Is Microsoft 365 Business Email Free? (w/Examples) + FAQs

No, Microsoft 365 Business Email is not free in the traditional sense. Microsoft does not offer a permanently free business email plan tied to your own domain name. The core product, Exchange Online inside Microsoft 365, is a paid subscription service. However, there are several legal and lawful ways to use Microsoft email tools at no cost, including the free consumer Outlook.com service, a one-month free trial of Microsoft 365 Business Standard, and genuinely free grants for qualifying nonprofits and schools through Office 365 A1.

The problem most small business owners face is the gap between marketing language and federal compliance law. The Federal Trade Commission’s CAN-SPAM Act requires every commercial email to carry a valid physical postal address and accurate header information, and a free personal email address can look deceptive to regulators. The consequence is civil penalties of up to $53,088 per non-compliant email under the FTC’s 2024 adjusted rules, which remain in force through 2026.

A 2025 Radicati Group report estimated that more than 4.48 billion people use email worldwide, and small businesses send an average of 121 emails per employee per day. Choosing the wrong tier or misreading the word “free” can cost a company thousands of dollars and, in regulated industries like healthcare, trigger HIPAA enforcement by the HHS Office for Civil Rights.

Here is what you will learn in this guide:

• 📧 Exactly which Microsoft 365 email products are free, trial-based, or paid, with 2026 U.S. list prices.
• ⚖️ How federal laws like CAN-SPAM, HIPAA, and the FTC Endorsement Guides shape your email choices.
• 🏢 Real named scenarios for a realtor, a dental practice, an e-commerce founder, and a law firm.
• 🛠️ A step-by-step setup walkthrough covering domains, MX, SPF, DKIM, and DMARC records.
• 🚫 The 10 most expensive mistakes buyers make and exactly how to avoid each one.

The Short Answer: Free, Trial, or Paid?

Microsoft 365 Business Email, in the branded sense of a mailbox at [email protected] hosted on Exchange Online, is a paid service. Microsoft’s Business plan comparison page shows four primary small-business tiers as of April 2026, and none of them are permanently free. The only way a business lawfully uses Microsoft email at zero dollars over the long term is through a qualifying nonprofit grant, an accredited education tenant, or the consumer Outlook.com service without a custom domain.

The word “free” causes real legal risk when founders mix personal Outlook.com addresses with commercial messages. Under the CAN-SPAM Act 15 U.S.C. § 7704, every commercial electronic message must avoid misleading header information and must include a clear opt-out mechanism. The consequence of using a free consumer address that spoofs a brand name is a deceptive-header violation, which the FTC treats as a separate offense for every recipient.

An example helps. Priya launches a handmade candle shop and uses her personal “[email protected]” address to send a Black Friday promotion to 2,000 subscribers. If the subject line promises a refund from a different brand, each of those 2,000 emails can count as its own violation, stacking penalties into seven figures. A common misconception is that small senders are exempt, but CAN-SPAM applies to any “commercial electronic mail message” regardless of volume.

Free Consumer Outlook.com

Outlook.com is Microsoft’s free webmail service, and it is a true no-cost option. You get a mailbox at outlook.com, hotmail.com, or live.com with 15 GB of storage and basic calendar and contacts features. It is fine for a pre-revenue hobby project, and it is not fine for a registered LLC that wants to build brand trust.

The consequence of relying on Outlook.com for business is lost credibility and weaker deliverability. Enterprise spam filters penalize messages from free consumer domains, and Google’s 2024 sender requirements now require bulk senders to authenticate with SPF, DKIM, and DMARC, which you cannot configure on an Outlook.com address. A common misconception is that adding a signature with your business name is enough to look professional, but it does not pass the authentication test that inboxes perform silently.

A real-world example makes this clear. Marcus runs a freelance web-design studio and uses “[email protected]” on his invoices. His proposals land in clients’ spam folders, and two clients tell him they almost deleted his contract. The fix is a $6 per user per month mailbox tied to marcusdesigns.com.

