How Microsoft can help working from Home – Responding to Corona crisis – MS TEAMS

Hello All,

Hope all of you doing great, hope you and your family stay safe from this crisis.

In responding to current Corona Virus crisis, many governments around the world start locked down countries, which means that most employees will start thinking seriously to work from home.

Searching over search engines will show a lot of articles to show how much technologies can help in such situation, in this article I am going to discuss one of the most top requests we are getting from our customers these days and clear up all the doubts that you may have:

HOW I CAN START USING MS TEAMS TO ALLOW MY EMPLOYEES WORKING FROM HOME !
HOW I CAN START HELPING MY STUDENTS TO CONTINUE LEARNING FROM THEIR HOME !

 

Microsoft TEAMS:

One of the best solutions these days to allow employees to be productive from their homes, Microsoft recently announced a new license version which is a free one that you can start using it, it’s a six months trial license as mentioned in this article: https://docs.microsoft.com/en-us/microsoftteams/e1-trial-license

MS Teams have a lot of features that help you to be productive while working from Home, I am not going to discuss TEAMS features in this article as it’s already mentioned in our public MS documents, simple search will help you to find all these features.

But when it comes to the IT admins, sometimes it may confused how they can start get benefits from this trial license and how they can deploy it, hence I am going to discuss some common scenarios where I see it daily in our customers while I am working with them:

 Scenario #1: Customers with NO existing on-premises infrastructure:

In this scenario, you don’t have your users on-premises, you need to start using TEAMS, as an admin the process will be very easy here, Just following below steps:

1- Sign up for free Azure AD tenant: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-create-new-tenant#create-a-new-azure-ad-tenant

2- Verify your domain name in Azure, in this step you can verify your actual domain name in azure to allow users to have it in their UPN, if you are OK to use the .onmicrosoft domain, then you can skip this point, to add your domain you can follow these steps: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain#add-your-custom-domain-name-to-azure-ad

3- Create your users in Azure AD, fortunately Azure AD now support importing bulk users, this is can be done by have the users listed in Excel sheet then create them in one shot, you can follow these steps: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/users-bulk-add

4- Activating the free trial E1 License to enjoy TEAMS for six months for free as described here: https://docs.microsoft.com/en-us/microsoftteams/e1-trial-license

5- Assign the licenses to the users as described here: https://docs.microsoft.com/en-us/microsoftteams/user-access#manage-teams-through-the-microsoft-365-admin-center

6- Finally, your users can now download MS TEAMS on their laptops and Mobile devices and start working remotely. End user TEAM guide can be found here: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=7&ved=2ahUKEwjP3oCVt6LoAhUBDewKHU6eAPAQFjAGegQIARAB&url=https%3A%2F%2Fdownload.microsoft.com%2Fdownload%2FD%2F9%2FF%2FD9FE8B9E-22F5-47BF-A1AB-09539C41FCD0%2FTeams%2520QS.pdf&usg=AOvVaw2KP9-FybqCgz8JIItmIUgS

Scenario #2: Customers with existing on-premises infrastructure, customer never used Azure AD before:

Here the scenario is different a little bit, if you have already an on-premises domain controllers where you already have your user objects created and you want to leverage the new TEAMS free license, then you still have the option to sync your users and give the end users the same login experience.

You can follow below steps to start using MS TEAMS:

1- Sign up for free Azure AD tenant: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-create-new-tenant#create-a-new-azure-ad-tenant

2- Verify your domain name in Azure, in this step you can verify your actual domain name in azure to allow users to have it in their UPN.

3- Sync your users from local AD to Azure AD using AD Connect tool, this tool will help you to sync your on-premises users to Azure AD, this tool offer multiple way for sign in’s, you can simply sync the users with their passwords, or if you have an AD FS or other federation Services you still can sync the users only without their passwords. The whole technical steps with a lot of details described here: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom

4- Once the users got synced, you can start Activating the free trial E1 License to enjoy TEAMS for six months for free as described here: https://docs.microsoft.com/en-us/microsoftteams/e1-trial-license

5- Assign the licenses to the users as described here: https://docs.microsoft.com/en-us/microsoftteams/user-access#manage-teams-through-the-microsoft-365-admin-center

6- Finally, your users can now download MS TEAMS on their laptops and Mobile devices and start working remotely. End user TEAM guide can be found here: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=7&ved=2ahUKEwjP3oCVt6LoAhUBDewKHU6eAPAQFjAGegQIARAB&url=https%3A%2F%2Fdownload.microsoft.com%2Fdownload%2FD%2F9%2FF%2FD9FE8B9E-22F5-47BF-A1AB-09539C41FCD0%2FTeams%2520QS.pdf&usg=AOvVaw2KP9-FybqCgz8JIItmIUgS

Note: In this scenario, the users will login to MS TEAMS using same on-premises credentials.

 

Scenario #3: Customers with existing on-premises infrastructure, customer already using Azure AD:

In this scenario I am assuming that the users already synced, if not then follow point #3 in Scenario #2, once this done or if it’s already done, then you just need to activate the license and assign it, see previous scenario for more info.

In addition to above scenarios, if you are an education sector, then Microsoft since long time providing a free license to enjoy Office 365 Services including MS TEAMS, the implementation phase shall be one of the previous three scenarios we described above depends on your current infrastructure, you can read more about educational sectors and how MS support them in the following articles:

https://docs.microsoft.com/en-us/MicrosoftTeams/remote-learning-edu

https://docs.microsoft.com/en-gb/microsoft-365/education/deploy/create-your-office-365-tenant

https://www.microsoft.com/en-us/microsoft-365/academic/compare-office-365-education-plans?activetab=tab%3aprimaryr1

 

Now, even with all these free stuff that Microsoft provide to help the world in this crisis, we didn’t forget the security part, due to time limitation while writing this article, I will discuss quickly the Multi-factor Authentication feature that will help in secure the access.

The security of two-step verification lies in its layered approach. Compromising multiple authentication factors presents a significant challenge for attackers. Even if an attacker manages to learn the user’s password, it is useless without also having possession of the additional authentication method. It works by requiring two or more of the following authentication methods:

  • Something you know (typically a password)
  • Something you have (a trusted device that is not easily duplicated, like a phone)
  • Something you are (biometrics)

Multi-Factor Authentication comes as part of the following offerings:

  • Azure Active Directory Premium or Microsoft 365 Business – Full featured use of Azure Multi-Factor Authentication using Conditional Access policies to require multi-factor authentication.
  • Azure AD Free or standalone Office 365 licenses – Use Security Defaultsto require multi-factor authentication for your users and administrators.
  • Azure Active Directory Global Administrators – A subset of Azure Multi-Factor Authentication capabilities is available as a means to protect global administrator accounts.

As per above, MFA also can be used as free services if you don’t have premium license, to activate MFA you can follow this article: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

Other security features, like identity protection, Conditional Access … etc. can be also enabled, do a quick search and you will find all of these features and it’s requirement from the implementation part and licensing part, by the way most of the security features explanation can be found here: https://docs.microsoft.com/en-us/azure/security/fundamentals/identity-management-overview

 

Stay tuned for the next article in couple of days, where I will describe the best ways to access your on-premises resources and applications from your home in a very secure way 😊

Part 2 is ready here.

Stay Safe, protect yourself and others by working from home in this crisis.

Ahmad Yasin is a Technical Adviser at Microsoft in Azure identity Team and the Owner & publisher of AzureDummies blog. He also holds many certificates in office 365 and windows azure including Developing Microsoft Azure Solutions, Implementing Microsoft Azure Infrastructure Solutions, office 365, Azure Security Specialist.

Find Ahmad at Facebook and LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.