OneDrive for Business: Tips and Tricks for High-Performing Admins

OneDrive for Business: Tips and Tricks for High-Performing Admins

05 Aug 2020 by Brett Hill

This article focuses on administration and management exclusively for OneDrive for Business. We will cover advice and best practices from my extensive experience working with service ideal for system admins and those actively working with it on a daily basis.

What is Microsoft OneDrive?

Microsoft has two different, but similar services called OneDrive, both of which offer cloud file storage for users. A free version of OneDrive is available to everyone and is often called the “consumer” version. The business version is “OneDrive for Business” and requires a subscription to Microsoft 365 or Office 365. Both look a lot alike but are managed very differently. To add to the mix, Microsoft often refers to OneDrive for Business as simply “OneDrive” in their documentation and even in the UI.

Note: I may refer to OneDrive instead of OneDrive for Business from time to time in this article for the sake of brevity, but I always mean OneDrive for Business unless otherwise stated.

OneDrive for Business has company-wide administration in mind. A service administrator can control the deployment of the synchronization app, network performance, and many other settings. With OneDrive (consumer), there is no management framework. The individual using the service controls their settings.

Where Should Users Save Files?

OneDrive for Business makes it very easy to share files with others, but if you find yourself sharing lots of files, it is recommended to use Teams or SharePoint instead. Teams and SharePoint are simply better for collaboration. For example, with OneDrive, you can’t check-in and check-out a document. Also, in Teams, any document you upload to Teams is available to the entire Team by default, whereas documents you upload to OneDrive are private by default. Also, in Teams, a conversation about a document is shared in a Teams channel rather than via email. The general guidance is if you are working on a file without others involved – use OneDrive for Business. If you need others involved, use a more collaborative service – Teams or SharePoint.

OneDrive for Business uses SharePoint Online as Service

As the service administrator, one of the most important concepts to master is that OneDrive for Business is a special purpose SharePoint document library created automatically for every user in your company. When a user is assigned an Office 365 or Microsoft 365 license, the services automatically create a personal OneDrive for Business document library.

The URL for OneDrive for Business is formatted as follows:

https://<company base name>-my.sharpoint.com/personal/<user-id>

OneDrive For Business SharePoint Library

The landing page (shown above) for OneDrive for Business shows “My Files” which are your files. You can also navigate from here to any SharePoint asset, including SharePoint Document Libraries, files hosted for Teams, or other SharePoint content.

Now that you know OneDrive for Business is using SharePoint under the hood, the following guidance makes sense:

To manage the OneDrive sharing settings for your organization, use the Sharing page of the new SharePoint admin center, instead of the Sharing page in the OneDrive admin center. It lets you manage all the settings and latest features in one place.

In this way, settings related to file sharing on SharePoint are aligned with those for OneDrive for Business (and Teams, which also uses SharePoint as a file store). OneDrive picks up many features from SharePoint, such as the ability to do File RestoresRestore a previous version of file, and synchronize files to your desktop.

Easy Anonymous Access

One main reason OneDrive for Business is well-liked is that it’s so easy to share a document with anyone. You can send someone a URL to a document and relax. It just works, and you won’t hear the dreaded “I can’t open the document” (which is all too common and a huge productivity sink).

The screenshot below exemplifies my point. What’s being shown is the side-by-side sharing experience in Teams vs. OneDrive. Take note! There is no Share option in Teams. You can copy the link to the file, but you must know if the user you send it to has rights to view the document in the Teams library. In OneDrive for Business, however, there is a Share option that allows you to send a URL to anyone. This is called Anonymous Access and is one of the primary reasons users share from OneDrive rather than Teams.

OneDrive For Business, Microsoft Teams

Also, in OneDrive, if you click on Anyone with the link can edit, you can further refine the Sharing options.

OneDrive For Business Sharing Options

As a side note, users frustrated by Teams’ lack of sharing controls can easily open a document or folder in SharePoint instead of Teams (as shown below). In SharePoint, you can share the file with anyone just like in OneDrive. There’s no need to copy a file in Teams to OneDrive to share anonymously. Just open it in SharePoint instead!

SharePoint Document Sharing

Controlling Default Permissions

Many businesses prefer to control who can open company documents. You can change the default settings in the OneDrive administration center, but let’s follow Microsoft’s advice to use SharePoint administration instead.

OneDrive SharePoint Admin Center

There are separate controls for External Sharing for SharePoint and OneDrive, ranging from Only people in your Organization to Anyone. However, what a static snapshot does not reveal is that the OneDrive settings cannot be more permissive than SharePoint. If you lower the permission on SharePoint, the permission also lowers on OneDrive. OneDrive can be more restrictive than SharePoint but never less restrictive. Since SharePoint hosts OneDrive files, this makes sense.

These settings are company-wide. Let users know before you make changes to global settings that cause changes in expected behavior. You WILL hear from them, and it generally won’t be a happy face emoji.

When guest users are needed, as they frequently are, consider securing the environment with the guidance provided by Microsoft in the documentation page titled Create a secure guest sharing environment.

Savvy admins can control sharing using options available when you click on More external sharing settings on the same screen shown above:

OneDrive SharePoint External Sharing Settings

The option Limit external sharing by domain lets you allow or deny sharing to a particular domain. This can be a great way to go when you want to constrain sharing to a specific set of partners or external resources.

Allow only users in specific security groups to share externally lets you control who can share files with people outside your organization. A security group is an Azure AD object that is generally a collection of users and other groups. After populating the security group with users, you can assign permissions and policies to the group, such as granting the group access to a SharePoint site, a mailbox, or forcing members of the group to use 2-factor authentication.

Consider the following scenario. Marketing is involved with a lot of external sharing, so we want to enable sharing for members of Marketing but deny everyone else, AND we don’t want to have to make adjustments every time someone moves into or out of marketing.

To illustrate how this can be achieved with security groups, I created a security group in Azure AD named Marketing-Org and added four users. As employees come and go, members of marketing are added to and removed from this group. (If you haven’t created security groups in Azure AD, it’s straightforward.)

Next, (shown below) I created another security group called External-Sharing.

Azure AD External Sharing

Security groups can have other security groups as members! By adding Marketing-Org to External-Sharing, the users in Marketing-Org automatically inherit External-Org permissions and policies

After that, I assigned the sharing permissions to the External-Org group. Returning to the SharePoint admin center Policies->Sharing->More external sharing settings-> Allow only users in specific security group to share externally. Then, by clicking on Manage Security Groups (shown below)I added the External-Sharing group and set them so they can share with Anyone. To limit the ability of everyone else, I added the built-in security group Everyone except external users and set them to share with Authenticated guests only.

SharePoint Admin Center Manage Security Groups

In this way, everyone in the company can only share with authenticated guests, whereas only the members of External-Sharing can share with anyone.

The screenshot below shows the result. The user on the left is not a member of the External-Sharing group (the Anyone option is grey and cannot be selected). However, the user on the right can.

OneDrive For Business External Sharing

Once configured, effective administrators can manage membership of the security groups using PowerShell with the Add-AzureADGroupMember and associated cmdlets.

Storage space per user

Most Microsoft 365 and Office 365 plans come with 1TB of storage per user for OneDrive. If there are more than 5 users on a plan, 1TB can be increased by administrators to 5TB. You can even go to 25TB on a user-by-user basis by filing a support ticket with Microsoft.

To increase the storage limit for all users, browse to the OneDrive administration console, and select Storage. Change the setting from 1024 to the new limit. Shown below is updating the limit to 5TB. There are no additional charges for the increase in capacity.

OneDrive For Business Storage Limit

A global or SharePoint admin can change storage quotas with PowerShell after you connect to SharePoint using the SharePoint Online Management Shell and run the following command:

Set-SPOSite -Identity <user’s OneDrive URL> -StorageQuota <quota>.

You have to construct the OneDrive URL from the company name and user name, as mentioned earlier. Then, find the user name from the list of active users in the Office or Microsoft 365 admin center.

For <Quota>, enter a number between 1024 (1MB is the minimum) and 5242880 (for 5 TB). Values are rounded up. 1TB is 1048576.

As of this writing, OneDrive allows files up to 100GB.

Request Files

In some scenarios, you may want to collect files from others, rather than send files to others. OneDrive for Business makes this easy with the Request Files feature. With this feature, users can send an email asking others to upload content to a specific folder.

To set up a request files email, in the OneDrive UI, select a folder, click on the ellipses (…), and click Request files. You will see a window similar to the one shown below.

OneDrive For Business Request Files

After clicking Next, you will see the Send file request window:

OneDrive For Business Send File Request

The email sent by this form provides a URL for uploading content to the OneDrive for Business folder. Request files is a great way to collect and concentrate needed files into a single location for processing. That said, you need to make sure to enable uploads for the folder locations in the request.

Of course, a savvy administrator is thinking, “Hmm, does this provide a way for these users to upload content forever to this location?”

Shown below is the SharePoint admin center for Policies, Sharing.

SharePoint Admin Center Policies Sharing

With these settings, you can put some boundaries around the ability to upload files to location access given in the Request files invitation. These settings apply to anonymous links sent from OneDrive and SharePoint as well. As a best practice, if you permit users to send links to Anyone, which is enabled by default, you should expire those links. Otherwise, over a period of years, there can be hundreds or thousands of URLs that provide access to your content making access control distressingly challenging or impossible without disabling anonymous access altogether.

Folders must be set to View, edit, and upload as shown above to allow users to upload files in response to a file request.

Synchronization

One of the main features of OneDrive for Business is the ability to synchronize files from a user’s PC or laptop with OneDrive. With the synch service running, users can work on files locally, and the changes are sent to the cloud. Also, well-known folder locations such as Documents can be synchronized, ensuring essential documents are both local and in the cloud. You can easily sync Teams File Repositories as well as SharePoint Document Libraries.

The synchronization service is part of Windows 10, so you do not generally need to download it individually. Users can install the service by clicking Start and typing OneDrive.

One Drive For Business App Windows 10
OneDrive For Business Sign In

Click on the OneDrive app to launch the setup. OneDrive is then accessible in the taskbar as the cloud icon (shown before logging in, below).

Alternatively, users can enable the client by logging into onedrive.microsoft.com and clicking Sync.

When installed, users can enjoy the integration of OneDrive with Windows File Explorer. A OneDrive location is visible in the File listing. The OneDrive file listing is unique as you can see if a file is in the cloud (cloud icon), local and in the cloud (checkmark), or synchronizing (arrows). Also, when you right-click on a file in the OneDrive folder, you can Share a file, View online, and check the version history.

OneDrive Windows File Explorer

Pay particular attention to the following icons. Shown below is a screenshot from one that appears during the installation of the OneDrive client.

OneDrive Client Installation

TAKE NOTE – File on demand enabled by default!

Imagine this scenario. You are working on an important project with several others. A Teams site is used for collaboration. You’re headed out for an important meeting with your clients, and a colleague posts several important files to Teams. You’ve installed the sync client, and you’re headed off to the airport, so you think “no worries, I’ve got them synced to my laptop, and I can view them in flight.” Aloft, you open your laptop and see there is a cloud icon next to files. Clicking on a file, it’s not accessible. What happened?

What happened is the Files On-Demand is enabled by default.

Files On-Demand marks content that appears in the cloud as cloud-only. A file added to a Teams File Repository will not automatically sync locally. It’s not available offline until you open the file, or set the file or folder to Always keep on this device. Optionally, you could also disable Files On-Demand, which we’ll get to in a minute.

For an important file or folder, right-click in Windows Explorer and select Always keep on this device. Users can also disable Files On-Demand in the OneDrive client by opening the client and clicking More->Settings->Settings, then clear the checkbox that reads Files On-Demand.

Microsoft OneDrive Files On-Demand

When you clear the checkbox, a pop-up message says that, indeed, the files will download to your PC instead of being cloud-only.

Microsoft OneDrive Disable Files On-Demand

Be advised that as the message above states, if your files in OneDrive for Business take up, say, 1TB, then that 1TB will be downloaded to your PC. Local storage needs to allow for this. Also, administrators need to consider the impact on bandwidth should you disable Files On-Demand for many users at the same time.

As an alternative, consider instructing users to mark files and folders they want to always be available offline “Always available on this device” using Windows File Explorer as previously discussed. Then you can keep Files On-Demand enabled to preserve bandwidth as only the designate files and folder will be permanently synched, while those you open, will be temporarily synched. All others will reside in the cloud.

Using Policy

For small businesses, administrators can manage OneDrive for Business effectively with the OneDrive for Business administration console. Larger organizations will be interested in using policy. The policy system for Microsoft and Office 365 is considered the most efficient way to manage many settings including those for OneDrive for Business. Policy-based administration provides administrators control, scale, repeatability, and flexibility.

Policy automation can be a complicated topic and breaks into different scenarios depending on your network architecture and configuration. For those with on-premise Active Directory environments, you manage policy via SCCM or Azure AD Domain Services.

If your environment is cloud-only (meaning, you are not using domain controllers locally), using Microsoft’s InTune service lets you deploy the OneDrive sync service to desktops using the Microsoft Endpoint Manager admin center.

Microsoft Endpoint Manager admin center.

You can also create and apply profiles to users that control OneDrive behavior. Shown below is a policy profile limiting the client upload rate to a percentage of available bandwidth. This one of many possible settings to control OneDrive policies in Microsoft Endpoint Manager.

OneDrive policies in Microsoft Endpoint Manager

Previously, you saw how you can limit sharing with anonymous users to members of a specific security group. Similarly, you can apply different policy profiles to different security groups.

Microsoft EndPoint Manager Security Groups

In this way, you manage the behavior of OneDrive and many other aspects of your cloud service by membership in security groups. It’s easy to imagine uses for this practice with a group for New Hires, Legal-Review-Team, Alliance Partners, Vendors, or other typical roles with differing needs in a busy organization.