Microsoft 365 Free Trials

Microsoft offers a one-month free trial of Microsoft 365 Business Standard for up to 25 users. The trial includes the full Exchange Online mailbox, Microsoft Teams, OneDrive, and the desktop Office apps. At day 31, Microsoft charges the credit card on file unless you cancel through the Microsoft 365 admin center.

The consequence of forgetting to cancel is an automatic annual commitment in some regions, and a partial refund fight if you dispute after the grace window. Microsoft’s cancellation policy allows a full refund inside the first seven days of a new paid term and prorated credit after that. A common misconception is that the trial can be extended indefinitely by creating new tenants, but Microsoft links trials to payment instruments and billing addresses and flags duplicates.

Anita opens a coffee-truck business and starts a Business Standard trial on March 1, 2026. She forgets to cancel, and on April 1 her card is billed $150 for a one-year commitment at $12.50 per user per month. She calls support on April 5 and receives a full refund because she is inside the seven-day window, but she loses access the same day.

Microsoft 365 for Nonprofits and Education

Qualifying 501(c)(3) nonprofits can receive Microsoft 365 Business Basic free for up to 300 users through the Microsoft Tech for Social Impact program. Accredited K-12 and higher-education institutions receive Office 365 A1 free for faculty and students, including Exchange Online mailboxes and OneDrive. These are the only two permanent free business-email pathways Microsoft offers.

The consequence of claiming a nonprofit grant without proper IRS documentation is account termination and back-billing. Microsoft verifies eligibility through TechSoup or an internal check that looks at IRS Publication 78 data and state charity registrations. A common misconception is that a small LLC organized for social good qualifies, but only formally recognized tax-exempt entities and qualifying public libraries and museums pass the review.

Reverend James leads a 200-member community church that is a registered 501(c)(3). He applies through TechSoup, uploads the IRS determination letter, and receives 25 free Business Basic licenses within seven business days, saving the church roughly $1,800 per year in email costs.

Microsoft 365 Business Plan Prices in 2026

Microsoft updated its small-business pricing on August 1, 2025, and the structure remains in effect in 2026. The tiers are built so that the cheapest plan, Microsoft 365 Business Basic, gives you web and mobile Outlook only, while higher tiers unlock desktop apps and advanced security. Every paid tier is billed per user per month, and annual commitments cost less than month-to-month.

The consequence of buying the wrong tier is either overspending on desktop licenses you never install or under-buying and losing features your team relies on. Microsoft allows mid-term plan changes through the admin center, but downgrades can remove user data if a license is stripped without a proper retention hold. A common misconception is that licenses are pooled across a company, but each seat must be assigned to one named user, and shared mailboxes use a separate free allocation up to 50 GB.

Deepa runs a five-person accounting firm and assumes Business Premium is overkill, so she buys Business Basic at $7.20 per user per month. After a ransomware scare in January 2026, she learns that Microsoft Defender for Business, Intune device management, and Azure Information Protection only come with Business Premium, and she upgrades to $26.40 per user per month.

Price and Feature Comparison Table

Exchange Online Standalone Plans

Microsoft sells Exchange Online as a standalone product for businesses that do not need the Office apps. Exchange Online Plan 1 costs $4.80 per user per month and gives a 50 GB mailbox with a custom domain. Exchange Online Plan 2 costs $9.60 per user per month, doubles the mailbox to 100 GB, and adds unlimited archiving and built-in data loss prevention.

The consequence of choosing Plan 1 for a healthcare practice is shallow retention and weak discovery, which can break a subpoena response or a HIPAA audit trail. A common misconception is that standalone Exchange is cheaper because it skips Office, but most teams end up buying Apps for Business on top, arriving at roughly the same monthly spend as Business Standard.

Dr. Chen runs a six-dentist practice. She picks Exchange Online Plan 2 at $9.60 per user per month for archiving and adds Apps for Business at $10.20, totaling $19.80. Business Standard at $15.00 would have been cheaper and would include Teams for telehealth check-ins.

