M365 Fundamentals - MS900
M365 for home has ____ types of subscriptions
2
You can install M365 apps on up to ___ PCs or Macs and ____ tablets.
5
How can you pay (billing) through M365 admin center?
ACH bank transfer or credit card
Which of the following organizations does a hybrid deployment make the most sense for?
An established business with a data center that is acquiring a new business A hybrid deployment probably makes sense for an established business with a data center that is acquiring a new business.
Which of the following organizations does a hybrid deployment make the most sense for?
An established business with a data center that is acquiring a new business.
What is MyAnalytics?
Analytics about your work patterns delivered as an email MyAnalytics is a summary of your working patterns generated from your everyday work in Microsoft 365. It is delivered as a report by email once a week.
_____ is used by Endpoint Manager for identity of devices, users, groups, and multi-factor authentication (MFA).
Azure AD
If you can't run something on your PC, you can run it on _______
Azure Virtual Desktop (AVD)
Is a service that allows users to connect to a Windows desktop running in the cloud. They enjoy all the benefits of Windows desktop and Microsoft 365 apps, without the overhead of installing software on the local device.
Azure Virtual Desktop (AVD) If you can't run something on your PC... you probably can on AVD
There are ___ plans for M365 for business...
Basic: No desktop versions of the apps, no advanced security, no device management Standard: Always up-to-date desktop and mobile versions of Office apps: Outlook, Word, Excel, PowerPoint, OneNote (plus Access and Publisher for PC only). Web versions of Word, Excel, and PowerPoint. File storage and sharing with 1 TB of OneDrive cloud storage. One license covers fully installed Office apps on 5 phones, 5 tablets, and 5 PCs or Macs per user1. Premium
Microsoft Endpoint Manager is part of which capability of M365?
Business Management. Endpoint Manager is part of the Business Management capability for M365.
How does M365 reduce the total cost of risk?
By improving security
What are the four key capability areas of CASBs?
CASBs are broken down into four key capability areas including Shadow IT Discovery, Information Protection, Threat Protection and Compliance.
Can provide additional consultancy and advice to ensure security and productivity targets are met. The program provides a pay-as-you-go subscription model for Windows 10 with per-user, per-month pricing that enables your business to scale up or down from month to month as your needs change.
Cloud solution provider partner
Evaluates Microsoft's and your company's controls.
Compliance Manager
Measures progress in completing recommended improvement actions within controls. Can help an organization to understand its current compliance posture. It also helps organizations to prioritize actions based on their potential to reduce risk.
Compliance score
What would you use to manage Windows-as-a-Service?
Configuration Manager allows you to configure Windows-as-a-Service including Service Channels and Deployment rings.
Are groups of devices used to initially pilot, and then to broadly deploy, each feature update in an organization.
Deployment rings
Compliance Score: ______ actively monitor systems to identify irregular conditions or behaviors that represent risk, or that can be used to detect intrusions or breaches.
Detective actions
Create a provisioning package to quickly configure one or more devices, even those without network connectivity. You create provisioning packages with the Windows Configuration Designer and can install them over a network, from removable media (like a USB drive), or in near field communication (NFC) tags or barcodes.
Dynamic provisioning
M365 for Enterprise All capability groups are Complete.
E5
Allows your organization to operate with zero standing access, this means that users who need privileged access, must request permissions for access, and once received it's just-in-time and just-enough access to perform the job at hand. Zero standing access provides a layer of defense against standing administrative access vulnerabilities.
Enabling privileged access management in M365
Which version of a product is the release version?
General Availability (GA)
Compliance center is available to customers with a Microsoft 365 SKU with one of the following roles:
Global administrator Compliance administrator Compliance data administrator
Combine public and private clouds, bound together by technology that allows data and applications to be shared between them. Gives your business greater flexibility, more deployment options and helps optimize your existing infrastructure, security and compliance.
Hybrid cloud
What additional security measure is suggested for users that only want to use email and Teams on their own devices?
Implement MFA. For personal devices, if users only want access to email or Microsoft Teams, then use app protection policies that require multi-factor authentication (MFA) to use these apps.
How to choose to be 100% cloud or be co-managed with Configuration Manager and _____
Intune
Insider risk workflow step: Cases are created for alerts that require deeper review and investigation of the details and circumstances around the policy match. The Case dashboard provides an all-up view of all active cases, open cases over time, and case statistics for your organization.
Investigate
Features in this Azure AD service tier: Azure AD + Self-service password reset for cloud users Device write-back (two-way synchronization between on-premises directories and Azure)
M365
Is the new name for Microsoft Threat Protection
M365 Defender
Can use the ________ in the Microsoft 365 admin center to quickly find answers to support related questions.
M365 Support Assistant bot
Review and modify all billing aspects in...
M365 admin center
Brings together all of the tools and data that are needed to help understand and manage an organization's compliance needs.
M365 compliance center
Business Basic ($5/user/month) Apps for business ($8.25/user/month)
M365 for Business
F3 (fka F1)
M365 plan: F3 (fka F1): designed for Firstline workers through purpose-built tools and resources that allow them to do their best work. $8/user/month with annual commitment No: email and calendar, meetings and voice (teams), advanced analytics, identity and access management, threat protection, information protection, compliance management
Compliance Score: _______ can't be bypassed, either intentionally or accidentally. An example of a mandatory action is a centrally managed password policy that sets requirements for password length, complexity, and expiration. Users must follow these requirements to access the system.
Mandatory actions
_____ is the new name for Microsoft Threat Protection.
Microsoft 365 Defender
Is a Cloud Access security broker (CASB). It operates as an intermediary between a cloud user and the cloud provider, to provide rich visibility to your cloud services, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services.
Microsoft Cloud App Security (MCAS)
A platform designed to help enterprise networks protect endpoints, by preventing, detecting, investigating, and responding to advanced threats.
Microsoft Defender for Endpoint (MSDE)
Is the new name for Microsoft Defender Advanced Threat Protection
Microsoft Defender for Endpoint (MSDE)
_____ is an MDM and MAM provider for your devices.
Microsoft Intune
Gives you secure access and file storage from anywhere.
Microsoft OneDrive
Helps organizations: § Report on the current state of the organization's security posture. § Improve their security posture by providing discoverability, visibility, guidance, and control. § Compare with benchmarks and establish key performance indicators (KPIs).
Microsoft Secure Score
Is a measurement of an organization's security posture, with a higher number indicating more improvement actions taken. Following the Security Score recommendations can protect your organization from threats. From a centralized dashboard in the Microsoft 365 security center, organizations can monitor and work on the security of their Microsoft 365 identities, data, apps, devices, and infrastructure.
Microsoft Secure Score
Products and services governed by the ____ are supported as long as customers stay current as per the servicing and licensing requirements published for the product or service and have the rights to use the product or service. Microsoft gives a minimum of 12 months' prior notification before ending support for products governed by the _____.
Modern Lifecycle Policy
Novel approach of managing Windows 10 similar to how mobile devices are managed by Enterprise Mobility Management (EMM) solutions. This approach allows you to simplify deployment and management, improve security, provide better end-user experiences, and lower costs for your Windows devices. Benefits include: · Easy to deploy and manage · Always up-to-date · Intelligent security, built in · Proactive insights
Modern Management
If your users need the newest features of Microsoft 365 Apps, but you need a predictable release schedule for monthly feature updates. What channel should you choose for your organization?
Monthly Enterprise Channel
With _____, your organization can send and receive encrypted email messages between people inside and outside your organization. Works with Outlook.com, Yahoo!, Gmail, and other email services. Email message encryption helps ensure that only intended recipients can view the message content.
Office 365 Message Encryption
Is online storage for individual users within an organization. It's the place where people can store, sync, and share their work files across multiple devices with ease and security.
OneDrive
Applications are the only things managed by the user
PaaS
Users can create flows to automate tasks in ____
Power Automate
Users can create flows to automate tasks in ______________. These can then be triggered from Microsoft Teams.
Power Automate
Use _____ integration to automated processes, analyze data and create virtual agents.
Power Platform
Users can create applications in _____
PowerApps
Owned and operated by third party cloud service providers who deliver their computing resources such as servers and storage over the internet. All hardware, software, and other supporting infrastructure owned and managed by the cloud provider.
Public cloud
WaaS Servicing Channel Feature updates are released to the semi-annual channel twice a year.
Semi-annual channel
You can configure M365 Apps to get updates from one of the following locations:
The Office Content Delivery Network (CDN) on the internet, A shared folder on your local network, An enterprise software deployment tool, such as Configuration Manager
True or False: The update channel that you choose for M365 apps doesn't have to match the update channel for Windows 10?
True.
Which group of users might benefit from Azure Virtual Desktop?
Users who work with confidential data. Azure Virtual Desktop can be configured to ensure that data is never stored on the local device.
Servicing Tool: Provides extensive control over Windows 10 updates and is natively available in the Windows Server operating system. In addition to the ability to defer updates, organizations can add an approval layer for updates and choose to deploy them to specific computers or groups of computers whenever ready.
Windows Server Update Services (WSUS)
Is for people to connect across their company, sharing ideas on common topics of interest.
Yammer
Does Microsoft Cloud App Security (MCAS) integrate with Microsoft Defender for Endpoint (MSDE)?
Yes
Who is responsible for submitting a claim for Service Credit?
Your organization. Your organization should submit a claim with Microsoft. Microsoft will then review your claim for approval.
You can assign a sensitivity label to a...
group, document, or email
Decision outcome from Conditional Access will be:
o Block access: most restrictive decision o Grant access: the least restrictive decision. It can still require one or more checks (MFA, device marked as compliant, etc.)
Advanced Audit includes these capabilities:
o Long-term retention of audit logs o Audit log retention policies o Access to crucial events for investigations o High-bandwidth access to the O365 Management Activity API
Workflow to manage insider risk:
policy, alerts, triage, investigate, action
Pillars to MSDE (Microsoft Defender for Endpoint)
§ Threat & vulnerability management § Attack surface reduction § Next generation protection § Endpoint detection and response § Automated investigation & remediation § Microsoft Threat Experts § Management & APIs
The main 2 action types that count towards the compliance score:
· Mandatory - these actions shouldn't be bypassed. For example, creating a policy to set requirements for password length or expiration. · Discretionary - these actions depend on the users understanding and adhering to a policy. For example, a policy where users are required to ensure their devices are locked before they leave them.
What is the minimum prior notification will Microsoft give before ending support for products governed by the Modern Lifecycle Policy?
12 months. Microsoft will provide a minimum of 12 months prior notification before ending support for products governed by the Modern Lifecycle Policy.
M365 has ____ categories of subscriptions for organizations
2
M365 Home comes in ___ plans...
2 Family Personal
Which of the following roles are needed to access MS Stream Audit log?
A M365 Global Admin Role or Exchange Admin Role are needed.
The CSP partner can provide...
Additional consultancy and advice to ensure security and productivity targets are met. The Cloud Solution Provider (CSP) program provides a pay-as-you-go subscription model for Windows 10 with per-user, per-month pricing that enables your business to scale up or down from month to month as your needs change.
M365 for Enterprise E5
All capability groups are Complete.
____ supports Fast Identity Online 2 (FIDO2)
Azure AD
How can your administrators stay up to date with the health of your services when on the go?
By using the Admin App to view the health status. Your administrators can use the Admin App to view and stay up to date with the health status of the services on the go.
Measures your progress in completing actions that help reduce risks around data protection and regulatory standards.
Compliance Manager
Measures progress in completing recommended improvement actions within controls. Can help an organization to understand its current compliance posture. It also helps organizations to prioritize actions based on their potential to reduce risk.
Compliance Score
Which M365 Enterprise Plan: § all same features as E3 plus latest advanced threat protection, security and collaboration tools. ($57/user/month with annual commitment)
E5
Which M365 for Enterprise? All capability groups are Complete.
E5
______ combines services you may know and already be using, including Microsoft Intune, Configuration Manager, Desktop Analytics, co-management, Microsoft Defender, and Windows Autopilot. These services are part of the Microsoft 365 stack to help secure access, protect data, and respond and manage risk.
Endpoint Manager
A one-stop web site to create policies and manage your devices. It plugs-in other key device management services, including groups, security, conditional access, and reporting. Shows devices managed by Configuration Manager and Intune.
Endpoint Manager Admin Center
M365 Enterprise plan: § designed for Firstline workers through purpose-built tools and resources that allow them to do their best work. ($8/user/month with annual commitment) · No: email and calendar, meetings and voice (teams), advanced analytics, identity and access management, threat protection, information protection, compliance management
F3 (fka F1)
A standard that specifies rules and guidance to manage personal information, and demonstrate compliance.
ISO 27001
Applications, Platform and OS managed by user
IaaS
Includes Windows Hello, Credential Guard, and Direct Access, and Azure Active Directory Premium plan 1. Microsoft 365 E5 also includes Azure Active Directory Premium plan 2.
Identity and access management
What categories are included in the Secure Score breakdown?
Identity, data, device, apps, and infrastructure.
Builds are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features and confirm compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered.
Insider Preview
You can deploy this... Using click-to-run From a local source With Microsoft Endpoint Configuration Manager (current branch) Interactive Guide
M365 Apps
Uses data from how people are currently working to identify areas where they might be more productive.
Microsoft 365 Workplace Analytics
Which of the following is a Cloud Access Security Broker that supports various deployment modes including log collection, API connectors, and reverse proxy?
Microsoft Cloud App Security
Which service integrates with MCAS to discover cloud app usage beyond the corporate network?
Microsoft Defender for Endpoint.
________ helps organizations: Report on the current state of the organization's security posture. Improve their security posture by providing discoverability, visibility, guidance, and control. Compare with benchmarks and establish key performance indicators (KPIs)
Microsoft Secure Score
Which of the following terms describes the way in which OneDrive data is stored globally?
Multi-Geo is an Office 365 feature that allows organizations so span their storage over multiple Office 365 geo locations and specify in which of those to store users' data.
Users can create flows to automate tasks.
Power Automate
Users can create flows to automate tasks. These can then be triggered from MS Teams.
Power Automate
_____ is an online workflow service that automates actions across the most common apps and services. For example, you can create a flow that adds a lead to Microsoft Dynamics 365 and a record in MailChimp whenever someone with more than 100 followers tweets about your company. You can use _____ to automate workflows between your favorite applications and services, sync files, get notifications, collect data, and much more.
Power Automate
Organization can take advantage of to receive on-site support, a dedicated technical account manager, and access to advisory services.
Premier Support for M365
Private preview Public preview General Availability (GA) Are...
Product or service lifecycle phases.
What capability is this: Includes instant messaging and online meetings with Microsoft Teams, email and calendaring with Outlook, familiar Office apps on all devices, advanced file storage and sharing with OneDrive, intranet and team sites, and enterprise social networks with Yammer.
Productivity and Teamwork
It is a software that's centrally hosted and managed by a cloud service provider (CSP) for customers.
SaaS
Devices on the _____ Channel must have their diagnostic data set to 1 (Basic) or higher, in order to ensure that the service is performing at the expected quality.
Semi-Annual
With this, you can: Automatically apply to content and apply encryption.
Sensitivity labels
What are the 4 key capability areas of CASBs?
Shadow IT Discovery, Information Protection, Threat Protection, and Compliance.
What are the three key elements of Conditional Access?
Signal, Decision, Enforcement Conditional Access is the tool used by Azure Active Directory to bring signals together, to make decisions, and enforce organizational policies.
Uses the same key to encrypt and decrypt the data is what type of encryption?
Symmetric encryption
A regulation that introduces rules to protect student information.
The Family Educational Rights and Privacy Act (FERPA)
How can your organization receive on-site support from Microsoft?
Through Premier Support Your organization can receive on-site support, a dedicated technical account manager, and access to advisory services.
How can your organization receive on-site support from Microsoft?
Through Premier Support. Your organization can receive on-site support, a dedicated technical account manager, and access to advisory services.
Insider risk case is composed of 3 things:
Triage, Investigate, Action
Sets up and pre-configures new devices, getting them ready for use. It's designed to simplify the lifecycle of Windows devices, for both IT and end users, from initial deployment through end of life.
Windows Autopilot
Is a set of technologies that protect your organization from accidental or malicious data leaks, without significant changes to your enterprise environment or apps. It provides this protection to both enterprise-owned devices and BYOD devices, and it does so without interfering with employees' regular workflows.
Windows Information Protection (WIP)
Identifies collaboration patterns that may impact productivity, workforce effectiveness, and employee engagement. Identifies collaboration patterns that may impact productivity, workforce effectiveness, and employee engagement.
Workplace Analytics
Using ______ in your organization can provide context to data, helping to: Address wasteful collaboration and meeting cultures. Enhance process efficiency and effectiveness Drive cultural transformations. Inform leadership excellence and development. Visualize data with dashboards and reports from Power BI and other reporting tools. Inform leadership initiatives and development. Develop executive dashboards and reporting systems.
Workplace Analytics
Information and data, devices (mobiles and PCs), and accounts and identities are the responsibility of...
the Customer
When Microsoft 365 Apps is updated, all the available updates for that update channel are installed at...
the same time.
2 Plans for M365 Home
1. M365 Family: $99.99/year - up to 6 people, up to 6TB of cloud storage, premium safety features in mobile app 2. M365 Personal: $69.99/year - 1 person, 1TB of storage
Consider the following when you choose the best model for your organization:
1. Recent investment in hardware 2. Outdated hardware and systems 3. Limited in-house IT resources 4. Available capital
MS will provide 2 different types of notifications for incidents:
1. Unplanned downtime: Where an incident has caused a service to become unresponsive or unavailable. 2. Planned maintenance: Where Microsoft regularly carries out service updates to the software and infrastructure that run services.
M365 for Enterprise has ____ of categories
3
M365 Apps deployment options:
4 Using click-to-run From a local source With Microsoft Endpoint Configuration Manager (current branch) Interactive Guide
Which of the following roles are needed to access Microsoft Stream audit logs?
A Microsoft 365 Global Admin role or an Exchange admin role are needed to access Microsoft Stream audit logs.
A requirement of a regulation, standard, or policy. It defines how to assess and manage system configuration, organizational process, and people responsible for meeting a specific requirement of a regulation, standard, or policy.
A control
Includes a summary of the most active alerts and a link where admins can view more detailed information, such as alert severity, status, category, and more.
Active alerts card
In which ways can the Microsoft 365 admin center home page be customized?
Add cards to suit your needs. The Microsoft 365 admin center home page has several default cards and in addition you can customize the page by adding cards to suit your needs.
M365 for Enterprise: E5
All capability groups are Complete.
What is MyAnalytics?
Analytics about your work patterns delivered as an email. MyAnalytics is a summary of your working patterns generated form your everyday work in M365. It is delivered as a report by email once a week.
Which may be an additional cost, has additional features to help protect devices, apps, and data, including dynamic groups, auto-enrollment, and conditional access.
Azure AD Premium
The decision outcome from Conditional Access will be 2 types of access:
Block: most restrictive decision Grant: least restrictive but it can still require one or more of the following checks: Require multi-factor authentication Require device to be marked as compliant Require Hybrid Azure AD joined device Require approved client app Require app protection policy (preview)
Is a bandwidth optimization technology included in some editions of Windows Server 2016, Windows 10 operating system, and some other operating systems. Files are cached on each individual client, and other clients can retrieve them as needed.
