Microsoft Stream
Microsoft Stream, a powerful video-sharing platform, can be a game-changer for nonprofits looking to enhance their outreach, training, and internal communications. In this blog post, we'll explore how Microsoft Stream can benefit nonprofit organizations, even those with limited tech expertise.Transitioning from Microsoft 365 Business Premium to Business Basic: What Nonprofits Need to Know
As Microsoft begins transitioning out the Business Premium grant for nonprofits, many organizations are reassessing their licensing needs therefore this is an opportunity to streamline operations and continue leveraging powerful tools with Microsoft 365 Business Basic. _____________________________________________________________________________________________________ What Is Microsoft 365 Business Basic? Microsoft 365 Business Basic is a cloud-first productivity suite designed for organizations that don’t need desktop Office apps but still want access to essential collaboration and communication tools. It includes: ✅Web and mobile versions of Word, Excel, PowerPoint, and Outlook ✅Microsoft Teams for meetings, chat, and collaboration ✅Exchange Online with a 50 GB mailbox per user ✅OneDrive for Business with 1 TB of cloud storage ✅SharePoint Online for document management and team sites It’s a cost-effective solution for nonprofits looking to maintain productivity while reducing licensing expenses. __________________________________________________________________________________________________ The Change Microsoft has announced the retirement of the Business Premium grant, which previously provided eligible nonprofits with free access to premium features like desktop Office apps, Intune, and advanced security tools. As a result, many organizations are now exploring Business Basic as a cost-effective alternative. Note: If your organization decides to continue using Microsoft 365 Business Premium, you may be eligible for a discount of up to 75% through Microsoft’s nonprofit pricing. This can be a great option if you still need access to advanced features. ______________________________________________________________________________________________________ How to Transition from Business Premium to Business Basic Here’s a step-by-step guide to help you make the switch smoothly: Step 1: Evaluate Your Current Usage Identify users who don’t need desktop apps or advanced security features. Use the Microsoft 365 admin center to review license assignments and usage patterns. Step 2: Purchase Business Basic Licenses Go to Microsoft 365 admin center > Billing > Purchase services. Select “Details” next to Microsoft 365 Business Basic and buy the number of licenses you need. Important: Although the process says “purchase,” eligible nonprofits receive the first 300 Business Basic licenses for free. You will not be charged for these licenses, even though they are added through the purchase flow. Step 3: Reassign Licenses Navigate to Users > Active users. For each user, go to Licenses and Apps, uncheck Business Premium, and check Business Basic. Save your changes. Step 4: Remove Unused Premium Licenses Once all users are reassigned, reduce or cancel your Business Premium licenses to avoid unnecessary charges. Go to Billing > Your Products Click on Microsoft 365 Business Premium, then click remove licenses Ensure that users have been unassigned licenses or that may cause an error Step 5: Communicate the Transition Let your team know what’s changing and what tools they’ll still have access to. Offer training or resources to help them adapt to web-based tools. ______________________________________________________________________________________________________ Business Premium vs Business Basic Comparison Feature Business Premium Business Basic Desktop versions of Office apps (Word, Excel, PowerPoint, Outlook, etc.) ✅ ❌ Advanced security features (Microsoft Defender for Business, Microsoft Purview) ✅ ❌ Device management (via Microsoft Intune) ✅ ❌ Access and Publisher (PC only) ✅ ❌ Webinar hosting and attendee tools in Teams ✅ ❌ ______________________________________________________________________________________________________ What You’ll Still Have with Business Basic Despite the changes, you’ll retain access to essential tools that support collaboration and productivity: Web and mobile versions of Office apps Microsoft Teams (chat, call, meet with up to 300 attendees) Business-class email with Exchange 1 TB of OneDrive cloud storage SharePoint Standard security and support ______________________________________________________________________________________________________ Making the Most of Microsoft 365 Business Basic Even without desktop apps, Business Basic offers a robust suite of tools to keep your team connected and productive: ✅ Web-Based Office Apps Use Word, Excel, PowerPoint, and Outlook directly in your browser. Collaborate in real-time with colleagues on shared documents. ✅ Microsoft Teams Host virtual meetings, chat, and collaborate on files. Create channels for departments or projects to streamline communication. ✅ OneDrive and SharePoint Store and share files securely in the cloud. Use version history and co-authoring to improve productivity. ✅ Email and Calendar Access professional email with a 50 GB mailbox via Outlook on the web. Manage calendars and schedule meetings with ease. ___________________________________________________________________________________________________ Final Thoughts While the retirement of the Business Premium grant may require some adjustments, Microsoft 365 Business Basic still provides essential tools to help your nonprofit thrive. With thoughtful planning and a focus on cloud-based collaboration, you can continue to operate efficiently and make a meaningful impact—without breaking your budget.Efficiently Removing Inactive Guest Users in M365/Azure
At the heart of this post is Kairos IMS, an innovative Impact Management System designed to empower human-serving nonprofits and social impact organizations. Co-developed by the Urban League of Broward County and our trusted technology partner, Impactful, Kairos IMS reduces administrative burdens, enhances holistic care, and enables organizations to leverage data for increased agility and seamless service delivery. In this blog series, we’ll take a closer look at the powerful technologies that fuel Kairos IMS, from Azure services to security frameworks, offering insight into how modern infrastructure supports mission-driven impact. Click here to learn more. Many organizations forget to offboard their guest users. Whether students drop out, graduate, or are removed from the program, their guest accounts often linger in your tenant—quiet, forgotten, and potentially risky. Let’s talk about why it matters and what you should be doing about it. The Hidden Risk of Inactive Guest Users It’s easy to think of guest users as harmless—after all, they’re just there temporarily, right? But the reality is that each inactive user is an open door. A door that, if left unlocked, could be used by someone with bad intentions. Here’s why: Their credentials may be compromised elsewhere. If a former student reused a password or their email account is breached, an attacker could gain access to your tenant through their still-active guest account. They may retain access to sensitive files. Even if you think they’ve moved on, inactive users might still be able to view shared documents, recordings, or internal communication threads. Your organization becomes a bigger target. The more accounts you have—especially inactive or unmonitored ones—the more surface area an attacker can exploit. Nonprofits are particularly vulnerable. You’re working hard to do good in the world, but limited time, resources, and staff often mean security takes a back seat. That’s why it’s critical to develop lightweight, repeatable processes that protect your community and your mission. Guest Access Shouldn’t Be Set and Forget Inviting students into your tenant helps them feel part of something bigger. But just as important as the welcome is the send-off. Not everyone who starts the program finishes it, and not everyone who finishes needs continued access to your resources. Here are a few things to consider: Do you have a system to track who’s still active? Are you reviewing guest user activity periodically? Do you know how to remove or disable users when they’re no longer part of the program? If the answer to any of these is “no,” you’re not alone—and you’re not too late. The Benefits of Cleaning Up Your Tenant Beyond improving your security posture, removing inactive guest users can: Keep your environment organized. It’s easier to manage active cohorts when your tenant isn’t cluttered with outdated accounts. Reduce licensing conflicts. Even though guest users don’t typically consume licenses, having too many users can complicate group access, permissions, and automated workflows. Show respect for your participants. Offboarding users when their participation ends is a sign of professionalism—and it protects their data, too. Up Next: How to Remove Inactive Guest Users Now that you understand why it's important to remove inactive guest users, the next step is knowing how. Fortunately, Microsoft 365 provides built-in tools and settings to help you manage and clean up guest access safely and efficiently. In our next section, we’ll walk you through a step-by-step guide to identify and remove inactive guest users from your tenant. How to Create a Dynamic Group for Guest Users in Microsoft Entra ID The first thing we need to do is create a dynamic group for guest users. This step is important because dynamic groups automatically include users based on specific attributes—in this case, identifying anyone with a user type of "Guest." Instead of manually adding or removing users from a group each time someone joins or leaves your program, dynamic groups keep everything up to date for you. It’s a simple way to ensure your access management stays clean, organized, and secure. Step-by-Step Instructions Sign in to the Microsoft Entra admin center You’ll need to access the admin portal to manage groups and set up dynamic rules. Go to https://entra.microsoft.com and log in with your admin credentials > navigate to Manage Entra ID. Access the Groups section This is where all your groups are managed within Entra ID. In the left-hand menu, select Groups under the “Manage” section. Create a new group This begins the process of defining your dynamic group. Click + New group to start creating a new group from scratch. Configure group settings You’ll choose the group type, give it a name, and specify that it will use dynamic membership. Select Security as the group type, enter a name (like "Guest Users"), and choose Dynamic User under Membership type. Add dynamic membership rule This is where you set the condition that defines who will be in the group. Under Dynamic user members, click Add dynamic query to build a rule based on user attributes. Define the membership rule We’ll configure the rule so that it targets users where the userType equals Guest. Select + Add expression > set the Property to userType, Operator to Equals, and Value to Guest. Add second expression to filter active guests This ensures only active guest accounts are included. Click Add expression again > set the Property to accountEnabled, Operator to Equals, and Value to true. Validate the rules This helps confirm that your rule works as intended before applying it. Select Validate Rules > click + Add users and choose a guest user from the list. Save the dynamic rule Once your conditions are set, saving them will apply the logic to the group. Click Save to finalize the rule and return to the group creation screen. Create the group Review all the settings and create the group so it begins auto-populating. Click Create, and your dynamic group will now include all guest users automatically. Navigate back to the group tab > select Dynamic Groups > and select your group to view the members and verify all guest users have been added. We're not done just yet! Now let's automate the review and removal of inactive guest users. 🔍 How to Set Up an Access Review for Inactive Guest Users in Microsoft Entra ID After establishing a dynamic group for guest users, the next crucial step is to regularly review their activity. Access reviews in Microsoft Entra ID allow you to automate the process of identifying and removing inactive guest users, thereby maintaining a secure and compliant environment. Step-by-Step Instructions Access the Identity Governance section In the Azure search bar, type and select Identity Governance, then click on Access Reviews. Initiate a new access review Click on + New access review to start the configuration process. Select what to review • Resource type: Choose Teams + Groups • Review scope: Select Select Teams + groups • Group selection: Choose the dynamic group you previously created for guest users • Scope: Set to Guest users only • User scope: Check the box for Inactive users only • Days inactive: Specify the number of days (e.g., 30) to define inactivity Configure the review settings • Reviewers: Select Selected user(s) or group(s) • Users or Groups: Select your desired reviewer(s) • Duration: Set the number of days the review will be open (e.g., 5 days) • Recurrence: Choose the frequency (e.g., monthly, quarterly) or set it as a one-time review • Start date: Specify when the review should begin • End date: Define when the review should end or select Never for ongoing reviews Set up review settings • Auto apply results to resource: Enable this to automatically apply the review outcomes • If reviewers don't respond: Choose Remove access or Take recommendations to revoke access for users not reviewed • Action to apply on denied guest users: Select Block user from signing in for 30 days, then remove user from the tenant Configure advanced settings (optional) • Justification required: Require reviewers to provide reasons for their decisions • Email notifications: Enable to send notifications to reviewers at the start and end of the review • Reminders: Set up reminders for reviewers during the review period • Additional content for reviewer email: Add any specific instructions or information for reviewers Review and create the access review • Name: Provide a descriptive name for the access review • Description: Optionally, add details about the purpose of the review • Review: Ensure all settings are correct • Create: Click Create to initiate the access review Managing guest access might feel like a behind-the-scenes task, but it plays a frontline role in protecting your nonprofit’s data, resources, and reputation. Whether a guest user is a student who graduated, a volunteer who moved on, or someone who left unexpectedly, leaving their access unchecked can expose your organization to unnecessary risk. By creating a dynamic group for guest users and setting up regular access reviews, you’re putting smart guardrails in place. These steps not only strengthen your security but also keep your Microsoft 365 environment tidy, efficient, and aligned with best practices. Security doesn’t have to be complicated—and it shouldn’t be an afterthought. With tools already available in Microsoft Entra ID, you can stay proactive, stay protected, and keep your mission moving forward with confidence.
