Microsoft 365 Business Premium, previously known as Microsoft 365 Business, is a subscription service packed with productivity and security management features. It’s designed specifically for organizations with fewer than 300 users, and it is more feature-rich than Microsoft 365 Enterprise E3.
What’s included in Microsoft 365 Business Premium?
The Microsoft 365 business suite of products includes Microsoft 365 Business Basic, Microsoft 365 Business Standard, and Microsoft 365 Business Premium. Each of these offerings targets the small to medium enterprise market, and they’re limited to a maximum of 300 licenses per tenant.
Cost-wise, Microsoft 365 Business Basic is the most affordable subscription priced at $6 per user per month. For approximately double the monthly fee, you can access Microsoft 365 Business Standard for $12.50 per user/month. Nearly double that cost again and you’ve got Microsoft 365 Business premium at $22 per user/month.
You can see a comparison of the three different Microsoft 365 Business plans below:
|M365 Business Basic
|M365 Business Standard
|M365 Business Premium
|Microsoft Teams collaboration
|Office Web Apps
|Office Desktop Apps
|Microsoft Defender for Business
|Microsoft Defender for Office 365
|Enterprise Mobility & Security
Azure AD Premium:
– Multi-Factor Authentication
– Conditional Access
– Self-Service Password Reset
– Mobile Device Management
– Endpoint Analytics
|Windows 10 Business
With the inclusion of Microsoft Defender for Business, Microsoft Defender for Office 365, and Azure Active Directory Premium Plan 1, Microsoft 365 Business Premium offers significantly more features than its cheaper counterparts.
How to sign up for a 30-day trial
It’s really easy to get started with Microsoft 365 Business Premium, as there’s a free 30-day trial that will give you full access to all the features you need.
- Open the Microsoft 365 Business Trial signup page.
- Scroll to Microsoft 365 Business Premium and choose Try free for one month.
- On the signup page, enter any email address that does not currently have a Microsoft 365 subscription – this is just used for login verification. You’ll be setting up a new email address as part of the trial.
- At the Let’s get you started prompt, choose Set up account.
- In the Tell us about yourself section, enter the required details and choose Next.
- Verify your information by completing the verification steps.
Specify how you’ll sign in
In the following step, you need to determine the Username and Domain Name that will be used for you to sign into the new environment. The Username portion sits in front of the @ symbol. The Domain Name portion sits after the @ symbol and always ends with “.onmicrosoft.com”.
The Domain Name you choose must be globally unique. Microsoft will provide suggestions, but you’ll be able to change your domain at any time with your own customized domain.
When combined, the Username and Domain Name form a User Principal Name (or UPN), which is often likened to an Email Address. In the example below, my UPN is “Dean@firstcoffee2.onmicrosoft.com.”
Whilst this UPN is the method you, as the administrator, will use to authenticate to the new environment initially, it is not necessarily the format that my users will use to sign-in. As part of the tenant setup, we can configure a Custom Domain such as “firstcoffee.co.uk” to make user sign-ins more friendly.
Once you have settled upon a Username and Domain Name, just choose Save and choose a password.
Adding a payment method
Quantity and Payment is the next section. It’s important to understand that by continuing, you’ll be agreeing to a contract with Microsoft for the provision of the Microsoft 365 Business Premium service. Payment information is required as, unless you cancel the trial, it will convert until a 12 month paid subscription.
In the Quantity and Payment section, choose any number of licenses up to 25. As long as you choose a number up to 25, you’ll be eligible for the trial and no payment is required at this stage.
It’s worth noting that, regardless of the number of licenses specified here, 25 licences are provided for the duration of the 30 day trial.
Complete this section by adding a payment method and choosing Start Trial.
Remove the payment method from your Trial Subscription
Unless you’re hoping to continue the use of Microsoft 365 Business Premium once the 30-day trial period is over, it’s important to complete a few steps to ensure you won’t be charged or begin a 12-month subscription.
When you reach the Confirmation details step, choose Manage your subscription.
From the Your Products page, choose the More actions option from the ellipsis menu, then choose Edit recurring billing.
By default, the recurring billing option is set to On, meaning renewal will be automatic and purchased 30 days from the start of the trial. Select Off at this prompt to ensure the trial will cancel after the initial free period.
Next, you need to confirm that the trial will expire by reviewing the updated Your Products page. Take a look at the Purchased Quantity and Subscription Status columns to check the trial quantity and expiration date.
Configure trial users and assign licenses
With the trial now configured, we can assign licenses for up to 24 additional users in the Microsoft 365 Admin Center, in addition to our Administrative account. We’ll start by creating two test users and assigning licenses to them.
Adding new trial users
Our first test user is Jenny Tester, and the second one is Paige Tester. You can use these examples or create your own, either way, be sure to make a note of the credentials you set for future testing.
- Visit the Microsoft 365 Admin Center and browse to the Home screen.
- Under Your organization, choose Add a user.
- In the Set up the basics screen, enter the information for your first test user including the username and domain.
When completing the details for our first user, note the available options within the Domains dropdown box. We’re limited to the domain we set up when during the How you’ll sign in step earlier. We will update this once we’ve completed the setup of this user.
- Untick Automatically create a password.
- Choose a Password and choose Next.
- At the Assign product licenses screen, you need to ensure that the correct Location has been set automatically, then tick the box next to Microsoft 365 Business Premium.
- Complete the remaining wizard screens without making changes to the defaults.
Once complete, our first test user will be available and have a license.
Create a custom domain for easier login
A domain is the portion of an email address after the @ symbol, or after “www.”. They are typically used to make it easier for you or your customers to find your specific web service or app.
You can add a maximum of 5,000 domains to your Microsoft 365 subscription, but you can’t add a domain that you’re already using in another Microsoft 365 or Office 365 service.
Here are the steps you need to follow to use a custom domain with your Microsoft 365 Business Premium subscription:
- From the navigation pane, choose Setup.
- Next, scroll to the Sign-in and security actions, then choose Get your custom domain set up.
- Review the user impact statement:
If you don’t connect your domain to Microsoft 365, your users will sign in to their apps and use email with their default “yourdomain.onmicrosoft.com” domain.
It’s easiest to add a custom domain before you add your users. Otherwise, you’ll need to update your users’ username when you connect your domain.
- Choose Get Started.
- At the Add a domain prompt, enter the domain name that you would like to use. It’s important that you already own this domain before entering it here. If you don’t already own a domain, take a look at this guide to learn how to purchase one.
It’s possible that your domain registrar may be compatible with the Microsoft 365 domain verification process. GoDaddy, for example, supports automatic verification via the wizard.
When entering your domain, it is checked against the list of supported registrars. If supported, you’ll be asked how do you want to verify your domain.
- Choose to Sign in to [your registrar], and complete the wizard steps to verify your domain.
- Once your domain setup is complete, choose Done.
Update the primary email address and username of your users
Now that we configured our custom domain to use with our Microsoft 365 Business Premium subscription, we can change the primary email address and username of our test users.
Here’s how to do it:
- From the Microsoft 365 Admin Center home screen, choose Users, then select the user you’d like to modify.
- In the flyout menu, choose Manage username and email.
- Update the Primary email address and username to match your new custom domain.
Note: You don’t need to add an alias here. This will not change the user’s login username and would simply give them an additional address to receive email.
Understanding default security controls
By default, all Microsoft 365 environments created after 2019 have security controls enabled by… default. Tenants created prior to this date will not have these security controls enabled automatically, though the option is available. The controls are available at no additional cost, and provide a great foundational layer of security.
The following security controls are enabled and managed by IT admins:
Enforcing Azure Multi-Factor Authentication registration for all users
All users in your tenant must register for Multi-Factor Authentication (MFA) in the form of the Azure AD MFA within 14 days. Registration is limited to the Microsoft Authenticator app. After the 14 days have passed, users will be prevented from signing in until they have completed registration.
Forcing Administrators to use Multi-Factor Authentication
Administrators have a greater level of access to the environment and therefore require increased levels of protection. With default security controls, administrators must complete an Azure AD MFA challenge every time they authenticate.
Blocking legacy authentication for all users
Legacy authentication refers to an authentication request from:
- Clients that don’t use modern authentication.
- Clients using older mail protocols such as IMAP, SMTP, or POP3.
Legacy authentication methods don’t support Multi-Factor Authentication, therefore they’re often used by attackers to bypass security controls. Default security controls in Microsoft 365 for Business will block all legacy authentication protocols for all users.
Requiring all users to perform Multi-Factor Authentication when appropriate
Whilst administrators are valuable targets for account compromise, attackers frequently target standard or low-privileged users. These are often less protected, but the information that can be gained from them can be valuable to an attacker when preparing for further attack.
Security Defaults will require all users to satisfy an MFA challenge whenever it is deemed necessary – this is determined by a number of risk factors such as location, device, role, and apps.
Intune is part of Microsoft’s full-featured Endpoint Management platform, Microsoft Endpoint Manager. It supports the management of Windows, iOS, Android, macOS, and Linux devices via Mobile Device Management.
Azure Active Directory supports multiple Mobile Device Management (MDM) platforms, but Intune is enabled by default. You can verify this by visiting the Mobility (MDM and MAM) blade in the Azure Active Directory Admin Center.
The Mobility screen lists Microsoft Intune and Microsoft Intune Enrollment in some cases. Choose Microsoft Intune in this case.
Confirm that the MDM user scope is set to All.
Review Microsoft 365 Business Premium services
As mentioned at the beginning of this article, Microsoft 365 Business Premium is packed full of features – too many to describe them all in detail here.
Of all the features available within Microsoft 365 Business Premium, those that are security-related stand out the most. Features such as Microsoft Defender for Business, which is essentially a slightly more feature-rich version of Microsoft Defender for Endpoint Plan 1, brings enterprise-grade security to the small business market.
Similarly, Microsoft Defender for Office 365 is of great value, giving additional protection for email and collaboration over and above the standard protections built into Exchange Online. Finally, Azure Active Directory Premium Plan 1 brings the Azure AD Multi-Factor authentication capability, along with Conditional Access and Self-Service Password Reset.
Now that we’ve completed trial signup, created users and assigned them licenses, secured the environment, and enabled Intune, we’re ready to begin trying out some of the features of Microsoft 365 Business Premium. From here, it’s a good idea to get familiar with the capabilities of Microsoft Endpoint Manager (Intune) – take a look at our guide which covers Managing Windows Devices with Microsoft Endpoint Manager (Intune).