Federal Laws That Shape Your Email Choice

U.S. federal law does not require a business to use a custom domain, and it does not require a paid plan. Federal law does, however, require that commercial email meet the CAN-SPAM standard, that protected health information travel under a HIPAA-compliant pathway, and that endorsements and testimonials follow the FTC Endorsement Guides at 16 C.F.R. Part 255. Free personal email services usually fail at least one of these tests for a serious commercial operation.

CAN-SPAM Act and the FTC

The CAN-SPAM Act of 2003 governs every commercial message a U.S. sender transmits. The plain-English rule is that you cannot lie in the header, you cannot lie in the subject line, you must identify the message as an ad if it is one, you must include a valid postal address, and you must honor opt-outs within 10 business days. The consequence of a violation is up to $53,088 per email under the FTC’s 2024 civil penalty inflation adjustments, a figure courts apply per message and per recipient.

A common misconception is that transactional emails are exempt from all rules, but only the opt-out and subject-line rules relax for true transactional content, and the no-lying rule still applies. Jamal owns an online sneaker store and sends an order-confirmation email that also pushes a flash sale. The hybrid message becomes commercial under FTC guidance, and Jamal must include an unsubscribe link or face enforcement.

HIPAA and Business Associate Agreements

Any email service that handles protected health information must operate under a Business Associate Agreement, or BAA. Microsoft offers a HIPAA BAA for Microsoft 365 and Exchange Online at no extra charge when you hold an eligible commercial subscription, including Business Basic, Business Standard, and Business Premium. The consequence of sending PHI through a free Outlook.com mailbox is a HIPAA breach, which HHS can fine at up to $2,134,831 per violation category per year under the 2024 inflation-adjusted penalty tiers.

A common misconception is that encryption alone creates HIPAA compliance, but the BAA paperwork, the access controls, and the audit logs all matter just as much. Dr. Patel emails a patient a lab result from her personal Outlook.com mailbox without a BAA, and a stolen laptop exposes the message. OCR can assess willful-neglect penalties because Dr. Patel never covered the tool under a BAA.

State Data-Privacy Laws

State laws layer onto federal rules. The California Consumer Privacy Act and California Privacy Rights Act require businesses that meet the revenue or data thresholds to honor consumer access and deletion requests, and email records count as personal information. The Texas Data Privacy and Security Act and the Virginia Consumer Data Protection Act impose similar duties. The consequence of not being able to search a free mailbox for a deletion request is a statutory penalty that can reach $7,500 per intentional violation in California.

A common misconception is that email retention policies do not matter for small firms, but every state privacy law that applies to your business also applies to the email records you keep. Olivia runs a Texas e-commerce brand with $35 million in annual revenue and must produce every email exchange about a consumer within 45 days of a request, a job that is impossible inside a shared Gmail inbox but routine inside Microsoft Purview eDiscovery.

Three Popular Scenarios

The cheapest path depends on the business model. The three scenarios below show how founders pair the right Microsoft tier with their legal obligations.

Scenario 1: Freelancer Starting Out

Scenario 2: Regulated Small Business

Scenario 3: Nonprofit or School

Named Examples to Model

A rule means more when you see it happen to someone. The four named examples below show the decision path from cost to compliance.

Sarah is a solo real estate agent in Austin, Texas. She drops her personal Gmail signature and buys Business Basic at $7.20 per month plus a $14 domain at sarahsellsatx.com. Her new MLS-linked emails authenticate with SPF, DKIM, and DMARC inside the Microsoft 365 admin center, and her open rate rises 22 percent in the first quarter because her messages stop landing in spam.

Dr. Nguyen runs a four-provider pediatric clinic in Chicago, Illinois. She moves off a free ISP email account, signs the HIPAA BAA with Microsoft, and picks Business Standard so her front desk can run Teams telehealth visits. The clinic avoids a $100,000 OCR audit finding that hit a neighboring practice using unencrypted consumer email.