BranchCache
How can a PowerApps application be added to MS Teams channel?
By creating a lab. These apps can be added directly to Teams by creating labs for those apps. Apps can be accessed from the tabs.
Endpoint Manager has 3 parts:
Cloud, on-premises, and cloud + on premises
Refers to the need to keep confidential sensitive data such as customer information, passwords, or financial data. You can encrypt data to keep it confidential, but then you also need to keep the encryption keys confidential.
Confidentiality
What would you use to manage Windows as a service?
Configuration Manager. Configuration Manager allows you to configure Windows as a service including Service Channels and Deployment rings.
When using Windows Autopilot to configure a user's device, which of the following statements describe the only interaction required from the end user?
Connect to a network and verify their credentials. From the IT pro's perspective, the only interaction required from the end user is to connect to a network and to verify their credentials. Everything beyond that is automated.
Compliance Score: ______ try to keep the adverse effects of a security incident to a minimum, take corrective action to reduce the immediate effect, and reverse the damage if possible.
Corrective actions
Where is the best place to share ideas about how to improve a feature for Microsoft Stream?
Create a post in the Microsoft Stream UserVoice feedback forum. The Microsoft Stream team will see your ideas and discuss them with you.
Default update channel for M365 apps for business:
Current channel: approx every month to receive feature updates.
Supports requests to access data in Exchange Online, SharePoint Online, and OneDrive for Business. Ensures that Microsoft can't access your content to perform a service operation without your explicit approval. Brings you into the approval workflow for requests to access your content.
Customer lockbox
You are the compliance officer for your organization. You need to implement a policy to schedule the periodic verification of Azure Active Directory group memberships. Which tool should you use? a) Conditional Access b) Privileged Authorization Management c) Privileged Identity Management d) Access Reviews
D) Access Reviews
When deploying M365, to users without internet access, which deployment method should you use?
Deploy M365 apps from a local source. It does not require users to have an internet connection.
A cloud-based service that integrates with Configuration Manager. It provides insight and intelligence for you to make more informed decisions about the update readiness of your Windows clients. The service combines data from your organization with data aggregated from millions of devices connected to the Microsoft cloud. It provides information on security updates, apps, and devices in your organization, and identifies compatibility issues with apps and drivers. Create a pilot for devices most likely to provide the best insights for assets across your organization.
Desktop Analytics
Formerly known as federation, lets Teams and Skype for Business users communicate with users who are outside of your organization.
External access
Policies that an admin can configure to prevent individuals or groups from communicating with each other. When in place, people who shouldn't communicate with other specific users won't be able to find, select, chat, or call those users. Checks are in place to prevent unauthorized communication.
Information Barriers
Policy --> alerts --> triage --> investigate --> action
Insider risk workflow
OneDrive deployment tool and management for small business
Local installation OneDrive admin center
Which M365 for business subscription includes Azure Information Protection?
M365 Business Premium
Brings together all of the tools and data that are needed to help understand and manage an organization's compliance needs.
M365 Compliance Center
Which of the portals below allows modifying the payment method and frequency of a M365 subscription?
M365 admin center
Which of the following M365 subscription option is appropriate for companies with under 300 employees?
M365 for business. It is designed for companies under 300 employees.
Which service integrates with MCAS to discover cloud app usage beyond the corporate network?
Microsoft Defender for Endpoint (MSDE)
___ provides a unified programmability model that you can use to build apps for organizations and consumers that interact with your organization's data.
Microsoft Graph
Is a 100% cloud-based mobile device management (MDM) and mobile application management (MAM) provider for your apps and devices. It lets you control features and settings on Android, Android Enterprise, iOS/iPadOS, macOS, and Windows 10 devices.
Microsoft Intune
Microsoft provides a project management tool to help you manage your projects and the teams working on them.
Microsoft Planner
Provides a project management tool to help you manage your projects and the teams working on them.
Microsoft Planner
Collaborate, share content and coordinate your work within your organization.
Microsoft SharePoint
Brings together communications, knowledge, learning, resources, and insights into an integrated experience that empowers people and teams to be their best from anywhere.
Microsoft Viva
MS Viva Insights bring together which M365 services to empower individuals, managers, and leaders to improve organizational productivity and wellbeing?
MyAnalytics, Workplace Analytics, Glint. In addition to using Workplace Analytics and MyAnalytics, Viva Insights also uses Glint through LinkedIn.
Azure AD service tier that includes all the above plus Azure Identity protection, which includes risk based Conditional Access policies, risky accounts detection, risk event investigations and Identity governance capabilities, including Privileged Identity Management (PIM)
Premium P2
What as the highest assigned score when calculating Compliance Manager Scores?
Preventative mandatory = 27 Preventative discretionary = 9 Detective mandatory & Corrective mandatory = 3
Requires users to request just-in-time access to complete elevated and privileged tasks through a highly scoped and time-bounded approval workflow.
Privileged access management
As needed, Microsoft also provides each update channel with two additional types of updates:
Security updates, such as updates that help keep Office protected from potential malicious attacks. Quality updates, such as updates that provide stability or performance improvements for Office.
If your organization has line-of-business applications, add-ins, and macros that need to be tested to determine if they work with an updated version of Microsoft 365 Apps. What channel should you choose for your organization?
Semi-Annual Enterprise Channel
You are managing a project with people working in different locations. To improve collaboration and teamwork, you are encouraging more frequent and informal communication. Which Microsoft product is most suitable?
Teams. Teams allow people to chat one to one or in groups, or have audio or video calls. Chat is less formal than email, and you can quick switch to audio and video calls.
Modern Lifecycle Policy
Tells you when products will be discontinued. Microsoft gives a minimum of 12 months' prior notification before ending support for products governed by the Modern Lifecycle Policy. These notifications don't include any free services, or preview releases.
Cost, Speed, Global Scale, Productivity, Performance, Reliability, Security
Top benefits of cloud computing
Enables you to: o Automatically join devices to Azure Active Directory (Azure AD) or Active Directory (via Hybrid Azure AD Join). o Auto-enroll devices into MDM services, such as Microsoft Intune (Requires an Azure AD Premium subscription for configuration). o Restrict the Administrator account creation. o Create and auto-assign devices to configuration groups based on a device's profile.
Windows Autopilot
Servicing Tool: Is the second option for servicing Windows as a service. This servicing tool includes control over update deferment and provides centralized management using Group Policy. Windows Update for Business can be used to defer updates by up to 365 days, depending on the version. These deployment options are available to clients in the Semi-Annual Channel. In addition to being able to use Group Policy to manage Windows Update for Business, either option can be configured without requiring any on-premises infrastructure by using Intune.
