CTS – Your Technology Partner

Microsoft Office 365 for Business: What You Need to Know

Written by Kenny Gordon on March 17, 2014

Microsoft first launched its global Office 365 (O365) offering in June of 2011 and the adoption of the platform has been growing ever since. An estimated two million subscribers have adopted the platform. Subscribers benefit from a continuous release schedule as Microsoft adds new features and functions to O365 components.

What is Office 365 (O365)?

In a nutshell, O365 is a cloud based productivity and collaboration platform. If you are not familiar with the phrase, “Software as a Service (SaaS),” here it is. Consumers pay a monthly or annual fee to gain access to a continuously enhanced group of business class applications. The platform includes familiar applications such as Outlook, Word, and Excel as well as some other applications that have less recognition to some, like Lync and InfoPath. Plan selection will determine the applications to which you have access and how Microsoft delivers them to you (web or desktop). Some plans include conventional desktop applications with which users are most familiar. Some plans only include web applications, meaning Microsoft delivers the productivity software to users through a web browser. The minimum supported browsers for most of the web applications include Internet Explorer (IE) 9, Mozilla Firefox 12, Apple Safari 5, and Google Chrome 18. To find the detailed offerings for a given plan, please reference the Resources section below.





Well known and widely adopted applications for word processing, spreadsheet calculations, presentation creation, and business-class personal information management (email, calendar, contacts, and tasks); they are the global standard





Microsoft’s note taking application; users can record thoughts, create lists, and draw diagrams

Users can create relational databases and custom reports using Microsoft Access

Users can create rich print media for sales and marketing literature; Microsoft offers many free templates

A unified communications application that includes chat, telephony, video conferencing, and online meetings




Users can create and fill out electronic forms such as a time sheet or expense report; Forms are delivered through a browser or email

Microsoft’s email messaging and calendaring server application

Microsoft’s collaboration and business application framework on which users can create intranet sites, external sites, and enterprise applications

How to Pick the Right Plan

When researching the various preconfigured plans that Microsoft Offers, there are several considerations to make. The most obvious criterion is the number of users who require access to Office 365.


Another consideration is to anticipate organizational growth. Organizations cannot upgrade a Small Business or Midsize Business plan to another plan that will accommodate more users. It is important to anticipate your total number of users before selecting a plan.

One must also consider which licenses each user will require for each application and device. Finding the appropriate plan for your organization is much easier when you understand the precise needs of your users. The flexible licensing model that Microsoft offers in Office 365 allows administrators to assign licenses to applications at a granular level. This allows administrators to distribute their licenses in a manner that uniquely fits their organizations.

Cost is also an important consideration, especially given the current economy. Many companies determine that the expense for an Office 365 plan is preferable to those incurred by recurring software and hardware repairs and upgrades. The scalability of Office 365 is another benefit that subscribers, such as Godiva Chocolatier, enjoy. Godiva substituted the costly upgrade to its dated Lotus Notes system and the opportunity cost of its IT staff with a migration to Microsoft Online Services. As a result, they enjoy an annual cost savings of $250,000 while supporting 1,400 employees.

Scalability, business continuity, and storage are additional factors to include in the equation. Yamaha Motor, which has 39,300 employees, recently considered several cloud services, including Google Apps, Lotus Notes Cloud, and Microsoft Office 365 as an initial step in bolstering business continuity. After careful consideration, they chose Office 365. As a cloud service, O365 is inherently scalable. Yamaha can add resources as needed and purchase additional storage as required. Microsoft provides highly available services for Yamaha through physical, data, functional redundancy, and other measures.

Security and Compliance

Enterprise colleagues often mention security as a serious concern. “How do we know if our email and content is secure?” Microsoft employs a multi-tiered approach with regard to security. Below are only a few of the measures that Microsoft takes to protect subscribers. For a more complete understanding of Microsoft’s approach to security, please reference the Security in Office 365 white paper.

Security Features

24-Hour Monitored Physical Hardware – Data center access is controlled based on roles to ensure only authorized personnel have the appropriate access. Physical access controls protection devices are required such as badges, smart cards, biometric scanners, video surveillance, seismically braced racks, fire extinguishing devices, motion detectors, security alarms, and security officers.

Data Isolation – Data storage and processing is secured with separate Active Directory structures in a multi-tenant environment. A customer cannot access another customer’s data. Dedicated hardware is available for a surcharge.

Role Based Access and Automated Operations – Access to a system is only granted to engineer(s) who have completed a background check, fingerprinting, and training. Granted access will expire and is not indefinite.

Secure Networks – Data centers consist of compartments with separate servers and storage devices from external interfaces. Edge routers detect vulnerabilities and intrusions. O365 connections use a secure sockets layer (SSL) for Outlook, Outlook Web App (OWA), Exchange ActiveSync, POP3, and IMAP. O365 also uses transport security layer (TSL) to ensure data confidentiality and integrity.

Encryption – BitLocker Advanced Encryption Standard (AES) protects email, database files, mailbox transaction logs, transport databases, and log files.

Security Practices

Development Life Cycle – O365 customers benefit from Microsoft’s continuous improvement through the Security Development Lifecycle (SDL), which ensures that software and service security is woven into each stage of development.

Traffic Throttling – Exchange Online will throttle excessive traffic to ensure that malicious attacks do not succeed and that the user experience is stable.

Intrusion Protection, Detection, and Mitigation – O365 employs a strategy to predict and prevent vulnerabilities before they are exploited. Built-in security features include port scanning, perimeter vulnerability scanning, and OS patching. O365 periodically performs penetration tests to improve security.


Data Loss Prevention – Exchange Online can identify, monitor, and protect sensitive data and preemptively identifies sensitive email content. Administrators can tune restrictions to fit their users and configure warnings for users attempting to transmit certain types of data.

Audits and Retention – Customers can configure O365 to log content actions such as viewing, editing, and deleting; Administrators can use the logs to aggregate and describe content usage.

eDiscovery – Compliance personnel can use the eDiscovery Center to preserve and search content in a granular manner.

Managing Data Spillage – O365 allows customers to remove sensitive data that a user may have mistakenly distributed to an unauthorized recipient.

Spam and Malware Controls – O365 offers spam and malware controls such as scanning all messages and assigning a spam confidence level (SCL) value. Junk mail folders store messages that receive borderline values and Administrators can configure safe and blocked senders lists. O365 eliminates documents containing malicious code. Administrators can configure O365 to block certain file types; O365 supports third party antimalware services.

ISO 27001, FISMA, and HIPPA BAA – O365 undergoes regular audits to maintain ISO 27001 certification. O365 is certified for the Federal Information Security Management Act and is also capable of meeting HIPAA requirements.

Cloud Security Alliance (CSA) – O365 follows best practices and delivers service levels as outlined by CSA, a not for profit organization that defines and promotes standards for cloud computing.


Compare All O365 Business Plans

White Paper: Security in Office 365

White Paper: Privacy in the Cloud – A Microsoft Perspective

Office 365 Trust Center (Privacy, Transparency, Security, & Service Continuity)

The Microsoft Office 365 Buyer’s Guide for the Enterprise

Microsoft Office 365 Purchase and Support Guide

Microsoft Office 365 Trial Guide

SharePoint Feature Matrix

Microsoft Office 365 YouTube Channel

Case Studies

For some examples of how a business can use an O365 implementation to their advantage, please view these Microsoft case studies:

Aston Martin – Luxury Sports Car Manufacturer Drives Collaboration and Speeds Business Processes

Godiva – By Moving Email to Cloud, Retailer Saves $250,000 Annually, Gains Business Agility

MedAssets – Cloud-Deployed Pilot Opens the Door for Effective Self-Service Healthcare Management Reporting

MediaCom – Global Media Agency Expects Better Campaigns and Multimillion-Dollar Gains from Cloud BI

Emaar Properties PJSC – Cloud technology prepares premium property developer for aggressive business growth

Helse Vest – Health Authority Can Easily View Hospital Data, Cuts Report Time by 93 Percent with Cloud BI Solution

Steward Health Care – Upgraded, cloud-based IT enables Steward Health Care to improve collaboration and raise the bar on patient care

Yamaha Motor – Yamaha and Microsoft: Building reliable and resilient global information-sharing using the cloud