Apple has required all app developers to integrate the company’s Sign in with Apple system wherever other third-party sign-on systems exist. The deadline for integrating Apple’s new sign-in system is April 2020, so you may not see the option immediately, but eventually, all apps that allow you to sign in with Facebook, Gmail or Twitter will. Designed for your Mac or Windows Enjoy quick access to QuickBooks straight from your desktop (or dock), with additional features designed for PC or Mac users! Use multiple windows, keyboard shortcuts and menus to speed through common tasks and workflows.
-->
Tip
Some of the URLs in this article will take you to another document set. If you would like to maintain your place in this document set's table of contents, please right click on URLs to open them in a new window.
Office 365 Education provides self-service sign up for your students, faculty, and staff using their school email addresses. After signing up, students and teachers will be able to get started with Office 365 right away. Review the frequently asked questions below to learn more about Office 365 Education benefits for your students, faculty and staff.
How are you making it easier for my students, faculty, and staff to sign up for Office 365?
Students, faculty and staff who have valid school email addresses can sign up and use Office 365 services, including, in some cases, Office 365 ProPlus and OneDrive for Business. Microsoft will enable the capability for students, faculty and staff to sign up for Office 365 simply by using their school email addresses.
Office 365 A1 includes 1 terabyte (TB) of OneDrive for Business storage per user for school-related files, Office for the web, SharePoint Online and Yammer.
Some schools are eligible for Office 365 A1 Plus, which includes Office 365 ProPlus, and allows students, faculty and staff to install the latest version of Office on up to five PC or Mac computers* and on other mobile devices, including Windows tablets and the iPad. Beats audio mac app.
![]()
*Access and Publisher are available on PCs only. OneNote for Mac is available as a separate download from the Mac App Store.
What are the eligibility requirements for students, faculty, and staff to receive Office 365 A1 Plus?
Schools qualify for Office 365 A1 Plus when they license Office institution-wide for faculty and staff through Enrollment for Education Solutions, Open Value Subscription Education Solutions, Cloud Solution Provider (CSP), or a school contract. After the school qualifies, all active full-time or part-time students, faculty, and staff are eligible and can get the plan directly from Microsoft at Office 365 Education if they meet all three of the following requirements:
What does this mean for my institution?
In this scenario, if a student, faculty or staff already has a work or school account in the tenant (for example, contoso.edu) but does not yet have Office 365 A1 Plus, Microsoft will simply activate the plan for that account, and the student, faculty or staff will automatically be notified of the additional services, including the ability to download Office 365 ProPlus. If the student, faculty or staff already has an Office 365 A1 Plus account or any other Office 365 ProPlus license assigned through your school, they will be redirected to sign in with their existing credentials and receive a notification that includes an Install now prompt.
In this scenario, the student, faculty or staff does not yet have access to any Office 365 services. In this case, the student, faculty or staff can sign up at Office 365 Education and will automatically be given an account. This lets the student, faculty or staff access services included with Office 365 A1. For example, if a student named Sara uses her school email address (for example, [email protected]) to sign up, Microsoft will automatically add Sara as a user in the contoso.onmicrosoft.com Office 365 environment and activate Office 365 A1 for that account. If Sara attends a school that is eligible for the student use benefit, she will be provided an Office 365 A1 Plus license which will allow her to install Office 365 ProPlus.
How does this impact my security and compliance?
With OneDrive for Business, as with all Office 365 services, the IT administrators stay in control. The Microsoft 365 admin center provides a single location from which administrators can manage all of the aspects of OneDrive for Business, including site collection and user profile management, configuring search and discovery, permissions management and reporting, and more. In addition to centralized control, admins can manage many aspects of users and content, including access management, storage allocation, and content sharing limitations.Compliance management options include selective audits, e-Discovery, and current usage summaries that can be used to manage compliance and investigate any areas of concern. To learn more about managing security and compliance with OneDrive for Business, see OneDrive for Business.
What steps do we need to take to make this available to students, faculty, and staff?
There are no administrative actions your institution needs to take to enroll, in most countries. (In some countries, you'll need to opt in by following the steps below under Opt in steps required for some countries.) You can simply communicate the availability of Office 365 A1 or Office 365 A1 Plus to your students, faculty and staff by using content from the Office 365 Campus Marketing toolkit. The toolkit contains template emails, posters, web banners and more to help you increase awareness among students, faculty and staff. Contact your Microsoft representative with specific questions about the steps your school should take.
Important
If your institution has multiple email domains, you may want all email address extensions to be in the same tenant. To do this, before any students, faculty and staff sign up for Office 365 A1, create your primary Office 365 tenant and add all of your email address domains to that tenant. It's important to do this first, because there's no automated way to move users across tenants after they've been created.
