Browse all topics
All guidesGlossary
Microsoft 365 essentials

Setting up Microsoft 365 from scratch

A step-by-step walkthrough for setting up a brand-new Microsoft 365 tenant — from sign-up to a secure, working baseline.

Setting up Microsoft 365 from scratch isn't hard, but the order matters. Do these steps in the right sequence and you'll end up with a clean, secure tenant. Skip a step and you'll likely have to redo it later — especially around identity and domains.

1. Sign up and create the tenant

Go to microsoft.com/microsoft-365 and buy or trial a plan. Microsoft creates a tenant with an initial yourcompany.onmicrosoft.com domain. That domain isn't going away — keep it as a fallback — but you'll add your real domain in the next step.

2. Add and verify your domain

In the Microsoft 365 admin center, add yourcompany.com, verify it by adding the TXT record Microsoft gives you, and update DNS:

  • MX record to Microsoft for inbound email.
  • SPF TXT record (v=spf1 include:spf.protection.outlook.com -all).
  • DKIM and DMARC as soon as practical.
  • Autodiscover and Lync/Skype CNAMEs for Outlook and Teams.

3. Plan identity

Decide cloud-only vs hybrid. Most small businesses should go cloud-only — there's no upside to running on-premises Active Directory if you don't already have one. If you do, install Entra Connect or Cloud Sync to sync users up to Entra ID.

4. Create users and assign licences

Create users in the admin center (or sync them from AD). Assign licences. Choose an admin scheme: a dedicated break-glass Global Admin account excluded from MFA and stored offline, then named admins with appropriate roles.

5. Turn on the security baseline

Before any user signs in:

  • Enforce MFA for every account.
  • Turn on Security defaults, or replace them with explicit Conditional Access policies.
  • Block legacy authentication.
  • Enable self-service password reset.

6. Migrate data

Use Microsoft's migration tools to move email (IMAP, Google, on-prem Exchange) and a tool like the SharePoint Migration Tool or Mover for files. Don't migrate, then secure — secure first.

7. Roll out clients

Push Microsoft 365 Apps, Teams, and OneDrive to workstations. Turn on Known Folder Move so Desktop, Documents, and Pictures back up to OneDrive automatically.

8. Document what you've built

Write down the admin accounts, the Conditional Access policies, the licence layout, and the backup strategy. Future-you will thank present-you.