Setup Microsoft 365 Tenancy and Subscription
Manage Microsoft 365 Subscription and Tenant Health
The course is part of this learning path
Microsoft 365 represents a combination of Office 365, Windows 10 and Enterprise Mobility offerings – providing the most complete set of SaaS technologies that Microsoft has to offer. With Microsoft 365, organizations can deploy a complete solution encompassing both devices and applications, along with applying security and compliance policies to protect the entire suite.
This course will help you as you plan your deployment of Microsoft 365, along with configuring and managing your tenant once it’s deployed. It also covers setting up and managing a Microsoft 365 subscription for an enterprise – including managing identities, security, compliance and the supporting technologies in the Microsoft 365 stack.
This course focuses mainly on setting up and managing a Microsoft 365 tenant – including the process for setting up a trial tenant, adding your own domains, and converting your tenant beyond the trial to a fully functional production environment. Now, these steps can seem to be very easy – just click a few options, answer a few questions, and you’re done. In fact, it is that easy! However, if you’re not aware of the big picture and asking some important questions along the way, you can end up painting yourself into a corner and causing problems down the road. At best, you might need to redo some things, at worst, you leave yourself with problems on your hands that might be difficult to sort out later.
After you’re set up, we’ll move on to talking about some of the things you need to consider in your day to day monitoring and management of your Microsoft 365 Tenant and the services that make it up. We’re also going to run through a few demos – showing you some of the practical steps involved, along with some tips and tricks we’ve picked up along the way.
- Set up a new Microsoft 365 tenant and subscription
- Add domains to the tenant and configure them for the various service offerings
- Perform the day to day management of your users, including managing user accounts and license assignment
- Know how to monitor the various services in your M365 tenant and have a plan in place to respond to service alerts and manage service requests
This course is intended for people who:
- Want to become a Microsoft 365 administrator
- Are preparing to take the Microsoft’s MS-100 exam
To get the most from this course, you should have a general understanding of networking & server administration as well as IT fundamentals such as DNS, Active Directory and PowerShell.
Alright, let's go ahead and add some new users in our new tenant.
There's essentially four different ways to provision users in your tenant. You can create new users individually or in bulk using the GUI, you can use PowerShell to create new users, or you can use Azure AD Connect, formerly known as DirSync, to synchronize your users from your existing Active Directory on-premises. Let's step through a few of these options and see what steps we need to take.
Our first option for adding users is manually through the portal. We're gonna go ahead and click on Add a user, and then type in a username and fill out their details. I'm gonna start with our good friend, Lester Tester, and his name is email@example.com. We're gonna leave the contact information blank. Obviously you could go ahead and fill this with as much or as little detail as you like. You can either specify the password or you can choose to autogenerate and make the user change their password when they first sign in. This is definitely a good option because you wanna make sure that whatever password you've created is a temporary password and the user is forced to change it as soon as he get into Office 365. No going ahead and creating welcome123 and leaving that as your password. And definitely we wanna make sure that it gets updated to something secure. Since we're just creating a few user accounts here, we're not gonna assign any administrator roles although this is where you could assign a global administrator or a customized administrator who is gonna be any one of these different options here. In this case we're just gonna pick a normal user and we are gonna assign a product license.
Next click the Add button to go ahead and get your user created, and then choose whether or not you want to send the password and the email. Click the button to Send email and close. And we have a user created. You can now go over to Users, click on Active users, and you can see the names for that we just created.
Now let's go ahead and create a couple more users and we'll use the bulk importing tool to create multiple users at the same time. Start by clicking on the More option here under Active users, and we're gonna choose to Import multiple users. Now the wizard that pops up tells you to create and upload a CSV file, and so what we wanna do is we wanna start by downloading a CSV file so that we can see what are the information we need to populate. It's helpful if you're doing this for the first time just to grab the second option here which is a CSV file with headers and sample user information so we can see exactly what it is that Microsoft is looking for. Once that file downloads, you can see exactly what it is that we need to have here, again the idea of all the different fields that are available to us as we wanna create our users. So we're gonna just go ahead and delete these for now. We'll leave one there so we can see some things as we go here. The only mandatory options that need to be put in is the username and the display name, everything else is optional. So you can decide to put in as much or as little as you want. So we're gonna create two users here. One called Sally Tester, and so she will be Sally@m365jedi.onmicrosoft.com, and her display name is Sally Tester. That's it. And we'll create one more. This one will be Joan@m365jedi.onmicrosoft.com. Joan Tester. All the whole Tester family is coming. And then Joan is the CIO, and he's located in Vancouver, BC, Canada. Okay, so we're gonna get rid of these two fields here 'cause these are just ones to show us the samples. And we're gonna go ahead and save this file. Now we're gonna come back to our portal, click Browse, select the file, and then click Verify to confirm the details. File looks good so we're gonna click Next to continue.
