Modern Work

Security Components and Scenarios

Bencsik László
2020.08.24
Microsoft has competitive advantage in AI Security Shared threat data
from partners,
researchers, and law
OneDrive enforcement
Outlook
worldwide
5B
threats
detected on
devices every
month
470B
emails 6.5T
analyzed
200+
threat signals
analyzed daily
global cloud consumer Botnet data from
and commercial Microsoft Digital
services Windows Crimes Unit
Azure
Microsoft
accounts

Enterprise security Bing

for 90% of 18B+

Fortune 500 Bing web

1B+ Xbox Live

pages scanned 630B
monthly
Azure user authentications
accounts
S ecu ri t y appl i cat i on s S I EM + l og an al yt i cs You r cu s t om app

Common Libraries, Authentication, and Authorization

Other Security Entities*

Alerts Secure Score Other Graph Services
(context, actions, …)
(Azure AD, O365, SharePoint,
Intune …)

Graph Security API

Federates Queries, Aggregates Results, Applies Common Schema

Windows Azure AD Cloud

Identity Azure Security Azure Info Intune
Defender Office 365 ATP Azure ATP Application
Protection Center Protection
ATP Security
 https://aka.ms/MCRA Video Recording Strategies
Office 365
Azure Sentinel – Cloud Native SIEM and SOAR (Preview)

Securing Privileged Access

Dynamics 365
Office 365 Security
Rapid Cyberattacks
(Wannacrypt/Petya)

Data Loss Protection

Data Governance
eDiscovery

SQL Encryption &

Data Masking

+Monitor
 Indicates sold as standalone
Microsoft 365 Packaging Indicates not sold standalone

Microsoft 365
Microsoft 365 Microsoft 365 Microsoft 365 Microsoft 365
Business
F1 F3 E3 E5
Premium
$4/u/m $10/u/m $32/u/m $57/u/m
$20/u/m

Microsoft 365 Business Teams (incl. Calendar, Shifts,

Tasks, Walkie Talkie)
Standard $12.50/u/m
SharePoint Kiosk
Office 365 F3 Office 365 E3 Office 365 E5
Office 365 Office 365 ATP $2/u/m
OneDrive (2GB)
$4/u/m $20/u/m $35/u/m
Planner
Stream (consumption only)
Exchange Online
Archiving $3/u/m Yammer

Microsoft Intune $6/u/m

Enterprise Azure Information EMS E3

EMS E3 EMS E3 EMS E5
Mobility & Protection Plan 1 $2/u/m
$9/u/m $9/u/m $9/u/m $15/u/m
Security
Azure Active Directory
Plan 1 $6/u/m

Windows 10 Windows 10
Windows 10
Enterprise E3 per Enterprise E5 per
Enterprise E3 per
Windows Windows 10 Business user
user
(Including VDA
user
(Including VDA
(Including VDA
rights) rights)
rights)1
$5/u/m $10/u/m

1No Windows 10 Enterprise LTSC. No MDOP. Other than the use of Windows Virtual Desktop, rights to access and use virtualized instances of Windows only apply to Licensed Users of a shared device with a Qualifying Operating System

Commercial USD ERP shown

What is Microsoft 365 Business Premium?
A comprehensive security solution that is integrated with Office 365 and Microsoft 365

+ +
Defend against Protect Secure
cyberthreats business data your devices

All the capabilities of Microsoft 365 Business Standard, plus

advanced cybersecurity, data protection, and device management
Simple and Flexible paths from Microsoft 365 E3 to E5
Customers can add Microsoft 365 E5 value to Microsoft 365 E3 across one or more solution area—or step-up to E5
and get all the value with extra savings.

Microsoft 365 E5
$25/u/m Step-up from Microsoft 365 E3

Security Compliance Calling & Meetings Analytics

Microsoft 365 E5 Security M365 365 E5 Compliance Audio Conferencing Power Bi Pro
$12/u/m add-on to $10/u/m $4/u/m $10/u/m
Microsoft 365 E3 M365 E5 eDiscovery & Audit $6/u/m
Phone System
M365 E5 Insider Risk Management $6/u/m
$8/u/m
M365 E5 Information Protection &
Governance $7/u/m

Microsoft 365 E3
$32/u/m
Commercial USD ERP shown
 Microsoft 365 E5 Compliance Offers
Microsoft 365 E5 Compliance $10/u/m
Pre-req: M365 E3/A3 or Office 365 E3 + EMS E31

M365 E5 Info Protection & Governance M365 E5 Insider Risk Management M365 E5 eDiscovery and Audit
$7/u/m $6/u/m $6/u/m

Information Protection and Governance: Advanced Audit5

Insider Risk Management5
• Records Management Advanced eDiscovery (2.0)
Communication Compliance5
• Machine Learning-based automatic
Information Barriers
classification and retention2
• Rules-based automatic classification and Customer Lockbox
retention Privileged Access Management
Microsoft Cloud App Security (MCAS)
Communication DLP (+Teams chat)
Customer Key
Advanced Message Encryption

