1. Logon
-
Browse to https://admin.microsoft.com.
-
System Admin: Type
bhf@tbhf.onmicrosoft.comfor the account. -
IT Helpdesk: Type
bhf-it@bhf-th.orgfor the account. -
Click Next.
-
Type the password.
-
Click Sign in.
-
Uncheck Don’t show this again.
-
Click No.
-
Do your thing.
-
Select > Sign Out.
2. Add tax ID
-
Browse to https://admin.microsoft.com.
-
Log in with Microsoft 365 Admin account.
-
Select Billing > Billing accounts.
-
Click The Borderland Health Foundation.
-
Click Add tax ID.
-
Select Thailand for Country/Region.
-
Check Please confirm you are an authorized purchaser for a VAT registered entity.
-
Type
0993000390563in the VAT ID field. -
Click Save.
-
Log out from https://admin.microsoft.com.
-
Close Browser.
3. Billing Notifications
-
Billing notifications email accounts.
procurement@bhf-th.org bhf@tbhf.onmicrosoft.com bhf-it@bhf-th.org
4. Mailbox usage
-
Select Reports > Usage.
-
Select Exchange.
-
Select Mailbox usage.
-
Hover the last point on the cyan color line under Storage.
-
Then you will see the total size of the email storage.
5. Microsoft Support
-
Browse to https://admin.microsoft.com.
-
Log in with Microsoft 365 Admin account.
-
Select Support > New service request.
-
Type the issue in Briefly describe your issue field and press Enter.
-
Review the Run diagnostics.
-
Scroll down and select Contact support.
-
Fill the Discription field.
-
Fill the Confirm your number field.
-
Fill the Confirm your email field.
-
Choose Phone.
-
Choose (UTC +07:00) Bangkok, Hanoi, Jakarta for Choose a new timezone.
-
Chose English *United States).
-
Click Contact me.
6. Purchase services
-
Browse to https://admin.microsoft.com.
-
Log in with Microsoft 365 Admin account.
-
Click Sign in.
-
Uncheck Don’t show this again.
-
Click No.
-
Select Billing > Purchase services.
-
Select Microsoft 365 Business (Nonprofit Staff Pricing) Donation.
-
Click Get now.
-
Select Pay for a full year
-
Type
2in How many users do you want? field. -
Uncheck Automatically assign to all of your users with no licenses.
-
Click Check out now.
Address 1 68/30 Bantung Road Address 2 City Maesot State/Province Tak Postal code 63110 Phone 055 532026
-
Click Next.
How does this look? Microsoft 365 Business (Nonprofit Staff Pricing) 2 users $0.00 Donation $0.00 per tear | 1 year term Total $0.00 -
Click Next.
-
Select Payment method | Invoice (pay by bank transfer only)
-
Choose Pay by the year.
Payment method Invoice ● Pay by the year ○ Pay by the month Invoice details First name The Borderland Health Last name Foundation Address 1 68/30 Bantung Road Address 2 City Maesot State/Province Tak Postal code 63110 Phone 055 532026 PO number or memo (optional)
-
Check By checking this box,….. to agree to microsoft terms and conditions.
-
Click Place order.
You're all set! Thanks for your order. We will email your confirmation number and instructions for downloading your billing statement. (See instruction here to receive billing statements by email.) If your're ready, assign users to your new subscription
-
Click Go to Admin Home.
-
Select Account manager > Sign out.
-
Close Browser.
6.1. Purchase New Service
-
Select Marketplace.
-
Select Nonprofit tab.
-
Type the product you want to purchase in the Search all product categories field.
-
Click Details on <Your product> (Nonprofit Staff Pricing).
-
Change the Select license quantity value as required.
-
Change the Select billing frequency as required.
-
Click Buy.
-
Click Place order.
7. Teams & Groups
7.1. Information
-
Now on every Teams group, the group owner is bhf-it@bhf-th.org.
-
Group owner is mandatory.
-
When bhf-it@bhf-th.org is the group owner:
-
No one can add the group member or owner except the admin accounts bhf@tbhf.onmicrosoft.com and bhf-it@bhf-th.org.
-
When people request access to the SharePoint site, the request is go to bhf-it@bhf-th.org only (which go to smru-it@shoklo-unit.com too).