Opt in steps required for some countries
Customers in certain countries must opt in to allow new users to join existing Office 365 tenants. In those countries, to make Office 365 A1 or Office 365 A1 Plus available to students and faculty, follow the steps below.
Note
These steps require the use of Windows PowerShell. To get started with Windows PowerShell, see Getting Started with Windows PowerShell.
What does this mean for my faculty and staff who are already using Office 365?
There will be no change for people who are already using Office 365 for Faculty plans. However, since new users could subscribe to the service at any time, you should ensure that you review your SharePoint site permission settings (if applicable).
Important
If students, faculty and staff are new to your Office 365 environment, faculty and staff should make sure that their sites have appropriate group permissions for read and/or write access. For information about setting permissions, see Share documents or folders in Office 365 and Permissions in Office 365.
How will this change the way I manage identities for users in my institution today?
If your school already has an existing Office 365 environment with student accounts, identity management will not change.
If your school already has an existing Office 365 environment without student accounts, we will create a user in the tenant and assign licenses based on the student’s school email address. This means that the number of users you are managing at any particular time will grow as students, faculty and staff sign up for the service.
If you are managing your directory on-premises, and use Active Directory Federation Services (AD FS), Microsoft will not add users to your tenant, and any students, faculty and staff attempting to join your tenant will receive a message to contact their institution's admin.
If your school does not have an Office 365 environment connected to your email domain, there will be no change in how you manage identity. Students, faculty and staff will be added to a new, cloud-only user directory, and you will have the option to elect to take over as the tenant admin and manage them.
What is the process to manage a tenant created by Microsoft for my students?
If a tenant was created by Microsoft, you can claim and manage that tenant by following these steps:
If I have multiple domains, can I control the Office 365 tenant that students, faculty and staff are added to?
If you do nothing, a tenant will be created for each student email domain and subdomain.
If you want all students, faculty and staff to be in the same tenant regardless of their email address extensions:
Important
There is no supported automated mechanism to move users across tenants once they have been created. For more information on this process, see Add your users and domain to Office 365.
If I add a domain to Office 365 will e-mail flow be affected? What if the domain sets Exchange Online to authoritative by default?
Sub-domains are added to Exchange Online as 'authoritative' accepted domains if the root domain in Office 365 is set up for e-mail in Exchange Online. Make sure to also set the domain as non-authoritative, internal relay. Modify send connectors as appropriate. For more information, see Manage accepted domains in Exchange Online.
I have both Office 365 A1 and Office 365 ProPlus licenses that were previously ordered in my tenant. Now there is a large pool of Office 365 A1 Plus licenses as well. What license pool do I use going forward?
Either pool of licenses will work. You may want to use just one license pool for students, and another for faculty and staff for simplicity.
How can I prevent students from joining my existing Office 365 tenant?
There are steps you can take as an admin to prevent students, faculty and staff from joining your existing Office 365 tenant. If you do block this, students’ attempts to sign in will fail and they will be directed to contact their institution’s admin.
![]()
These steps require the use of Windows PowerShell. To get started with Windows PowerShell, see the PowerShell getting started guide.
To perform the following steps, you must install the latest 64-bit version of the Azure Active Directory Module for Windows PowerShell.
After you click the link, click Run to run the installer package.
Disable automatic license distribution: Use this Windows PowerShell script to disable automatic license distributions for existing users.To disable automatic license distribution for existing users:
To enable automatic license distribution for existing users:
Disable automatic tenant join : Use this Windows PowerShell command to prevent new users from joining a managed tenant:
To disable automatic tenant join for new users:
To enable automatic tenant join for new users:
Note
If you take these steps to block users from joining, the current Student Advantage provisioning process will remain in place. For more information, see Office 365 Education.
How do I verify if I have the block on in the tenant?
Use the following Windows PowerShell script:
Get-MsolCompanyInformation | fl allow*
How do I disable the Office 365 ProPlus download notification pop-ups for my users?
If you disable the auto-licensing in the tenant, it will also disable the pop-up notifications for your users. To disable auto-licensing, see Disable automatic license distribution in How can I prevent students, faculty and staff from joining my existing Office 365 tenant?
Are students at my institution able to take advantage of this offer if we block external email?
E-mail verification is required for self-service sign up for students, faculty and staff who do not yet have an account. While this is the easiest way to verify a student is eligible, if you create a tenant with user accounts (for example, you did this using a CSV file, PowerShell cmdlet, or DirSync), then your students, faculty and staff can take advantage of the auto-licensing feature to get access to the services we are providing.
Can I combine multiple Office 365 tenants?
No. As of today, you cannot combine tenants.
Students, faculty and staff in my institution are reporting difficulties downloading Office through this program. What resources are available to help them with this?
If your students, faculty and staff are having issues installing Office, installation instructions are available in Download and install or reinstall Office 365 or Office 2019 on a PC or Mac.
How do I know when new users have joined my tenant?
Students, faculty and staff who have joined your tenant as part of this program are assigned a unique license that you can filter on within your active user pane in the admin dashboard.
To create this new view, in the Microsoft 365 admin center, go to Users > Active Users, and on the Select a View menu, select New View. Name your new view, and under Assigned license, select Office 365 A1 Plus for Students or Office 365 A1 Plus for Faculty. Once the new view has been created, you will be able to see all the students, faculty and staff in your tenant who have enrolled in this program.
Does this change how I manage OneDrive and SharePoint security?
You should ensure that you review your SharePoint site permission settings and user policies (if applicable). If students, faculty and staff are new to your Office 365 tenant, faculty and staff should make sure their sites and OneDrive have the appropriate permissions for students. For information about setting permissions, see Share documents or folders in Office 365 and Permissions in Office 365.
I’m a SAML/Shibboleth customer. Can I still use self-service to get the Office 365 ProPlus client?
The Office 2016 client currently supports SAML/Shibboleth. This will become the default client available in February, 2016. Before that, however, as the admin you can turn on First Release for your organization if you want to use features in Office 2016.
Are there any additional things I should be prepared for?
Overview of Office 365 licensing
An Office 365 A1 or Office 365 A1 Plus license is automatically assigned when a student or faculty/staff member uses the self-service sign up process. An Office 365 admin can also assign licenses using the standard assignment processes. The availability of these licenses does not impact any preferences previously set on license assignment.
Following are answers to additional licensing questions. Airserver mac app store apps.
We have provided these licenses to you in your Office 365 tenant to make it easier for you to provide this benefit to your students, faculty and staff. For schools who allow students, faculty and staff to self-provision you can point them to the sign-in page and after verification they will be automatically assigned one of these licenses. You can also choose to assign these licenses through your standard processes, through the Microsoft 365 admin center.
Yes. The availability of these licenses will not impact your ability to manage the provisioning process. If your institution has chosen to block self-provisioning, no automatic license assignment will occur.
No. You have the ability to control whether students, faculty and staff can self-join the tenant. If you would like to turn off self-provisioning, review the information above.
The newly created tenant will also have licenses provisioned to ensure that each additional student or faculty/staff member from that subdomain will have immediate access to Office 365.
The Office 365 A1 Plus licenses are provided as a part of the student use benefit that your institution has qualified for through your licensing agreement, and use of those licenses are governed as part of that agreement. The program agreement that users agree to in the self-service sign up flow is the relevant agreement for new users in a new unmanaged tenant and admins claiming an unmanaged tenant. Once an admin has verified domain ownership for a new unmanaged tenant, that tenant is now associated with the institution and the terms of the institution EES will apply to those licenses as well.
In the case that your institution does not maintain eligibility for the student use benefit (Program Eligibility Requirements) the institution IT admin will be responsible for revoking student and faculty access. This includes removing licenses from users in those accounts and managing messaging to students and faculty about off-boarding data and de-provisioning access to these services.
Office 365 Education and the Family Education Rights and Privacy Act
FERPA imposes requirements on U.S. educational organizations regarding the use or disclosure of student education records, including email and attachments. Microsoft agrees to the use and disclosure restrictions imposed by FERPA that limit Microsoft’s use of student education records, including agreeing to not scan emails or documents for advertising in the Office 365 Services.
Below are answers to frequently asked questions.
FERPA compliance is not an issue when the school is not managing the Office 365 tenant. In this scenario, the school does not have administrative control and is not expected to be accessing or using students, faculty and staff educational records therefore, FERPA does not apply.
Independently, Microsoft commits to the security and privacy of the new users in an unmanaged Office 365 tenant as it does with any existing Office 365 customers.
In the scenario when the school is not managing the Office 365 tenant the school is not the administrator of the tenant. Microsoft is the Office 365 tenant administrator. As a result the question of school’s compliance with FERPA does not arise.
According to FERPA, schools may disclose, without consent, 'directory' information such as a student's name, address, telephone number, date and place of birth, honors and awards, and dates of attendance. However, schools must tell parents and eligible students, faculty and staff about directory information and allow parents and eligible students, faculty and staff a reasonable amount of time to request that the school not disclose directory information about them.
