Share via

What is Golden Path for Education?

  • Article

Golden Path for Education is a set of guidelines to give education customers and organizations a proficient way of deploying Microsoft services within an Education organization. Golden Path for Education is broken into three stages:

  1. Deployment Guides (EDU Prescriptive Content)
  2. Discovery/Assessments (AI)
  3. Drift Management (Change Management)

Diagram that shows the stages of Golden Path for Education.

There are three phases used to fully deploy the Golden Path for Education.

  • Baseline phase covers A1 license features and functionality.
  • Standard covers A3 license features.
  • Advanced completes the Golden Path for Education with A5 license functionality.

Prerequisites

  • Qualified Education Organization

Microsoft 365 Education Service Descriptions

Microsoft 365 Service Description

Stages

Golden Path for Education is broken into three stages:

  1. Deployment Guidelines (Learn.microsoft.com)
    • Based on each phase (Baseline, Standard, Advanced)
    • Broken down in each phase by sections:
      • Setup (Tenant Configuration)
      • Identity
      • Applications (Teams, OneDrive, SharePoint, Exchange Online)
      • Security and Compliance
      • Devices
  2. Discovery/Assessments (AI) (Evaluate tenant settings, based on API calls to user requirements)
  3. Drift Management (Change Management, Monitoring, Reporting)

Phases

There are three phases of the Golden Path for Education; Baseline (A1), Standard (A3), and Advanced (A5). Each phase includes the sections that deliver recommendations for an established education organization tenant configuration. Organizations can follow the recommended guidelines or choose to follow their own path or custom requirements.

Phase Description
Baseline introduces features and functionality around the Microsoft 365 A1 license. The Baseline configuration defines the recommended settings for organizations.
Standard follows the Microsoft 365 A3 education license, including Baseline settings along with the introduction of A3 standard features, products, and services.
Advanced follows the Microsoft 365 A5 license, including everything in Baseline and Standard phases. Advanced A5 license phase delivers extended security and compliance services.

Sections

The five sections of each phase cover tenant setup, identity, applications, security and compliance, and device management.

                  Area Description Link to steps
Tenant Setup Tenant setup configures the base tenant. Covering sign-up, tenant creation, network, security, global administrators, services; OneDrive, Sharepoint, Exchange Online, and Microsoft Teams. Baseline
Identity Identity defines the architecture, including on-premises sync considerations, AD FS, Student Information Systems (SIS), and School Data Sync (SDS). Baseline
Applications Applications like OneDrive, SharePoint, Exchange Online, Intune for Education, and Microsoft Teams are configured for education organizations. Baseline
Security and Compliance Defining and closing security considerations in the tenant are the number one priority. Security configuration in defined by A1, A3, or A5 license enrollment. Baseline
Devices Onboarding devices via Intune for Education for mobile device management (MDM) and mobile application management (MAM). Managed devices and unmanaged devices are included in this configuration. Baseline

Golden Path for Education delivery sequence

The sequence that you'll follow is Baseline -> Standard -> Advanced phases, depending on your tenant license configuration.

Each phase includes the appropriate or required sections; Tenant Setup, Identity, Applications, Security and Compliance, and Devices.

 
Step 1a Establish setup and configuration for tenant.
Step 2a Establish identity architecture and configure user provisioning options.
Step 3a Setup Microsoft Teams, OneDrive, SharePoint, and Exchange Online.
Step 4a Establish Baseline security settings and configurations.
Step 5a Establish device strategy and deployment path.