Windows Update for Business
If you install Microsoft 365 Apps, how often do you need to be connected to the Internet?
You'll need to connect at least once every 30 days to ensure your license is still active.
Who is responsible for submitting a claim for Service Credit?
Your organization should submit a claim with Microsoft. Microsoft will then review your claim for approval.
3 types of reports for M365 admin center:
o Productivity score. This score benchmarks work done in your organization compared to other organizations like yours. o Usage. View usage by time period and Microsoft 365 service to understand how people in your organization are using Microsoft 365 services. o Security & Compliance. View data about malware detections, targeted users, threat protection, encryption, etc.
2 types of incident notifications:
o Unplanned downtime: where an incident has caused a service to become unresponsive or unavailable. o Planned maintenance: where Microsoft regularly carries out service updates to the software and infrastructure that run services.
Compliance center is available to customers with a Microsoft 365 SKU with one of the following roles:
§ Global administrator § Compliance administrator § Compliance data administrator
Reasons to upgrade to Office 365 services from Office Server versions to equivalent Office 365 services:
- Office Server 2013 and Office Server 2016 products (like Exchange Server and SharePoint Server) don't take advantage of the cloud-based services and enhancements. - Some Office Server 2010 products have a specified end-of-support date. - Office Server 2007 products are no longer supported. To help with migration from this version, hire a Microsoft partner. You can then roll out the new functionality and work processes to your users and decommission the on-premises servers running Office 2007 server products when you no longer need them.
Compliance Manager tracks 2 types of actions:
1. Your improvement actions: actions that your organization manages. 2. Microsoft actions: actions that Microsoft manages.
Windows as a Service - new features are released how many times in a year?
2 times. Frequent but smaller updates.
Privileged access approval remains valid for the requested duration or the default duration of _____
4 hours.
In order to connect Microsoft 365 Usage Analytics to Power BI, what data must you provide? a) Tenant ID b) Activity report ID c) Power BI Template ID d) Global Administrator Object ID
A) Tenant ID
Accessibility standard: EN301 549, US Section 508, WCAG 2.0, and ISO/IEC 40500 Inclusive of: vision, hearing, neurodiversity, learning, mobility, mental health.
Accessibility investments in M365
Insider risk workflow step: After cases are investigated, reviewers can quickly take action to resolve the case or collaborate with other risk stakeholders in your organization.
Actions
In which ways can the M365 admin center home page be customized?
Add cards to suit your needs. The M365 Admin Center home page has several default cards and in addition you can customize the page by adding cards to suit your needs.
Capabilities of this include: o Long-term retention of audit logs o Audit log retention policies o Access to crucial events for investigations o High-bandwidth access to the O365 Management Activity API
Advanced Audit
Microsoft 365 E5 includes Advanced eDiscovery, Customer Lockbox, Advanced Data Governance, Service Encryption with Customer Key, and Privileged Access Management.
Advanced compliance
Insider risk workflow step: Are automatically generated by risk indicators that match policy conditions and are displayed in the Alerts dashboard.
Alerts
M365 Education
Available for educational organizations and empowers educators to unlock creativity, promote teamwork, and provide a simple and safe experience in a single, affordable solution built for education.
Is a cloud-based solution that helps an organization classify and optionally, protect its documents and emails by applying labels. Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations.
Azure Information Protection
Microsoft Endpoint Manager is part of which capability of Microsoft 365?
Business Management. Microsoft EndPoint Manager is part of the Business Management capability for Microsoft 365.
Can provide additional consultancy and advice to ensure security and productivity targets are met.
Cloud solution provider partner
Means two different systems, one on-premises and one in the cloud, connect and work together at the same time as a single service (such as email).
Coexistence
Where is the best place to share ideas about how to improve a feature for Microsoft Stream?
Create a post in the Microsoft Stream UserVoice feedback forum. The Microsoft Stream team will see your ideas and discuss them with you.
Feature updates in Semi-Annual Enterprise Channel have already been released in _______ in previous months. _______ is the default update channel for Microsoft 365 Apps for business.
Current Channel
Supports requests to access data in Exchange Online, SharePoint Online, and OneDrive for Business. Ensures that Microsoft can't access your content to perform a service operation without your explicit approval. Brings you into the approval workflow for requests to access your content.
Customer lockbox
Azure AD tier that: includes single sign-on, self-service password change, multi-factor authentication, basic security/usage reports, and business-to business collaboration
Free
Azure AD tiers:
Free, M365, Premium (P1 and P2)
Which version of a product is the release version?
General Availability is the release version of a product
Is a combination of cloud services with on-premises services to support your IT needs.
Hybrid
What three phases does a feature have in the Microsoft 365 Roadmap?
In development, Rolling out, Launched The three phases that a feature has in the Microsoft 365 Roadmap are In development, Rolling out, and Launched
Is any event that has an effect on a service. Might occur because of hardware or software failures or issues.
Incident
Triage --> investigate --> action
Insider risk case
With the cloud solution provider (CSP) model, who provides your subscription?
It is a provided by a CPS partner. With the cloud solution provider model, your subscription is provided through an expert CSP partner.
Servicing Channel: Which meant only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years.
Long-Term Servicing Channel
Advanced Audit is available for organizations with _________ subscription.
M365 Enterprise E5 subscription
__________ control the features that are available to participants in meetings.
Meeting policies
Advanced compliance
Microsoft 365 E5 includes Advanced eDiscovery, Customer Lockbox, Advanced Data Governance, Service Encryption with Customer Key, and Privileged Access Management.
Meetings and voice
Microsoft 365 E5 includes Microsoft Teams, audio calls and phone system. E3 and F3 subscriptions include Microsoft Teams.
Discover and control the use of Shadow IT Protect your sensitive information anywhere in the cloud Protect against cyberthreats and anomalies Assess the compliance of your cloud apps
Microsoft Cloud App Security (MCAS) and the Cloud App Security Framework
Includes § Threat protection policies § Reports § Threat investigation and response capabilities § Automated investigation and response capabilities
Microsoft Defender for O365
What tool would you use to record captions? Autogenerated captions and transcript mode.
Microsoft Stream with build-in intelligence
Central hub for collaboration within your organization and provides a chat-based workspace to help everyone work efficiently.
Microsoft Teams
MFA
Microsoft authenticator app, SMS, voice call, OATH hardware token
Microsoft Viva Insights bring together which Microsoft 365 services to empower individuals, managers, and leaders to improve organizational productivity and wellbeing?
MyAnalytics, Workplace Analytics, Glint. In addition to using Workplace Analytics and MyAnalytics, Viva Insights also uses Glint through LinkedIn.
Is a good choice for collaborating and sharing your files, even if they have a limited scope or lifecycle.
OneDrive for Business
Compliance Score: ______ address specific risks.
Preventative actions
Cloud computing resources used exclusively by a single business or organization. Physically located on the company's on-site data centre or pay third party service providers to host. Services and infrastructure are maintained on a private network.
Private cloud
OneDrive deployment tool and management for medium sized business
Scripted installation or Microsoft Intune mobile device management (MDM) Office 365 with MDM, OneDrive admin center, Intune mobile application management (MAM) or MDM
Protection let you classify and protect your organization's data while ensuring that user productivity and collaboration aren't hindered.
Sensitivity labels from Microsoft Information Protection
With M365, you can meet your goals through ________ of all devices in your estate through Microsoft Endpoint Manager.
Simplified Management
True or False: All users who are part of the same Microsoft 365 tenant (with valid Yammer subscription) can use Yammer to work together.
True.
Links to the Microsoft Trust Center, which provides more information about security, compliance, and privacy in the Microsoft Cloud.
Trust Center
Where can reports about SharePoint activity and usage be found?
Use the SharePoint Admin Center to view reports about how SharePoint is being used within your organization.
Benefits of _____ are: o Traditionally, IT pros spend a lot of time building and customizing images that will later be deployed to devices. o From the user's perspective, it only takes a few simple operations to make their device ready to use. o From the IT pro's perspective, the only interaction required from the end user is to connect to a network and to verify their credentials. Everything beyond that is automated.
Windows Autopilot
Benefits of _______ are: o Traditionally, IT pros spend a lot of time building and customizing images that will later be deployed to devices. o From the user's perspective, it only takes a few simple operations to make their device ready to use. o From the IT pro's perspective, the only interaction required from the end user is to connect to a network and to verify their credentials. Everything beyond that is automated.
Windows Autopilot
Customize the out-of-box experience (OOBE) to deploy apps and settings that are pre-configured for your organization. Include just the apps your users need. Autopilot is the easiest way to deploy a new PC running Windows 10. You can also use it with Configuration Manager to upgrade Windows 7 or Windows 8.1 to Windows 10.
Windows Autopilot
If an employee has a device, and they can't run a piece of software on that device, they can use...
a virtual machine to run it.
When you create a sensitivity label, you can...
automatically assign that label to content when it matches conditions that you specify. As a result, the protection associated with that label is automatically applied. o You don't need to: § Train your users when to use each of your classifications. § Rely on users to classify all content correctly. § Ensure users know about your policies. Instead, they can focus on their work.
M365 Home 2 plans:
§ M365 Family: $99.99/year - up to 6 people, up to 6TB of cloud storage, premium safety features in mobile app § M365 Personal: $69.99/year - 1 person, 1TB of storage § Office Home & Student - 1 time purchase for PC and Mac
When devices are enrolled and managed in Intune, administrators can:
§ See the devices enrolled, and get an inventory of devices accessing organization resources. § Configure devices so they meet your security and health standards. For example, you probably want to block jailbroken devices. § Push certificates to devices so users can easily access your Wi-Fi network, or use a VPN to connect to your network. § See reports on users and devices that are compliant, and not compliant. § Remove organization data if a device is lost, stolen, or not used anymore.
Overall compliance score is calculated using scores that are assigned to actions. Actions come in two types:
· Your improved actions: actions that the organization is expected to manage. · Microsoft actions: actions that Microsoft manages for the organization.
Reasons to upgrade to Microsoft 365 licenses from Office 2013 or older to MS365 Apps:
- After April 2023, accessing Office 365 services (like Exchange Online, SharePoint) won't be supported if you're using Office 2013. - Office 2010 is only supported until 2020 and Office 2007 isn't supported at all.
Viva Insights for company leaders can...
...help address complex challenges and respond to change by shedding light on organizational work patterns and trends. These could include wellbeing opportunities, but also things like space planning as companies re-imagine their offices for hybrid work.
Deployment methods for M365 Apps
1. Click to run 2. Local source 3. With MS Endpoint Configuration Manager (current branch) 4. Interactive guide
What are these: Shadow IT Discovery, Information Protection, Threat Protection, and Compliance.
4 key capability areas of CASBs
You can install Microsoft 365 apps on up to ______ PCs or Macs and _____ tablets (iPad, Windows, or Android). If you change devices, you can transfer the installation. You can also view and edit files on Apple and Android devices with Microsoft 365 mobile apps.
5
The Office configuration XML file can be configured through which of the following? a) https://config.office.com b) https://configure.office.com c) https://config.office365.com d) https://configure.office365.com
A) config.office.com
Is available for organizations with a Microsoft 365 Enterprise E5 subscription. Additionally, a Microsoft 365 E5 Compliance add-on license can be assigned to users for when per-user licensing is required for features, as is the case for long-term retention of audit logs and access to crucial events for investigations.
Advanced Audit
Provides an end-to-end workflow to preserve, collect, review, analyze, and export content that's responsive to your organization's internal and external investigations. It also lets legal teams manage the entire legal hold notification workflow to communicate with custodians involved in a case.
Advanced eDiscovery solution
A service incident is:
Any event that has an effect on a service. Incidents might occur because of hardware or software failures or issues. Your organization can set up notifications for any new incidents, or notifications for updates to any active incidents that might affect your organization.
Which of these is the correct list of SharePoint built-in workflows?
Approval, Collect Feedback, Collect Signatures, Publishing Approval, Three-state SharePoint provides all these workflows to accelerate getting started with workflows
A grouping of controls from a specific regulation, standard, or policy.
Assessment
With Configuration Manager and Intune configured for co-management, which two Intune remote actions are available? a) User reset b) Factory reset c) Remote control d) Application reset
B and C) Factor reset and Remote control
_____ is a bandwidth optimization technology included in some editions of Windows Server 2016, Windows 10 operating system, and some other operating systems. Using _____, files are cached on each individual client, and other clients can retrieve them as needed.
BranchCache
Where users can discuss and get hands on with work. Facilitate features like tabs. Tabs make it possible for users to access and work on the same content.
Channels
Uses user accounts that exist only in Azure AD. While initially adopted by small organizations who had no on-premises capabilities, more and more enterprise organizations are seeing the benefits of moving their entire digital estate, data, apps and resources, into the cloud.
Cloud Identity
Helps simplify compliance and reduce risk by providing: § Prebuilt assessments based on common regional and industry regulations and standards. Admins can also use custom assessment to help with compliance needs unique to the organization. Also tracks various types of controls.
Compliance Manager
Uses signal information from the source of the request to build a context for determining overall risk, which is used to make an informed decision as to whether the session request should be granted or revoked.
Conditional Access
Your new colleagues on the admin team are unfamiliar with the concept of shared controls in Compliance Manager. How would the concept of shared controls be explained?
Controls that both your organization and Microsoft share responsibility for implementing.
Your new colleagues on the admin team are unfamiliar with the concept of shared controls in Compliance Manager. How would the concept of shared controls be explained?
Controls that both your organization and Microsoft share responsibility for implementing. Both your organization and Microsoft work together to implement these controls.
to remotely deploy and configure Surface devices in a zero-touch process, right out of the box. The devices will be automatically enrolled and configured when they are first turned on. This process eliminates reimaging during deployment, which lets you implement new, agile methods of device management and distribution:
Delivery Optimization and BranchCache
Azure AD service tier that includes single sign-on, self-service password change, multi-factor authentication, basic security/usage reports, and business-to business collaboration
Free
Which version of a product is the release version?
General Availability.
What additional security measure is suggested for users that want to access corporate applications on their own devices?
Implement MFA. For personal devices, if users only want access to email or Microsoft Teams, then use app protection policies that require MFA to use these apps.
Compliance score calculation is assigned at 3 levels:
Improvement action score: each action has a different impact on your score depending on the potential risk involved Control score: this score is the sum of points earned by completing improvement actions within the control. This sum is applied in its entirety to your overall compliance score when the control meets both of the following conditions: Implementation Status equals Implemented or Alternative Implementation, and Test Result equals Passed. Assessment score: this score is the sum of your control scores. It is calculated using action scores. Each Microsoft action and each improvement action managed by your organization is counted once, regardless of how often it is referenced in a control.
What three phases does a feature have in the Microsoft 365 roadmap?
In development, Rolling out, Launched. There are 3 phases that a feature has in the M365 roadmap.
Task management
Includes Planner, Power Apps, Power Automate, and To Do.
The most basic category of cloud computing services. You rent IT infrastructure - servers and virtual machines (VMs), storage, networks, operating systems - from a cloud provider on a pay-as-you-go basis.
Infrastructure as a service (IaaS)
WaaS Servicing Channel: This channel receives Windows features before general release, often during development. This allows organizations to test and evaluate new features and provide feedback to Microsoft.
Insider preview
Helps you identify, investigate, and address internal risks in your organization. With focused policy templates, comprehensive activity signaling across the Microsoft 365 service, and flexible workflow, you can use actionable insights to identify and resolve risky behavior quickly.
Insider risk management
Insider risk workflow step: Are created using pre-defined templates and policy conditions that define what risk indicators are examined in Microsoft 365 feature areas. These conditions include how indicators are used for alerts, what users are included in the policy, which services are prioritized, and the monitoring time period.
Insider risk management policies
M365 apps is:
Install Office desktop apps (Word, Excel, PowerPoint, OneNote, Access) on up to 5 PCs/Macs + 5 tablets + 5 smartphones per user with Microsoft 365 Apps for enterprise. Microsoft 365 F3 includes Office mobile apps and Office for the web.
o Deploy and authenticate apps on devices o Protect your company info by controlling the way users access and share info o Be sure devices and apps are compliant with security requirements
Intune
Microsoft Endpoint Manager is part of which capability of M365?
It is part of Business Management capability for M365
WaaS Servicing Channel Designed for specialist devices that do not run Office apps such as medical equipment or ATMs. These receive new features every two or three years.
Long-term servicing channel
___________ control which chat and channel messaging features are available to users.
Messaging policies
Which Microsoft 365 for business subscription includes Azure Information Protection?
Microsoft 365 Business Premium includes Azure Information Protection
Which of the following Microsoft 365 subscription option is appropriate for companies with under 300 employees?
Microsoft 365 Business is designed for companies with under 300 employees.
A unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.
Microsoft 365 Defender
_____ is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.
Microsoft 365 Defender
Turns any iOS or Android phone into a strong, passwordless credential. Users can sign in to any platform or browser by getting a notification to their phone, matching a number displayed on the screen to the one on their phone, and then using their biometric (touch or face) or PIN to confirm.
Microsoft Authenticator
Is a user-based subscription service that provides rich visibility and control over data travel and sophisticated analytics to identify and combat cyberthreats across all your cloud services.
Microsoft Cloud App Security (MCAS)
A cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. § Monitor and profile user behavior and activities § Protect user identities and reduce the attack surface § Identify suspicious activities and advanced attacks across the cyber-attack kill chain § Investigate alerts and user activities
Microsoft Defender for Identity (MSDI)
Is the new name for Azure Advanced Threat Protection
Microsoft Defender for Identity (MSDI)
New name for Azure Advanced Threat Protection Is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. § Monitor and profile user behavior and activities § Protect user identities and reduce the attack surface § Identify suspicious activities and advanced attacks across the cyber-attack kill chain § Investigate alerts and user activities
Microsoft Defender for Identity (MSDI)
Is the new name for Office 365 Advanced Threat Protection
Microsoft Defender for O365 (MSDO)
Which of the following safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools?
Microsoft Defender for Office 365 (MSDO) safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools
Is a unified API that provides a standard interface and uniform schema to integrate security alerts and threat intelligence from multiple sources, enriches alerts and data with contextual information, and automates security operations.
Microsoft Graph Security API
____ is a unified API that provides a standard interface and uniform schema to integrate security alerts and threat intelligence from multiple sources, enriches alerts and data with contextual information, and automates security operations.
Microsoft Graph Security API
Integrates with Azure Active Directory (Azure AD) to control who has access, and what they can access. It also integrates with Azure Information Protection for data protection. It can be used with the Microsoft 365 suite of products.
Microsoft Intune
Is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). You control how your organization's devices are used, including mobile phones, tablets, and laptops. You can also configure specific policies to control applications.
Microsoft Intune
With _____, you manage devices using an approach that's right for you. For organization-owned devices, you may want full control on the devices, including settings, features, and security. In this approach, devices and users of these devices "enroll" in _____. Once enrolled, they receive your rules and settings through policies configured in ______. For example, you can set password and PIN requirements, create a VPN connection, set up threat protection, and more.
Microsoft Intune
You can manage your Windows updates. This includes viewing information about the update, approving or declining the update, and viewing the computers that will install the update when if it is approved.
