What is Microsoft Office 365 (2019)

What is Microsoft Office 365

What is new in Microsoft Office 365?

Microsoft Office 365 is one of the most innovative sets of services Microsoft has offered in the last decade, together with Microsoft Azure. In this tutorial, you will learn what Office 365 is and the fundamental services on which the Office 365 offering is built.


What is Microsoft Office 365?

Microsoft Office 365 is the most important Software as a Service offering Microsoft currently provides. Software as a Service (SaaS) provides a software solution with a licensing model based on a subscription and delivered through a centrally hosted infrastructure that typically is on the cloud. 


There are four main offerings available:

On-premises Everything is based on hardware and software that is installed within the building (the premises) of the company or person using the software. All the key aspects of a software solution, like availability, scalability, and security, are the responsibility of the company or person who runs that software.


Infrastructure as a Service (IaaS) The software is installed on one or more virtual machines that are hosted by a third party, abstracting the subject that uses that software from taking care of all the physical infrastructural topics like networking, storage, physical servers, and virtualization.


Platform as a Service (PaaS) The software is hosted and executed in a platform that allows developers to focus on data and custom application development. The resources used to host the software solution can be shared across multiple subjects. In that case, PaaS guarantees isolation and data partitioning.


Software as a Service (SaaS) The software solution is provided on a subscription basis and is delivered through a centrally hosted infrastructure. Typically, the software solution can be improved by creating customizations and/or embracing an extensibility model that keeps the SaaS offering safe and isolated from any third-party customization.


Office 365 fits into the SaaS category. Following the guidance in this blog, you—as a developer—will be able to build customizations and extensions according to the extensibility model of a SaaS offering.


One fundamental concept that you need to understand about the various hosting models is that developing solutions for SaaS allows you to focus on your business requirements without having to take care of any infrastructural or platform-related tasks, as you would if you were hosting a solution running in any of the other hosting models.


Often, developers waste their time architecting and configuring virtual machines, services, and servers just for the sake of hosting their custom-developed solutions. With the SaaS model, you will completely focus on customizing the software provided as a service by realizing the business requirements that you need to satisfy.


Microsoft Office 365 services

Let’s now dig into the main services Microsoft Office 365 offers. First, it is important to note that Office 365 is a continuously growing and changing offering.


Thus, the list of services available at the time of this writing could be different from the list of services available at the time of reading. From a developer’s perspective, this is awesome and challenging because you will be continuously learning as the platform grows.


The basis of Office 365 is a Microsoft Azure Active Directory (Azure AD).  The Azure AD is the directory system on the cloud that sits under the cover of every Office 365 tenant.


The Azure AD is used to store users’ identities, to authenticate them, and to federate tenants with third-party identity providers on-premises. All the licensed users of an Office 365 tenant are first users in the Azure AD tenant related to the Office 365 tenant.


Once you assign a license to a user stored in Azure AD, that user will be able to consume the assigned services. The Azure AD is almost unknown to the end users, but you cannot have an Office 365 tenant without Azure AD.


Every time an end user authenticates to access a tenant, she interacts with the authentication process of Azure AD. However, this is often fluent and transparent to the user.


From an administrative perspective, the Azure AD service that supports an Office 365 tenant is available and can be reached through the Office 365 admin portal within the list of services that can be administered.


Aside from Azure AD, all the other services available for an end user are accessible through the Office 365 app launcher. The app launcher is accessible by clicking the command button in the upper-left corner of the screen when using Office 365 from a desktop PC within a browser.


As you can see, the number of apps that you can utilize is quite large, and it is growing continually. Every user will see the apps for which he has been granted access in the Office 365 app launcher.


The first fundamental set of provided capabilities are those related to Microsoft Exchange Online (also known as EXO), which is the cloud-based SaaS version of Microsoft Exchange. Through Exchange Online, you can leverage and provide to your user's services like Mail, Calendar, People, and Tasks. 


From a technical perspective, Exchange Online is just an Exchange Server hosted on the cloud, and the above services are provided either through the web browser or by using any compliant client like Microsoft Outlook or any mobile software available to consume the Exchange Online services.


For example, if you have an Android or iOS mobile phone or tablet, you will be able to consume Exchange Online even without installing or having Office or Outlook. Often, Exchange Online is the first service that enterprises move to the cloud to reduce their total cost of mailbox ownership and to improve their mobile users’ experience.


In many cases, the second service that makes companies move to Office 365 is Skype for Business (also known as S4B). By using Skype for Business, you can enable powerful real-time collaboration and teamwork.


To give a few examples: you can make a one-to-one or one-to-many conference calls; you can share a presenter’s screen, even providing remote control of a PC; you can share a whiteboard or a notes file; you can present a slide deck, and you can make a poll.


You can also register a conference call for your own reference or for sharing a .mp4 file with people who were not present on the call. Furthermore, by using S4B you can make a call between an Office 365 user who uses S4B and an external user who uses Skype personal.


Moreover, you can leverage the service called PSTN Conferencing, which enables you to make conference calls with people who do not have a PC or any other kind of modern device—just a legacy telephone.


By leveraging S4B, you can even use the Cloud PBX service, which allows your PC or device running S4B to become a replacement for a classic telephone.


Your S4B account will be associated with a legacy telephone number, and anyone using a telephone will be able to make a phone call to you. You will answer the call by using S4B instead of the classic telephone.


Depending on your business requirements and geographical location, these last two capabilities (PSTN Conferencing and Cloud PBX) can require some on-premises infrastructural servers and services to make it possible to connect your on-premises telephone infrastructure to S4B.


