Tuesday, May 1, 2018

Microsoft 365 Business gets serious

night-portrait-canon-flash-74472

Recently Microsoft announced that Microsoft 365 Business had added a number of new features. You can read the announcement here:

https://www.microsoft.com/en-us/microsoft-365/blog/2018/04/30/safeguard-your-business-with-new-security-features-for-microsoft-365-business/

Now, I was super impressed with what they added. Things like Advanced Threat Protection (ATP) and Data Loss Prevention (DLP) are amazing add ons. However, when I went and looked at the actual Services Descriptions for what has been added I was blown away with what has in fact been added. Here’s the complete list:

1. Microsoft 365 Business includes Exchange Online Archiving subscription. This effectively turns an Exchange Online Plan 1 mailbox into a Plan 2 mailbox. This means that it effectively makes the mailbox unlimited in capacity. This was previously only available on E3 plans or better!

2. Azure Information Protection (AIP) Plan 1 is included in Microsoft 365 Business. This includes even more features that are part of Office 365 E3! For example, AIP Plan 1 includes the following items above and beyond what you get with Office 365 E3:

-  Manual, default, and mandatory document classification and consumption of classified documents

- Azure Information Protection connector with on-premises Windows Server file shares by using the File Classification Infrastructure (FCI) connector

- Document tracking and revocation

3. Data Loss Prevention features will be available in Microsoft 365 Business in Summer 2018. Normally this required a minimum of Office 365 E3.

4. Enterprise State Roaming for Windows 10 with Azure AD join. This is a feature of Azure AD Premium 1 but is now in Microsoft 365 Business.

5. Full Intune capabilities for iOS, Android, MacOS, and other cross-platform device management built into Azure console, also licensed for use with Microsoft 365 Business. Now this is the REALLY interesting one. It says FULL Intune!

6. In-Place Hold and Litigation Hold. This used to require a minimum of Office 365 E3.

7. Microsoft Stream. This used to require a minimum of Office 365 E1.

Interestingly, there now seems to more flexibility when it comes to integration with local Active directory per:

8. Azure AD Connect tool for enabling directory synchronization is supported in Office 365 Business Premium, which is a component of Microsoft 365 Business. However, when Windows Management components are enabled for Microsoft 365 Business, an Azure AD-join is required. If you have an on-premises Active Directory environment and you want to join your domain-joined devices to Azure AD, you can accomplish this by configuring hybrid Azure AD joined devices.

9. Advanced Threat Protection (ATP). This used to only be included in Office 365 E5 or as an addon SKU.

Some things Microsoft 365 Business still doesn’t include:

A. Conditional access (based on group, location, device state, sign-in, or user risk).

B. Device objects two-way synchronization between on-premises directories and Azure AD (device write-back).

C. Dynamic Groups.

D. Group Naming Policy. I am going to assume this one as I can’t find information that say it is included. However, fingers crossed.

E. Advanced eDiscovery.

If you want to check out all the details see:

https://technet.microsoft.com/en-us/library/mt846681.aspx

This really changes the whole Microsoft 365 Business conversation. These additional features I believe make Microsoft 365 Business the hero SKU for SMB, especially considering that that the price has not been increased (as far as I am aware). That is a huge amount of added value for no additional price.

The two big ones for me are the inclusion of Advanced Threat Protection (ATP) and Intune. If you then go and add everything else, wow, simply wow, is all I can say. This puts Microsoft 365 Business into the must have for most small businesses.

If you haven’t looked at Microsoft 365 Business, you really, really should!