Configure Subscription and Tenant Roles and Workload Settings
Start course
1h 44m

Microsoft 365 represents a combination of Office 365, Windows 10 and Enterprise Mobility offerings – providing the most complete set of SaaS technologies that Microsoft has to offer. With Microsoft 365, organizations can deploy a complete solution encompassing both devices and applications, along with applying security and compliance policies to protect the entire suite.

This course will help you as you plan your deployment of Microsoft 365, along with configuring and managing your tenant once it’s deployed. It also covers setting up and managing a Microsoft 365 subscription for an enterprise – including managing identities, security, compliance and the supporting technologies in the Microsoft 365 stack.

This course focuses mainly on setting up and managing a Microsoft 365 tenant – including the process for setting up a trial tenant, adding your own domains, and converting your tenant beyond the trial to a fully functional production environment. Now, these steps can seem to be very easy – just click a few options, answer a few questions, and you’re done. In fact, it is that easy! However, if you’re not aware of the big picture and asking some important questions along the way, you can end up painting yourself into a corner and causing problems down the road. At best, you might need to redo some things, at worst, you leave yourself with problems on your hands that might be difficult to sort out later.

After you’re set up, we’ll move on to talking about some of the things you need to consider in your day to day monitoring and management of your Microsoft 365 Tenant and the services that make it up. We’re also going to run through a few demos – showing you some of the practical steps involved, along with some tips and tricks we’ve picked up along the way.

Learning Objectives

  • Set up a new Microsoft 365 tenant and subscription
  • Add domains to the tenant and configure them for the various service offerings
  • Perform the day to day management of your users, including managing user accounts and license assignment
  • Know how to monitor the various services in your M365 tenant and have a plan in place to respond to service alerts and manage service requests

Intended Audience

This course is intended for people who:

  • Want to become a Microsoft 365 administrator
  • Are preparing to take the Microsoft’s MS-100 exam


To get the most from this course, you should have a general understanding of networking & server administration as well as IT fundamentals such as DNS, Active Directory and PowerShell.


Okay, let's take a look at some of the settings that we can configure as we're setting up our tenant. Some of them are ones that you're going to be configuring specifically as you configure the different services themselves like Exchange, Sharepoint, Teams, et cetera. But let's more look at the overall tenant and some of the settings that you're gonna wanna touch and just make sure are ready for you to start adding users and start configuring actual production services. If you look around on the tenant here, you can see on the left here we have Users, Devices, Groups, Resources. Not a lot to get into at this point. These are where we created our users, contacts. Guest users can be created here. Once you start getting devices set up, they're gonna show up in here as well, same with groups and resources like rooms, equipment, and sites and things like that.

 Under the Support section is where you're gonna create service requests. We'll talk more about that further down on the course. Where I wanted to touch on here is the Settings tab. Now, if you go to the Services and Add-ins, you can see a number of different options here that you can start to configure in your tenant. Actually, a lot of different options. Let's just go through a few of them here and just highlight some things that you might wanna set or get ready to start using in your tenant. The first one will be Azure Multi-Factor Authentication. You can click on that and just go to the Manage Multi-Factor Authentication link. And we're gonna head over to the Azure Active Directory portal where we can look at the MFA settings specifically and see how they apply to our users. We can see a list of users here. We can select them all. We can enable MFA for them all at once or manage the visual settings and choose different options here. We can also go into the service settings and pick other options that we want to apply globally to the service like whether or not users are allowed to create app passwords, what verification methods are available to them, and also how long they can remember their authentication on a device before they're forced to use MFA again. Next up would be calendar sharing. You can click on the Calendar. You can choose whether or not you want to allow your users to share their calendar outside of the organization or whether you want to keep calendar sharing to internal only. Whether you wanna allow anonymous users to access calendars. This means when your users are able to email out to somebody else and say, here's my calendar. You can check if you're busy or you can publish it somewhere in their email signature and allow external users to come in and take a look at it. You can enable or disable that. Here's where you access the directory synchronization settings. We talked about those earlier. And user communications is kind of an interesting one. You can see it's on by default and allows Microsoft to send emails to your users to instruct them on how to use their services that they're licensed for. You can think of this as being a good training option for users, kind of a self-service training option. They can opt out of it at any time if they want to. And it maps back to on the Home tab here. 

If you go into Train Your People for end users, you can see a bunch of training options that Microsoft has provided on how to do different things in Office 365, tips and tricks, training templates, modern workplace, et cetera. As well as if you come back into the Setup Guidance. Click on See All Guides and see the guides that they've offered up here. There are a number of email templates. This is an example of some of the email templates you can send to your users where you can just pick Outlook Anywhere and go Next, see who it's going to go, so it's just going to be General. And this is an idea of what it looks like. Your users will receive emails like this, instructing them how to use the different things that they are licensed to use in Office 365. Overall, pretty cool. Some other options you can look at here like Mail, for instance. The majority or actually all of these links take us somewhere else. Some of these things like auditing and message trace will take us to the Security and Compliance center. Some of the policies here will take us into the Exchange admin center. Not all of these are things that you need to do right away. Although if you know you have requirements for specific ones, you know, like anti-malware policies or spam filter policies, you can go ahead and get these configured right away and that'll take you over to Exchange. You can get that set up and you're ready to go to start bringing in users. Other things like Azure Information Protection. That's a bit more of an advanced feature that's part of the EMS suite that allows you to do document rights management. Probably not gonna be one of the first things you configure. And in fact, a lot of these things here will be services that you'll look at and say, okay, well, I'm not using this now, maybe using that later. Teams is something that I use right away, so I'm gonna go into Teams and I'm gonna start looking at these settings. Oh, look, Microsoft has moved them over to the Teams and Skype for Business admin center. This is something you see quite a bit in the Office 365 portal where things get moved to new settings. 

