MS-100 Identity & Services Resume Recap Samenvatting MS 100
440 views 11 purchases
Course
Microsoft MS100 MS-100 Identity & Services
Institution
Hogeschool Windesheim (HW)
Book
Exam Ref 70-346 Managing Off 365
Resume MS-100 Identity & Service for the Microsoft 365: MS-100 exam. Al subjects are handled of the microsoft Exam:
Design and Implement Microsoft 365 Services (25-30%)
Manage domains
Add and configure additional domains
Configure user identities for new domain name
Configure workloads for new dom...
Inhoud
MS-100.1 Office 365 management ......................................................................................................... 6
Office 365 overview............................................................................................................................. 6
Exchange Online Overview .............................................................................................................. 6
SharePoint Online Overview ......................................................................................................... 11
Teams Overview ............................................................................................................................ 14
Additional Resources Overview..................................................................................................... 17
Moving your Organization to Office 365 ........................................................................................... 19
Planning your Network With Office 365 ....................................................................................... 19
Planning your Email ....................................................................................................................... 20
Planning Your File Storage and Migration ..................................................................................... 21
Planning for Skype for Business..................................................................................................... 22
Planning for SActive Directory integration .................................................................................... 22
Planning your Hybrid Enviroment ..................................................................................................... 22
Planning your hybrid exchange environment ............................................................................... 22
Planning your Hybrid SharePoint environment ............................................................................ 24
Planning your Skype For Business Hybrid environment ................................................................ 24
Planning your Migration to Office 365 .............................................................................................. 25
Deployment Planning checklist for Office 365 .............................................................................. 25
Cleaning up your Directory............................................................................................................ 25
Performance considerations when migrating mail ....................................................................... 25
Configuring Office 365 ....................................................................................................................... 26
Office 365 clients ........................................................................................................................... 26
Office Clients for Office 365 are not all the same ......................................................................... 26
Office 365 Mobile Clients .............................................................................................................. 26
Office Online .................................................................................................................................. 27
Configuring Office client connectivity to Office 365 ......................................................................... 27
How automatic client configuration works ................................................................................... 27
DNS Records Required for Automatic Client Config ...................................................................... 27
Configuring Outlook Clients .......................................................................................................... 27
Configuring Azure Multi Factor Authenticaiton ............................................................................ 28
Troubleshooting Client Connectivity ............................................................................................. 28
Manging Office 365 ProPlus Deployments ........................................................................................ 28
Managing User-Driven Client installations ........................................................................................ 28
Office 365 Proplus Overview ......................................................................................................... 28
1
, Office 365 ProPlus Licensing and Activation ................................................................................. 28
Office 365 ProPlus Update Options ............................................................................................... 28
Restricting User Access to Office 365 ProPlus ............................................................................... 29
Managing Centralized Office 365 ProPlus Deployments................................................................... 29
Office 365 Pro Plus Deployment Overview ................................................................................... 29
Office Deployment Tool (ODT) ...................................................................................................... 29
Deploying Office 365 ProPlus using Group Policy ......................................................................... 30
Managing Office 365 ProPlus Updates .......................................................................................... 30
Configuring Office telemetry ............................................................................................................. 30
Office Telemetry Overview............................................................................................................ 30
Planning for Office Telemetry ....................................................................................................... 30
Data Collected by the Telemetry Agent ............................................................................................ 30
Install and Configure Office Telemetry ............................................................................................. 31
Configuring Microsoft Analytics ........................................................................................................ 31
Workplace Analytics Overview ...................................................................................................... 31
Configuring Workplace Analytics .................................................................................................. 31
MS-100.2 Microsoft 365 Tenant and Service Management ................................................................. 32
Planning Microsoft 365 in your On-premises Infrastructure ............................................................ 32
Preparing your Organization for Microsoft 365 Enterprise .......................................................... 32
Estimating Network bandwidth Requirements ............................................................................. 32
Testing your Existing Network ....................................................................................................... 32
Best Practices for Integrating to Office 365 .................................................................................. 32
Identify Deployment Advisor Strategy for Microsoft 365 Services ............................................... 33
Planning Your Identity and Authentication Solution......................................................................... 34
Modern Authentication in Microsoft 365 Deployments ............................................................... 34
Multi-Factor Authentication in Microsoft 365 Deployments ........................................................ 34
Planning Directory Synchronization .............................................................................................. 35
Planning Azure AD Connect Pass-Through Authentication ........................................................... 35
Federated Authentication in MIcrosoft 365 Deployments ........................................................... 36
Planning Active Directory Federation Services in Microsoft Azure ............................................... 36
Restricting Traffic in an AD FS Deployment................................................................................... 37
Azure Active Directory Seamless Single Sign ................................................................................. 38
Configuring Your Microsoft 365 Tenant ................................................................................................ 38
Planning Your Microsoft 365 Experience .......................................................................................... 38
Microsoft 365 Subscription Options.............................................................................................. 38
Microsoft 365 Component Services .............................................................................................. 39
2
, Planning your Microsoft 365 Subscription .................................................................................... 40
Planning a Migration to Microsoft 365 ......................................................................................... 40
Leveraging FastTrack and Partner Services ....................................................................................... 41
Introduction to Fastrack ................................................................................................................ 41
Fastrack Requirements .................................................................................................................. 41
Implementing Your Domain Services ................................................................................................ 42
Planning for Custom Domains ....................................................................................................... 42
Adding a Custom Domain to Microsoft 365 .................................................................................. 42
DNS Record Requirements ............................................................................................................ 43
Setting up a Custom Domain ......................................................................................................... 43
Configuring Tenant Roles .................................................................................................................. 44
Microsoft 365 Permission Model Overview .................................................................................. 44
Exchange Administrator ................................................................................................................ 44
Sharepoint Administrator .............................................................................................................. 45
Modern Desktop Administrator .................................................................................................... 45
Security and Compliance Administrator........................................................................................ 46
Skype For Business Administrator ................................................................................................. 46
Configuring Tennant Roles ............................................................................................................ 46
Managing Tenant Health and Services .............................................................................................. 47
Monitoring Service Health............................................................................................................. 47
Developing an Incident Response Plan ......................................................................................... 47
Requesting Assistance from Microsoft.......................................................................................... 48
Ms-100.3 Microsoft 365 Identity Management .................................................................................... 49
Managing User Security Groups and Licenses ............................................................................ 49
User Accounts and Licenses in Microsoft 365 ................................................................................... 49
Overview of User Identities ........................................................................................................... 49
Creating User Accounts ................................................................................................................. 49
Creating users with Windows PowerShell..................................................................................... 49
Managing User Licenses ................................................................................................................ 50
Recovering Deleted User Accounts ............................................................................................... 50
Admin Roles and Security Groups in Microsoft 365.......................................................................... 50
Using Admin Roles In Microsoft 365 ............................................................................................. 50
Overview of Groups in Microsoft 365 ........................................................................................... 52
Creating and Managing Groups..................................................................................................... 52
Azure AD Prvilieged Identity Management ................................................................................... 53
Just in time administrator access .................................................................................................. 53
3
, Password Management in Microsoft 365 ......................................................................................... 53
Planning Password Policies and Authentication ........................................................................... 53
Implementing Multi-Factor Authentication .................................................................................. 54
Plan and Implement Self-Service Password Management............................................................ 54
Manage Access Review ................................................................................................................. 54
Planning and Implementing Identity Synchronization ...................................................................... 55
Introduction to Identity Synchronization .......................................................................................... 55
Microsoft 365 Authentication Options.......................................................................................... 55
Microsoft 365 Provisioning Options .............................................................................................. 55
Directory Synchronization Overview ............................................................................................. 55
Azure AD Connect Overview ......................................................................................................... 56
Planning for Azure AD Connect ......................................................................................................... 56
Planning Directory Synchronization .............................................................................................. 56
Planning for Azure AD Connect ..................................................................................................... 57
Planning Azure AD Connect for Multi-Forest Scenarios ................................................................ 59
Planning Azure AD Connect Pass-thorugh Authentication ........................................................... 60
Configuring Azure AD Connect Pre-requisites............................................................................... 60
Set Up Azure AD Connect .............................................................................................................. 62
Azure AD Connect Health .............................................................................................................. 63
Managing Synchronized Identities .................................................................................................... 64
Managing Users with Directory Synchronization .......................................................................... 64
Managing Groups with Directory Synchronization ....................................................................... 65
Using Azure Ad Connect Sync Security Groups ............................................................................. 66
Troubleshooting Directory Synchronization.................................................................................. 66
Planning and Implementing Federated Identities ................................................................................. 68
Introduction to Federated Identities................................................................................................. 68
Claims-Based Authentication and Federated Trusts ..................................................................... 68
Overview of AD FS ......................................................................................................................... 70
ADFS vs Azure AD Connect Password Sync ................................................................................... 71
SSO Options for Microsoft 365 ...................................................................................................... 72
Understanding the Authentication Flows with AD FS ................................................................... 74
Planning an AD FS Deployment ......................................................................................................... 75
Planning an AD FS deployment ..................................................................................................... 75
Planning Active Directory Federation Services in Microsoft Azure ............................................... 77
ADFS Requirements ....................................................................................................................... 77
Implementing AD FS .......................................................................................................................... 80
4
, Installing and Configuring AD FS ................................................................................................... 80
Installing and Configuring Web Application Proxy for AD FS ........................................................ 81
Configuring AD FS by using Azure AD Connect.............................................................................. 82
Troubleshooting AD FS .................................................................................................................. 83
Implementing Application and External Access .................................................................................... 86
Implementing Applications in Azure AD............................................................................................ 86
Adding an Application ................................................................................................................... 86
Updating an Application ................................................................................................................ 86
Configuring Multi-Tenant applications.......................................................................................... 86
Removing an Application............................................................................................................... 87
Configuring Azure AD Application Proxy ........................................................................................... 87
Overview of an Azure AD Application Proxy ................................................................................. 87
Azure AD Application Proxy Prerequisites .................................................................................... 89
Open your ports ............................................................................................................................ 89
Installing and Registering a Connector .......................................................................................... 89
Designing Solutions for External Access ............................................................................................ 90
Manage External Access ................................................................................................................ 90
Licensing Guidance for Azure AD B2B Collaboration .................................................................... 91
Creating a Collaborative User ........................................................................................................ 91
Bijlage Powershell: ................................................................................................................................ 93
5
,Samenvatting MS100
MS-100.1 Office 365 management
Office 365 overview
Exchange Online Overview
Creating and managing Recipients
The following Recipient types are available:
• Mailboxes;
• Shared Mailboxes;
• Room Mailboxes;
• Equipment Mailboxes: to book equipment;
• Distribution groups;
• Security groups;
• Dynamic distribution Groups: Dynamically create a set of users based on an LDAP search in
Active Directory (AD) to distribute messages;
• Office 365 groups: Provides team collaboration such as document storage, a centralized
calendar;
• Mail Contacts;
• Mail users;
• Mail-enabled public folders.
Recipient types in a synchronized environment
When your Office 365 environment is not using directory synchronization, your environment will use
cloud IDs for Exchange Online only. This means you can create, modify, and delete all recipient types
in Office 365 directly. When you implement directory synchronization to your Office 365 tenant (that
is, you install Azure AD Connect to synchronize your local Active Directory), you must perform all
recipient management tasks locally.
Managing Anti-Malware and Anti-Spam Policies
Office 365 provides highly effective tools for minimizing the number of unwanted messages that
reach user mailboxes while providing strong defenses against malicious software. It scans incoming
messages and stores the results in the Anti-spam Message Headers that are part of every SMTP
message. When Microsoft Exchange Online Protection (EOP) scans an incoming message, it inserts an
X-Forefront-Antispam-Report header (X-header) into the SMTP header of the message.
Configuring Malware Filtering
EOP uses multiple industry-leading malware detection engines to scan incoming and outgoing mail,
with these engines being updated as new virus definitions appear.
In the Exchange Admin Center (EAC), you configure protection against malware in Office 365 with an
anti-malware policy. An anti-malware policy is a combination of two elements:
• A malware policy that defines what happens when malware is detected;
• A malware rule that defines who the policy applies to.
Exchange Online comes with a preconfigured malware filter that simply deletes the message without
providing any notifications. You can edit it in EAC of powershell but not delete the malware filter.
Policies are applied in order from highest priority down to lowest.
6
,To configure a malware policy with PowerShell, use the New-MalwareFilterPolicy command. To
configure a malware rule that applies a policy to users, groups, or domains, use the New-
MalwareFilterRule command.
Configuring connection Filtering
Exchange Online provides a connection filter based on IP addresses, with separate “IP allow” and “IP
block” lists. Unlike malware filters, there is only one default connection filter, but you can customize
its settings.
Settings that you can change are (Typically, the Allow setting overrides the Block setting):
• Allowed IP addresses;
• Blocked IP addresses;
• Enable safe list.
To configure connection filters using Windows PowerShell, you need to use the Set-
HostedConnectionFilterPolicy cmdlet. For example:
Set-HostedConnectionFilterPolicy "Default" -IPAllowList @{Add="192.168.1.100","192.169.3.1-
192.169.3.99";Remove="192.168.99.22"}
Configuring SPAM Filtering
Configuration settings for spam filters fall into the following categories:
• General (name, description);
• Spam and bulk actions;
• Block lists;
• International spam;
• Advanced options;
• Applied to.
The default spam filter policy applies to all messages and all mailboxes. You can then add additional
spam filter policies that apply different settings to separate groups and prioritize the application
order of those policies.
Managing Disaster Recovery NEeds
In-Place Archiving is a service in Office 365 that provides an additional user mailbox for storing older
messages, such as calendar items that are no longer of immediate importance. The difference
between the archive mailbox and the main mailbox is that the archive mailbox is much larger and is
not available offline. When planning for In-Place Archiving, you should consider the following:
• In-place archives are used to archive messaging data to a secondary mailbox associated with
the same user.
• This secondary mailbox can be accessed using Outlook for Windows, Outlook for Mac, or
Outlook on the web only when connected to Exchange Online (no offline access possible).
• The Online archive mailbox can be stored in Exchange Online or on-premises (in a hybrid
deployment).
• The Online archive mailbox size dynamically increases from 100 GB.
When archiving messages, you should consider the following options:
• Users move email into the personal archive manually or by using inbox rules.
• Use retention policies and tags to automatically archive items.
• Use bulk import to move PSTs into archives.
In-Place Archiving only applies to certain plan levels in Office 365. The following plans have the
service integrated (but it is also available as an add-on to various other Office 365 plans):
• Office 365 Enterprise E3, E4 or E5;
7
, • Office 365 Education A3 and A4;
• Office 365 Government G3 and G4;
• Exchange Online Plan 2.
You can find more info here.
Retention Policies and Tags
Retention tags and retention policies help you manage your organization’s email lifecycle. They
specify when a mailbox item should be deleted or moved to the archive mailbox.
• Retention tags are used to apply retention settings such as preservation time to folders and
individual items such as email messages.
• Retention policies are used to group retention tags to more easily apply them to mailboxes;
however, you can’t apply tags to a mailbox without a policy.
You can create three types of retention tags:
• Default Policy Tags: These tags are automatically applied to messages in an entire mailbox
where no other policy tag applies.
• Retention Policy Tags: These tags are automatically applied to the default folders in your
mailbox, such as your Inbox or Calendar.
• Personal tags: These tags are available in Outlook and Outlook on the web. Users can apply
them to a mailbox folder or an individual item.
You can create retention tags either in EAC or by using Windows PowerShell.
Retention tag types include some or all of the following elements:
• A unique name;
• A default folder (only for retention policy tags);
• A retention action. Available retention actions include:
o Delete and allow recovery;
o Permanently delete (do not allow user recovery);
o Move to archive (for archiving tags).
• A retention period, measured in days (with the option of Never for personal tags).
Selecting the Right Migration Option
You need to consider the following areas:
• Current email system;
• Exchange Server version;
• Long-term coexistence with Exchange;
• User numbers;
• IMAP connections;
• POP3 connections.
8
,Planning Migration Strategies
Source Email
Migration Approach Mechanism When to use
Server
• If you can migrate all data within an
Migrates all mailboxes at one time.
acceptable time (e.g., over a day or
Cutover Exchange Exchange 2010 Uses Outlook Anywhere connection to
weekend).
Migration or later mailboxes.
• If your organization has fewer than 2000
Requires manual Outlook profile updates.
users.
• If you use hybrid only for migration.
• If you plan to move to Exchange Online
Requires Azure AD Connect for directory
and do not need a full hybrid
synchronization.
Minimal (Express) Exchange 2010 configuration.
Configures hybrid but without federation
Hybrid Configuration or later • If you need to move users between your
functionality.
on-premises Exchange and Office 365.
Automatic Outlook profile updates.
• If you need Exchange on-premises for
recipient administration purposes.
Requires Azure AD Connect for directory
• If you have the needs for a long-term
synchronization.
Full Hybrid coexistence between your on-premises
Exchange 2010 Full-featured Exchange federation
Configuration (co- Exchange and Office 365.
or later between on-premises and Exchange
existence) • If you need to move users between your
Online organization.
on-premises Exchange and Office 365.
Automatic Outlook profile updates.
• If you only need to migrate your user’s
Any IMAP-
IMAP connection to user mailboxes. emails and its folder structure.
IMAP Migration accessible
Needs manual Outlook profile updates. • If you are migrating from a third-party
email server
mail system providing IMAP access.
• If you have a large amount of mailbox
data that needs to be migrated to Office
Migration tool to connect to PST files.
365.
Any mail PST files are transferred to Office 365
• If you run IMAP/POP3 servers and your
PST migration server that can using either:
clients can export PST files (e.g., use
store PST files - Network upload
Microsoft Outlook).
- Drive shipping
• If you do not want to overutilize your
Internet connectivity during migration.
Third-party migration
(for example, IBM • If none of the above-mentioned options
Any other
Domino, Novell 3rd party migration tool for migration. work for you and you want to migrate
email server
Groupwise, and so your user’s mailboxes to Office 365.
on)
Changing the DNS MX Records During an Office 365 Migration
• Cutover Migration: If performing a cutover migration, it is important to change the DNS MX
record prior to your final synchronization run. This ensures that no mail will be routed to
your on-premises Exchange server after you have completed the mailbox migration. It is
recommended that you set the TTL of your DNS MX record to 60 minutes when starting the
migration.
• Full or Minimal Hybrid Configuration: You can decide when you want to switch, it is
common to do this when most of the mailboxes are migrated.
• IMAP Migration: Once your mail is synchronized and you want to make the switch, you
change DNS MX records to point towards Office 365.
9
, MX Record points to Office 365: MX record Office 365 and filtering on-premise.
MX records on premise Mx records on premise Office 365 sends to internet
10
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller kevintjeuh. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.16. You're not tied to anything after your purchase.