Tyler launches a Shopify storefront from his apartment in Miami, Florida. He takes the one-month free Business Standard trial, builds his welcome series inside Outlook, and cancels at day 28 because he finds a cheaper bundle. He keeps a Business Basic seat for the founder inbox at [email protected] and uses Mailchimp for the broadcast list, a legal split under CAN-SPAM.

Attorney Ruiz joins a five-lawyer firm in Denver, Colorado. He insists on Business Premium for conditional access and Intune mobile-device wipe, and he signs the Microsoft Data Protection Addendum to cover the firm’s privilege duties. A stolen phone at a deposition is wiped in under ten minutes, and the firm avoids a malpractice claim.

Setting Up Microsoft 365 Business Email

Microsoft’s setup wizard walks you through every step, and the only hands-on work lives at your domain registrar. The plain-English flow is that you buy licenses, connect or buy a domain, add DNS records, create user mailboxes, and then migrate existing email. The consequence of rushing the DNS step is broken mail flow, which can take 24 to 72 hours to repair because DNS caches worldwide hold the old records.

A common misconception is that Microsoft handles DNS for every registrar, but Microsoft only auto-configures a short list of partners like GoDaddy, and every other registrar needs manual records. Benji buys his domain at a small reseller, skips the manual SPF record, and watches three days of outbound sales emails bounce before he learns what SPF does.

Domain, MX, SPF, DKIM, and DMARC

The mail-exchange, or MX, record tells the internet where to deliver mail for your domain. Microsoft’s MX value looks like yourdomain-com.mail.protection.outlook.com, and it must have the lowest priority number in your DNS zone. The consequence of a missing MX record is zero inbound email, and the consequence of a duplicate MX record is looping delivery and bounced replies.

Sender Policy Framework, or SPF, tells receiving servers which IPs may send mail for your domain. Microsoft’s SPF value is v=spf1 include:spf.protection.outlook.com -all. The consequence of a soft-fail tilde or a missing record is higher spam-folder rates at Gmail and Yahoo.

DomainKeys Identified Mail, or DKIM, adds a cryptographic signature to every outbound message. You must enable DKIM inside the Microsoft Defender portal and publish two CNAME records. The consequence of skipping DKIM in 2026 is near-guaranteed spam placement at bulk-mail thresholds under the Gmail and Yahoo sender requirements.

Domain-based Message Authentication, Reporting, and Conformance, or DMARC, ties SPF and DKIM together with a policy. The best starting value is v=DMARC1; p=quarantine; rua=mailto:[email protected]; pct=100. The consequence of a missing DMARC record is rejection at major inboxes, because Gmail, Yahoo, and Apple Mail now require it for senders above 5,000 messages per day.

Migrating from Another Provider

Microsoft offers three migration paths inside the Exchange admin center. The IMAP migration tool moves messages from Gmail, Yahoo, or any IMAP server. The cutover migration moves an entire on-premises Exchange org under 150 mailboxes in one pass. The hybrid migration serves larger orgs that need staged cutovers.

The consequence of picking the wrong migration path is data loss, repeated logins, or calendar corruption. A common misconception is that IMAP migration also moves contacts and calendars, but IMAP by design moves mail only, and contacts and calendars need a separate export and import. Valeria moves 18 users from Google Workspace to Business Standard using IMAP and learns two days later that her shared calendars did not come along, costing her team a full day of rebuilding meeting invites.

Mistakes to Avoid

The most expensive errors are administrative, not technical. Each one listed below has taken a real business to small-claims court or to an FTC settlement.

