Baseline - Applications, products, and features available with A1 license

Analytics

Microsoft Compliance Management

Microsoft Compliance Management is a suite of tools and services designed to help organizations manage their compliance requirements effectively. At the heart of this suite is Microsoft Purview Compliance Manager, which offers a range of features to simplify compliance and reduce risk. Here's a brief overview of what Compliance Manager provides:

Management: Offers end-to-end compliance management capabilities, including easy onboarding, workflow management, control implementation, and evidence cataloging.
Scalable assessments: Provides ready-to-use, customizable, and multicloud regulatory assessment templates to meet various business and regulatory needs.
Built-in capabilities: Includes in-product capabilities such as compliance score, control mapping, versioning, and continuous control assessments to reduce compliance risks.

Compliance Manager helps organizations meet multicloud compliance requirements across global, industrial, or regional regulations and standards. It also provides a risk-based compliance score to help prioritize the most impactful actions.

For educational institutions, Microsoft Entra ID for Education offers a secure and unified identity for students, faculty, and staff, integrating seamlessly with Student Information Systems (SIS) and Learning Management Systems (LMS) for automated user provisioning and rostering.

Compliance Manager

Education analytics

Microsoft offers a suite of tools and solutions under the umbrella of education analytics, designed to help educators and institutions make data-driven decisions. Here's an overview of what Microsoft provides in this space.

Education Insights in Microsoft Teams

Holistic view: Education Insights connects with key apps like Learning Accelerators to provide a comprehensive view of student well-being.
Actionable data: It empowers educators to explore actionable student data, analyze trends, and identify students who may need additional support.
Integrated experience: Built into Teams, Education Insights offers an at-a-glance dashboard with detailed student reports and class overviews.

Data analytics and AI solutions

Comprehensive solutions: Microsoft explores what a data analytics and AI solution can look like, including data governance, machine learning, and visualizations.
K-12 Focus: Addressing critical K-12 education challenges, these tools provide real-time analytics of student progress and activity within a class team.

These tools are designed to help educators make informed decisions to support each student's unique needs and to drive continuous improvement in education systems

Productivity Score

Microsoft Productivity Score is a tool designed to help organizations, including educational institutions, understand and improve the way work gets done across their organization. Here's how it can be applied in the context of education:

Visibility into digital transformation: Productivity Score provides insights into how educators and students are using Microsoft 365 tools. This visibility can help educational leaders understand the adoption and usage patterns of digital tools in their institution.
Insights for improvement: By analyzing data on communication, content collaboration, mobility, and teamwork, Productivity Score identifies areas where the institution can improve the digital experience for both educators and students.
Actionable recommendations: The tool offers recommendations on how to optimize the use of Microsoft 365 tools. For example, it can suggest training for educators on how to use Teams more effectively for remote learning.
Enhancing collaboration: Productivity Score can highlight how well educators and students are collaborating using digital tools. This information can inform decisions on professional development and the adoption of new collaboration practices.
Supporting student outcomes: By improving the way educational tools are used, institutions can create a more engaging and efficient learning environment, which can contribute to better student outcomes.
Data-driven decision making: The insights provided by Productivity Score can support data-driven decision-making, helping institutions to allocate resources more effectively and to identify and address potential issues early on.
Privacy and security: Microsoft emphasizes privacy and security in its tools. Productivity Score is designed to provide insights without compromising the privacy of individuals.

In summary, Microsoft Productivity Score can be a valuable asset for educational institutions looking to enhance their digital transformation efforts, improve collaboration, and ultimately support better educational outcomes.

Secure Store

Microsoft Secure Store can play a significant role in education by providing a secure way to store and manage credentials for accessing external systems and services. Here's how it can be utilized in an educational setting:

Secure access to external data: Educational institutions often need to connect to external data sources for reporting and analytics. Secure Store allows them to store the credentials required for these connections securely.
Shared credentials: In scenarios where a group of users, such as a department or a class, need to share a common set of credentials to access an external system, Secure Store can map these credentials to the group, ensuring secure and seamless access.
Integration with SharePoint: Secure Store is commonly used with SharePoint Server for business intelligence service applications. This integration allows SharePoint to use a set of credentials to access external data on behalf of a user, enabling personalized dashboards and reports.
Enhanced security: By using Secure Store, institutions can avoid storing credentials in plain text or in less secure locations, reducing the risk of credential theft.
Simplified management: Administrators can manage credentials centrally, making it easier to update or rotate passwords without disrupting access for users.
Compliance: Secure Store helps institutions meet compliance standards by safeguarding sensitive student information and controlling how it's shared and accessed.
Flexibility: It provides flexibility in how credentials are mapped, allowing for different mappings based on user roles or other criteria.
Ease of use: Once configured, Secure Store operates transparently to the end-users, providing a seamless experience when accessing external systems.
Documentation and support: Microsoft provides comprehensive documentation and support for Secure Store, making it easier for institutions to implement and manage.

By using Microsoft Secure Store, educational institutions can ensure that their connections to external systems are secure, while also simplifying the management of credentials and maintaining compliance with data protection standards

Automation, app building, and chat bots

Power Apps for Microsoft 365

Power Apps for Microsoft 365 can be incredibly beneficial in educational settings. Here are some key ways it can be used:

Custom applications: Educators can create custom apps tailored to their specific needs, such as tracking student progress, managing classroom activities, and automating administrative tasks.
Engagement: Students can interact with these apps on their devices, whether they're in the classroom or learning remotely, making education more accessible and engaging.
Efficiency: By automating routine tasks, educators can save time and focus more on teaching and student interaction.
Data management: Power Apps integrates with other Microsoft 365 tools, allowing for seamless data management and analysis.

Power Apps
Microsoft Power Apps and Microsoft Power Automate
Discover Power Apps for Educators and reclaim your time 101

Power Automate for Microsoft 365

Power Automate for Microsoft 365 can be a game-changer in the education sector, helping educators and administrators streamline their workflows and save valuable time. Here are some key ways it can be used:

Automating routine tasks: Educators can automate repetitive tasks such as sending reminder emails, updating attendance records, or scheduling announcements. This automation frees up time for more critical activities like lesson planning and student engagement.
Streamlining communication: Power Automate can help manage communication by automatically sorting emails, sending notifications, and even translating messages for non-English speaking parents.
Data management: Teachers can use Power Automate to collect and analyze data from various sources, such as Microsoft Forms and Power BI. This analysis can help track student performance, generate reports, and make data-driven decisions.
Enhancing collaboration: By integrating with Microsoft Teams, Power Automate can facilitate better collaboration among staff and students. For example, it can automatically post updates to Teams channels or create tasks in Microsoft Planner.
Custom workflows: Educators can create custom workflows tailored to their specific needs, such as automating the registration process for courses or school events, and collecting instructional feedback.

If you're interested in getting started, Microsoft offers various templates and training resources to help educators use Power Automate effectively.

Flow templates for educators
Use Power Automate to increase productivity

Power Virtual Agent for Teams

Power Virtual Agents for Microsoft Teams can be a fantastic tool in the education sector. It allows educators and administrators to create chatbots that can assist with various tasks, enhancing communication and efficiency within educational institutions. Here are some ways Power Virtual Agents can be used in education:

Student support: Chatbots can answer frequently asked questions about school policies, schedules, and events, providing instant support to students.
Administrative assistance: Automate routine administrative tasks such as scheduling appointments, sending reminders, and collecting feedback.
Learning resources: Provide students with quick access to learning materials, homework help, and study tips.
Parent communication: Keep parents informed about their child's progress, upcoming events, and school announcements.
Technical support: Offer immediate assistance for common technical issues related to online learning platforms and tools.

Power Virtual Agents for Teams is integrated with Microsoft 365, making it accessible without additional premium licensing. It also supports the use of Power Automate to connect with other systems and perform complex workflows. This integration can significantly streamline processes and improve the overall educational experience.

An Introduction to Power Virtual Agents for Microsoft Teams
Add Power Virtual Agents chatbot
Power Virtual Agents & Adaptive Cards in Microsoft Teams

Dataverse for Teams

Microsoft Dataverse for Teams is a powerful tool for educational settings, providing a low-code data platform within Microsoft Teams. Here are some key benefits and uses:

Custom app development: Educators and students can build custom apps directly within Teams to manage classroom activities, track assignments, and more.
Data management: Dataverse for Teams allows for the creation and management of relational data tables, making it easier to organize and analyze educational data.
Integration with Microsoft 365: Seamlessly integrates with other Microsoft 365 tools, enhancing collaboration and data sharing across the educational institution.
Security and governance: Provides enterprise-grade security and governance, ensuring that educational data is protected and managed effectively.

Overview of Microsoft Dataverse for Teams
About the Microsoft Dataverse for Teams environment

Classroom tools

Classroom experience in Microsoft Teams

Microsoft Teams offers a robust classroom experience designed to enhance collaboration and learning for both students and educators. Here are some key features:

Class Teams: Teachers can create dedicated class teams where they can manage assignments, share resources, and communicate with students.
Assignments and grades: Educators can create, distribute, and grade assignments directly within Teams. Students can submit their work, and teachers can provide feedback all in one place.
Class notebook: This feature allows for a digital binder where students can take notes, and teachers can share handouts and collaborate with students.
Meetings and live events: Teachers can hold virtual classes with video and audio conferencing, share their screen, and record sessions for later viewing.
Classwork app: A streamlined way to manage class materials and assignments, making it easier for both teachers and students to stay organized.
Integration with other tools: Teams integrates with other Microsoft 365 tools like OneNote, Word, Excel, and PowerPoint, as well as third-party educational apps.

These features aim to create an engaging and interactive learning environment, whether in-person or remote.

Achieve more in the classroom with new Teams features
Empower your school with Microsoft Teams

Microsoft Whiteboard

Microsoft Whiteboard is a versatile tool designed to enhance the educational experience by fostering collaboration and creativity. Here are some key features and benefits for educators:

Interactive lessons: Teachers can create dynamic lessons using the infinite canvas, allowing for real-time collaboration and brainstorming.
Hybrid learning: Whiteboard supports both in-person and remote learning environments, making it easy to engage students regardless of their location.
Digital collaboration: Students can contribute to the whiteboard from their own devices, adding notes, images, diagrams, and more.
Integration with Microsoft 365: Seamlessly integrates with other Microsoft tools like OneNote, Teams, and Office apps, enhancing the overall learning experience.
Creative tools: Features like Ink Beautification, different ink styles, and education-themed stickers help make lessons more engaging and visually appealing.
Accessibility: Supports various input methods including touch, pen, and keyboard, making it accessible for all students.

These features make Microsoft Whiteboard a powerful tool for creating an interactive and engaging classroom environment.

Introducing Microsoft Whiteboard for Education
Whiteboard for educators

OneNote Class Notebook

OneNote Class Notebook is a powerful tool for educators, offering a range of features to enhance classroom organization and collaboration. Here are some key aspects:

Personal workspace: Each student gets a private notebook that is only accessible to them and the teacher. This space can be used for taking notes, completing assignments, and receiving personalized feedback.
Content library: Teachers can share handouts, lesson plans, and other resources in a read-only section that all students can access.
Collaboration space: This area allows students to work together on projects and activities, fostering teamwork and interactive learning.
Integration with Microsoft 365: OneNote seamlessly integrates with other Microsoft tools like Teams, Word, Excel, and PowerPoint, making it easy to incorporate various types of content into your lessons.
Accessibility and flexibility: OneNote supports multiple input methods, including typing, handwriting, and drawing, making it accessible for all students. It also works across different devices, so students can access their notebooks from anywhere.
Interactive lessons: Teachers can embed multimedia content, such as videos and audio recordings, to create engaging and interactive lessons.

OneNote Class Notebook
OneNote for Education

Minecraft Education

Minecraft Education is a game-based learning platform that promotes creativity, collaboration, and problem-solving in an immersive digital environment. Here are some key features and benefits:

Subject integration: Minecraft Education supports a wide range of subjects including math, science, history, and language arts. Teachers can use pre-built lessons or create their own to align with curriculum standards.
Interactive learning: Students can engage in hands-on learning experiences, such as building historical landmarks, conducting virtual science experiments, or exploring mathematical concepts through block-based activities.
Collaboration and communication: The platform encourages teamwork and communication as students work together on projects and challenges. Teachers can monitor and guide student interactions in real-time.
Coding and computer science: Minecraft Education includes coding lessons and activities that teach students programming concepts using block-based coding and JavaScript.
Accessibility and inclusivity: The game is designed to be accessible to all students, with features that support diverse learning needs and styles.
Global community: Educators can connect with a global community of Minecraft users to share resources, ideas, and best practices.

These features make Minecraft Education a versatile tool for enhancing student engagement and learning outcomes.

MineCraft Education
Why Minecraft Education
Get and deploy Minecraft Education

Learning tools

Take a Test app

Microsoft Take a Test app is a specialized application designed for secure online assessments. It's particularly useful in educational settings where maintaining the integrity of the testing environment is crucial. Here's a brief overview of its features and functionality:

Secure browser: The app functions as a secure browser that can be configured to only allow access to specific URLs or a list of URLs.
Lockdown environment: During a test, the app locks down the device, preventing access to other applications, system settings, and features like printing and screen capture.
Kiosk mode: For high-stakes assessments, the app can be run in kiosk mode, which restricts the device to only run the Take a Test app.
Customizable links: Teachers can create secure assessment links that students can use to access tests through the app.
MDM policies: Mobile device management policies are applied to further lock down the PC during a test.
Group policy integration: The app integrates with Group Policy to ensure the proper lockdown of the device during assessments.

The Take a Test app is part of Windows Education and is available on Windows 10, Windows 11, and Windows 11 SE. It's a powerful tool for educators to conduct digital assessments securely.

Set up School PCs app

Setting up school PCs can be streamlined using the Set up School PCs app from Microsoft. This app is designed to help IT administrators and technical teachers quickly configure Windows devices for students. Here's a step-by-step guide to get you started:

Review requirements:
- Ensure you have Microsoft Entra ID and Microsoft 365 licenses.
- Download the latest Set up School PCs app from the Microsoft Store.
- Prepare an NTFS-formatted USB drive with at least 1 GB of space.
- Make sure student devices are within range of the Wi-Fi network you configured in the app or have a wired Ethernet connection during setup.
Create the provisioning package:
- Open the Set up School PCs app on your admin device.
- Follow the on-screen instructions to create a provisioning package with the desired settings for your student PCs.
- Save the package to your USB drive.
Run the package on student devices:
- Insert the USB drive into each student device.
- The app automatically configures the devices with the settings optimized for education, including joining the school network and applying the necessary policies.
Manage devices with Intune:
- During setup, student devices can be enrolled in Microsoft Intune for ongoing management.
- This allows you to manage all the settings configured by the app through Intune.
Reset devices if needed:
- If you need to apply a new package to a device that's already set up, you might need to reset the device to a clean state.
- To reset a device, go to Settings > Update & Security > Recovery > Reset this PC and select Remove everything.

Remember, it's recommended to run the same Windows build on the admin device and the student devices for the best experience. Also, make sure the student devices meet the OS requirements for the app, which can be found in the app's description on the Microsoft Store.

Content services

Microsoft Stream

Microsoft Stream is an enterprise video platform integrated within Microsoft 365. It allows you to record, upload, share, and manage videos seamlessly across various Microsoft 365 apps like Teams, SharePoint, and OneDrive. Here are some key features:

Video management: Easily organize and manage your videos just like any other document.
Collaboration: Share videos and collaborate with comments, @mentions, and reactions.
Accessibility: Automatically generated captions and transcripts in multiple languages.
Integration: Embed videos directly into Teams channels, SharePoint sites, and other Microsoft 365 apps.
Analytics: Measure engagement and effectiveness with detailed analytics.

Stream also includes AI-powered tools to help you quickly summarize videos, extract key details, and locate important sections.

Microsoft Stream

Microsoft Stream (on SharePoint)

Microsoft Forms

Microsoft Forms is a versatile tool for educators, offering a range of features to enhance teaching and learning experiences. Here are some key aspects of Microsoft Forms for education:

Create assessments: Easily create quizzes, surveys, and polls to assess student understanding and gather feedback from parent. Learn more.
Real-time collaboration: Share forms with other educators to collaborate on creating assessments and survey. Learn more.
Built-in analytics: Use analytics to evaluate quiz results and gain insights into student performance. Learn more.
Accessibility: Forms can be accessed on any device, making it easy for students to complete assessments from anywhere. Learn more.
Integration: Seamlessly integrate with other Microsoft 365 apps like Teams and OneNote for a cohesive educational experience. Learn more.
Customization: Use templates and customize forms to suit your specific needs, including adding math symbols and branching logic.

Microsoft Forms for Education

Microsoft Forms Tips for Education

Microsoft Lists

Microsoft Lists is a powerful tool for educators, students, and administrators to organize and manage information efficiently. Here are some key features and benefits of using Microsoft Lists in an educational setting:

Organization: Create and manage lists for tracking assignments, lesson plans, student information, and classroom assets. Use ready-made templates like Work Item Tracker, Asset Manager, and Event Itinerary to get started quickly.
Collaboration: Share lists with students and colleagues to collaborate in real-time. Lists can be integrated into Microsoft Teams channels, allowing for seamless communication and updates.
Customization: Customize lists with different views, filters, and color formatting to highlight important information. You can also attach files and set due dates to keep everyone on track.
Accessibility: Access and edit lists from any device, including mobile, making it easy to stay organized on the go.
Security: Benefit from enterprise-grade security as part of Microsoft 365, ensuring that your data is protected.

Microsoft Lists helps streamline classroom management and enhances productivity, making it easier to focus on teaching and learning.

Organize School and Class Information with Microsoft Lists

Lists for Education

Microsoft Search

Microsoft Search is a robust enterprise search solution that helps users find the information they need across their organization's digital landscape. Here are some key aspects of Microsoft Search:

Unified search experience: Microsoft Search provides a consistent search experience across various Microsoft 365 apps and services, including Office, Outlook, SharePoint, OneDrive, Bing, and Windows.
Contextual results: It delivers results that are relevant to the context of the app you're searching from. For example, searching in Outlook prioritizes emails in the results.
Enterprise-level security: The search experience is secure and respects the permissions and access controls defined within your organization.
Productivity boost: By integrating with the tools you already use, Microsoft Search helps increase productivity by reducing the time spent looking for information.
Intelligent recommendations: It offers suggestions for relevant files and SharePoint sites based on your recent activity and interactions within your organization.

Microsoft Search in Education is a powerful tool designed to enhance the learning experience by making it easier for educators, students, and school administrators to find the information they need. Here are some key features:

Dedicated school page: When you search for school info, all relevant results appear on a dedicated School page, helping keep the focus on the classroom.
Class info access: See your current class list on your profile and access info, sites, and files you have permission to view.
Manage assignments: Get a full list of your upcoming assignments sorted by date, with links to instructions and submission options.
Daily dashboard: View upcoming events on your calendar, recent files, and links to popular searches or sites at your school.
Windows Search integration: Use Windows Search for fast access to school answers and relevant results right in the preview pane.
SafeSearch: SafeSearch is set to strict by default for web results to help keep users safe when searching on Bing.

Intelligent search for a connected classroom
A new way to search at school with Microsoft Search in Bing
Search Progress and Search Coach

Microsoft Graph API

Microsoft Graph API is a powerful tool that allows developers to access data and intelligence across Microsoft 365 services. It's a RESTful web API that enables you to interact with resources such as users, groups, mail, and files in a unified way. Here's a brief overview of what you can do with the Microsoft Graph API:

Access data: Retrieve data from various Microsoft 365 services, including Azure Active Directory, Outlook, OneDrive, Microsoft Teams, OneNote, and more.
Perform actions: Create, update, and delete resources like users, groups, and files.
Use query parameters: Customize the data returned by the API using OData query parameters.
Handle errors: Manage errors and responses to ensure your application can handle different scenarios.
Paging: Work with large datasets by paging through results.

For educational institutions, the Microsoft Graph API can be particularly useful for automating administrative tasks, integrating with learning management systems, and creating custom reports and dashboards. It provides a single endpoint that you can use to access rich data and insights.

Data lifecycle management

Manual retention labels in Microsoft 365 allow users to classify content for retention or deletion based on the organization's compliance policies. Here's how they work and how you can use them:

Applying manual retention labels

User-driven classification: Users can manually apply retention labels to content in Outlook, OneDrive, SharePoint, and Microsoft 365 groups.
Content-specific retention: This approach is beneficial because users often have the best understanding of the content they're working with and can classify it accordingly.

Creating and publishing retention labels

Admin configuration: Administrators can create retention labels in the Microsoft Purview compliance portal.
Label policies: Once created, these labels can be published by using a retention label policy, making them available for users to apply.
Adaptive or static scopes: Admins can decide whether the policy will be adaptive or static, and configure it accordingly.

Benefits of manual retention labels

Granular control: Provides item-level control over retention and deletion, which is particularly useful for records management.
Compliance: Helps organizations comply with regulations by retaining content for the required period and deleting it when it's no longer needed.

Steps to apply retention labels

Create retention labels: Admins create the necessary retention labels in the compliance portal.
Publish labels: The labels are published using a retention label policy.
User application: Users can then manually apply these labels to emails and documents as needed.

Manual retention labels are a powerful feature for organizations looking to manage their data lifecycle effectively. They provide flexibility and control, allowing for compliance with various regulatory requirements.

Learn about retention policies and retention labels
Publish retention labels and apply them in apps

Manual retention schedule

A manual retention schedule is a plan that outlines how long records should be kept and when they should be disposed of. It's an essential part of records management, ensuring that information is retained for as long as it's needed for legal, operational, or historical purposes, and then properly disposed of when it's no longer required.

Here's a step-by-step guide to creating a manual retention schedule:

Inventory your records: Identify all the records your organization creates and maintains.
Appraise the records: Determine the value of each record series and how long they need to be kept to meet legal, fiscal, administrative, and historical requirements.
Define retention periods: For each record series, specify the length of time it should be retained. This period can be based on regulatory requirements, business needs, or best practices.
Document the schedule: Create a document that lists all record series and their corresponding retention periods. Include instructions for what should happen to the records at the end of their retention period (for example, destruction, archival transfer).
Implement the schedule: Apply the retention periods to your records management system and ensure that all staff members are aware of and follow the schedule.
Review and update regularly: Periodically review the schedule to ensure it remains up-to-date with current laws and business needs.

Remember, the specific retention periods can vary depending on the type of record and the jurisdiction you're in. It's important to consult with legal counsel or a records management professional to ensure compliance with all applicable laws and regulations.

Common settings for retention policies and retention label policies

Data loss prevention (DLP)

DLP for emails and files

Data loss prevention (DLP) is a critical security measure for protecting sensitive information in emails and files. Here's a brief overview of how DLP works and its importance.

DLP for emails

Monitoring: DLP tools monitor email communications to detect if sensitive data is at risk of being lost or stolen.
Detection: They use rules and policies to identify sensitive information, such as intellectual property or personal data, within email content and attachments.
Prevention: DLP can block or flag emails that violate security policies, preventing data leaks.

DLP for files

Classification: Files are scanned and classified based on the sensitivity of their content.
Protection: Policies are applied to restrict access to sensitive files and prevent unauthorized sharing.
Tracking: DLP solutions track the movement of sensitive files to ensure they aren't transferred inappropriately.

