20347A ENU Companion PDF

O F F I C I A L M I C R O S O F T L E A R N I N G P R O D U C T
20347A
Enabling and Managing Office 365
Companion Content
ii Enabling and Managing Office 365
Information in this document, including URL and other Internet Web site references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with
any real company, organization, product, domain name, e-mail address, logo, person, place or event is
intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the
user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in
or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this document does not give you any license to these
patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding
these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a
manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links
may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not
responsible for the contents of any linked site or any link contained in a linked site, or any changes or
updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission
received from any linked site. Microsoft is providing these links to you only as a convenience, and the
inclusion of any link does not imply endorsement of Microsoft of the site or the products contained
therein.
2016 Microsoft Corporation. All rights reserved.

Microsoft and the trademarks listed at http://www.microsoft.com/trademarks are trademarks of the Microsoft
group of companies. All other trademarks are property of their respective owners
Product Number: 20347A
Released: 05/2016
MICROSOFT LICENSE TERMS
MICROSOFT INSTRUCTOR-LED COURSEWARE
These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its
affiliates) and you. Please read them. They apply to your use of the content accompanying this agreement which
includes the media on which you received it, if any. These license terms also apply to Trainer Content and any
updates and supplements for the Licensed Content unless other terms accompany those items. If so, those terms
apply.
BY ACCESSING, DOWNLOADING OR USING THE LICENSED CONTENT, YOU ACCEPT THESE TERMS.
IF YOU DO NOT ACCEPT THEM, DO NOT ACCESS, DOWNLOAD OR USE THE LICENSED CONTENT.
If you comply with these license terms, you have the rights below for each license you acquire.
1. DEFINITIONS.
a. Authorized Learning Center means a Microsoft IT Academy Program Member, Microsoft Learning
Competency Member, or such other entity as Microsoft may designate from time to time.
b. Authorized Training Session means the instructor-led training class using Microsoft Instructor-Led
Courseware conducted by a Trainer at or through an Authorized Learning Center.
c. Classroom Device means one (1) dedicated, secure computer that an Authorized Learning Center owns
or controls that is located at an Authorized Learning Centers training facilities that meets or exceeds the
hardware level specified for the particular Microsoft Instructor-Led Courseware.
d. End User means an individual who is (i) duly enrolled in and attending an Authorized Training Session
or Private Training Session, (ii) an employee of a MPN Member, or (iii) a Microsoft full-time employee.
e. Licensed Content means the content accompanying this agreement which may include the Microsoft
Instructor-Led Courseware or Trainer Content.
f. Microsoft Certified Trainer or MCT means an individual who is (i) engaged to teach a training session
to End Users on behalf of an Authorized Learning Center or MPN Member, and (ii) currently certified as a
Microsoft Certified Trainer under the Microsoft Certification Program.
g. Microsoft Instructor-Led Courseware means the Microsoft-branded instructor-led training course that
educates IT professionals and developers on Microsoft technologies. A Microsoft Instructor-Led
Courseware title may be branded as MOC, Microsoft Dynamics or Microsoft Business Group courseware.
h. Microsoft IT Academy Program Member means an active member of the Microsoft IT Academy
Program.
i. Microsoft Learning Competency Member means an active member of the Microsoft Partner Network
program in good standing that currently holds the Learning Competency status.
j. MOC means the Official Microsoft Learning Product instructor-led courseware known as Microsoft
Official Course that educates IT professionals and developers on Microsoft technologies.
k. MPN Member means an active Microsoft Partner Network program member in good standing.
l. Personal Device means one (1) personal computer, device, workstation or other digital electronic device
that you personally own or control that meets or exceeds the hardware level specified for the particular
Microsoft Instructor-Led Courseware.
m. Private Training Session means the instructor-led training classes provided by MPN Members for
corporate customers to teach a predefined learning objective using Microsoft Instructor-Led Courseware.
These classes are not advertised or promoted to the general public and class attendance is restricted to
individuals employed by or contracted by the corporate customer.
n. Trainer means (i) an academically accredited educator engaged by a Microsoft IT Academy Program
Member to teach an Authorized Training Session, and/or (ii) a MCT.
o. Trainer Content means the trainer version of the Microsoft Instructor-Led Courseware and additional
supplemental content designated solely for Trainers use to teach a training session using the Microsoft
Instructor-Led Courseware. Trainer Content may include Microsoft PowerPoint presentations, trainer
preparation guide, train the trainer materials, Microsoft One Note packs, classroom setup guide and Pre-
release course feedback form. To clarify, Trainer Content does not include any software, virtual hard
disks or virtual machines.
2. USE RIGHTS. The Licensed Content is licensed not sold. The Licensed Content is licensed on a one copy
per user basis, such that you must acquire a license for each individual that accesses or uses the Licensed
Content.
2.1 Below are five separate sets of use rights. Only one set of rights apply to you.
a. If you are a Microsoft IT Academy Program Member:

i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft
Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is
in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not
install the Microsoft Instructor-Led Courseware on a device you do not own or control.
ii. For each license you acquire on behalf of an End User or Trainer, you may either:
1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End
User who is enrolled in the Authorized Training Session, and only immediately prior to the
commencement of the Authorized Training Session that is the subject matter of the Microsoft
Instructor-Led Courseware being provided, or
2. provide one (1) End User with the unique redemption code and instructions on how they can
access one (1) digital version of the Microsoft Instructor-Led Courseware, or
3. provide one (1) Trainer with the unique redemption code and instructions on how they can
access one (1) Trainer Content,
provided you comply with the following:
iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid
license to the Licensed Content,
iv. you will ensure each End User attending an Authorized Training Session has their own valid licensed
copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized Training
Session,
v. you will ensure that each End User provided with the hard-copy version of the Microsoft Instructor-
Led Courseware will be presented with a copy of this agreement and each End User will agree that
their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement
prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required
to denote their acceptance of this agreement in a manner that is enforceable under local law prior to
their accessing the Microsoft Instructor-Led Courseware,
vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid
licensed copy of the Trainer Content that is the subject of the Authorized Training Session,
vii. you will only use qualified Trainers who have in-depth knowledge of and experience with the
Microsoft technology that is the subject of the Microsoft Instructor-Led Courseware being taught for
all your Authorized Training Sessions,
viii. you will only deliver a maximum of 15 hours of training per week for each Authorized Training
Session that uses a MOC title, and
ix. you acknowledge that Trainers that are not MCTs will not have access to all of the trainer resources
for the Microsoft Instructor-Led Courseware.
b. If you are a Microsoft Learning Competency Member:

User attending the Authorized Training Session and only immediately prior to the
commencement of the Authorized Training Session that is the subject matter of the Microsoft
Instructor-Led Courseware provided, or
2. provide one (1) End User attending the Authorized Training Session with the unique redemption
code and instructions on how they can access one (1) digital version of the Microsoft Instructor-
Led Courseware, or
3. you will provide one (1) Trainer with the unique redemption code and instructions on how they
can access one (1) Trainer Content,
iv. you will ensure that each End User attending an Authorized Training Session has their own valid
licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized
Training Session,
v. you will ensure that each End User provided with a hard-copy version of the Microsoft Instructor-Led
Courseware will be presented with a copy of this agreement and each End User will agree that their
use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to
providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to
denote their acceptance of this agreement in a manner that is enforceable under local law prior to
vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid
licensed copy of the Trainer Content that is the subject of the Authorized Training Session,
vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is
the subject of the Microsoft Instructor-Led Courseware being taught for your Authorized Training
Sessions,
viii. you will only use qualified MCTs who also hold the applicable Microsoft Certification credential that is
the subject of the MOC title being taught for all your Authorized Training Sessions using MOC,
ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and
x. you will only provide access to the Trainer Content to Trainers.
c. If you are a MPN Member:
User attending the Private Training Session, and only immediately prior to the commencement
of the Private Training Session that is the subject matter of the Microsoft Instructor-Led
Courseware being provided, or
2. provide one (1) End User who is attending the Private Training Session with the unique
redemption code and instructions on how they can access one (1) digital version of the
Microsoft Instructor-Led Courseware, or
3. you will provide one (1) Trainer who is teaching the Private Training Session with the unique
redemption code and instructions on how they can access one (1) Trainer Content,
iv. you will ensure that each End User attending an Private Training Session has their own valid licensed
copy of the Microsoft Instructor-Led Courseware that is the subject of the Private Training Session,
v. you will ensure that each End User provided with a hard copy version of the Microsoft Instructor-Led
Courseware will be presented with a copy of this agreement and each End User will agree that their
use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to
providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to
denote their acceptance of this agreement in a manner that is enforceable under local law prior to
vi. you will ensure that each Trainer teaching an Private Training Session has their own valid licensed
copy of the Trainer Content that is the subject of the Private Training Session,
vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is
the subject of the Microsoft Instructor-Led Courseware being taught for all your Private Training
Sessions,
viii. you will only use qualified MCTs who hold the applicable Microsoft Certification credential that is the
subject of the MOC title being taught for all your Private Training Sessions using MOC,
ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and
x. you will only provide access to the Trainer Content to Trainers.
d. If you are an End User:

For each license you acquire, you may use the Microsoft Instructor-Led Courseware solely for your
personal training use. If the Microsoft Instructor-Led Courseware is in digital format, you may access the
Microsoft Instructor-Led Courseware online using the unique redemption code provided to you by the
training provider and install and use one (1) copy of the Microsoft Instructor-Led Courseware on up to
three (3) Personal Devices. You may also print one (1) copy of the Microsoft Instructor-Led Courseware.
You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control.
e. If you are a Trainer.

i. For each license you acquire, you may install and use one (1) copy of the Trainer Content in the
form provided to you on one (1) Personal Device solely to prepare and deliver an Authorized
Training Session or Private Training Session, and install one (1) additional copy on another Personal
Device as a backup copy, which may be used only to reinstall the Trainer Content. You may not
install or use a copy of the Trainer Content on a device you do not own or control. You may also
print one (1) copy of the Trainer Content solely to prepare for and deliver an Authorized Training
Session or Private Training Session.
ii. You may customize the written portions of the Trainer Content that are logically associated with
instruction of a training session in accordance with the most recent version of the MCT agreement.
If you elect to exercise the foregoing rights, you agree to comply with the following: (i)
customizations may only be used for teaching Authorized Training Sessions and Private Training
Sessions, and (ii) all customizations will comply with this agreement. For clarity, any use of
customize refers only to changing the order of slides and content, and/or not using all the slides or
content, it does not mean changing or modifying any slide or content.
2.2 Separation of Components. The Licensed Content is licensed as a single unit and you may not
separate their components and install them on different devices.
2.3 Redistribution of Licensed Content. Except as expressly provided in the use rights above, you may
not distribute any Licensed Content or any portion thereof (including any permitted modifications) to any
third parties without the express written permission of Microsoft.
2.4 Third Party Notices. The Licensed Content may include third party code tent that Microsoft, not the
third party, licenses to you under this agreement. Notices, if any, for the third party code ntent are included
for your information only.
2.5 Additional Terms. Some Licensed Content may contain components with additional terms,
conditions, and licenses regarding its use. Any non-conflicting terms in those conditions and licenses also
apply to your use of that respective component and supplements the terms described in this agreement.
3. LICENSED CONTENT BASED ON PRE-RELEASE TECHNOLOGY. If the Licensed Contents subject

