Browsing Office 365 plans?
Don’t get out your credit card just yet. There are some options you should try first.
I know, the prospect of a free Office 365 download sounds kind of farfetched. But it’s not. If there is a legal way that you don’t have to pay, you’ll find it here.
Of course, one way is to simply get the free trial of Office 365 if you don’t have it already. This is limited but will give you a chance to try it before you buy.
Microsoft 365 makes planning so much easier with the new Microsoft Teams mobile app.2It’s is an all-in-one hub that makes it easy to stay connected, plan and get stuff done, wherever you are. Teams is the place where all your conversations come together including group chat and an integrated dashboard view that keeps you on top of your. You'll use your Microsoft account for everything you do with Microsoft 365 or Office. If you use a Microsoft service like Outlook.com, OneDrive, Xbox Live, or Skype, you already have an account.
On to the ways to get a full free Office 365.
1. Get Office 365 through your school
Microsoft offers Office 365 Education for free through many schools and universities. If you are a student or educator, and your institution is eligible, all you need is a valid school email address.
This is a truly free version of Office 365, and you should enjoy this benefit for as long as possible. In addition to your familiar MS apps, it comes with tools to encourage collaboration in the classroom, like Access, Sway, Teams, SharePoint, Stream, and Flow.
Every so often, Office will verify you are still are still an active educator or student. Once your Office 365 Education plan expires, applications will become view-only after 30 days. After 60, you will lose access. To keep working, you will need to subscribe to Office 365, or back up your files and use Office Online.
If you used to be a student, see if your school address will work. If not, access the alumni discount they offer for Office 365 Personal.
2. Get the free trial of Office 365
This is the easiest free option for accessing premium versions of Word, Excel, PowerPoint, Outlook, Publisher, and Access. But it only lasts for a month. After that, you’ll have to begin a subscription or use one of the other methods here.
Note: You will have to provide payment information to sign up for the free trial, though you won’t be charged until the trial expires. When it does, you will start getting billed automatically.
Remember to turn off recurring billing in your Account Settings unless you want to start paying.
Unlike the online version, when Office 365 is installed locally you have full document editing capabilities offline. You can share the free Office 365 trial version with up to five other people. Each person gets 1TB of OneDrive cloud storage, plus the ability to sync and share files across Windows, Apple, and Android devices.
This is a great option, but only for the short-term. You only get a single free trial per email and credit card, so unless you try to bend the terms of the license agreement, it’s a one-shot deal. Or is it?
3. Get the free trial of Office 365 ProPlus
Microsoft provides evaluation versions of its products to potential customers through its Evaluation Center. There you can test-drive the latest features and services the company offers, including Office 365 ProPlus. First, you’ll need to register an Office 365 ProPlus account and qualify for an evaluation account.
Note: Same as the trial version of Office 365, the ProPlus trial requires payment information and bills you after a month.
Once you have access to the full evaluation version of Office 365 ProPlus, you can share and manage up to 25 users. It comes with all of the premium Office tools, not just web apps, and Skype for Business. Streaming installation for up to five computers per user allows everyone to work offline with full editing capabilities.
Since it is an evaluation version, Microsoft is still working out the kinks of this software. Things may not work perfectly, so be prepared.
This is Microsoft’s way of hooking enterprise customers, and it is a sleek toolkit for any company. But if you are not looking to pay once the trial is up, you will have to back up and switch to something else.
Tip: G Suite Business isn’t free, but its pricing is competitive and the functionality works well for agile companies.
4. Convince your company to get Office 365
If your need for Office 365 is strictly personal, this may be a tough sell. But if you constantly find yourself in need of full-versions of Word or Excel, you probably have a strong case to make to your employer.
Office Online is great, considering it’s free, but the lack of function or offline capability can be extremely frustrating. If these things are getting in the way and costing you time, it’s likely costing the company more money a subscription would.
This isn’t always going to work—especially if you are your own boss, sorry freelancers—but I told you we were looking at every option to get Office 365 free of charge.
5. Free Office 365 (with purchase of a PC)
Here’s an option that is not going to be right for everyone, but if you are in the market for a new computer, this could be an answer. Some PCs come with one year of Office 365. This sometimes includes ultra-affordable laptops, and you still save $99 annually on an Office 365 subscription.
One thing to make sure of is that you are getting what you want. Some computers will only come with Office 365 Personal, and others may not even have an OS installed. Read the fine print and confirm everything is set up as you expect.
What about Office Online and Mobile?
Now you know how to get a free download of Office 365, but I should mention two easy, free-forever Office options just in case they do the trick.
Get Office Online
Office Online is entirely cloud-based and works on most browsers. As long as you have the internet, you have access to familiar MS Office tools like Word, Excel, and PowerPoint, as well as Sway, OneNote, Outlook, Calendar, OneDrive, Forms, People, and Skype. Simply create an account and log in from anywhere to collaborate with anyone.
While Office Online doesn’t take up any space, the downside is that you need the internet in order to use the programs and your documents. If you can rely on wifi wherever you need it, this limitation isn’t so bad. Plus, you can always sync your computer with OneDrive so that files are automatically stored for offline access.
The features are greatly limited compared to Office 365, but for personal use, it’s probably okay as long as you plan ahead. The extra logistics required to coordinate larger teams using Office Online, however, probably don’t end up saving much money.
Get the Office mobile app
The Office mobile app works on Android and iOS on your phone or tablet. Word, Excel, and PowerPoint are combined into a single app that syncs with all of your devices that use Office.
You can download additional apps, which take up some space, but all of your documents are stored in the cloud. You’ll be able to create and sign PDFs, and edit documents, tables, and slides—but be aware that the editing features are limited without the Office 365 subscription.
Similar to Office Online, the mobile app is okay for personal needs but quickly reveals itself wanting at the enterprise level.
Note: Editing in the Office mobile app is limited to screens up to 10.1 inches. If you have a larger screen, you will have to upgrade to Office 365 or be stuck in read-only.
Dubious methods and hacking
Finally, I want to point out that similar to giving Microsoft multiple credit cards or emails in an attempt to prolong your free trial of Office 365, there are other dubious methods out there. These are not always safe for you and may be illegal.
I mention them because your search has no doubt included these options, and many are disguised as genuine with a price that is too good to be true.
For example, you will find people offering Office 365 for $1 on eBay and other sites. This will get you a product key that maybe works, and definitely isn’t legal. Typically, you can use these accounts for one year, or until Microsoft detects that your key is not legitimate.
There are also videos and blogs that show you how to hack Office 365 by emulating a successful KMS activation. These authors claim that the KMS license key is legal, which may be true, depending on how the code is written. But installing the key to access licenses you never bought is certainly not legal.
Plus, whatever patch you copy into your system may have other functions you don’t want. A hacker wrote it after all. For us, we don’t consider it worth the risk.
This goes, too, for any free Office 365 you discover on torrents and other sites that get shut down periodically. With an illegal free version of Office 365 you may get more than you pay for in the worst way.
Final note: If you have to pay… it’s really not that bad!
In the end, Office 365 is an extremely valuable set of programs. Getting it for $99/year is pretty amazing.
I understand why it’s annoying, especially in the eleventh hour when your documents are out of reach. Trust me, I get it. But I also understand that the software of this century requires ongoing maintenance for security and integration. The game has changed and it’s not necessarily evil for companies to move to a subscription model.
Of course there are people who will disagree with me.
LibreOffice is a free fully-loaded office suite. Over 200 million people use the open-source program, which supports more than 200 file types. It’s got Writer, Calc, Impress, Draw, and a number of other applications that are recognizable to any user of Word, etc.
There are Google’s free offerings as well, which solve most personal needs for document creation, sharing, and storage. For enterprise needs, though, G Suite for Business is reasonably priced and has a higher user satisfaction score than Office 365.
Use the trials to figure out where you stand. If Office 365 is what you need, budget it in and write it off next year. Here’s a guide to help you make sense of the Office 365 pricing.
-->
When you create an application that needs access to secured services like the Office 365 Management APIs, you need to provide a way to let the service know if your application has rights to access it. The Office 365 Management APIs use Azure AD to provide authentication services that you can use to grant rights for your application to access them.
There are four key steps:
Register your application in Azure AD. To allow your application access to the Office 365 Management APIs, you need to register your application in Azure AD. This allows you to establish an identity for your application and specify the permission levels it needs to access the APIs.
Get Office 365 tenant admin consent. An Office 365 tenant admin must explicitly grant consent to allow your application to access their tenant data by means of the Office 365 Management APIs. The consent process is a browser-based experience that requires the tenant admin to sign in to the Azure AD consent UI and review the access permissions that your application is requesting, and then either grant or deny the request. After consent is granted, the UI redirects the user back to your application with an authorization code in the URL. Your application makes a service-to-service call to Azure AD to exchange this authorization code for an access token, which contains information about both the tenant admin and your application. The tenant ID must be extracted from the access token and stored for future use.
Request access tokens from Azure AD. Using your application's credentials as configured in Azure AD, your application requests additional access tokens for a consented tenant on an ongoing basis, without the need for further tenant admin interaction. These access tokens are called app-only tokens because they do not include information about the tenant admin.
Call the Office 365 Management APIs. The app-only access tokens are passed to the Office 365 Management APIs to authenticate and authorize your application.
The following diagram shows the sequence of consent and access token requests.
Important
Before you can access data through the Office 365 Management Activity API, you must enable unified audit logging for your Office 365 organization. You do this by turning on the Office 365 audit log. For instructions, see Turn Office 365 audit log search on or off.
Enabling unified audit logging isn't required if you're only using the Office 365 Service Communications API.
Register your application in Azure AD
The Office 365 Management APIs use Azure AD to provide secure authentication to Office 365 tenant data. To access the Office 365 Management APIs, you need to register your app in Azure AD, and as part of the configuration, you will specify the permission levels your app needs to access the APIs.
Prerequisites
To register your app in Azure AD, you need a subscription to Office 365 and a subscription to Azure that has been associated with your Office 365 subscription. You can use trial subscriptions to both Office 365 and Azure to get started. For more details, see Welcome to the Office 365 Developer Program.
Use the Azure Management Portal to register your application in Azure AD
After you have a Microsoft tenant with the proper subscriptions, you can register your application in Azure AD.
Sign into the Azure management portal, using the credential of your Microsoft tenant that has the subscription to Office 365 you wish to use. You can also access the Azure Management Portal via a link that appears in the left navigation pane in the Office admin portal.
In the left navigation panel, choose Active Directory (1). Make sure the Directory tab (2) is selected, and then select the directory name (3).
On the directory page, select Applications. Azure AD displays a list of the applications currently installed in your tenancy.
Choose Add.
Select Add an application my organization is developing.
Enter the NAME of your application and specify the Type as WEB APPLICATION AND/OR WEB API.
Enter the appropriate App properties:
SIGN-ON URL. The URL where users can sign in and use your app. You can change this later as needed.
APP ID URI. The URI used as a unique logical identifier for your app. The URI must be in a verified custom domain for an external user to grant your app access to their data in Windows Azure AD. For example, if your Microsoft tenant is contoso.onmicrosoft.com, the APP ID URI could be https://app.contoso.onmicrosoft.com.
Your app is now registered with Azure AD, and has been assigned a client ID. However, there are several important aspects of your app left to configure.
Configure your application properties in Azure AD
Now that your application is registered, there are several important properties you must specify that determine how your application functions within Azure AD and how tenant admins will grant consent to allow your application to access their data by using the Office 365 Management APIs.
For more information about Azure AD application configuration in general, see Application Object Properties.
CLIENT ID. This value is automatically generated by Azure AD. Your application will use this value when requesting consent from tenant admins and when requesting app-only tokens from Azure AD.
APPLICATION IS MULTI-TENANT. This property must be set to YES to allow tenant admins to grant consent to your app to access their data by using the Office 365 Management APIs. If this property is set to NO, your application will only be able to access your own tenant's data.
REPLY URL. This is the URL that a tenant admin will be redirected to after granting consent to allow your application to access their data by using the Office 365 Management APIs. You can configure multiple reply URLs as needed. Azure automatically sets the first one to match the sign-on URL you specified when you created the application, but you can change this value as needed.
Be sure to choose Save after making any changes to these properties.
Generate a new key for your application
Keys, also known as client secrets, are used when exchanging an authorization code for an access token.
In the Azure Management Portal, select your application and choose Configure in the top menu. Scroll down to keys.
Select the duration for your key, and choose Save.
Azure displays the app secret only after saving it. Select the Clipboard icon to copy the client secret to the Clipboard.
Important
Azure only displays the client secret at the time you initially generate it. You cannot navigate back to this page and retrieve the client secret later.
Configure an X.509 certificate to enable service-to-service calls
An application that is running in the background, such as a daemon or service, can use client credentials to request app-only access tokens without repeatedly requesting consent from the tenant admin after initial consent is granted.
For more information, see Service to Service Calls Using Client Credentials.
You must configure an X.509 certificate with your application to be used as client credentials when requesting app-only access tokens from Azure AD. There are two steps to the process:
Obtain an X.509 certificate. You can use a self-signed certificate or a certificate issued by publicly trusted certificate authority.
Modify your application manifest to include the thumbprint and public key of your certificate.
The following instructions show you how to use the Visual Studio or Windows SDK makecert tool to generate a self-signed certificate and export the public key to a base64-encoded file.
From the command line, run the following:
Note
When you are generating the X.509 certificate, make sure the key length is at least 2048. Shorter key lengths are not accepted as valid keys.
Open the Certificates MMC snap-in and connect to your user account.
Find the new certificate in the Personal folder and export the public key to a base64-encoded file (for example, mycompanyname.cer). Your application will use this certificate to communicate with Azure AD, so make sure you retain access to the private key as well.
Note
You can use Windows PowerShell to extract the thumbprint and base64-encoded public key. Other platforms provide similar tools to retrieve properties of certificates.
From the Windows PowerShell prompt, type and run the following:
Store the values for
$base64Thumbprint,$base64Value, and$keyidto be used when you update your application manifest in the next set of steps.Using the values extracted from the certificate and the generated key ID, you must now update your application manifest in Azure AD.
In the Azure Management Portal, select your application and choose Configure in the top menu.
In the command bar, choose Manage manifest, and then choose Download Manifest.
Open the downloaded manifest for editing and replace the empty KeyCredentials property with the following JSON:
Note
The KeyCredentials property is a collection, making it possible to upload multiple X.509 certificates for rollover scenarios or delete certificates for compromise scenarios.
Save your changes and upload the updated manifest by choosing Manage manifest in the command bar, choosing Upload manifest, browsing to your updated manifest file, and then selecting it.
Specify the permissions your app requires to access the Office 365 Management APIs
Finally, you need to specify exactly what permissions your app requires of the Office 365 Management APIs. To do so, you add access to the Office 365 Management APIs to your app, and then you specify the permission(s) you need.
In the Azure Management Portal, select your application, and choose Configure in the top menu. Scroll down to permissions to other applications, and choose Add application.
Select the Office 365 Management APIs (1) so that it appears in the Selected column (2), and then select the check mark in the lower right (3) to save your selection and return to the main configuration page for your application.
The Office Management APIs now appear in the list of applications to which your application requires permissions. Under both Application Permissions and Delegated Permissions, select the permissions your application requires. Refer to the specific API reference for more details about each permission.
Note
There are currently four unused permissions related to activity reports and threat intelligence that will be removed in the future. Do not select any of these permissions because they are unnecessary.
Choose Save to save the configuration.
Get Office 365 tenant admin consent
Now that your application is configured with the permissions it needs to use the Office 365 Management APIs, a tenant admin must explicitly grant your application these permissions in order to access their tenant's data by using the APIs. To grant consent, the tenant admin must sign in to Azure AD by using the following specially constructed URL, where they can review your application's requested permissions. This step is not required when using the APIs to access data from your own tenant.
The redirect URL must match or be a sub-path under one of the Reply URLs configured for your application in Azure AD.
For example:
You can test the consent URL by pasting it into a browser and signing in using the credentials of an Office 365 admin for a tenant other than the tenant that you used to register the application. You will see the request to grant your application permission to use the Office Management APIs.
After choosing Accept, you are redirected to the specified page, and there will be a code in the query string.
For example:
Your application uses this authorization code to obtain an access token from Azure AD, from which the tenant ID can be extracted. After you have extracted and stored the tenant ID, you can obtain subsequent access tokens without requiring the tenant admin to sign in. Capture one 20 for nikon.
Request access tokens from Azure AD
How To Get Microsoft 365 For Free
There are two methods for requesting access tokens from Azure AD:
The Authorization Code Grant Flow involves a tenant admin granting explicit consent, which returns an authorization code to your application. Your application then exchanges the authorization code for an access token. This method is required to obtain the initial consent that your application needs to access the tenant data by using the API, and this first access token is needed in order to obtain and store the tenant ID.
The Client Credentials Grant Flow allows your application to request subsequent access tokens as old ones expire, without requiring the tenant admin to sign in and explicitly grant consent. This method must be used for applications that run continuously in the background calling the APIs once the initial tenant admin consent has been granted.
Request an access token using the authorization code
After a tenant admin grants consent, your application receives an authorization code as a query string parameter when Azure AD redirects the tenant admin to your designated URL.
Your application makes an HTTP REST POST to Azure AD to exchange the authorization code for an access token. Because the tenant ID is not yet known, the POST will be to the 'common' endpoint, which does not have the tenant ID embedded in the URL:
The body of the POST contains the following:
Sample request
The body of the response will include several properties, including the access token.
Sample response
The access token that is returned is a JWT token that includes information about both the admin that granted consent and the application requesting access. The following shows an example of an un-encoded token. Your application must extract the tenant ID 'tid' from this token and store it so that it can be used to request additional access tokens as they expire, without further admin interaction.
Sample token
Request an access token by using client credentials
After the tenant ID is known, your application can make service-to-service calls to Azure AD to request additional access tokens as they expire. These tokens include information only about the requesting application and not about the admin that originally granted consent. Service-to-service calls require that your application use an X.509 certificate to create client assertion in the form of a base64-encoded, SHA256 signed JWT bearer token.
Get Office 365 Students Free
When you are developing your application in .NET, you can use the Azure AD Authentication Library (ADAL) to create client assertions. Other development platforms should have similar libraries.
How To Get Office 365
An un-encoded JWT token consists of a header and payload that have the following properties.
Sample JWT token
The client assertion is then passed to Azure AD as part of a service-to-service call to request an access token. When using client credentials to request an access token, use an HTTP POST to a tenant-specific endpoint, where the previously extracted and stored tenant ID is embedded in the URL.
The body of the POST contains the following:
Sample request
Get Office 365 Group Members Powershell
The response will be the same as before, but the token will not have the same properties, because it does not contain properties of the admin that granted consent.
Sample response
Get Office 365
Sample access token
Build your app
Now that you have registered your app in Azure AD and configured it with the necessary permissions, you're ready to build your app. The following are some of the key aspects to consider when designing and building your app:
The consent experience. To obtain consent from your customers, you must direct them in a browser to the Azure AD website, using the specially constructed URL described previously, and you must have a website to which Azure AD will redirect the admin once they grant consent. This website must extract the authorization code from the URL and use it to request an access token from which it can obtain the tenant ID.
Store the tenant ID in your system. This will be needed when requesting access tokens from Azure AD and when calling the Office Management APIs.
Managing access tokens. You will need a component that requests and manages access tokens as needed. If your app calls the APIs periodically, it can request tokens on demand, or if it calls the APIs continuously to retrieve data, it can request tokens at regular intervals (for example, every 45 minutes).
Implement a webhook listener as needed by the particular API you are using.
Data retrieval and storage. You'll need a component that retrieves data for each tenant, either by using continuous polling or in response to webhook notifications, depending on the particular API you are using.