+64 22648 5713

support@kaiparait.co.nz

Maungaturoto – Northland

Kaipara Technologies

Making IT Easy

Get Copper 1 Plan FREE

Microsoft 365 Tenancy Setup – Step by Step

How to Set Up a Microsoft 365 Tenancy

This guide explains the basic steps required to create and configure a Microsoft 365 business tenancy.

1. Choose the correct Microsoft 365 plan

For most small businesses, the common options are:

  • Microsoft 365 Business Basic
  • Microsoft 365 Business Standard
  • Microsoft 365 Business Premium

Business Premium is usually the best option where security, device management, Conditional Access, Defender for Office 365, and Intune are required.

Microsoft 365 Business Premium includes Defender for Office 365 Plan 1.

2. Create the Microsoft 365 tenant

Go to the Microsoft 365 signup page and purchase the selected business plan.

During setup, Microsoft creates a default tenant domain in this format:

yourbusiness.onmicrosoft.com

This domain remains attached to the tenant permanently. Your normal business domain can be added later.

3. Sign in to the Microsoft 365 admin center

Go to:

https://admin.microsoft.com

Sign in using the first admin account created during setup.

This account is normally the first Global Administrator for the tenant.

4. Add your business domain

In the Microsoft 365 admin center:

  1. Go to Settings
  2. Select Domains
  3. Select Add domain
  4. Enter your business domain, for example:
yourcompany.co.nz
  1. Follow the verification steps

Microsoft will ask you to add a TXT record to your DNS provider to prove ownership of the domain.

5. Verify the domain

Log in to your domain/DNS provider.

Add the TXT record provided by Microsoft.

Return to the Microsoft 365 admin center and select Verify.

Do not change MX records yet if email is still running somewhere else. Add users and mailboxes first to avoid email disruption. Microsoft recommends adding users before changing the MX record when moving email to Microsoft 365.

6. Add users

In the Microsoft 365 admin center:

  1. Go to Users
  2. Select Active users
  3. Select Add a user
  4. Enter the user’s name and username
  5. Choose the correct domain
  6. Assign the correct Microsoft 365 licence
  7. Save the user details

Users can also be bulk-added with a CSV file.

7. Assign licences

Each user needs a licence before they can use Microsoft 365 services.

To manage licences:

  1. Go to Billing
  2. Select Licences
  3. Select the relevant licence
  4. Assign it to the required users

Microsoft also allows licence services to be enabled or disabled per user.

8. Set the default domain

Once the domain is verified:

  1. Go to Settings
  2. Select Domains
  3. Select your business domain
  4. Choose Set as default

This makes new users use the business domain by default.

9. Configure DNS records

Microsoft 365 may require DNS records for:

  • Exchange Online email
  • Teams
  • SharePoint
  • OneDrive
  • Microsoft device and app services

Common DNS records include:

MX
TXT
CNAME
SRV

Microsoft provides the exact records inside the admin center. Use those values rather than copying generic examples.

10. Move email to Microsoft 365

Before changing the MX record:

  1. Confirm all users have been created
  2. Confirm licences are assigned
  3. Confirm mailboxes exist
  4. Confirm any shared mailboxes are created
  5. Confirm any mail migration work is complete or planned
  6. Confirm backups exist if moving from another provider

Once ready, update the domain’s MX record to point to Microsoft 365.

After the MX change, new email will begin routing to Microsoft 365.

11. Configure SPF, DKIM and DMARC

Email authentication should be configured for the domain.

At minimum, configure:

SPF
DKIM
DMARC

These records help reduce spoofing and improve mail trust. Microsoft recommends SPF, DKIM and DMARC for domains used with Microsoft 365.

12. Enable multi-factor authentication

Every admin account should use multi-factor authentication.

Recommended approach:

  1. Enable MFA for all administrators
  2. Enable MFA for all users
  3. Use Microsoft Authenticator where possible
  4. Avoid SMS-only MFA where possible
  5. Keep at least one emergency access account protected and documented

For Microsoft 365 Business Premium, Conditional Access can be used to enforce MFA more cleanly.