matter is based on a pre-release version of Microsoft technology (Pre-release), then in addition to the
other provisions in this agreement, these terms also apply:
a. Pre-Release Licensed Content. This Licensed Content subject matter is on the Pre-release version of
the Microsoft technology. The technology may not work the way a final version of the technology will
and we may change the technology for the final version. We also may not release a final version.
Licensed Content based on the final version of the technology may not contain the same information as
the Licensed Content based on the Pre-release version. Microsoft is under no obligation to provide you
with any further content, including any Licensed Content based on the final version of the technology.
b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, either directly or
through its third party designee, you give to Microsoft without charge, the right to use, share and
commercialize your feedback in any way and for any purpose. You also give to third parties, without
charge, any patent rights needed for their products, technologies and services to use or interface with
any specific parts of a Microsoft technology, Microsoft product, or service that includes the feedback.
You will not give feedback that is subject to a license that requires Microsoft to license its technology,
technologies, or products to third parties because we include your feedback in them. These rights
survive this agreement.
c. Pre-release Term. If you are an Microsoft IT Academy Program Member, Microsoft Learning
Competency Member, MPN Member or Trainer, you will cease using all copies of the Licensed Content on
the Pre-release technology upon (i) the date which Microsoft informs you is the end date for using the
Licensed Content on the Pre-release technology, or (ii) sixty (60) days after the commercial release of the
technology that is the subject of the Licensed Content, whichever is earliest (Pre-release term).
Upon expiration or termination of the Pre-release term, you will irretrievably delete and destroy all copies
of the Licensed Content in your possession or under your control.
4. SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some
rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more
rights despite this limitation, you may use the Licensed Content only as expressly permitted in this
agreement. In doing so, you must comply with any technical limitations in the Licensed Content that only
allows you to use it in certain ways. Except as expressly permitted in this agreement, you may not:
access or allow any individual to access the Licensed Content if they have not acquired a valid license
for the Licensed Content,
alter, remove or obscure any copyright or other protective notices (including watermarks), branding
or identifications contained in the Licensed Content,
modify or create a derivative work of any Licensed Content,
publicly display, or make the Licensed Content available for others to access or use,
copy, print, install, sell, publish, transmit, lend, adapt, reuse, link to or post, make available or
distribute the Licensed Content to any third party,
work around any technical limitations in the Licensed Content, or
reverse engineer, decompile, remove or otherwise thwart any protections or disassemble the
Licensed Content except and only to the extent that applicable law expressly permits, despite this
limitation.
5. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to
you in this agreement. The Licensed Content is protected by copyright and other intellectual property laws
and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the
Licensed Content.
6. EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and regulations.
You must comply with all domestic and international export laws and regulations that apply to the Licensed
Content. These laws include restrictions on destinations, end users and end use. For additional information,
see www.microsoft.com/exporting.
7. SUPPORT SERVICES. Because the Licensed Content is as is, we may not provide support services for it.
8. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you fail
to comply with the terms and conditions of this agreement. Upon termination of this agreement for any
reason, you will immediately stop all use of and delete and destroy all copies of the Licensed Content in
your possession or under your control.
9. LINKS TO THIRD PARTY SITES. You may link to third party sites through the use of the Licensed
Content. The third party sites are not under the control of Microsoft, and Microsoft is not responsible for
the contents of any third party sites, any links contained in third party sites, or any changes or updates to
third party sites. Microsoft is not responsible for webcasting or any other form of transmission received
from any third party sites. Microsoft is providing these links to third party sites to you only as a
convenience, and the inclusion of any link does not imply an endorsement by Microsoft of the third party
site.
10. ENTIRE AGREEMENT. This agreement, and any additional terms for the Trainer Content, updates and
supplements are the entire agreement for the Licensed Content, updates and supplements.
11. APPLICABLE LAW.

a. United States. If you acquired the Licensed Content in the United States, Washington state law governs
the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws
principles. The laws of the state where you live govern all other claims, including claims under state
consumer protection laws, unfair competition laws, and in tort.
b. Outside the United States. If you acquired the Licensed Content in any other country, the laws of that
country apply.
12. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws
of your country. You may also have rights with respect to the party from whom you acquired the Licensed
Content. This agreement does not change your rights under the laws of your country if the laws of your
country do not permit it to do so.
13. DISCLAIMER OF WARRANTY. THE LICENSED CONTENT IS LICENSED "AS-IS" AND "AS
AVAILABLE." YOU BEAR THE RISK OF USING IT. MICROSOFT AND ITS RESPECTIVE
AFFILIATES GIVES NO EXPRESS WARRANTIES, GUARANTEES, OR CONDITIONS. YOU MAY
HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT
CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, MICROSOFT AND
ITS RESPECTIVE AFFILIATES EXCLUDES ANY IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
14. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM
MICROSOFT, ITS RESPECTIVE AFFILIATES AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP
TO US$5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL,
LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.
This limitation applies to

o anything related to the Licensed Content, services, content (including code) on third party Internet
sites or third-party programs; and
o claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence,
or other tort to the extent permitted by applicable law.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The
above limitation or exclusion may not apply to you because your country may not allow the exclusion or
limitation of incidental, consequential or other damages.
Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this
agreement are provided below in French.
Remarque : Ce le contenu sous licence tant distribu au Qubec, Canada, certaines des clauses
dans ce contrat sont fournies ci-dessous en franais.
EXONRATION DE GARANTIE. Le contenu sous licence vis par une licence est offert tel quel . Toute
utilisation de ce contenu sous licence est votre seule risque et pril. Microsoft naccorde aucune autre garantie
expresse. Vous pouvez bnficier de droits additionnels en vertu du droit local sur la protection dues
consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties
implicites de qualit marchande, dadquation un usage particulier et dabsence de contrefaon sont exclues.
LIMITATION DES DOMMAGES-INTRTS ET EXCLUSION DE RESPONSABILIT POUR LES

DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages
directs uniquement hauteur de 5,00 $ US. Vous ne pouvez prtendre aucune indemnisation pour les autres
dommages, y compris les dommages spciaux, indirects ou accessoires et pertes de bnfices.
Cette limitation concerne:
tout ce qui est reli au le contenu sous licence, aux services ou au contenu (y compris le code)
figurant sur des sites Internet tiers ou dans des programmes tiers; et.
les rclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilit
stricte, de ngligence ou dune autre faute dans la limite autorise par la loi en vigueur.
Elle sapplique galement, mme si Microsoft connaissait ou devrait connatre lventualit dun tel dommage. Si
votre pays nautorise pas lexclusion ou la limitation de responsabilit pour les dommages indirects, accessoires
ou de quelque nature que ce soit, il se peut que la limitation ou lexclusion ci-dessus ne sappliquera pas votre
gard.
EFFET JURIDIQUE. Le prsent contrat dcrit certains droits juridiques. Vous pourriez avoir dautres droits
prvus par les lois de votre pays. Le prsent contrat ne modifie pas les droits que vous confrent les lois de votre
pays si celles-ci ne le permettent pas.
Revised July 2013

Planning and provisioning Office 365 1-1
Module 1
Planning and provisioning Office 365
Contents:
Lesson 1: Overview of Office 365 2
Lesson 2: Provisioning an Office 365 tenant 4

Lesson 3: Planning a pilot deployment 6
Module Review and Takeaways 8
Lab Review Questions and Answers 9

1-2 Enabling and Managing Office 365
Lesson 1
Overview of Office 365
Contents:
Question and Answers 3
Resources 3
Question and Answers
Discussion: How will you use Office 365 in your organization?

Question: What are your organizations business requirements?
Answer: Answers will vary, because each organization will have its own scenario for Office 365
deployment.
Question: How will Office 365 meet your organizations business requirements?
deployment.
Question: Which Office 365 subscription would be most suitable for your organization?
deployment.
Resources
Office 365 core components
Additional Reading: For more information, refer to Office 365 Service Descriptions:
http://aka.ms/iv18pg
Office 365 Education, Nonprofit, and Government subscriptions
Additional Reading: For more information, refer to Office 365 Education:

http://aka.ms/c2imoj
Additional Reading: For more information, refer to Office 365 Nonprofit plans and
pricing: http://aka.ms/wnd4wq
Additional Reading: For more information, refer to Office 365 plans at Government
pricing: http://aka.ms/knev43
Lesson 2
Provisioning an Office 365 tenant
Contents:
Resources 5

Question: What are the steps involved in the process of creating a tenant account for Office 365?
Answer: The steps involved in the process of creating a tenant account for Office 365 are:
1. Select the Office 365 plan you will use for a trial.
2. Ensure you have a valid email account (organizational or Live ID will work fine).
3. Click the trial link on the Office 365 website.

4. Enter the correct information for your organization.
5. Complete the sign-in process by validating the text message or phone call.
Question: What factors should you consider when planning a custom domain?
Answer: Consider the following factors when you planning a custom domain:
Multiple domains. Plan to add the main domain that your company currently uses,
along with any other domain that it uses for email messages within the
organization.
Subdomains. You might want to register subdomains if you need them for your
organization subsidiaries.
Domain adding order. You must add root domains before subdomains.
DNS record hosting. Communicate with the organization that will host your
domains about the changes needed for Office 365 deployment, such as A, CNAME,
TXT and MX records.
Resources
Configuring DNS records for custom domains
Additional Reading: For more information, refer to External Domain Name System records
for Office 365: http://aka.ms/d67qkh
Lesson 3
Planning a pilot deployment
Contents:
Resources 7

Question: How does an Office 365 pilot compare to the traditional deployment process?
Answer: Some of the main differences between an Office 365 pilot and the traditional
deployment process are:
With the traditional deployment approach, it might take the organization several
weeks or even months to reach the migration phase.
With the Office 365 pilot FastTrack deployment approach, customers can:
o Experience the value of Office 365 much earlier than with traditional
deployment methodologies.
o Evolve into features as and when required.
o Determine how far to proceed with Office 365 migration.
Resources
Comparing an Office 365 pilot to the traditional deployment process
Additional Reading: For more information, refer to FastTrack for Office 365:
http://aka.ms/il5z8i
Gathering customer requirements
Additional Reading: For more information, refer to Office 365 FastTrack Planning:
http://aka.ms/se9j3a
Overview of deployment tools
Additional Reading: For more information, refer to FastTrack for Office 365:
http://aka.ms/il5z8i
Additional Reading: For more information, refer to Office 365 for IT pros:
http://aka.ms/kl703e
Additional Reading: For more information, refer to FastTrack for Office Blogs:
http://aka.ms/t1mgkg
Additional Reading: For more information, refer to Office 365 Trust Center:
http://aka.ms/j0074t
Additional Reading: For more information, refer to Office 365 Service Descriptions:
http://aka.ms/gxsbad
Additional Reading: For more information, refer to Office 365 Roadmap:
http://aka.ms/Kgo4ds
Additional Reading: For more information, refer to Software Assurance Planning Services:
http://aka.ms/leudft
Module Review and Takeaways

Best Practices
Best practices for this stage of the Office 365 deployment process are:
Ensure that you understand the organizations need for Office 365.
Identify any in-house services that are not going to transition to Office 365.
Recruit the right people to be pilot users.
Check that you have suitable infrastructure to support a connection to Office 365.
Review Question(s)
Question: If you are selected to lead the Pilot at A. Datum Corporation, what personal qualities, skills, and
experience would you need to demonstrate to maximize the probability of the organization moving to
the pilot phase?
Answer: If time permits, facilitate the discussion. The following qualities will be useful:
Professional appearance
Confidence
Technical knowledge
Listening skills
Effective note-taking
Experience of chairing meetings

All of these qualities, skills, and experience will help ensure that the organization has
confidence in your ability to deliver the pilot and then move the organization to Office
365.
Lab Review Questions and Answers

Lab: Provisioning Office 365
Question: Why is it important to specify the correct country when you set up an Office 365 account?
Answer: It is important to specify the correct country because some facilities are restricted on a
country-by-country basis, and you cannot change the country after you have set up the account.
Question: What ports need to be open to ensure client communications with the Office 365 environment,
and for what are those ports and protocols used?
Answer: The main port that must be open is 443 for encrypted web traffic.
Protocol /Port Usage
TCP 443 Office 365 My Company Portal

Outlook 2010 and Office Outlook 2007
Microsoft Entourage 2008 for Mac Exchange Web
Services/Outlook for Mac 2011
Outlook Web App
SharePoint Online
PSOM/TLS 443 Skype for Business Online (outbound data sharing sessions)
STUN/TCP 443 Skype for Business Online (outbound audio, video, and
application sharing sessions)
TCP 10106*** Connects to xsi.outlook.com for Outlook Web App (not

essential)
TCP 995 POP3(S)
TCP 587 SMTP(S) Relay with POP3
STUN/UDP 3478 Skype for Business Online (outbound audio and video sessions)
TCP 5223 Skype for Business mobile client push notifications
RTP/UDP 50000-50019 Outbound Skype for Business (outbound audio sessions)
RTP/UDP 50020-50039 Outbound Skype for Business (outbound video sessions)
TCP 50040-50059 Outbound Skype for Business Application sharing and file
transfer
Managing Office 365 users and groups 2-1
Module 2
Managing Office 365 users and groups
Contents:
Lesson 1: Managing user accounts and licenses 2
Lesson 2: Managing passwords and authentication 4

Lesson 3: Managing security groups in Office 365 6
Lesson 4: Managing Office 365 users and groups with Windows PowerShell 8
Lesson 5: Configuring administrative access 10


Lesson 1
Managing user accounts and licenses
Contents:
Resources 3

Question: What types of user accounts are available in Office 365?
Answer: The following types of user accounts are available in Office 365:
Cloud identitieswhen using these, you create and manage users in Office 365
only.
Directory synchronized identities by using an on-premises directory service to

synchronize with Office 365.
Federated identities by using Active Directory Federation Services (AD FS).
Resources
Deleting and recovering user accounts
Additional Reading: For more information, refer to How to troubleshoot deleted user
accounts in Office 365, Azure, and Intune: http://aka.ms/prede5
For more information, refer to Manage inactive mailboxes in Exchange Online:
http://aka.ms/qlb3b1
Lesson 2
Managing passwords and authentication
Contents:

Question: What password policy options are available in Office 365?
Answer: The following password policy options are available in Office 365:
Password expiration policy:
o Specify the number of days until the password expires.
o Specify the number of days for the user notification warning about the
password expiration.
Resetting user passwords:
o Create a new temporary password for users.

