Documente Academic
Documente Profesional
Documente Cultură
20347A
Enabling and Managing Office 365
Companion Content
ii Enabling and Managing Office 365
Information in this document, including URL and other Internet Web site references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with
any real company, organization, product, domain name, e-mail address, logo, person, place or event is
intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the
user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in
or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this document does not give you any license to these
patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding
these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a
manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links
may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not
responsible for the contents of any linked site or any link contained in a linked site, or any changes or
updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission
received from any linked site. Microsoft is providing these links to you only as a convenience, and the
inclusion of any link does not imply endorsement of Microsoft of the site or the products contained
therein.
Released: 05/2016
MICROSOFT LICENSE TERMS
MICROSOFT INSTRUCTOR-LED COURSEWARE
These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its
affiliates) and you. Please read them. They apply to your use of the content accompanying this agreement which
includes the media on which you received it, if any. These license terms also apply to Trainer Content and any
updates and supplements for the Licensed Content unless other terms accompany those items. If so, those terms
apply.
BY ACCESSING, DOWNLOADING OR USING THE LICENSED CONTENT, YOU ACCEPT THESE TERMS.
IF YOU DO NOT ACCEPT THEM, DO NOT ACCESS, DOWNLOAD OR USE THE LICENSED CONTENT.
If you comply with these license terms, you have the rights below for each license you acquire.
1. DEFINITIONS.
a. Authorized Learning Center means a Microsoft IT Academy Program Member, Microsoft Learning
Competency Member, or such other entity as Microsoft may designate from time to time.
b. Authorized Training Session means the instructor-led training class using Microsoft Instructor-Led
Courseware conducted by a Trainer at or through an Authorized Learning Center.
c. Classroom Device means one (1) dedicated, secure computer that an Authorized Learning Center owns
or controls that is located at an Authorized Learning Centers training facilities that meets or exceeds the
hardware level specified for the particular Microsoft Instructor-Led Courseware.
d. End User means an individual who is (i) duly enrolled in and attending an Authorized Training Session
or Private Training Session, (ii) an employee of a MPN Member, or (iii) a Microsoft full-time employee.
e. Licensed Content means the content accompanying this agreement which may include the Microsoft
Instructor-Led Courseware or Trainer Content.
f. Microsoft Certified Trainer or MCT means an individual who is (i) engaged to teach a training session
to End Users on behalf of an Authorized Learning Center or MPN Member, and (ii) currently certified as a
Microsoft Certified Trainer under the Microsoft Certification Program.
g. Microsoft Instructor-Led Courseware means the Microsoft-branded instructor-led training course that
educates IT professionals and developers on Microsoft technologies. A Microsoft Instructor-Led
Courseware title may be branded as MOC, Microsoft Dynamics or Microsoft Business Group courseware.
h. Microsoft IT Academy Program Member means an active member of the Microsoft IT Academy
Program.
i. Microsoft Learning Competency Member means an active member of the Microsoft Partner Network
program in good standing that currently holds the Learning Competency status.
j. MOC means the Official Microsoft Learning Product instructor-led courseware known as Microsoft
Official Course that educates IT professionals and developers on Microsoft technologies.
k. MPN Member means an active Microsoft Partner Network program member in good standing.
l. Personal Device means one (1) personal computer, device, workstation or other digital electronic device
that you personally own or control that meets or exceeds the hardware level specified for the particular
Microsoft Instructor-Led Courseware.
m. Private Training Session means the instructor-led training classes provided by MPN Members for
corporate customers to teach a predefined learning objective using Microsoft Instructor-Led Courseware.
These classes are not advertised or promoted to the general public and class attendance is restricted to
individuals employed by or contracted by the corporate customer.
n. Trainer means (i) an academically accredited educator engaged by a Microsoft IT Academy Program
Member to teach an Authorized Training Session, and/or (ii) a MCT.
o. Trainer Content means the trainer version of the Microsoft Instructor-Led Courseware and additional
supplemental content designated solely for Trainers use to teach a training session using the Microsoft
Instructor-Led Courseware. Trainer Content may include Microsoft PowerPoint presentations, trainer
preparation guide, train the trainer materials, Microsoft One Note packs, classroom setup guide and Pre-
release course feedback form. To clarify, Trainer Content does not include any software, virtual hard
disks or virtual machines.
2. USE RIGHTS. The Licensed Content is licensed not sold. The Licensed Content is licensed on a one copy
per user basis, such that you must acquire a license for each individual that accesses or uses the Licensed
Content.
2.1 Below are five separate sets of use rights. Only one set of rights apply to you.
2.2 Separation of Components. The Licensed Content is licensed as a single unit and you may not
separate their components and install them on different devices.
2.3 Redistribution of Licensed Content. Except as expressly provided in the use rights above, you may
not distribute any Licensed Content or any portion thereof (including any permitted modifications) to any
third parties without the express written permission of Microsoft.
2.4 Third Party Notices. The Licensed Content may include third party code tent that Microsoft, not the
third party, licenses to you under this agreement. Notices, if any, for the third party code ntent are included
for your information only.
2.5 Additional Terms. Some Licensed Content may contain components with additional terms,
conditions, and licenses regarding its use. Any non-conflicting terms in those conditions and licenses also
apply to your use of that respective component and supplements the terms described in this agreement.
a. Pre-Release Licensed Content. This Licensed Content subject matter is on the Pre-release version of
the Microsoft technology. The technology may not work the way a final version of the technology will
and we may change the technology for the final version. We also may not release a final version.
Licensed Content based on the final version of the technology may not contain the same information as
the Licensed Content based on the Pre-release version. Microsoft is under no obligation to provide you
with any further content, including any Licensed Content based on the final version of the technology.
b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, either directly or
through its third party designee, you give to Microsoft without charge, the right to use, share and
commercialize your feedback in any way and for any purpose. You also give to third parties, without
charge, any patent rights needed for their products, technologies and services to use or interface with
any specific parts of a Microsoft technology, Microsoft product, or service that includes the feedback.
You will not give feedback that is subject to a license that requires Microsoft to license its technology,
technologies, or products to third parties because we include your feedback in them. These rights
survive this agreement.
c. Pre-release Term. If you are an Microsoft IT Academy Program Member, Microsoft Learning
Competency Member, MPN Member or Trainer, you will cease using all copies of the Licensed Content on
the Pre-release technology upon (i) the date which Microsoft informs you is the end date for using the
Licensed Content on the Pre-release technology, or (ii) sixty (60) days after the commercial release of the
technology that is the subject of the Licensed Content, whichever is earliest (Pre-release term).
Upon expiration or termination of the Pre-release term, you will irretrievably delete and destroy all copies
of the Licensed Content in your possession or under your control.
4. SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some
rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more
rights despite this limitation, you may use the Licensed Content only as expressly permitted in this
agreement. In doing so, you must comply with any technical limitations in the Licensed Content that only
allows you to use it in certain ways. Except as expressly permitted in this agreement, you may not:
access or allow any individual to access the Licensed Content if they have not acquired a valid license
for the Licensed Content,
alter, remove or obscure any copyright or other protective notices (including watermarks), branding
or identifications contained in the Licensed Content,
modify or create a derivative work of any Licensed Content,
publicly display, or make the Licensed Content available for others to access or use,
copy, print, install, sell, publish, transmit, lend, adapt, reuse, link to or post, make available or
distribute the Licensed Content to any third party,
work around any technical limitations in the Licensed Content, or
reverse engineer, decompile, remove or otherwise thwart any protections or disassemble the
Licensed Content except and only to the extent that applicable law expressly permits, despite this
limitation.
5. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to
you in this agreement. The Licensed Content is protected by copyright and other intellectual property laws
and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the
Licensed Content.
6. EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and regulations.
You must comply with all domestic and international export laws and regulations that apply to the Licensed
Content. These laws include restrictions on destinations, end users and end use. For additional information,
see www.microsoft.com/exporting.
7. SUPPORT SERVICES. Because the Licensed Content is as is, we may not provide support services for it.
8. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you fail
to comply with the terms and conditions of this agreement. Upon termination of this agreement for any
reason, you will immediately stop all use of and delete and destroy all copies of the Licensed Content in
your possession or under your control.
9. LINKS TO THIRD PARTY SITES. You may link to third party sites through the use of the Licensed
Content. The third party sites are not under the control of Microsoft, and Microsoft is not responsible for
the contents of any third party sites, any links contained in third party sites, or any changes or updates to
third party sites. Microsoft is not responsible for webcasting or any other form of transmission received
from any third party sites. Microsoft is providing these links to third party sites to you only as a
convenience, and the inclusion of any link does not imply an endorsement by Microsoft of the third party
site.
10. ENTIRE AGREEMENT. This agreement, and any additional terms for the Trainer Content, updates and
supplements are the entire agreement for the Licensed Content, updates and supplements.
12. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws
of your country. You may also have rights with respect to the party from whom you acquired the Licensed
Content. This agreement does not change your rights under the laws of your country if the laws of your
country do not permit it to do so.
13. DISCLAIMER OF WARRANTY. THE LICENSED CONTENT IS LICENSED "AS-IS" AND "AS
AVAILABLE." YOU BEAR THE RISK OF USING IT. MICROSOFT AND ITS RESPECTIVE
AFFILIATES GIVES NO EXPRESS WARRANTIES, GUARANTEES, OR CONDITIONS. YOU MAY
HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT
CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, MICROSOFT AND
ITS RESPECTIVE AFFILIATES EXCLUDES ANY IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
14. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM
MICROSOFT, ITS RESPECTIVE AFFILIATES AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP
TO US$5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL,
LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The
above limitation or exclusion may not apply to you because your country may not allow the exclusion or
limitation of incidental, consequential or other damages.
Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this
agreement are provided below in French.
Remarque : Ce le contenu sous licence tant distribu au Qubec, Canada, certaines des clauses
dans ce contrat sont fournies ci-dessous en franais.
EXONRATION DE GARANTIE. Le contenu sous licence vis par une licence est offert tel quel . Toute
utilisation de ce contenu sous licence est votre seule risque et pril. Microsoft naccorde aucune autre garantie
expresse. Vous pouvez bnficier de droits additionnels en vertu du droit local sur la protection dues
consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties
implicites de qualit marchande, dadquation un usage particulier et dabsence de contrefaon sont exclues.
EFFET JURIDIQUE. Le prsent contrat dcrit certains droits juridiques. Vous pourriez avoir dautres droits
prvus par les lois de votre pays. Le prsent contrat ne modifie pas les droits que vous confrent les lois de votre
pays si celles-ci ne le permettent pas.
Module 1
Planning and provisioning Office 365
Contents:
Lesson 1: Overview of Office 365 2
Lesson 1
Overview of Office 365
Contents:
Question and Answers 3
Resources 3
Planning and provisioning Office 365 1-3
Answer: Answers will vary, because each organization will have its own scenario for Office 365
deployment.
Question: How will Office 365 meet your organizations business requirements?
Answer: Answers will vary, because each organization will have its own scenario for Office 365
deployment.
Question: Which Office 365 subscription would be most suitable for your organization?
Answer: Answers will vary, because each organization will have its own scenario for Office 365
deployment.
Resources
Additional Reading: For more information, refer to Office 365 Service Descriptions:
http://aka.ms/iv18pg
Lesson 2
Provisioning an Office 365 tenant
Contents:
Question and Answers 5
Resources 5
Planning and provisioning Office 365 1-5
Answer: The steps involved in the process of creating a tenant account for Office 365 are:
1. Select the Office 365 plan you will use for a trial.
2. Ensure you have a valid email account (organizational or Live ID will work fine).
5. Complete the sign-in process by validating the text message or phone call.
Question: What factors should you consider when planning a custom domain?
Answer: Consider the following factors when you planning a custom domain:
Multiple domains. Plan to add the main domain that your company currently uses,
along with any other domain that it uses for email messages within the
organization.
Subdomains. You might want to register subdomains if you need them for your
organization subsidiaries.
Domain adding order. You must add root domains before subdomains.
DNS record hosting. Communicate with the organization that will host your
domains about the changes needed for Office 365 deployment, such as A, CNAME,
TXT and MX records.
Resources
Additional Reading: For more information, refer to External Domain Name System records
for Office 365: http://aka.ms/d67qkh
1-6 Enabling and Managing Office 365
Lesson 3
Planning a pilot deployment
Contents:
Question and Answers 7
Resources 7
Planning and provisioning Office 365 1-7
Answer: Some of the main differences between an Office 365 pilot and the traditional
deployment process are:
With the traditional deployment approach, it might take the organization several
weeks or even months to reach the migration phase.
With the Office 365 pilot FastTrack deployment approach, customers can:
o Experience the value of Office 365 much earlier than with traditional
deployment methodologies.
o Evolve into features as and when required.
Resources
Additional Reading: For more information, refer to FastTrack for Office 365:
http://aka.ms/il5z8i
Additional Reading: For more information, refer to Office 365 FastTrack Planning:
http://aka.ms/se9j3a
Additional Reading: For more information, refer to FastTrack for Office 365:
http://aka.ms/il5z8i
Additional Reading: For more information, refer to Office 365 for IT pros:
http://aka.ms/kl703e
Additional Reading: For more information, refer to FastTrack for Office Blogs:
http://aka.ms/t1mgkg
Additional Reading: For more information, refer to Office 365 Trust Center:
http://aka.ms/j0074t
Additional Reading: For more information, refer to Office 365 Service Descriptions:
http://aka.ms/gxsbad
Additional Reading: For more information, refer to Office 365 Roadmap:
http://aka.ms/Kgo4ds
Additional Reading: For more information, refer to Software Assurance Planning Services:
http://aka.ms/leudft
1-8 Enabling and Managing Office 365
Ensure that you understand the organizations need for Office 365.
Identify any in-house services that are not going to transition to Office 365.
Recruit the right people to be pilot users.
Check that you have suitable infrastructure to support a connection to Office 365.
Review Question(s)
Question: If you are selected to lead the Pilot at A. Datum Corporation, what personal qualities, skills, and
experience would you need to demonstrate to maximize the probability of the organization moving to
the pilot phase?
Answer: If time permits, facilitate the discussion. The following qualities will be useful:
Professional appearance
Confidence
Technical knowledge
Listening skills
Effective note-taking
Answer: It is important to specify the correct country because some facilities are restricted on a
country-by-country basis, and you cannot change the country after you have set up the account.
Question: What ports need to be open to ensure client communications with the Office 365 environment,
and for what are those ports and protocols used?
Answer: The main port that must be open is 443 for encrypted web traffic.
PSOM/TLS 443 Skype for Business Online (outbound data sharing sessions)
STUN/TCP 443 Skype for Business Online (outbound audio, video, and
application sharing sessions)
STUN/UDP 3478 Skype for Business Online (outbound audio and video sessions)
TCP 50040-50059 Outbound Skype for Business Application sharing and file
transfer
Managing Office 365 users and groups 2-1
Module 2
Managing Office 365 users and groups
Contents:
Lesson 1: Managing user accounts and licenses 2
Lesson 4: Managing Office 365 users and groups with Windows PowerShell 8
Lesson 1
Managing user accounts and licenses
Contents:
Question and Answers 3
Resources 3
Managing Office 365 users and groups 2-3
Answer: The following types of user accounts are available in Office 365:
Cloud identitieswhen using these, you create and manage users in Office 365
only.
Resources
Additional Reading: For more information, refer to How to troubleshoot deleted user
accounts in Office 365, Azure, and Intune: http://aka.ms/prede5
For more information, refer to Manage inactive mailboxes in Exchange Online:
http://aka.ms/qlb3b1
2-4 Enabling and Managing Office 365
Lesson 2
Managing passwords and authentication
Contents:
Question and Answers 5
Managing Office 365 users and groups 2-5
Answer: The following password policy options are available in Office 365:
Password expiration policy:
o Specify the number of days for the user notification warning about the
password expiration.
o Reset it yourself.
Question: How can you enable multi-factor authentication in Office 365 and what multi-authentication
options are available?
Answer: An administrator enables multi-factor authentication on a per-user basis. Multi-factor
authentication options in Office 365 include:
Lesson 3
Managing security groups in Office 365
Contents:
Question and Answers 7
Managing Office 365 users and groups 2-7
Answer: The three types of mail-enabled groups in Exchange Online in Office 365 are:
Distribution groups. Use these groups only to distribute messages to a set of
recipients.
Dynamic distribution groups. These groups do not have a predefined member list,
because they use recipient filters and conditions that you define to determine
membership dynamically at the time that messages are sent.
2-8 Enabling and Managing Office 365
Lesson 4
Managing Office 365 users and groups with Windows
PowerShell
Contents:
Resources 9
Managing Office 365 users and groups 2-9
Resources
Additional Reading: For more information, refer to How to troubleshoot deleted user
accounts in Office 365, Azure, and Intune: http://aka.ms/g5rx76
2-10 Enabling and Managing Office 365
Lesson 5
Configuring administrative access
Contents:
Question and Answers 11
Managing Office 365 users and groups 2-11
Billing administrator
Password administrator
Service administrator
Review Question(s)
Question: What is the most efficient way of creating user accounts if your organization decides to
migrate to Office 365?
Answer: Answers will vary depending on the type of identities that you use in an organization.
The types of identities include:
Cloud identities. An administrator exports user accounts from the Active Directory
site and performs bulk import into Office 365.
Question: How will you configure Office 365 password policies in your organization, and will you use
multi-factor authentication?
Answer: Answers might vary, but possible answers might include:
Some organizations configure a longer period before passwords expire, and some
organizations shorten the period because of security restrictions.
Question: Why is it more convenient to assign permissions to security groups than to users?
Answer: Assigning permissions to security groups helps makes administering security for
resources easier and more efficient. When you assign permissions to groups, administrators
control group membership only to provide users with appropriate permission levels. For example,
if a user needs a permission level, the administrator includes that user as a member of the
appropriate group that has preassigned permissions. Removing the user from the group removes
permissions from the user that were assigned because of a group membership.
Question: In which management scenarios will you use Office 365 with Windows PowerShell rather than
the Office 365 admin center?
Answer: Use Windows PowerShell in scenarios where bulk object management is necessary,
whereas, if you need to configure a single setting, the Office 365 admin center is more
convenient.
Answer: Use RBAC in enterprise organizations where multiple administrator teams have
responsibilities for different aspects of Office 365 administration, such as managing users, groups,
subscriptions, and passwords. Smaller organizations might not use RBAC because only a few
administrators are responsible for all types of administrative tasks.
2-14 Enabling and Managing Office 365
Answer: In the Active Users window of the Office 365 admin center, an administrator can
perform the following editing tasks for a user account:
Reset password, edit user roles, delete, edit, and add to group
Answer: In Office 365, the following password policy settings are available:
Set passwords to never expire
Question: What should you do before you can use Windows PowerShell to administer users and groups
in Office 365?
Answer: Run Azure AD module for Windows PowerShell with administrative rights, and then run
the Connect-msol command. Provide the credentials of an account that has global admin or
user management admin rights.
Question: Why would you create multiple administrative roles in Office 365 by using role-based access
control (RBAC)?
Answer: RBAC provides predefined permissions assigned to different users or groups. By using
RBAC, you can separate administrative tasks for different administrators according to
organizational security and business requirements. For example, some administrators are
responsible for managing user and group accounts, and other administrators are responsible for
assigning appropriate Office 365 licenses to users.
Configuring client connectivity to Microsoft Office 365 3-1
Module 3
Configuring client connectivity to Microsoft Office 365
Contents:
Lesson 1: Planning for Office 365 clients 2
Lesson 1
Planning for Office 365 clients
Contents:
Resources 3
Configuring client connectivity to Microsoft Office 365 3-3
Resources
Office Online
Additional Reading: For more information, refer to Differences between using a document
in the browser and in Word: http://aka.ms/b2wwul
Additional Reading: For more information, refer to Differences between using a notebook
in the browser and in OneNote: http://aka.ms/js6f8w
Additional Reading: For more information, refer to How certain features behave in
PowerPoint Online: http://aka.ms/edhcwl
Additional Reading: For more information, refer to Differences between using a workbook
in the browser and in Excel: http://aka.ms/sc8n0n
Additional Reading: For more information on browser requirements, refer to Office Online
browser support: http://aka.ms/jv2cok
3-4 Enabling and Managing Office 365
Lesson 2
Planning connectivity for Office 365 clients
Contents:
Question and Answers 5
Resources 5
Configuring client connectivity to Microsoft Office 365 3-5
Answer: The Office 365 health, readiness, and connectivity checks; Microsoft Office 365 Best
Practices Analyzer; and the Microsoft Office 365 Client Performance Analyzer tool.
Answer: The Autodiscover service in Office 365 provides configuration information that Outlook
requires to create a clients configuration profile. The Autodiscover service provides profile
settings to Outlook 2007, Outlook 2010, Outlook 2013, Outlook 2016, and Lync and Skype for
Business clients.
Question: Which tools will you use to troubleshoot client connectivity with Office 365?
Answer: You will use the Microsoft Remote Connectivity Analyzer tool and the Office 365 Client
Performance Analyzer tool.
Resources
Additional Reading: For more information on the list of ports, refer to Ports and protocols
used by Office 365: http://aka.ms/ifj2gl
Additional Reading: For more information on IP-based filtering, refer to Office 365 URLs
and IP address ranges: http://aka.ms/Rploze
Additional Reading: For more information, refer to Exchange Client Network Bandwidth
Calculator: http://aka.ms/r7m054
Additional Reading: For more information, refer to Skype for Business, Bandwidth
Calculator: http://aka.ms/i6jsff
What is Autodiscover?
Additional Reading: You can find the Remote Connectivity Analyzer tool at the following
URL: http://aka.ms/ppl6h8
Additional Reading: For more information on the specific error conditions that are
identified by the Microsoft Connectivity Analyzer Tool, and for help on resolving the issue, refer
to the Microsoft Connectivity Analyzer Tool: http://aka.ms/aphk3s
3-6 Enabling and Managing Office 365
Lesson 3
Configuring connectivity for Office 365 clients
Contents:
Question and Answers 7
Resources 7
Configuring client connectivity to Microsoft Office 365 3-7
Answer: Outlook can connect to Office 365 by using either MAPI over HTTP or Outlook
Anywhere (RPC over HTTP).
Question: What steps should you perform to enable MDM in Office 365?
Answer: To enable MDM in Office 365, you must perform the following steps:
5. Manage devices.
Resources
Additional Reading: For more information on Office Online, refer to Office Online Service
Description: http://aka.ms/qla0s5
Additional Reading: For more information, refer to What is OneDrive for Business?:
http://aka.ms/p9wzus
3-8 Enabling and Managing Office 365
Answer: You add the CNAME and SRV records to configure the Autodiscover service, and then
after you configure the CNAME and SRV records, Outlook and Skype for Business clients are able
to connect to Exchange Online and Skype for Business Online services in Office 365. You also
configure the MX record so that external email servers can locate and send email to Exchange
Online in Office 365.
Question: How can you verify that the Autodiscover service in Office 365 is properly configured?
Answer: Use Remote Connectivity Analyzer to simulate client connections. Open Outlook and
Skype for Business clients, and then verify that the clients can connect to Exchange Online and
Skype for Business Online services in Office 365.
Planning and configuring directory synchronization 4-1
Module 4
Planning and configuring directory synchronization
Contents:
Lesson 1: Planning and preparing for directory synchronization 2
Lesson 1
Planning and preparing for directory synchronization
Contents:
Resources 3
Planning and configuring directory synchronization 4-3
Resources
Additional Reading: For more information, refer to the Azure Hybrid Identity Design
Considerations Guide: http://aka.ms/ibuqek
Additional Reading: For more information, refer to You receive a "This company has
exceeded the number of objects that can be synchronized" error in a directory synchronization
report: http://aka.ms/r4x1q4
Additional Reading: For more information, refer to Prepare Active Directory and domains:
http://aka.ms/xwdxic
Additional Reading: For more information, refer to Prepare for directory synchronization:
http://aka.ms/esbu4f
Additional Reading: For more information, refer to Directory synchronization and source
of authority: http://aka.ms/fvexdc
Additional Reading: For more information, refer to Prepare for directory synchronization:
http://aka.ms/e1d0ft
Additional Reading: For more information, refer to Readiness Checks:
http://aka.ms/b3lsxp
Additional Reading: For more information, refer to IdFix DirSync Error Remediation Tool:
http://aka.ms/sr02nb
4-4 Enabling and Managing Office 365
Lesson 2
Implementing directory synchronization by using
Azure AD Connect
Contents:
Resources 5
Planning and configuring directory synchronization 4-5
Resources
Additional Reading: For more information, refer to Office 365 URLs and IP address ranges:
http://aka.ms/A4c1kq
Additional Reading: For more information, refer to Configuring Alternate Login ID:
http://aka.ms/nqh5gc
Additional Reading: For more information, refer to Monitor your on-premises identity
infrastructure and synchronization services in the cloud: http://aka.ms/dqaaps
4-6 Enabling and Managing Office 365
Lesson 3
Managing Office 365 identities with directory
synchronization
Contents:
Resources 7
Planning and configuring directory synchronization 4-7
Resources
Additional Reading: For more information on how to troubleshoot deleted user accounts
in Office 365 is available at the following link, refer to: http://aka.ms/cmof9n
Additional Reading: For more information, refer to Getting all Licensed Office 365 users
with PowerShell: http://aka.ms/me03qp
Additional Reading: For more information, refer to How to Use PowerShell to
Automatically Assign Licenses to Your Office 365 Users: http://aka.ms/pwr39r
Additional Reading: For more information, refer to Azure AD Connect sync: Configure
Filtering: http://aka.ms/au8smo
Additional Reading: For more information, refer to Directory synchronization and source
of authority: http://aka.ms/cdm2kk
Additional Reading: For more ore information, refer to How to troubleshoot Azure Active
Directory Sync tool installation and Configuration Wizard errors: http://aka.ms/bz5cjw
4-8 Enabling and Managing Office 365
Review Question(s)
Question: What are some of the typical issues that can arise if UPN suffixes are not properly configured
before directory synchronization is deployed?
Answer: If directory synchronization has already been deployed, the users UPN for Office 365
might not match the users on-premises UPN defined in AD DS; this can occur if the user was
assigned an Office 365 subscription license before the domain was verified.
In some environments, you might test all changes on a separate directory synchronization server in test
that is connected to a separate Office 365 tenant (trial). In addition, you should manually initiate run
profiles for each management agent in Synchronization Service Manager and observe the pending actions
before exporting to Office 365. In some cases, it might be a good idea to create a new run profile for
exporting to Azure AD that includes a maximum limit on the number of allowed deletions.
Tools
IdFix. The Office 365 IdFix tool provides you the ability to identify and remediate the majority of object
synchronization errors in your AD DS forests in preparation for deployment to Office 365.
After installing Azure AD Connect, you Add the appropriate Azure AD Connect domain
might be prompted with the following user account to the ADSyncAdmins group and sign
Planning and configuring directory synchronization 4-9
Module 5
Planning and deploying Office 365 ProPlus
Contents:
Lesson 1: Overview of Office 365 ProPlus 2
Lesson 1
Overview of Office 365 ProPlus
Contents:
Resources 3
Planning and deploying Office 365 ProPlus 5-3
Resources
Additional Reading: For more information, refer to Uninstall Office 2013, Office 2016, or
Office 365 from a Windows computer: http://aka.ms/imbv8i
Additional Reading: For more information, refer to Office 2016 Deployment Guides for
Admins: http://aka.ms/v9e5xl
Lesson 2
Planning and managing user-driven Office 365
ProPlus deployments
Contents:
Resources 5
Planning and deploying Office 365 ProPlus 5-5
Resources
Additional Reading: For more information, refer to 64-bit editions of Office 2013:
http://aka.ms/qovxa7
Additional Reading: For more information, refer to System requirements for Office:
http://aka.ms/ghq4zw
Additional Reading: For more information, refer to Office 365 mobile setup Help:
http://aka.ms/Ca6hpo
5-6 Enabling and Managing Office 365
Lesson 3
Planning and managing centralized deployments of
Office 365 ProPlus
Contents:
Resources 7
Planning and deploying Office 365 ProPlus 5-7
Resources
Additional Reading: For information, refer to Office Deployment Tool for Click-to-Run:
http://aka.ms/uic22i
Additional Reading: For more information, refer to Reference for Click-to-Run
configuration.xml file: http://aka.ms/clh5x3
Additional Reading: For more information, refer to Office 2016 Administrative Template
files (ADMX/ADML) and Office Customization Tool: http://aka.ms/bengwp
5-8 Enabling and Managing Office 365
Lesson 4
Office Telemetry and reporting
Contents:
Resources 9
Planning and deploying Office 365 ProPlus 5-9
Resources
Additional Reading: For more information, refer to Manage the privacy of data monitored
by telemetry in Office: http://aka.ms/qhi35p
Answer: You use this configuration file to specify the Universal Naming Convention (UNC) path
to the shared folder containing the Office 365 Pro Plus source files, and also to specify products
and languages to install.
Question: How can you verify that the Click-to-Run service is running?
Answer: Use Task Manager, and in the Processes list, under Background processes, look for
Microsoft Office Click-to-Run. You can also click the Details tab, and look for
officeclicktorun.exe in the task list.
Planning and managing Exchange Online recipients and permissions 6-1
Module 6
Planning and managing Exchange Online recipients and
permissions
Contents:
Lesson 1: Overview of Exchange Online 2
Lesson 2: Managing Exchange Online recipients 4
Lesson 1
Overview of Exchange Online
Contents:
Question and Answers 3
Resources 3
Planning and managing Exchange Online recipients and permissions 6-3
Resources
Additional Reading: For more information on the new features in the latest version of
Exchange Online, refer to What's new in Exchange Online: http://aka.ms/S44j3g
Additional Reading: You can obtain the Microsoft Online Services Sign-In Assistant for IT
Professionals RTW from the Microsoft Download Center: http://aka.ms/vl42dg
Additional Reading: You can download the Azure Active Directory Module for Windows
PowerShell (64-bit version) here: http://aka.ms/Pwx3a9
6-4 Enabling and Managing Office 365
Lesson 2
Managing Exchange Online recipients
Contents:
Question and Answers 5
Resources 5
Planning and managing Exchange Online recipients and permissions 6-5
( ) True
( ) False
Answer:
( ) True
() False
Feedback: A mail user combines some of the attributes of a full mailbox user with the
characteristics of a contact. The main difference between a mail user and a mailbox user is that
the mail user does not have a mailbox, although, unlike a contact, the mail user can sign in to
your Office 365 tenant.
Resources
Additional Reading: To download the sample .csv file, refer to Sample CSV file to bulk-
create external contacts in Exchange Online: http://aka.ms/t6ip2e
6-6 Enabling and Managing Office 365
Lesson 3
Planning and configuring Exchange Online
permissions
Contents:
Question and Answers 7
Planning and managing Exchange Online recipients and permissions 6-7
Answer: Answers will vary. In most organizations, a central team of Exchange administrators will
likely maintain full control of the Exchange environment, while another team might need
permissions to create mailboxes. Other organizations might have complicated administrative
scenarios in which different groups need many different permission levels.
6-8 Enabling and Managing Office 365
Answer: Before you can use Windows PowerShell to manage Exchange Online, you must connect
to it by following this procedure:
$credential = Get-Credential
Import-Module MsOnline
Answer: Exchange Online provides additional group features, which enable the creation of the
following group types:
Mail-enabled security groups
Question: In the lab, you ran the Set-CalendarProcessing "Conference Room" -AutomateProcessing
AutoAccept cmdlet. What do the -AutomateProcessing AutoAccept switches do?
Answer: The switches configure the room mailbox to process booking requests automatically.
Planning and configuring Exchange Online services 7-1
Module 7
Planning and configuring Exchange Online services
Contents:
Lesson 1: Planning and configuring email flow in Office 365 2
Lesson 1
Planning and configuring email flow in Office 365
Contents:
Question and Answers 3
Resources 3
Planning and configuring Exchange Online services 7-3
( ) Modify the default remote domain to block automatic replies and automatic forwarding.
( ) Create a new remote domain that blocks automatic replies and automatic forwarding.
( ) Use a script to block automatic replies and automatic forwarding for all users.
Answer:
() Modify the default remote domain to block automatic replies and automatic forwarding.
( ) Create a new remote domain that blocks automatic replies and automatic forwarding.
Feedback: The default remote domain applies to all outbound messages by using the address
space of *. You must modify this to block automatic replies and automatic forwarding.
Question: After adding a domain to Office 365, you need to configure it as an accepted domain before
Exchange Online can use it for email reception.
( ) True
( ) False
Answer:
( ) True
() False
Feedback: When you add a domain to Office 365, Office 365 adds it automatically as an
accepted domain.
Resources
Additional Reading: For information about customizing SPF records, refer to Customize an
SPF record to validate outbound email send from your domain: http://aka.ms/Bg0478
7-4 Enabling and Managing Office 365
Lesson 2
Planning and configuring email protection in Office
365
Contents:
Question and Answers 5
Resources 5
Planning and configuring Exchange Online services 7-5
( ) True
( ) False
Answer:
() True
( ) False
Feedback: The safe list is a list of email senders that Microsoft maintains that it knows to be safe
senders. Selecting the Enable safe list option ensures that EOP does not mark messages from
those safe senders as spam.
Resources
Additional Reading: For a list of IP addresses that EOP uses, refer to Exchange Online
Protection IP addresses:
http://aka.ms/Jbnjfg
7-6 Enabling and Managing Office 365
Lesson 3
Planning and configuring client access policies
Contents:
Question and Answers 7
Planning and configuring Exchange Online services 7-7
Answer: By default, Office 365 considers all computers to be private. The differentiation between
public and private is relevant only when you have configured AD FS for single sign on (SSO). In
this scenario, Office 365 considers a sign-in from the internal network to be private and a sign-in
from the external network to be public.
Question: The default configuration for mobile devices quarantines all devices until an administrator
approves them.
( ) True
( ) False
Answer:
( ) True
() False
Feedback: The default configuration for mobile devices allows any type of mobile device to
connect as long as the user has Exchange ActiveSync enabled. Exchange ActiveSync is enabled for
all users by default.
7-8 Enabling and Managing Office 365
Lesson 4
Migrating to Exchange Online
Contents:
Question and Answers 9
Resources 11
Planning and configuring Exchange Online services 7-9
( ) IMAP migration
( ) PST migration
( ) Exchange Online hybrid mode
Answer:
() IMAP migration
( ) PST migration
( ) Exchange Online hybrid mode
Feedback: For a non-Exchange email system, the only two migration options are IMAP or PST.
An IMAP migration results in less downtime, because there is no lag waiting for historical data to
be imported.
Question: Your organization has an on-premises Exchange Server 2010 deployment, and wants to
migrate to Office 365. Your organization has 3,000 mailboxes, with an average mailbox size of 1 GB.
Which migration type should you use?
Answer:
( ) Cutover Exchange migration
( ) PST migration
Feedback: Exchange Online hybrid mode is the best choice for migrating from Exchange Server
2010 to Office 365. In hybrid mode, you can do an incremental migration, and there is no end-
user downtime. You cannot perform a cutover or staged Exchange migration, because those
migration types are for Exchange 2007 or Exchange 2003 only. An IMAP migration does migrate
calendars and contacts., and end users must wait for historical data to import to their new
mailboxes if you use a PST.
7-10 Enabling and Managing Office 365
Question: A cutover migration batch continues synchronizing until you remove it.
( ) True
( ) False
Answer:
() True
( ) False
Sequencing Activity
Put the following steps for a staged Exchange migration in order, numbering each to indicate the correct
order from 1 through 9.
Steps
Configure a migration administrator account with Full Access permissions to the source
mailboxes.
Answer:
Steps
Steps
Resources
Additional Reading: For more detailed information, refer to Convert Exchange 2007
mailboxes to mail-enabled users after a staged Exchange migration: http://aka.ms/nncsic
This link also has scripts to simplify the conversion process.
Additional Reading: For additional detailed information about performing a staged
Exchange migration, refer to Perform a staged migration of email to Office 365:
http://aka.ms/m3lpyu
Additional Reading: For additional information about IMAP migration, refer to What you
need to know about migrating your IMAP mailboxes to Office 365: http://aka.ms/crn236
Additional Reading: For detailed information about Importing PST files into Office 365,
refer to Import PST files to Office 365: http://aka.ms/G2n2p7
Additional Reading: For detailed information about migrating public folders to Office 365,
refer to Use batch migration to migrate legacy public folders to Office 365 and Exchange Online:
http://aka.ms/F6ncbt
7-12 Enabling and Managing Office 365
Answer: Directory synchronization make the on-premises AD DS authoritative for most user
attributes. Therefore, all changes to users occur in AD DS. The Exchange management tools
require an Exchange server to be present on-premises to manage user attributes.
Question: You recently migrated all of your organizational mailboxes to Office 365. Many of your users
have mobile devices that connect by using Exchange ActiveSync. You security officer was shocked when
he saw that a user did not have a password on his mobile device. Why did this happen, and how can you
fix it?
Answer: The default mobile-device mailbox policy in Office 365 does not enforce any security
settings. You should work with your security officer to identify appropriate security settings and
modify the default mobile-device mailbox policy to enforce those settings.
Planning and configuring Exchange Online services 7-13
Answer: When you create a journal rule, it must point to an external email system. It is not
possible to configure a journal rule to send messages to an Office 365 mailbox.
Question: What formatting options are there for disclaimers in a transport rule?
Answer: You can format disclaimer text in a transport rule by using HTML. The <HR> tag that
this lab uses is HTML code for a horizontal rule that displayed when you sent the message to
alias@outlook.com.
Answer: It is easy to lose mobile devices, because they are small, and they can be targets for
thieves. When a mobile device is lost, a password provides some assurance that unauthorized
users do not have access to the devices data.
Planning and deploying Skype for Business Online 8-1
Module 8
Planning and deploying Skype for Business Online
Contents:
Lesson 1: Planning and configuring Skype for Business Online service settings 2
Lesson 2: Configuring Skype for Business Online users and client connectivity 5
Lesson 3: Planning voice integration with Skype for Business Online 7
Lesson 1
Planning and configuring Skype for Business Online
service settings
Contents:
Question and Answers 3
Resources 3
Planning and deploying Skype for Business Online 8-3
Answer:
Question: You can invite users from outside of your organization to Skype Meeting Broadcast, but only as
attendees, not as presenters.
( ) True
( ) False
Answer:
() True
( ) False
Resources
Additional Reading: For more information, refer to Skype for Business Compare plans:
http://aka.ms/vqcfmt
Additional Reading: For more information on the Skype for Business options that are
provided with Office 365 and Skype for Business Online stand-alone subscriptions, refer to Skype
for Business Online Service Description: http://aka.ms/eljskd
Additional Reading: For more information on the domain names, URLs, IP addresses, and
port numbers that Office 365 and Skype for Business Online require, refer to Office 365 URLs and
IP address ranges: http://aka.ms/Ef9aum
Additional Reading: The Skype for Business Bandwidth Calculator is a tool that you can
use to calculate bandwidth requirements. You can download this tool from: http://aka.ms/h028y7
8-4 Enabling and Managing Office 365
Additional Reading: For more information on Internet bandwidth usage for Office 365
services, refer to Network planning and performance tuning for Office 365: http://aka.ms/i09jrk
Lesson 2
Configuring Skype for Business Online users and
client connectivity
Contents:
Question and Answers 6
Resources 6
8-6 Enabling and Managing Office 365
Answer: To configure this, you must first allow external access for the organization, and then you
must disable external communication for the users who should be blocked from communicating
with external users.
Resources
Skype for Business Online client options
Additional Reading: For more information on the available Skype for Business features for
different clients, refer to Client comparison tables for Skype for Business Server 2015:
http://aka.ms/us67gj
Additional Reading: For more information on the available Skype for Business features for
different mobile device platforms, refer to Mobile client comparison tables for Skype for Business:
http://aka.ms/mrxvgx
Planning and deploying Skype for Business Online 8-7
Lesson 3
Planning voice integration with Skype for Business
Online
Contents:
Question and Answers 8
Resources 8
8-8 Enabling and Managing Office 365
Answer: Answers will vary. Cloud PBX is likely to appeal to organizations that are based in the
United States and that are looking at replacing a PBX system. Most organizations would need to
plan carefully to ensure that their Internet connection has enough bandwidth and is reliable
enough to support telephony.
Resources
Additional Reading: For more information on the licensing requirements for each of the
voice integration options, refer to Skype for Business Online licensing overview:
http://aka.ms/tm4tg0
Additional Reading: For more information on the features that ACPs and Microsoft dial-in
conferencing provide, refer to Dial-in conferencing in Office 365: http://aka.ms/Dt6jbp
Additional Reading: For more information on the PSTN voice-calling plans, refer to Skype
for Business Online PSTN services use terms: http://aka.ms/gv7f7f
Additional Reading: For more information on now to port existing phone numbers to
Office 365, refer to Transfer phone numbers over to Skype for Business Online:
http://aka.ms/I3rygm
Additional Reading: For more information on how to configure an emergency address,
refer to Add or remove an emergency address for your organization: http://aka.ms/meu76q
Additional Reading: For more information on how to plan for and configure PSTN
connectivity through an existing Skype for Business Server deployment, refer to:
http://aka.ms/jawfqa
http://aka.ms/ul1d3b
Reference Links: For more information on how to plan for and configure Cloud Connector
edition, refer to:
http://aka.ms/otqqzu
http://aka.ms/hmurjm
Planning and deploying Skype for Business Online 8-9
Additional Reading: For more information, refer to ExpressRoute and QoS in Skype for
Business Online: http://aka.ms/edfrbb
8-10 Enabling and Managing Office 365
Answer: Run the following commands if you want to block all communication with external
domains except for litware.com:
$x = New-CsEdgeDomainPattern -Domain "litware.com"
Answer: Answers will vary. Very large organizations or organizations that frequently make online
presentations to large numbers of users will likely use this feature. Smaller organizations are more
likely to meet their requirements just by using normal Skype for Business meetings.
Planning and configuring SharePoint Online 9-1
Module 9
Planning and configuring SharePoint Online
Contents:
Lesson 1: Configuring SharePoint Online services 2
Lesson 1
Configuring SharePoint Online services
Contents:
Question and Answers 3
Resources 3
Planning and configuring SharePoint Online 9-3
Answer: Answers will vary. SharePoint Online is a standardized service. In SharePoint Online, no
custom code solutions are available and for SharePoint on-premises, there is no need to size
hardware.
( ) True
( ) False
Answer:
( ) True
() False
Feedback: The new attachment size limit in SharePoint Online is 10 GB, according to the service
limits and boundaries.
Resources
Additional Reading: For more information, refer to SharePoint Online and OneDrive for
Business software boundaries and limits: http://aka.ms/jns65q
Additional Reading: For more information, refer to Turn scripting capabilities on or off:
http://aka.ms/Okimfj
9-4 Enabling and Managing Office 365
Lesson 2
Planning and configuring SharePoint Online site
collections
Contents:
Question and Answers 5
Resources 6
Planning and configuring SharePoint Online 9-5
( ) Community site
( ) Enterprise Wiki
Answer:
() Document Center site
( ) Community site
( ) Enterprise Wiki
() Search Center site
Feedback: Community site and Enterprise Wiki are not available in the Enterprise section of the
site collection templates in the SharePoint admin center.
Question: If you delete a site collection, you can restore it from the Recycle Bin for 30 days.
( ) True
( ) False
Answer:
() True
( ) False
Feedback: When you delete a site collection, it stays in the Recycle Bin for 30 days before it is
permanently deleted; this gives you a 30-day window of opportunity to restore the entire site
collection if it was deleted in error or your situation has changed and you want to retain it.
Question: Which of the following actions do you need to perform during the creation of a site collection?
(Select all that apply.)
( ) Define an administrator
Answer:
() Define an administrator
Feedback: You can define sharing settings, a second administrator, and the storage quota after
the creation of a site collection.
Resources
Additional Reading: For more information, refer to Introduction to the SharePoint Online
Management Shell: http://aka.ms/Yj9ioq
Additional Reading: For more information, refer to Use Windows PowerShell cmdlets to
administer site collections in SharePoint Online: http://aka.ms/rbb2c1
Planning and configuring SharePoint Online 9-7
Lesson 3
Planning and configuring external user sharing
Contents:
Question and Answers 8
Resources 9
9-8 Enabling and Managing Office 365
Answer:
Feedback: Users outside your organizations Azure Active Directory are referred to as external
users.
Question: From a user perspective, you can share content in SharePoint Online for internal users in the
same way as for external users.
( ) True
( ) False
Answer:
() True
( ) False
Feedback: With the appropriate settings, users can share content internally and externally with
the same user experience.
Question: Where can administrators enable external sharing for the Office 365 tenant? (Select all that
apply.)
( ) In the Office 365 admin center, use the setup menu
( ) In the Office 365 admin center, use the external sharing menu
Answer:
() In the Office 365 admin center, use the external sharing menu
Feedback: There are two options where Office 365 administrators can configure external user
sharing: with the external sharing menu of the Office 365 admin center and with the settings
menu in the SharePoint admin center.
Resources
Additional Reading: For more information, refer to Manage external sharing for your
SharePoint Online environment: http://aka.ms/adaoao
Additional Reading: For more information on configuring external user sharing for a
tenant or site collection, refer to Manage external sharing for your SharePoint Online
environment: http://aka.ms/adaoao
Additional Reading: For more information, refer to Windows PowerShell for SharePoint
Command Builder: http://aka.ms/n3apxc
For more information, refer to Index of Windows PowerShell for SharePoint Online cmdlets:
http://aka.ms/bccasb
9-10 Enabling and Managing Office 365
Review Question(s)
Question: Create a checklist for proper site collection planning.
Answer: While planning for site collections, you need to plan for the following:
Site collections side-by-side or top-down
Permissions inheritance
Branding
External user sharing permissions
Answer: The best ways can be to test access with external test users or to create external test
users who test access later.
Question: What is the best way to configure user profile settings and where do you get all the data?
Answer: Check if Azure Active Directory (Azure AD) Connect is in place and configure
synchronization of data from Active Directory to Azure AD. Azure AD fields will synchronize with
the Profile Fields section.
Planning and configuring an Office 365 collaboration solution 10-1
Module 10
Planning and configuring an Office 365 collaboration
solution
Contents:
Lesson 1: Planning and managing Yammer Enterprise 2
Lesson 2: Planning and configuring OneDrive for Business 5
Lesson 1
Planning and managing Yammer Enterprise
Contents:
Question and Answers 3
Planning and configuring an Office 365 collaboration solution 10-3
( ) Enterprise Network
( ) Enterprise Network and SharePoint Online
Answer:
() Enterprise Network
() Enterprise Network and SharePoint Online
Question: Which three features are available only in a Yammer Enterprise Network?
( ) Secure Enterprise Social Networking
( ) Enterprise Administrator
( ) Group Administrator
( ) Verified Administrator
( ) Enterprise Integrations
Answer:
( ) Secure Enterprise Social Networking
() Enterprise Administrator
( ) Group Administrator
() Verified Administrator
() Enterprise Integrations
Question: Which two things must be in place before you enable Yammer Enterprise within Office 365?
Answer:
() A verified custom domain
Lesson 2
Planning and configuring OneDrive for Business
Contents:
Question and Answers 6
Resources 7
10-6 Enabling and Managing Office 365
Answer:
Question: With the OneDrive for Business next-generation sync client, selective sync is possible.
( ) True
( ) False
Answer:
() True
( ) False
Question: Select three characters that are not supported in filenames that you store in OneDrive for
Business and SharePoint Online.
( )#
( ){
( )&
( )%
( )?
Answer:
() #
( ){
( )&
() %
() ?
Planning and configuring an Office 365 collaboration solution 10-7
Resources
Additional Reading: For more information, refer to System requirements for Office:
http://aka.ms/ghq4zw
Additional Reading: Download OneDrive for Business sync app in different languages and
for the x86 and x64 platforms from: http://aka.ms/we3v3g
Additional Reading: For more information, refer to Deploying the OneDrive for Business
Next Generation Sync Client in an enterprise environment: http://aka.ms/Q8m3fx
Additional Reading: For more information, refer to Deploying the OneDrive Next
Generation Sync Client on OS X and configuring work or school accounts: http://aka.ms/xdv82u
Additional Reading: For more information, refer to Meet the OneDrive for Business Next
Generation Sync Client: http://aka.ms/tvnzw1
Additional Reading:
For more information, refer to Which OneDrive sync client am I using?: http://aka.ms/p17elm
Additional Reading: For more information on the required prerequisites and configuration
settings, and how to plan for OneDrive for Business in SharePoint Server 2013, refer to Plan for
OneDrive for Business in SharePoint Server 2013 at: http://aka.ms/irhv85
Additional Reading: For more information, refer to How to redirect users to Office 365 for
OneDrive for Business at: http://aka.ms/j5ttiy
10-8 Enabling and Managing Office 365
Lesson 3
Configuring Office 365 groups
Contents:
Question and Answers 9
Planning and configuring an Office 365 collaboration solution 10-9
( ) Delve
( ) OneNote
( ) Skype for Business
Answer:
( ) Delve
() OneNote
( ) Skype for Business
Answer:
( ) True
() False
Answer:
Review Question(s)
Question: Discuss the differences between Office 365 groups and Yammer and possible use cases where
you need one tool or the other.
Answer: Some of the differences between Yammer and Office 365 groups are:
Synchronization is not working in OneDrive Check the limitations of the sync client
for Business Check the filenames
Check the file name length
Check the file size
Office 365 groups are enabled and used Familiarize yourself with the continuous
without administrative awareness changes within Office 365
Check groups and define a naming policy
Planning and configuring an Office 365 collaboration solution 10-11
Answer: If you implement federated identity model in Office 365, the user will log in by using
SSO. A user with a Yammer identity cannot sign in any longer.
Question: Which Windows PowerShell cmdlets can you use to create an Office 365 group and to add the
group owner?
Answer: First you need to connect to Exchange Remote PowerShell. Then, to create an Office
365 group, use the New-UnifiedGroup cmdlet, and to add an owner of the group, use the
New-UnifiedGroupLinks cmdlet.
Planning and configuring Rights Management and compliance 11-1
Module 11
Planning and configuring Rights Management and
compliance
Contents:
Lesson 1: Overview of the compliance features in Office 365 2
Lesson 2: Planning and configuring Azure Rights Management in Office 365 5
Lesson 1
Overview of the compliance features in Office 365
Contents:
Question and Answers 3
Resources 3
Planning and configuring Rights Management and compliance 11-3
( ) DLP
( ) A data processing agreement
( ) ISO 27018
( ) S/MIME for security-enhanced, certificate-based email access
Answer:
() DLP
( ) A data processing agreement
( ) ISO 27018
() S/MIME for security-enhanced, certificate-based email access
Question: What are the role groups that exist in the Protection Center?
( ) eDiscovery Manager
( ) Legal Hold Manager
( ) ComplianceUser
( ) ComplianceReviewer
Answer:
() eDiscovery Manager
Resources
Compliance and security features in Office 365
Additional Reading: For more information about data regions, refer to Where is my data?:
http://aka.ms/l4tjga
Additional Reading: For more information, refer to Office 365 Trust Center:
http://aka.ms/vjvvco
Additional Reading: For more information, refer to Office 365 Service Trust Portal:
http://aka.ms/vqu38w
11-4 Enabling and Managing Office 365
Additional Reading: Office 365 Secure Score is in preview at the time of this writing, so its
features and availability might change. For more information, refer to Office 365 Secure Score:
http://aka.ms/h7br1z
Planning and configuring Rights Management and compliance 11-5
Lesson 2
Planning and configuring Azure Rights Management
in Office 365
Contents:
Question and Answers 6
Resources 6
11-6 Enabling and Managing Office 365
( ) Viewer
( ) Author
( ) Reader
( ) Blocker
( ) Co-Author
Answer:
() Viewer
( ) Author
( ) Reader
( ) Blocker
() Co-Author
Question: To use Azure RMS between two organizations, a trust must be defined in a direct, point-to-
point relationship.
( ) True
( ) False
Answer:
( ) True
() False
Resources
Additional Reading: For more information about downloading the mobile applications
and the application for the desktop client, refer to Microsoft Rights Management:
http://aka.ms/j19a1v
Planning and configuring Rights Management and compliance 11-7
Lesson 3
Managing the compliance features in Office 365
Contents:
Question and Answers 8
Resources 8
11-8 Enabling and Managing Office 365
( ) A unique name
( ) A delete action
Answer:
() A unique name
() A delete action
Question: Preservation policies help to keep the content you need by preserving email and documents.
( ) True
( ) False
Answer:
( ) True
() False
Resources
Additional Reading: For more information, refer to Search the audit log in the Office 365
Protection Center: http://aka.ms/V27n6z
Planning and configuring Rights Management and compliance 11-9
Encrypted content is not accessible. Configure a super user account to get access to
the content.
11-10 Enabling and Managing Office 365
Answer: The best approach is to create a DLP rule and use Azure RMS to help protect all the files
and emails containing that information.
Question: Retention policies are helpful for reducing space in your mailbox.
( ) True
( ) False
Answer:
( ) True
() False
Monitoring and troubleshooting Microsoft Office 365 12-1
Module 12
Monitoring and troubleshooting Microsoft Office 365
Contents:
Lesson 1: Troubleshooting Office 365 2
Lesson 1
Troubleshooting Office 365
Contents:
Question and Answers 3
Resources 3
Monitoring and troubleshooting Microsoft Office 365 12-3
( ) Service Health
( ) Protection Center
( ) Service Requests
( ) Notification Center
( ) Alert Center
Answer:
() Service Health
( ) Protection Center
() Service Requests
( ) Notification Center
( ) Alert Center
Feedback: For monitoring and troubleshooting Office 365, you can use the Service Health and
Service Requests options.
Question: The Microsoft Office 365 Support and Recovery Assistant is a new tool that users can run to fix
common Outlook problems.
( ) True
( ) False
Answer:
() True
( ) False
Resources
Additional Reading: For information on which tools you should use for specific Office 365
problems, refer to Tools and Diagnostics: http://aka.ms/ude7mv
Lesson 2
Monitoring Office 365 service health
Contents:
Question and Answers 5
Resources 5
Monitoring and troubleshooting Microsoft Office 365 12-5
( ) Normal service
( ) Service anomaly
( ) Extended recovery
( ) Investigating
( ) Operations aborted
Answer:
() Normal service
( ) Service anomaly
() Extended recovery
() Investigating
( ) Operations aborted
( ) Via phone
Answer:
( ) Via Skype for Business
( ) Via email
() Via phone
() Via the Office 365 admin center
( ) Via the Office 365 App launcher
Resources
Managing Exchange Online reports by using Windows PowerShell
Additional Reading: To view a list of all Exchange Online Protection cmdlets, refer to:
http://aka.ms/i09sv9
Additional Reading: For more information on how to obtain and set up this management
pack, refer to System Center Management Pack for Office 365: http://aka.ms/it7q1b
Monitoring and troubleshooting Microsoft Office 365 12-7
Review Question(s)
Question: Describe how supporting on-premises systems differs from supporting Office 365.
Answer: With on-premises systems, you have complete control and access to the entire
environment, so you can perform detailed troubleshooting of system failures or other incidents.
With Office 365, Microsoft manages the network, hardware, and virtual machine environments,
and you do not have any access to review the environment or make any changes. You can only
create service requests when you see failures or other incidents.
Outlook client connectivity issues Look for Autodiscover issues in the Microsoft
Remote Connectivity Analyzer.
Unable to connect to the Skype for Use the Microsoft Office 365 Support and Recovery
Business client Assistant tool.
12-8 Enabling and Managing Office 365
Answer: In the Exchange Online admin center, sign in as an administrator, click mail flow, click
message trace, and then click Select Members.
Question: What is the first tool you will use to search for service incidents and failures?
Answer: The Service Health dashboard is the first tool that you will use.
Planning and configuring identify federation 13-1
Module 13
Planning and configuring identify federation
Contents:
Lesson 1: Understanding identity federation 2
Lesson 1
Understanding identity federation
Contents:
Question and Answers 3
Resources 4
Planning and configuring identify federation 13-3
Directory Services and SSO are key parts of integrating your on-premises environment and online services.
You are planning for the deployment of your companys Office 365 tenant. To ensure your users are able
to use their credentials from your on-premises AD DS, you need to evaluate which identity solution to
deploy based on your business requirements.
Passwords updated by users in on-premises AD DS should be available for use in accessing Office 365
services within five minutes.
After discussing these requirements with your engineering staff, which option for authentication should
your team consider for deployment?
Answer: The only supported option that meets all of your business requirements is federated
(SSO) authentication with AD FS.
The only supported option that meets all of your business requirements is federated (SSO)
authentication with AD FS.
With Azure AD Connect, passwords are synchronized more frequently than the standard
directory synchronization window for other attributes. The Password Sync feature checks every
two minutes as to whether passwords need to be synchronized.
When you enable the Password Sync feature, the password complexity policies configured in the
on-premises AD DS override any complexity policies that might be defined in Office 365 for
synchronized users.
If a user is in the scope of the Password Sync feature, the cloud account password is set to Never
Expire. This means that it is possible for a user's password to expire in the on-premises
environment, but they can continue to sign in to Office 365 using their expired password.
The password sync feature will not synchronize passwords for users with federated identities, and
is not supported. This limitation has several implications, including:
If an initially managed user with a password that has been synchronized to Office
365 is converted to a federated user and then converted back to a managed user,
the password that was initially synchronized is lost.
If an initially federated user that has updated a password on-premises is converted to a managed
user, the password will not be synchronized to the cloud. Consequently, the user will not be able
to use the password that has been set in on-premises AD DS to access services in Office 365.
13-4 Enabling and Managing Office 365
Resources
Claims-based authentication
Additional Reading: For a full list of definitions of terms associated with claims-based
identity, see Claims-based identity term definitions at http://aka.ms/wnc2ys
What is AD FS?
Additional Reading: For more information about using devices for MFA and SSO, see
Overview: Join to Workplace from Any Device for SSO and Seamless Second Factor
Authentication Across Company Applications, at: http://aka.ms/cnmkt7
Planning and configuring identify federation 13-5
Lesson 2
Planning an AD FS deployment
Contents:
Resources 6
13-6 Enabling and Managing Office 365
Resources
Additional Reading: For more information on the high availability solutions of SQL Server
refer to: http://aka.ms/lsr6m4
Capacity planning
Additional Reading: For more information about The AD FS Capacity Planning Sizing
spreadsheet, or to download it, refer to: http://aka.ms/n0uyfb
AD FS requirements
Additional Reading: For more information on the complete list of attribute stores
supported by AD FS, go to: http://aka.ms/vgazki
Additional Reading: For more information about the AD FS requirements, refer to:
http://aka.ms/m2kpbf
Planning and configuring identify federation 13-7
Lesson 3
Deploy AD FS for identity federation with Office 365
Contents:
Resources 8
13-8 Enabling and Managing Office 365
Resources
Additional Reading: For more information, refer to Federation Server Farm Using SQL
Server at: http://aka.ms/mok3lw
Additional Reading: For more information on all the available updates for AD FS, refer to:
http://aka.ms/r8x4zf
Additional Reading: For more information on customizing the proxy forms sign-in page,
see Customizing the AD FS forms based login page at: http://aka.ms/jyk1xa
Additional Reading: For more information on how to download and install the cmdlets for
Azure AD Module for Windows PowerShell, refer to: http://aka.ms/lq99g4
Managing an AD FS deployment
Additional Reading: To learn more about and download the Microsoft Office 365
Federation Metadata Update Automation Installation Tool, go to: http://aka.ms/i1hw8d
Verifying SSO
Lesson 4
Planning and implementing hybrid solutions
(Optional)
Contents:
Resources 10
13-10 Enabling and Managing Office 365
Resources
Additional Reading: For more information about configuring hybrid Exchange Server with
strong authentication, refer to: http://aka.ms/l5e665
Additional Reading: For more information about The Microsoft Exchange Server Deployment
Assistant, refer to: http://aka.ms/nxvn6i
Additional Reading: For more information on the configuration of these hybrid features refer to:
http://aka.ms/vaq5da
Planning and configuring identify federation 13-11
While all clients (internal/external) will eventually have to request a new token, your organizations
security policies require that external users request a new token at least once every 5 minutes and internal
users request a new token at least once every 10 minutes.
For internal requests, only the AD FS SSO Cookie Lifetime and the Relying Party Trust Token
Lifetime are considered. These values should be set higher for internal requests. Although the
value for the Relying Party Trust Token Lifetime is 20 minutes, each of the Relying Party Trust
Token Lifetime settings is skewed forward by +10 minutes. This is because the default value for
SharePoints SPSecurityTokenServiceConfig LogonTokenCacheExpirationWindow is set to
10. This setting instructs the SharePoint Security Token Service to invalidate a SAML token 10
minutes before it expire so a user can obtain a fresh token without disruption.
If the gMSA option is disabled during You can enable gMSA in the domain by running
configuration of AD FS, you might see an the following Windows PowerShell cmdlet on a
error message, such as Group Managed Windows Server 2012 domain controller:
Service Accounts are not available because
Add-KdsRootKey EffectiveTime
the KDS Root Key has not been set. (Get-Date).AddHours(-10)
Users are unable to authenticate with SSO The most common cause for SSO issues is matching
after subsequent directory the UPN of the user in Office 365 and on-premises
synchronizations. AD DS. In a hybrid scenario, you might need to
verify that the primary SMTP address located in the
proxyAddresses attribute in AD DS is the same as
the UPN.
SPN for the service account is not created. You might consider creating the SPN of the service
account by using the following Windows
PowerShell cmdlet: