Microsoft 365: Complete Guide from Basics to Advanced
Table of Contents
- What is Microsoft 365? - Complete Basics
- Plans, Licensing, and Costs
- Setting Up Microsoft 365
- User Management Made Simple
- Email Management with Exchange Online
- File Storage and Collaboration
- Microsoft Teams Administration
- Security Fundamentals
- Migration Methods Explained
- Advanced Features and Management
- Troubleshooting Common Issues
- Best Practices and Tips
What is Microsoft 365? - Complete Basics
Understanding Microsoft 365
Simple Definition: Microsoft 365 is like having a complete digital office that you can access from anywhere. Instead of buying software and servers, you rent access to Microsoft's cloud services on a monthly basis.
What's Included:
Email System:
- Professional email addresses (john@yourcompany.com)
- 50GB+ mailbox storage per user
- Calendar and scheduling
- Contact management
Office Applications:
- Word (documents)
- Excel (spreadsheets)
- PowerPoint (presentations)
- Outlook (email)
- Available on computer, phone, and web browser
File Storage:
- OneDrive: Personal file storage (1TB per user)
- SharePoint: Team file sharing
- Access files from any device
- Automatic backup and sync
Communication Tools:
- Microsoft Teams: Chat, video calls, meetings
- Screen sharing and collaboration
- Phone system capabilities
- Integration with all other tools
Why Choose Microsoft 365?
Before Microsoft 365 (Traditional Setup):
Costs and Challenges:
- Buy servers: ₹10-50 lakhs
- Buy Office software: ₹30,000 per computer
- Hire IT staff: ₹8-15 lakhs per year
- Maintenance and updates: Ongoing costs
- Email downtime: Lost productivity
- Data loss risk: If servers fail
Example: 50-person company
Initial cost: ₹25 lakhs + ₹15 lakhs (software) = ₹40 lakhs
Annual IT costs: ₹12 lakhs
Total first year: ₹52 lakhs
With Microsoft 365:
Simple Monthly Payment:
- No servers to buy or maintain
- Latest Office apps always included
- Professional email with 99.9% uptime
- Automatic backups and security
- Work from anywhere capability
Same 50-person company:
Monthly cost: ₹27,000 (₹540 × 50 users)
Annual cost: ₹3,24,000
Savings: ₹28,76,000 in first year!
Real-World Business Impact
Case Study: Mumbai Trading Company (25 employees)
Before Microsoft 365:
- Used Gmail for business (looked unprofessional)
- Files stored on individual computers
- No proper backup system
- Difficulty collaborating on documents
- Couldn't work from home during COVID-19
After Microsoft 365:
- Professional email addresses (sales@company.com)
- All files accessible from anywhere
- Real-time document collaboration
- Video meetings with clients
- Seamless remote work during pandemic
- Improved professional image with clients
Plans, Licensing, and Costs
Understanding Microsoft 365 Plans
Think of Microsoft 365 plans like mobile phone plans - there are different tiers based on what features you need.
Business Plans (Up to 300 users)
Microsoft 365 Business Basic - ₹159/user/month
What You Get:
✓ Web versions of Office apps (Word, Excel, PowerPoint online)
✓ Business email (50GB mailbox)
✓ Microsoft Teams (chat, video, meetings)
✓ OneDrive storage (1TB per user)
✓ SharePoint sites for team collaboration
What You Don't Get:
✗ Desktop Office applications
✗ Advanced security features
✗ Device management
Best For: Small businesses that mainly need email and basic collaboration
Microsoft 365 Business Standard - ₹540/user/month
What You Get:
✓ Everything in Business Basic
✓ Desktop Office applications (Word, Excel, PowerPoint, Outlook)
✓ Access (database) and Publisher (marketing materials) - Windows only
✓ Advanced email features
✓ Customer booking system
Most Popular Choice: 80% of Indian SMEs choose this plan
Best For: Most small to medium businesses needing full Office suite
Microsoft 365 Business Premium - ₹1,799/user/month
What You Get:
✓ Everything in Business Standard
✓ Advanced security (threat protection, safe links)
✓ Device management for mobile phones/tablets
✓ Data loss prevention
✓ Advanced compliance tools
Best For: Businesses with security concerns or handling sensitive data
Enterprise Plans (300+ users)
Microsoft 365 E3 - ₹2,629/user/month
Advanced Features:
✓ Everything in Business Premium
✓ Unlimited email storage
✓ Advanced compliance and legal tools
✓ Power Platform integration
✓ Enterprise-grade security
Best For: Large organizations with compliance requirements
Microsoft 365 E5 - ₹4,799/user/month
Premium Features:
✓ Everything in E3
✓ Advanced security and threat intelligence
✓ Phone system for making business calls
✓ Power BI for data analysis
✓ Advanced compliance and insider risk management
Best For: Large enterprises needing maximum features and security
Choosing the Right Plan
Simple Decision Guide:
Ask These Questions:
1. How many employees?
- Under 300: Choose Business plans
- Over 300: Choose Enterprise plans
2. Do you need Office apps installed on computers?
- No: Business Basic
- Yes: Business Standard or higher
3. Do you handle sensitive data?
- No: Business Standard
- Yes: Business Premium
4. Do you need advanced compliance features?
- Yes: E3 or E5
5. Do you need a business phone system?
- Yes: E5 or add Phone System license
Cost Examples for Indian Businesses
Small Business (10 employees):
Business Basic: 10 × ₹159 = ₹1,590/month = ₹19,080/year
Business Standard: 10 × ₹540 = ₹5,400/month = ₹64,800/year
Business Premium: 10 × ₹1,799 = ₹17,990/month = ₹2,15,880/year
Recommendation: Business Standard
Cost per employee per year: ₹6,480
Medium Business (50 employees):
Business Standard: 50 × ₹540 = ₹27,000/month = ₹3,24,000/year
Business Premium: 50 × ₹1,799 = ₹89,950/month = ₹10,79,400/year
Recommendation: Business Standard (unless high security needs)
Cost per employee per year: ₹6,480
Large Business (200 employees):
Business Premium: 200 × ₹1,799 = ₹3,59,800/month = ₹43,17,600/year
E3: 200 × ₹2,629 = ₹5,25,800/month = ₹63,09,600/year
Recommendation: Mix of Business Premium (150 users) + E3 (50 power users)
Estimated annual cost: ₹45,00,000
Setting Up Microsoft 365
Initial Setup Process
Step 1: Getting Started
Sign Up Process:
- Go to microsoft.com/microsoft-365/business
- Choose your plan (Business Standard recommended for most)
- Create your organization account
- Add your domain (yourcompany.com)
Information You'll Need:
Business Information:
- Company name: "ABC Trading Pvt Ltd"
- Number of employees: 25
- Industry: Manufacturing/Trading/Services
- Country: India
- Business address (determines data center location)
Admin Contact:
- Your name and email
- Mobile number for verification
- Recovery email address (personal email recommended)
Step 2: Domain Setup
Why Use Your Own Domain:
Professional Appearance:
❌ Bad: john@abc123.onmicrosoft.com
✅ Good: john@abctrading.com
Benefits:
- Looks professional to customers
- Easy to remember
- Builds brand recognition
- Future-proof if you change providers
Domain Configuration:
If you have a domain (abctrading.com):
1. Add domain in Microsoft 365 admin center
2. Verify ownership by adding TXT record to DNS
3. Configure email routing (MX records)
4. Set up other required DNS records
If you don't have a domain:
1. Buy domain from GoDaddy, Namecheap, or similar
2. Point DNS to Microsoft 365
3. Follow verification steps
Step 3: User Account Creation
Creating Your First Users:
Single User Creation:
- Admin Center → Users → Active Users → Add User
- Fill in details:
- Name: Rajesh Kumar
- Username: rajesh.kumar@abctrading.com
- Department: Sales
- Job Title: Sales Manager
- Manager: (select if applicable)
Bulk User Creation (for multiple users):
Create Excel file with user information:
Username | FirstName | LastName | DisplayName | JobTitle | Department
rajesh.kumar@abctrading.com | Rajesh | Kumar | Rajesh Kumar | Sales Manager | Sales
priya.sharma@abctrading.com | Priya | Sharma | Priya Sharma | HR Executive | HR
suresh.patel@abctrading.com | Suresh | Patel | Suresh Patel | Accountant | Finance
Upload CSV file in admin center for bulk creation
Step 4: Basic Configuration
Essential Settings:
Security Settings:
- Enable multi-factor authentication (MFA) for all users
- Set password requirements (8+ characters, complexity)
- Configure automatic account lockout after failed attempts
Email Settings:
- Configure email signature templates
- Set up shared mailboxes (info@, sales@, support@)
- Create distribution lists for departments
Storage Settings:
- Set OneDrive storage limits (1TB default)
- Configure SharePoint site creation permissions
- Set up file sharing policies
User Management Made Simple