Resetting admin passwords:
o You can ask another administrator to reset it for you.
o Reset it yourself.
Question: How can you enable multi-factor authentication in Office 365 and what multi-authentication
options are available?
Answer: An administrator enables multi-factor authentication on a per-user basis. Multi-factor
authentication options in Office 365 include:
Call my mobile phone
Text code to my mobile phone

Call my office phone
Notify me through app

Show one-time code in app
Lesson 3
Managing security groups in Office 365
Contents:

Question: List the three types of mail-enabled groups in Exchange Online in Office 365.
Answer: The three types of mail-enabled groups in Exchange Online in Office 365 are:
Distribution groups. Use these groups only to distribute messages to a set of
recipients.
Mail-enabled security groups. Use these groups to distribute messages and to

provide access to resources.
Dynamic distribution groups. These groups do not have a predefined member list,
because they use recipient filters and conditions that you define to determine
membership dynamically at the time that messages are sent.
Lesson 4
Managing Office 365 users and groups with Windows
PowerShell
Contents:
Resources 9
Resources
Overview of managing Office 365 by using Windows PowerShell
Additional Reading: For a detailed list of Azure management cmdlets, refer to

AzureADHelp: http://aka.ms/rlunlo
Managing users and licenses by using Windows PowerShell
Additional Reading: For more information, refer to How to troubleshoot deleted user
accounts in Office 365, Azure, and Intune: http://aka.ms/g5rx76
Lesson 5
Configuring administrative access
Contents:

Question: What are the administrator roles that you can assign in Office 365?
Answer: The administrator roles that you can assign:

Global administrator
Billing administrator
Password administrator
Service administrator
User management administrator
Exchange Online administrator

Skype for Business Online administrator
SharePoint Online administrator


Best Practices
Always perform detailed planning for user and group management, and check the plan in a test
Office 365 tenant before deploying in production.
Plan and test user administrative tasks to improve user management efficiency and to eliminate
errors in the production environment, especially when running Windows PowerShell scripts.
Plan for multi-factor authentication to help administrators choose the authentication method
that suits their organizational security requirements.
Plan administrative roles to distribute administrative tasks according to organizational security
and business requirements.
Review Question(s)
Question: What is the most efficient way of creating user accounts if your organization decides to
migrate to Office 365?
Answer: Answers will vary depending on the type of identities that you use in an organization.
The types of identities include:
Cloud identities. An administrator exports user accounts from the Active Directory
site and performs bulk import into Office 365.
Directory synchronized identities by using an on-premises directory service to

synchronize with Office 365.
Federated identities by using AD FS. When using federated identities, administrators
manage users on-premises and synchronize on-premises directory objects with
Office 365. The process where users sign in only once is referred to as single sign-on
(SSO).
Question: How will you configure Office 365 password policies in your organization, and will you use
multi-factor authentication?
Answer: Answers might vary, but possible answers might include:
Some organizations configure a longer period before passwords expire, and some
organizations shorten the period because of security restrictions.
Some organizations want to strengthen security and enable multi-factor

authentication.
Question: Why is it more convenient to assign permissions to security groups than to users?
Answer: Assigning permissions to security groups helps makes administering security for
resources easier and more efficient. When you assign permissions to groups, administrators
control group membership only to provide users with appropriate permission levels. For example,
if a user needs a permission level, the administrator includes that user as a member of the
appropriate group that has preassigned permissions. Removing the user from the group removes
permissions from the user that were assigned because of a group membership.
Question: In which management scenarios will you use Office 365 with Windows PowerShell rather than
the Office 365 admin center?
Answer: Use Windows PowerShell in scenarios where bulk object management is necessary,
whereas, if you need to configure a single setting, the Office 365 admin center is more
convenient.
Question: In which scenarios will you use RBAC in Office 365?

Answer: Use RBAC in enterprise organizations where multiple administrator teams have
responsibilities for different aspects of Office 365 administration, such as managing users, groups,
subscriptions, and passwords. Smaller organizations might not use RBAC because only a few
administrators are responsible for all types of administrative tasks.

Lab A: Managing Office 365 users and passwords
Question: After creating a user account, what account settings are available for you to edit in the Active
Users window of the Office 365 admin center?
Answer: In the Active Users window of the Office 365 admin center, an administrator can
perform the following editing tasks for a user account:
Reset password, edit user roles, delete, edit, and add to group
Edit the primary email address
Edit the assigned license

Edit Microsoft Office installations
Edit mailbox permissions

Edit Exchange properties
Edit Skype for Business properties
Question: What password policy settings are available in Office 365?
Answer: In Office 365, the following password policy settings are available:
Set passwords to never expire
Number of days before passwords expire

Days before a user is notified that their password will expire
Lab B: Managing Office 365 groups and administration

Question: How would you design your group structure to minimize adding and removing people from
groups?
Answer: Use nested groups and assign permissions to the group rather than to individual users.
Question: What should you do before you can use Windows PowerShell to administer users and groups
in Office 365?
Answer: Run Azure AD module for Windows PowerShell with administrative rights, and then run
the Connect-msol command. Provide the credentials of an account that has global admin or
user management admin rights.
Question: Why would you create multiple administrative roles in Office 365 by using role-based access
control (RBAC)?
Answer: RBAC provides predefined permissions assigned to different users or groups. By using
RBAC, you can separate administrative tasks for different administrators according to
organizational security and business requirements. For example, some administrators are
responsible for managing user and group accounts, and other administrators are responsible for
assigning appropriate Office 365 licenses to users.
Configuring client connectivity to Microsoft Office 365 3-1
Module 3
Configuring client connectivity to Microsoft Office 365
Contents:
Lesson 1: Planning for Office 365 clients 2
Lesson 2: Planning connectivity for Office 365 clients 4

Lesson 3: Configuring connectivity for Office 365 clients 6

Lesson 1
Planning for Office 365 clients
Contents:
Resources 3
Resources
Office Online
Additional Reading: For more information, refer to Differences between using a document
in the browser and in Word: http://aka.ms/b2wwul
Additional Reading: For more information, refer to Differences between using a notebook
in the browser and in OneNote: http://aka.ms/js6f8w
Additional Reading: For more information, refer to How certain features behave in
PowerPoint Online: http://aka.ms/edhcwl
Additional Reading: For more information, refer to Differences between using a workbook
in the browser and in Excel: http://aka.ms/sc8n0n
Additional Reading: For more information on browser requirements, refer to Office Online
browser support: http://aka.ms/jv2cok
Lesson 2
Planning connectivity for Office 365 clients
Contents:
Resources 5

Question: Which tools will you use for evaluating network connectivity for Office 365?
Answer: The Office 365 health, readiness, and connectivity checks; Microsoft Office 365 Best
Practices Analyzer; and the Microsoft Office 365 Client Performance Analyzer tool.
Question: What is Autodiscover?
Answer: The Autodiscover service in Office 365 provides configuration information that Outlook
requires to create a clients configuration profile. The Autodiscover service provides profile
settings to Outlook 2007, Outlook 2010, Outlook 2013, Outlook 2016, and Lync and Skype for
Business clients.
Question: Which tools will you use to troubleshoot client connectivity with Office 365?
Answer: You will use the Microsoft Remote Connectivity Analyzer tool and the Office 365 Client
Performance Analyzer tool.
Resources
Requirements for network infrastructure
Additional Reading: For more information on the list of ports, refer to Ports and protocols
used by Office 365: http://aka.ms/ifj2gl
Additional Reading: For more information on IP-based filtering, refer to Office 365 URLs
and IP address ranges: http://aka.ms/Rploze
Requirements for network bandwidth
Additional Reading: For more information, refer to Exchange Client Network Bandwidth
Calculator: http://aka.ms/r7m054
Additional Reading: For more information, refer to Skype for Business, Bandwidth
Calculator: http://aka.ms/i6jsff
What is Autodiscover?
Additional Reading: You can find the Remote Connectivity Analyzer tool at the following
URL: http://aka.ms/ppl6h8
Troubleshooting client connectivity
Additional Reading: For more information on the specific error conditions that are
identified by the Microsoft Connectivity Analyzer Tool, and for help on resolving the issue, refer
to the Microsoft Connectivity Analyzer Tool: http://aka.ms/aphk3s
Lesson 3
Configuring connectivity for Office 365 clients
Contents:
Resources 7

Question: Outlook uses which protocols to connect to Office 365?
Answer: Outlook can connect to Office 365 by using either MAPI over HTTP or Outlook
Anywhere (RPC over HTTP).
Question: What steps should you perform to enable MDM in Office 365?
Answer: To enable MDM in Office 365, you must perform the following steps:
1. Activate MDM in Office 365.
2. Set up MDM for Office 365.
3. Set up device security policies.

4. Enroll users.
5. Manage devices.
Resources
Working with Office Online
Additional Reading: For more information on Office Online, refer to Office Online Service
Description: http://aka.ms/qla0s5
Configuring the OneDrive for Business client
Additional Reading: For more information, refer to What is OneDrive for Business?:
http://aka.ms/p9wzus

Best Practice
Planning is the key to a successful Office 365 client deployment, and your planning process
should include:
o Analyzing Office 365 clients and deciding which clients meet the organizations business
requirements.
o Performing a detailed review of all DNS record changes that are needed for Office 365
deployment process. Without a proper DNS configuration, there might be issues when
clients connect to Office 365 services.
o Planning network connectivity. When you migrate your infrastructure to Office 365, all
of your organizations resources are hosted in the cloud. Therefore, you need a reliable
Internet connection to support client connections to Office 365.
o Planning changes that you need to configure in your organizations network
infrastructure, such as firewalls and internal DNS servers that provide connectivity to
Office 365.
o Preparing a thorough support plan for users to help them transition to Office 365
services.