Benefits of DLP

Compliance: Helps organizations comply with regulations like HIPAA and GDPR by protecting sensitive data.
Risk reduction: Reduces the risk of data breaches and leaks, which can lead to financial and reputational damage.
Visibility: Provides visibility into data usage and movement within the organization.

Implementing DLP for emails and files is essential for any organization that handles sensitive information, as it helps safeguard against accidental or malicious data loss.

Microsoft Purview Data Loss Prevention

eDiscovery and auditing

Content Search

Microsoft Content Search is a feature within the Microsoft Purview compliance portal that allows you to search for in-place content across various Microsoft 365 data sources. Here's a quick overview of how it works and what you can do with it.

Data sources:

Exchange Online mailboxes: Search through emails.
SharePoint Online sites and OneDrive accounts: Look for documents and other files.
Microsoft Teams: Find conversations and files shared within Teams.
Microsoft 365 groups and Viva Engage groups: Search for content within these collaboration spaces.

Key features:

Search queries: You can create and run search queries to find specific items.
Preview results: After running a search, you can preview the results directly in the portal.
Export results: Export the search results to a local computer for further analysis.
Permissions: Requires appropriate permissions, such as being a member of the eDiscovery Manager role group.

Usage scenarios:

Compliance and legal investigations: Find content related to legal cases or compliance requirements.
Data management: Locate and manage data across your organization's Microsoft 365 environment.
Security: Identify and address potential security issues by searching for specific keywords or patterns.

Getting started:

To use Content Search, you need to have the necessary permissions in the compliance portal.
You can access Content Search by navigating to the Microsoft Purview compliance portal and selecting Content search from the left navigation pane.

Note: In an Exchange hybrid deployment, you can search for Teams chat data in on-premises mailboxes, but you can't use Content Search to search emails in on-premises mailboxes.

Audit (Standard)

Microsoft Purview Audit (Standard) is a feature that allows organizations to log and search for audited activities across various Microsoft 365 services. It's designed to help with forensic, IT, compliance, and legal investigations. Here's a brief overview of its capabilities.

Key features:

Enabled by default: Audit (Standard) is turned on by default for all organizations with the appropriate subscription.
Searchable audit events: Supports thousands of searchable audit events, capturing a wide range of activities performed by users and admins.
Audit log retention: Audit records are retained and searchable in the audit log for 180 days.
Permissions: Admins and members of investigation teams must be assigned the View-Only Audit Logs or Audit Logs role to search or export the audit log.

Usage scenarios:

Security events: Respond to security events by searching for specific activities.
Compliance obligations: Meet compliance obligations by providing visibility into activities performed across the organization.
Internal investigations: Assist in internal investigations by logging and searching for audited activities.

Getting started:

Verify subscription and licensing: Ensure your organization has the appropriate subscription and per-user licensing.
Assign permissions: Assign the necessary permissions to access the audit log search tool.

Audit (Standard) provides a foundational level of auditing capabilities, while Audit (Premium) offers additional features such as longer retention periods and intelligent insights.

eDiscovery (Standard) (including holds and export)

Microsoft Purview eDiscovery (Standard) is a tool designed to help organizations manage their legal and compliance needs by providing a way to identify, hold, and export content found in Microsoft 365 services. Here's a brief overview of its capabilities.

Key features:

Case management: Create eDiscovery cases to manage related searches, holds, and exports.
Role-based access: Assign eDiscovery managers to specific cases, ensuring they can only access the cases they're members of.
Search and export: Perform searches across Microsoft 365 data sources and export the results for further analysis.
eDiscovery holds: Place holds on content locations to preserve data that's relevant to a case.

Data sources:

Exchange Online: Search for emails.
SharePoint Online and OneDrive: Look for documents and other files.
Microsoft Teams: Find conversations and files shared within Teams.
Microsoft 365 groups and Viva Engage groups: Search for content within these collaboration spaces.

Usage Scenarios:

Legal investigations: Collect and preserve data for legal cases.
Compliance requirements: Ensure data is retained and available for compliance audits.
Data management: Locate and manage data across your organization's Microsoft 365 environment.

Getting started:

Verify licensing: Ensure your organization has the appropriate Microsoft 365 licensing.
Assign permissions: Assign the necessary eDiscovery permissions to users who need access to the tool.
Create cases: Set up eDiscovery cases and add members as needed. eDiscovery (Standard) builds on the basic search and export functionality of Content Search by adding case management and eDiscovery holds

Email/calendar and scheduling

Exchange Online Protection

Exchange Online Protection (EOP) is a cloud-based email filtering service that helps protect your organization against spam, malware, phishing, and other email threats. It's included in all Microsoft 365 organizations with Exchange Online mailboxes and can also be used to protect on-premises mailboxes and in hybrid environments. Here's a brief overview of what EOP offers:

Anti-malware protection: Scans emails and attachments for malware and delivers suspicious items to quarantine.
Anti-spam protection: Identifies and filters out spam emails.
Anti-phishing protection: Detects and blocks phishing attempts, including spoofing.
Policy filtering: Allows you to create custom mail flow rules for more control over email processing.
Connection filtering: Checks the sender's reputation to block messages from known spam sources.

EOP is designed to work seamlessly with Exchange Online and can be customized to fit the specific needs of your organization. You can adjust the default security settings, create custom policies, or apply preset security policies for enhanced protection.

Exchange Online Protection

Exchange Plan 1

Exchange Online Plan 1 offers a 50-GB mailbox for each user. Here are some key features:

Mailbox size: 50 GB per user.
Message size: Supports messages up to 150 MB.
Outlook on the Web: Provides a premium browser-based experience.
Focused inbox: Helps you track important emails.
In-place archive: Automatically moves old messages to an archive.

Compare Exchange Online plans

Outlook for desktop

The Outlook desktop app is a powerful tool for managing your emails, calendars, contacts, and tasks all in one place. Here are some key features:

Unified Inbox: Manage multiple email accounts (Outlook.com, Gmail, Yahoo! Mail, iCloud, etc.) from a single interface.
Calendar integration: Schedule meetings, set reminders, and share your calendar with others.
AI-powered tools: Get intelligent suggestions for writing emails, including grammar and spelling checks.
Customization: Personalize your experience with themes, fonts, and different view options (roomy, cozy, compact).
Productivity enhancements: Schedule emails to be sent later, undo sent emails within 10 seconds, and get reminders for follow-ups.

Try Outlook for Windows
Download Outlook for Windows

Microsoft Shifts

Microsoft Shifts can be a valuable tool for educational institutions to manage schedules for both staff and students. Here are some ways it can be utilized in an educational setting:

Class scheduling: Easily create and manage class schedules, ensuring that teachers and students are aware of their timetables.
Staff management: Schedule shifts for administrative and support staff, allowing for efficient management of duties and responsibilities.
Student workers: Manage schedules for student workers, such as those in libraries, cafeterias, or campus facilities.
Real-time updates: Provide real-time updates and notifications about schedule changes, ensuring everyone stays informed.
Self-service: Allow staff and students to request time off, swap shifts, and manage their own schedules directly within the app.

Shifts integrates seamlessly with Microsoft Teams, making it easy to communicate and collaborate on scheduling tasks. This integration can help streamline operations and improve overall efficiency in educational environments.

Endpoint and app management

Group policy support for Windows

Group Policy is a powerful feature in Windows that allows administrators to manage and configure operating system settings for users and computers in an Active Directory environment. Here's a brief overview of Group Policy support in Windows:

Group Policy Management Console (GPMC):

The GPMC provides a unified management console for all aspects of Group Policy across multiple forests in an organization.
It allows for the management of Group Policy Objects (GPOs), Windows Management Instrumentation (WMI) filters, and Group Policy-related permissions.
The GPMC includes capabilities such as importing/exporting GPOs, copying/pasting GPOs, backing up/restoring GPOs, and more.

Group Policy overview:

Group Policy enables configuration and settings management for user and computer settings on Windows Server and Windows Client operating systems.
GPOs can be linked to Active Directory sites, domains, and organizational units (OUs) to apply policy settings to users and computers within those objects.
GPOs are stored in both Active Directory and the SYSVOL folder on each domain controller.

How Group Policy works:

For computers, Group Policy is applied at startup, and for users, it's applied at sign-in.
The initial processing of policy can be synchronous or asynchronous, depending on the policy changes that require processing.

Group Policy tutorials:

Group Policies allow for the application of the same settings to all users and computers in an Active Directory domain.
They provide a set of rules and settings for the Windows environment, which can be used to configure Windows settings, change security settings, configure the user's environment, install programs, or run scripts.

Group Policy Management Console Group Policy overview

Group policy support for Microsoft apps

Microsoft Group Policy is a feature that allows administrators to manage and configure operating system settings, application settings, and user settings in an Active Directory environment. It's useful for managing Microsoft apps in an educational setting. Here's how Group Policy can be used to support Microsoft apps:

Centralized management: Group Policy allows for centralized management of Microsoft apps, making it easier to enforce settings across all users and computers in a domain.
Configuration of update settings: Administrators can use Group Policy to configure update settings for Microsoft 365 Apps. This configuration includes setting updates to occur automatically, specifying a location to look for updates, and setting a deadline by when updates have to be applied.
Privacy controls: Group Policy can be used to manage privacy controls for Microsoft 365 Apps for enterprise. This setting includes controlling diagnostic data sent to Microsoft and managing connected experiences that use cloud-based functionality.
Store apps management: Group Policy can manage settings for Microsoft Store apps in Windows 10 and later, allowing administrators to control the installation and usage of these apps.
Support for different versions: Group Policy is supported in all versions of Office, including Apps for Business and Business Premium. However, some policy settings might not be available in certain versions.
Administrative templates: Microsoft provides administrative template files (ADMX/ADML) that can be used with Group Policy to manage Microsoft 365 Apps for business.
Security and compliance: Using Group Policy, administrators can enforce security settings to ensure compliance with organizational policies.
Customization: Group Policy allows for the customization of Microsoft apps to meet the specific needs of an educational institution.
Scalability: It's scalable and can be used to manage settings for a small school or a large university with thousands of users.
Ease of use: Group Policy Management Console (GPMC) provides a user-friendly interface for managing Group Policy objects.

These capabilities make Group Policy a powerful tool for managing Microsoft apps in an educational environment.

Configure update settings for Microsoft 365 Apps
Use policy settings to manage privacy controls for Microsoft 365 Apps for enterprise

Microsoft Cloud policy support

Microsoft Cloud Policy support, specifically through the Cloud Policy service for Microsoft 365, offers a way to enforce policy settings for Microsoft 365 Apps for enterprise across various devices, even if they aren't domain joined or otherwise managed. Here are some key points about this service:

Policy roaming: When a user signs into Microsoft 365 Apps for enterprise on a device, the policy settings roam to that device, ensuring consistent policy enforcement.
Cross-platform support: Policy settings are available for devices running Windows, macOS, iOS, and Android, although not all policy settings are available for all operating systems.
Office for the Web and Loop: Some policy settings can also be enforced for Office for the web and Loop, both for guest users who are signed in and for users who access documents anonymously.
Integration with Microsoft Intune: Cloud Policy can be used directly in the Microsoft Intune admin center, under Apps > Policy > Policies for Office apps.
Admin roles: The service supports specific built-in Microsoft Entra roles for accessing and managing the feature, such as Office Apps Administrator, Security Administrator, and Global Administrator.
Licensing requirements: Users must be assigned to certain subscription plans, like Microsoft 365 A3/A5 for Education, Microsoft 365 Business Standard/Premium, Office 365 E3/E5, Microsoft 365 E3/E5 for Enterprise, and Microsoft 365 G3/G5 for Government.

This service is part of the Microsoft 365 Apps admin center and includes many of the same user-based policy settings that are available in Group Policy. It's designed to provide a cloud-based alternative for managing policies, especially in scenarios where devices aren't domain joined or are managed in a hybrid environment.

Overview of Cloud Policy service for Microsoft 365

Mobile Device Management - MDM

Mobile Device Management (MDM) is a comprehensive approach to managing and securing mobile devices used within an organization. Here's a brief overview of MDM:

What is MDM? MDM is a set of tools and methodologies that allow IT departments to manage, secure, and enforce policies on mobile devices such as smartphones, tablets, and laptops. It's particularly important in today's work environment where remote work and bring-your-own-device (BYOD) policies are common.

Why is MDM important? MDM is crucial for maintaining the security of corporate data. Mobile devices can access sensitive business information, and if they're lost, stolen, or hacked, it could lead to data breaches. MDM helps mitigate these risks by enforcing security policies and providing tools to manage devices remotely.

How does MDM work? MDM solutions typically involve a server component that allows administrators to configure and enforce policies, and a client component that applies these policies on the devices. MDM can include setting password requirements, encrypting data, and remotely wiping data from lost or stolen devices.

Benefits of MDM

Enhanced Security: Protects against data breaches by securing mobile devices.
Increased Productivity: Allows employees to use their own devices, which they're often more comfortable and efficient with.
Simplified Management: Provides a centralized way to manage all mobile devices within an organization.

Challenges of MDM

Privacy Concerns: Employees might be concerned about their personal data on BYOD devices.
Complexity: Managing a wide variety of devices and operating systems can be complex.
Cost: Implementing and maintaining an MDM solution can be costly.

Overall, MDM is a vital part of an organization's security strategy, especially as the use of mobile devices continues to grow. It's a balance between securing corporate data and maintaining user privacy and productivity.

Mobile Application Management - MAM

Mobile Application Management (MAM) is a crucial aspect of managing apps on mobile devices within an organization, especially in educational settings where devices are often shared or personally owned. Here's a detailed look at MAM.

What is MAM? MAM refers to the administration of applications on mobile devices, which includes deploying, configuring, securing, and updating these apps. It's particularly useful for managing apps on devices that aren't enrolled in traditional Mobile Device Management (MDM).

Key Features of MAM:

App deployment: Distribute apps to devices without requiring device enrollment.
App configuration: Apply configuration settings to apps, ensuring they're set up correctly for users.
App protection policies: Protect data within the apps by restricting actions like copy-paste or saving to personal storage.
Lifecycle management: Manage the entire lifecycle of apps from installation to update and removal.
Conditional access: Control access to apps based on conditions like device compliance, location, and user risk.

Benefits for education:

BYOD support: Allows students and staff to use their personal devices while still maintaining control over school data.
Data protection: Ensures that sensitive information within apps is protected, even on unmanaged devices.
Simplified management: Offers a way to manage apps without the need to manage the entire device.
Platform support: Works across various platforms, including Android, iOS/iPadOS, and Windows.

Use cases in education:

Personal Devices: Students can access school resources on their personal devices without compromising personal data.
Shared Devices: Manage apps on shared devices in classrooms or labs without needing to enroll the devices.
App-Specific Policies: Apply policies to specific apps used for education, ensuring they're used securely and appropriately.

Getting Started with MAM: To start using MAM, educational institutions can configure app protection policies and deploy apps through the Intune admin center. It's important to communicate to users how they can access and use these managed apps on their devices.

MAM is a flexible and powerful tool that allows educational institutions to manage and secure their applications without imposing on the personal use of devices. It's an excellent solution for schools looking to protect their data while embracing the use of mobile technology in education.

Windows Autopilot

Windows Autopilot is a powerful tool for educational institutions, offering a streamlined way to set up and configure devices for students and staff. Here's how Windows Autopilot can benefit the education sector:

Simplified device setup: Windows Autopilot allows for easy setup of devices. Students and teachers can power on their devices, connect to the internet, and sign in, after which Autopilot automatically configures each device from the cloud, preparing them for classroom use.

Cost and time savings: By enabling students and teachers to provision devices themselves, Autopilot eliminates the need for IT departments to set up provisioning in large warehouses or hire additional technicians.

Always up-to-date: Devices configured with Windows Autopilot always receive the latest Intune policies and apps, ensuring that they're up-to-date without the need for custom images or provisioning packages on USBs.

Easy reset: With Windows Autopilot Reset, IT administrators can quickly reset student PCs that are experiencing issues. This process removes all apps, settings, and user data while keeping the devices enrolled in Microsoft Entra ID and Intune, and then reapplies the latest Intune policies.

User-driven mode: Intune for Education supports Windows Autopilot deployment profiles in user-driven mode, which simplifies the out-of-the-box experience so that students and teachers can easily configure their devices.

Prerequisites and requirements: Before setting up Windows Autopilot, schools need to ensure they meet the software, networking, licensing, and configuration requirements. Devices must be registered in the Windows Autopilot service, which can be done through an OEM registration process.

Networking considerations: During the out-of-box experience (OOBE) setup, students need to connect to the school network. It's important to follow the networking guidelines for Microsoft Intune and Microsoft 365 to ensure proper connectivity.

Device enrollment: Windows Autopilot simplifies the setup and configuration of new school devices, allowing for deployment with required school apps and settings without the need for imaging.

Higher education: For higher education institutions, Windows Autopilot can transform device deployment by automating the setup and configuration process, streamlining IT operations, and ensuring security and compliance.

Windows Autopilot is designed to make the lives of school IT departments easier while providing a seamless and secure experience for students and teachers. It's a valuable tool for any educational institution looking to modernize their device management processes.

Microsoft Intune Remote help

Microsoft Intune Remote Help is a valuable tool for educational institutions, providing a secure and efficient way to offer technical support to students and staff. Here's how it can be used in an educational setting:

Remote assistance options: Intune for Education offers several options for remote assistance:

Remote Help: A cloud-based solution that allows help desk staff to securely connect to and control a user's device during a support session.
Microsoft Teams: Facilitates communication and collaboration, including remote assistance, through its integrated chat and meeting features.
Quick Assist: A Windows application that enables two people to share a device over a remote connection for troubleshooting purposes.
TeamViewer: A third-party program that offers a comprehensive set of remote access and support capabilities, integrated with Intune.
Remote Control (ConfigMgr): Included in Microsoft Endpoint Configuration Manager, it allows for remote administration and assistance of domain-joined computers.

Supported features and scenarios: The following table summarizes the features supported by each remote assistance option:

Feature/Scenario	Remote Help	Teams	Quick Assist	TeamViewer (Intune)	Remote Control (ConfigMgr)
Remote view and control	YES	YES	YES	YES	YES
Elevated admin access	YES	YES	X	YES	YES
Chat	YES	YES	YES	YES	X
File transfer	X	YES	X	YES	YES
Unattended access	X	X	X	YES	YES
Simultaneous remote control	YES	YES	YES	X	X
Multi-user support	X	X	X	YES	YES
Remote actions	X	X	X	YES	YES
Over-the-internet support	YES	YES	YES	YES	X
RBAC	YES	YES	X	YES	YES
Audit reporting	YES	YES	X	YES	YES
Support for Windows	YES	YES	YES	YES	YES
Support for Android, macOS	YES	YES	X	YES	X
Support for iOS	X	YES	X	YES	X
Integrated with Windows - no extra app required	X	X	YES	X	X
Requires device to be co-managed	X	X	X	X	YES
Requires licensing	YES	YES	X	YES	YES

Licensing requirements: Remote Help is available as a standalone add-on to Intune or as part of the Intune Suite. It's included in the following Microsoft 365 Education plans:

Microsoft 365 A1 for devices
Microsoft 365 Education A3 Faculty and Student Use Benefit
Microsoft 365 Education A5 Faculty and Student Use Benefit

Implementation: To use Remote Help, both the helper and the sharer must sign in with a Microsoft Entra account from your organization. Intune role-based access controls (RBAC) can be used to set the level of access a helper is allowed, ensuring that support staff have the appropriate permissions to assist users.

Benefits for Education:

Secure support: Provides a secure way for IT staff to offer assistance, protecting both the user and the institution's data.
Efficient troubleshooting: Allows for quick resolution of technical issues, minimizing downtime for students and educators.
Scalable solution: Can be used across a large number of devices, making it suitable for institutions of all sizes.

Microsoft Intune Remote Help is designed to enhance the support experience in educational environments, ensuring that technical issues can be resolved quickly and securely.

Identity and app management

User provisioning

User provisioning in education with Microsoft Entra ID is a powerful feature that automates the creation, maintenance, and removal of user identities across various applications and services. Here's a brief overview of how it works and its benefits:

Automatic provisioning:

SCIM 2.0 Protocol: Microsoft Entra ID uses the SCIM 2.0 protocol for automatic provisioning, which allows it to connect to a SCIM endpoint for an application and use SCIM user object schema and REST APIs to automate the provisioning and deprovisioning of users and groups.
Integration with HR Systems: It can integrate with cloud-based human resources (HR) applications such as Workday and SuccessFactors, enabling automatic updates to user identities based on changes in the HR system.
Secure Communication: The channel used for provisioning between Microsoft Entra ID and the application is encrypted using HTTPS TLS 1.2 encryption, ensuring secure communication.

Identity governance:

Identity lifecycle management: Manages the lifespan of internal and external identities, and their relationships with resources, adjusting identity and resource access as users join, move within, or leave an organization.
Access lifecycle management: Quickly manages changes to access rights by using self-service requests and monitoring lifecycle events.
Privileged access management: Governs access to privileged resources to mitigate the risk of excessive, unnecessary, or misused rights.

Benefits for educational organizations:

Efficiency: Automates user lifecycle events such as add, move, and leave actions, meeting both security and productivity needs.
Accuracy: Reduces errors and security risks associated with traditional provisioning methods like uploading CSV files or custom scripts.
Scalability: Suitable for large educational organizations, offering integration with various cloud-based applications and services.

This system is beneficial in educational environments where there are frequent changes in user roles and access needs, such as the start of a new school year or semester. By automating the provisioning process, Microsoft Entra ID helps ensure that students, educators, and staff have the right access to the right resources at the right time, enhancing both security and productivity.

How Application Provisioning works in Microsoft Entra ID Design identity governance

Cloud user self service password change

Self-service password reset (SSPR) is a valuable feature for educational institutions using Microsoft Entra ID, as it allows users to reset their own passwords without needing to contact IT support. Here's how it works and how it can be beneficial:

How SSPR works:

User-initiated password reset: Users can initiate a password reset from the sign-in page if they forget their password.
Authentication methods: To reset their password, users must verify their identity using one or more authentication methods configured by the administrator, such as email, SMS, or security questions.
Password change: Users who know their current password can change it to a new one from their account settings.
On-premises writeback: For hybrid environments, password changes and resets can be written back to the on-premises Active Directory.

Benefits for education:

Reduced help desk calls: By enabling SSPR, educational institutions can significantly reduce the number of password-related help desk calls.
Increased productivity: Users can quickly regain access to their accounts without waiting for support, leading to less downtime and increased productivity.
Enhanced security: SSPR enforces strong authentication methods, ensuring that only authorized users can reset their passwords.
Cost savings: Fewer help desk calls mean lower support costs for the institution.

Licensing requirements:

Microsoft Entra ID P1 or P2: Full SSPR functionality, including on-premises writeback, requires a Microsoft Entra ID P1 or P2 license.
Microsoft 365 Business Premium: Also includes the necessary licensing for SSPR with on-premises writeback.
Cloud-only users: Basic SSPR features are available for cloud-only users with any Microsoft 365 business, education, or nonprofit paid plan.

To enable SSPR, administrators can follow these steps:

Go to the Azure portal: Sign in to the Azure portal as a global administrator. Navigate to Microsoft Entra ID: In the left navigation pane, select Microsoft Entra ID.
Configure Password Reset: Under Manage, select Password reset, then Properties, and set Self service password reset enabled to All or Selected based on your requirements.
Set authentication methods: Configure the number of methods required to reset and the available methods for users.
Save settings: Save the configuration to enable SSPR for your users.

By setting up SSPR, educational institutions can provide a better user experience and streamline their IT operations.

How it works: Microsoft Entra self-service password reset

On-premises Active Directory sync for SSO

Synchronizing on-premises Active Directory (AD) with Microsoft Entra ID for single sign-on (SSO) in an educational setting is a common scenario that provides a seamless sign-in experience for users. Here's a high-level overview of the process and its benefits:

Synchronization methods:

Password Hash Sync (PHS): This method syncs the password hash from the on-premises AD to Microsoft Entra ID, allowing users to sign in to cloud services using the same password as their on-premises AD account.
Pass-through Authentication (PTA): With PTA, authentication requests are passed through to the on-premises AD for validation, ensuring that password validation happens against the on-premises directory.
Federation with AD FS: For organizations that require federated SSO, AD FS can be used to redirect authentication requests to the on-premises AD FS infrastructure.

Benefits for education:

Seamless user experience: Students, faculty, and staff can use the same credentials to access both on-premises and cloud resources, reducing the number of passwords they need to remember.
Centralized identity management: IT administrators can manage user identities in one place, simplifying account provisioning and deprovisioning.
Enhanced security: By using on-premises AD security policies, educational institutions can enforce strong authentication requirements.
Cost savings: Reduces the need for extra infrastructure and support costs associated with managing separate identity systems.

Steps to Configure:

Install Microsoft Entra Connect: This tool is used to configure and manage the synchronization between on-premises AD and Microsoft Entra ID.
Choose the right authentication method: During the setup, select either PHS, PTA, or AD FS based on your organization's requirements.
Configure SSO: If using PHS or PTA, you can enable seamless SSO, which automatically signs users in when they are on the corporate network.
Complete the setup: Follow the wizard to complete the configuration and start the initial synchronization.

Considerations:

Network planning: Ensure that network connectivity between the on-premises environment and Microsoft Entra ID is reliable.
Performance tuning: Optimize the performance of the synchronization process to handle the scale of your directory.
Hybrid environment: Decide if you want to maintain a hybrid environment where some resources remain on-premises while others are in the cloud.

By setting up on-premises AD sync for SSO, educational institutions can provide a more integrated and secure experience for their users.

Microsoft Entra seamless single sign-on Quickstart: Microsoft Entra seamless single sign-on

Windows Hello for Business

Windows Hello for Business is a key-based or certificate-based authentication approach that goes beyond passwords and provides strong two-factor authentication on Windows devices. It's beneficial for educational institutions, offering a secure and convenient way for students, faculty, and staff to sign in to their devices and access resources.

Benefits of Windows Hello for Business in education:

Enhanced security: It uses asymmetric key pairs for authentication, which are more secure than traditional passwords. This helps protect against phishing and brute force attacks.
User convenience: Users can sign in using biometrics (fingerprint, facial recognition) or a PIN, which is tied to the specific device and not transmitted over the network.
Device compliance: Policy settings can be deployed to ensure devices are secure and compliant with organizational requirements.
Passwordless experience: Reduces the need for users to remember multiple complex passwords, as they can use biometrics or a PIN instead.

Deployment considerations:

Infrastructure: Plan the deployment to understand the topologies, architectures, and components involved in a Windows Hello for Business infrastructure.
Authentication methods: Choose between key-based or certificate-based authentication depending on the security requirements.
User training: Educate users on the benefits and usage of Windows Hello for Business to ensure a smooth transition.

Example Scenario: An educational institution can deploy Windows Hello for Business to provide students with a more secure and convenient way to access their devices and online resources. By using biometrics or a PIN, students can quickly sign in without the need to remember complex passwords, while the institution benefits from the enhanced security of key-based or certificate-based authentication. Windows Hello for Business is a modern authentication solution that aligns well with the needs of educational environments, offering both security and ease of use.

Windows Hello for Business Configure Windows Hello for Business

Conditional Access

Conditional Access is a powerful feature of Microsoft Entra ID that allows educational institutions to enforce access controls based on specific conditions. It's useful for securing access to resources in a flexible and user-friendly manner. Here's how Conditional Access can be applied in an educational setting:

Policy configuration:

Users and groups: Apply policies to specific users or groups, such as students, faculty, or administrative staff.
Cloud apps: Protect sensitive applications like the student information system, learning management system, or email.
Conditions: Define conditions under which the policy is applied, such as sign-in risk, device platform, location, or client app.
Access controls: Enforce controls like requiring multifactor authentication (MFA), compliant devices, or hybrid Microsoft Entra ID joined devices.

Benefits:

Improved security: Ensures that only authorized users can access sensitive data and applications.
Seamless experience: Provides a balance between security and user experience by only prompting for additional verification when necessary.
Compliance: Helps meet regulatory requirements by enforcing appropriate access controls.
Flexibility: Allows access from anywhere while ensuring that security requirements are met.

Example Scenario: An educational institution can create a Conditional Access policy that requires faculty members to use MFA when accessing the grading system from off-campus. This policy adds an extra layer of security while still allowing convenient access for authorized users.

Implementation steps:

Access policies.
Create policies: Use the Microsoft Entra admin center to create and configure policies.
Test: Apply the policies to a test group to ensure they work as expected without disrupting users.
Deploy: Roll out the policies to all users, monitoring the impact and adjusting as necessary.

Licensing:

Microsoft Entra ID P1: Required for basic Conditional Access features.
Microsoft Entra ID P2: Needed for risk-based Conditional Access policies that include identity protection.

Conditional Access is an essential tool for educational institutions to secure access to resources while providing a flexible and user-friendly experience

What is Conditional Access? Building a Conditional Access policy

Multifactor authentication

Microsoft's multifactor authentication (MFA) solutions are well-suited for the education sector, offering a range of benefits and features designed to enhance security and accessibility:

Passwordless MFA: Microsoft provides a passwordless MFA option that doesn't require a smartphone, which is ideal for students who might not have access to personal devices.
Increased security: By implementing MFA, educational institutions can significantly reduce the risk of account compromise, as accounts are more than 99.9% less likely to be breached when using MFA.
Compliance and funding: This approach helps schools meet cyber insurance requirements and qualify for government funding opportunities, such as the FCC Cybersecurity Pilot Program for schools in the US.
User-friendly: The passwordless MFA solution is designed to be convenient and secure, ensuring that students can easily access their learning environments without needing a phone for authentication.
Identity and access management: Microsoft 365 Education helps schools provide secure learning experiences with built-in cybersecurity features, including IAM and MFA.
Adaptive access solutions: MFA can include other factors such as a trusted device, biometric data, or an adaptive access solution that might require geolocation.

Set up your Microsoft 365 sign-in for multifactor authentication
Set up multifactor authentication for Microsoft 365

Microsoft 365 groups

Microsoft 365 Groups offer a powerful way for educational institutions to enhance collaboration and communication. Here's how they can be utilized in education:

Class Teams: Educators can create class teams in Microsoft Teams, which automatically include students from the school's roster. This process allows teachers to organize, add content, and prepare before admitting students to the team.
Professional Learning Communities (PLCs): PLC groups can be formed around interest areas, grade levels, or across subjects, making collaboration within a PLC simpler and more streamlined.
Staff Teams: School leaders can create staff teams for different projects, activities, committees, and processes. Channels within these teams can be customized by scenario, such as by topic, discipline, or subject.
Shared resources: Microsoft 365 Groups allow for the sharing of resources like a shared mailbox and calendar, a SharePoint site with a OneNote notebook, and a Microsoft Planner.
Learning Accelerators: Tools like Learning Accelerators create more opportunities for students to practice through immediate feedback in core subjects, tracking progress and providing actionable insights for teachers.
Future-ready skills: Students can become familiar with Office 365 tools they'll likely use in the future, like Microsoft Word, PowerPoint, and Excel, while building skills like problem-solving and collaboration.
Efficiency and security: Built-in AI tools and Microsoft Copilot streamline teaching and administrative tasks, reducing workload and creating more time for one-on-one student support. The cloud-based system also maximizes security and simplifies IT management.

Explaining Microsoft 365 Groups to your users

School Data Sync (SDS)

School Data Sync (SDS) is a free service provided by Microsoft for educational institutions, designed to automate the process of synchronizing user and roster data from Student Information Systems (SIS) or Student Management Systems (SMS) with Microsoft 365. Here's a brief overview of how SDS can be beneficial and how it works:

Benefits of School Data Sync:

Automated user management: SDS helps manage your educational organization, users, classes, and roles by syncing data with Microsoft Entra ID and Microsoft 365.
Integration with Microsoft 365: Once the data is synced, you can use Microsoft Teams, Intune for Education, Exchange Online, SharePoint Online, OneNote Class Notebooks, and enable third-party apps with single sign-on integration.
Dynamic provisioning: Provides dynamic provisioning and roster updates for virtual classrooms in Microsoft 365, assisting with simplified deployment and adoption of Microsoft 365 Group-enabled apps.

How School Data Sync works:

Connect data: SDS allows you to connect data stored in your SIS/SMS by defining your source system, the format of the incoming data, your user identity matching rules, and your sync end date for your academic session.
Data ingestion: Supports data ingestion with SDS v2.1 CSV, OneRoster API, and SDS v1 CSV formats.
Manage data: SDS provides dynamic provisioning and roster updates for virtual classrooms in Microsoft 365, to assist with simplified deployment and adoption of Microsoft 365 Group-enabled apps like Teams, SharePoint, Exchange, and OneNote Class Notebooks.

Transition to the new SDS experience:

Starting July 1, 2024, customers won't be able to create new, renew, or extend School Data Sync (Classic) Sync Profiles. Existing (Classic) Sync Profiles with expiration dates after December 31, 2024, will stop running on December 31, 2024. The School Data Sync (Classic) experience will be sunset on December 31, 2024.
Begin planning for your transition from SDS (Classic) to the new SDS experience for the upcoming Back to School period, starting with the Northern Hemisphere in August 2024 and the Southern Hemisphere in January 2025.

School Data Sync is a valuable tool for educational institutions looking to streamline their user and data management processes, especially with the increasing reliance on digital platforms for learning and administration.

Microsoft School Data Sync

School Data Sync Overview

Microsoft Entra ID for Education

Microsoft Entra ID, formerly known as Azure Active Directory, is a comprehensive identity and access management solution that's beneficial for educational institutions. Here's how Microsoft Entra ID can be used in an educational setting:

Identity and access management:

Single sign-on (SSO): Provides students, faculty, and staff with seamless access to resources using a single set of credentials.
Multifactor authentication (MFA): Adds an extra layer of security by requiring additional verification methods.
Conditional access: Controls access to resources based on conditions like user location, device state, and risk level.

Integration with Microsoft 365 Education:

User and group management: Automatically provisions and deprovisions users and groups based on data from the Student Information System (SIS).
License management: Assigns and manages licenses for Microsoft 365 services.
Application access: Grants access to Microsoft 365 apps like Teams, OneNote, and SharePoint, as well as third-party applications.

Security and compliance:

Identity protection: Detects and responds to identity-based risks using machine learning and heuristics.
Privileged Identity Management (PIM): Manages, controls, and monitors access within your organization to reduce the risk of excessive, unnecessary, or misused access permissions.
Audit logs: Provides logs and reports to help meet regulatory and compliance requirements.

Scalability and flexibility:

Cloud-based: Offers a cloud-based solution that scales with the institution's needs.
Hybrid support: Supports hybrid environments, allowing integration with on-premises Active Directory.

Getting started with Microsoft Entra ID for Education:

Sign Up for Microsoft 365 Education: Educational institutions can sign up for a free trial of Microsoft 365 Education, which includes Microsoft Entra ID.
Eligibility verification: Complete an eligibility verification wizard to purchase subscriptions at academic prices.
Configuration: Configure domains for sign-in and email, and set up identity objects for users and devices.

Microsoft Entra ID is a powerful tool that helps educational institutions manage identities and secure access to resources.

Introduction to Microsoft Entra tenants

Microsoft Learn for Microsoft Entra

Information protection

Microsoft Basic Encryption

Microsoft offers a range of encryption options to help secure email communications. Here's a brief overview of the basic encryption features available.

Microsoft Purview Message Encryption:

Built on Azure Rights Management (Azure RMS): This service includes encryption, identity, and authorization policies to help secure your email.
Compatibility: Works with various email services like Outlook.com, Yahoo!, Gmail, and others.
User experience: Provides a unified sender experience whether you're sending mail inside your organization or to recipients outside of Microsoft 365.
Policy enforcement: Administrators can define mail flow rules to apply protection, such as requiring encryption for messages addressed to specific recipients or containing specific words in the subject line.

Email encryption in Microsoft 365:

Multiple Encryption Options: Microsoft 365 offers several encryption options, including Microsoft Purview Message Encryption, S/MIME, and Information Rights Management (IRM).
Transport Layer Security (TLS): Used to encrypt the connection between two servers, ensuring secure communication.

Basic email encryption:

Key exchange: Involves an exchange of encryption keys generated by mathematical algorithms called one-way functions.
Public and private keys: Each encoded communication uses a paired public key, available to anyone on the internet, and a private key, known only to the recipient.

It's important to note that some encryption features might not be available to Microsoft 365 Basic subscribers, as certain options are only available to desktop clients.

Message encryption

Email encryption

Insider risk management

Information Barriers

Microsoft Information Barriers (IB) are a compliance feature within Microsoft 365 that can be useful in educational settings. They allow institutions to restrict communication and collaboration between specific groups and users, which can help maintain privacy and security within the digital learning environment. Here's a brief overview of how Information Barriers can be applied in education:

Segmentation of users:
- Students and staff: IB policies can be used to prevent students from communicating with staff members outside of their direct educational context.
- Different grade levels: Schools can restrict communication between students of different grade levels to ensure age-appropriate interactions.
Policy configuration:
- Custom policies: Educational institutions can create custom IB policies to meet their unique needs, such as restricting communication between certain departments or classes.
- Compliance requirements: IB policies help schools comply with legal and regulatory requirements regarding student privacy and data protection.
Collaboration tools:
- Microsoft Teams: IB policies can control who can collaborate with whom within Teams, ensuring that only authorized users can participate in specific teams or channels.
- SharePoint and OneDrive: Access to shared resources can be restricted based on IB policies, preventing unauthorized sharing of sensitive information.
Administrative control:
- Role-based access: Only users with the appropriate administrative roles can manage IB policies, adding an extra layer of security.
- Audit and monitoring: Administrators can audit communications and collaborations to ensure compliance with IB policies.

Meeting, calling, and chat

Microsoft Teams

Microsoft Teams is a versatile collaboration platform that integrates people, content, and tools to enhance team engagement and effectiveness. Here's a brief overview of what Teams offers:

Chat: Engage in private and group conversations.
Meetings: Schedule and join audio or video calls with screen sharing and real-time collaboration.
Calling: Make and receive calls directly within Teams.
File sharing: Share and collaborate on files with built-in Office 365 apps.
Integration: Connect with various Microsoft and third-party services.

Teams is designed to streamline communication and collaboration within organizations, making it a powerful tool for both remote and in-office work environments. It's part of the Microsoft 365 suite, which means it works seamlessly with other Microsoft applications.

1:1 and group online audio and video

Microsoft Teams is a comprehensive platform that supports both 1:1 and group online audio and video communication. Here's how it can be utilized for these purposes:

1:1 meetings:**

Chat integration: You can start a 1:1 audio or video call directly from a chat. This integration is useful for quick check-ins or private discussions.
File sharing: During a call, you can share files and collaborate in real-time.
Screen sharing: It's easy to share your screen to present documents, slides, or any other content.

Group meetings:

Team channels: Group meetings can be scheduled or started instantly within team channels, allowing all members to join.
Meeting options: Teams offers various meeting options, such as muting participants or enabling a lobby for external guests.
Collaboration tools: Use tools like Whiteboard and Collaborative Annotations for interactive sessions.

Scheduling and managing meetings:

Calendar integration: Teams is integrated with Outlook, making it simple to schedule meetings and send invites.
Meeting notes: Keep track of discussions and action items with the meeting notes feature.

Security and compliance:

Privacy controls: Teams provides robust privacy and security controls to ensure meetings are secure.
Compliance: It complies with various industry standards, making it suitable for use in regulated environments.

Device support:

Cross-platform: Teams is available on multiple platforms, including Windows, Mac, iOS, and Android.
Meeting devices: It supports a range of devices designed for meeting rooms, enhancing the audio and video experience.

Scalability:

Large meetings: Teams can handle large meetings and webinars, with features like breakout rooms for smaller group discussions.

These features make Microsoft Teams a versatile solution for both 1:1 and group online audio and video communication, suitable for various scenarios in education and beyond.

Microsoft 365 apps

Desktop client apps

Microsoft offers various desktop client apps designed to enhance productivity and connectivity. Here are some key ones:

Microsoft Office Suite: Includes Word, Excel, PowerPoint, and Outlook, essential for document creation, data analysis, presentations, and email management.
Microsoft Teams: A collaboration platform that integrates chat, video meetings, file storage, and application integration.
Microsoft Edge: A web browser that provides fast and secure browsing with features like collections, vertical tabs, and tracking prevention.
Microsoft OneNote: A digital notebook for capturing, organizing, and sharing notes.
Microsoft Remote Desktop: Allows you to connect to a remote PC or virtual apps and desktops, making it easier to work from anywhere.

Visio for the web

Visio for the web is a browser-based version of Microsoft Visio that allows you to create, view, edit, and share diagrams online. Here are some key features:

Accessibility: You can access Visio for the web from anywhere with an internet connection, making it easy to work on diagrams collaboratively.
Integration: It integrates seamlessly with Microsoft 365, allowing you to embed diagrams in other Microsoft 365 apps like Teams and Excel.
Real-time collaboration: Multiple users can work on the same diagram simultaneously, with real-time updates and coauthoring capabilities.
Ease of use: It offers a user-friendly interface with templates and shapes for creating flowcharts, network diagrams, organizational charts, and more.

Microsoft 365 for the web

Microsoft 365 for the web (formerly known as Office Online) allows you to use popular Microsoft Office applications directly in your web browser. Here are some key features:

Accessibility: You can access Word, Excel, PowerPoint, and OneNote from any device with an internet connection.
Collaboration: Real-time coauthoring lets multiple users work on the same document simultaneously, making teamwork seamless.
Integration: It integrates with OneDrive, allowing you to save and share your documents easily.
Free to use: Basic functionality is available for free with a Microsoft account.

Install Microsoft 365 apps on 5 PCs/Macs

An A1 license provides any licensed user access to install Microsoft 365 apps on 5 devices (5 PC/Macs + 5 tablets + 5 smartphones).

To install Microsoft 365 apps on up to five PCs or Macs, follow these steps:

Sign in to your account: Go to the Microsoft 365 portal and sign in with your Microsoft account.
Start Installation: On the home page, select Install Office.
After it is installed, run the installer:
- Windows: Open the downloaded file (usually named Setup.exe) and follow the on-screen instructions.
- Mac: Open the downloaded .pkg file and follow the on-screen instructions.
Follow the prompts: The installer guides you through the installation process. Follow the prompts to complete the installation.
Activate Office: Once installed, open any Office app and sign in with your Microsoft account to activate.

Repeat these steps on each of the five devices. Remember, your Microsoft 365 subscription allows you to install Office on up to five devices, so you can use the same account and license key for activation on each device.

Microsoft 365 for Mobile

Microsoft 365 for mobile is a versatile tool for education, offering a range of applications and services that can enhance the learning experience for students and educators. Here's how it can be utilized in an educational setting:

Access to Office apps: Students and educators can access the web versions of popular Office apps like Word, Excel, PowerPoint, and OneNote on their mobile devices. This access allows for creating, editing, and sharing documents on the go.
Collaboration with Teams: Microsoft Teams for Education brings conversations, content, and apps together in one place. It enables real-time collaboration and communication, which is especially useful for remote learning environments.
Digital notebooks with OneNote: OneNote serves as a digital notebook, helping students organize class materials and collaborate with peers and teachers. It's a powerful tool for taking notes, sketching ideas, and storing information.
Simplified class management: With School Data Sync, educators can set up classes and groups for Teams and OneNote class notebooks, simplifying the management of classroom activities and resources.
Career-ready skills: Using Office 365 Education in the classroom helps students develop proficiency with productivity apps, which are valuable skills for their future careers.
Mobile app for productivity: The Microsoft 365 mobile app combines Word, Excel, and PowerPoint with exclusive features, making it a go-to productivity app for iOS and Android devices.
Equitable access: Office 365 works across devices, ensuring that students can access their files and applications from anywhere, promoting equitable access to learning resources.
Cloud services: Services like OneDrive and SharePoint allow for creating collaborative classrooms and connecting in professional learning communities, all from a single experience in Office 365 Education.
Security and compliance: Office 365 Education includes robust management and security tools, ensuring that the learning environment is secure and compliant with educational standards.

Microsoft 365 for mobile in education is designed to provide a seamless and productive experience for both students and educators, supporting learning and collaboration from any device, anywhere.

Multilingual user interface for Office applications

Multilingual User Interface (MUI) for Microsoft Office applications is a feature that allows users to change the language of the user interface. This interface can be useful in educational settings where students and educators might prefer to use Office applications in different languages. Here's how MUI can be beneficial and how it works:

Benefits of MUI in Education:

Personalized learning: Students can use Office applications in their native language, which can enhance understanding and ease of use.
Diverse classrooms: In multilingual classrooms, MUI allows each student to work in the language they're most comfortable with.
Global collaboration: Educators and students collaborating internationally can switch the UI language to communicate more effectively.

How MUI works:

Language packs: Microsoft Office provides language packs that can be installed to add support for additional languages.
User preferences: Each user can select their preferred display language for the Office UI.
Dynamic switching: Users can switch between languages without needing to reinstall Office or change system settings.

Deploying MUI:

IT administration: IT administrators can deploy Office with multiple languages included, or add languages to existing installations.
Configuration tools: The Office Deployment Tool and Configuration Manager can be used to manage language deployments.
Best practices: It's recommended to match the Office language with the operating system language for a seamless experience.

Programming with MUI:

VSTO add-ins: Developers can create VSTO add-ins that adapt to the Office UI language using the CurrentUICulture property.
Localization: Custom Office solutions can be localized to support multiple languages, enhancing accessibility.

The MUI feature is a powerful tool for creating an inclusive and accessible learning environment.

Microsoft Viva

Microsoft Viva Goals

Viva Goals is a powerful tool that can significantly enhance the educational experience by aligning objectives and key results (OKRs) with educational goals. Here are some key points about Viva Goals in the context of education:

Special pricing for education customers: Special pricing is available for Viva Goals for education customers.
Viva Goals app: The Viva Goals app can be accessed through Microsoft Teams or on the web. It provides a comprehensive platform for setting and tracking goals, aligning them with educational objectives, and integrating them into daily workflows.
Training and resources: There are various training resources available to help educators and administrators navigate Viva Goals. These resources include how-to guides, interactive team exercises, and workshops on writing effective OKRs.
Capabilities and features: Viva Goals offers features such as Copilot, which helps in crafting and improving goals quickly, tracking progress, and turning vision and strategy documents into actionable goals. It also supports integration with other systems and provides notifications and support.
Product updates and OKRs: Regular updates and progress on OKRs are shared within the education team. For example, recent updates include the successful transition to SDS vNext and the growth in active tenants and synced users.
Educational objectives: Specific educational objectives tracked through Viva Goals include retaining Windows share in education, defining hero education scenarios for Copilot+ PC, and increasing the use of AI-enhanced learning in educational institutions.
Meeting discussions: Discussions in meetings such as the EDU Product Townhall and FY25 Weekly Product Review highlight the progress and goals related to educational tools and features, including learning accelerators and AI-enhanced learning.

Viva Goals is designed to bring business priorities into the flow of everyday work, making it a valuable tool for educational institutions to align their goals and track progress effectively.

Viva Connections

Microsoft Viva Connections for Education

Microsoft Viva Connections for Education is a powerful tool designed to streamline and enhance the educational experience for students. Here's a brief overview of what it offers:

Centralized digital home: Viva Connections for Education provides a digital home within Microsoft Teams, where students can access all their resources in one place. This includes courses, assignments, extracurricular activities, tuition payments, internship opportunities, and more.
Personalized dashboard: The platform offers a personalized dashboard for each student, organizing their academic and extracurricular life with customized cards. These cards can be tailored to fit specific scenarios and branded with the institution's colors and logo.
Seamless integration: It integrates with the institution's intranet and key third-party applications, such as learning management systems (LMS) and other internal services, allowing students to collaborate on content and files with peers and educators.
Targeted communication: Institutions can send targeted messages to students, keeping them informed about club announcements, campus events, cafeteria menus, and other important news.
Device usability: The platform is designed for seamless usability across devices, ensuring that students can stay connected and immersed in their higher education experience from anywhere.
Assignments and Courses Viva Cards: A recent addition to the platform is the Assignments and Courses Viva card, which allows students to view and access their course materials and see upcoming and past due assignments directly from their digital home.

Viva Connections for Education aims to simplify the student experience by providing a connected and engaging platform that supports their academic journey and extracurricular involvement. It's a comprehensive solution that helps students manage their busy lives and stay connected to their educational institution.

Project and task management

Microsoft Planner

Microsoft Planner can be a powerful tool in education, helping both teachers and students stay organized and manage their tasks efficiently. Here are some ways it can be used:

Classroom management: Teachers can create plans for different classes, assign tasks to students, and track progress. This helps in managing assignments, projects, and deadlines effectively.
Student organization: Students can use Planner to keep track of their homework, projects, and study schedules. The Student Planner app, for example, allows students to upload course documents, sync assignments to their Outlook calendar, and take organized notes in OneNote.
Collaboration: Planner integrates with Microsoft Teams, making it easy for students and teachers to collaborate on group projects. They can share files, discuss tasks, and monitor progress in real-time.
Goal setting: Teachers can set educational goals and track the progress of their students towards these goals. This helps in ensuring that the learning objectives are met.
Resource management: Teachers can manage resources such as classroom materials and schedules, ensuring that everything is in place for a smooth educational experience.

Getting started with Planner in Teams
Tools for teachers: Manage your class
Microsoft Planner

Microsoft To-Do

Microsoft To-Do is a versatile tool that can greatly benefit both students and educators in an educational setting. Here are some ways it can be used:

Task management: Students can create to-do lists for their assignments, projects, and study schedules. This helps them stay organized and ensures they don't miss any deadlines. Learn more.
Daily planning: The "My Day" feature allows students and teachers to focus on their daily priorities by providing personalized suggestions for tasks to complete each day. Learn more.
Collaboration: Students can share their to-do lists with classmates for group projects, making it easier to divide tasks and track progress. Teachers can also share lists with students for class assignments. Learn more.
Integration with other tools: Microsoft To-Do integrates seamlessly with other Microsoft 365 apps like Outlook, Planner, and Teams. This allows for a unified experience where tasks from emails or team projects can be managed in one place. Learn more.
Reminders and due dates: Setting reminders and due dates helps students keep track of important deadlines and ensures they stay on top of their work. Learn more.
Accessibility: Microsoft To-Do is available on multiple devices, including smartphones, tablets, and computers, allowing students and teachers to access their tasks from anywhere.

Microsoft To Do

Security and compliance

Endpoint Privilege Management

Endpoint Privilege Management (EPM) is a crucial aspect of cybersecurity, especially in educational environments where the balance between accessibility and security is paramount. Here's how EPM can be beneficial in education:

Least privilege principle: EPM enforces the principle of least privilege, ensuring that users have only the access necessary for their roles. This method minimizes the risk of unauthorized access to sensitive information.
Controlled elevation: It allows for controlled elevation of privileges, meaning that users can perform tasks that require higher privileges without needing full administrative rights.
Security and productivity: By allowing users to run tasks with elevated privileges as needed, EPM supports both security and productivity, which is essential in an educational setting where students and staff need to install applications or update device drivers.
Zero Trust model: EPM aligns with the Zero Trust security model, which is increasingly adopted in educational institutions to protect against cyber threats.
Compliance: It helps institutions comply with regulatory requirements by providing detailed logs and reports of privileged access and actions.

Microsoft Intune's Endpoint Privilege Management is an example of a solution that offers these capabilities, allowing educational institutions to manage privileges effectively across their Windows devices. It's important to note that EPM requires additional licensing and has specific prerequisites, such as devices being Microsoft Entra joined or hybrid joined.

Microsoft Intune Suite

Microsoft Intune for Education is a specialized cloud-based mobile device management (MDM) service designed to meet the unique needs of educational institutions. Here's how it can be beneficial in an educational setting:

Simplified management: Intune for Education streamlines the enrollment, deployment, and management of devices, making it easier for IT administrators to manage classroom technology.
Easy app deployment: It allows for the deployment of apps to students and educators without needing to physically touch the devices. Apps follow users to any device they log into, ensuring a consistent experience.
Personalized learning experiences: The platform supports personalized learning by delivering a custom experience for each student, even on shared devices.
Security and compliance: Intune for Education helps secure data, create a safe learning environment, and ensure privacy and compliance across all devices.
Integration with Microsoft 365 Education: It works seamlessly with Microsoft 365 Education, providing a comprehensive solution for device setup, configuration, and management.

Intune for Education is useful for managing Windows devices in schools, offering a simplified interface and education-specific policies that make it easier to manage devices used by students and teachers. It's designed to help schools maximize their technology investments while maintaining a secure and productive environment for learning.

Microsoft Defender for EndPoint servers

Microsoft Defender for Endpoint is a robust security solution that can be beneficial for educational institutions looking to protect their server infrastructure. Here's how it can be applied in an educational context:

Advanced threat protection: Defender for Endpoint provides advanced attack detection and investigation capabilities, which are crucial for protecting sensitive student and staff data.
Seamless integration: It integrates seamlessly with Microsoft Defender for Servers, allowing for automatic onboarding of servers and detailed investigations through the Defender for Endpoint console.
Support for various server versions: The solution supports a range of Windows Server versions, including 2012 R2, 2016, 2019, and 2022, ensuring compatibility with existing infrastructure.
Centralized management: Educational institutions can manage security for their entire server environment from a single pane of glass, simplifying administration and monitoring.
Cost-effective licensing: Microsoft offers educational licensing options, which can make Defender for Endpoint a cost-effective choice for schools and universities.

To get started with Microsoft Defender for Endpoint for servers in an educational setting, you need to follow these general steps:

Ensure licensing: Make sure you have the appropriate licenses for Microsoft Defender for Endpoint and Microsoft Defender for Servers.
Onboard servers: Use the provided onboarding packages to install and configure the Defender for Endpoint agent on your servers.
Configure policies: Set up security policies that align with your institution's requirements and compliance needs.
Monitor and respond: Use the Defender for Endpoint console to monitor for threats and respond to incidents.

By implementing Microsoft Defender for Endpoint, educational institutions can enhance their security posture and protect against a wide range of cyber threats.

Plan your Defender for Servers deployment

Microsoft Defender Vulnerability Management

Microsoft Defender Vulnerability Management add-on is a valuable extension for educational institutions using Microsoft Defender for Endpoint Plan 2. It offers enhanced capabilities that can significantly improve the security posture of schools and universities. Here's how it can be beneficial in an educational setting:

Comprehensive asset visibility: The add-on provides a consolidated view of all devices and software within the institution, helping IT administrators keep track of the technology landscape.
Continuous vulnerability assessment: It offers real-time monitoring and assessment of vulnerabilities, ensuring that potential risks are identified and addressed promptly.
Risk-based prioritization: Using Microsoft's threat intelligence, the add-on helps prioritize vulnerabilities based on the risk they pose, allowing schools to focus on the most critical issues.
Seamless remediation: Built-in workflows and contextual recommendations facilitate the remediation process, bridging the gap between security and IT teams.
Application blocking: The ability to block vulnerable applications can prevent the execution of software that could pose a security risk.
Cross-platform support: The add-on supports multiple platforms, including Windows, macOS, Linux, Android, and iOS, which is essential for the diverse device environments found in educational institutions.

By using these capabilities, educational institutions can proactively manage vulnerabilities and reduce the risk of cyber threats. The add-on's features are designed to work seamlessly with existing security measures, providing an extra layer of protection for sensitive data and systems.

Microsoft Defender Vulnerability Management FAQ

Microsoft Defender Vulnerability Management add-on to Defender for Endpoint for servers

Microsoft Defender Vulnerability Management FAQ

Microsoft Intune Plan 2

Microsoft Intune Plan 2 is an add-on to Microsoft Intune Plan 1 that offers advanced endpoint management capabilities. For educational institutions, this can be beneficial as it provides extra tools and features to manage and secure devices used by students, faculty, and staff. Here's how Intune Plan 2 can enhance the educational experience:

Advanced endpoint analytics: Gain deeper insights into the health and performance of devices, helping to proactively address issues that might impact learning.
Remote help: Offer remote assistance to users, which can be invaluable in an educational setting where IT support might need to assist students and teachers remotely.
Microsoft Tunnel for mobile application management: Securely connect mobile devices to on-premises resources, ensuring that students and staff can access the resources they need from anywhere.
Endpoint Privilege Management: Manage user privileges on devices, allowing for a balance between security and the ability for users to install necessary applications.
Enhanced security: Extra security features help protect sensitive data and ensure that devices are compliant with institutional policies.

Intune Plan 2 is included in the Microsoft Intune Suite, which unifies mission-critical advanced endpoint management and security solutions. This suite is designed to meet the needs of educational institutions by providing a comprehensive set of tools to manage and secure their IT environment.

Microsoft Intune Plans

SharePoint and storage

SharePoint Plan 1

SharePoint Plan 1 is a subscription plan designed for small to mid-sized businesses that need essential document management and collaboration features. Here are some key features included in SharePoint Plan 1:

Document libraries: Store and manage files with versioning and access control.
Team sites: Create sites to share information, files, and resources within your team.
Lists: Track information and organize tasks.
1 TB of OneDrive Storage: Each user gets 1 TB of cloud storage.
Basic Search Capabilities: Find relevant content and people within your organization.

Compare SharePoint Online options

Yammer Academic

Yammer is a powerful tool for academic environments, offering several features that can enhance communication and collaboration among students, faculty, and staff. Here are some key benefits of using Yammer in an academic setting:

Enhanced communication: Yammer allows for real-time communication and collaboration, making it easier for students and faculty to stay connected and share information.
Group collaboration: Create groups for classes, projects, or departments to facilitate focused discussions and resource sharing.
Knowledge sharing: Tap into the collective knowledge of your institution by searching for experts, conversations, and files.
Engagement: Use polls, praise, and announcements to engage students and faculty, fostering a more interactive learning environment.
Integration with Office 365: Seamlessly integrates with other Office 365 tools like Teams, OneNote, and SharePoint, providing a comprehensive suite for academic use.

SharePoint Advanced Management - SAM

SharePoint Advanced Management is a premium add-on for Microsoft 365 that provides IT administrators with a suite of tools designed to enhance content governance, particularly in environments where Microsoft Copilot is deployed. Here's how it can be beneficial in an educational setting:

Manage content sprawl: SharePoint Advanced Management helps control content sprawl by implementing governance strategies and tools that centralize control, optimize storage efficiency, and uphold secure data management practices.
Inactive SharePoint sites policy: It allows for automated, rule-based policies to manage and reduce inactive sites, which can combat content sprawl by identifying and managing inactive SharePoint sites.
AI insights: The AI insights feature uses a language model to identify patterns and potential issues from reporting and provides actionable recommendations to solve issues.
Manage oversharing: It helps prevent content oversharing and control content access, which is crucial when Copilot uses data stored in SharePoint and OneDrive sites.
Control Copilot access to content: Administrators can limit content access by Copilot with user group settings and other tools to ensure that assistance provided by Copilot is appropriate, accurate, and compliant.
Manage content lifecycle: The add-on aids in removing inactive and outdated content and sites, ensuring that the information Copilot accesses is accurate and up to date.

These features are useful for educational institutions that need to manage a large amount of digital content while ensuring that sensitive information is protected and that the learning environment remains secure and efficient.

SharePoint Advanced Management overview

Advanced Data Residency

Advanced Data Residency is an add-on feature in Microsoft 365 that provides organizations with expanded coverage of Microsoft 365 workloads and customer data, committed data residency for local country/region datacenter regions, and prioritized tenant migration services. Here's how it can be beneficial for educational institutions:

Data residency compliance: Ensures that data is stored within specific geographic regions, helping institutions comply with local data residency laws and regulations.
Expanded workload coverage: Includes a wide range of Microsoft 365 workloads, such as Exchange Online, SharePoint, OneDrive, Microsoft Teams, and more, ensuring comprehensive data residency coverage.
Prioritized tenant migration: Offers prioritized migration services for tenants, which can be crucial for institutions looking to move their data to local datacenter regions.
Geographic availability: Available in multiple regions, including Australia, Brazil, Canada, France, Germany, India, Israel, Italy, Japan, Mexico, Poland, Qatar, South Korea, Norway, South Africa, Spain, Sweden, Switzerland, United Arab Emirates, and United Kingdom.
Licensing requirements: To be eligible for Advanced Data Residency, customers must have licenses for one or more of the specified Microsoft 365 products and cover 100% of paid licenses in the tenant with the ADR add-on license.

This feature is useful for educational institutions that need to ensure their data is stored within specific regions to meet regulatory requirements. By using Advanced Data Residency, schools and universities can have greater control over where their data is stored, which can help enhance data security and privacy.

Advanced Data Residency in Microsoft 365

Extra Graph Connector capacity

To accommodate additional data ingestion via Microsoft Graph connectors, organizations can leverage the Extra Graph Connector capacity. Here's what you need to know:

Default capacity: By default, Microsoft provides an index quota limit of 50 million items per tenant without extra cost.
Item definition: An item represents one unit of index quota, such as one document in a file share or one ticket in a Jira system.
Connection limits: You can configure up to 30 Graph connections within a tenant, with each connection allowing up to 5 million items.
Additional capacity: If you require a higher item count per connection or wish to increase your overall index quota, you can contact your Microsoft account manager or complete a form to request additional capacity.

This capacity is useful for educational institutions that need to index a large amount of external data into Microsoft Graph, making it discoverable across Microsoft 365 experiences. By expanding the index quota, schools and universities can ensure that their data is accessible and usable within the Microsoft ecosystem.

Index quota

Teams Services

Pay-as-you-go Calling Plan

The Pay-As-You-Go Calling Plan is a flexible option for Microsoft Teams Phone users, beneficial for organizations with varying calling needs. Here's a summary of how it works:

Domestic and international calling: Users can make calls to numbers within their country/region and to international numbers in 196 countries.
Unlimited incoming minutes: All incoming calls are free of charge, which can be advantageous for organizations that receive a high volume of calls.
No outgoing minutes included: Outgoing calls are billed per minute, allowing you to pay only for the calls you make.
Shared pool of minutes: All users in the same country/region with the same calling plan share a pool of minutes, which can help optimize costs.

This plan is useful for educational institutions that might have periods of high call volume, such as during admissions or exam results, and periods of low call volume. The Pay-As-You-Go model ensures that you only pay for what you use, making it a cost-effective solution.

Teams Phone with Domestic Calling Plan

Microsoft Teams Phone with Domestic Calling Plan is a comprehensive communication solution that integrates calling, chat, meetings, and collaboration into a single app. Here's a summary of what it offers:

Cloud-based phone system: Includes advanced features like call transfer, multilevel auto attendants, and call queues.
Domestic calling plan: Provides a pool of minutes for outgoing calls within the country/region where the user is assigned in Microsoft 365. Unlimited incoming minutes are included.
Shared pool of minutes: All users in the same country/region with the same Calling Plan share a pool of minutes, optimizing the usage across the organization.
PSTN connectivity: Connects Teams Phone to the Public Switched Telephone Network (PSTN), allowing users to make calls outside the organization.
Simplified management: Offers a simple and manageable solution for organizations to handle their telephony needs.

This plan is beneficial for educational institutions as it allows for seamless communication between faculty, staff, and students, both internally and externally. The shared pool of minutes can help manage costs effectively, especially in environments where call volumes might vary.

Teams Premium

Microsoft Teams Premium is an add-on license that enhances the Microsoft Teams experience with extra features designed to make meetings more personalized, intelligent, and secure. Here's a summary of what Teams Premium offers:

Intelligent recaps: AI-generated meeting notes, recommended tasks, and personalized highlights to help you catch up on what matters most.
Live translation: Break down language barriers with live translation of captions and transcripts.
Branded meetings: Incorporate your organization's logo and colors, and use AI to personalize your meeting background.
Advanced security: Help safeguard confidential information with advanced meeting and call controls, including end-to-end encryption and watermarks.
Virtual Appointments: Deliver seamless end-to-end experiences with Virtual Appointments, from text message reminders to post-appointment surveys.
Advanced webinars: Engage audiences with professionally produced events, including advanced webinars and town halls.
Microsoft Mesh: Connect your workforce with 3D immersive experiences.

Teams Premium is useful for educational institutions as it can enhance virtual classrooms, parent-teacher meetings, and administrative collaborations with its advanced features. It helps create a more engaging and secure online environment, which is essential for modern education.

Overview of Microsoft Teams Premium

Windows

Windows Pro 11

Windows 11 Pro Education is a version of Windows 11 designed specifically for educational institutions. It builds on the features of Windows 11 Pro and adds education-specific capabilities to meet the needs of schools, teachers, and students. Here's how Windows 11 Pro Education can be beneficial in an educational setting:

Enhanced security: It includes features like AppLocker, Device Guard, and DirectAccess to maintain a secure learning environment.
Familiar user experience: Offers a consistent and familiar experience for students and teachers, with access to the full range of Windows features.
Application compatibility: Most applications and devices that work with Windows 10 are compatible with Windows 11, ensuring a smooth transition.
Digital learning tools: Provides built-in learning tools and user controls, empowering students to access materials independently and allowing teachers to personalize learning.
Cost-effective devices: Supports a wide range of cost-effective devices built for learning, starting at affordable price points.

Windows 11 Pro Education is designed to help educational institutions deliver high-quality learning tools for students of all abilities on devices that are secure, easy to deploy, and manage. It's an ideal solution for schools looking to upgrade their technology and provide a modern, inclusive learning experience.

Windows Pro 11

Universal Print

Microsoft Universal Print is a modern print solution that uses the cloud to simplify and secure the printing experience for organizations. Here are some key features and benefits:

Cloud-based management: Universal Print allows IT departments to manage printers directly through a centralized portal, eliminating the need for on-premises infrastructure and print servers.
Seamless printing experience: Users can print from anywhere when connected to the internet and authenticated to Microsoft Entra ID, without the need to install printer drivers.
Security: It offers modern printer deployment and access control through Microsoft Entra ID and Zero Trust Network, ensuring that organizational and personal information is protected.
Scalability: The solution is designed to be scalable and easy to configure, supporting a wide range of business needs.
Insights and reporting: Gain visibility and insights into your print environment, helping to control and optimize the print infrastructure.
Universal print-ready printers: Many printers can connect directly to the service without any extra infrastructure, especially those that are Mopria certified and have updated firmware with Universal Print support.

Universal Print is beneficial for organizations that are moving to the cloud and want to modernize their print environment. It replaces the traditional Windows Server print server functionality with a fully cloud-based solution for setup, configuration, management, and troubleshooting.

Universal Print

Set up Universal Print

Universal Print Volume

Universal Print Volume Add-On for education is a feature that allows educational institutions to manage their printing needs more effectively. Here's how it works and how it can be beneficial:

Print job pooling: Starting May 1, 2024, organizations with Microsoft 365 A3 and A5 licenses will receive 100 print jobs per license per month1. These print jobs are pooled, meaning all licensed users can utilize them, which is a significant increase from the previous five print jobs per license.
Additional print volume: If the included print job capacity is exceeded, additional print volume can be purchased in quantities of 500 and 10,000 jobs. This allows institutions to scale their printing capabilities according to their needs.
Simplified printing: Universal Print simplifies the printing process, especially in environments where printing can be complex and costly. It helps in managing tight budgets by providing predictable costs.
Cross-platform support: With features like printing from macOS (in public preview), Universal Print aims to be a single solution that works for all users on all their devices1.
Secure printing: Features like Secure Release with QR code and PIN printing ensure that print jobs are only printed when a user is standing at the printer, protecting sensitive documents and saving resources.

This add-on is useful for educational institutions that need to manage a large number of print jobs across various devices and platforms. By using Universal Print and its volume add-ons, schools can ensure a secure, cost-effective, and efficient printing environment.

Adding Universal Print value for educational organizations

Last updated on 2025-08-22

Share via

Baseline - Applications, products, and features available with A1 license

Analytics

Microsoft Compliance Management

Education analytics

Education Insights in Microsoft Teams

Data analytics and AI solutions

Productivity Score

Secure Store

Automation, app building, and chat bots

Power Apps for Microsoft 365

Power Automate for Microsoft 365

Power Virtual Agent for Teams

Dataverse for Teams

Classroom tools

Classroom experience in Microsoft Teams

Microsoft Whiteboard

OneNote Class Notebook

Minecraft Education

Learning tools

Take a Test app

Set up School PCs app

Content services

Microsoft Stream

Microsoft Forms

Microsoft Lists

Microsoft Search

Microsoft Graph API

Data lifecycle management

Applying manual retention labels

Creating and publishing retention labels

Benefits of manual retention labels

Steps to apply retention labels

Manual retention schedule

Data loss prevention (DLP)

DLP for emails and files

DLP for emails

DLP for files

Benefits of DLP

eDiscovery and auditing

Content Search

Audit (Standard)

eDiscovery (Standard) (including holds and export)

Email/calendar and scheduling

Exchange Online Protection

Exchange Plan 1

Outlook for desktop

Microsoft Shifts

Endpoint and app management

Group policy support for Windows

Group policy support for Microsoft apps

Microsoft Cloud policy support

Mobile Device Management - MDM

Benefits of MDM

Challenges of MDM

Mobile Application Management - MAM

Windows Autopilot

Microsoft Intune Remote help

Identity and app management

User provisioning

Cloud user self service password change

On-premises Active Directory sync for SSO

Windows Hello for Business

Conditional Access

Multifactor authentication

Microsoft 365 groups

School Data Sync (SDS)

Microsoft Entra ID for Education

Information protection

Microsoft Basic Encryption

Insider risk management

Information Barriers

Meeting, calling, and chat

Microsoft Teams

1:1 and group online audio and video

Microsoft 365 apps

Desktop client apps

Visio for the web

Microsoft 365 for the web

Install Microsoft 365 apps on 5 PCs/Macs