From here we have the option to choose whether or not we want to allow these users to sign in. It makes sense and since we're creating these new users, we do wanna leave it as Sign-in allowed. Although if for some reason you needed to create a user that was not able to sign in but was just an identity in Office 365, you could change their sign-in to blocked. Location we're gonna leave as Canada for both users. And then again choose the options of whether to give them a license or not. In this case we're just gonna assign them both licenses, the full stack, and click Next.
Okay, both users are created. We can choose to download the results which shall give us the usernames and password, or we can email the result files to whomever we want, either the recipients themselves or just to ourselves. Bear in mind that you are sending passwords over plain text so this is not the most secure way of sending out your passwords. You just wanna make sure that if you are creating multiple users, there are gonna be temporary passwords, and you wanna give each user their password maybe on a piece of paper. Rather than emailing the results, you might just choose to uncheck that option, download the results, save it to your computer, and then just close without sending. Okay, and we can see that both of our users have been created, and they all have licenses assigned, and they're ready to go.
I just want to talk briefly about Azure Active Directory Connect and the ability to synchronize your users from Active Directory on-premises into Office 365. We're not gonna cover the setup and installation of the AAD Connect tool at this point in the course, but it's good to know about it as it's more than likely the way your users are going to be provisioned if you want to have any kind of integration with your Active Directory.
To get started with AAD Connect, go back to your Active users page and click Directory synchronization. This opens the blade that gives you the Active Directory preparation information and a link to download the Azure Active Directory Connect tool. Clicking on this link takes you to the download page where you can review the system requirements and you can see here that you need to install AAD Connect on a server running Windows Server 2008 or newer. And even though it's not mentioned here, the server needs to be domain joined.
Once AAD Connect is installed, you'll configure synchronization options and then either sync your whole AD or just a subset of OUs. Like I said before there's a fair amount of configuration choices available here, but that won't be covered in this course. For now just know that it exists and that you're more than likely going to need to have it installed at some point.
Okay, let's move on to add our users through PowerShell. This is a bit more of an advanced option, but as you might expect when you're doing anything with PowerShell, it's a great way of doing a lot of different things at once, and it's not that complicated. Since we're just starting out here, let's keep it simple, and just use PowerShell to create a few new users. If you haven't already installed the Azure Active Directory module on your computer, you can do so from an admin shell by simply typing Install-Module AzureAD. Now in my case I need to add an extra switch called AllowClobber because I already have it installed and I just want to force the PowerShell repository to download a fresh copy and install it over the top. Normally you wouldn't need to do AllowClobber. Hit Enter. And it asks if you want to import from the repository. We're gonna say yes, and it goes ahead and downloads the Azure AD. Unzips, installs, and we're good to go.
So we can connect to the Microsoft Online Services by typing in Connect-MsolService. And as you notice what I'm doing is just starting to type out, and then I'm just hitting Tab on my keyboard and that tabs out the rest of the command. That's a really handy trick to learning PowerShell command-lets. You can just start going and tabbing things out and seeing what options are available to you. So let's just click Enter here. And we're gonna type in our username and our password. Okay, now we're connected to Office 365, to Azure AD, to the MsolService, however you wanna think of it, and we're just gonna check to see what we have here. So we're gonna do Get-MsolUser and hit Enter, and we can see the users that we've created already.
