1. Home
  2. Training Library
  3. Microsoft 365
  4. Microsoft 365 Courses
  5. Planning for Microsoft 365 Implementation and Migration

Planning for Security and Administrative Access

Start course
1h 10m

Microsoft 365 represents a combination of Office 365, Windows 10 and Enterprise Mobility offerings – providing the most complete set of SaaS technologies that Microsoft has to offer. With Microsoft 365, organizations can deploy a complete solution encompassing both devices and applications, along with applying security and compliance policies to protect the entire suite.

This course will help you as you plan your migration of users and data to Microsoft 365, including planning your identity and authentication solution, and the on-premises infrastructure needed to support your migration. We’ll also help you understand and identify your business requirements and use cases, to help drive your decision-making process when planning to transition your infrastructure to the Microsoft cloud. We’ll spend some time focusing on networking and discuss some of the networking decisions that need to be made to ensure an optimal migration experience, as well as the best experience for your users after migration.

This course will also help you to identify which data needs to be migrated to the cloud, and what the best migration method will be based on your scenario – we’re also going to cover the different types of user identities, how your users will authenticate, and how that’s going to affect your migration planning.

In addition to talking about these different components, we’re also going to run through a few demos – showing you some of the practical steps involved, along with some tips and tricks we’ve picked up along the way. 

Learning Objectives

By the end of this course, you should be able to:

  • Plan a Microsoft 365 Implementation, including the supporting infrastructure
  • Plan your identity and authentication solution, both on-premises and in the cloud
  • Identify your users, data, and mailboxes to be migrated to Microsoft 365
  • Plan the migration of your groups and user data to Microsoft 365

Intended Audience

This course is intended for people who:

  • Want to become a Microsoft 365 administrator
  • Are preparing to take the Microsoft’s MS-100 exam 


To get the most from this course, you should have a general understanding of networking & server administration as well as IT fundamentals such as DNS, Active Directory and PowerShell.


The other aspect of identity to consider when planning your deployment, is who your administrators are going to be and securing their access to administrative accounts. You'll remember that the person who creates the tenant, becomes the first tenant or global admin in Microsoft 365. 

It's never recommended to only have a single global administrator in your tenant. As that can cause problems if the person is away or leaves the company without handing over their admin credentials. It's always best to have several global admin accounts. But to ensure that access to this level administration is secured and not overused. If you have a centralized admin model, where one team of administrators is responsible for all management and admin functions. Then you might make all of these folks global administrators in your tenant, to allow them to their job properly. 

If you're using a distributed admin model where admin roles are broken down into specific functions, you're only going to want to have several global admin accounts and then use these accounts to assign the correct level of administrative access to your admin users. Regardless of whether you are using centralized or distributed administration models, it's always important that admin accounts are separated from day-use accounts. Now these accounts are secured by adding second factor authentication for when these accounts are used. 

The best option for managing administrative access in Microsoft 365 is Privileged Identity Management or PIM for short. PIM allows you to configure just-in-time admin access that is time restricted and elevation of privileges must be requested. In this way, no admin accounts be perpetually privileged. But your users can request elevation when they need to perform admin tasks in the tenant. After they've completed the task they need to, their admin access is released and their account becomes a standard user account again. PIM can also be configured to only require MFA when an account is elevated. So that your users are not being overly prompted when logging into the tenant. But as soon as they have additional privileges assigned to their account, additional security measures will be required.

About the Author

Jeremy Dahl is a Senior Technology Consultant who has spent the last 8 years focusing on Microsoft 365 technologies and has been an Office 365 MVP for the last 6 years. Jeremy is a self-proclaimed cloud addict who architects technology solutions that combine cloud technologies with on-premises solutions, allowing organizations to make the most of their existing infrastructure while still taking full advantage of the agility and scalability of what the cloud has to offer.

Jeremy can be found blogging about Microsoft 365 technologies on his website, masterandcmdr.com, and evangelizing the Microsoft cloud on Twitter.