-
Sometimes when people schedule the meetings, they invite the Teams group instead of the Email group because the Teams and Email group has the same name. Then the invitation go to bhf-it@bhf-th.org (which go to smru-it@shoklo-unit.com too).
-
The group permissions are under control by IT.
-
-
If the department manager or manager assistant is the group owner:
-
The department manager or manager assistant can add or delete the group member and owner.
-
When people request access to the SharePoint site, the request is go to the department manager or manager assistant only.
-
Sometimes when people schedule the meetings, they invite the Teams group instead of the Email group because the Teams and Email group has the same name. Then the invitation go to the department manager or manager assistant and group members only.
-
The group permissions are not under control by IT.
-
Will the department manager or manager assistant know what to do or know what they are doing?
-
Do we need to train the department manager or manager assistant?
-
7.2. Logon
-
Browse to https://admin.microsoft.com.
-
System Admin: Log in as Microsoft 365 - BHF IT Admin with the bhf@tbhf.onmicrosoft.com email account.
-
IT Helpdesk: Log in as Microsoft 365 - BHF IT Helpdesk with the bhf-it@bhf-th.org email account.
7.3. Create Teams Group
-
Select Teams & Groups > Active teams & groups.
-
Click Add a group.
-
Choose Office 365 (recommended).
-
Click Next.
-
Type the group name in Name field.
-
Optional: Type a description in the Description field.
-
Click Next.
-
Type
bhf-it@bhf-th.orgin the Owners field. -
Click Next.
-
Type a group email address in Group email address field.
-
Shared groups: Choose Public - Anyone can see group content.
-
Private group: Choose Private - Only members can see group content.
-
Microsoft Teams Choose Create a team for this group.
-
Click Next.
-
Click Create group.
-
Click Close.
-
Select Account manager > Sign out.
-
Close Browser.
7.4. Create Email Group
-
Select Teams & Groups > Active teams & groups.
-
Choose Security groups.
-
Note: We choose only Mail-enabled security for our email forwarding group because if we need to setup a policy for the group we don’t need to create another group.
-
Choose Add a mail-enabled security group.
-
Type the group name in Name field.
-
Optional: Type a description in the Description field.
-
Click Next.
-
Click Assign owners.
-
Type
bhf-itin Search for a name or email address box. -
Select BHF IT bhf-th@bhf-th.org.
-
Click Add.
-
Click Next.
-
Click Add members.
-
Click Next.
-
Type a group email address in Group email address field.
-
Check Allow people outside of my organixation to send email to this distribution group.
-
Click Next.
-
Click Create group.
-
Click Close.
-
Select Account manager > Sign out.
-
Close Browser.
7.5. Add Email Security Group
-
Select Teams & Groups > Active teams & groups.
-
Click Add a group.
-
Choose Mail-enabled security.
-
Type
SMRU block outgoing emails to allin the Name field. -
Click Next.
-
Type
smru-block-outgoing-emails-to-allin the Group email address field. -
Click Next.
-
Click Create group.
-
Click Close.
-
Select Account manager > Sign out.
-
Close Browser.
7.6. Add Group Member
-
Note: To add external email to the group, you need to add external email in Contacts first.
-
Select Teams & Groups > Active teams & groups.
-
For Email Group: Select Security groups.
-
For Teams Group: Select Teams & Microsoft 365 group.
-
Select <Group name>.
-
For Teams Group: Select Membership.
-
Select Members.
-
For Email Group: Click View all and manage members.
-
Click Add members.
-
Select <User email>.
-
Click Add.
-
Click Close.
7.7. Group Creation
7.7.1. Disable Group Creation by Users
-
Install Azure Active Directory V2 Preview module.
-
Enter the following commands at a PowerShell Command Prompt.