So we're gonna start first by just creating a single user. You probably wouldn't do this very often because if you're just creating one user, you might as well just create them through the portal. It's really only as we're doing multiple users that you really wanna start using PowerShell. In this case here we're gonna start out with New-MsolUser, tab it out and then go -UserPrincipalName, and we're gonna pick a user principal name, in this case it's gonna be firstname.lastname@example.org. And as before, you need to do the user principal name and the display name. So we're gonna do -DisplayName, and we're gonna say this is Johnny Test. Since there's a space in the display name, we need to put it in quotes, and then hit Enter. Okay, user gets created. We see it's created a password for him by default. And the user is created and licensed. In fact if we run another Get-MsolUser, we could see that Johnny Test was created and does not have a license assigned. There is a way that you can add a license as you're doing this. You can also specify your own passwords. That's kind of a bit more advanced than what we're doing here. This is just showing you the basics of how you can create a user through PowerShell.
Now we're gonna go a little bit above here, a little bit above and beyond, and we are going to use our same CSV file as before. This time I've added two new users called Joe and Jane Cool. And I've simply taken out the spaces from the column headers as it just makes it easier to call them out in PowerShell, and save this file. The first thing we're gonna do is we're gonna create a variable called users. So we're gonna say users equals, and I'm gonna do this little trick called Import-Csv, and specify the path and in this case it's going to be C:\Users\jeremy.dahl\Desktop\, and the name of our file is import, I'm gonna tab that out, Import_User_Sample.csv.
Okay, hit Enter. And I can check my variable and see that both Joe and Jane Cool are lined up and ready to go. And so now that we have a variable here, we're gonna go ahead and create our users. Now I have already filled this in so I'm just gonna copy and paste here for us to see, and then I'll talk through what the command looks like. So what we're gonna do is we're gonna do a foreach and we're gonna say for each u in users which means each line in this variable here, New-MsolUser, the UserPrincipalName is u.UserName, FirstName u.FirstName, LastName u.LastName, DisplayName u.DisplayName. Pretty straightforward. And then the LicenseAssignment is $license, and UsageLocation is u.Country. Now you can see here that we haven't populated the license variable yet, so let's go ahead and do that first. Let's escape here. And the way we can check out what licenses we have available is by using Get-MsolAccountSku. And we can see that our account SKU ID is m365jedi:SPB. So we're gonna create a new variable called license and we're gonna call it m365jedi:SPB. I'll make it caps lock 'cause I like that. Okay, so now we're actually ready to go and use this command because we have the license assignment set up. UsageLocation is there, all the information we have about our users. Go ahead and hit Enter. And we can see that it's created both Joe and Jane Cool, and assigned them a password as we can see, and both users are licensed. Now if we go back and do a Get-MsolUser, we can see all the extra users that we've created. Joe and Jane Cool are licensed. Johnny Test is not. This is kind of the same as what we expected based off of what we've been running. And if we come here and do a refresh, there's our actual users.
Now since we've created this guy here unlicensed, we probably gonna wanna go ahead and license him. So we're gonna do that. We are going to pick license settings here. Choose a location. This one is in Canada. Give him a license and save.
Now you might have noticed as we were going through our CSV file that we have one of our users, Joe Cool, who is located in Canada, that's correct, and Jane Cool is not located in Canada. Jane is located in the United States. And we specify that by choosing the country code and that's the two-digit country code of our users. And depending on where you are in the world, you can essentially set your user's location to be anywhere you want and just pick the correct country code to match, and if you don' know what that is off the top of your head, you can look it up online and find a full list of country codes or that can be used rather and just pop them into your PowerShell or directly into your CSV file. You can see from this CSV file here, we could again have gone in and filled out all this other information if we wanted to and added a new user that had all this information filled out. So this is a great way of importing lots of users, doing it automatically through PowerShell, and then spitting out the results into something that you can go then and turn back and pass the passwords on to the users, and let them start logging in to Office 365.
About the Author
Jeremy Dahl is a Senior Technology Consultant who has spent the last 8 years focusing on Microsoft 365 technologies and has been an Office 365 MVP for the last 6 years. Jeremy is a self-proclaimed cloud addict who architects technology solutions that combine cloud technologies with on-premises solutions, allowing organizations to make the most of their existing infrastructure while still taking full advantage of the agility and scalability of what the cloud has to offer.
Jeremy can be found blogging about Microsoft 365 technologies on his website, masterandcmdr.com, and evangelizing the Microsoft cloud on Twitter.