Pre-req: Any M365 plan or [any Office 365 Pre-req: Any M365 or Office 365 plan3 Pre-req: Any M365 or Office 365 plan3
plan3]] + Azure Info Protection Plan 1/EMS4]

1 Maintains consistency with requirements for adding M365 A5 Compliance and protects suite discount which assumes underlying investment in A3.
2 Exact General Availability (GA) date for new value TBD
3 Includes standalone Exchange, SharePoint, or OneDrive plans. Maintains consistency with requirements for adding O365 Adv Compliance and provides a path to adding A5 Compliance value for wide variety of users
4 AIP P1 (included in EMS K/F3/E3/A3) required because M365 A5 Information Protection and Governance builds on AIP P1 value and O365 value.
5 New value now Generally Available

Microsoft Confidential: Internal and Partner Use Only Commercial USD ERP shown. See Speaker Notes for EDU pricing.
Layers of protection
Microsoft 365 E5 Security packaging
Microsoft 365 E5 Security Microsoft 365 E5 Office 365 E5 EMS E5 Windows E5
$12/u/m $57/u/m $15/u/m $6/u/m $10/u/m

Office 365 ATP Plan 2

• Safe Attachments
• Safe Links
• Anti-phishing ⚫ ⚫ ⚫
• Threat Trackers
• Auto response
• Attach Simulator
Microsoft Defender ATP
• Endpoint behavioral sensors
• Cloud security analytics ⚫ ⚫ ⚫
• Threat intelligence

Azure Active Directory Plan 2

• Self-service password reset
• Conditional Access ⚫ ⚫ ⚫
• Identity Protection
• Identity Governance

Azure ATP ⚫ ⚫ ⚫

Microsoft Cloud App Security ⚫ ⚫ ⚫

Commercial USD ERP shown.

Identity Governance
 First steps to increase the security

1. Set up multi-factor authentication

2. Train your users

3. Use dedicated admin accounts

4. Raise the level of protection against malware

in mail

5. Protect against ransomware

6. Stop auto-forwarding for email

7. Use Office Message Encryption

8. Protect your email from phishing, malware,

and malicious links

https://docs.microsoft.com/en-us/office365/admin/security-and-
compliance/secure-your-business-data
Enable MFA w/Baseline Policies
To set up Conditional Access Baseline Policies:
1. In the Microsoft Admin Center, choose Azure Active Directory in
the left-hand navigation under Admin Centers. This will open the
Azure Active Directory admin center in a new tab
2. In the Azure Active Directory admin center, click Azure Active
Directory in the left-hand navigation
3. Click Security near the top of the left menu in the Azure Active
Directory blade.
4. Click Conditional Access under the Protect heading near the top of
the left menu.
5. Select Baseline policy: Require MFA for admins (Preview)
6. Under Enable Policy select the radio button next to Use policy
immediately and then click Save
7. Select Baseline policy: Block legacy authentication (Preview)
8. Set Enable Policy to On and then click Save

To learn more, see Baseline policy: Require MFA for admins & Baseline
policy: Block legacy authentication
Enable MFA for users with Conditional
Access
To set up MFA for a subset of users:
1. In the Microsoft Admin Center, choose Azure Active Directory in
the left-hand navigation under Admin Centers. This will open the
Azure Active Directory admin center in a new tab
2. In the Azure Active Directory admin center, click Azure Active
Directory -> Security -> Conditional Access in the left-hand
navigation
3. Click +New Policy and name the policy Require MFA for Marketing
Users
4. Assignments | Users and Groups: Include the Marketing group,
exclude your admin account
5. Assignments | Cloud apps or actions: Office 365 Exchange
Online and Office 365 SharePoint Online, and Microsoft Teams
6. Access Controls | Grant | Require multi-factor authentication:
Checked

To learn more, see Quickstart: Require MFA for specific apps with Azure
Active Directory Conditional Access
Train users

Phishing: ”My employees are

Watch for signs of phishing attacks. If you receive an email that
looks even slightly suspicious, do the following:
pretty good at not
• Hover over the link and look for the name of the actual website
clicking on anything
the link is sending you to
that looks weird.
• Search for the legitimate website instead of clicking a link
There is a culture of
Spoofing:
not clicking on
anything where
A message from someone you know that looks a bit unusual could
mean the sender's email account was compromised. Contact the

there's doubt.”
sender and ask if it was legitimate.

Passwords:
—Jonas R. IT manager
Use strong passwords; or better yet, a password manager. at 70 employee manufacturing firm in
Don’t reuse passwords or share accounts with coworkers.
Los Angeles
Use dedicated admin accounts
The problem:
Admin accounts include elevated privileges and are
valuable targets for hackers and cyber criminals.
The solution:
Admins use separate account for regular use and
only use their administrative account when necessary

Tips:
• Admin only accounts do not require a license in
Microsoft 365 Business Premium
• Configure all admin accounts for MFA
• Before using admin accounts, close all unrelated
browser sessions and apps, including personal
email accounts.
• After completing admin tasks, log out of the
browser session.
Raise the level of protection
against malware in mail by
blocking risky file types