Network Impact

In regards to OneDrive, you want to be thoughtful about bandwidth consumption in your company, especially on the initial deployment of OneDrive for Business. More than one company has had issues with essential business services becoming sluggish when hundreds or even thousands of newly deployed OneDrive for Business sync clients start downloading content at the same time. Files On-Demand, as discussed earlier, helps significantly to reduce the initial bandwidth hit as files located in the cloud are not automatically downloaded to clients when enabled.

Known folder moves (discussed next) can also impact network performance by automatically uploading users’ local folders to the cloud when the client is deployed.

To help manage network impacts, the OneDrive sync client has bandwidth controls built-in. For a small business, you may want to adjust these settings on each users’ system. Right-click on the OneDrive for Business sync client, then click Settings->Network to see the settings.

Microsoft OneDrive Sync Client

In a larger business, you can use policy to push the desired settings, including the ability to mark OneDrive network traffic with QoS settings.

Known Folder Moves

Finally, a feature called Known Folder Moves is of keen interest to administrators as it can help reduce support desk calls and ease users’ transitions to new computers when replaced or upgraded.

As you probably know, specific folders in Windows, such as Documents, Desktop, and Pictures, and others are unique. These are “known folders” as they are in the same location in the file system on every Windows operating system.

OneDrive includes a feature where known folder locations are synced to OneDrive for Business. When a user needs a file in one of these locations and their PC is not available, they can access it from any device, including a mobile device that has an internet connection. Also, when a user moves to a new PC or laptop, all the previous documents, images, and important files are online and can easily be synched back to the new device.

Known Folder Moves can be enabled in the sync client by clicking on Setting->Backup->Manage Backup.

Microsoft OneDrive Known Folder Moves

Of course, you can also use policy with the methods previously discussed. Should you decide to roll this out, be mindful of bandwidth impacts and network performance,all that content will be uploaded to the cloud.

Summary

OneDrive for Business is an exceptionally useful service. In this article, we’ve discussed many of the key considerations, benefits, best practices, and capabilities of OneDrive for Business so you can effectively manage the service for users. A capable administrator will understand the business use cases for sharing as well as the network impact of OneDrive for Business, and be familiar with how to administer the service including using policy to enforce the desired settings for your Business.

When set up, users will enjoy cloud access to essential files, including their Desktop, Document, Pictures, Team sites, and other files of importance, allowing them to share content quickly and work locally or collaboratively.

Of course, Microsoft is continuously updating OneDrive for Business, so as a last tip, bookmark the Microsoft official OneDrive blog to keep up-to-date.

How to Recover Deleted Emails in Microsoft 365

How to Recover Deleted Emails in Microsoft 365

When the CEO realizes they deleted a vital email thread three weeks ago, email recovery becomes suddenly becomes an urgent task. Sure, you can look in the Deleted Items folder in Outlook, but beyond that, how can you recover what has undergone “permanent” deletion? In this article, we review how you can save the day by bringing supposedly unrecoverable email back from the great beyond.

Before we continue, we know that for all Microsoft 365 admins security is a priority. And in the current climate of COVID-19, it’s well documented how hackers are working around the clock to exploit vulnerabilities. As such, we assembled two Microsoft experts to discuss the critical security features in Microsoft 365 you should be using right now in a free webinar on May 27. Don’t miss out on this must-attend event – save your seat now!

Now onto saving your emails!

Deleted Email Recovery in Microsoft And Office 365

Email Recovery for Outlook in Exchange Online through Microsoft and Office can be as simple as dragging and dropping the wayward email from the Deleted Items folder to your Inbox. But what do you do when you can’t find the email you want to recover?

First, let’s look at how email recovery is structured in Microsoft 365. There are few more layers here than you might think! In Microsoft 365, deleted email can be in one of three states: Deleted, Soft-Deleted, or Hard-Deleted. The way you recover email and how long you have to do so depends on the email’s delete status and the applicable retention policy.

Email Recovery in Microsoft 365

Let’s walk through the following graphic and talk about how email gets from one state to another, the default policies, how to recover deleted email in each state, and a few tips along the way.

Items vs. Email

Outlook is all about email yet also has tasks, contacts, calendar events, and other types of information. For example, you can delete calendar entries and may be called on to recover them, just like email. For this reason, the folder for deleted content is called “Deleted Items.” Also, when discussing deletions and recovery, it is common to refer to “items” rather than limiting the discussion to just email.

Policy

Various rules control the retention period for items in the different states of deletion. A policy is an automatically applied action that enforces a rule related to services. Microsoft 365 has hundreds of policies you can tweak to suit your requirements. See Overview of Retention policies for more information.

‘Deleted Items’ Email

When you press the Delete key on an email in Outlook, it’s moved to the Deleted Items folder. That email is now in the “Deleted” state, which simply means it moved to the Deleted Items folder. How long does Outlook retain deleted email? By default – forever! You can recover your deleted mail with just a drag and drop to your Inbox. Done!

If you can’t locate the email in the Deleted Items folder, double-check that you have the Deleted Items folder selected, then scroll to the bottom of the email list. Look for the following message:

Outlook Deleted Items Folder

If you see the above message, your cache settings may be keeping only part of the content in Outlook and rest in the cloud. The cache helps to keep mailbox sizes lower on your hard drive, which in turn speeds up search and load times. Click on the link to download the missing messages.

But I Didn’t Delete It!

If you find content in the Deleted Items and are sure you did not delete it, you may be right! Administrators can set Microsoft 365 policy to delete old Inbox content automatically.

Mail can ‘disappear’ another way. Some companies enable a personal archive mailbox for users. When enabled, by default, any mail two years or older will “disappear” from your Inbox and the Deleted Items folder. However, there is no need to worry. While apparently missing, the email has simply moved to the Archives Inbox. A personal Archives Inbox shows up as a stand-alone mailbox in Outlook, as shown below.

Stand-alone mailbox in Outlook

As a result, it’s a good idea to search the Archives Inbox, if it is present when searching for older messages.

Another setting to check is one that deletes email when Outlook is closed. Access this setting in Outlook by clicking “File,” then “Options,” and finally “Advanced” to display this window:

Outlook Advanced Options

If enabled, Outlook empties the Deleted Items when closed. The deleted email then moves to the ‘soft-delete’ state, which is covered next. Keep in mind that with this setting, all emails will be permanently deleted after 28 days

‘Soft-Deleted’ Email

The next stage in the process is Soft-Deleted. Soft-Deleted email is in the Deleted-Items folder but is still easily recovered. At a technical level, the mail is deleted locally from Outlook and placed in the Exchange Online folder named Deletions, which is a sub-folder of Recoverable Items. Any content in Recoverable Items folder in Exchange Online is, by definition, considered soft-deleted.

You have, by default, 14 days to recover soft-deleted mail. The service administrator can change the retention period to a maximum of 30 days. Be aware that this can consume some of the storage capacity assigned to each user account and you could get charged for overages.

How items become soft-deleted

There are three ways to soft-delete mail or other Outlook items.

  1. Delete an item already in the Deleted Items folder. When you manually delete something that is already in the Deleted Items folder, the item is soft-deleted. Any process, manual or otherwise that deletes content from this folder results in a ‘soft-delete’
  2. Pressing Shift + Delete on an email in your Outlook Inbox will bring up a dialog box asking if you wish to “permanently” delete the email. Clicking Yes will remove the email from the Deleted-Items folder but only perform a soft-delete. You can still recover the item if you do so within the 14 day retention period.
Soft Deleting Items in Outlook
  1. The final way items can be soft-deleted is by using Outlook policies or rules. By default, there are no policies that will automatically remove mail from the Deleted-Items folder in Outlook. However, users can create rules that ‘permanently’ (soft-delete) email. If you’re troubleshooting missing email, have the user check for such rules as shown below. You can click Rules on the Home menu and examine any created rules in the Rules Wizard shown below.
Microsoft Outlook Policies and Rules

Note that the caution is a bit misleading as the rule’s action will soft-delete the email, which, as already stated, is not an immediate permanent deletion.

Recovering soft-deleted mail

You can recover soft-deleted mail directly in Outlook. Be sure the Deleted Items folder is selected, then look for “Recover items recently removed from this folder at the top of the mail column, or the “Recover Deleted Items from Server” action on the Home menu bar.

Recovering soft-deleted mail in Outlook

Clicking on the recover items link opens the Recover Deleted Items window.

Recover Deleted Items, Microsoft Outlook

Click on the items you want to recover or Select All, and click OK.

NOTE: The recovered email returns to your Deleted Items folder. Be sure to move it into your Inbox.

If the email you’re looking for is not listed, it could have moved to the next stage: ‘Hard-Deleted.’

While users can recover soft-deleted email, Administrators can also recover soft-deleted email on their behalf using the ‘Hard-Deleted’ email recovery process described next (which works for both hard and soft deletions). Also, Microsoft has created two PowerShell commands very useful in this process for those who would rather script the tasks. You can use the Get-RecoverableItems and Restore-RecoverableItems cmdlets to search and restore soft-deleted email.

Hard-Deleted Email

The next stage for deletion is ‘Hard Delete.’ Technically, items are hard deleted when items moved from the Recoverable folder to the Purges folder in Exchange online. Administrators can still recover items in the folder with the recovery period set by policy which ranges from 14 (the default) to 30 (the maximum). You can extend the retention beyond 30 days by placing legal or litigation hold on the item or mailbox.

How items become Hard-Deleted

There are two ways content becomes hard-deleted.

  1. By policy, soft-deleted email is moved to the hard-deleted stage when the retention period expires.
  2. Users can hard-delete mail manually by selecting the Purge option in the Recover Deleted Items window shown above. (Again, choosing to ‘permanently delete’ mail with Shift + Del, results in a soft-delete, not a hard-delete.)

Recovering Hard-Deleted Mail

Once email enters the hard-delete stage, users can no longer recover the content. Only service administrators with the proper privileges can initiate recovery, and no administrators have those privileges by default, not even the global admin. The global admin does have the right to assign privileges so that they can give themselves (or others) the necessary rights. Privacy is a concern here since administrators with these privileges can search and export a user’s email.

Microsoft’s online documentation Recover deleted items in a user’s mailbox details the step-by-step instructions for recovering hard-deleted content. The process is a bit messy compared to other administrative tasks. As an overview, the administrator will:

  1. Assign the required permissions
  2. Search the Inbox for the missing email
  3. Copy the results to a Discovery mailbox where you can view mail in the Purged folder (optional).
  4. Export the results to a PST file.
  5. Import the PST to Outlook on the user’s system and locate the missing email in the Purged folder

Last Chance Recovery

Once hard-deleted items are purged, they are no longer discoverable by any method by users or administrators. You should consider the recovery of such content as unlikely. That said, if the email you are looking for is not recoverable by any of the above methods, you can open a ticket with Microsoft 365 Support. In some circumstances, they may be able to find the email that has been purged but not yet overwritten. They may or may not be willing to look for the email, but it can’t hurt to ask, and it has happened.

What about using Outlook to backup email?

Outlook does allow a user to export email to a PST file. To do this, click File” in the Outlook main menu, then “Import & Export” as shown below.

Outlook Menu, Import Export

You can specify what you want to export and even protect the file with a password.

While useful from time to time, a backup plan that depends on users manually exporting content to a local file doesn’t scale and isn’t reliable. Consequently, don’t rely on this as a possible backup and recovery solution.

Alternative Strategies

After reading this, you may be thinking, “isn’t there an easier way?” A service like Altaro Office 365 Backup allows you to recover from point-in-time snapshots of an inbox or other Microsoft 365 content. Having a service like this when you get that urgent call to recover a mail from a month ago can be a lifesaver.

Summary

Users can recover most deleted email without administrator intervention. Often, deleted email simply sits in the Deleted folder until manually cleared. When that occurs, email enters the ‘soft-deleted stage,’ and is easily restored by a user within 14-days. After this period, the item enters the ‘hard-deleted’ state. A service administrator can recover har

-deleted items within the recovery window. After the hard-deleted state, email should be considered uncoverable. Policies can be applied to extend the retention times of deleted mail in any state. While administrators can go far with the web-based administration tools, the entire recovery process can be scripted with PowerShell to customize and scale larger projects or provide granular discovery. It is always a great idea to use a backup solution designed for Microsoft 365, such as Altaro Office 365 Backup.

Finally, if you haven’t done so already, remember to save your seat on our upcoming must-attend webinar for all Microsoft 365 admins:

Free – Microsoft 365 Busines Basic for 6 months

Free – Microsoft 365 Busines Basic for 6 months

In response to COVID outbreak and need for people to be working from home, Microsoft is offering 6 months of Microsoft 365 Business Basic for free. You can find more details about the service the post How to Choose a Microsoft 365 Plan .

This plan includes many of the main Office/Microsoft 365 Services that small businesses need to run including Microsoft Teams which allows you to host online virtual meetings similar to Zoom for up 250 people. Also included are Onedrive for cloud document storage, and the online versions of Word, PowerPoint, and Excel. The offer does require an annual commitment so you can’t just hop on for 6 months and cancel. Another way to say this is 1/2 price for year, right?

How To Choose a Microsoft  365 Plan for Small Business

How To Choose a Microsoft 365 Plan for Small Business

Microsoft 365 has a lot of flavors. Figuring out which offer fits your needs is not as simple as one might hope. With small or solo businesses, the difference between $5 a month and $25 is a month is a big deal. So what version of Microsoft 365 to choose? That’s what I’m hoping to help you sort out with this article.

A couple of things before you dig in.

  1. If you are 501(c)3 STOP and go directly to this page. You probably qualify for no or low-cost licenses. There’s a lot less to think about when the cost is that low or free. That said, there’s still some key stuff you need to learn to onboard and use the services effectively.

  2. The small business offerings are capped at 300 users. You will need one of the Office 365 “E” offerings if you have 300 or more users, or expect to in the near future. (You can upgrade).

Microsoft 365 plans include Microsoft Office desktop applications and a suite of online services. They work together brilliantly, but one does not require the other.

Online Office vs Microsoft Office Apps

Word, Powerpoint, Excel, and Outlook exist in two forms. One is the traditional “download and install” for your PC (and when I say PC, I mean Apple as well) or mobile device. The other is “as a service” in the cloud. So there is PowerPoint (PC installed) and PowerPoint Online (that you can work within your browser). Same for Microsoft Word and Word Online, Excel and Excel Online.

The other BIG consideration is offline use. If you can only use the web versions of Office, you cannot work on your project unless you have an internet connection. For many, that consideration alone drives the decision.

So the number one question is this:

QUESTION #1 (a big one!)
Do you need the PC (or Apple) versions of Microsoft Office?

If you do, it’s going to cost you more than if you don’t (kind of a duh!, right?) But you want to know the choices and tradeoffs? Read on.

The answer to the question – do you need Microsoft Office on your PC ( or Apple) is —– Probably. If you only do basic word processing, email, spreadsheets, or powerpoints – the online versions of these products are good. They are actually really good and have come a looking way over the years. And they support co-authoring in real time. That is actually an extremely complicated technical accomplishment.

Take a look at the PowerPoint PC version (on left) and online version (on right) side by side. They look alike and remarkably act alike when doing basic PowerPoints. When I say “basic” I mean to say that PowerPoints created using PowerPoint Online can look very good and present well. But if you do much with animations, transitions, and all the stuff that makes a deck really stand out, then you need the full-featured versions only to be found in PowerPoint that you install on your computer. The same is true for Excel and Word. The online versions are good for a lot of basic work but are effectively “Lite” versions.

QUESTION #2
Do you need the online services that are part of the Microsoft 365 such as Teams?

Many of the online services offered by Microsoft are pure online services, meaning, they are used in your browser only. With Excel, for example, there is the version you install on your PC and there is the version (Excel Online) that you use in the cloud. As already stated, you can use one without the other. Teams is where web conferencing is provided so for many small businesses, this is a key service of interest.

So Let’s Sort This Out

Below are a series of cases, one of which should fit your situation. If you need the desktop applications, then answer YES to Microsoft Office Apps. If you need the accompanying online services, then answer YES to Online Services.

Scenario #1
I don’t need Online Services but I do need Microsoft Office

You want either Office Home and Business (Buy one time) or Microsoft 365 Apps for Business (monthly subscription)

IMPORTANT :
If you have 300 or more users, skip to the Enterprise offerings. None of the “Business” offerings can be used with 300+ users.

  1. BUY – One-time payment: Office Home and Business ($245 as of this writing)

    If you want the desktop versions of Office with no services provided, you want Office Home and Business. You get the latest version available when you buy it with 60 days of support. Functionally, this should work for many years. It’s hard to say exactly how long as it has to with obsolescence and that’s hard to predict. People are still using Office 2007 all over the place, much to Microsoft’s dismay. At some point, though, your downlevel version starts to be a problem. People sending you files you can’t open or if they open your downlevel files with their updated Office, it will often convert the format to a new format that you cannot use. When they send them back to you, you can’t open them anymore. You have to ask them to “Save As” and then save it as a downlevel version of the file. It’s annoying. It costs time and isn’t the best message to others that you need them to work in a file format that’s obsolete to do business with you. Don’t be that person 😉

    Pros: One-time payment, probably good for 5+ years of use with no additional costs.

    Cons: Can’t upgrade to the latest versions. Will have to pay for email services and online storage if needed. 1 device per license.

    2. Subscribe– Ongoing subscription services: Microsoft 365 Apps for Business ($8.25 per user, annual contract, otherwise $10 monthly)

    There are two big advantages here:

    You can install Office on 5 devices per user!

    If BillyBob has a laptop and a PC, then you can install Office on both from the same price. No, you are not allowed to buy one subscription and install it on devices for 5 different people.

    Office is kept up to date. Sweet!

    In addition to desktop versions of Outlook, Word, PowerPoint, and Excel you also get Publisher (desktop publishing app for creating posters, mailers, and other highly structured documents), and Access (database application). Also of note – Onedrive (an online service) is included which allows you to store files in the cloud. I don’t know if this is different than the free version of Onedrive available to anyone, but it won’t matter functionally.

    Pros:
    Always current. That’s actually a bigger deal than you might think.
    Allows installation on 5 PCs and 5 mobile devices per user. This is very useful if you have a laptop and a PC at the office as do many. Just one license covers both.
    It comes with Access and Publisher.
    Fixed costs – you know exactly what your costs are going to be each month. Finally, it’s super convenient and that’s important.

    Cons: After 29 months, you’re paying more to rent Office than if you bought it outright. Over a period of 6 years or so, if you have one PC, the costs are significantly more than if you bought Office outright.

