The purpose of this KB is to explain the general setup and configuration for ImaginAb’s M365 Subscription. We will step through the main columns in the admin portal and explain what is set up and configured.

All active users are cloud-only accounts. There is no local active directory sync.

The admin account to access the M365 subscription is centrexit@imaginab.com. Credentials can be found in pwstate.

As of this writing, there are 35 devices managed by M365. There are no autopilot devices or autopilot profiles. The Intune configuration will be covered in greater detail in later sections.

There are 23 active M365 groups/teams.

Security Groups - DUO Users - members of this group are bound to the DUO policy.

Nothing out of the ordinary here.

Nothing in here.

Most active users are on M365 E3. There are about 10 Exchange Online E1 (email only) plans. There are also M365 Audio Conferencing, and Microsoft Defender for O365 P1 plans in the subscription. See Screenshot:

Licenses are on month to month renewal, and purchase channel is through reseller (as of this writing it is Synnex, but once onboarding is complete it will be through Pax8).

All active users will get this license to access M365 office suite, email, sharepoint, onedrive, etc.

These licenses are used for mailbox-only accounts.

This license is used to access the M365 Office Apps. No email, endpoint manager, etc. Just apps. Currently, these licenses are used for the laboratory equipment.

This license is used to provide audio conferencing features in Teams meetings. Audio Conferencing in Microsoft 365 and Office 365 enables users to call in to meetings from their phones. Audio Conferencing allows up to 1000 phone attendees.

This license is used to provide advanced security features on top of E3 license features - Protects email and collaboration from zero-day malware, phish, and business email compromise.

This license is used to provide web-based access to office365 apps to these users:

This license is a Windows OS license - more info to come. Looks like they have a M365 Cloud PC for the following users:

This license provide access to Microsoft Project.

Primary domain is imaginab.com

M365 back-end domain is imaginab.onmicrosoft.com

DNS Records:

There is no third-party Email Gateway.

365 days before passwords expire.

This is the current partner relationship as of onboarding 7/19/2022. Pax8 needs to be added as a reseller, and centrexIT as an indirect reseller/advisor. NR and Synnex365 needs to be removed. DFC and ingram micro possibly removed as well.

Only Windows Devices. There are no Android, iOS, or macOS devices.

No compliance policies.

Automatic Lock Screen for Inactive Device. This profile configures devices to lock after 15 minutes of inactivity. It is applied to all devices.

Require Duo MFA - Policy is applied to the DUO Users security group, and requires DUO MFA on all Office365 apps.