• Using a free Outlook.com or Gmail address on a business website, which triggers lower sender reputation and can violate CAN-SPAM header rules, costing up to $53,088 per message in civil penalties.
• Forgetting to cancel the Business Standard free trial, which locks the buyer into an annual commitment and a refund fight after day seven.
• Buying Microsoft 365 Apps for Business assuming it includes email, when it does not, which leaves the team without Exchange Online and forces a second purchase.
• Sending protected health information without a Microsoft HIPAA BAA in place, which exposes the practice to OCR penalties of up to $2,134,831 per violation category per year.
• Publishing an SPF record that lacks include:spf.protection.outlook.com, which causes Microsoft-sent mail to land in spam at Gmail and Yahoo.
• Skipping DKIM because “it already works,” which fails the 2024 Gmail and Yahoo sender rules and drops promotional deliverability below 50 percent.
• Assigning one license to two people, which violates the Microsoft Product Terms and can end in license true-up charges during a compliance audit.
• Deleting a departed employee’s account without placing a litigation hold, which destroys evidence the business may owe in discovery.
• Running nonprofit licenses on a for-profit subsidiary’s mail, which voids the grant and triggers back-billing at full list price.
• Ignoring the Microsoft 365 service health dashboard during an outage, which leaves users blaming the IT team for a problem Microsoft is already fixing.

Do’s and Don’ts

The day-to-day choices below keep a Microsoft 365 email tenant healthy, legal, and affordable.

Do’s

• Do buy a custom domain, because brand-matching email raises trust and meets CAN-SPAM header expectations.
• Do enforce multi-factor authentication on every account, because 99 percent of account takeovers come from stolen passwords per Microsoft’s 2025 Digital Defense Report.
• Do sign the HIPAA BAA before any clinical user sends a single message, because the BAA is a precondition to compliant PHI transmission.
• Do configure SPF, DKIM, and DMARC on day one, because the records take minutes to publish and stop most spoofing attempts.
• Do enable Microsoft Purview retention policies, because a documented retention schedule satisfies state privacy-law obligations.

Don’ts

• Do not forward business email to a personal Gmail, because the forwarded copy sits outside the BAA and outside retention.
• Do not share mailbox passwords between partners, because shared credentials break the CAN-SPAM accuracy rule for header identity.
• Do not keep ex-employees as active licenses, because each active license is a CAN-SPAM liability and a monthly bill you do not need.
• Do not rely on the default password policy, because Microsoft recommends passwordless authentication with Windows Hello or FIDO2 keys.
• Do not ignore DMARC reports, because the daily aggregate report shows you who is trying to spoof your domain.

Pros and Cons of Microsoft 365 Business Email

Microsoft 365 sits at the top of the small-business email market, and it earns that position through bundled value and not through low price. Looking at both sides helps the buyer see whether the spend is worth it.

Pros

• Tight integration with Word, Excel, PowerPoint, and Teams saves the buyer from stitching tools together, reducing total cost of ownership.
• The included HIPAA BAA makes regulated industries compliant at no extra charge, which is a clear advantage over most free services.
• Enterprise-grade security through Defender and Intune lets a five-person firm match a large-enterprise security posture.
• Predictable annual pricing lets the founder forecast cash flow, which a free tier with hidden upsell costs cannot match.
• Deep DNS and authentication support, including SPF, DKIM, and DMARC, gives better deliverability than free consumer email.

Cons

• The per-user price climbs quickly as headcount grows, and a 50-person startup can spend $15,000 a year on Business Standard.
• The admin center has a learning curve, and first-time IT administrators can misconfigure licensing or DNS.
• Outlook on the web lacks some desktop features, so Business Basic users lose advanced rules and offline access.
• Microsoft support response times on lower tiers can lag behind competitors like Google Workspace, especially for phone escalation.
• Vendor lock-in is real, and migrating off Microsoft 365 later requires careful export of mail, calendars, and OneDrive data.

Microsoft 365 vs. Other Free or Cheap Options

No single email product fits every business. The table below compares Microsoft 365 Business Basic with the free and low-cost alternatives most founders weigh.

The consequence of picking a free tier like Zoho Mail Free for a 10-person company is a cap that forces a rush migration later, and the consequence of relying on ISP email is weak SPF support and frequent spam placement.