Lab: Configuring client connectivity to Office 365
Question: Why do you need to edit the DNS configuration, and add the canonical name (CNAME),
service (SRV), and MX records?
Answer: You add the CNAME and SRV records to configure the Autodiscover service, and then
after you configure the CNAME and SRV records, Outlook and Skype for Business clients are able
to connect to Exchange Online and Skype for Business Online services in Office 365. You also
configure the MX record so that external email servers can locate and send email to Exchange
Online in Office 365.
Question: How can you verify that the Autodiscover service in Office 365 is properly configured?
Answer: Use Remote Connectivity Analyzer to simulate client connections. Open Outlook and
Skype for Business clients, and then verify that the clients can connect to Exchange Online and
Skype for Business Online services in Office 365.
Planning and configuring directory synchronization 4-1
Module 4
Planning and configuring directory synchronization
Contents:
Lesson 1: Planning and preparing for directory synchronization 2
Lesson 2: Implementing directory synchronization by using Azure AD Connect 4

Lesson 3: Managing Office 365 identities with directory synchronization 6

Lesson 1
Planning and preparing for directory synchronization
Contents:
Resources 3
Resources
Planning directory synchronization
Additional Reading: For more information, refer to the Azure Hybrid Identity Design
Considerations Guide: http://aka.ms/ibuqek
Prerequisites for directory synchronization
Additional Reading: For more information, refer to You receive a "This company has
exceeded the number of objects that can be synchronized" error in a directory synchronization
report: http://aka.ms/r4x1q4
Additional Reading: For more information, refer to Prepare Active Directory and domains:
http://aka.ms/xwdxic
Additional Reading: For more information, refer to Prepare for directory synchronization:
http://aka.ms/esbu4f
Preparing for directory synchronization
Additional Reading: For more information, refer to Directory synchronization and source
of authority: http://aka.ms/fvexdc
Additional Reading: For more information, refer to Prepare for directory synchronization:
http://aka.ms/e1d0ft
Additional Reading: For more information, refer to Readiness Checks:
http://aka.ms/b3lsxp
Additional Reading: For more information, refer to IdFix DirSync Error Remediation Tool:
http://aka.ms/sr02nb
Lesson 2
Implementing directory synchronization by using
Azure AD Connect
Contents:
Resources 5
Resources
Azure AD Connect requirements
Additional Reading: For more information, refer to Office 365 URLs and IP address ranges:
http://aka.ms/A4c1kq
Azure AD Connect customized synchronization
Additional Reading: For more information, refer to Configuring Alternate Login ID:
http://aka.ms/nqh5gc
Azure AD Connect monitoring features
Additional Reading: For more information, refer to Monitor your on-premises identity
infrastructure and synchronization services in the cloud: http://aka.ms/dqaaps
Lesson 3
Managing Office 365 identities with directory
synchronization
Contents:
Resources 7
Resources
Managing users with directory synchronization
Additional Reading: For more information on how to troubleshoot deleted user accounts
in Office 365 is available at the following link, refer to: http://aka.ms/cmof9n
Additional Reading: For more information, refer to Getting all Licensed Office 365 users
with PowerShell: http://aka.ms/me03qp
Additional Reading: For more information, refer to How to Use PowerShell to
Automatically Assign Licenses to Your Office 365 Users: http://aka.ms/pwr39r
Modifying directory synchronization
Additional Reading: For more information, refer to Azure AD Connect sync: Configure
Filtering: http://aka.ms/au8smo
Monitoring directory synchronization
Additional Reading: For more information, refer to AzureADHelp: http://aka.ms/pfsm1x
Troubleshooting directory synchronization
Additional Reading: For more information, refer to Directory synchronization and source
of authority: http://aka.ms/cdm2kk
Additional Reading: For more ore information, refer to How to troubleshoot Azure Active
Directory Sync tool installation and Configuration Wizard errors: http://aka.ms/bz5cjw

Best Practices
You must have a proper project plan.
If using filtering, it should be set up before synchronizing any objects.
You should work with a cloud services partner.
You should perform thorough capacity planning.
You should remediate AD DS before deploying directory synchronization.
You should add all SMTP domains as verified domains before synchronizing.
Review Question(s)
Question: What are some of the typical issues that can arise if UPN suffixes are not properly configured
before directory synchronization is deployed?
Answer: If directory synchronization has already been deployed, the users UPN for Office 365
might not match the users on-premises UPN defined in AD DS; this can occur if the user was
assigned an Office 365 subscription license before the domain was verified.
Real-world Issues and Scenarios

Because directory synchronization is the link between your on-premises AD DS objects and the services in
Office 365, be very careful when making changes to Azure AD Connect or the Synchronization Service
Manager after production deployment. For example, a minor mistake in filtering could accidentally delete
all user mailboxes in Office 365 very quickly.
In some environments, you might test all changes on a separate directory synchronization server in test
that is connected to a separate Office 365 tenant (trial). In addition, you should manually initiate run
profiles for each management agent in Synchronization Service Manager and observe the pending actions
before exporting to Office 365. In some cases, it might be a good idea to create a new run profile for
exporting to Azure AD that includes a maximum limit on the number of allowed deletions.
Tools
IdFix. The Office 365 IdFix tool provides you the ability to identify and remediate the majority of object
synchronization errors in your AD DS forests in preparation for deployment to Office 365.
Common Issues and Troubleshooting Tips

Common Issue Troubleshooting Tip
Directory synchronization filtering is no It is important to be on the latest version of the

longer working. directory synchronization tool, because the link on
the Office 365 admin center is always directed to
the most current release. However, when
upgrading to a new version of the tool, all existing
filters and other management agent
customizations will not automatically import into
the new installation. If you are upgrading to a
newer version of directory synchronization, you
must always manually reapply filtering
configurations after you upgrade, but before you
run the first synchronization cycle.
After installing Azure AD Connect, you Add the appropriate Azure AD Connect domain
might be prompted with the following user account to the ADSyncAdmins group and sign

error message when you open out and then sign in. The domain user account that
Synchronization Service Manager: is signed in during installation of Azure AD
"Unable to connect to the Synchronization Connect is automatically added to group, but will
Service." still need to sign off/on before successfully
opening Synchronization Service Manager.

Lab: Configuring directory synchronization
Question: How do you configure OU level filtering for directory synchronization?
Answer: Synchronization Service Manager is used to configure details of the synchronization

tasks to be performed during directory synchronization operations, including configuration of
OU level filtering.
Feedback: While there are two tools for managing the three filtering configuration types of
Azure AD Connect (Synchronization Service Manager and Synchronization Rules Editor), the
Synchronization Service Manager is the only tool you can use to manage filtering of OUs in
Azure AD Connect.
Planning and deploying Office 365 ProPlus 5-1
Module 5
Planning and deploying Office 365 ProPlus
Contents:
Lesson 1: Overview of Office 365 ProPlus 2
Lesson 2: Planning and managing user-driven Office 365 ProPlus deployments 4

Lesson 3: Planning and managing centralized deployments of Office 365 ProPlus 6
Lesson 4: Office Telemetry and reporting 8

Lesson 1
Overview of Office 365 ProPlus
Contents:
Resources 3
Resources
Overview of Office 365 deployment
Additional Reading: For more information, refer to Uninstall Office 2013, Office 2016, or
Office 365 from a Windows computer: http://aka.ms/imbv8i
Additional Reading: For more information, refer to Office 2016 Deployment Guides for
Admins: http://aka.ms/v9e5xl
Office 365 ProPlus update branches
Additional Reading: For more information, refer to Reference for Click-to-Run

configuration.xml file: http://aka.ms/clh5x3 and Install the First Release build for Office 365 for
business customers: http://aka.ms/Qpy0w7
Lesson 2
Planning and managing user-driven Office 365
ProPlus deployments
Contents:
Resources 5
Resources
Managing user-driven installations
Additional Reading: For more information, refer to 64-bit editions of Office 2013:
http://aka.ms/qovxa7
Considerations for user-driven deployments
Additional Reading: For more information, refer to System requirements for Office:
http://aka.ms/ghq4zw
Additional Reading: For more information, refer to Office 365 mobile setup Help:
http://aka.ms/Ca6hpo
Lesson 3
Planning and managing centralized deployments of
Office 365 ProPlus
Contents:
Resources 7
Resources
Overview and customization of Office Deployment Tool
Additional Reading: For information, refer to Office Deployment Tool for Click-to-Run:
http://aka.ms/uic22i
Additional Reading: For more information, refer to Reference for Click-to-Run
configuration.xml file: http://aka.ms/clh5x3
Managing and deploying Office with Group Policy
Additional Reading: For more information, refer to Office 2016 Administrative Template
files (ADMX/ADML) and Office Customization Tool: http://aka.ms/bengwp
Lesson 4
Office Telemetry and reporting
Contents:
Resources 9
Resources
Deploying and configuring Office Telemetry
Additional Reading: For more information, refer to Manage the privacy of data monitored
by telemetry in Office: http://aka.ms/qhi35p
Office Telemetry considerations
Additional Reading: For more information, refer to Troubleshooting Telemetry Dashboard

deployments: http://aka.ms/ovxlg9

Lab: Managing Office 365 ProPlus installations
Question: Why do you need to edit the configuration.xml file when preparing to use managed
deployments of Office 365 ProPlus?
Answer: You use this configuration file to specify the Universal Naming Convention (UNC) path
to the shared folder containing the Office 365 Pro Plus source files, and also to specify products
and languages to install.
Question: How can you verify that the Click-to-Run service is running?
Answer: Use Task Manager, and in the Processes list, under Background processes, look for
Microsoft Office Click-to-Run. You can also click the Details tab, and look for
officeclicktorun.exe in the task list.
Planning and managing Exchange Online recipients and permissions 6-1
Module 6
Planning and managing Exchange Online recipients and
permissions
Contents:
Lesson 1: Overview of Exchange Online 2
Lesson 2: Managing Exchange Online recipients 4
Lesson 3: Planning and configuring Exchange Online permissions 6

Lesson 1
Overview of Exchange Online
Contents:
Resources 3

Question: How will your organization use Exchange Online?
Answer: Answers will vary based on students organizational needs.
Resources
Exchange Online features
Additional Reading: For more information on the new features in the latest version of
Exchange Online, refer to What's new in Exchange Online: http://aka.ms/S44j3g
Connect to Exchange Online from Windows PowerShell
Additional Reading: You can obtain the Microsoft Online Services Sign-In Assistant for IT
Professionals RTW from the Microsoft Download Center: http://aka.ms/vl42dg
Additional Reading: You can download the Azure Active Directory Module for Windows
PowerShell (64-bit version) here: http://aka.ms/Pwx3a9
Lesson 2
Managing Exchange Online recipients
Contents:
Resources 5

Question: A mail user is the same as a mailbox user.
( ) True
( ) False
Answer:
( ) True
() False
Feedback: A mail user combines some of the attributes of a full mailbox user with the
characteristics of a contact. The main difference between a mail user and a mailbox user is that
the mail user does not have a mailbox, although, unlike a contact, the mail user can sign in to
your Office 365 tenant.
Resources
Bulk importing contacts
Additional Reading: To download the sample .csv file, refer to Sample CSV file to bulk-
create external contacts in Exchange Online: http://aka.ms/t6ip2e
Lesson 3
Planning and configuring Exchange Online
permissions
Contents:

Question: What requirements does your organization have for assigning Exchange Online permissions?
Does your organization use a centralized or decentralized administration model? What special
permissions will you need to configure?
Answer: Answers will vary. In most organizations, a central team of Exchange administrators will
likely maintain full control of the Exchange environment, while another team might need
permissions to create mailboxes. Other organizations might have complicated administrative
scenarios in which different groups need many different permission levels.

Review Question(s)
Question: What do you need to do to manage your Exchange Online tenant by using Windows
PowerShell?
Answer: Before you can use Windows PowerShell to manage Exchange Online, you must connect
to it by following this procedure:
1. Install the Microsoft Azure Active Directory (Azure AD) module:
a. Microsoft Online Services Sign-In Assistant for IT Professionals
b. Azure Active Directory Module
2. Run the following Windows PowerShell script:
$credential = Get-Credential
Import-Module MsOnline
connect-msolservice credential $credential
$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -

ConnectionUri "https://outlook.office365.com/powershell-liveid/" -
Credential $credential -Authentication "Basic" -AllowRedirection
Import-PSSession $exchangeSession -DisableNameChecking

Question: What types of groups can you use in Exchange Online?
Answer: Exchange Online provides additional group features, which enable the creation of the
following group types:
Mail-enabled security groups
Mail-enabled distribution groups
Mail-enabled dynamic distribution groups


Lab: Managing Exchange Online recipients and permissions
Question: What Windows PowerShell cmdlet can you use to add a mail-enabled security group to your
Exchange Online subscription?
Answer: You can use the New-DistributionGroup cmdlet. For example:

New-DistributionGroup -Name "File Server Managers" -Alias
fsadmin -Type security
Question: In the lab, you ran the Set-CalendarProcessing "Conference Room" -AutomateProcessing
AutoAccept cmdlet. What do the -AutomateProcessing AutoAccept switches do?
Answer: The switches configure the room mailbox to process booking requests automatically.
Planning and configuring Exchange Online services 7-1
Module 7
Planning and configuring Exchange Online services
Contents:
Lesson 1: Planning and configuring email flow in Office 365 2
Lesson 2: Planning and configuring email protection in Office 365 4

Lesson 3: Planning and configuring client access policies 6
Lesson 4: Migrating to Exchange Online 8

Lesson 1
Planning and configuring email flow in Office 365
Contents:
Resources 3

Question: You have a trouble ticket to resolve that indicates that automatic replies and automatically
forwarded messages are being delivered outside of your Exchange organization. Furthermore, the ticket
indicates that this behavior needs to stop, and that you should not allow rule generated messages outside
your organization. What is the best way to implement these changes?
( ) Modify the default remote domain to block automatic replies and automatic forwarding.
( ) Create a new remote domain that blocks automatic replies and automatic forwarding.
( ) Use Set-OrganizationConfig to block automatic replies and automatic forwarding.
( ) Use a script to block automatic replies and automatic forwarding for all users.
( ) Create a transport rule to block automatic replies and automatic forwarding.
Answer:
() Modify the default remote domain to block automatic replies and automatic forwarding.
( ) Create a new remote domain that blocks automatic replies and automatic forwarding.
( ) Use Set-OrganizationConfig to block automatic replies and automatic forwarding.

( ) Use a script to block automatic replies and automatic forwarding for all users.
( ) Create a transport rule to block automatic replies and automatic forwarding.
Feedback: The default remote domain applies to all outbound messages by using the address
space of *. You must modify this to block automatic replies and automatic forwarding.
Question: After adding a domain to Office 365, you need to configure it as an accepted domain before
Exchange Online can use it for email reception.
( ) True
( ) False
Answer:
( ) True
() False
Feedback: When you add a domain to Office 365, Office 365 adds it automatically as an
accepted domain.
Resources
Overview of email flow in Office 365
Additional Reading: For information about customizing SPF records, refer to Customize an
SPF record to validate outbound email send from your domain: http://aka.ms/Bg0478
Lesson 2
Planning and configuring email protection in Office
365
Contents:
Resources 5

Question: Selecting the Enable safe list option in the connection filter reduces the risk of false positives.
( ) True
( ) False
Answer:
() True
( ) False
Feedback: The safe list is a list of email senders that Microsoft maintains that it knows to be safe
senders. Selecting the Enable safe list option ensures that EOP does not mark messages from
those safe senders as spam.
Question: What is the difference between spam and high-confidence spam?

Answer: Each incoming message receives an SCL value. The higher the SCL value, the higher the
likelihood that the message is spam. Messages marked as spam have an SCL value of 5 or 6.
Messages marked as high-confidence spam have an SCL value of 7 or higher.
Resources
Integrating EOP with on-premises Exchange servers
Additional Reading: For a list of IP addresses that EOP uses, refer to Exchange Online
Protection IP addresses:
http://aka.ms/Jbnjfg
Lesson 3
Planning and configuring client access policies
Contents:

Question: How does Office 365 differentiate between public and private computers that attempt to
connect to it?
Answer: By default, Office 365 considers all computers to be private. The differentiation between
public and private is relevant only when you have configured AD FS for single sign on (SSO). In
this scenario, Office 365 considers a sign-in from the internal network to be private and a sign-in
from the external network to be public.
Question: The default configuration for mobile devices quarantines all devices until an administrator
approves them.
( ) True
( ) False
Answer:
( ) True
() False
Feedback: The default configuration for mobile devices allows any type of mobile device to
connect as long as the user has Exchange ActiveSync enabled. Exchange ActiveSync is enabled for
all users by default.
Lesson 4
Migrating to Exchange Online
Contents:
Resources 11

Question: Your organization currently is using Gmail and Google Docs, and has decided to migrate to
Office 365 for email and file sharing. Which migration type should you use so your end users experience
the least amount of downtime?
( ) Cutover Exchange migration

( ) Staged Exchange migration
( ) IMAP migration
( ) PST migration
( ) Exchange Online hybrid mode
Answer:
() IMAP migration
( ) PST migration
Feedback: For a non-Exchange email system, the only two migration options are IMAP or PST.
An IMAP migration results in less downtime, because there is no lag waiting for historical data to
be imported.
Question: Your organization has an on-premises Exchange Server 2010 deployment, and wants to
migrate to Office 365. Your organization has 3,000 mailboxes, with an average mailbox size of 1 GB.
Which migration type should you use?

( ) IMAP migration
( ) PST migration
Answer:

( ) IMAP migration
( ) PST migration
() Exchange Online hybrid mode
Feedback: Exchange Online hybrid mode is the best choice for migrating from Exchange Server
2010 to Office 365. In hybrid mode, you can do an incremental migration, and there is no end-
user downtime. You cannot perform a cutover or staged Exchange migration, because those
migration types are for Exchange 2007 or Exchange 2003 only. An IMAP migration does migrate
calendars and contacts., and end users must wait for historical data to import to their new
mailboxes if you use a PST.
Question: A cutover migration batch continues synchronizing until you remove it.
( ) True
( ) False
Answer:
() True
( ) False
Feedback: After a cutover migration batch does an initial synchronization, it continues to

perform incremental synchronization until you remove the cutover migration batch. It is
important that the cutover migration batch is not removed until after you configure mail routing
to Office 365.
Sequencing Activity
Put the following steps for a staged Exchange migration in order, numbering each to indicate the correct
order from 1 through 9.
Steps
Assign Office 365 licenses to users
Convert on-premises mailboxes to mail-enabled users.
Update Autodiscover DNS records
Create the staged migration batch.
Configure directory synchronization.
Create a migration endpoint.
Delete all staged migration batches.
Configure a migration administrator account with Full Access permissions to the source
mailboxes.
Assign Office 365 licenses to users
Update MX records to change mail routing to Office 365.
Answer:
Steps
7 Assign Office 365 licenses to users
5 Convert on-premises mailboxes to mail-enabled users.
9 Update Autodiscover DNS records
4 Create the staged migration batch.
2 Configure directory synchronization.
3 Create a migration endpoint.

Steps
8 Delete all staged migration batches.
1 Configure a migration administrator account with Full Access permissions to the

source mailboxes.
7 Assign Office 365 licenses to users
6 Update MX records to change mail routing to Office 365.
Resources
Implementing a cutover Exchange migration
Additional Reading: For additional detailed information about performing a cutover

migration, refer to Perform a cutover migration email to Office 365: http://aka.ms/jhw5t9
Implementing a staged Exchange migration
Additional Reading: For more detailed information, refer to Convert Exchange 2007
mailboxes to mail-enabled users after a staged Exchange migration: http://aka.ms/nncsic
This link also has scripts to simplify the conversion process.
Additional Reading: For additional detailed information about performing a staged
Exchange migration, refer to Perform a staged migration of email to Office 365:
http://aka.ms/m3lpyu
Implementing an IMAP migration
Additional Reading: For additional information about IMAP migration, refer to What you
need to know about migrating your IMAP mailboxes to Office 365: http://aka.ms/crn236
Implementing a PST migration
Additional Reading: For detailed information about Importing PST files into Office 365,
refer to Import PST files to Office 365: http://aka.ms/G2n2p7
Implementing a public-folder migration
Additional Reading: For detailed information about migrating public folders to Office 365,
refer to Use batch migration to migrate legacy public folders to Office 365 and Exchange Online:
http://aka.ms/F6ncbt

Review Question(s)
Question: Why is it important not to remove the last on-premises Exchange server when directory
synchronization is in place?
Answer: Directory synchronization make the on-premises AD DS authoritative for most user
attributes. Therefore, all changes to users occur in AD DS. The Exchange management tools
require an Exchange server to be present on-premises to manage user attributes.
Question: You recently migrated all of your organizational mailboxes to Office 365. Many of your users
have mobile devices that connect by using Exchange ActiveSync. You security officer was shocked when
he saw that a user did not have a password on his mobile device. Why did this happen, and how can you
fix it?
Answer: The default mobile-device mailbox policy in Office 365 does not enforce any security
settings. You should work with your security officer to identify appropriate security settings and
modify the default mobile-device mailbox policy to enforce those settings.

Lab A: Configuring message transport in Exchange Online
Question: Why did you configure the journal rule to send messages to
journal@humongousinsurance.com instead of an Office 365 mailbox?
Answer: When you create a journal rule, it must point to an external email system. It is not
possible to configure a journal rule to send messages to an Office 365 mailbox.
Question: What formatting options are there for disclaimers in a transport rule?
Answer: You can format disclaimer text in a transport rule by using HTML. The <HR> tag that
this lab uses is HTML code for a horizontal rule that displayed when you sent the message to
alias@outlook.com.
Lab B: Configuring email protection and client policies

Question: Why did you configure different anti-spam settings for members of the sales group?
Answer: A false positive for Sales group members could result in lost sales, which might affect
business negatively. The separate anti-spam policy for the Sales group ensures that even if there
is a false positive, users still have access to the messages in their mailboxes.
Question: Why is it important to require a password on mobile devices?
Answer: It is easy to lose mobile devices, because they are small, and they can be targets for
thieves. When a mobile device is lost, a password provides some assurance that unauthorized
users do not have access to the devices data.
Planning and deploying Skype for Business Online 8-1
Module 8
Planning and deploying Skype for Business Online
Contents:
Lesson 1: Planning and configuring Skype for Business Online service settings 2
Lesson 2: Configuring Skype for Business Online users and client connectivity 5
Lesson 3: Planning voice integration with Skype for Business Online 7

Lesson 1
Planning and configuring Skype for Business Online
service settings
Contents:
Resources 3

Question: You are preparing your Windows 10 workstation to manage Skype for Business Online by using
the Windows PowerShell command-line interface. What software do you need to install on the computer?
( ) Windows PowerShell 3.0
( ) Microsoft Online Services Sign-In Assistant
( ) Skype for Business Online module for Windows PowerShell
( ) Windows Azure Active Directory module for Windows PowerShell
Answer:
( ) Windows PowerShell 3.0

( ) Microsoft Online Services Sign-In Assistant
() Skype for Business Online module for Windows PowerShell
( ) Windows Azure Active Directory module for Windows PowerShell

Feedback: Windows PowerShell is already installed on the Windows 10 operating system, and
the Microsoft Online Services Sign-In Assistant is not required. The Microsoft Azure Active
Directory module for Windows PowerShell is required to manage Office 365 accounts, but not to
manage Skype for Business Online.
Question: You can invite users from outside of your organization to Skype Meeting Broadcast, but only as
attendees, not as presenters.
( ) True
( ) False
Answer:
() True
( ) False
Feedback: Event team members must be from your organization.
Resources
Skype for Business Online subscription options
Additional Reading: For more information, refer to Skype for Business Compare plans:
http://aka.ms/vqcfmt
Additional Reading: For more information on the Skype for Business options that are
provided with Office 365 and Skype for Business Online stand-alone subscriptions, refer to Skype
for Business Online Service Description: http://aka.ms/eljskd
Network requirements for Skype for Business Online
Additional Reading: For more information on the domain names, URLs, IP addresses, and
port numbers that Office 365 and Skype for Business Online require, refer to Office 365 URLs and
IP address ranges: http://aka.ms/Ef9aum
Additional Reading: The Skype for Business Bandwidth Calculator is a tool that you can
use to calculate bandwidth requirements. You can download this tool from: http://aka.ms/h028y7
Additional Reading: For more information on Internet bandwidth usage for Office 365
services, refer to Network planning and performance tuning for Office 365: http://aka.ms/i09jrk
Connecting to Skype for Business Online by using Windows PowerShell
Additional Reading: For more information on using Windows PowerShell to perform

common administrative tasks in Skype for Business Online, refer to Quick reference: Using
Windows PowerShell to do common Skype for Business Online management tasks:
http://aka.ms/tbf95p
Additional Reading: For more information on specific Windows PowerShell cmdlets to
administer and configure Skype for Business Online, refer to The Skype for Business Online
cmdlets: http://aka.ms/b0gp7b
Configuring external communications
Additional Reading: For more information on how to configure an on-premises

environment to federate with Skype for Business Online, refer to Managing federation and
external access to Lync Server 2013: http://aka.ms/v748ur
Lesson 2
Configuring Skype for Business Online users and
client connectivity
Contents:
Resources 6

Question: You need to ensure that only specific users in your organization can communicate with users in
other organizations who are using Skype for Business. However, all other users in your organization
should be blocked. How would you configure Skype for Business Online to achieve this?
Answer: To configure this, you must first allow external access for the organization, and then you
must disable external communication for the users who should be blocked from communicating
with external users.
Resources
Skype for Business Online client options
Additional Reading: For more information on the available Skype for Business features for
different clients, refer to Client comparison tables for Skype for Business Server 2015:
http://aka.ms/us67gj
Additional Reading: For more information on the available Skype for Business features for
different mobile device platforms, refer to Mobile client comparison tables for Skype for Business:
http://aka.ms/mrxvgx
Lesson 3
Planning voice integration with Skype for Business
Online
Contents:
Resources 8

Question: Cloud PBX is a relatively new offering in Skype for Business Online. Do you think that your
organization will be interested in this feature? What changes would you need to make in your
organization to start using Cloud PBX?
Answer: Answers will vary. Cloud PBX is likely to appeal to organizations that are based in the
United States and that are looking at replacing a PBX system. Most organizations would need to
plan carefully to ensure that their Internet connection has enough bandwidth and is reliable
enough to support telephony.
Resources
Overview of voice integration options
Additional Reading: For more information on the licensing requirements for each of the
voice integration options, refer to Skype for Business Online licensing overview:
http://aka.ms/tm4tg0
Planning dial-in conferencing
Additional Reading: For more information on the features that ACPs and Microsoft dial-in
conferencing provide, refer to Dial-in conferencing in Office 365: http://aka.ms/Dt6jbp
PSTN Calling service
Additional Reading: For more information on the PSTN voice-calling plans, refer to Skype
for Business Online PSTN services use terms: http://aka.ms/gv7f7f
Additional Reading: For more information on now to port existing phone numbers to
Office 365, refer to Transfer phone numbers over to Skype for Business Online:
http://aka.ms/I3rygm
Additional Reading: For more information on how to configure an emergency address,
refer to Add or remove an emergency address for your organization: http://aka.ms/meu76q
PSTN connectivity with an on-premises solution
Additional Reading: For more information on how to plan for and configure PSTN
connectivity through an existing Skype for Business Server deployment, refer to:
http://aka.ms/jawfqa
http://aka.ms/ul1d3b
Reference Links: For more information on how to plan for and configure Cloud Connector
edition, refer to:
http://aka.ms/otqqzu
http://aka.ms/hmurjm
Planning a Cloud PBX solution
Additional Reading: For more information, refer to ExpressRoute and QoS in Skype for
Business Online: http://aka.ms/edfrbb

Tools
Skype for Business admin center. Accessible from the Office 365 admin center, use this tool to
configure Skype for Business Online service settings and user settings.
Skype for Business Server Management Shell. Use this tool to configure Skype for Business Online
settings.
The Skype for Business Online module for Windows PowerShell. This provides the Windows
PowerShell commands that are required to configure Skype for Business Online when you use the
Skype for Business Server Management Shell.

Users cannot authenticate to Depending on your deployment, you might have to

Skype for Business Online. check if the correct Domain Name System (DNS)
resource records are configured and if directory
synchronization is working. You might also have to check
the firewall settings.
Use the Microsoft Remote Connectivity Analyzer
(http://aka.ms/btyn1z) to test connectivity to
Skype for Business Online. If connectivity fails, the
analyzer can provide detailed information about what
failed.

Lab: Configuring Skype for Business Online
Question: How will you change the Windows PowerShell steps that you ran in the lab if you want to
block all communication with external domains except for litware.com?
Answer: Run the following commands if you want to block all communication with external
domains except for litware.com:
$x = New-CsEdgeDomainPattern -Domain "litware.com"
$newAllowList = New-CsEdgeAllowList -AllowedDomain $x
Set-CsTenantFederationConfiguration -AllowedDomains $newAllowList

The key difference in these commands compared to the ones that you ran in the lab is the New-
CsEdgeAllowList cmdlet in the second command. In the lab, you used the New-
CsEdgeAllowAllKnownDomains cmdlet, which allows all domains except for blocked domains.
Question: Do you think that your organization will use Skype Meeting Broadcast?
Answer: Answers will vary. Very large organizations or organizations that frequently make online
presentations to large numbers of users will likely use this feature. Smaller organizations are more
likely to meet their requirements just by using normal Skype for Business meetings.
Planning and configuring SharePoint Online 9-1
Module 9
Planning and configuring SharePoint Online
Contents:
Lesson 1: Configuring SharePoint Online services 2
Lesson 2: Planning and configuring SharePoint Online site collections 4

Lesson 3: Planning and configuring external user sharing 7

Lesson 1
Configuring SharePoint Online services
Contents:
Resources 3

Question: Discuss the advantages and possible disadvantages between SharePoint on-premises versus
SharePoint Online.
Answer: Answers will vary. SharePoint Online is a standardized service. In SharePoint Online, no
custom code solutions are available and for SharePoint on-premises, there is no need to size
hardware.
Question: The maximum file size in SharePoint Online is 2 GB.
( ) True
( ) False
Answer:
( ) True
() False
Feedback: The new attachment size limit in SharePoint Online is 10 GB, according to the service
limits and boundaries.
Resources
Overview of the SharePoint admin center
Additional Reading: For more information, refer to SharePoint Online and OneDrive for
Business software boundaries and limits: http://aka.ms/jns65q
Configuring SharePoint Online settings
Additional Reading: For more information, refer to Turn scripting capabilities on or off:
http://aka.ms/Okimfj
Lesson 2
Planning and configuring SharePoint Online site
collections
Contents:
Resources 6

Question: Which of the following sites do you find in the Enterprise section of the site collection
templates in the SharePoint admin center? (Select all that apply).
( ) Document Center site
( ) Community site
( ) Enterprise Wiki
( ) Search Center site
( ) Records Center site
Answer:
() Document Center site
( ) Community site
( ) Enterprise Wiki
() Search Center site
() Records Center site
Feedback: Community site and Enterprise Wiki are not available in the Enterprise section of the
site collection templates in the SharePoint admin center.
Question: If you delete a site collection, you can restore it from the Recycle Bin for 30 days.
( ) True
( ) False
Answer:
() True
( ) False
Feedback: When you delete a site collection, it stays in the Recycle Bin for 30 days before it is
permanently deleted; this gives you a 30-day window of opportunity to restore the entire site
collection if it was deleted in error or your situation has changed and you want to retain it.
Question: Which of the following actions do you need to perform during the creation of a site collection?
(Select all that apply.)
( ) Define an administrator
( ) Define the sharing settings
( ) Define a second administrator
( ) Set the language
( ) Set the storage quota
Answer:
() Define an administrator
( ) Define the sharing settings

( ) Define a second administrator
() Set the language
( ) Set the storage quota

Feedback: You can define sharing settings, a second administrator, and the storage quota after
the creation of a site collection.
Resources
Managing site collections by using Windows PowerShell
Additional Reading: For more information, refer to Introduction to the SharePoint Online
Management Shell: http://aka.ms/Yj9ioq
Additional Reading: For more information, refer to Use Windows PowerShell cmdlets to
administer site collections in SharePoint Online: http://aka.ms/rbb2c1
Lesson 3
Planning and configuring external user sharing
Contents:
Resources 9

Question: What is the correct definition for external users?
( ) Users with a non-Microsoft account

( ) Users with a Microsoft account
( ) Users inside your organizations Azure Active Directory
( ) Users outside your organizations Azure Active Directory

( ) Users in any Azure Active Directory
Answer:
( ) Users with a non-Microsoft account

( ) Users with a Microsoft account
( ) Users inside your organizations Azure Active Directory
() Users outside your organizations Azure Active Directory

( ) Users in any Azure Active Directory
Feedback: Users outside your organizations Azure Active Directory are referred to as external
users.
Question: From a user perspective, you can share content in SharePoint Online for internal users in the
same way as for external users.
( ) True
( ) False
Answer:
() True
( ) False
Feedback: With the appropriate settings, users can share content internally and externally with
the same user experience.
Question: Where can administrators enable external sharing for the Office 365 tenant? (Select all that
apply.)
( ) In the Office 365 admin center, use the setup menu
( ) In the Office 365 admin center, use the external sharing menu
( ) In the SharePoint admin center, use the site collections menu
( ) In the SharePoint admin center, use the apps menu
( ) In the SharePoint admin center, use the settings menu
Answer:
( ) In the Office 365 admin center, use the setup menu
() In the Office 365 admin center, use the external sharing menu
( ) In the SharePoint admin center, use the site collections menu
( ) In the SharePoint admin center, use the apps menu
() In the SharePoint admin center, use the settings menu

Feedback: There are two options where Office 365 administrators can configure external user
sharing: with the external sharing menu of the Office 365 admin center and with the settings
menu in the SharePoint admin center.
Resources
Considerations for external user sharing
Additional Reading: For more information, refer to Manage external sharing for your
SharePoint Online environment: http://aka.ms/adaoao
Configuring external user sharing
Additional Reading: For more information on configuring external user sharing for a
tenant or site collection, refer to Manage external sharing for your SharePoint Online
environment: http://aka.ms/adaoao
Managing external user sharing by using Windows PowerShell
Additional Reading: For more information, refer to Windows PowerShell for SharePoint
Command Builder: http://aka.ms/n3apxc
For more information, refer to Index of Windows PowerShell for SharePoint Online cmdlets:
http://aka.ms/bccasb

Best Practice
SharePoint Online offers several configuration options; planning a collaboration solution and configuring
SharePoint Online are tasks that you must do upfront to have a good SharePoint Online environment
where your users can start working with.
The main points you should consider are:
Do proper planning before you start with user onboarding.

Create a sharing policy that is consistent throughout the service.
Automate site collection generation as much as possible.
Review Question(s)
Question: Create a checklist for proper site collection planning.
Answer: While planning for site collections, you need to plan for the following:
Site collections side-by-side or top-down
Permissions inheritance
Branding
External user sharing permissions
Possible site quotas


Lab: Configuring SharePoint Online
Question: What is the best way to verify access to external sites?
Answer: The best ways can be to test access with external test users or to create external test
users who test access later.
Question: What is the best way to configure user profile settings and where do you get all the data?
Answer: Check if Azure Active Directory (Azure AD) Connect is in place and configure
synchronization of data from Active Directory to Azure AD. Azure AD fields will synchronize with
the Profile Fields section.
Planning and configuring an Office 365 collaboration solution 10-1
Module 10
Planning and configuring an Office 365 collaboration
solution
Contents:
Lesson 1: Planning and managing Yammer Enterprise 2
Lesson 2: Planning and configuring OneDrive for Business 5
Lesson 3: Configuring Office 365 groups 8

Lesson 1
Planning and managing Yammer Enterprise
Contents:

Question: Select the three Office 365 subscriptions with which Yammer Enterprise is available.
( ) Basic Network with SharePoint Online

( ) Enterprise Network and Office 365
( ) Basic Network and Office 365
( ) Enterprise Network
( ) Enterprise Network and SharePoint Online
Answer:
( ) Basic Network with SharePoint Online

() Enterprise Network and Office 365
( ) Basic Network and Office 365
() Enterprise Network
() Enterprise Network and SharePoint Online
Question: Which three features are available only in a Yammer Enterprise Network?
( ) Secure Enterprise Social Networking
( ) Enterprise Administrator
( ) Group Administrator
( ) Verified Administrator
( ) Enterprise Integrations
Answer:
( ) Secure Enterprise Social Networking
() Enterprise Administrator
( ) Group Administrator
() Verified Administrator
() Enterprise Integrations
Question: Which two things must be in place before you enable Yammer Enterprise within Office 365?
( ) A verified custom domain

( ) A paid Yammer Enterprise network
( ) A Global Administrator in Office 365
( ) A Global Administrator in Office 365 with the verified Domain

( ) A verified Administrator in Yammer
Answer:
() A verified custom domain
( ) A paid Yammer Enterprise network
( ) A Global Administrator in Office 365

() A Global Administrator in Office 365 with the verified Domain
( ) A verified Administrator in Yammer

Lesson 2
Planning and configuring OneDrive for Business
Contents:
Resources 7

Question: Select all the OneDrive for Business attributes.
( ) Provides up to unlimited Storage

( ) Provides free Online Storage for personal use
( ) Available from any device
( ) Included in Office 365 and SharePoint Online Plans

( ) Allows uploading files up to 15 GB in size
Answer:
() Provides up to unlimited Storage

( ) Provides free Online Storage for personal use
() Available from any device
() Included in Office 365 and SharePoint Online Plans

