Setup Microsoft 365 Tenancy and Subscription
Manage Microsoft 365 Subscription and Tenant Health
The course is part of this learning path
Microsoft 365 represents a combination of Office 365, Windows 10 and Enterprise Mobility offerings – providing the most complete set of SaaS technologies that Microsoft has to offer. With Microsoft 365, organizations can deploy a complete solution encompassing both devices and applications, along with applying security and compliance policies to protect the entire suite.
This course will help you as you plan your deployment of Microsoft 365, along with configuring and managing your tenant once it’s deployed. It also covers setting up and managing a Microsoft 365 subscription for an enterprise – including managing identities, security, compliance and the supporting technologies in the Microsoft 365 stack.
This course focuses mainly on setting up and managing a Microsoft 365 tenant – including the process for setting up a trial tenant, adding your own domains, and converting your tenant beyond the trial to a fully functional production environment. Now, these steps can seem to be very easy – just click a few options, answer a few questions, and you’re done. In fact, it is that easy! However, if you’re not aware of the big picture and asking some important questions along the way, you can end up painting yourself into a corner and causing problems down the road. At best, you might need to redo some things, at worst, you leave yourself with problems on your hands that might be difficult to sort out later.
After you’re set up, we’ll move on to talking about some of the things you need to consider in your day to day monitoring and management of your Microsoft 365 Tenant and the services that make it up. We’re also going to run through a few demos – showing you some of the practical steps involved, along with some tips and tricks we’ve picked up along the way.
- Set up a new Microsoft 365 tenant and subscription
- Add domains to the tenant and configure them for the various service offerings
- Perform the day to day management of your users, including managing user accounts and license assignment
- Know how to monitor the various services in your M365 tenant and have a plan in place to respond to service alerts and manage service requests
This course is intended for people who:
- Want to become a Microsoft 365 administrator
- Are preparing to take the Microsoft’s MS-100 exam
To get the most from this course, you should have a general understanding of networking & server administration as well as IT fundamentals such as DNS, Active Directory and PowerShell.
In this next section, we're going to cover the final steps required for configuring a new domain in Office 365 and setting up the services and workloads that you'll be using.
We're going to go over the types of DNS records required to enable IM, Presence and Voice in Skype or Teams as well as discuss our email records, which ones we need to have upfront and which records are situational. Finally we're gonna talk about the types of DNS records that are required, when and where you need to put them in and how to test them from the command line.
Let's get started.
Once you've added and verified your domain, then the next step is to determine what services you'd like to use this domain for. After you've select your domain and clicked Next, the Wizard will provide you with the appropriate DNS records that need to be added to your DNS host. You can see here that we also have the option of having Microsoft manage our DNS records for us or just doing the records ourself. In this option we're gonna choose I'll add the DNS records myself but you definitely can let Microsoft make the changes for you since we're already connected to GoDaddy. We can click this button here and all the DNS records will be added automatically. You do also have the option of moving your DNS provider to Microsoft themselves and letting Office 365 manage all of your DNS records for you. This is acceptable if you want to especially if you only have a Domain Registrar and you don't really have anything invested in having them host your DNS for you but more than likely again, you already have DNS hosting.
You may have a website attached that is hosted as well and you just want to keep on managing things yourself. In this case we're gonna select the option to Add the DNS records myself and click Next. Our next step is to choose our online services. As I said before, we're gonna pick everything, Exchange, Skype and MDM and click Next. This next screen now shows you the list of all of the DNS records you need to add. Once you've added them, go ahead and click the Verify button If everything turns green, you're all set up and ready to go. If not, go back over your DNS records and look for syntax or formatting errors that might be preventing them from validating properly.
Some DNS host require you to end target entry with a period and some don't. Just check to ensure that the records you're creating match the ones you already have in place. Also make sure that you don't have any typos or trailing spaces. The easiest way to set this up is to press the Copy button on the Office 365 DNS Verification page and paste the records directly into your DNS Editor.
Let's take a moment to cover the types of DNS records that are required to set up the main services in Office 365. Not all DNS providers make these different records available for you to edit and you might need to choose a special configuration or have your DNS provider's technical support add these records for you. As we've mentioned before, verifying that you own the domain requires either an MX record or a text record. The easiest and preferred option is just to use a verification text record.
Each service you configure will require different types of DNS records to be added to ensure that they work properly. Let's step through each one. Exchange needs to have three types of records provisioned. A CNAME record for autodiscover, a Sender Policy Framework or SPF record and finally an MX record. The autodiscover record is required to enable Outlook and your different email clients to find the exchange server information and configure the mail profile to receive email. If you don't configure this DNS record, your users will have a hard time configuring their email profiles. At some other Office 365 services such as Free/Busy lookups will not work properly. Note that if you are currently set-up at a high rate exchange environment, you need your autodiscover record to point back to your exchange server on premises in order for your mailboxes to configure correctly. Microsoft doesn't make this immediately obvious when configuring your domain, but it's important to keep this in mind. When you're configuring your autodiscover record in your DNS on prem, you can use an A record but Office 365 requires a CNAME record pointing to autodiscover.outlook.com.
An SPF record is a text record used to validate your accepted sending locations whether a third party domain through an include or the IP address of your exchange server on prem. For Exchange Online, your SPF record needs to include spf.protection.outlook.com. If you're Cloud only at this point, that's all you need but if you're adding Exchange Online to a hybrid exchange org, simply include the spf.protection.outlook.com string as part of your existing SPF record.
Your MX record of course is your mail routing record. Only update this to point to Exchange Online if you're ready to have your email routed from your existing server or service to Exchange Online. It's important to note that if you haven't updated your MX records because you're still pointing to your exchange server, it's okay to leave this domain with a warning or an error. Only update your MX records to point to outlook.com when you're cutting mailfo over to Office 365. Moving on from exchange to Skype for Business, you can see that Skype requires both CNAME and SRV records. At this point in time, it's not been made clear whether or not these records will change now that Teams is replacing Skype. For now, just know that you need to add a CNAME record for SIP and lyncdiscover pointing to the online.lync.com services as displayed here. These are required for the Skype client to be able to log-in to the service.
The SRV record's a little bit more difficult and not all DNS providers support them. If you're unable to create them yourself, you might need to request your DNS support team to create them for you or potentially move your name service over to Microsoft to control. When creating SRV records, note that you need to create each section. For instance, the service would be SIP, the protocol is TLS, the port is 443, weight is one and priority is 100 targeting zipdir.online.lync.com. Some DNS providers have separate boxes for each option and others have different formats. You can always check to see if your SRV records are configured corrected by using nslookup and we'll give that a shot once we finish getting our records configured. It's a good idea to learn the different ports and protocols required for SIP and SIP Federation TLS as you'll often face questions that will test your ability to remember the difference between the two. SIP is on port 443 and SIP Federation TLS is on port 5061. The final DNS records required are for Mobile Device Management or MDM. These are quite simple. Just two CNAME records for Enterprise registration and Enterprise enrollment. Pointing to the equivalent Microsoft services, simply input your DNS records as required and then click the Check DNS button to complete your domain's service configuration.
Jeremy Dahl is a Senior Technology Consultant who has spent the last 8 years focusing on Microsoft 365 technologies and has been an Office 365 MVP for the last 6 years. Jeremy is a self-proclaimed cloud addict who architects technology solutions that combine cloud technologies with on-premises solutions, allowing organizations to make the most of their existing infrastructure while still taking full advantage of the agility and scalability of what the cloud has to offer.
Jeremy can be found blogging about Microsoft 365 technologies on his website, masterandcmdr.com, and evangelizing the Microsoft cloud on Twitter.