done now. One, of the things to keep in mind is that if you have existing policies, in Active Directory that. You want to apply to your devices, they will not be applied because they're they're in tune managed so you have to take, those policies, migrate. Them to in tune and, we have a tool for that you don't have to do it but one of the tools we have is m-matt which. Is a way it takes your. GPO policies, matches. Them up to the Intune csps and it allows you to figure out what do you need. So. Real. Quick this. Is Riley again, she got into some trouble realize. She could dig. In the yard at one point. Also. Riley when she was younger, so. This. Is my machine this is my work machine this is my corporate device this is what I use every single day it is not domain joint it is Azure, Active Directory joint, and, I'm. On a VPN, so I can hit home because it's. You know there are some things in our corporate network that, we, don't expose, on. The internet just for practical, reasons it's we're just in the process of migrating I'm one of the things is we have file shares everywhere, we, have this dumping ground of hey I need to send you this and you, know for the last 30 years it is just you know you can throw it on a file sure so, here, I have a file share you know if you take a look at it.

You. Know there, it is it's in the corporate domain I'm on VPN I can access it I'm not domain joint I'm Azure Active Directory joint. And. So. I can, start accessing random things it'll, take a moment cuz the VPN I'm not actually going to show you some secrets. So. Again you have access to all your on-prem resources, it's a great way to start. Migrating to. To. The cloud so. I still have access to everything in the cloud so if I wanted to connect to exchange online if I wanted to connect to SharePoint all that's, still available plus, access, to on Krim. So. Just. To reiterate Windows. 10 Pro azure. Ad Connect, join, to Azure, ad. Potentially. Migrate your policies you still get access to all your line of business you still get access to your file shares printers. Any. Of these resources. But. There. Are some problems here one. Of the side effects of this is that. Profile. Migration, as soon as you join to. To. Azure Active Directory it. May create a new profile for you so if you're going from a local user or domain user it, will create a new profile, so you have to figure out how to you migrate things over a, second, some of the GPOs do not map we, have I think we have 10,000. Or 20,000, or some insane, number of GPO policies, and windows that you can apply. A few of those have been deprecated, there's, no reason to have them around anymore so you. Know we've decided, when we move to in tune maybe, we don't need to make those, carry. With us so some. Of them may not apply. In. Some very, very rare, instances. Certain types of apps may not be able to work with. With. This setup and that's primarily because they require device authentication, they're, using the system's. Credentials. To be able to access Active. Directory resources. It's a very rare scenario the most excuse, me the most common scenario that I've seen is VPNs, and. And. Legacy, VPNs with that but, if you have something like that it's, not gonna work and lastly. Printers I said, earlier that you can access your printers you absolutely, can you just you find the printer you double click on it you install it you're good to go where. It doesn't work is if you're relying on Active Directory to, locate, those printers. In. Essen, in the SMB market it's less, of a problem because a lot of people don't do this but in large large, enterprises, where, you have hundreds of thousands of users you, have hundreds, of or, thousands, of printers then, it becomes a little more problematic but, in this case you, just give them a list hey here's your printer you're good it installs it works no, different than. Existing. Capabilities. So. Profile. Migration, what, are the issues why, do you want to do it, how. Can you do it and so first, off profile. Contains all of your usual information integer, your, user favorites, it contains customizations. Any. Of the files of my documents, my music my pictures any of those things pictures, of my puppies I really want those to carry over you, know I don't want to lose those any. Of your browser settings so if you're using add your crawl in the health stores in. In. Your profile I mean some of them get synced to the cloud now but, in some cases some of them stay on offline. Cached. Credentials, is an important one if say. You're signing in to Skype for business any, app that says hey remember my credentials a lot of those are stored using are, stored in your user profile they're protected, but they're stored in your profile that's just that just happens to be where we put them other, things like your Outlook Cash when you're you know if you have.

A Very, very large email inbox if, you get you know the thousands, of thousands, upon thousands, of emails or you've been around for 20 years you. End up packing, in a lot of email sometimes, it takes a very long time to pull down from the server and so you don't really want to to, have. To do that again another, party third party apps they store their settings there and sometimes, it's just a pain to recreate that so. So. In, certain. Cases you have to think about how do I want to do this well if like, I just showed before where, I'm doing a new device join there's, no profile, so there's no need to migrate if. You're doing a if you have a local user like if you don't have a domain for using the local workgroup and, you want to migrate over and, you want to migrate to Azure Active Directory you, will have to migrate the profile and same if you're doing two main join you will have to migrate the profile and. So you. Need a tool to do that or you can do it manually manually. Is pain in the ass sorry. Forgive me it is and. So we, partnered with the tool called with the company called lap link and, they actually. Have. A tool that allows you to do this so if you take a look a, kms. Slash profile, MiG you. Can find this later. In the deck we, can provide more links to the at. A later date basically. You. Take your existing profile, you point it to a new to a new user and say migrate, it's. Very simple. So. Two policy, objects if you're, using group policy for, management. Of various things, so. That might be if your if your mapping network drives so, so like if you have corporate. Resources, or if you have the usership, user shares things like that that's. Often pushed down by group policy, if, you're customizing, applications. Or the Start menu you're putting in application, folders, things like that you, need GP or you're using GPO, for, that in. Some cases that doesn't migrate we've tried to do our best to make sure that there is a way to directly, migrate, them. But. Sometimes, they don't so use, the tool m-matt there's a link at the bottom if you just search for em at on download site you'll be able to find it that's mmm 80. That'll. Tell you what is what is the what is the right CSP, and into into to. Manage to to migrate, it to in. The cases where you don't have a direct migration, there's nothing there's nothing that it directly maps to, one. Of the options is considered don't using it we. Have put a lot of thought into what these CSP is look like and it, either falls into one camp either we, really, truly believe that you don't need it and it's not a good idea to use that policy, or we made a mistake if. It's a mistake please let us know and.

The. Legacy apps like I said before most. Apps do work they, you know it's I'm not gonna say all apps but most apps do work you. Know all of the apps that I use on a daily basis, they all work. They. Just I just like I showed you I can connect to the corporate resources I can do all these different things by, Active Directory, identity. Is still present, everything. Works in the cases where they don't work our recommendation. Is consider, switching. Using, using. That as an opportunity to switch to a new app or again. Contact, us and, if, it's an absolute. Necessity. To, have that we might consider from. Our perspective, what we can do about that or. You can use the option to domain. Join which is a hybrid, model and I'll talk about that in a bit. Printing. How, many people actually still have printers everywhere, I expect, everyone to actually raise their hands surprisingly, for. The very first time I printed something at Microsoft, like a month ago and, had to think about what a second, we have printers, a. Lot. Of people use Active Directory to, list so, you can find printers you can just you'd go the the, find window find me a printer and, you can you can you can search. Around that, that, uses Active Directory to power it. That's. Not supported, in this. Domain, join model, so our recommendation. Is, basically. Just give them a list give a little give a list to the users hey these are the five printers that we have in the office here's the however many what. I had to do was I just went and searched oh we have a print server in this building the print servers here oh I'm, on floor 4 okay, oh there's, my printer double click and I'm installed so it was actually, relatively easy experience. We. Recommend that you either create the list or you. Push. Out a policy to, using, Intune, to, map up all the printers that you need already for that particular user you. Can also use our cloud. Printing, option. Which is basically it uses you can map all your printers into a detractor directory, and it will populate in the list and you can you. Can select your printers from that as well. If. None. Of these options work. For you we recommend going to our second our. Second, or. Second, Azure act. Let's. Try that again if none of these options work, for you you can use option, two which. Is our hybrid, Active Directory domain. Model. And. So. What, that looks like is, your. Device is already domain joined, so. Maybe, maybe, you've had a device around for a few years maybe you already have existing policies, to roll out, your. Your. Devices. And, you. Don't want to move away from that, and. So what you do with that is, once it's domaine joined you also aad join it you can do both there's. No reason why you can't the, reason that you would do that is so that you, either. A. Have to reformat the machines you don't have to blow them away you don't have to create new profiles you don't have to. Disconnect. From the domain and read them a rejoin. It's. A little easier from. A migration process, it's, a great way to slowly. Move. Over. You. Have. One. Of the other options is you have the you, can do automatic device, registration, so in Azure ad connect you there's an option to say hey if, my devices are ad, joined automatically. Don't me as your ad join them so you, don't have to go to every single device and do that you, just check a box and ask things over. A period of time things will start migrating to. Azure. Active Directory as well this not means that it's not it's not it doesn't disconnect. You from Active Directory it, just does the dual join. So. We're, back to Milton. So. What. I'm gonna show here, besides, my lock screen bear. With me is. I. Have a hybrid join device and this. Is, joined. To the Windows that may hurt to the Microsoft. Corporate domain you. Can see pictures, of puppies actually, Hey look at that I just got policy Boston GPO, just pushed down a tool. But, one of the things you can see for, example. Is. If I open this and I do Who am I. All. This. Will take a minute because. As. A user at Microsoft I have like 800 groups.

But, You can see it's starting to pull it's during the query Active Directory it's gonna pull down all of this information, one. Of the other things is I can access hey, there's that share again, you. Know none. Of this none of this changes it's the same experience, you can access the same resources, you can access the same, same. Services, no. Changes whatsoever. So. We. Reiterate once more how do you do this again you know to be on Windows, 10 Pro you. Enable azure ad Connect azure ad Connect is a supremely. Important. Piece of all of this it's the magic, that. Makes sure that Active, Directory knows, about Azure Active Directory and Azure Active Directory, knows about Active, Directory if. If. The one takeaway you have, here is Azure. Active Directory Connect. Is supremely, important, once. You have that set up you can then on, your domain joint device you can then a charade join or have it automatically, azure ad join. So. One, of the things that I should mention though is that we do recommend that you stay stick with the first option which is just just. Have it join to Azure Active Directory so. And. Only, stick, to the hybrid if you absolutely need to or if you're doing it in a migratory process. Are. There's. Nothing to say that you can't mix and match either so, so, for for, existing, pcs you can just say sure their domain joined and automatically. Azure Active Directory join, the user doesn't see any difference it all just works beautifully behind the scenes but for any new devices that you're rolling out you. Can just add your Active Directory joint, domain join them there's no reason except. For the ones that the caveats mentioned previously, of why you couldn't. One. Of the other things is how does. Anyone here use SCCM, for for for configuration, management a couple, people. You. Can still use SCCM, if it's ad joined you can also use into notice that it's called Co management allows. You to get the best of both worlds there's. Nothing there's nothing inherently, wrong with using, SCCM, with this you just have to consider, that there is some either there's overlap or there's some just disjointedness, so just consider that keep that in mind. Anyway. That's. It for Windows 10 I'm gonna give this back to ash for for how. To install office. Thank. You Steve so. Once. You configure. The so, if you go back to see the previous steps essentially. Configure. The users and policies, deploy, office ECC 5 choose. Configuration, better for Windows 10 then, it's a question of how, do we get office it's all the machines so one of the one. Of the options, in step one is to auto install, office so when, we when it's part of the MCZ Febby, admin, experience so it's a part of the setup experience, and so, in step five when you're configuring windows 10 there's an option at the bottom called auto. Install, office, and so if you check that box as soon as the device is as, your ad joined and it's starting to get all of those centralized, policies, office, will start to install as well so we'll talk about how some of that some. Of that magic happens, so first thing is in Microsoft.

E65 Business the office, version is called, the office, business, version. So it is an, office, business client, that is specific, to business. Premium that, is specific, to SMB. Essentially. But, here, are some of the things that you would know we have retooled, the, office, business client in Microsoft, a six hour business to support some enterprise features like, a PP DLP. AIP so, the. Office, business client, that you get in Microsoft e6 for our business is slightly different from. The office, that you get in business premium so that's something key to know so what we're trying to do is the. Business client is going to support the new enterprise features that we've added like ATP DLP. AIP and so we've done the clients work in, fact the clients work is actually for, AIP and ATP, done. So it's rolling out to clients right now so you can start enabling AIP, features, so, what, is it it's full 32-bit office, it's, click to one it's. Always up to date and if you're using PowerShell, commands the, subscription license name is business retail what's. Included, standard, office. A. Service. Is similar to what you get in business review do have to note though. Late-breaking. News. You. If you notice Skype for business is not part of this so. Ask. For support article that's going out, Skype. For business will, no longer be part of the provisioning, package from October 1 for new, business. Premium tenants. So any existing, tenants you're good to go I mean. You're fine. In terms of Skype for business working, but for. New tenants that are provisioned, from October 1 Skype, for business is not part of the the service because it's, going to be teams and. That's because teams has full parity with Skype for business right now and we're we're. Essentially, saying teams. Is the way to go for, any new customers right now so just, want to to. Note that teams. Will, need to be pushed out separately, though we're working on making it part of the provisioning. Package but for now teams, has to be sort of pushed out centrally, by ad IT.

