Office Apps in a Gsuite company...

[thecomputerguy]

How do you typically handle this situation ... the clients email is all through Gsuite but they still need office apps. Currently they have 2 family plans and they share out the family plan to whoever needs their own office account.

It's a F'N MESS.

I'm very VERY weary migrating them away from Gsuite because the people at this company are extremely illiterate when it comes to using a computer. When I'm onsite we just talk in circles and accomplish nothing because no one understands what comes out of my mouth.

They want me to get them out of this Family sharing crap because somehow some people are able to see into the owners OneDrive... This is probably because prior to moving to Family plans they were all logging into their Office as the Owner and sharing a single license.

In a case like this do I just setup a tenant for them and use the .onmicrosoft.com domain as their licensing and purchase Office 365 Apps (Only) without a mailbox?

I feel like if I add the domain to the tenant there might be repercussions in mail delivery. That and the chances of them having the login info for their Domain is near zero.

 

[britechguy]

This is probably because prior to moving to Family plans they were all logging into their Office as the Owner and sharing a single license.

That's the only way this could happen, since you can install for a single seat on up to 5 devices (all of which are, of course, supposed to be strictly in the possession of the individual to whom that seat is licensed).

I have M365 Family and I can no sooner see what's in my partner's OneDrive space for his seat than he can into mine, except for content explicitly shared (which I've done as a non-sneaker net for things I want to hand off to him and vice versa via a shared folder).

If this is a business then what they're doing is also against licensing terms, though since you didn't set it up it can't be "your problem" since you had nothing to do with the situation coming into being.

Given what you describe, and my strong doubts they'd be willing to shell out for Business Premium, your best bet would be to set the individual users up with Business Standard (if they actually need the desktop apps) or Business Basic (if they can use the web apps) and set up teams appropriately in the tenant so that access to the SharePoint data is adequately controlled. And in some very small businesses the owner will say, "Everyone's got full access," is the level of control they want. Been there, done that, they're still happily chugging along.

 

[Markverhyden]

It depends on how they share it out. If they don't send an invite then they have to set it up with the owners creds. That's how the owners info leaks.

 

[callthatgirl]

Yes that's what I do all the time. Use the onmicrosoft for OneDrive, if they need Teams, then you have a bit more of a horror story.

 

[britechguy]

@Markverhyden

Remember, though, we're talking about M365 Family here, so it's highly unlikely that any invites could have been sent without the owner's knowledge unless there was already credential sharing to begin with. The Owner could terminate sharing, but that would only work if no one else has their current credentials.

 

[timeshifter]

It's a F'N MESS.

I'm very VERY weary migrating them away from Gsuite because the people at this company are extremely illiterate when it comes to using a computer.

Are they using the Gmail web interface to do their email or is it set up with Outlook?

 

[YeOldeStonecat]

As much as I don't want to have clients on Google Workplace....I do..and it works fine with 365.
Example, I have a non profit parent advocacy center client....they've been on Google for eons. Prior IT guy had them setup with an onmicrosoft 365 tenant with non profit E3 licenses...just for the "apps".

When I took the client over, I did 2x things to their 365 tenant. First...I added their FQDN to it...to get rid of the user@blahblah.onmicrosoft dot com so it became user@theirdomain dot org. Then...I changed their E3 licenses to the free 1-10 Biz Prem licenses, and make the rest the non profit priced additional Biz Prem licenses...saving the client money there.

Fully mailboxed licenses, but it works just fine for pushing out Office, OneDrive, Bitlocker, Teams...and my usual plethora of InTune config profiles.....and this client is a heavy Teams user.
They just do their email via browser...for now....via GMail.
We do have plans to migrate their email to 365 this winter. But for 2x years..they've run just fine being...split like that.
Adding their gmail to Outlook..well, Outlook often will auto configure so that could get confusing for them, so...they actually prefer Chrome based web mail for their Google email anyways....which is how Google mail should be used.

 

[thecomputerguy]

Are they using the Gmail web interface to do their email or is it set up with Outlook?

Yep .. all web based

 

[thecomputerguy]

As much as I don't want to have clients on Google Workplace....I do..and it works fine with 365.
Example, I have a non profit parent advocacy center client....they've been on Google for eons. Prior IT guy had them setup with an onmicrosoft 365 tenant with non profit E3 licenses...just for the "apps".

When I took the client over, I did 2x things to their 365 tenant. First...I added their FQDN to it...to get rid of the user@blahblah.onmicrosoft dot com so it became user@theirdomain dot org. Then...I changed their E3 licenses to the free 1-10 Biz Prem licenses, and make the rest the non profit priced additional Biz Prem licenses...saving the client money there.

Fully mailboxed licenses, but it works just fine for pushing out Office, OneDrive, Bitlocker, Teams...and my usual plethora of InTune config profiles.....and this client is a heavy Teams user.
They just do their email via browser...for now....via GMail.
We do have plans to migrate their email to 365 this winter. But for 2x years..they've run just fine being...split like that.
Adding their gmail to Outlook..well, Outlook often will auto configure so that could get confusing for them, so...they actually prefer Chrome based web mail for their Google email anyways....which is how Google mail should be used.

This doesn't cause issues where email ends being being delivered internally and never leaves the Microsoft ecosystem?

I have had issues in the past when doing migrations where some emails were still being delivered to the original mailbox because they were for example sent from a Google Apps email address to a Google Apps email address and they seemingly bypassed the MX record because Google detected the email as being sent from Google to Google and never hit the MX record so they got delivered to the mailbox that had been migrated to M365.

This issue was resolved after deleting the source mailbox at the old host.

Edit: See this post here that @YeOldeStonecat response fixed the bounce back issue

Post in thread 'Client moved from O365 to Gsuite and got a O365 bounce back?'

Mar 23, 2023

Heck of a downgrade...

Anyways, did you remove the domain from the 365 tenant? If not, Microsofts mails servers still think they own the domain, so the email went there..never left the 365 mail server ecosystem....didn't find a mailbox.
Remove domain from the tenant, just leaving the blahblah.onmicrosoft.com default domain.

This fixed it

• thecomputerguy

 

[YeOldeStonecat]

This doesn't cause issues where email ends being being delivered internally and never leaves the Microsoft ecosystem?

They're not using Outlook to send email, nor are they sending files internally via Office apps....they're just using Teams/Sharepoint for the file collab. Honestly I expected some turbulence with this early on..but..they're so comfy using Google mail via browser for many years before me...they do this fine.

Granted...can't wait to move them out of Google Workplace and into 365 for email...so much phish 'n other stuff makes it through Googles filters.

 

[Sky-Knight]

They have an M365 tenant, full of these: https://www.microsoft.com/en-us/mic...apps-for-business?activetab=pivot:overviewtab

M365 and GSuite both use the MX record to determine who has the mailboxes, and will send mail accordingly. You can have M365 Business Premium on the Microsoft side, with GSuite email boxes perfectly. Heck you can even federate authentication to one side or the other so users have a single login.