Creating and Managing Users
Adding New Users
When Someone Joins Your Company:
Step 1: Create Account
- Admin Center → Users → Add User
- Enter name, username, and basic information
- Assign license (Business Standard/Premium)
- Set temporary password
Step 2: Configure Details
- Add to appropriate groups (Sales Team, Mumbai Office)
- Set manager relationship
- Add profile photo
- Configure contact information
Step 3: Grant Access
- Add to relevant SharePoint sites
- Add to Teams channels
- Share necessary files and folders
- Provide login instructions
New User Welcome Process:
Email Template to Send New Employee:
Subject: Welcome to ABC Trading - Your Microsoft 365 Account
Dear [Name],
Welcome to ABC Trading! Your Microsoft 365 account is ready.
Login Information:
Email: [username]@abctrading.com
Temporary Password: [password]
Login URL: portal.office.com
First Steps:
1. Log in and change your password
2. Download Office apps from the portal
3. Set up email on your phone
4. Join our company Teams
Need Help? Contact IT: it@abctrading.com
Best regards,
IT Team
Managing User Changes
When Someone Changes Roles:
Promotion/Department Change:
1. Update job title and department
2. Change manager assignment
3. Update group memberships
4. Adjust SharePoint site access
5. Modify Teams channel membership
6. Update license if needed (Basic → Standard → Premium)
When Someone Leaves:
Immediate Actions (within 2 hours):
□ Disable user account (don't delete yet)
□ Reset password to random value
□ Remove from all groups and Teams
□ Convert mailbox to shared mailbox
□ Grant manager access to emails
□ Transfer OneDrive files to manager
After 30 Days:
□ Delete user account if confirmed not returning
□ Remove license assignment
□ Archive any remaining data
□ Update org charts and contact lists
User Groups and Permissions
Creating Groups for Easy Management
Department-Based Groups:
Sales Team Group:
- Members: All sales staff
- Purpose: Email distribution, SharePoint access
- Permissions: Access to sales documents, CRM integration
HR Team Group:
- Members: HR staff only
- Purpose: Sensitive HR communications
- Permissions: Employee data, confidential documents
All Company Group:
- Members: Everyone in organization
- Purpose: Company-wide announcements
- Permissions: General company information
Creating Groups:
- Admin Center → Groups → Active Groups → Add Group
- Choose group type (Microsoft 365 group recommended)
- Add name, description, and initial members
- Set privacy level (Public/Private)
- Configure email settings
License Management
Understanding License Assignment
Automatic License Assignment:
Best Practice: Assign licenses based on job role
Standard Employees: Business Standard
- Need full Office apps
- Regular email and collaboration
- Basic security requirements
Managers/Leaders: Business Premium
- Need advanced features
- Handle sensitive information
- Require additional security
Executives: E3 or E5
- Need maximum features
- Compliance requirements
- Advanced analytics and reporting
Managing Licenses:
Regular Tasks:
- Monthly license usage review
- Remove licenses from inactive users
- Adjust licenses based on role changes
- Monitor license costs and optimization opportunities
PowerShell for Bulk License Management:
# Remove license from user
Set-AzureADUserLicense -ObjectId "user@company.com" -RemoveLicenses "company:STANDARDPACK"
# Assign license to user
Set-AzureADUserLicense -ObjectId "user@company.com" -AssignedLicenses @{SkuId="STANDARDPACK"}
Email Management with Exchange Online
Understanding Exchange Online
What is Exchange Online: Exchange Online is Microsoft's cloud-based email service. Think of it as having a professional post office that never closes, handles all your mail automatically, and protects you from spam and viruses.
Key Features:
Professional Email:
- Custom email addresses (john@yourcompany.com)
- Large mailboxes (50GB-100GB per user)
- Access from any device (computer, phone, tablet)
- Automatic backup and synchronization
Advanced Features:
- Spam and virus protection
- Shared mailboxes for teams
- Calendar scheduling with meeting rooms
- Mobile device synchronization
- Offline access to emails
Setting Up Email
Basic Email Configuration
Email Addresses:
Standard Naming:
✓ Good: john.smith@company.com
✓ Good: j.smith@company.com
✓ Good: johnsmith@company.com
Avoid:
✗ john123@company.com
✗ jsmith2@company.com
✗ john_smith_sales@company.com
Department Emails:
- info@company.com (general inquiries)
- sales@company.com (sales team)
- support@company.com (customer service)
- hr@company.com (HR inquiries)
Shared Mailboxes
When to Use Shared Mailboxes:
Common Scenarios:
- Customer service (support@company.com)
- Sales inquiries (sales@company.com)
- General information (info@company.com)
- Department communications (hr@company.com)
Benefits:
- Multiple people can access same mailbox
- No additional license required (under 50GB)
- Shared calendar and contacts
- Consistent customer service
Creating Shared Mailboxes:
Step-by-Step:
1. Exchange Admin Center → Recipients → Mailboxes
2. Add Shared Mailbox
3. Enter details:
- Name: Customer Support
- Email: support@company.com
- Description: Customer support inquiries
4. Add Users:
- Give "Full Access" permission (can read emails)
- Give "Send As" permission (can send as support@company.com)
5. Configure in Outlook:
- Users add shared mailbox to their Outlook
- Can send and receive emails as support@company.com
Email Security and Management
Anti-Spam and Protection
Built-in Security Features:
Exchange Online Protection (EOP):
- Spam filtering (99%+ accuracy)
- Virus and malware scanning
- Safe attachments scanning
- Phishing protection
- Automatic quarantine of threats
Advanced Threat Protection (Business Premium/E3/E5):
- Safe Links: Scans URLs when clicked
- Safe Attachments: Opens attachments in secure environment
- Anti-phishing: Protects against sophisticated attacks
- Threat intelligence: Global security insights
Email Rules and Organization:
Common Email Rules:
1. Forward all emails from "info@company.com" to sales team
2. Move newsletters to "Newsletters" folder automatically
3. Flag emails from VIP customers as high importance
4. Auto-reply to emails when out of office
5. Block emails from specific domains
Creating Rules in Outlook:
Home → Rules → Create Rule → Set conditions and actions
Email Archiving and Retention
Managing Email Storage:
Automatic Archiving:
- Archive emails older than 2 years
- Move to separate archive mailbox
- Unlimited archive storage (premium plans)
- Searchable from Outlook
Retention Policies:
- Automatically delete emails after X years
- Preserve important emails indefinitely
- Legal hold for compliance requirements
- User-controlled deletion vs. admin-controlled
Calendar and Scheduling
Meeting Room Management
Setting Up Meeting Rooms:
Room Mailbox Creation:
1. Exchange Admin Center → Recipients → Resources
2. Add Room Mailbox
3. Configure details:
- Name: Mumbai Conference Room A
- Email: mumbai-room-a@company.com
- Capacity: 20 people
- Equipment: Projector, Whiteboard
4. Settings:
- Auto-accept meeting requests
- Prevent double-booking
- Set booking restrictions (max 4 hours, advance booking limit)
- Add room finder integration
Calendar Sharing:
Sharing Levels:
- Free/Busy: Shows when you're available
- Limited Details: Shows meeting subject and location
- Full Details: Shows all meeting information
- Editor: Others can create/edit meetings for you
Best Practices:
- Executives: Share calendar with assistant (Editor access)
- Team members: Share free/busy with team
- Meeting rooms: Auto-accept bookings
- Department calendars: Share within department
File Storage and Collaboration
OneDrive for Business
Understanding OneDrive: OneDrive is your personal cloud storage. Think of it as having a filing cabinet that you can access from anywhere - your computer, phone, or any web browser.