    In order to make this choice, work out how much the value of multiple installations for a single user means to you. If you have just one user with single laptop or PC, it could make sense to buy Office outright. Note that you can use a purchased version of Office with Microsoft Business Basic for $5 to add online service to your business. This is well worth examining.

Scenario #2
I need online services, but don’t want to rent or buy Microsoft Office

You want Microsoft 365 Business Basic which costs only $5 per user per month.

You get web-based versions of Outlook, Excel, and PowerPoint as well as Onedrive, SharePoint and Teams and other services. Teams is HUGE and at $5 per month includes voice and online meeting capability for up to 250 in a meeting. Yeah – TWO HUNDRED AND FIFTY. That’s $20 per month on Zoom with largely the same capabilities.

If you already have Microsoft Office be sure to check this page for requirements to connect to Office 365 or Microsoft 365. Microsoft is ending “support” for Office 2013 to connect to online services in Oct 2020. That said, the announement (MC190854) further states that they will not actually stop you from using Office 2013 with the online services after that date, just that they don’t support it. In short, if you can still use it. Even so, you may want to upgrade from time to time cause they really do make it better.

Pros: CHEAP. Easy to start working with right away. You can use a custom domain name which is cool and gives your business a professional shine. Works anywhere, anytime – all you need is a browser. If you already have Microsoft Office, it can work with the online services.

Cons: The online versions of Outlook, PowerPoint, Excel, etc are good, but not as full-bodied as their desktop counterparts. You must have internet access in order to work so no working on a plane without good wi-fi and you know that is probably not happening. No network and you’re disconnected from your services which are needed to access your stuff.

Scenario #3
I need the online services and want to rent to Microsoft Office applications

You want the Microsoft 365 Business Standard plan at $12.50 per user annual contract.

This is the full-bodied offering that includes the installed Office applications and all the online services needed to run a small business including email, team collaboration, cloud file storage, presentations, web conferencing, and more.

While mail (Outlook), Teams, and Onedrive are the most popular services, take a look at what actually comes with the Business Standard. This is a list of “all apps” from a freshly deployed Business Premium service as of the time of this writing.

All Services in the Business Standard

Dynamics for sure is a separate thing with separate licenses. It’s listed here probably because things like PowerApps are built on top of it. Bookings is included as is Planner, Forms, Tasks Whiteboard, and ToDo. Power Automate is a geek dream come true allowing you to create no-code workflows where events in one service trigger activities in others. Drop a form in toOnedrive, get an email, and notify a team and blink your lights at home. Sweet!

Pros: Everything you need for $150 per user per year. Always current. Install Office on 5 devices per user. Work online or offline.

Cons: $150 per user can add up fast for a small business. 3K for 20 users annually. If you only need basic services, a smaller package will do.

Scenario #4
I need Microsoft Office, Online Services, and Windows 10 licenses

You want Microsoft 365 Business Premium at $20 per month per user.

This service has a LOT of features and is of interest to businesses with legal requirements or business needs for enforced privacy and security. Also, if you need Windows 10 licenses for computers, this is the service you need. You can enforce policy on like “must have virus scanning enabled” or “must use 2-factor authentication on mobile devices”. There is a lot of capability here so plan on spending some quality time with the online guidance or taking some training on how to set it up.

As mentioned, Microsoft 365 Business Premium includes Windows 10 as follows:

If you have devices that are licensed for Windows 7, 8, and 8.1 Professional, Microsoft 365 Business Premium provides an upgrade to Windows 10 Pro, which is the prerequisite for deploying Windows 10 Business.
https://docs.microsoft.com/en-us/microsoft-365/business/support/microsoft-365-business-faqs?view=o365-worldwide

In short, this plan is not for everyone, but is great if you need the additional capability and Windows 10.

PRO TIP! You can mix and match plans. If you have 10 people in the office and some are front desk while others on the road, consider Business Basic for the front desk and Business Standard for those on the road.

The Enterprise Plans

Microsoft has a set of offerings called the “E” plans for companies with 300 or more people.

They use the exact same services as the small business plans and are also staged versions with varying degrees of capacity and features. These services are sold to larger companies that often deploy “hybrid” setups where the Microsoft cloud services interact with on-premise servers at a companies data center. The mainstay Enterprise offering is the “E3” plan which is $20 per user per month and includes Microsoft Office.

Takeaways

The main offering for SMB is the Microsoft Business Standard plan which includes the online services and Microsoft Office for you computers. The Business Basic service at $5 per user is hard to beat if you don’t need Office or already have it. Don’t fuss too much about the choices as you can switch between plans and mix-and-match as well. This allows you to provide just online services for some, while having Office for others.

Please report any updates or needed clarifications! Keeping up with a cloud service is no small task.