Moreover, in 2015 Microsoft introduced a service called Skype Meeting Broadcast, which enables you to produce, host, and broadcast live online meetings to large online audiences, which can reach up to 10,000 concurrent users/viewers. The attendees of the meeting will just need to have a web browser, while the presenter/producer will have to use S4B.


This powerful service enables you to make broad presentations to a set of defined and authorized users, to all the users who have a company-related account in a specific Office 365 tenant, or even publicly to any anonymous users.


You can also configure the meeting to be integrated with a Yammer network for social discussion about the presented content. Furthermore, you can measure the mood of the people attending the meeting by using the Bing Pulse, which can be integrated into the UI of the meeting broadcast.


OneDrive for Business (also known as OD4B) is another outstanding feature of Office 365 that allows users—typically employees—to store, sync, and share their personal and work documents in a cloud-based repository that they can access securely from everywhere and from any device just by providing the proper set of user credentials.


At the time of this writing, every user who owns a OneDrive for a Business license can store up to 1 terabyte (TB) of data in her personal repository.


There is also the capability to keep an offline copy of the personal document on your desktop PC, which can be synchronized with the cloud whenever there is network connectivity. Due to high demand, the synchronization client of OneDrive for Business is subject to improvements and the introduction of new capabilities.


Often, the OneDrive for Business service name is also used to embrace the capability to keep an offline copy of the SharePoint Online libraries that you have in Office 365 or even in SharePoint on-premises.


In the past, the same synchronization client was used to synchronize both the personal storage in OneDrive for Business and the business-related document libraries stored in the intranet.


However, at the time of this writing, there are two different clients: the old one, which can still be used to synchronize document libraries, and the new one (called NextGen Synchronization Client) just for OneDrive for Business and OneDrive Personal.


We just talked about document libraries stored in SharePoint Online because SharePoint Online (also known as SPO) is another fundamental service Office 365 offers and is filed under the SharePoint icon in the app launcher. Like Exchange Online, SharePoint Online is a cloud-hosted version of the well-known Microsoft SharePoint Server product.


Although SharePoint Online shares the main architectural pillars with the on-premises version of SharePoint 2019, on the cloud there are some services, capabilities, and architectural choices that make the SPO offering unique and not 100 percent comparable with SharePoint on-premises.


For example, there are services or capabilities of SharePoint 2019 that are available on-premises only (for example, some Business Intelligence capabilities), and there are other services that are available on the cloud only (for example, the external sharing capability of SPO that allows users to share sites and documents with people outside the company if company policies allow it).


Many other capabilities and functionalities can be mentioned when comparing SharePoint 2019 on-premises and SharePoint Online, but they are outside the scope of this blog.


When you click the SharePoint app in the app launcher, you get access to the new SharePoint home page, which was introduced by Jeff Teper (Corporate Vice President for SharePoint and OneDrive in Microsoft Corporation) together with other new user interface enhancements on May 4, 2019, during an online conference called “The Future of SharePoint.”


In the new SharePoint home page, users will find a list of companywide promoted sites, a list of followed sites, some useful companywide links, and a direct link to the most frequently accessed sites. This page is the entry point, from a SharePoint Online perspective to the entire set of sites (site collections in SharePoint) of interest to the current user.


When you work with documents stored in SharePoint Online or in OneDrive for Business, if those files are Office documents you can leverage the Office Online services, which allow you to read and write/modify those documents just by using a web browser.


This is a powerful capability that makes it possible to realize mobile working and to have a digital workplace that requires nothing more than a web browser.


Every Office 365 user with a web browser such as Microsoft Edge, Internet Explorer, Google Chrome, or Firefox can be productive, read documents, or write/modify/create documents using Word Online, Excel Online, PowerPoint Online, or OneNote Online. This service makes it possible to work everywhere with almost any device.


Another powerful capability Office 365 provides that integrates some of the services we have just seen is Office 365 Groups.

Office 365 Groups are a service mainly built on top of Azure AD, Exchange Online, SharePoint Online, and OneDrive for Business. Office 365 Groups enable people using Office 365 to create work groups;


which can be considered modern digital workplaces, where they can share conversations, a mailbox that behaves like a distribution list, files, a OneNote notebook, a calendar, a directory of people contributing to the group, and direct Skype for Business integration.


Office 365 Groups provide a self-service experience for users, who can create both public and private groups and can invite people to contribute to the groups. At the time of this writing, Office 365 Groups are available for tenant internal users only. However, the public roadmap for the service includes upcoming support for external users.


Another key feature of Office 365 Groups is the capability for tenant admins to manage groups from the Office 365 admin portal, to enforce naming policies for self-service created groups, and to orchestrate groups’ creation by allowing or denying group creation permissions to users.


Later in this blog, you will learn about what is available for tenant admins to accomplish administrative, management, and governance tasks.


From an end user perspective, Office 365 Groups can be consumed by using the web browser on any device, by using Microsoft Outlook 2019, and soon even by using Microsoft Outlook for Mac.


From a developer perspective, Office 365 Groups can be managed through a set of REST-based APIs, which are part of the Microsoft Graph API. In Section II, “Office 365 programming model,” and in Section III, “Consuming Office 365,” you will learn how to use the Microsoft Graph API to consume and manage Office 365 Groups.


Moreover, as a developer, you can connect custom applications with Office 365 Groups, providing support for getting useful information and content from external services or applications into groups.