13. Review security defaults or Conditional Access

Newer tenants may have security defaults enabled.

Security defaults are suitable for simple environments.

For more control, Microsoft 365 Business Premium allows Conditional Access policies, such as:

  • Require MFA for admins
  • Require MFA for users
  • Block legacy authentication
  • Require compliant devices
  • Restrict risky sign-ins

Do not disable security defaults unless replacement Conditional Access policies are ready.

14. Configure email protection

In Microsoft Defender:

  1. Go to:
https://security.microsoft.com
  1. Review preset security policies
  2. Enable Standard or Strict protection where suitable
  3. Review anti-phishing, anti-spam and anti-malware settings

Microsoft generally recommends using Standard or Strict preset security policies rather than manually building every policy from scratch.

15. Create shared mailboxes if required

Common shared mailboxes include:

accounts@yourcompany.co.nz
admin@yourcompany.co.nz
sales@yourcompany.co.nz
support@yourcompany.co.nz

Shared mailboxes do not usually need a licence unless they exceed limits or require features such as archive, retention, or direct sign-in.

16. Create Microsoft 365 groups and Teams

Create groups based on how the business works.

Examples:

Management
Accounts
Sales
Operations
Projects

For Teams:

  1. Go to Microsoft Teams admin center
  2. Create required teams
  3. Add users
  4. Set owners
  5. Review guest access settings

17. Install Microsoft 365 apps

If the licence includes desktop apps, install them from:

https://www.microsoft365.com

Users should sign in using their business account.

18. Configure OneDrive and SharePoint

Set up:

  • OneDrive for user file storage
  • SharePoint for company document libraries
  • Teams-connected SharePoint sites
  • External sharing controls
  • Version history
  • Retention settings where required

Avoid using OneDrive as a full company file server replacement without planning permissions and structure first.

19. Set up device management

For Business Premium tenants, use Microsoft Intune.

Recommended baseline items:

  • Enrol Windows devices
  • Configure BitLocker
  • Configure Windows Update policies
  • Configure Microsoft Defender policies
  • Configure compliance policies
  • Configure device retirement and wipe processes

20. Review backups

Microsoft 365 includes platform resilience, but it is not the same as a full third-party backup.

Consider backup for:

  • Exchange Online mailboxes
  • OneDrive
  • SharePoint
  • Teams data

This is especially important for accidental deletion, ransomware, malicious deletion, and long-term retention.

21. Final checks

Before handing the tenant over to the business, confirm:

  • Domain verified
  • Users created
  • Licences assigned
  • Email routing tested
  • SPF configured
  • DKIM enabled
  • DMARC configured
  • Admin MFA enabled
  • User MFA enabled
  • Security policies reviewed
  • Shared mailboxes created
  • Backup configured
  • Admin accounts documented
  • Recovery details stored securely

Need help setting up Microsoft 365?

Kaipara IT can help set up, secure and manage Microsoft 365 for your business.

We can assist with:

  • New Microsoft 365 tenant setup
  • Email migration
  • Domain and DNS configuration
  • Security hardening
  • Multi-factor authentication
  • SharePoint and Teams setup
  • Device management
  • Backup and ongoing support

Contact Kaipara IT for assistance with your Microsoft 365 setup.

About

At Kaipara IT, we’ve built our reputation on one core mission – Making IT Easy. With over two decades of experience, we’ve been at the forefront of transforming businesses by revealing the untapped potential of their existing IT infrastructures. We believe in efficiency, and our track record proves how minor yet consistent tweaks in IT practices can lead to a significantly better work-life balance for business owners. Contact us on 08002NETWORK (0800 263 896) for more information.

Categories

Recent Post

Tags

Copyright © 2023 All rights reserved. | Rambha by Theme Canary

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by