Microsoft 365 Nonprofit and Education Deep Dive

Microsoft’s Tech for Social Impact program is the single largest source of genuinely free business-grade email in the United States. Eligible nonprofits get Business Basic free for up to 300 users, and they receive Business Premium at roughly 75 percent off list price. The program also discounts Microsoft 365 E3 and E5 for larger orgs. The consequence of not applying is leaving $2,000 per user per year on the table for enterprise-tier tools.

A common misconception is that nonprofit eligibility renews automatically, but Microsoft reverifies annually through the nonprofit portal, and a lapsed 990 or a revoked IRS status ends the grant. Director Kim of a Seattle youth-arts nonprofit sets a calendar reminder each June to refresh the nonprofit dashboard, and her organization never loses a day of free licensing.

Accredited schools follow a parallel track. Office 365 A1 is free for faculty, staff, and students, and it includes Exchange Online, Teams for Education, OneDrive, and the web versions of Word, Excel, and PowerPoint. Office 365 A3 and A5 add desktop apps and advanced security at discounted per-user rates. The consequence of mixing personal student email with an A1 tenant is FERPA exposure, because the Family Educational Rights and Privacy Act treats student email records as education records.

Microsoft 365 for Healthcare: HIPAA in Practice

Healthcare providers face the strictest rules around business email. The HIPAA Privacy Rule and HIPAA Security Rule require administrative, physical, and technical safeguards on every system that touches protected health information. Microsoft signs a BAA at no extra cost for any commercial Microsoft 365 subscription, and the BAA lives inside the Microsoft Service Trust Portal.

The consequence of missing a BAA is a per-violation fine tier that starts at about $141 and tops out at about $2,134,831 per category per year under the HHS 2024 inflation adjustments. A common misconception is that encryption inside Outlook makes PHI email automatically compliant, but encryption is one of many required safeguards, and access logging, audit controls, and workforce training all must be in place.

Nurse Practitioner Adams at a rural Kentucky clinic sends a referral email from a personal iCloud account and copies a patient’s lab result inline. The clinic reports the breach, and OCR opens a corrective-action plan. Had the same message gone through Business Standard with the signed BAA and Purview auditing, the clinic would have met its duty under 45 C.F.R. § 164.312.

State Nuances You Should Not Ignore

Beyond federal rules, state privacy laws reshape how business email must be retained, searched, and deleted. The California Privacy Rights Act created the California Privacy Protection Agency, which now enforces deletion and opt-out rules and can fine up to $7,500 per intentional violation. Microsoft 365 Business Premium gives a California-based business the Purview tools needed to find and delete consumer data inside mailboxes.

The Texas Data Privacy and Security Act took effect July 2024 and applies to most businesses that process personal data in Texas. The consequence of missing a consumer request deadline in Texas is civil penalties enforced by the Texas Attorney General. A common misconception is that Texas follows California’s revenue thresholds, but Texas applies more broadly with a small-business carve-out.

The Virginia Consumer Data Protection Act applies to companies that control the data of 100,000 Virginia consumers or earn 50 percent of their revenue from selling data on 25,000 consumers. New York, Colorado, Connecticut, Oregon, and Utah all have active comprehensive privacy statutes in 2026, and each imposes retention and response rules that a free consumer inbox cannot support.

Processes and Forms You Will Encounter

Every Microsoft 365 Business Email buyer fills out a few recurring forms. The admin center sign-up flow asks for the legal business name, the billing address, a primary admin email, and a credit card. The consequence of entering the wrong legal name is a later tax-exemption or nonprofit-verification failure, which can block discounts and the BAA.

The Microsoft Partner Center form lives on the path for any business that wants to buy through a Cloud Solution Provider instead of direct. The CSP route can bundle support and sometimes discount the plan below list, but it shifts the billing relationship away from Microsoft. A common misconception is that a CSP contract overrides Microsoft’s terms, but the underlying Microsoft Customer Agreement still governs the tenant.