( ) Allows uploading files up to 15 GB in size
Question: With the OneDrive for Business next-generation sync client, selective sync is possible.
( ) True
( ) False
Answer:
() True
( ) False
Question: Select three characters that are not supported in filenames that you store in OneDrive for
Business and SharePoint Online.
( )#
( ){
( )&
( )%
( )?
Answer:
() #
( ){
( )&
() %
() ?
Resources
OneDrive for Business client configuration and synchronization
Additional Reading: For more information, refer to System requirements for Office:
http://aka.ms/ghq4zw
Additional Reading: Download OneDrive for Business sync app in different languages and
for the x86 and x64 platforms from: http://aka.ms/we3v3g
Additional Reading: For more information, refer to Deploying the OneDrive for Business
Next Generation Sync Client in an enterprise environment: http://aka.ms/Q8m3fx
Additional Reading: For more information, refer to Deploying the OneDrive Next
Generation Sync Client on OS X and configuring work or school accounts: http://aka.ms/xdv82u
Additional Reading: For more information, refer to Meet the OneDrive for Business Next
Generation Sync Client: http://aka.ms/tvnzw1
Additional Reading:
For more information, refer to Which OneDrive sync client am I using?: http://aka.ms/p17elm
Migrating files to OneDrive for Business
Additional Reading: Download the MicrosoftEasyFix20150 utility from:

http://aka.ms/rq11p3
Additional Reading: For more information, refer to Types of files that cannot be added to
a list or library: http://aka.ms/orzefl
Additional Reading: For more information, refer to SharePoint Online and OneDrive for
Business: software boundaries and limits at: http://aka.ms/Ywqifr
Additional Reading: For more information on a list of third-party tools that you can use
during migration, refer to Migrating File Shares to OneDrive for Business: http://aka.ms/oo1zjq
Additional Reading: To download the SkyDrive Pro client for Windows, go to:
http://aka.ms/elihab
Additional Reading: To check your upload speed, you can use a speed test service such as
http://www.speedtest.net
Planning a OneDrive for Business implementation
Additional Reading: For more information on the required prerequisites and configuration
settings, and how to plan for OneDrive for Business in SharePoint Server 2013, refer to Plan for
OneDrive for Business in SharePoint Server 2013 at: http://aka.ms/irhv85
Additional Reading: For more information, refer to How to redirect users to Office 365 for
OneDrive for Business at: http://aka.ms/j5ttiy
Lesson 3
Configuring Office 365 groups
Contents:

Question: Select two services with which Office 365 groups are already integrated.
( ) OneDrive for Business

( ) Yammer
( ) Delve
( ) OneNote
( ) Skype for Business
Answer:
() OneDrive for Business

( ) Yammer
( ) Delve
() OneNote
( ) Skype for Business
Question: Office 365 groups provide polls.

( ) True
( ) False
Answer:
( ) True
() False
Question: Which Windows PowerShell cmdlet do you use to disable groups?

( ) Set-OwaMailboxPolicy -Identity test.com\OwaMailuserPolicy-Default -GroupCreationEnabled $true
( ) Set-OwaMailboxPolicy -Identity test.com\OwaMailboxPolicy-Default -GroupCreationEnabled $false
( ) Set-OwaMailuserPolicy -Identity test.com\OwaMailboxPolicy-Default -GroupCreationEnabled $false

( ) Set-OwaMailuserPolicy -Identity test.com\OwaMailUserPolicy-Default -GroupCreationDisabled $true
( ) Set-OwaMailuserPolicy -Identity test.com\OwaMailboxPolicy-Default -GroupCreationDisabled $true
Answer:
( ) Set-OwaMailboxPolicy -Identity test.com\OwaMailuserPolicy-Default -GroupCreationEnabled

$true
() Set-OwaMailboxPolicy -Identity test.com\OwaMailboxPolicy-Default -GroupCreationEnabled

$false
( ) Set-OwaMailuserPolicy -Identity test.com\OwaMailboxPolicy-Default -GroupCreationEnabled

$false
( ) Set-OwaMailuserPolicy -Identity test.com\OwaMailUserPolicy-Default -
GroupCreationDisabled $true
( ) Set-OwaMailuserPolicy -Identity test.com\OwaMailboxPolicy-Default -

GroupCreationDisabled $true

Best Practices
Always enable Yammer Enterprise as the primary Enterprise Social Network within Office 365.
Design a usage policy.
Familiarize yourself with the administration options within Yammer Enterprise.
Support users during their initial experience of using Yammer.
Familiarize yourself with the different OneDrive for Business sync clients and their limitations and
features.
Create a consistent sharing policy across Office 365.
Decide if and when you should use Office 365 groups, because they are essential to some of the
Office 365 components.
Decide if Office 365 groups will be user centric or centrally managed.
Review Question(s)
Question: Discuss the differences between Office 365 groups and Yammer and possible use cases where
you need one tool or the other.
Answer: Some of the differences between Yammer and Office 365 groups are:
External users can be invited to Yammer and participate there.
Office 365 planner needs Office 365 groups.

Yammer can also work as a stand-alone tool.

Synchronization is not working in OneDrive Check the limitations of the sync client
for Business Check the filenames
Check the file name length
Check the file size
Multiple Yammer Networks exist for different Define a consolidation plan

Office 365 domains Inform users in both networks
Create a migration plan
Office 365 groups are enabled and used Familiarize yourself with the continuous
without administrative awareness changes within Office 365
Check groups and define a naming policy

Lab: Planning and configuring an Office 365 collaboration solution
Question: If you enforce Office 365 identities in Yammer, what is the impact for Yammer users with no
Office 365 identities?
Answer: If you implement federated identity model in Office 365, the user will log in by using
SSO. A user with a Yammer identity cannot sign in any longer.
Question: Which Windows PowerShell cmdlets can you use to create an Office 365 group and to add the
group owner?
Answer: First you need to connect to Exchange Remote PowerShell. Then, to create an Office
365 group, use the New-UnifiedGroup cmdlet, and to add an owner of the group, use the
New-UnifiedGroupLinks cmdlet.
Planning and configuring Rights Management and compliance 11-1
Module 11
Planning and configuring Rights Management and
compliance
Contents:
Lesson 1: Overview of the compliance features in Office 365 2
Lesson 2: Planning and configuring Azure Rights Management in Office 365 5
Lesson 3: Managing the compliance features in Office 365 7

Lesson 1
Overview of the compliance features in Office 365
Contents:
Resources 3

Question: What are the customer compliance setting elements?
( ) DLP
( ) A data processing agreement
( ) The Rights Management service for file-level access restrictions
( ) ISO 27018
( ) S/MIME for security-enhanced, certificate-based email access
Answer:
() DLP
( ) A data processing agreement
() The Rights Management service for file-level access restrictions
( ) ISO 27018
() S/MIME for security-enhanced, certificate-based email access
Question: What are the role groups that exist in the Protection Center?
( ) eDiscovery Manager
( ) Legal Hold Manager
( ) Service Assurance User
( ) ComplianceUser
( ) ComplianceReviewer
Answer:
() eDiscovery Manager
( ) Legal Hold Manager
() Service Assurance User

( ) ComplianceUser
( ) ComplianceReviewer
Resources
Compliance and security features in Office 365
Additional Reading: For more information about data regions, refer to Where is my data?:
http://aka.ms/l4tjga
Additional Reading: For more information, refer to Office 365 Trust Center:
http://aka.ms/vjvvco
Overview of the Protection Center for Office 365
Additional Reading: For more information, refer to Office 365 Service Trust Portal:
http://aka.ms/vqu38w
Additional Reading: Office 365 Secure Score is in preview at the time of this writing, so its
features and availability might change. For more information, refer to Office 365 Secure Score:
http://aka.ms/h7br1z
Lesson 2
Planning and configuring Azure Rights Management
in Office 365
Contents:
Resources 6

Question: Which groups are available for custom Azure RMS templates?
( ) Viewer
( ) Author
( ) Reader
( ) Blocker
( ) Co-Author
Answer:
() Viewer
( ) Author
( ) Reader
( ) Blocker
() Co-Author
Question: To use Azure RMS between two organizations, a trust must be defined in a direct, point-to-
point relationship.
( ) True
( ) False
Answer:
( ) True
() False
Resources
Planning Azure RMS integration with Office 365
Additional Reading: For more information, refer to Azure Rights Management

Administration Tool: http://aka.ms/u8tiut
Configuring Azure RMS integration
Additional Reading: For more information about downloading the mobile applications
and the application for the desktop client, refer to Microsoft Rights Management:
http://aka.ms/j19a1v
Lesson 3
Managing the compliance features in Office 365
Contents:
Resources 8

Question: Select the types of possible retention tags actions.
( ) A unique name
( ) A delete action
( ) An allow recovery action
( ) A do not allow recovery action

( ) A create action
Answer:
() A unique name
() A delete action
() An allow recovery action
( ) A do not allow recovery action

( ) A create action
Question: Preservation policies help to keep the content you need by preserving email and documents.
( ) True
( ) False
Answer:
( ) True
() False
Resources
Configuring audit reports
Additional Reading: For more information, refer to Search the audit log in the Office 365
Protection Center: http://aka.ms/V27n6z

Best Practice
Security enhancement is a continuous process. Good planning and tenant preparation helps to secure the
environment for users.

Encrypted content is not accessible. Configure a super user account to get access to
the content.

Lab: Configuring Rights Management and compliance
Question: What is the best approach to protect organizational financial data?
Answer: The best approach is to create a DLP rule and use Azure RMS to help protect all the files
and emails containing that information.
Question: Retention policies are helpful for reducing space in your mailbox.
( ) True
( ) False
Answer:
( ) True
() False
Monitoring and troubleshooting Microsoft Office 365 12-1
Module 12
Monitoring and troubleshooting Microsoft Office 365
Contents:
Lesson 1: Troubleshooting Office 365 2
Lesson 2: Monitoring Office 365 service health 4


Lesson 1
Troubleshooting Office 365
Contents:
Resources 3

Question: Which of the following are options or tools that you can use for monitoring and
troubleshooting Office 365?
( ) Service Health
( ) Protection Center
( ) Service Requests
( ) Notification Center
( ) Alert Center
Answer:
() Service Health
( ) Protection Center
() Service Requests
( ) Notification Center
( ) Alert Center
Feedback: For monitoring and troubleshooting Office 365, you can use the Service Health and
Service Requests options.
Question: The Microsoft Office 365 Support and Recovery Assistant is a new tool that users can run to fix
common Outlook problems.
( ) True
( ) False
Answer:
() True
( ) False
Resources
Overview of Office 365 troubleshooting
Additional Reading: For information on which tools you should use for specific Office 365
problems, refer to Tools and Diagnostics: http://aka.ms/ude7mv
Hybrid environment free/busy troubleshooter
Additional Reading: To access the hybrid environment free/busy troubleshooter, go to:

http://aka.ms/wbpavu
Lesson 2
Monitoring Office 365 service health
Contents:
Resources 5

Question: A service in the Service Health dashboard can have which of following statuses?
( ) Normal service
( ) Service anomaly
( ) Extended recovery
( ) Investigating
( ) Operations aborted
Answer:
() Normal service
( ) Service anomaly
() Extended recovery
() Investigating
( ) Operations aborted
Question: How can you open a service request in Office 365?

( ) Via Skype for Business
( ) Via email
( ) Via phone
( ) Via the Office 365 admin center

( ) Via the Office 365 App launcher
Answer:
( ) Via Skype for Business
( ) Via email
() Via phone
() Via the Office 365 admin center
( ) Via the Office 365 App launcher
Resources
Managing Exchange Online reports by using Windows PowerShell
Additional Reading: To view a list of all Exchange Online Protection cmdlets, refer to:
http://aka.ms/i09sv9
Office 365 service requests
Additional Reading: For more information, refer to Additional support options:

http://aka.ms/pfvct8
Monitoring Office 365 with Operations Manager
Additional Reading: For more information on how to obtain and set up this management
pack, refer to System Center Management Pack for Office 365: http://aka.ms/it7q1b

Best Practice
Many tools are available to help troubleshoot issues in Office 365. As a starting point, you can use the
Office 365 do-it-yourself troubleshooter for an initial diagnosis.
Review Question(s)
Question: Describe how supporting on-premises systems differs from supporting Office 365.
Answer: With on-premises systems, you have complete control and access to the entire
environment, so you can perform detailed troubleshooting of system failures or other incidents.
With Office 365, Microsoft manages the network, hardware, and virtual machine environments,
and you do not have any access to review the environment or make any changes. You can only
create service requests when you see failures or other incidents.

Outlook client connectivity issues Look for Autodiscover issues in the Microsoft
Remote Connectivity Analyzer.
Unable to connect to the Skype for Use the Microsoft Office 365 Support and Recovery
Business client Assistant tool.

Lab: Configuring Rights Management and compliance
Question: How would you view all the failed messages for a group of users?
Answer: In the Exchange Online admin center, sign in as an administrator, click mail flow, click
message trace, and then click Select Members.
Question: What is the first tool you will use to search for service incidents and failures?
Answer: The Service Health dashboard is the first tool that you will use.
Planning and configuring identify federation 13-1
Module 13
Planning and configuring identify federation
Contents:
Lesson 1: Understanding identity federation 2
Lesson 2: Planning an AD FS deployment 5

Lesson 3: Deploy AD FS for identity federation with Office 365 7
Lesson 4: Planning and implementing hybrid solutions (Optional) 9

Lesson 1
Understanding identity federation
Contents:
Resources 4

Question: Discussion: Comparing federated identities and synchronized identities
Directory Services and SSO are key parts of integrating your on-premises environment and online services.
You are planning for the deployment of your companys Office 365 tenant. To ensure your users are able
to use their credentials from your on-premises AD DS, you need to evaluate which identity solution to
deploy based on your business requirements.
The business requirements include:
Passwords updated by users in on-premises AD DS should be available for use in accessing Office 365
services within five minutes.
Password complexity should comply with policies in on-premises AD DS.
Password expiration should comply with policies in on-premises AD DS.
After discussing these requirements with your engineering staff, which option for authentication should
your team consider for deployment?
Password synchronization in Azure AD Connect

Federated (SSO) authentication with AD FS
Federated (SSO) with AD FS, and password synchronization in Azure AD Connect
Answer: The only supported option that meets all of your business requirements is federated
(SSO) authentication with AD FS.
The only supported option that meets all of your business requirements is federated (SSO)
authentication with AD FS.
With Azure AD Connect, passwords are synchronized more frequently than the standard
directory synchronization window for other attributes. The Password Sync feature checks every
two minutes as to whether passwords need to be synchronized.
When you enable the Password Sync feature, the password complexity policies configured in the
on-premises AD DS override any complexity policies that might be defined in Office 365 for
synchronized users.
If a user is in the scope of the Password Sync feature, the cloud account password is set to Never
Expire. This means that it is possible for a user's password to expire in the on-premises
environment, but they can continue to sign in to Office 365 using their expired password.
The password sync feature will not synchronize passwords for users with federated identities, and
is not supported. This limitation has several implications, including:
If an initially managed user with a password that has been synchronized to Office
365 is converted to a federated user and then converted back to a managed user,
the password that was initially synchronized is lost.
If an initially federated user that has updated a password on-premises is converted to a managed
user, the password will not be synchronized to the cloud. Consequently, the user will not be able
to use the password that has been set in on-premises AD DS to access services in Office 365.
Resources
Claims-based authentication
Additional Reading: For a full list of definitions of terms associated with claims-based
identity, see Claims-based identity term definitions at http://aka.ms/wnc2ys
What is AD FS?
Additional Reading: For more information about using devices for MFA and SSO, see
Overview: Join to Workplace from Any Device for SSO and Seamless Second Factor
Authentication Across Company Applications, at: http://aka.ms/cnmkt7
Lesson 2
Planning an AD FS deployment
Contents:
Resources 6
Resources
Planning a highly available AD FS deployment
Additional Reading: For more information on the high availability solutions of SQL Server
refer to: http://aka.ms/lsr6m4
Capacity planning
Additional Reading: For more information about The AD FS Capacity Planning Sizing
spreadsheet, or to download it, refer to: http://aka.ms/n0uyfb
AD FS requirements
Additional Reading: For more information on the complete list of attribute stores
supported by AD FS, go to: http://aka.ms/vgazki
Additional Reading: For more information about the AD FS requirements, refer to:
http://aka.ms/m2kpbf
Lesson 3
Deploy AD FS for identity federation with Office 365
Contents:
Resources 8
Resources
Installing and configuring AD FS
Additional Reading: For more information, refer to Federation Server Farm Using SQL
Server at: http://aka.ms/mok3lw
Additional Reading: For more information on all the available updates for AD FS, refer to:
http://aka.ms/r8x4zf
Installing and configuring AD FS proxy
Additional Reading: For more information on customizing the proxy forms sign-in page,
see Customizing the AD FS forms based login page at: http://aka.ms/jyk1xa
Comparing federated identities and synchronized identities
Additional Reading: For more information on how to download and install the cmdlets for
Azure AD Module for Windows PowerShell, refer to: http://aka.ms/lq99g4
Managing an AD FS deployment
Additional Reading: To learn more about and download the Microsoft Office 365
Federation Metadata Update Automation Installation Tool, go to: http://aka.ms/i1hw8d
Verifying SSO
Additional Reading: More information on how to pilot SSO in a production environment

is available at: http://aka.ms/exjg1q
Additional Reading: For more information about the access to the Microsoft RCA tool,
refer to: http://aka.ms/bz5gll
Lesson 4
Planning and implementing hybrid solutions
(Optional)
Contents:
Resources 10
Resources
Overview of Exchange Server hybrid deployment
Additional Reading: For more information about configuring hybrid Exchange Server with
strong authentication, refer to: http://aka.ms/l5e665
Configuring Exchange Server hybrid deployment
Additional Reading: For more information about The Microsoft Exchange Server Deployment
Assistant, refer to: http://aka.ms/nxvn6i
Configuring SharePoint Server deployment
Additional Reading: For more information on the configuration of these hybrid features refer to:
http://aka.ms/vaq5da

Review Question(s)
Question: As you might have experienced, when a user authenticates to AD FS for accessing online
services, they are required to authenticate the first time. On subsequent attempts to the same online
services, they are not required to authenticate because the client will present the same token again up
to the lifetime of the token.
While all clients (internal/external) will eventually have to request a new token, your organizations
security policies require that external users request a new token at least once every 5 minutes and internal
users request a new token at least once every 10 minutes.
What settings or policies should you use to enforce this?
Answer: On the Web Application Proxy servers:

Use the Windows PowerShell Set-AdfsWebApplicationProxyRelyingPartyTrust
TokenLifeTime cmdlet to set the Web Application Proxy Token Lifetime value to
five minutes.
On the AD FS servers:
Use the Windows PowerShell Set-AdfsProperties SSOLifeTime cmdlet to set the
AD FS SSO Cookie Lifetime value to 10 minutes.
Use the Windows PowerShell Set-AdfsRelyingPartyTrust TokenLifeTime cmdlet
to set the Relying Party Trust Token Lifetime value to 20 minutes.
Feedback: While there are many token lifetime settings in AD FS, these are critical as they affect
most client requests for tokens. For external requests, all three settings are considered. The Web
Application Proxy Token Lifetime should be set lower for external requests. When this token
expires, the client will be redirected to AD FS for a new token.
For internal requests, only the AD FS SSO Cookie Lifetime and the Relying Party Trust Token
Lifetime are considered. These values should be set higher for internal requests. Although the
value for the Relying Party Trust Token Lifetime is 20 minutes, each of the Relying Party Trust
Token Lifetime settings is skewed forward by +10 minutes. This is because the default value for
SharePoints SPSecurityTokenServiceConfig LogonTokenCacheExpirationWindow is set to
10. This setting instructs the SharePoint Security Token Service to invalidate a SAML token 10
minutes before it expire so a user can obtain a fresh token without disruption.
Real-world Issues and Scenarios

When accessing cloud services with SSO, the credentials prompt can only be avoided when you are
accessing the cloud service using the same account used to sign in to the workstation. You might
experience the following issues when you choose to save credentials:
If a user selects the Save password check box in the credential prompt, they are choosing to save
their credentials in the Credentials Manager by for use with AD FS. The saved credentials will only
provide an SSO experience until the user changes their password. If the Credential Manager is not
updated with the users new password, it will continue to use old credentials. After a number of failed
attempts with the stale saved credentials, the Credential Manager will prompt the user for good
credentials.
If user A is logged on to the workstation and wants to access user Bs mailbox, user Bs credentials
must be provided, and consequently AD FS will prompt you for user B credentials. Once user Bs
credentials have been entered and the user is authenticated, the browser could cache user Bs
credentials and would reuse them if the same instance of of the browser is used to access the same
application or authenticate via the same AD FS service. Therefore, a user might need to sign out and
sign back in, or restart the computer to clear the browser cache.

If the gMSA option is disabled during You can enable gMSA in the domain by running
configuration of AD FS, you might see an the following Windows PowerShell cmdlet on a
error message, such as Group Managed Windows Server 2012 domain controller:
Service Accounts are not available because
Add-KdsRootKey EffectiveTime
the KDS Root Key has not been set. (Get-Date).AddHours(-10)
Return to the Active Directory Federation Services

Configuration Wizard, click Previous, and then click
Next to re-enter the Specify Service Account
page. The gMSA option should now be enabled.
Users are unable to authenticate with SSO The most common cause for SSO issues is matching
after subsequent directory the UPN of the user in Office 365 and on-premises
synchronizations. AD DS. In a hybrid scenario, you might need to
verify that the primary SMTP address located in the
proxyAddresses attribute in AD DS is the same as
the UPN.
SPN for the service account is not created. You might consider creating the SPN of the service
account by using the following Windows
PowerShell cmdlet:
setspn -a host/<FQDN of the

federation service>
<service account name>
To verify the SPN setting, use the following

Windows PowerShell cmdlet:
setspn -l <service account

name>

20347A ENU Companion PDF

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

20347A ENU Companion PDF

Încărcat de

Drepturi de autor:

Formate disponibile

O F F I C I A L M I C R O S O F T L E A R N I N G P R O D U C T

2016 Microsoft Corporation. All rights reserved.

Product Number: 20347A

a. If you are a Microsoft IT Academy Program Member:

b. If you are a Microsoft Learning Competency Member:

d. If you are an End User:

e. If you are a Trainer.

3. LICENSED CONTENT BASED ON PRE-RELEASE TECHNOLOGY. If the Licensed Contents subject

11. APPLICABLE LAW.

This limitation applies to

LIMITATION DES DOMMAGES-INTRTS ET EXCLUSION DE RESPONSABILIT POUR LES

Revised July 2013

Lesson 2: Provisioning an Office 365 tenant 4

Module Review and Takeaways 8

Lab Review Questions and Answers 9

Question and Answers

Discussion: How will you use Office 365 in your organization?

Office 365 core components

Office 365 Education, Nonprofit, and Government subscriptions

Additional Reading: For more information, refer to Office 365 Education:

Question and Answers

3. Click the trial link on the Office 365 website.

Configuring DNS records for custom domains

Question and Answers

o Determine how far to proceed with Office 365 migration.

Comparing an Office 365 pilot to the traditional deployment process

Gathering customer requirements

Overview of deployment tools

Module Review and Takeaways

Experience of chairing meetings

Lab Review Questions and Answers

Protocol /Port Usage

TCP 443 Office 365 My Company Portal

TCP 10106*** Connects to xsi.outlook.com for Outlook Web App (not

TCP 995 POP3(S)

TCP 587 SMTP(S) Relay with POP3

TCP 5223 Skype for Business mobile client push notifications

RTP/UDP 50000-50019 Outbound Skype for Business (outbound audio sessions)

RTP/UDP 50020-50039 Outbound Skype for Business (outbound video sessions)

Lesson 2: Managing passwords and authentication 4

Lesson 5: Configuring administrative access 10

Lab Review Questions and Answers 14

Question and Answers

Directory synchronized identities by using an on-premises directory service to

Federated identities by using Active Directory Federation Services (AD FS).

Deleting and recovering user accounts

Question and Answers

o Specify the number of days until the password expires.

Resetting user passwords:

o Create a new temporary password for users.

o You can ask another administrator to reset it for you.

Call my mobile phone

Text code to my mobile phone

Notify me through app

Question and Answers

Mail-enabled security groups. Use these groups to distribute messages and to

Overview of managing Office 365 by using Windows PowerShell

Additional Reading: For a detailed list of Azure management cmdlets, refer to

Managing users and licenses by using Windows PowerShell

Question and Answers

Answer: The administrator roles that you can assign:

User management administrator

Exchange Online administrator