# Connect to AAD $AzureAdCred = Get-Credential Connect-AzureAD -Credential $AzureAdCred # Get reference to your AAD Group $GroupName = "Teams Group Creators" Get-AzureADGroup -SearchString $GroupName # Disable Group Creation (on which a Team rely) $Template = Get-AzureADDirectorySettingTemplate | where {$_.DisplayName -eq 'Group.Unified'} $Setting = $Template.CreateDirectorySetting() New-AzureADDirectorySetting -DirectorySetting $Setting $Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id $Setting["EnableGroupCreation"] = $False # Enable your AAD Group to group Creation $Setting["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $GroupName).objectid Set-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id -DirectorySetting $Setting
7.8. Shared Mailboxes
7.8.1. Create Shared Mailboxes
-
Select Teams & groups > Shared mailboxes.
-
Click Add a shared mailbox.
-
Type
Namein Name field. -
Type
<Email>in Email field. -
Click Save changes.
-
Click Close.
-
Select <shared mailbox>.
-
Click Edit on Members row.
-
Click Add members.
-
Select Users.
-
Click Save.
-
Click Close
-
Click Close
-
Click Close
-
Select Account manager > Sign out.
-
Close Browser.
7.8.2. Add Members
-
Select Teams & groups > Shared mailboxes.
-
Select Shared mailbox.
-
Click Edit under Members section.
-
Click Add members.
-
Type Users name in Search for a member box.
-
Select Users.
-
Click Add
-
Click Close
-
Select Account manager > Sign out.
-
Close Browser.
7.9. MORU
7.9.1. Distribution Group
7.9.1.1. Add Member
-
Browse to https://outlook.office365.com.
-
Type the email address in the Email field.
-
Click Next.
-
Type the password in the Password field.
-
Click Sign in.
-
Optional: Click No.
-
Click Seetings the gear icon at top-right corner.
-
Click View all Outlook settings.
-
Select General > Distribution groups.
-
Select the group you need to add member under Distribution groups I own.
-
Click Edit.
-
Select membership.
-
Click Add.
-
Select All Users.
-
Select the user/users and click Add as a recipient.
-
Click Save.
-
Click Save.
-
Close Destribution groups Settings.
-
Sign out from Outlook web page.
-
Close Browser.
8. Users
8.1. Logon
-
Browse to https://admin.microsoft.com.
-
System Admin: Log in as Microsoft 365 - BHF IT Admin with the bhf@tbhf.onmicrosoft.com email account.
-
IT Helpdesk: Log in as Microsoft 365 - BHF IT Helpdesk with the bhf-it@bhf-th.org email account.
8.2. Add User
-
Note: Need to update the email group documentation and block the legacy authentication?
-
Note: Provide user the User accounts.pdf document. File location is T:\IT\Helpdesk\General.
-
Select Users > Active users.
-
Click Add a user.
First name Last name <First name> <Last name> Display name <First name> <Last name> Username <First name>@bhf-th.org <First name>@shoklo-unit.com
-
bhf@tbhf.onmicrosoft.com: Choose Let me create the password.
-
bhf-it@bhf-th.org: Uncheck Automatically create a password.
-
Type
password4SHOKLO!in the Password field. -
Check Require this user to change their password when they first sign in.
-
Uncheck Send password in email upon completion.
-
Click Next.
-
Select Select location | Thailand.
-
Choose Assign user a product license.
-
For email: Check Microsoft 365 Business Basic.
Select Location Thailand ● Assign user a product license ■ Microsoft 365 Busines Basic ## of 299 licenses available □ Microsoft 365 Busines Premium 3 of 10 licenses available □ Microsoft Power Automate free 10000 of 10000 licenses available □ Nonprofit Portal 17 of 25 licenses available □ Power BI (free) 24 of 25 licenses available ○ Create user without product license (not recommended) Show apps for: All licenses □ Nonprofit Portal -
Click Next.
-
Click Next.
-
Click Finish adding.
-
Click Close.
-
Click Multi-factor authentication.
-
Click Search icon type user email account and press Enter.
-
Check User name.
-
Click Enable.
-
Click enable multi-factor auth.
-
Click close.
-
Close multi-factor authentication tab.
-
Select Account manager > Sign out.
-
Close Browser.
8.2.1. Procurement User
-
Select Users > Active users.
-
Click Add a user.
First name Last name Procurement BHF Display name Procurement BHF Username procurement@bhf-th.org
-
bhf-it@bhf-th.org: Uncheck Automatically create a password.
-
Type
password4SHOKLO!in the Password field. -
Check Require this user to change their password when they first sign in.
-
Uncheck Send password in email upon completion.
-
Click Next.
-
Select Select location | Thailand.
-
Choose Assign user a product license.
-
Check Nonprofit Portal.
-
Click Next.
-
Expand Roles (User: no administration access).
-
Choose Admin center access.
-
Check Billing Administrator.
-
Click Next.
-
Click Finish adding.
-
Click Close.
-
Select Account manager > Sign out.
-
Close Browser.
8.3. Remove User
-
Note: Make sure to disable any license assigned to the email account before deleting it.
-
Log on to Microsoft 365 Admin Center and select Users > Active Users to delete an email account.
-
Select the email account to delete.
-
Select Licenses and apps.
-
Uncheck Microsoft 365 Business Basic.
-
Click Save changes.
-
Select Delete user.
-
Click Delete user to confirm.
-
Click Close.
8.3.1. Reclaim O365 Licenses from Deleted Users
-
Log on to Microsoft 365 admin center with the BHF IT Admin (bhf@tbhf.onmicrosoft.com) account.
-
Select Billing > Your products.
-
Select Microsoft 365 Business Basic (Nonprofit Staff Pricing).
-
Click Buy licenses.
-
Increase New total licenses to 300.
-
Click Save.
-
Select History | Show history list.
8.4. Restore User
-
Note: Users can be restored using either Microsoft 365 admin center or Microsoft Entra admin center (Identity).
-
Note: When using Microsoft 365 admin center a new password is required.
-
Note: When using Microsoft Entra admin center (Identity) the existing password is restored.
-
Restore user with password reset:
-
Log on to Microsoft 365 Admin Center.
-
Select Users > Deleted users.
-
Select the email account to restore.
-
Click Restore user.
-
Choose Let me create the password.
-
Type
password4SHOKLO!in the Password field. -
Check Make this user change their password when they first sign in.
-
Click Restore.
-
-
Restore user with no password reset:
-
Log on to Microsoft 365 Admin Center.
-
Select Show all.
-
Select Identity.
-
Select Users > Deleted users.
-
Select the email account to restore.
-
Select Restore users.
-
Click OK to confirm.
-
-
Reassign license.
-
Log on to Microsoft 365 Admin Center.
-
Select Users > Active users.
-
Select the email account.
-
Select Licenses and apps.
-
Check Microsoft 365 Business Basic.
-
Click Save changes.
-
Click Close.
-
8.5. Reset User Password
-
Select Users > Active users.
-
Select User Name.
-
Click Reset password.
-
Type
password4SHOKLO!in the Password field. -
Check Require this user to change their password when they first sign in.
-
Click Reset password.
-
Click Close.
8.6. Add Contact User
-
Note: Must add a contact user before it can be added as a member to a group.
-
Select Users > Contacts.
-
Click Add a contact.
First name <First name> Last name <Last name> Display name <First name> <Last name> Display name <First name> <Last name> (MORU) Email <First name>@<Domain name> Company <Company name> Office phone Mobile phone Title <Job title> □ Hide from my organization address list
-
Click Add.
-
Click Close.
-
Select Account manager > Sign out.
-
Close Browser.
8.7. Add Guest User
-
Note: Must add a guest user before it can be added as a member to a group.
-
Note: Must add the user contact before adding the guest user. Because we cannot add the user contact anymore if we add the guest user first.
-
Select Users > Guest users.
-
Click Add a guest user.
-
A new tab opens in Microsoft Azure.
-
Choose Invite user.
Name <First name> <Last name> Email address <First name>@<Domain name> First name <First name> Last name <Last name> Job title <Job title> Company name <Company name>
-
Click Invite.
8.8. MFA (Multi-Factor Authentication)
8.8.1. Enable MFA For Users
-
Note: To use multi devices for one account, you need Manual option and Policies option will not work.
8.8.1.1. Manual
-
Browse to https://admin.microsoft.com.
-
System Admin: Log in as Microsoft 365 - BHF IT Admin with the bhf@tbhf.onmicrosoft.com email account.
-
Select Users > Active users.
-
Click Multi-factor authentication.
-
Select <user>@bhf-th.org.
-
Click Enable.
-
Click enable multi-factor auth.
-
Click Close.
-
Select Account manager > Sign out.
-
Close Browser.
8.8.2. Setup
-
Browse to https://www.office.com.
-
Click Sign in.
<User>@bhf-th.org
-
Click Next.
********
-
Click Sign in.
-
Click Next.
-
Different method: Click I want to use a different authenticator app.
-
Click Next.
-
Click Can’t scan image?.
-
Copy the Secret key and save it in the KeePass Password Manager.
-
Click Next.
-
Paste the TOTP code in the Enter code field.
-
Click Next.
-
Click I want to set up a different method.
-
Select Email for the method.
-
Click Confirm.
-
Type
smru-it@shoklo-unit.comin the Email field. (Note: this is for bhf@tbhf.onmicrosoft.com and bhf-it@bhf-th.org accounts). -
Type the code from smru-it@shoklo-unit.com inbox in the Enter code field.
-
Click Next.
-
Click Done.
-
-
Optional: Select Mobile app.
-
Choose Receive notifications for verification.
Additional security verification Setp 1: How should we contact you? Mobile app How do you want to use the mobile app? ● Receive notifications for verification ○ Use verification code
-
Click Set up.
8.8.3. Revoke MFA
-
Log on to Microsoft 365 admin center.
-
Select Show all.
-
Select Identity.
-
Select Users > All users.
-
Select the email account to revoke.
-
Select Authentication methods.
-
User change phone number:
-
Update phone number then click Save.
-
-
User change mobile phone:
-
Click Revoke multifactor authentication sessions.
-
Click Require re-register multifactor authentication.
-
8.8.4. Smart Phone
-
Smart phone: Start Microsoft Authenticator.
-
Choose OK.
-
Optional: Choose SKIP.
-
Optional: Choose SKIP.
-
Optional: Choose SKIP.
-
Choose ADD ACCOUNT.
-
Choose Work or school account.
-
Optional: Choose Scan QR CODE.
-
Scan the QR CODE.
-
-
Click Next.
-
Click Next.
-
Smart phone: Choose APPROVE.
-
Enter your phone number.
-
Click Next.
-
Click Done.
-
Note: Everytime you login the notification will popup on your smartphone for the approve.
8.8.5. Authentication Phone
-
Select Authentication phone.
-
Select Thailand (+66) on your contry or region and fill in your phone number.
-
Click Next.
-
Todo:.
8.9. Assign License
-
Select Users > Active users.
-
Select <User name>.
-
Select Licenses and Apps.
-
Check Licenses | Microsoft 365 Business.
-
Click Save changes.
-
Select Account manager > Sign out.
-
Close Browser.
8.10. Convert Mailbox To Shared Mailbox
8.11. Automatic Replies
-
Note: When setting up automatic replies a Microsoft 365 Business Basic license is needed. Also, users will only receive an Automatic: reply: <Subject> the first time.
-
Select Users > Active users.
-
Select <User>.
-
Select the Mail tab.
-
Click Automatic replies | Manage automatic replies.
-
???
8.12. Email Forwarding
-
Note: When setting up email forwarding either with or without keeping a copy of the forwarded email, no Microsoft 365 Business Basic license is needed. However, when not having the license, it is not possible to view or modify the mail settings, including the email forwarding settings.
-
Select Users > Active users.
-
Select <User>.
-
Select the Mail tab.
-
Click Email forwarding | Manage email forwarding.
-
Check Forward all emails sent to this mailbox.
-
Type
<email address>in the Forwarding email address field. -
Optional: Check Keep a copy of forwarded email in this mailbox.
-
Optional: Uncheck Keep a copy of forwarded email in this mailbox.
-
Click Save changes.
-
Select Account manager > Sign out.
-
Close Browser.
9. Volume Licensing Service Center (VLSC)
-
Browse to https://admin.microsoft.com.
-
Login with bhf@bhf-th.org email account that stored in KeePass Password Manager > SMRU > Special Email Accounts.
-
Select Billing > Your products > Volume licensing.
-
Select Volume licensing.
-
Click View downloads and keys.
-
Select Office LTSC Professional Plus 2021.
-
Select Keys tab.