Key Features:
Personal Storage:
- 1TB storage per user (5TB in premium plans)
- Automatic file sync across all devices
- Offline access to files
- Version history (restore previous versions)
- Recycle bin for deleted files
Sharing and Collaboration:
- Share files with specific people
- Control who can edit vs. view only
- Password protect shared links
- Set expiration dates for shares
- Real-time collaboration on Office documents
OneDrive Setup and Usage
Setting Up OneDrive:
On Computer:
1. OneDrive comes pre-installed with Windows 10/11
2. Sign in with Microsoft 365 account
3. Choose folders to sync (or sync everything)
4. Files sync automatically to OneDrive folder
On Mobile Device:
1. Download OneDrive app from App Store/Play Store
2. Sign in with work account
3. Access files, share photos, scan documents
4. Automatic camera backup available
File Organization Tips:
- Create folders for different projects
- Use descriptive file names with dates
- Keep frequently used files in root folder
- Archive old projects to separate folders
OneDrive Best Practices:
File Naming:
✓ Good: "Sales_Report_Q3_2024.xlsx"
✓ Good: "Client_Proposal_ABC_Corp_v2.docx"
✗ Avoid: "Document1.docx"
✗ Avoid: "untitled.xlsx"
Sharing Guidelines:
- Share folders instead of individual files when possible
- Use "Specific people" for sensitive documents
- Set expiration dates for temporary shares
- Regularly review and clean up shared links
- Use SharePoint for long-term team collaboration
SharePoint Online
Understanding SharePoint: SharePoint is your team's shared workspace. While OneDrive is personal, SharePoint is for team collaboration, company documents, and building your company intranet.
Key Uses:
Team Sites:
- Department collaboration spaces
- Project workspaces
- Shared document libraries
- Team calendars and announcements
- Integration with Microsoft Teams
Communication Sites:
- Company news and announcements
- Policy and procedure documentation
- Training materials
- Executive communications
- Company intranet
Creating and Managing SharePoint Sites
Team Site Creation:
When to Create Team Sites:
- New department or team
- Major project requiring collaboration
- Specialized working group
- Client project workspace
Creating Team Site:
1. SharePoint → Create Site → Team Site
2. Enter site information:
- Name: Sales Team Workspace
- Description: Collaboration space for sales team
- Privacy: Private (team members only)
3. Add team members with appropriate permissions
4. Customize with team logo and branding
Document Management:
Document Library Features:
- Version control (track document changes)
- Check-out/check-in (prevent conflicts)
- Metadata (add properties like project, status, owner)
- Custom views (filter by project, status, etc.)
- Approval workflows
Setting Up Document Organization:
1. Create folders for different document types
2. Add metadata columns (Project, Status, Owner, Due Date)
3. Create views for easy filtering
4. Set up version control and approval workflows
5. Configure permissions (who can view/edit)
SharePoint Integration with Teams
Teams-SharePoint Connection:
Automatic Integration:
- Every Microsoft Team automatically gets a SharePoint site
- Team files are stored in SharePoint
- Direct access from Teams app
- Shared permissions and access control
Benefits:
- Files accessible from both Teams and SharePoint
- Better organization for large document sets
- Advanced document management features
- Integration with other business applications
Microsoft Teams Administration
Understanding Microsoft Teams
What is Microsoft Teams: Teams is your digital workplace - imagine having your office, meeting rooms, phone system, and collaboration tools all in one app that works on any device.