Separately. What, it's not it's not office, 365, ProPlus again. Being very transparent it's, a business it is still the office business client, with enterprise, support. With, enterprise features but. It is not full office, 365, ProPlus because. There is this kind of belief, well, I'm, sorry about that there's this tendency to believe that it is off the CC federal Plus and so it is not but. It has some of the enterprise Pro Plus features so, where, we are is the the, the. Differences, between offices. In federal plus and business client, in Microsoft. Describe business I think, the major difference, right now is. The. Office, business client, does not support, a shared computer activation. So just, you. Know keep that in mind as you're looking at deployment, so how does the office deployment, work as I, said if you set up the centralized, policy, in step 1 and enable, auto, install, for office, what. Happens, is as soon as as your ad joint happens, an MDM, policy, is delivered. From in tune to the PC saying, and. Then the PC then invokes, the. ODT, or the office deployment, tool with a config file and then magically, the, office suite package, is downloaded, and installs, in the background, quietly, so it really happens very fast so as, far as the end user is concerned if. You have set up that policy, in step 5 it. Checked the toggle button as soon as you're as ready join, put your user name and credentials, the end user the office download will happen magically in the background so you don't have to do much so. How, do you go from current, state to end state and. Here are some some. Recommendations. Or required actions, if. You have no office installed, it's a brand new device you're good to go system, installs with office but. If. You have office installed on a current device and it. Is a click to run again, there is no action for you it will just the. Right office, business client, will little, download or it will configure itself right, now if, you have office installed work with, via. MSI, is like. On-premise. Office, in a way, you. Have to uninstall all, MSI, versions, of office first so that's something that you'll have to do before.

The Click to run office, installs itself so, apart. From that I think the only rule is if you have office installed via MSI, uninstall. All MSI versions of office, one. Of the things is, Visio. And project, apps if. You have any existing. Mozilla, project apps, again. It's, not affected, at all because, the office provisioning. Package, is separate from Visio, and project so whether you have click. To run with zero project or MSI vizir project, there's no action for you there's it, people will just install, itself, without touching your Visio a project, that's thought, so. And as far as mobile devices is, concerned, all your users have access to all of the office apps outlook, teams wonderific, business. And so you. Also have the option of configuring, the company portal this is very important, you get full in tune in Microsoft, CC for business the licensing, rights to full in tune is there we, have exposed, some of the in tune features through toggles, in the admin portal but, if you want to go beyond, if you want to enable, company. Portal if you want to do mobile device management, for. IOS and Android fully, manage those if you want to manage Mac's all, of those capabilities are there you will have to go to the interim portal for now so, fine. I mean that's. Essentially, what we had in this discussion. I know we covered. A lot if, there's any questions, again please put those questions on the tech community but. Essentially, we wanted to let you with we, are trying to simplify, all of this management. And deployment capabilities. A core. Goal is to deliver value a lot, of the security value that we talked about yesterday, ATP DLP. AIP, very, strong, security. Capabilities. For your SMB, customers and. We understand, that there are a lot of moving parts here and so, our entire goal is to simplify, it to a centralized, sort, of node where, you can easily to. You. Know easy interface enable. A lot of those 80% scenarios. But, also give you the flexibility, that if there are those niche customers, who need to go and get extra, there's also the capabilities, there so. So. Finally, all, of the documentation, for the windows configuration that we talked about is all up there a. Kms. Hybrid, Azure ad joint for. Enabling. Hybrid, Azure ad joint and. Then, a DJ, the. Azure ad joint device method, so I think. A final sort of footnote, on this is a daily join is the simpler, way to, make, sure your Windows Device gets. All of the goodness of cloud management, very, easy so if you have a lot of those customers. And workgroup state or if. If. They don't require extensive, you. Know, management. Features, but, they need you know identity management and cloud management as you join is very little effort in, terms of just. Enabling, ad Connect, and you already join and get all of the goodness hybrid. As radio join as Steve, talked about is very good if you have for existing, domain joint devices, that is making, use of extensive. Gpo's, and, you have all of those needs so what. We are what we talked about is gave you two options a, simpler, richer. Like, easier experience worse, and the hybrid agitator, both would, work depending. On the type of devices, and type of customer, needs you have and if you have any questions on either of this please let us know. So. Again we. Talked about this, we support Active Directory unequivocally. And, we talked about the two methods that you have and the benefits, that you get for each and. Then. UAD join device is suitable, for SMBs, who want to move to the cloud and hybrid. As ready join is suitable for SMBs with majority. Domain, join devices, so again if you have a lot of domain join devices, hybrid, as ready join devices the way to go so. We. Have we. Have you know frequently, asked questions, that we get is. You. Know can I enable, office, 365, component, of MCC our business absolutely we're. Not saying, you. Know enable. All parts, of this at once because. We understand, it's a lot of effort you can absolutely take this step by step so if you, feel that your end users are going, to benefit, from the, office, 365 components, with everything, that we've added like DLP, AIP. ATP. All of those features they're good enough with that and the. The lightweight in tune capabilities, that you have gotten then. Fine that that is where we are you don't have to sort of do all of the, windows. Configuration immediately. But we're just giving you the end-to-end process, of what you can do to enable get.

The Full value of your subscription but, there's enough value in, office 365 components. As well to get you started off sooner so if you're looking for easy wins yes you can absolutely enable. The office issues of five components initially, and get the full value there. That's. Not that's that's, why we had and me I know, we're a little over any questions. We, can we can take that for a few minutes be happy yes would you like to come to the mic and ask this questions please. Is. There, an upgrade, SKU or an upgrade process from. Office. 365 business. To Microsoft, 365, business, the. Upgrade path is essentially. If. You're on office since the service plants are identical. So what, you would do is just swap out the licenses, so there is no change, in any, especially, figuring from business premium to Microsoft is fair business all you would do if you is. Just swap out the licenses, for the individual, user because, the service client is identical, there is nothing that is going to change for the end-user at that point what will light up is all of those extra features the, tp'ed DLP. Device. Management windows. Capabilities. So the upgrade path is essentially, swap out the skews. Yes. Yeah. Couple questions the, m-matt tool does that run on the DC. Or. On the into, where, do you run it. Client-side. Right yeah. It doesn't, run on the DC. Okay. Thank. You and the other question had to do with the Lapp link trial. Through November do you see that extending, beyond November, because it's pretty compressed timeline yeah. I mean it all depends on the demand for the lapsing tool and how many people were seeing download, it and, so my my, request is if you absolutely need it please put that on the SMB, tech community forum use the tool, we're. Essentially, assessing, demand and whether. To extend it or not really. Based on how many people download, it so if you're not seeing a lot of people using, it then, my. Honest, assumption, is probably not but if you're seeing high demand then we'll probably consider, extending. It all. Depends on our conversation, with laughs link of course they're, a partner so, but. I think usage. Is going to be the primary metric, on the conversations, we have at lab link thank, you. Two, questions first is like. A NPS, replacement. For people doing machine level authentication. Is. There something that you could do in in tune or should you be doing. Hybrid, setup in that scenario. Depends. On a number of factors if you can switch to certificate, based authentication. Then, you, can stick with in tune otherwise, you will have to be hybrid okay, and second. One was office, is, not, available. In. 365. Business, and shed, users. Like Terminal Service can you add on the. Pro Plus license, Wow. Yeah you can do that so if shared computer activation, scenario is super important, to you and especially, if it's limited to a few users who need that you can absolutely swap.

Out, Office. So I pull Plus for those users and you can enable the shared computer activation, but, it's very it's, interesting you. Know if you could essentially. Let us know in the tech community what, you're using the shared computer activation, for that would really help us because we are we're starting to hear this is an important, scenario so if you'd like to give us feedback that'd be great you can't substitute, the, office, license, though. You. Can't substitute the. Business. Okay. So you will have to purchase the offices, retro Plus license, as an add-on but. Then once you do that you, just uncheck the business, client, and then add, the office 365. Thank. You. Hi. We're. A, cloud. Service provider our partner with Microsoft, serving, small. Small. Business we, will come out we've been booted out, so. I will answer your question, but I think, we do have to allow for the next I. Will answer that. Thank. You so much burger, please.

2018-10-04 02:35

Show Video

Other news