For example, there are already connectors for BingNews, GitHub, BitBucket, JIRA, and many other services. You can even create your own custom connectors, “Creating Office 365 applications,” you will learn how to do that.


The Planner app is a new service that Microsoft released in early June 2019 that offers a visual tool to organize teamwork. By using Planner, you can create and organize plans, assign and monitor tasks that are part of a plan, organize tasks in buckets, and attach files or links to any specific task.


In general, the Planner is a tool to manage time, resources, and tasks with a vision board and a set of graphical charts to better understand the overall progress of a plan.


One key feature of plans in Planner is that—internally and from an architectural perspective—they are based on and leverage Office 365 Groups. Thus, whenever you create a new plan in Planner, you will also have a related Office 365 Group, which implies having conversations, a calendar, files, a OneNote notebook, and the Skype for Business integration.


From a developer perspective, Planner can be consumed by using a specific set of REST APIs, which are in beta/preview version at the time of this writing but are scheduled for release in 2019.


Thus, you can think about creating custom software solutions that integrate emails (EXO), files (OD4B and SPO), and groups and plans, orchestrating real business-level solutions.


Microsoft Power BI is an important service to visualize data that is integrated to Office 365. By using Power BI, you can import or consume datasets, presenting data through reports that can visualize charts and graphs and can be organized into dashboards that present data and information through tiles coming from different reports.


Power BI is an extensible platform that can be consumed and embedded without an Office 365 subscription. It provides additional features such as an automatic refresh of data models based on data stored on OneDrive for Business.


This platform also provides features that help users navigate data, such as Power BI Q&A, which allows users to ask for data using natural language questions, and Quick Insights, which automatically finds valuable relationships in a data model. 


Yammer is another service that can be consumed as part of the Office 365 offering. Yammer is a cloud-based SaaS solution that provides the capability to create a private enterprise social network for a company.


By using Yammer, employees can collaborate; exchange messages; chat; and share content across departments, locations, and business apps.


Yammer’s overall goal is to provide a social network to improve productivity, connect people, and freely share ideas and content without the common and reasonable constraints of a classic intranet or collaboration portal.


Through Yammer, you can also involve partners, customers, and vendors in external networks that can go beyond the limits of your company network.


Within a network, whether it is private and company-related or external and open to third parties, users can freely create public or private groups, discuss and share documents and videos, make polls, give prizes to other members, and in general enjoy being part of an enterprise social network, working from anywhere and using any client device.


Another interesting service is Office Delve, which is one of the most innovative emerging technologies available in Office 365.


It is one of the new services Microsoft introduced in 2015 in the category of NextGen Portals. NextGen Portals are services typically based on SharePoint Online, from a user interface perspective, that leverage the Office 365 ecosystem and the Office Graph to provide high-level services and tools to improve quality of work— and quality of life—for Office 365 users.


Office Delve is a service based on Microsoft SharePoint Online that provides users with the most relevant content based on what they are working on and whom they are working with.


The basic idea of Office Delve is to leverage the Office Graph, going beyond the common information silos that exist across the applications available in the Office 365 ecosystem.


Instead of thinking in terms of emails in Exchange Online, attachments to emails, documents stored in SharePoint Online, documents stored in OneDrive for Business, video files, and so on, you need to consider the most useful and/or recently updated content with which you should work, regardless of where it is. Delve will take care of highlighting for you exactly what really matters for your daily job.


The Office Graph is an intelligent mapping among people, content, and interactions that happen in Office 365. Office Delve uses the insights and the relationships stored within the Office Graph to proactively and actively suggest content to the users, providing each user with a dashboard of cards that refers to what should be most relevant to that user. 


By using Office Delve, users can organize cards in boards, grouping items that share the same goal, project, or group of people working on it. Boards can be used to tag content and to retrieve personalized/grouped views of popular documents and contents that share a tag.


The key benefit of Office Delve is that users don’t have to search for what they seek. They just need to access Office Delve and—regardless of the source of the content—they will be able to find and consume the content if it is relevant for them. Users can also organize content and boards into a list of favorites to keep track of what matters most to them.


Moreover, through Office Delve all users have a personal profile page called “Me” that they can use to keep track of their personal activity and content, filtered by file type.


Through the personal page, a user can consume and customize his personal profile data, which includes all the information that is stored in the Azure AD and that defines the user profile in Office 365, including the company organizational chart if applicable.


Every user has a personal page in Office Delve, and every user can browse the personal pages of the other users, consuming only public, nonsensitive data, browsing and searching the Office Graph based on users’ profile properties, information, and expertise.


Additionally, through the Office Delve interface, a user can create and maintain an enterprise blog that can be indexed by the search index of SharePoint Online and becomes discoverable by the other people working within the same company.


Another notable feature of Office Delve is Office Delve Analytics, through which users can measure how they spend their time at work. By using Office Delve Analytics, users can identify the people and activities that represent their priorities and their most time-consuming targets.


This can help them determine how to spend a workday in an effective and productive way. They can also set goals and track their progress toward accomplishment of the goals. 


Office Delve can even be consumed using a mobile device by leveraging the Android and iOS clients that are available, respectively, on Google Play and on the Apple App Store.


Another interesting and useful NextGen Portal is Office 365 Video, which enables enterprises—and companies in general—to post, share, and discover video content that is organized in channels.


The goal of Office 365 Video is to provide a beautiful, usable, socially aware user interface for consuming multimedia video content, either from a desktop PC or from a mobile device.


Through the Office 365 Video portal, enterprises can create training channels, repositories of marketing videos, and companywide libraries of videos. Office 365 Video also makes it possible to discuss a specific video on Yammer, to share a direct link to a video by email, and to embed the video into a SharePoint Online site or within the companywide infrastructure.


Furthermore, Office 365 Video has a set of management and administrative tools for administrators and is available only to the users of the target tenant, without the capability to share video content outside of the current company boundaries.


Maybe in the near future, based on a publicly declared roadmap, Office 365 Video will become available for sharing videos with people outside the current tenant.


Office 365 Video leverages the well-known and solid Azure Media Services for encoding and streaming the video content. Azure Media Services leverages a smooth streaming technology to adapt the video quality to the consuming device and the available bandwidth.


Moreover, Office 365 Video uses a set of SharePoint Online site collections for storing all the original video files.


As a result of this architectural choice, the same technical boundaries that apply to SharePoint Online apply to Office 365 Video. For example, you cannot upload files larger than 10 gigabytes (GB), and you cannot have a channel bigger than 1 terabyte (TB), which is the upper size limit for a single site collection in SharePoint Online.


One relatively new product that is part of the Office 365 ecosystem is Office Sway, which is a new tool to visualize and share ideas, news, projects, or whatever else is on your mind that you want to express to others. A Sway is a canvas that renders its content as a sequence, adapting the rendering to the target device.


For example, by using Sway you can render a presentation of a new project, mixing text, technical drawings, pictures, and whatever else you want to express within a sequence of views. You can organize content coming from multiple sources like OneDrive for Business, Twitter, YouTube, and Flickr.


You can also use your mobile smartphone or tablet to take pictures and present them in Sway. In general, Sway is a fresh new tool to create dynamic presentations that you can build on the go and share with other people in your company. 


The final application that can be part of the Office 365 offering is Microsoft PowerApps, which is in preview at the time of this writing. By using PowerApps, you can create mobile-aware software apps that consume data from multiple data sources, providing customizable and responsive UI forms and integrating data in logic flows that can behave like enterprise-level workflows.


The power of applications built with PowerApps is their capability to consume data securely through an open connector model and to connect with external REST-based services to execute actions.


By using this approach, you can design an app that can be used to integrate different software and technologies, and you can consume that app from any place and using any device. Microsoft PowerApps is available as a web-based application for building and consuming apps, but there are also client apps for Windows and iOS.


Microsoft PowerApps natively provide connectors for Office 365 (including Exchange Online, SharePoint Online, and OneDrive for Business), Dropbox, Twitter, Salesforce, Microsoft CRM, Google Drive, SQL Database on Microsoft Azure, and any HTTP/HTTPS service in general.


Based on the data consumed from the above data connections, you can define logic flows and wait for approvals, send email notifications, invoke commands, and so on. For example, the logic flows can be built by using Microsoft Flow, which is another new service provided by Microsoft as part of the Office 365 offering.


Overall, the idea of PowerApps is to make it possible for power users to easily design multidevice and multistep forms and logic flows that can be shared with others without needing to be developers. 


If there is anything you are looking for that is not yet available out of the box in the Office 365 offering, you can search for it in the Office Store, where you can find thousands of business-level SharePoint Add-ins and Office 365 applications provided for free or sold by third parties that you can download, install, and use in your tenant.


You should also keep an eye on the Office 365 Public Roadmap, which is available at the following URL: Microsoft 365 Roadmap | Microsoft 365. There, you will find a list of all the launched new features, the features that are currently rolling out, those that are under development, and those that have been canceled.


By periodically checking the Office 365 Public Roadmap, you can have a quick look at the status of the ecosystem, and you can plan the adoption of upcoming technologies and services.


One last component that is available in the app launcher if you are an administrator of your Office 365 tenant is the Admin command, which brings you to the Office 365 admin portal. From there, you can administer the entire tenant and every service for which you have been designated as an administrator.


For example, if you are a tenant global admin user, you will have access to all the settings and services.


 However, if you have been assigned only the SharePoint Online administrative rights, you will still have access to the Office 365 admin portal, but from there you will only have access to the SharePoint Online Admin Center and a subset of tenant settings that are available to SharePoint administrators.


In the upcoming section, “Administration in Office 365,” you will dig into more details about the administrative UI and common tasks in Office 365.


Microsoft Office on PC/Mac and Click-to-Run

Aside from the online services, the Office 365 offering can also include licenses to use the well-known desktop edition of Microsoft Office for PC or Mac. Depending on the subscription plan you have, you could have the right to run Microsoft Office on up to five PCs or Macs per user.


The Microsoft Office edition you can use is Office 2019 at the time of this writing, and it is called Microsoft Office 365 Business or Microsoft Office 365 ProPlus, depending on the subscription plan you have. Further details about the available subscription plans are provided in the upcoming section, “Licensing and subscription plans.”


One of the most interesting features of the Office client provided within Office 365 is the Click-to-Run installation. You can install Microsoft Office through a completely new installation model, which is based on a Microsoft streaming and virtualization technology.


This new technology reduces the time required to install and run the Office client applications, which are usually available to run in a matter of seconds or minutes, depending on your network bandwidth.


The streaming part of the Click-to-Run technology allows you to run the Office client software before the entire product is downloaded. In the meantime, an asynchronous download process will download all the components in the background.


The virtualization part of the Click-to-Run technology allows you to run multiple versions of Office on the same computer by providing an isolated and virtualized environment for Office. This is just to allow a smooth transition between different versions of Office; it is not a long-term solution.


Under the cover, the virtualization technology is based on the Microsoft Application Virtualization (App-V) technology and runs Office in a self-contained, virtual environment on the local computer.


The isolated environment provides a separate location for each version of the Office product files and settings so that they don’t change other applications that are already installed on the computer.


Additionally, this prevents any conflict between different versions of Office, which can be installed and executed on the same machine. The only constraint is that all the concurrently installed Office versions have to be the same edition.


For example, they can be all 32-bit editions or 64-bit editions, but you cannot mix 32-bit and 64-bit editions on the same machine.


Click-to-Run is a setup process completely different from the Windows Installer (MSI) technique that was used in the past. When using the old approach based on MSI setup processes, you had to wait for the entire product to be installed before being able to use it.


In contrast, the streaming technology first downloads all the fundamental components to run the Office client, followed by all the other components, which will be downloaded in the background.


If you try to use a feature that is not yet downloaded and installed, Click-to-Run immediately downloads and installs that feature. The streaming process ends when all the products and features are completely downloaded and installed.


Another interesting difference between the MSI installation and the new Click-to-Run setup process is that in the former you were able to select the components to install, while with the latter you always install the whole product.


You cannot install a subset of the components unless you manually customize a configuration file that defines the installation rules. By default, you will always end up having the full Office client components included in your license subscription.


This new installation technique always provides you the most recent version of Office, so you don’t have to install the product and all the related patches and service packs before being able to use it, as you did with the MSI installation. By default, the product version installed with Click-to-Run will be the latest one.


Furthermore, whenever a new Office patch or update comes out, updating an already installed Office client that has been installed using Click-to-Run is an automatic process that can be handled in a matter of seconds or minutes, based on the download time of the update.


Once you have installed the Office client and the product is completely downloaded and installed, you don’t need to be connected to the network or the Internet to use Office.


From a licensing perspective, the Office client will need to check that your Office 365 subscription is active and valid at least once a month (specifically, at least once every 30 days). Thus, you need to be sure that your users can connect to the Office Licensing Service via the Internet at least once every 30 days.


The licensing service will double-check that the users still have valid Office 365 subscription licenses and that they don’t use a number of Office client installations over the licensed number.


For example, as you will see in the following section, “Licensing and subscription plans,” in the Office 365 E3 plan every user can run Office client on up to five devices.


The monthly license check will verify not only the subscription license but also that the total number of installed copies of Office client does not exceed the licensed limit.


If the computer goes offline for more than 30 days, Office client commutes to the reduced functionality mode until the next time a connection can be made and the license can be verified.


In reduced functionality mode, Office client remains installed on the computer, but users can only view and print their documents. All features for editing or creating new documents are disabled.


In the previous paragraphs, you saw that you need to be connected to the network or the Internet to install or update your Office client. This means that Click-to-Run technology can be used even without a permanent Internet connection.


Another key feature of Click-to-Run is that you are not required to be connected to the Internet to set up Office client. For example, you can distribute Office client via Click-to-Run using a software distribution network share.


This approach reduces the Internet bandwidth needed to download and install Office client on multiple devices and improves the download speed, making it possible to download the Click-to-Run packages once and make them available to all the users through an internal network share.


Moreover, the capability to download the Click-to-Run packages locally enables you to leverage any software distribution tool and technique you like and to test patches and updates on some pre-defined devices, distributing the updates across the company based on your own schedule.


Otherwise, and by default, if your client computers installed Office client via Click-to-Run using the public Internet distribution point, they will get updates automatically as soon as Microsoft releases them.


In big, enterprise-level companies, the capability to leverage the new Click-to-Run installation technology without losing control over devices, users, and updates is important. Fortunately, Click-to-Run technology is totally compliant with common enterprise-level software distribution techniques and rules.


Licensing and subscription plans

In the previous section, you learned about the services available in Office 365. However, not all services are available to all users or customers. The set of available services depends on the purchased subscriptions and licenses. 


As you can see, there are a wide variety of offerings—and this list is not complete and could be even longer. For the sake of simplicity, we focused on the main options.


 Nevertheless, it is important to keep in mind that you can mix some of the plans based on your needs, which makes it possible to tailor the best solution for every business.


For example, imagine that you have an enterprise company with 8,000 employees, 1,500 external consultants, 500 resellers, 20,000 customers, and 2,000 suppliers.


In this situation, you can buy 8,000 subscriptions of Office 365 Enterprise E5 for the employees so that they will have Office 365 ProPlus on their client devices and the Cloud PBX and the PSTN Conferencing capability.


This way, your employees will be able to do their work from wherever they want (office, home, or traveling) and will always be available and reachable, even by phone.


Furthermore, you can buy 1,500 subscriptions of Office 365 Enterprise E1 for the external consultants so that they will have almost the same services as the employees, except the Office 365 ProPlus license and the telephony capabilities.


Then, you can buy 500 subscriptions of Office 365 E3 for the resellers so that they will be almost like employees, without the Cloud PBX capabilities but including Office 365 ProPlus on their mobile devices.


Last, to share documents and sites with customers and suppliers, you will just need to leverage the external sharing capabilities of Office 365, which are available for free and for an unlimited number of external users.


Administration in Office 365

Having such a big landscape of services and tools, like those offered by Office 365, requires having some effective and productive tools for administration and governance of the entire platform. In this section, you will see some of the available out-of-box administrative tools that are useful to keep control of your tenant and services.


To administer one or more of the services offered by the Office 365 ecosystem, a user should belong to one of the following roles:


Global administrator This is the highest administrative role. It implies access to all the administrative features of all the services and administrative rights on the Azure AD under the cover of the Office 365 tenant.


Users in the global administrator role are the only ones who can assign other administrative roles. There could be multiple global administrator users, and for safety and recovery reasons you should have at least two users with this role. The person who signs up the tenant subscription is assigned to this role automatically.


Billing administrator This is the role for users who can purchase new licenses, manage subscriptions, manage support tickets, and monitor the health of services. Moreover, users in this role can download the invoices for billed services.

  1. Exchange administrator This is the role for users administering Exchange Online.
  2. Users who belong to this role have access to the Exchange Admin Center (EAC).
  3. Password administrator Users in this role can reset other users’ passwords, manage service requests, and monitor the health of services.


Skype for Business administrator This is the role for users administering Skype for Business. Users who belong to this role have access to the Skype for Business Admin Center.


Service administrator Users in this role manage service requests and monitor the health of services. This role requires users to have administrative permission for any specific service that has to be managed.

  • SharePoint administrator This is the role for users administering SharePoint Online.
  • Users who belong to this role have access to the SharePoint Online Admin Center.


User management administrator Users in this role can reset users’ passwords; monitor the health of services; and manage users’ accounts, groups, and service requests. Users in this role can’t delete a global admin, create other admin roles, or reset passwords for billing, global, and service administrators.


The global administrator role is an all-or-nothing role, while all the other roles can be assigned selectively based on the effective permissions that you want to provide. In the following sections, you will see the main tools available for administrators in Office 365.


Notice that whenever you define an administrative role for a target user, you will have to provide an alternative email address for any further account recovery action. You should also consider enabling multifactor authentication for administrative users to have a better level of security and privacy.


Moreover, it is common to have administrative users who just accomplish their administrative roles and are not associated with any specific license.


It is up to you to define whether you want to assign a subscription license to an administrative account, but it is not mandatory to have a subscription license to administer a specific service. Thus, you don’t need to pay any license fee to have any of the administrative accounts.


The new Office 365 Admin Center

Every user belonging to an administrative role can access the Office 365 Admin Center, which is a site dedicated to administrators of one or more of the available services and of the whole tenant.


The Admin Center has been renewed in early 2019 and provides a nice web UI, which can be consumed from almost any device and in any place. There is also a mobile app available for the main mobile platforms (iOS, Android, and Windows Phone) if you prefer to use a native app. 


The screenshot has been taken using a global administrative account. Thus, all the services are available. As you can see, the home page provides a dashboard with a first look at the health status of the farm and of the services.


In case of any issue, including services with reduced functionalities even if they are still running, you will be informed and will have access to detailed information about the issue and a roadmap for the resolution of the issue.


Moreover, through the welcome dashboard, you can access the most common and frequently used actions, like those related to managing users, the activity reports, the billing information, and the message center.


On the left side of the screen, you can access all the tenant-wide settings as long as you have proper permissions to access them. The following list explains the main sections of the new administrative user interface.


Home This is the home page of the Office 365 Admin Center.

Users Within this section, you can manage active users, restore deleted users, and manage email migration. The latest capability allows you to import mailbox content from external services or repositories like Gmail, Microsoft free personal email, Hotmail, Yahoo, a PST file, and any other mail service that is accessible through the IMAP protocol.



This section can be used to administer distribution lists, security groups, or Office 365 Groups.

Groups > Shared Mailboxes This section provides the user interface for administering any shared mailbox in Exchange Online. Keep in mind that shared mailboxes do not require any additional license for Exchange Online.


Resources > Rooms & Equipment This section allows you to manage company assets like meeting rooms or cars, which can be allocated and blogged for meetings or for any shared usage. This list of resources will be available to all users in the tenant.


Resources > Sites This section allows you to see the list of SharePoint Online site collections, including some information about the external sharing settings.


From this page, you can also enable/disable and configure the external sharing settings for any specific site collection, and you can see the external users, if any, including the capability to remove any external user. You can also create a new site collection from scratch.


Billing Through this section, you can manage subscriptions, licenses, and bills. From this section, you can also buy new subscriptions and licenses, if needed.


Support This section is used to create and manage support requests and to monitor the health status of services.


Settings > Apps This is a wide section that allows you to define settings related to the whole set of apps or services offered within the tenant.


From here, you can configure antispam and antimalware settings in Exchange Online, configure site collections and external sharing in SharePoint Online, software updates, user software settings, and so on.


Settings > Security & Privacy From this section, you can define general security rules like password expiration policies.

Settings > Domains This section provides the user interface to manage DNS domains associated with the current tenant.


From here, you can register new DNS domains, configure DNS settings of already registered domains, and review the suggested DNS settings for configured domains. You can also make a live check of your DNS settings if needed.


Settings > Organization Profile This section allows you to define general information about your organization and the physical location of your business in Bing Places for Business.


Within this section, you can also enable the First Release capability, which allows you to test upcoming new features for a subset of test users before they are released. Moreover, here you can define a custom theme for your tenant and you can define any custom tile for the Office 365 app launcher.


Settings > Partner Relationship This section allows you to manage delegated partners, which are external Microsoft partners that can perform delegated administration for you on your tenant. For example, a delegated partner could be the partner who sold you the Office 365 subscription.


To access and manage your tenant, a delegated partner has to be authorized by a global administrator of your tenant. The delegation process starts with the partner sending an email to ask if you want to give him permission to act as a partner on your tenant.


Reports > Usage From this section, you can see reports about the services used. Here, you can find reports like users’ email activity, Office license activations, and so on.


Reports > Security & Compliance From this section, you can configure any rule about auditing, protection, security, and data loss prevention (DLP).