Core Components:
Teams and Channels:
- Team: Group of people (like a department)
- Channel: Topic within team (like projects or discussions)
- General channel: Default channel for each team
- Private channels: Restricted access within team
Chat and Messaging:
- Direct messages between individuals
- Group chats for quick collaboration
- @mentions to get someone's attention
- Message reactions and GIFs (if enabled)
Meetings and Calling:
- Video meetings with screen sharing
- Scheduled meetings with calendar integration
- Instant meetings (start immediately)
- Phone calls (with Phone System license)
Setting Up Teams
Team Creation and Structure
Planning Your Teams Structure:
Department-Based Teams:
Sales Team:
- General (announcements and casual chat)
- Leads (new customer opportunities)
- Customer Meetings (meeting notes and follow-ups)
- Training (sales training materials)
HR Team:
- General (HR team communications)
- Recruitment (hiring discussions)
- Employee Relations (HR cases and policies)
- Events (company events planning)
Project-Based Teams:
Website Redesign Project:
- General (overall project updates)
- Design (design discussions and files)
- Development (technical implementation)
- Testing (quality assurance and feedback)
Creating Teams:
Method 1: From Teams App
1. Teams → Join or Create Team → Create Team
2. Choose "From Scratch"
3. Select "Private" (invite only) or "Public" (anyone can join)
4. Enter team name and description
5. Add initial team members
Method 2: From Admin Center (IT Admin)
1. Teams Admin Center → Teams → Manage Teams
2. Add Team → Configure settings
3. Assign owners and members
4. Set up channels and policies
Channel Management
Channel Types:
Standard Channels:
- Visible to all team members
- Shared files and conversations
- Can be organized into sections
- Support tabs and apps
Private Channels:
- Restricted access within team
- Separate SharePoint site
- Enhanced security and privacy
- For sensitive discussions
Best Practices:
- Keep channels focused on specific topics
- Use descriptive names (not "Miscellaneous" or "Other")
- Archive inactive channels instead of deleting
- Pin important messages for visibility
Teams Meetings and Calling
Meeting Management
Meeting Types:
Scheduled Meetings:
- Created from Outlook calendar
- Teams meeting link automatically added
- Attendees get calendar invite
- Meeting options configurable
Instant Meetings:
- Start immediately from Teams
- Invite people during the meeting
- Share screen and collaborate
- Record for later viewing
Channel Meetings:
- Meeting tied to specific channel
- Team members can join easily
- Meeting notes saved to channel
- Related files easily accessible
Meeting Best Practices:
Before Meeting:
- Send agenda 24 hours in advance
- Share relevant documents beforehand
- Test audio/video setup
- Prepare backup dial-in number
During Meeting:
- Start on time and follow agenda
- Mute when not speaking
- Use video for better engagement
- Share screen effectively
- Record important meetings
After Meeting:
- Share meeting recording and notes
- Send action items with owners and due dates
- Update relevant documents
- Schedule follow-up meetings if needed
Phone System (Optional Add-on)
Teams Calling Features:
With Phone System License:
- Business phone numbers
- Make/receive calls through Teams
- Voicemail with transcription
- Call forwarding and delegation
- Auto-attendant for main number
- Call queues for customer service
Setup Requirements:
- Phone System license (₹672/user/month)
- Calling plan or direct routing
- Phone number assignment
- Audio conferencing for dial-in meetings
Teams Apps and Integration
Built-in Apps
Essential Apps for Teams:
Files:
- Access to team's SharePoint files
- OneDrive integration
- File sharing and collaboration
- Version control and co-authoring
Planner:
- Task management for teams
- Project timeline tracking
- Task assignment and progress
- Integration with Outlook tasks
OneNote:
- Shared team notebooks
- Meeting notes and documentation
- Searchable knowledge base
- Integration with meetings
Calendar:
- Team calendar view
- Schedule meetings easily
- View availability
- Integration with Outlook
Third-Party Integrations:
Popular Business Apps:
- Trello: Project management boards
- Asana: Task and project tracking
- Salesforce: CRM integration
- Adobe Sign: Document signing
- Survey Monkey: Feedback collection
- Power BI: Data visualization
Adding Apps to Teams:
1. Teams → Apps → Browse categories
2. Search for specific app
3. Add to team or channel
4. Configure permissions and settings
5. Train users on new functionality
Security Fundamentals
Basic Security Setup
Essential Security Configuration:
Must-Have Security Settings:
1. Multi-factor authentication (MFA) for all users
2. Strong password policies
3. Regular security training for employees
4. Email security and anti-phishing protection
5. Device management for mobile devices
Multi-Factor Authentication (MFA)
Understanding MFA: MFA adds an extra layer of security beyond just passwords. Even if someone steals your password, they can't access your account without the second factor.