In the case of Teams and Skype, there's been a new Teams portal here that has been set up for the Teams admin. And this is where you're gonna go and configure all of your different Teams settings. But for now, we just wanna know where this is, know that it's available. Definitely encourage you to go and look around, click around in the portal, and see what options you have there. And we will see that there's just an absolute wealth of options and settings and dials and things to tweak. A lot of them, you don't need to touch. You can accept the defaults right off the bat and just look for some of the things that might be more relevant to your business. You know, whether you need to control settings around whether external members can be added to Groups and Teams, whether you wanna lock that down and keep all of your communication internal only. Or whether you want to allow Office Online to use third party services, et cetera, et cetera. 

Sites takes you over to the Sharepoint settings where you can configure how your Sharepoint content and OneDrive content can be shared. StaffHub, this is something that has been deprecated and has moved into Teams. You can expect this icon to disappear pretty quickly or at some point, just merged into the Teams panel. And that's about it. From there, we can head over into the Security and Privacy section, and here's where you can configure some of the things that are pretty important to you like the password policy for your organization. The default password policy that Microsoft actually recommends now is to set user passwords to never expire. You can change it if you want to and specify how many days they will last before they're expired and how many days before a user gets notified about their expiration. You can also come in and configure the privacy policy and the privacy contact if you have such a thing for your organization, as well as control whether or not you want to allow users to add guests to your organization. 

With the advent of guest users in Office 365, either in Teams or Groups, your users can have the ability to add external users into your tenant and these external users can interact with these Groups and with these Teams. A great feature but it needs to be something that your organization is ready for or that you even want to have. If not, you can come in here and turn it off. Self-service password reset is another great one as well. You have access to this as part of Azure AD Premium, which as you know, is part of the M365 suite. 

You can come in here and head over to the Azure AD center where you can actually configure some of these things like the self-service password reset. This is where you configure different MFA options. There's a bunch of different things you can configure here. We're just not gonna touch that right now. We're gonna take a look at that later on. For now, we just know this is where we need to go. Organization Profile, you come through here, you configure your company name, what the address is, city, state, province, et cetera, et cetera. 

You come in and you configure all that here. The release track for your tenant is something that's actually really important to set. By default, it's set to standard release, which is good because it means that new features will be released in the Office 365 portal, in the Office 365 services as Microsoft releases them to general release. You can set targeted release for everyone, which is generally not a good idea because this means that all your users are gonna be subject to a high rate of change. This might be something that you want. 

You might have users and maybe all your users that are highly open to change and are flexible and don't really care about new things coming in. They're pretty excited to be on the bleeding edge. You can turn it to targeted release for everyone or you can take a kinda safe approach and set target release for selected users and then only specify who you would like to be on the first release. So like, in this case, for instance, I'm gonna set myself because I'm the admin for this tenant. I wanna be on the first release and see what's happening. Everybody else is gonna be on the standard release and they're just gonna see everything, you know, after I do. I'll be seeing it ahead of time and making sure that I'm aware of any changes, and this is a good safe route to take.

 You can customize your theme in the Office 365 portal. You can change this black background here. You can add your own custom logo. You can change some of the colors here in the launcher and show usernames, either the full name when they're signed in or just a short name like what you see here, and you can choose to do with that as you will. 

You can add custom tiles. These custom tiles allow you to add applications that you're publishing or custom SaaS applications that you're linking to that you connected Azure Active Directory to. You can make them available to your users here. They can be added as custom tiles here on the app launcher. And of course, if you have a help desk information that you can add, you can go ahead and put it here, add a title here, and the contact information for your help desk. If not, you just leave this off. It's not something you need to change. 

And finally, at the bottom here, you can see where your data residency is for each of the main services that Microsoft makes available. You can see that since we provisioned this tenant in Canada, all of our data resides in Canada, whether it's Exchange, Sharepoint, Skype for Business, or Teams. Teams is a fairly new feature to be in Canada. It used to reside in the States. And it is possible to have some of your services residing in different geos. Typically though, Microsoft is doing really good at moving all of their services into the geo that is the source of your tenant. In this case, as you can see, Canada's where all of our services are and that's typically where everything is gonna be apart from Azure Active Directory, which still resides in the United States for some reason. It's the only one left of these services that is still not exclusive to your geo. It's really still in the United States and probably replicated across the world. But if you see where it shows up, it'll be United States not Canada. The rest of the settings here in the portal are ones, again, that I recommend that you look through. Click through the options. Familiarize yourself with the different admin tabs and portals, things like reports and usage, and the Security and Compliance center, and the different admin centers that are available to you in M365. We're gonna be covering a lot of these in future modules, so don't worry about it yet. Feel free to poke around as much as you want and I'll be going in greater depth into some of the different options as we continue down through this course.

About the Author

Jeremy Dahl is a Senior Technology Consultant who has spent the last 8 years focusing on Microsoft 365 technologies and has been an Office 365 MVP for the last 6 years. Jeremy is a self-proclaimed cloud addict who architects technology solutions that combine cloud technologies with on-premises solutions, allowing organizations to make the most of their existing infrastructure while still taking full advantage of the agility and scalability of what the cloud has to offer.

Jeremy can be found blogging about Microsoft 365 technologies on his website,, and evangelizing the Microsoft cloud on Twitter.