• Go to https://protection.office.com and sign in

with your admin account credentials
• In the Office 365 Security & Compliance Center,
in the left navigation pane, under Threat
management, choose Policy > Anti-Malware
• Double-click the default policy to edit this
company-wide policy
• Click Settings
• Under Common Attachment Types Filter,
select On. The file types that are blocked are
listed in the window directly below this control.
You can add or delete file types later, if needed
• Click Save
Protect against ransomware
Warn users before opening attachments with macros, by
creating a mail transport rule:
• In the Microsoft 365 admin center, click Admin
centers > Exchange
• In the mail flow category, click rules
• Click +, and then click Create a new rule
• Click More options at the bottom of the dialog box to see the full
set of options
• Apply the settings in the following table for each rule. Leave the
rest of the settings at the default, unless you want to change these

Name Anti-ransomware rule: warn users

Apply this rule if . . . Any attachment . . . file extension matches . . .
Specify words or phrases Add these file types:
dotm, docm, xlsm, sltm, xla, xlam, xll, pptm, potm, ppam, ppsm, sldm

Do the following . . . Notify the recipient with a message

Provide message text Do not open these type of files from people you do not know because
they might contain macros with malicious code.

• Click Save
Protect against ransomware
Restore files using OneDrive ransomware recovery:
• Go to the user’s Onedrive For Business
• If you're signed in with a work or school account, select
Settings > Restore your OneDrive.
• On the Restore page, select a date from the dropdown list,
such as Yesterday, or you can select Custom date and time.
If you're restoring your files after automatic ransomware
detection, a suggested restore date will be filled in for you
• If you're selecting a custom date and time, select the earliest
activity that you want to undo. When you select an activity,
all other activities that occurred after that are selected
automatically.
• When you’re ready to restore your OneDrive, click Restore to
undo all the activities you selected.
Stop auto-forwarding for email
Stop auto-forwarding for email, by creating a mail
transport rule:
• In the Microsoft 365 admin center, click Admin
centers > Exchange
• In the mail flow category, click rules
• Click +, and then click Create a new rule
• Click More options at the bottom of the dialog box to see
the full set of options
• Apply the settings in the following table for each rule. Leave
the rest of the settings at the default, unless you want to
change these
Name Prevent auto forwarding of email to external domains
Apply this rule if . . . The sender . . . is external/internal . . . Inside the organization
Add condition The message properties . . . include the message type . . . Auto-
forward
Do the following . . . Block the message . . . reject the message and include an explanation

Provide message text Auto-forwarding email outside this organization is prevented for
security reasons

• Click Save
Enable ATP Safe Links
To enable ATP Safe Links
1. In the Security & Compliance Center, choose Threat management >
Policy > ATP Safe Links
2. Double-click the Default policy
3. In the Use safe links in section, select the option Office 365
ProPlus, Office for iOS and Android, and then click Save
4. In the Policies that apply to specific recipients section, click the plus
sign (+)
5. Specify the following settings:
• In the Name box, type a name, such as Safe Links
• In the Select the action section, choose On
• Select these options:
• Use safe attachments to scan downloadable content
• Apply safe links to email messages sent within the
organization
• Do not let users click through safe links to original URL
• In the Applied to section, choose The recipient domain is.
Then, select your domain, choose Add, and then click OK
6. Click Save

To learn more, see Set up Office 365 ATP Safe Links policies.
Enable ATP Safe Attachments

To enable ATP Safe Attachments

1. In the Security & Compliance Center, choose Threat management >
Policy > ATP safe attachments
2. Select the option Turn on ATP for SharePoint, OneDrive, and
Microsoft Teams
3. In the Protect email attachments section, click the plus sign (+)
4. Specify the following settings:
• In the Name box, type Block malware
• In the response section, choose Block
• In the Redirect attachment section, select the option Enable
redirect, and then specify the email address for your organization's
security administrator or operator who will review detected files
• In the Applied to section, choose The recipient domain is. Then,
select your domain, choose Add, and then click OK
5. Click Save
6. (Recommended additional step) As a global administrator or a SharePoint
Online administrator run the Set-SPOTenant cmdlet with the
DisallowInfectedFileDownload parameter set to true for your Office 365
environment. (This prevents people from opening, moving, copying, or
sharing files that are detected as malicious)

To learn more, see Set up Office 365 ATP Safe Attachments policies and Turn on
Office 365 ATP for SharePoint, OneDrive, and Microsoft Teams.
Enable ATP Anti-phishing

To enable ATP anti-phishing

1. In the Security & Compliance Center, choose Threat management > Policy >
ATP anti-phishing
2. Click Default policy
3. In the Impersonation section, click Edit, and then specify the following settings:
a) On the Add users to protect tab, turn protection on. Then add users, such
as your organization's board members, your CEO, CFO, and other senior
leaders. (You can type an individual email address, or click to display a list)
b) On the Add domains to protect tab, turn on Automatically include the
domains I own. If you have custom domains, add those as well
c) On the Actions tab, select Move message to the recipients' Junk Email
folders for both impersonated user and impersonated domain, and turn
on safety tips
d) On the Mailbox intelligence tab, make sure mailbox intelligence is turned on
e) On the Review your settings tab, after you have reviewed your settings, click Save
4. In the Spoof section, click Edit, and then specify the following settings:
a) On the Spoofing filter settings tab, make sure anti-spoofing protection is turned on
b) On the Actions tab, choose Move message to the recipients' Junk Email folders
c) On the Review your settings tab, after you have reviewed your settings, click Save. (If
you didn't make any changes, click Cancel)
5. Close the default policy settings page

To learn more about your anti-phishing policy options, see Set up Office 365 ATP anti-phishing
and anti-phishing policies.
 First steps to increase the security

1. Set up multi-factor authentication

2. Train your users

3. Use dedicated admin accounts

4. Raise the level of protection against malware

in mail

5. Protect against ransomware

6. Stop auto-forwarding for email

7. Use Office Message Encryption

8. Protect your email from phishing, malware,

and malicious links

https://docs.microsoft.com/en-us/office365/admin/security-and-
compliance/secure-your-business-data
Security related promotions, offers

 Security workshop
 Standalone Defender ATP
 Microsoft 365 Surface Offer
 Windows 7 ESU offers for E5
 Microsoft 365 E5 Offer
 Firstline Offer
Important sites

New name

Practice playbooks

Microsoft 365 for partners

Partner resources
Microsoft Cloud Accelerators for Microsoft 365

Magyar yammer partnercsatorna

Manage security with Microsoft 365

Remote work tech guide

Technical resources
M365 demos and labs

Microsoft 365 security documentation

 Quiz Partner Logo Here

How secure are you?

Take this 10-question quiz to find out if you are safe and secure, or if your
organization is at risk to become a cybercrime victim.

1 Do you have a Single Sign-On

(SSO) identity framework?
Pro Tip:
Explore Azure Active Directory
Yes, an Active Directory or Azure Cloud ID and Identity Protection to deploy
centralized cloud based identity for
Yes, we have single sign-on from another system in place your userbase. If possible use Multi
No, we do not use a centralized identity system or have Factor Authentication (MFA).
single-sign on deployed

Pro Tip:
Explore Azure cloud offerings to get
2 Which of the following is true about your Disaster
Recovery program?
your business set up with proper All critical systems and data are automatically backed up and are tamperproof
backup and recovery functions so
Our IT guy regularly conducts business continuity exercise drills
you can ensure data and services
are backed up and always available. We use a cloud based recovery service like Azure Site Recovery

3 Do you monitor for unauthorized intrusion activity?

Yes, we do have an intrusion detection system (IDS)
Pro Tip:
We can help design an IDS
Yes, our IT guy monitors for cyberattacks daily, somehow solution and tune detection
to fit your network and
No, we cannot monitor for such activities business needs.

Pro Tip:
You need to define a security policy
4 Do you have a security policy in place?
Yes, we do have a comprehensive security policy endorsed by
based on ISO 27001 to ensure management
compliance and alignment to best Yes, someone wrote a policy for us to follow
practices. We can help you write one
and get compliant! No, we do not have a complete security policy

5 How do you connect your

company to cloud services?
Pro Tip:
Evaluate Azure
Virtual Network and
We use VPN and/or SSL to securely access
Office 365 secure
hybrid cloud services
portal solutions for
We connect to the cloud via the Internet secure connectivity
to the cloud.
We do not use cloud services at this time
 Pro Tip:
Let us help you design a
6 How do you monitor for data leaks?
We do have a comprehensive data protection program
comprehensive data and in place with rule detection logic
information protection solution. Word of mouth, someone reported it
Azure and Office 365 can help
provide technology for both! We cannot track or monitor for data leaks

7 How long does it take to deploy

critical security updates to software?
Pro Tip:
Updating systems on time and taking the practice seriously is
It takes us 5-30 days and we strive to patch quickly paramount to the security of your environment.

We need 30+ days because it is a lot of work
We have to patch? Don’t systems patch themselves!?
It sounds simple, but in business environments there are a lot of
factors at play that could delay even critical updates. Explore the
adoption of Azure Cloud and PaaS and focus on running your
applications in an always up-to-date environment.

Pro Tip:
Define roles and responsibilities
8 How do you limit access to resources?
We have access control defined based on roles and
and look for a technology such responsibilities in AD groups
as Azure AD, and deploy access Everyone asks everyone for access to everything
control features to effectively
manage authentication and We don’t have any real means to reliably restrict access to
authorization to resources. services and data beyond authentication

9 Do you perform vulnerability assessments on

your environment?
Pro Tip:
Identify a vulnerability management service that has
We have a vulnerability management program and assessment cloud and internal offerings to be deployed in your
technology in place network. Consult with us to set up and tune the
scanner and train your IT pro to handle vulnerability
We let our IT admin run some scans at times or wait for others to expose reports. It requires management commitment to
our gaps remediate discovered issues.
We do not have a vulnerability scanner or process

Pro Tip:
Obtain a comprehensive solution for all
10 Are you prepared to deal with ransomware attacks
and demands?
systems. Patch your systems and apps We patch our systems regularly, remediate any potential risks quickly and have
regularly to ensure propagation of malware regular backups
using old bugs will not go far. Be aware of
zero-day potential risks by following our We have purchased enough Bitcoins to pay for ransoms, so we’re not worried
bug reports and awareness campaigns. if it happens
We are not prepared to handle malware and ransomware attacks at this point

Protect your organization from unnecessary security risks.