The HIPAA BAA sits inside the Microsoft Service Trust Portal under the compliance manager section. A covered entity accepts the BAA by checking a box, and the acceptance binds both parties. The consequence of sharing a screenshot instead of preserving the signed record is an audit failure, and HHS OCR asks for dated BAA evidence in every investigation.

Recap of Key Rulings and Enforcement

The FTC has settled CAN-SPAM cases that every small business should know. In United States v. Adconion Direct, the 2019 consent judgment included a $150,000 civil penalty for hijacking IP space to send deceptive commercial email. In United States v. Jumio, Inc., the commission has focused on false header information, and the agency’s press releases at ftc.gov continue to name violators in 2025 and 2026.

HHS OCR has published resolution agreements that hinge on email practices. In one 2024 case, a covered entity paid $480,000 after a laptop with unsecured email attachments was stolen. The consequence language in OCR resolutions always requires a corrective-action plan, which forces an email provider upgrade if the free tool cannot log access. A common misconception is that a warning letter is the standard outcome, but OCR routinely levies six- and seven-figure settlements on repeat offenders.

State attorneys general have also acted. The California AG’s CCPA enforcement page lists multiple settlements for failure to honor consumer requests, and the Texas AG opened investigations in 2025 under the Texas Data Privacy and Security Act. These cases reinforce why even a free-email question like “Is Microsoft 365 Business Email Free?” is really a compliance question, not a pricing question.

FAQs

Is Microsoft 365 Business Email truly free forever?

No. Only qualifying 501(c)(3) nonprofits and accredited schools receive permanently free Microsoft 365 mailboxes. Every other business must buy a plan or accept a one-month trial.

Can I use Outlook.com for my business?

Yes, but only for low-stakes use. A consumer Outlook.com address lacks a custom domain, SPF, DKIM, and DMARC controls, and it fails trust and compliance tests that real businesses must pass.

Does Microsoft sign a HIPAA BAA for small businesses?

Yes. Microsoft offers a HIPAA Business Associate Agreement at no extra charge for any commercial Microsoft 365 subscription, including Business Basic, Standard, and Premium tiers.

Is the Microsoft 365 Business Standard free trial safe to test?

Yes, if you set a reminder. The trial runs 30 days for up to 25 users and converts to a paid annual plan unless you cancel inside the Microsoft admin center.

Do nonprofits really get Microsoft 365 Business Basic for free?

Yes. Eligible 501(c)(3) nonprofits receive Business Basic free for up to 300 users through Microsoft Tech for Social Impact and the TechSoup verification path.

Is Microsoft 365 Apps for Business enough for email?

No. That plan includes desktop Office apps and OneDrive but does not include Exchange Online mailboxes, so you must add a separate email plan.

Will switching to Microsoft improve my deliverability?

Yes, usually. Custom-domain mailboxes with SPF, DKIM, and DMARC land in inboxes more reliably than free consumer addresses under the 2024 Gmail and Yahoo sender rules.

Is Microsoft 365 Business Email cheaper than Google Workspace?

No, not by much. Microsoft 365 Business Basic at $7.20 per user beats Google Workspace Business Starter at $7.00 only after factoring Teams, OneDrive, and the HIPAA BAA included free.

Can I cancel Microsoft 365 and get a refund?

Yes, within seven days of a new annual term. After that, Microsoft prorates the refund, and monthly plans cancel at the end of the current billing cycle.

Is using a free personal email address on a business website illegal?

No, not automatically. It is not per se illegal, but it can violate CAN-SPAM header rules, weaken trust, and fail HIPAA, FTC, and state privacy obligations in regulated industries.

Does Microsoft 365 Business Premium include everything I need for compliance?

Yes, for most small businesses. Business Premium bundles Defender, Intune, Entra ID P1, and Purview, which together cover HIPAA, CAN-SPAM, and most state privacy obligations.

Can I run Microsoft 365 Business Email on my existing domain?

Yes. You connect any domain you own through the setup wizard, and Microsoft guides you through the MX, SPF, DKIM, and DMARC DNS changes at your registrar.