When it comes to planning an Office 365 migration, there is one gotcha that can be a surprise that is only found when signing up for a new Tenant. Surprise! Your domain name is not available because it has been registered in another tenant! Say what? While it is difficult to prevent this from happening (for reasons I will describe later in this post), there is some upfront planning you can be prepared to take if you encounter this during your tenant registration process.
This is more likely to occur with Education customers than Commercial/Enterprise/Business customers. More often than not, Education customers will find that their domain name is already associated with an existing Office 365 tenant that they did not create. However, this same problem can occur with Corporate customers because Power BI allows for automatic tenant creation when the first user signs up (if there was no previous tenant created with the primary email address of the user).
In this blog post, we will focus mainly on Education customers, because it happens much more often. How does this happen? It’s by design. A self-provisioned tenant gets created whenever a student or faculty member signs up for Office “Online” using their .EDU email address at this website here:
The first account to do this will actually establish an Office 365 tenant for that organization. This is a huge help to larger organizations with small IT staff, as it enables students and staff to have self-service access to valuable and free services from Microsoft.
Side note 1:Some schools have purchased Campus agreements with Microsoft, allowing teachers and students to install the full Office applications on up to 5 PCs or Macs (not just browser-based Office Online) . If your school provides this additional benefit, you’ll see the Install Office button on your Office 365 home page after you complete sign-up.
Side note 2: Microsoft has provided a promotion kit to help schools get the word out about the tremendous value of these services. This can help boost the schools image when trying to compete for incoming students $$$.
The tradeoff for free and easy is that the tenant name that gets created may not be the most ideal for long term use, for example: if a student name Jack using the email address of Jack@contoso.edu is the first to sign up for the free Office Professional Plus offer, and the tenant that gets created behind the scenes could be contoso2.onmicrosoft.com. To learn more about self-provisioning see this article (here).
Here are the licenses that the student will be assigned if self-provisioned:
To disable automatic tenant join for new users: Set-MsolCompanySettings -AllowEmailVerifiedUsers $false
To enable automatic tenant join for new users: Set-MsolCompanySettings -AllowEmailVerifiedUsers $true
This applies to all Office 365 Education customers (Universities, Colleges, School Districts, etc) – simply, any domain name ending in .EDU. This blocking prevents new users in your organization from signing up for Power BI.
To learn more about disabling self-provisioning click (here).
It is possible to perform re-claim administrative authority over a self-provisioned Office 365 tenant. Some reasons why you may want to do this include:
- Establish single-sign on with an on-premises Active Directory or 3rd party SSO service
- Enforce IT or Security policy settings, especially because the default settings in an Office 365 tenant may or may not reflect the current policy of the organization (sharing policies, encryption policies, software installation, just to name a few examples).
- Perform an on-premises migration of Email, SharePoint, or storage to Exchange Online, SharePoint Online or OneDrive for Business
- If the organization has a long term initiative around tenant consolidation, user initiated tenants based on email enabled sub-domains may not be desired.
- For multi-national organizations, user initiated tenants may be created in a data center that is not desired by the organization.
- Self-created tenants could be perceived as ‘shadow IT’ – where there is limited organizational visibility or even knowledge of what users have signed up for the services, and usage of those services.
There are many other reasons why it is advantageous to perform the administrative takeover of an Office 365 tenant, but those are the top three.
Before you begin the takeover process (described here) – you’ll first need to decide if you want to keep two separate Office 365 tenants, consolidate the accounts, or chose one versus another one. There are two good reasons for this:
1. Because your domain can only be associated with one Office 365 account.
2. The self-service tenant very likely has a number of faculty and students who may have data saved in OneDrive. Removing the domain name from the self-service tenant would cause data loss of anything stored in OneDrive, and will disrupt the users who were relying upon their cloud identity to register with Office 365. This is because passwords do not migrate over from the self-service tenant to the new tenant, and in many cases you would not want them to anyway, because you may want to use on-premises AD as the source of authority for authentication.
Need help with this takeover process, or guidance with your next Office 365 Project? We can help you deploy any or all of the 21 features Included in Office 365 for a flat rate per month. To learn more about our Cloud Advisory Service, click here, or contact us at Hello@PatriotConsultingTech.com.