Countries that require Opt-In steps to add new users to existing Office 365 tenants
Pakistan, United Arab Emirates, Kazakhstan, Turkey, Yemen, Azerbaijan, Kuwait, Jordan, Qatar, Bahrain, Oman, Lebanon, Cyprus, Saudi Arabia, Israel, United Kingdom of Great Britain and Northern Ireland, Ukraine, Switzerland, Sweden, Svalbard, Spain, Slovenia, Slovakia, Serbia, San Marino, Russian Federation, Romania, Portugal, Poland, Norway, Netherlands, Montenegro, Monaco, Moldova, Malta, Macedonia, Luxembourg, Lithuania, Liechtenstein, Latvia, Jersey, Italy, Isle of Man, Ireland, Iceland, Hungary, Holy See (Vatican City), Guernsey, Greece, Gibraltar, Germany, France, Finland, Faroe Islands, Estonia, Denmark, Czech Republic, Croatia, Bulgaria, Bosnia and Herzegovina, Belgium, Belarus, Austria, Andorra, Albania, Aland Islands.
If a prospective customer downloads your software onto Mac OS X 10.8 and it hasn’t been signed, they will see a scary warning:
Not good. To run unsigned software they need to go into Mac OS X Preferences>Security & Privacy>General and change Allow applications downloaded from Mac App store and identified developers to Anywhere:
Or they need to right/Ctrl click and see another scary warning. Double plus not good. This is the new Mac Gatekeeper system in action. Apple being Apple, Gatekeeper defaults to only allowing users to run software they have downloaded off the Internet if it has been signed. This could have a big effect on your conversion rate on Mac. So if you are shipping software for the Mac, you really need to sign it.
Apple fanboys will tell this is a sensible way for Apple to control software quality. A valid certificate shows that your software hasn’t been tampered with and, if it turns out to be malware, Apple can revoke your certificate. The more cynical might see it as a way for Apple to exert even greater control over Mac developers than it already does, while simultaneously extorting $99 per year from each and every one of them. Make your own mind up on that one.
I have now managed to sign my table planner software, ready for its next release. I should have done it months ago. But I expected the process to be so tedious that it has taken me this long to get around to it. And it was every bit as mind-numbingly tedious as I expected trying to find a few useful nuggets amongst the acres of Apple documentation. I found some useful stuff in blogs, but it was quite fragmented. So I have thrown together these notes in the hope that it saves someone else a few hours going round in circles. Note that I am not currently submitting my software to the Mac App Store, so I don’t cover that here. Also my software is developed in C++/Qt using Qt Creator, rather than Objective-C/Cocoa using XCode, and my approach reflects that.
1. Sign up for Apple Developer Connection ($99 per year). Doesn’t matter if you already paid through the nose for a Windows authenticode certificate. Gatekeeper only accepts Apple certificates, so you have no choice. On the plus side, you do get other benefits, including downloading new OS upgrades for free.
2. You need Mac OS X 10.8 so you can test that your signing works. If you have an Apple Developer Connection subscription, you can download 10.8 for free (get a code from the ADC downloads area and using it in the Mac App Store). I found the upgrade from 10.6 to 10.8 was surprisingly painless (Microsoft eat your heart out).
3. Request your Apple certificates and install them into your Keychain. You can do this from Xcode (instructions here). You may need to upgrade Xcode to a recent version.
4. Use the codesign command line tool to sign:
I believe you can do this as part of your Xcode build. But I prefer a shell script. For example:
echo --sign frameworks --
echo --sign plugins--
echo --sign app--
I do this in a build shell script that automates the whole process of creating a .dmg for download. I’m not sure if the order you sign the components in is important.
Note that:
5. Verify the signing of the .app file. For example:
codesign -vvv -d <yourApp>.app
6. Package your .app into a .dmg, .zip, .pkg or whatever other format you use to install it (I believe .pkg files might require additional signing with a different certificate).
7. Make sure your Mac OS X 10.8 machine is set to the default Gatekeeper setting.
8. Download your software onto Mac OS X 10.8 and check if the scary warning has gone away.
9. Pray that Apple doesn’t decide to revoke your certificate at some point for an infraction, real or imagined.
Until you have released a signed version you can put up a warning with some simple Javascript, for example:
Further reading:
Qt related:
Java related:
Thanks to Jonathan of DeepTrawl and Stephane of LandlordMax for some useful pointers.
************** Update **************
Self Sign Mac App Shortcut
Things have changed again for Mac OS X 10.9/10.10. See this post for an update.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |