microsoft-365 guide hero image

Help Guide for Microsoft 365 for Small Businesses - A Practical Setup Guide

9 min read

A practical guide to setting up Microsoft 365 for your small business. Covers email, Teams, SharePoint, OneDrive, and the settings that matter from day one.

Written by CTC Editorial Editorial Team

Why Microsoft 365?

Microsoft 365 (formerly Office 365) bundles email, file storage, collaboration tools, and the familiar Office apps into one subscription. For small businesses, it offers:

- **Professional email** at your domain (not Gmail or Hotmail)

- **Cloud storage** that syncs across devices

- **Collaboration tools** that actually work together

- **Security features** built for business

- **Always up-to-date** Office applications

The catch: Microsoft 365 has grown into a sprawling ecosystem with dozens of apps and thousands of settings. This guide focuses on what matters for small businesses.

Choosing the Right Plan

Microsoft offers multiple plans. For most small businesses:

Microsoft 365 Business Basic - £4.90/user/month

**Includes**:

- Web and mobile versions of Office apps

- Business email with 50GB mailbox

- 1TB OneDrive storage per user

- Teams for meetings and chat

- SharePoint for file sharing

**Best for**: Teams who work primarily in browsers, need email and storage, don't need desktop Office apps.

Microsoft 365 Business Standard - £10.30/user/month

**Includes everything in Basic, plus**:

- Full desktop Office apps (Word, Excel, PowerPoint, Outlook)

- Publisher and Access (Windows only)

**Best for**: Most small businesses. The sweet spot.

Microsoft 365 Business Premium - £18.70/user/month

**Includes everything in Standard, plus**:

- Advanced security (Defender for Office 365)

- Device management (Intune)

- Information protection

- Azure AD Premium features

**Best for**: Businesses handling sensitive data, regulated industries, or wanting serious security.

Comparison Table

| Feature | Basic (£4.90) | Standard (£10.30) | Premium (£18.70) |

|---------|---------------|-------------------|------------------|

| Web/mobile Office apps | ✓ | ✓ | ✓ |

| Desktop Office apps | ✗ | ✓ | ✓ |

| Business email | ✓ | ✓ | ✓ |

| 1TB OneDrive | ✓ | ✓ | ✓ |

| Teams | ✓ | ✓ | ✓ |

| SharePoint | ✓ | ✓ | ✓ |

| Advanced security | ✗ | ✗ | ✓ |

| Device management | ✗ | ✗ | ✓ |

**Our recommendation**: Start with Business Standard. It covers 90% of needs. Upgrade to Premium later if you need the security features.

Setting Up: The Right Order

Do these in order to avoid headaches:

Step 1: Buy and Verify Your Domain

Your email will be yourname@yourcompany.co.uk, so you need a domain you control.

**If you don't have a domain**: Buy one through Microsoft during signup (convenient but slightly more expensive) or through a registrar like 123 Reg, GoDaddy, or Namecheap.

**If you have a domain**: You'll need to add DNS records to prove ownership. Microsoft provides step-by-step instructions for most registrars.

Step 2: Create Your Admin Account

During setup, you'll create the first admin account. This is powerful—don't use it for daily work:

1. Create admin@yourcompany.co.uk as your primary admin

2. Give it a strong, unique password

3. Enable MFA immediately

4. Store credentials securely

5. Create a separate personal account for your daily use

Step 3: Configure Email (Exchange Online)

Email is usually the first priority:

**Add DNS records**:

- MX record (directs email to Microsoft)

- Autodiscover CNAME (helps email apps configure automatically)

- SPF record (proves emails really came from you)

- DKIM (cryptographically signs your emails)

- DMARC (tells receivers what to do with failed authentication)

Microsoft's setup wizard guides you through these. Don't skip DKIM and DMARC—they significantly reduce the chance of your emails going to spam.

**Create mailboxes**:

- Add users through the admin centre

- Each licensed user gets a mailbox automatically

- Consider shared mailboxes for info@, sales@, support@ (free, don't need licenses)

**Configure settings**:

- Set your default domain

- Configure email retention policies

- Set up spam and malware filters (defaults are usually fine)

Step 4: Set Up OneDrive

OneDrive gives each user 1TB of cloud storage that syncs to their devices.

**Admin setup**:

- Choose sync settings (allow sync to unmanaged devices?)

- Set sharing defaults (internal only by default is safest)

- Configure retention for deleted files (default 30 days is usually fine)

**User setup**:

- Install OneDrive app on computers

- Sign in with work account

- Choose which folders to sync

- Move important files to OneDrive folder

**Best practices**:

- Enable "Files On-Demand" (saves local disk space)

- Don't sync entire company SharePoint sites to every device

- Set up automatic folder backup for Desktop and Documents

Step 5: Set Up SharePoint

SharePoint is for shared team files (OneDrive is for personal files).

**Create team sites** for:

- Company-wide resources (policies, templates, brand assets)

- Each department or team

- Specific projects with defined membership

**Site structure example**:

```

📁 Company Intranet (all staff)

├── Policies

├── Templates

├── Brand Assets

└── Company News

📁 Sales Team Site

├── Proposals

├── Contracts

└── Client Resources

📁 Finance Team Site

├── Reports

├── Budgets

└── Procedures

📁 Project: Website Redesign

├── Designs

├── Content

└── Documentation

```

**Permissions**:

- Site owners can manage membership

- Members can edit content

- Visitors can only view

- Don't give everyone owner access

Step 6: Set Up Teams

Microsoft Teams is the hub for communication and collaboration.

**Create teams** that mirror your organisation:

- Company-wide team (announcements, general chat)

- Department teams

- Project teams (temporary)

**Configure channels** within teams:

- General (default, required)

- Specific topics (e.g., "Sales Leads", "Support Tickets")

- Private channels for sensitive discussions

**Key settings to configure**:

- Guest access (allow external users? Usually yes, with controls)

- Meeting settings (who can present, recording, lobby)

- App permissions (which third-party apps can be installed)

**Best practices**:

- Don't create too many teams (consolidate where possible)

- Use channels within teams rather than creating new teams

- Set clear naming conventions

- Archive inactive teams rather than deleting

Security Settings to Enable Immediately

1. Multi-Factor Authentication

The single most important security setting. Enable for all users:

1. Go to **Azure Active Directory** → **Properties** → **Manage Security Defaults**

2. Enable Security Defaults (enforces MFA for everyone)

Or for more control, use Conditional Access policies (requires Premium).

2. Admin Account Protection

- Limit who has admin access (2-3 people maximum)

- Use dedicated admin accounts (not daily work accounts)

- Enable MFA on all admin accounts without exception

- Review admin access quarterly

3. External Sharing Controls

**OneDrive/SharePoint**:

1. Go to **SharePoint admin centre** → **Policies** → **Sharing**

2. Set to "Existing guests" or "Only people in your organisation" by default

3. Allow broader sharing only when explicitly needed

**Teams**:

1. Go to **Teams admin centre** → **Org-wide settings** → **Guest access**

2. Enable guest access but configure sensibly

3. Require guests to be authenticated

4. Email Security

- **Anti-phishing**: Enabled by default, review settings in Security & Compliance

- **Safe Attachments**: Opens attachments in sandbox (Premium only)

- **Safe Links**: Rewrites links to check safety at click time (Premium only)

- **SPF/DKIM/DMARC**: Configure in DNS (reduces spoofing)

5. Mobile Device Settings

If staff access email on personal phones:

1. Consider requiring MDM enrollment (Business Premium)

2. Or at minimum, require device PIN/password

3. Enable remote wipe capability

4. Set up conditional access based on device compliance

Common Setup Mistakes

Mistake 1: No Admin Account Strategy

Using your personal account as admin means:

- If you leave, account takeover is complicated

- Admin activity mixes with personal

- Higher risk if account is compromised

**Fix**: Dedicated admin accounts, separate from daily use.

Mistake 2: Skipping MFA

"We'll set it up later" becomes "never." Enable from day one.

Mistake 3: Everyone in One Team

Putting all staff in one giant team means:

- Notifications for everything

- No organisation

- People mute it and miss important messages

**Fix**: Structured teams with clear purposes.

Mistake 4: Ignoring Guest Access Settings

Default settings may allow too much external sharing. Review before adding external collaborators.

Mistake 5: No Backup Strategy

Microsoft 365 isn't a backup solution. Data can still be:

- Deleted by users (permanently after retention period)

- Lost through ransomware (syncs to cloud)

- Unavailable during Microsoft outages

**Fix**: Consider a dedicated Microsoft 365 backup service (Veeam, Backupify, etc.)

Mistake 6: Not Training Users

Microsoft 365 only helps if people use it properly. Invest time in:

- Basic orientation (where things are, how to log in)

- File storage guidelines (OneDrive vs SharePoint vs Teams)

- Teams etiquette (when to chat vs email vs call)

- Security awareness (phishing, sharing, passwords)

Day-to-Day Administration

User Management

**Adding a user**:

1. Admin centre → Users → Active users → Add a user

2. Assign license

3. Set initial password

4. User receives email with login instructions

**Removing a user** (offboarding):

1. Reset password immediately

2. Block sign-in

3. Convert mailbox to shared (if needed for continuity)

4. Transfer OneDrive files to manager

5. Remove from all groups and teams

6. After holding period, delete user (retains data 30 days)

Monitoring and Reports

**Useful reports** in the admin centre:

- Microsoft 365 usage reports (who's using what)

- Email activity (sending/receiving volumes)

- OneDrive usage (storage consumption)

- Teams activity (calls, meetings, messages)

**Security reports** (Security & Compliance centre):

- Threat detection

- Sign-in activity

- Compromised users

- Mail flow rules and quarantine

Support Resources

- **Microsoft 365 Admin Centre**: Built-in help and documentation

- **Microsoft Learn**: [learn.microsoft.com](https://learn.microsoft.com) - Free training

- **Microsoft 365 Community**: [techcommunity.microsoft.com](https://techcommunity.microsoft.com/t5/microsoft-365/ct-p/microsoft365)

- **UK-Specific Guidance**: [NCSC Cloud Security Guidance](https://www.ncsc.gov.uk/collection/cloud-security)

Migration Considerations

If moving from another system:

From Gmail/Google Workspace

Use Microsoft's migration tools:

1. Admin centre → Setup → Data migration

2. Choose Gmail migration

3. Provide admin credentials for Google

4. Select users to migrate

5. Schedule migration

Email, contacts, and calendar migrate well. Drive files need manual transfer or third-party tools.

From On-Premises Exchange

More complex—may need professional help:

- Hybrid migration (coexistence for a period)

- Cutover migration (small organisations, all at once)

- Staged migration (larger, phased approach)

From Other Providers

- IMAP migration for most email systems

- PST import for local archives

- Third-party tools for complex scenarios

Your Microsoft 365 Setup Checklist

**Initial Setup**

- [ ] Purchased appropriate plan (Standard recommended)

- [ ] Verified domain ownership

- [ ] Created dedicated admin account with MFA

- [ ] Configured DNS records (MX, SPF, DKIM, DMARC)

**Email**

- [ ] Created user accounts and mailboxes

- [ ] Set up shared mailboxes (info@, support@, etc.)

- [ ] Configured email signatures

- [ ] Reviewed spam and security settings

**Storage and Collaboration**

- [ ] Set OneDrive sharing defaults

- [ ] Created SharePoint team sites

- [ ] Configured Teams with appropriate structure

- [ ] Reviewed external sharing settings

**Security**

- [ ] Enabled MFA for all users

- [ ] Limited admin access

- [ ] Configured conditional access (if Premium)

- [ ] Reviewed mobile device policies

**User Readiness**

- [ ] Created setup guides for staff

- [ ] Provided basic training

- [ ] Established file storage guidelines

- [ ] Defined Teams/email usage conventions

**Ongoing**

- [ ] Backup solution in place

- [ ] Offboarding process documented

- [ ] Admin access reviewed quarterly

- [ ] Security reports reviewed monthly

Getting Started This Week

**Day 1**: Sign up and verify domain

**Day 2**: Configure email DNS and create admin account properly

**Day 3**: Create user accounts and test email

**Day 4**: Set up SharePoint sites and OneDrive policies

**Day 5**: Configure Teams and enable MFA

**Week 2**: Migrate data, train users, refine settings

Microsoft 365 is powerful but complex. Getting the foundation right saves countless hours of fixing issues later. Take your time with setup, and don't skip the security steps.

Frequently Asked Questions

Can I mix license types within my organisation?

Yes. You might give most staff Business Basic (£4.90) and only those who need desktop apps Business Standard (£10.30). The admin console handles mixed licensing fine. Just be consistent about who gets what.

What happens if I stop paying?

Your subscription enters a 30-day grace period, then a 90-day disabled period during which admins can still access data. After that, Microsoft deletes your data. Download/export everything before the subscription lapses if you're not renewing.

Can I use my own email domain with Business Basic?

Yes—all plans include custom domain email. The domain verification and DNS setup process is the same regardless of plan level.

What's the difference between OneDrive and SharePoint?

OneDrive is personal storage (your files, synced to your devices). SharePoint is team storage (shared with specific groups). Use OneDrive for work-in-progress and personal documents; SharePoint for anything the team needs to access.

Do I really need Business Premium for security?

Business Standard with Security Defaults is solid for most small businesses. Premium adds advanced threat protection, device management, and compliance tools. Consider Premium if you handle sensitive data (medical, legal, financial) or have compliance requirements.

About the Author

CTC Editorial

Editorial Team

The Compare the Cloud editorial team brings you expert analysis and insights on cloud computing, digital transformation, and emerging technologies.

Back to All Articles