Health > Service Health Through this section, you can check the history of issues, double-check any future maintenance plan, and check the current status of the services running your Office 365 tenant.


Health > Message Center This section gives you access to the latest messages about the health status of your tenant and its related services.


Health > Recently Added This section gives you a quick overview, with links to detailed information, of the newly released capabilities and features and the upcoming news based on the current Office 365 public roadmap.


Health > Directory Sync Status This section provides a useful user interface to review, monitor, and manage the DNS domains configured for directory synchronization and federation. It will show up just in case the current tenant has directory synchronization in place.


  1. Admin Centers > Exchange From this section, you can access the Exchange Online Admin Center.
  2. Admin Centers > Skype for Business From this section, you can access the Skype for Business Admin Center.
  3. Admin Centers > SharePoint From this section, you can access the SharePoint Online Admin Center.


Admin Centers > Yammer From this section, you can access the administrative settings of the Yammer network related to the current Office 365 tenant, if any. Admin Centers > Security & Compliance From this section, you can access the Office 365 Compliance Center.


Admin Centers > Azure AD By following this link, you can access the Azure management portal to manage the Azure AD tenant that is under the cover of the current Office 365 tenant. At the time of this writing, the new Office 365 Admin Center is still under public preview, even if fully functional and code completely.


The classic Office 365 Admin Center

If you prefer to use the previous edition of the Office 365 Admin Center, which is still available for backward compatibility, you can select the Go to the old Admin Center button in the upper-right corner of the home page of the new Admin Center, and you will be brought to the old, or “classic,” UI. From there, you will find almost the same actions and commands available through a different UI.


For your own reference, here you can find the settings and menu items as they are organized in the previous edition of the Office 365 Admin Center.


Dashboard The home page of the old Office 365 Admin Center.

Setup From here, you can follow a multi-step setup wizard that will enable you to set up your tenant, including any related DNS domain; define the users; copy data into mailboxes, and start delivering email messages. It usually takes between 20 and 30 minutes to be ready with a properly set up tenant.


Users Within this section, you can manage active users, restore deleted users, and manage delegated partners (external Microsoft Partners that can perform delegated administration for you on your tenant). You already read information about delegated partners in the previous section about the new Office 365 Admin Center.


Company Profile Through this section, you can define companywide information like the company profile, any custom theme for the whole tenant, custom tiles in the app launcher, and customs help desk services.


Import This section provides the capability to import large amounts of data, like PST mailboxes or large files and folders, into Exchange Online or SharePoint Online. You can upload those files using the Internet network, or you can ship hard drives to Microsoft.


You can find further details about importing PST files in the article “Import PST files to Office 365,” which is available on Microsoft TechNet at the following URL: Overview of importing your organization PST files to Office 365.


Contacts This section allows you to manage an All Contacts address list for the tenant.

Contacts recorded in this list will be available to all users in the tenant.

Shared Mailboxes This section provides the user interface for administering any shared mailbox in Exchange Online. Keep in mind that shared mailboxes do not require any additional license for Exchange Online.


Meeting Rooms This section allows you to manage company assets like meeting rooms, which can be allocated and blogged for meetings. This list of resources will be available to all users in the tenant.


Groups These can be used to administer distribution lists or Office 365 Groups.

Domains This section provides the user interface to manage DNS domains associated with the current tenant. From here, you can register new DNS domains and configure DNS settings of already registered domains.


Public Website This is an informative page that explains how to create a public website for your company by leveraging any of the third-party services available.


For some old tenants, it is still possible to create or manage a public website hosted in SharePoint Online, but it is an old and retired capability that you should no longer use and on which you should no longer rely.


Billing Through this section, you can manage subscriptions, licenses, and bills. You can also buy new subscriptions and licenses. Moreover, you can define the users who will receive billing notifications.


External Sharing This section allows you to define at the tenant level if you want to enable external sharing for SharePoint Online sites, calendars, Skype for Business, or Integrated Apps. You can also see some reporting that allows you to understand what is shared with whom, keeping your data under control.


Mobile Management This section provides the capability to manage mobile devices, like smartphones and tablets, remotely by applying settings and restrictions, controlling mobile access, and being able to do a remote wipe of corporate data.


Service Settings This is a wide section that allows you to define settings related to the entire set of services offered within the tenant. From here, you can configure antispam and antimalware settings in Exchange Online; create site collections in SharePoint Online; define general rules like password expiration rules, software updates, and user software settings; and so on.


Within this section, you can also enable the First Release capability, which allows you to test upcoming new features for a subset of test users before they are released.


Reports From this section, you can see reports about the services used. Here, you can find reports like users’ resources and licenses usage, Skype for Business activities, SharePoint Online storage metrics, and statistics, OneDrive for Business storage metrics, auditing of security critical events, data loss prevention (DLP) reports, and so on.


  1. Service Health Through this section, you can check the history of issues and double-check any future maintenance plan.
  2. Support This section is used to create and manage support requests and to monitor the health status of services.
  3. Purchase Services This section provides access to the store, from which you can buy additional services and licenses.
  4. Message Center This section gives you access to the latest messages about the health status of your tenant and its related services.


Tools This is the main entry point for a set of useful tools for checking the overall tenant configuration, the Exchange Server on-premises configuration with the Office 365 Best Practices Analyzer, the network connectivity and bandwidth with the Microsoft Connectivity Analyzer, and the Office 365 Client Performance Analyzer.


Admin This section provides access to the administrative interface of all the services available at the tenant level, like Exchange Online, Skype for Business, SharePoint Online, Yammer, the Compliance Center, Azure AD, Bing Places for Business, and so on. 


However, because this blog targets developers, in this blog you will not see many more details about the available administrative sections, except for a couple of areas that are of interest to a developer. Two sections in particular really matter from a developer perspective, and the following sections will dig into them.


Organization Profile

The section related to the Organization Profile allows admins to manage a custom theme for the whole tenant and custom tiles for the app launcher or a custom help desk.


The Organization Profile page provides access to some descriptive information about your company. This information includes the organization name, the address, the telephone number, and the main technical reference email addresses.


The most interesting sections of the Organization Profile, from a developer perspective, are the Custom Theming and the Custom Tiles.


A custom theme for the tenant applies to the Office 365 suite bar and in particular to the top navigation bar. 


A custom theme is made of the following elements:

Custom logo This is an image with a fixed size of 200 × 30 pixels, not larger than 10 KB, which can be a JPG, PNG, or GIF. It will be shown in the middle of the top navigation bar.


URL for a clickable logo If you want to make the custom logo clickable, here you can provide the target URL that will be loaded by clicking the logo. 


Background image Defines a background image with a fixed size of 1366 × 50 pixels or fewer, not larger than 15 KB, which can be a JPG, PNG, or GIF. It will be shown as the background for the top navigation bar.


  • Accent color The color that is used for the app launcher button, for mouseover, and for other accents.
  • Navbar background color Defines the background color for the top navigation bar.
  • Text and icons Define the color used for text and icons in the top navigation bar.
  • App launcher icon Allows you to select the color for the app launcher icon.


Through the Custom Theming page, you have the option to remove any applied custom theming or custom colors, and you can prevent users from overriding the custom theming with their own theme.


Custom Tiles is another useful section that allows you to define custom items that will be available to the end users for pinning in the app launcher.


Every tile is made of a Title, a URL that can target a link inside or outside the tenant, a Description, and an Image URL for the image that will be shown inside the tile.


At the time of this writing, any custom tile will be available to the end users, but they will have to pin the tile in their app launcher manually.


Otherwise, that tile will be visible only by clicking the My Apps link in the lower area of the app launcher. Soon it likely will be possible to force the pinning of a tile in the app launcher for all the users in the tenant, improving the governance experience for tenant administrators. You can also extend the app launcher with custom tiles by creating and registering applications in Azure AD. 


SharePoint Admin Center

Another useful administrative tool, not only from an IT professional perspective but also from a developer perspective, is the SharePoint Admin Center. In fact, most of the development done around Office 365 includes or at least leverages the SharePoint Online service.


You could do any custom development solution that does not relate to SharePoint Online, but most of the developers who were working in SharePoint on-premises are moving to SharePoint Online and to the cloud development model, so they will need to manage SharePoint Online through the SharePoint Admin Center.


Through the SharePoint Admin Center, you can manage the following sections:

Site Collections This section allows you to create and manage all the site collections defined in the current tenant. From this section, you can also enable and configure or disable the external sharing capabilities on any site collection and manage the storage quota and the resource quota.


InfoPath This section is available for managing the settings of the InfoPath Forms Services. However, InfoPath is a discontinued technology, only available for backward compatibility, and you should avoid using it. 


BCS The Business Connectivity Services (BCS) section allows you to configure and manage BCS connections, which can target any REST-based service. This capability becomes interesting when you have hybrid topologies and you want to consume within SharePoint Online some business data that are available on-premises.


Term Store This is a fundamental section for defining and managing term groups, term sets, and terms. Whenever you are working on real-world enterprise-level projects, you usually need to define taxonomies, and this section is the best place to go.


Records Management This section allows you to define “send to” connections for submitting content to sites with configured Content Organizer. 


Search This section provides the main entry point for configuring the Search service at the tenant level. It includes the capability to configure the search schema, the query rules, the result sources, and many other search-related settings.


Secure Store This section can be used to define Secure Store applications for accessing external services by providing a specific set of credentials. Apps This section can be used to set up the tenant-level app catalog if any.


It also allows you to configure the settings related to the SharePoint Add-ins in general, like add-in settings, licenses, store settings, and so on.


Settings This section allows you to make some tenant-level configuration settings like showing or hiding OneDrive for Business to the users, allowing or denying access to the Microsoft Graph, choosing between having Yammer or the old newsfeeds enabled by default, configuring services like Information Rights Management (IRM), enabling or disabling the new SharePoint UI experience, and so on.


Configure Hybrid This section provides an easy-to-use wizard to set up a hybrid topology between Office 365 and SharePoint on-premises.


If you like, you can also administer SharePoint Online by using Microsoft PowerShell scripting. You can leverage both the SharePoint Online Management Shell, which is available at the following URL (Manage SharePoint Online with Office 365 PowerShell), and the OfficeDev PnP PowerShell extensions, which are available for free as an open source project at the following URL: PnP PowerShell overview. 



In this blog, you studied the overall architecture of Office 365, and you learned that it is one of Microsoft’s main SaaS offerings. You examined the main services the Office 365 ecosystem offers, and you learned about the new Office client offering, which is installed through the Click-to-Run setup model.


You saw the main subscriptions available on the market and the services included in each subscription.


Moreover, you explored the main administrative roles of an Office 365 tenant and the administrative tools available to manage, monitor, and maintain the services included. In particular, you saw the administrative tools for customizing the UI and branding of an Office 365 tenant and for administering the Microsoft SharePoint Online service.