MFA Methods:
Recommended (Most Secure):
1. Microsoft Authenticator App
- Push notifications to phone
- Works without internet connection
- Most user-friendly option
2. SMS Text Messages
- Code sent to mobile phone
- Works on any phone type
- Good backup method
3. Phone Call
- Automated voice call with code
- Good for areas with poor SMS
- Accessible to all users
Avoid (Less Secure):
- Email-based verification
- Hardware tokens (unless high-security environment)
Setting Up MFA:
For All Users:
1. Admin Center → Users → Active Users
2. Select users → Multi-factor authentication
3. Enable MFA for selected users
4. Choose authentication methods
5. Provide setup instructions to users
User Setup Process:
1. User logs in after MFA enabled
2. Follows setup wizard
3. Installs Microsoft Authenticator app
4. Scans QR code to link account
5. Tests authentication method
Conditional Access (Advanced Security)
Understanding Conditional Access: Conditional Access applies security rules based on conditions like location, device, or user risk level.
Common Policies:
Location-Based Access:
- Block access from high-risk countries
- Require MFA when accessing from outside office
- Allow trusted locations without additional authentication
Device-Based Access:
- Require managed devices for sensitive data
- Block access from unmanaged personal devices
- Require device encryption and compliance
Risk-Based Access:
- Block high-risk sign-in attempts
- Require password change for compromised users
- Step-up authentication for unusual activity
Data Protection
Information Protection
Sensitivity Labels:
Label Hierarchy:
Public:
- No restrictions
- Available to everyone
- Examples: Marketing materials, public announcements
Internal:
- Company employees only
- Basic protection
- Examples: Internal procedures, team communications
Confidential:
- Restricted access with encryption
- Specific people or groups only
- Examples: Financial reports, strategic plans
Highly Confidential:
- Maximum protection
- Very limited access
- Examples: Executive communications, legal documents
Setting Up Labels:
Configuration:
1. Security & Compliance Center → Information Protection
2. Create label hierarchy
3. Define encryption and access rights
4. Set visual markings (headers, footers, watermarks)
5. Configure auto-labeling rules
6. Deploy to users
User Experience:
- Labels appear in Office applications
- Automatic protection applied
- Visual indicators show protection level
- Warnings for risky actions (sharing externally)
Data Loss Prevention (DLP)
Understanding DLP: DLP prevents sensitive information from being shared inappropriately, like credit card numbers or personal data being sent outside the organization.
Common DLP Policies:
Financial Information:
- Detect credit card numbers, bank accounts
- Block external sharing of financial data
- Alert compliance team to violations
- Allow exceptions for finance team with justification
Personal Information:
- Protect Aadhaar numbers, PAN cards
- Prevent sharing of employee personal data
- Monitor access to HR information
- Ensure compliance with privacy laws
Intellectual Property:
- Protect proprietary information
- Monitor sharing of confidential documents
- Prevent unauthorized downloads
- Alert on unusual access patterns
Mobile Device Security
Mobile Device Management (MDM)
Device Management Options:
Basic Protection (Included):
- Exchange ActiveSync policies
- Require device PIN/password
- Remote wipe lost devices
- Basic app restrictions
Advanced Protection (Business Premium+):
- Microsoft Intune integration
- App-specific policies
- Selective data wipe
- Conditional access based on device compliance
- App protection without full device management
Mobile Security Policies:
BYOD (Bring Your Own Device) Policy:
- Separate work and personal data
- Protect only company information
- User privacy respected
- Easy enrollment and setup
Company-Owned Devices:
- Full device management
- Software installation control
- Location tracking capabilities
- Complete security control