Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Microsoft Education Solution Guide is a set of guidelines to give education customers and organizations a proficient way of deploying Microsoft services within an Education organization. The Microsoft Education Solution Guide is broken into three stages:
- Deployment Guides (EDU Prescriptive Content)
- Discovery/Assessments (AI)
- Drift Management (Change Management)
There are three phases used to fully deploy Microsoft 365 for Education:.
- Baseline phase covers A1 license features and functionality.
- Standard covers A3 license features.
- Advanced completes the Microsoft Education Solution with A5 license functionality.
Prerequisites
- Qualified Education Organization
Microsoft 365 Education Service Descriptions
Microsoft 365 Service Description
Stages
The Microsoft Education Solution Guide for Education is broken into three stages:
- Deployment Guidelines (Learn.microsoft.com)
- Based on each phase (Baseline, Standard, Advanced)
- Broken down in each phase by sections:
- Setup (Tenant Configuration)
- Identity
- Applications (Teams, OneDrive, SharePoint, Exchange Online)
- Security and Compliance
- Devices
- Discovery/Assessments (AI) (Evaluate tenant settings, based on API calls to user requirements)
- Drift Management (Change Management, Monitoring, Reporting) using XTA - Cross Tenant Administration tools.
Phases
There are three phases of the Microsoft Education Solution Guideon; Baseline (A1), Standard (A3), and Advanced (A5). Each phase includes the sections that deliver recommendations for an established education organization tenant configuration. Organizations can follow the recommended guidelines or choose to follow their own path or custom requirements.
| Phase | Description |
|---|---|
|
Baseline introduces features and functionality around the Microsoft 365 A1 license. The Baseline configuration defines the recommended settings for organizations. |
|
Standard follows the Microsoft 365 A3 education license, including Baseline settings along with the introduction of A3 standard features, products, and services. |
|
Advanced follows the Microsoft 365 A5 license, including everything in Baseline and Standard phases. Advanced A5 license phase delivers extended security and compliance services. |
Sections
The five sections of each phase cover tenant setup, identity, applications, security and compliance, and device management.
| Area | Description | Link to steps | |
|---|---|---|---|
|
Tenant Setup | Tenant setup configures the base tenant. Covering sign-up, tenant creation, network, security, global administrators, services; OneDrive, Sharepoint, Exchange Online, and Microsoft Teams. | Baseline Standard |
|
Identity | Identity defines the architecture, including on-premises sync considerations, AD FS, Student Information Systems (SIS), and School Data Sync (SDS). | Baseline Standard Advanced |
|
Applications | Applications like OneDrive, SharePoint, Exchange Online, Intune for Education, and Microsoft Teams are configured for education organizations. | Baseline Standard Advanced |
|
Security and Compliance | Defining and closing security considerations in the tenant are the number one priority. Security configuration is defined by A1, A3, or A5 license enrollment. | Baseline Standard Advanced |
|
Devices | Onboarding devices via Intune for Education for mobile device management (MDM) and mobile application management (MAM). Managed devices and unmanaged devices are included in this configuration. | Baseline Standard |
The Microsoft Education Solution Guide delivery sequence
The sequence that you'll follow is Baseline -> Standard -> Advanced phases, depending on your tenant license configuration.
Each phase includes the appropriate or required sections; Tenant Setup, Identity, Applications, Security and Compliance, and Devices.
Baseline - A1
|
|
|
|---|---|---|
| Setup |
|
Establish setup and configuration for tenant. |
| Identity |
|
Establish identity architecture and configure user provisioning options. |
| Applications |
|
Setup Microsoft Teams, OneDrive, SharePoint, and Exchange Online. |
| Security |
|
Establish Baseline security settings and configurations. |
| Devices |
|
Establish device strategy and deployment path. |
Standard - A3
|
|
|
|---|---|---|
| Setup |
|
Use premium editor and setup Always On VPN access |
| Identity |
|
Entra ID P1 establishment, access controls, password configuration, app management, security, and entitlement management |
| Applications |
|
Viva Insights, Learning, SharePoint Plan 2, Power Apps, Dataverse in Teams, and Microsoft Exchange Plan 1 -2 |
| Security |
|
Purview, Defender, cloud access controls, eDiscovery, Audit, identity access, information protection, and threat protection |
| Devices |
|
Enable Take a Test App, Set up School PC, Universal Print, Virtual Desktop Access, and Intune remote help |
Advanced - A5
|
|
|
|---|---|---|
| Identity |
|
Microsoft Entra ID Plan 2, Microsoft Entra ID Protections, Insider Risk, ID Protections, and ID Governance |
| Applications |
|
Power BI Pro, Teams Meeting, Calling, Chat. |
| Security |
|
Full security enablement around Purview and Defender. |