Most organizations don’t take action on cybersecurity until it’s too late, but a security breach could cost millions, drive away
customers, disrupt your business, and become a PR nightmare. If your answers to this simple security quiz have raised concerns Partner Logo Here
about your cybersecurity, contact us to learn how Microsoft 365 can help protect you against today’s evolving security threats.

Introducing Microsoft 365

Modern Workplace
Értékesítés
Bencsik László
2020.08.24
Evolving partner business model

-18% +10 % + +14 %

Deployment Advisory Business Managed

& adoption solutions services

Forrester 2019 Microsoft 365 Partner TEI study commissioned by Microsoft, year over year
 Microsoft 365
Opportunities for Partner Growth Advisory
& adoption

Business
solutions

Teamwork Security

Managed
services
Microsoft Teams
is the hub for teamwork in
Microsoft 365

Chats Meetings

Calls Office

Enterprise-grade security and compliance

Microsoft 365 Business Premium is stronger with security

+ +
Defend against Protect Manage
cyberthreats business data your devices

Office Advanced Threat Protection Office Data Loss Prevention Intune

Microsoft Defender Azure Information Protection P1 Windows Virtual Desktop

Azure Multi Factor Authentication Exchange Online Archiving

Office
Self Service Password Writeback Conditional Access Shared Computer Activation
 Understand the need

Map the need to the solution

Customers need technology

to them meet their goals Show the solution to the customer

Implement the solution

Provide value
 Employees
Understand
using personal the need

Some common problems

mobile devices
Map the need to the solution
Show the
PCssolution
refreshed to the customer

for customers
IT purchasing when dead
decisions Implement the solution
made “on the spot”
Provide value
Security is important
but things
evolve rapidly
New PCs
bought adhoc

Tech is “good
enough” but
not great
Things rarely
talk to each
Hardware can other
be costly
 Understand the need
What needs and scenarios resonate with your customer? Map the need to the solution
Show the solution to the customer
Need Scenario Implement the solution
Increase revenue through improving customer experience Communicate with customers for onlineProvide
meetingsvalue
with groups

Manage your customers effectively by keeping everything in one place

Store and share files with customers to engage them in proposals

Become more efficient and reduce cost Collaborate effectively documents to simplify the co-creation process

Manage projects, tasks, and deadlines to meet business objectives.

Automate repetitive tasks to save time

Ensure security and compliance Guard against external threats, including ransomware and phishing

Protect sensitive business and personal information to reduce risk

Help achieve compliance with industry and geographical standards

Ensure that the team stays connected and in sync Communicate with Firstline workers to connect them to the organization

Ensure employees stay productive whether remote or on the go, on any device
 Understand the need
Map need to solution Map the need to the solution
Show the solution to the customer
Need Solution Implement the solution
Increase revenue through improving customer experience Provide value
Teams with customer guest access enabled

Files stored in channels with appropriate guest access for customer collaboration
Teams meetings for professional meetings

Become more efficient and reduce cost All files in Teams and OneDrive to ensure effective internal document collab

Planner integration into Teams to track projects and ensure completion

PowerApps and Flow to automate common tasks and integrate into Teams

Ensure security and compliance Microsoft Defender AV and Office 365 ATP to protect against cyber threats

Azure Information Protection to protect internal information

DLP, Exchange Online Archiving, AIP to improve compliance posture

Ensure that the team stays connected and in sync Teams implemented for FLW, including use of Shifts to manage scheduling

Teams video meetings implemented to allow effective remote participation

Productivity Library

How Microsoft 365 improves productivity in your specific industry: Microsoft Productivity Library
 Understand the need
Map the need to the solution
Customer Digital Experiences Show the solution to the customer
Implement the solution
Provide value

What is it?
• Your one place for digital experiences for customers
• Split into demos and customer immersion experiences
• Product scenarios across Teams and Security

What you need to know

• Option to create new tenants
• Some demo scenarios have demo scripts
• Demo PPT walk throughs for select scenarios
 Understand the need
Showing the product best practices Map the need to the solution
Show the solution to the customer
Demo the product using the Customer Digital Experiences (CDX)
Implement the solution
Provide value

Replace Slides Whiteboard Encourage Play Encourage Interaction

Substitute slides with a demo of Have a story and use the Learning best occurs when a Sales insights are a product of
the product to show how the whiteboard to share with the customer feels comfortable and listening to peers discuss
solution could work key points with your customer interested in what they’re doing friction in the status quo

Cold Read Ask Questions, Listen Follow Interest Parking Lot

Understand your audience Ask open ended and obvious Preserve your agenda but be I don’t know is a good answer for
through body language, questions. Get your audience prepared to follow customer licensing and technical questions.
disposition and tone interacting and leading interest Don’t let the air go dead
 Understand the need

Give them confidence with a deployment plan

Map the need to the solution
Show the solution to the customer

Microsoft 365 Launchpad Secure Deployment Planning

Implement the solution
Provide value

What is it?
• Digitized deployment plan
• Set by step guide on implementing solution

What you need to know

• Covers basic deployment guidance (client, policies, devices)
• Deep dive into Security planning
• Deep dive into Windows 10 deployment
• Output in CSV or PDF

Available at aka.ms/partnerlaunchpad
Adoption is the most forgotten step
Understand the need
Map the need to the solution
Show the solution to the customer
Implement the solution
Provide value
Microsoft Modern Workplace Rebranding
New name Old name

Microsoft 365 Family Office 365 Home

For consumers
Microsoft 365 Personal Office 365 Personal

Microsoft 365 Business Basic Office 365 Business Essentials

Microsoft 365 Business Standard Office 365 Business Premium

For small and medium Microsoft 365 Business Premium Microsoft 365 Business
businesses
Microsoft 365 Apps
Office 365 Business
for business
Microsoft 365 Apps
Office 365 ProPlus
for enterprise
 Indicates sold as standalone
Microsoft 365 Packaging Indicates not sold standalone

Microsoft 365
Microsoft 365 Microsoft 365 Microsoft 365 Microsoft 365
Business
F1 F3 E3 E5
Premium
$4/u/m $10/u/m $32/u/m $57/u/m
$20/u/m

Microsoft 365 Business Teams (incl. Calendar, Shifts,

Tasks, Walkie Talkie)
Standard $12.50/u/m
SharePoint Kiosk
Office 365 F3 Office 365 E3 Office 365 E5
Office 365 Office 365 ATP $2/u/m
OneDrive (2GB)
$4/u/m $20/u/m $35/u/m
Planner
Stream (consumption only)
Exchange Online
Archiving $3/u/m Yammer

Microsoft Intune $6/u/m

Enterprise Azure Information EMS E3

EMS E3 EMS E3 EMS E5
Mobility & Protection Plan 1 $2/u/m
$9/u/m $9/u/m $9/u/m $15/u/m
Security
Azure Active Directory
Plan 1 $6/u/m

Windows 10 Windows 10
Windows 10
Enterprise E3 per Enterprise E5 per
Enterprise E3 per
Windows Windows 10 Business user
user
(Including VDA
user
(Including VDA
(Including VDA
rights) rights)
rights)1
$5/u/m $10/u/m

1No Windows 10 Enterprise LTSC. No MDOP. Other than the use of Windows Virtual Desktop, rights to access and use virtualized instances of Windows only apply to Licensed Users of a shared device with a Qualifying Operating System

Commercial USD ERP shown

Microsoft 365 Business Plan Comparison
Microsoft Microsoft Microsoft Microsoft
365 Apps 365 365 365
for Business Business Business
business1 Basic1 Standard1 Premium1
$8.25/u/m $5/u/m $12.5/u/m $20/u/m
Install Word, Excel, PowerPoint, Outlook, OneNote, Access2, and Publisher2 and on up to 5 PCs/Macs
⚫ ⚫ ⚫
Microsoft 365 Apps + 5 tablets + 5 smartphones per user
Commercial use rights for Office mobile apps and Office for the web ⚫ ⚫ ⚫ ⚫
Email & Calendar Exchange Plan 1 (50 GB mailbox) ⚫ ⚫ ⚫
Social & Intranet SharePoint, Yammer ⚫ ⚫ ⚫
Meetings, Calling & Microsoft Teams
⚫ ⚫ ⚫
Collaboration
OneDrive (1 TB) ⚫ ⚫ ⚫ ⚫
Files & Content
Microsoft Stream, Sway for Microsoft 365, Microsoft Forms3 ⚫4 ⚫ ⚫ ⚫
Planner, To-Do ⚫ ⚫ ⚫
Task Management
Bookings ⚫ ⚫
Power Platform Power Apps for Microsoft 3655, Power Automate for Microsoft 3655 ⚫ ⚫ ⚫
Mobile Device Management for Microsoft 3656 ⚫ ⚫ ⚫ ⚫
Device & App
Management Microsoft 365 Admin Center, Microsoft Intune, Windows AutoPilot, Fine Tuned User Experience ⚫
Windows Hello, Credential Guard and Direct Access7, Azure Active Directory Plan 1, Microsoft
Security and Advanced Threat Analytics, Defender Antivirus and Device Guard6, Azure Information Protection ⚫
Identity Plan 1, Windows Information Protection, BitLocker
Multi-factor authentication ⚫
Compliance Content Search, manual sensitivity and retention labels ⚫
Analytics Insights by MyAnalytics (Outlook plug-in) ⚫ ⚫ ⚫

See Speaker Notes for footnotes. Commercial USD ERP shown.

 Microsoft 365 Commercial Plan Comparison
M365 Apps for
enterprise1 M365 F1 M365 F3 M365 E32 M365 E52
$12/u/m $4/u/m $10/u/m $32/u/m $57/u/m
Operating System Windows 10 Enterprise upgrade ⚫ ⚫ ⚫
Install Word, Excel, PowerPoint, OneNote, Outlook, Access3, and Publisher3 on up to 5 PCs/Macs + 5 tablets + 5 smartphones per user ⚫ ⚫ ⚫
Microsoft 365 Apps
Commercial use rights for Office mobile apps and Office for the web ⚫ Read-only ⚫4 ⚫ ⚫
Exchange email ⚫5 ⚫ ⚫
Email & Calendar
Exchange calendar ⚫ ⚫ ⚫ ⚫
Social & Intranet SharePoint, Yammer ⚫6 ⚫6 ⚫ ⚫

Meetings, Voice & Teams ⚫7 ⚫7 ⚫ ⚫

Collaboration Phone System, Audio Conferencing ⚫
OneDrive 1 TB 2 GB 2 GB 5+ TB8 5+ TB8
Files & Content
Microsoft Stream, Sway for Microsoft 365 ⚫9 ⚫9 ⚫ ⚫
Microsoft Forms10, To-Do ⚫ ⚫ ⚫
Business Apps Planner ⚫ ⚫ ⚫ ⚫
Bookings15 ⚫ ⚫
Power Platform Power Apps for Microsoft 36511, Power Automate for Microsoft 36511 ⚫ ⚫ ⚫
Microsoft 365 Admin Center, Windows AutoPilot, Fine Tuned User Experience, Windows Analytics Device Health ⚫ ⚫ ⚫
Device & App
Microsoft Intune ⚫ ⚫ ⚫ ⚫
Management
Mobile Device Management for Microsoft 36512 ⚫ ⚫ ⚫ ⚫ ⚫
Windows Hello, Credential Guard and Direct Access13, BitLocker, Defender Antivirus and Device Guard13 ⚫ ⚫ ⚫
Azure Active Directory Plan 1, Microsoft Advanced Threat Analytics, Azure Information Protection Plan 1 ⚫ ⚫ ⚫ ⚫
Security
Azure Active Directory Plan 2, Microsoft Defender Advanced Threat Protection (ATP), Office 365 ATP Plan 2, Azure ATP ⚫
Cloud App Security ⚫
eDiscovery Content Search ⚫ ⚫ ⚫ ⚫
Manual sensitivity and retention labels ⚫14 ⚫ ⚫
Compliance Office 365 Data Loss Prevention (DLP) for email and files, eDiscovery Export, eDiscovery Hold, Litigation Hold, In-Place Hold, basic Audit, Email archiving ⚫ ⚫
Automatic classification and retention, Customer Key, Advanced Message Encryption, Insider Risk Management, Communication Compliance, Information
⚫
Barriers, Customer Lockbox, Privileged Access Management, Advanced Audit, Advanced eDiscovery
Insights by MyAnalytics (Outlook plug-in) ⚫ ⚫
Analytics MyAnalytics (dashboard, digests, inline suggestions) ⚫
Power BI Pro ⚫ shown.
See Speaker Notes for footnotes. Commercial USD ERP
 Office 365 Commercial Plan Comparison
M365 Apps for
enterprise1 O365 F3 O365 E1 O365 E3 O365 E5
$11/u/p $4/u/m $7/u/m $20/u/m $35/u/m
Install Word, Excel, PowerPoint, OneNote, Outlook, Access2, and Publisher2 on up to 5 PCs/Macs + 5 tablets +
⚫ ⚫ ⚫
Microsoft 365 Apps 5 smartphones per user
Commercial use rights for Office mobile apps and Office for the web ⚫ ⚫3 ⚫ ⚫ ⚫
Email & Calendar Exchange ⚫4 ⚫ ⚫ ⚫
SharePoint, Yammer ⚫5 ⚫ ⚫ ⚫
Social & Intranet
Bookings11 ⚫ ⚫

Meetings, Voice & Teams ⚫ ⚫ ⚫ ⚫

Collaboration Phone System, Audio Conferencing ⚫
OneDrive 1 TB 2 GB 5+ TB6 5+ TB6 5+ TB6
Microsoft Stream, Sway for Microsoft 365, Microsoft Forms7 ⚫8 ⚫ ⚫ ⚫
Files & Content
Mobile Device Management for Microsoft 3659 ⚫ ⚫ ⚫ ⚫ ⚫
Office 365 Cloud App Security ⚫
eDiscovery Search, manual sensitivity and retention labels ⚫ ⚫ ⚫ ⚫
Office 365 Data Loss Prevention (DLP) for email and files, eDiscovery Export, eDiscovery Hold, Litigation Hold,
⚫ ⚫
In-Place Hold, basic Audit, Email archiving
Compliance
Automatic classification and retention10, Customer Key, Advanced Message Encryption, Communication
Compliance, Information Barriers, Customer Lockbox, Privileged Access Management, Advanced Audit, ⚫
Advanced eDiscovery
Insights by MyAnalytics (Outlook plug-in) ⚫ ⚫ ⚫
Analytics MyAnalytics (dashboard, digests, inline suggestions) ⚫
Power BI Pro ⚫

See Speaker Notes for footnotes. Web Direct/Base Price shown.

Firstline Worker Plan Comparison
Microsoft 365 F1 Microsoft 365 F3 Office 365 F3 Microsoft Product Terms:
$4/u/m $10/u/m $4/u/m 2.1.3 Microsoft 365 F1/F3
(New as of 4/1/20) (Renamed from M365 (Renamed from O365 2.1.3.1 License Eligibility for Firstline
F1 as of 4/1/20) F1 as of 4/1/20) Worker Licenses
Microsoft 365 and Office 365 Firstline
Microsoft Intune ⚫ ⚫ Worker licenses may only be assigned to
users who satisfy one or more of the
Azure Active Directory P1 ⚫ ⚫ following conditions:
EMS • Uses a primary device with a single
SMS Sign In and Shared Device Sign Out ⚫ ⚫ screen smaller than 10.1”
• Shares their primary work device with
Advanced Threat Analytics, Advanced Information Protection P1 ⚫ ⚫ other licensed Microsoft or Office 365
Firstline Worker licensed users, during
Windows 10 E31 ⚫ or across shifts.
Windows o Other licensed Microsoft
Windows Virtual Desktop Rights ⚫ Firstline Worker users must also
use the device as their primary
Microsoft Teams ⚫ ⚫ ⚫ work device.
o Any software or services
Includes Calendar, Shifts, Tasks, and Walkie Talkie ⚫ ⚫ ⚫ accessed from the shared device
requires the device or users to
Yammer, SharePoint2 ⚫ ⚫ ⚫ be assigned a user license that
includes use of those software or
Office for the web and Office Mobile apps3 Read-only ⚫ ⚫ services.

Forms (create/share/manage)4 ⚫ ⚫ Qualifying Microsoft 365 and Office 365

Firstline Worker licenses include Microsoft
Office 365 OneDrive storage 2 GB 2 GB 2 GB 365 F1, Microsoft 365 F3, and/or Office 365
F3.
Exchange email5 2 GB 2 GB
Customers who had Microsoft 365 F1/F3
licensed users prior to June 1, 2020
Planner ⚫ ⚫ ⚫ (Impacted Customers) may license
additional users with the same or
Power Automate for Microsoft 3656 ⚫ ⚫ equivalent service, under the Microsoft 365
F1 License Eligibility terms in the
Power Apps for Microsoft 3656 ⚫ ⚫ November 1, 2019 Product Terms, until the
end of the Impacted Customer’s
Stream7 ⚫ ⚫ ⚫ subsequent subscription renewal term.
1Windows 10 E3 per user includes cloud management and virtualization
2Cannot be administrators. No site mailbox. No personal site. 1TB shared storage.
3Commercial use of mobile apps limited to devices with integrated screens 10.1” diagonally or less
4Does not include Forms Pro capabilities. F1 users can complete/respond to forms/surveys as this does not require a Forms license.
5Does not include Outlook desktop integration or voicemail. M365 F1 includes Exchange K service plan to enable Teams calendar only with no email rights.
6Includes 2000 API requests/day. Additional capacity available by purchasing the Power App and Power Automate additional capacity add-on.
7Includes consumption only, no publish/share
 Detailed Comparison of Office Client Commercial Offerings
Office Standard
Applications Word
Excel
PowerPoint
OneNote
Outlook
Publisher
Access
Skype for Business 2019
Premium Value Volume Activation
Group Policy1
Shared Computer Activation
App Telemetry
Update Controls
Apply Personal Retention Policies2
Access Site Mailboxes2
Access In-Place Archive Folder2,3
Spreadsheet Compare & Inquire
Business Intelligence
Create IRM2
Data Loss Prevention2
Cloud Value Groups
Office Deployment Tool
Roaming Documents & Settings
1 TB OneDrive for business
Licensing Licensing Model Per Device
License Type Perpetual5
PC/Mac Installs7
iOS/Android Smartphone Installs7
Tablet Installs7
Office RT Commercial Rights
Office for the web
See speaker notes section for footnotes
Office Professional Microsoft 365 Apps Microsoft 365 Apps
2019 Plus 2019 Office for Mac 2019 for business9 for enterprise10
● ● ● ● ●
● ● ● ● ●
● ● ● ● ●
● ● ● ● ●
● ● ● ● ●
● ● ● ●
● ● ●
●
● ● ●
● ● ●
●
● ● ● ●
● ● ● ●
● ● ●5
● ● ●5
● ● ● ●5
● ●5
● ●5
● ● ●
● ●5
● ●
● ●
● ●
● ●
Per Device Per Device Per User Per User
Perpetual5 Perpetual5 Subscription Subscription
1 1 1 5 5
N/A N/A N/A 5 5
N/A N/A N/A 5 5
● ● ● ● ●
●7 ●7 ●7 ● ●
Important sites
New name

Partner Incentives

Offers Microsoft 365 Partner Accelerators

Online Services Usage incentives

Microsoft 365 for partners

Microsoft 365 learning paths

Remote Work Resource Center

Resources
M365 Sales Tools

https://www.microsoft.com/microsoft-365/partners/resources

Magyar yammer partnercsatorna