Microsoft Intune
_____ is a 100% cloud-based mobile device management (MDM) and mobile application management (MAM) provider for your apps and devices. It lets you control features and settings on Android, Android Enterprise, iOS/iPadOS, macOS, and Windows 10 devices. It integrates with other services, including Azure Active Directory (AD), mobile threat defenders, ADMX templates, Win32 and custom LOB apps, and more.
Microsoft Intune
_____ is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). Intune is integrated as part of the Microsoft Endpoint Manager in Microsoft 365, and enables users to be productive while keeping your organization data protected.
Microsoft Intune
Endpoint Manager includes which services?
Microsoft Intune, Configuration Manager, Co-management, Desktop Analytics, Windows Autopilot, Azure Active Directory, Endpoint Manager admin center
Lets you organize the activities in your project, starting with the overall plan, then assigning tasks to groups, known as buckets. Each task can be assigned a name or label, assigned to a team member, and given a deadline. Uses Microsoft 365 Groups to give project team members access to the plan and be assigned tasks. Using Microsoft 365 groups, team members can collaborate on the plan and receive notifications when it changes. o Fully integrates into Teams and Outlook to ensure that all your team members are fully updated about the tasks and activities they are working on and status updates on the project. o Default view is the board which shows each bucket and the associated tasks. You can filter and group by tasks. o Board, charts, schedule
Microsoft Planner
Organize the activities in your project, starting with the overall plan, then assigning tasks to groups, known as buckets. Each task can be assigned a name or label, assigned to a team member, and given a deadline. Microsoft provides a project management tool to help you manage your projects and the teams working on them. Fully integrates into Teams and Outlook to ensure that all your team members are fully updated about the tasks and activities they are working on and status updates on the project.
Microsoft Planner
_____ lets you organize the activities in your project, starting with the overall plan, then assigning tasks to groups, known as buckets. Each task can be assigned a name or label, assigned to a team member, and given a deadline. _____ uses Microsoft 365 Groups to give project team members access to the plan and be assigned tasks. Using Microsoft 365 groups, team members can collaborate on the plan and receive notifications when it changes.
Microsoft Planner
A representation of your organization's security posture and your opportunity to improve it. Following the recommendations can protect your organization from threats. From a centralized dashboard, organizations can monitor and work on the security of their Microsoft 365 identities, data, apps, devices, and infrastructure.
Microsoft Secure Score
Are categorized into identity, data, device, apps, and infrastructure. You're given points for configuring recommended security features, performing security-related tasks, or addressing the improvement action with a third-party application or software, or an alternate mitigation. Shows you the full set of possible improvements, regardless of license, so you can understand security best practices and improve your score. Keep in mind that security should be balanced with usability, and not every recommendation can work for your environment.
Microsoft Secure Score
Is a measurement of an organization's security posture, with a higher number indicating more improvement actions taken. Following the recommendations can protect your organization from threats. From a centralized dashboard in the Microsoft 365 security center, organizations can monitor and work on the security of their Microsoft 365 identities, data, apps, devices, and infrastructure.
Microsoft Secure Score
Is a representation of your organization's security posture and your opportunity to improve it. Following the Secure Score recommendations can protect your organization from threats. Helps organizations: Report on the current state of the organization's security posture. Improve their security posture by providing discoverability, visibility, guidance, and control. Compare with benchmarks and establish key performance indicators (KPIs). Are categorized into identity, data, device, apps, and infrastructure. You're given points for configuring recommended security features, performing security-related tasks, or addressing the improvement action with a third-party application or software, or an alternate mitigation.
Microsoft Secure Score
Share video content of meetings, training sessions, classes, and live events to help facilitate collaboration for your organization's teams. Video service that allows members of your organization to upload, watch and share videos in a secure manner.
Microsoft Stream
Video service that allows members of your organization to upload, watch, and share videos in a secure manner. You can share video content of meetings, training sessions, classes, and live events to help facilitate collaboration for your organization's teams.
Microsoft Stream
With this, you can... Create and manage content Control access Use audit logs Use with other apps Discover content Stream with built-in intelligence
Microsoft Stream
is a video service that allows members of your organization to upload, watch, and share videos in a secure manner. Makes it possible for you to share video content of meetings, training sessions, classes, and live events to help facilitate collaboration for your organization's teams.
Microsoft Stream
Central hub for collaboration within your organization and provides a chat-based workspace to help everyone work efficiently. Chat one-to-one or in groups, eliminate email clutter, encourage open discussion, start a call or share screens, messaging in real-time, chat from mobile device, and share useful files.
Microsoft Teams
______ is an extensible platform you can create custom applications on, putting your app at the heart of your organization's collaboration platform. Apps can be as simple or as complex as you need, from sending notifications to channels or users to complex multi-surface apps incorporating conversational bots, natural language processing, and embedded web experiences.
Microsoft Teams
Your organization can submit feedback about Microsoft 365 services performance and user experience. Microsof has patrtnered with ____________ to enable you and other Microsoft 365 services customers to share ideas about how you think Microsoft can improve services and experiences. This is the best way to make sure your voice is heard.
Microsoft Teams UserVoice
Brings together communications, knowledge, learning, resources, and insights into an integrated experience that empowers people and teams to be their best, from anywhere. Powered by the full breadth and depth of Microsoft 365, it is experienced through Microsoft Teams and other Microsoft 365 apps that people use every day.
Microsoft Viva
________ brings together communications, knowledge, learning, resources, and insights into an integrated experience that empowers people and teams to be their best, from anywhere.
Microsoft Viva
Brings all these experiences together into a company-branded employee app in Teams. It builds on the existing capabilities of SharePoint and Yammer and provides a curated, customized employee destination.
Microsoft Viva Connections
Brings all these experiences together into a company-branded employee app in Teams. It builds on the existing capabilities of SharePoint and Yammer and provides a curated, customized employee destination. It allows organizations to communicate and engage with employees and enables easy access to all the resources an employee needs to be successful.
Microsoft Viva Connections
Is a new unified app in Teams that brings together Workplace Analytics, MyAnalytics and Glint. It provides quantitative and qualitative data and insights to empower individuals, managers, and leaders to improve organizational productivity and wellbeing.
Microsoft Viva Insights
What is the minimum prior notification will Microsoft give before ending support for products governed by the Modern Lifecycle Policy?
Microsoft will provide a minimum of 12 months' prior notification before ending support for products governed by the Modern Lifecycle Policy
Which of the following statements about migration vs coexistence is true?
Migration is for cloud-only deployments and coexistence is for hybrid deployments.
Which of the following statements about migration vs. coexistence is true?
Migration is for cloud-only deployments and coexistence is for hybrid deployments.
With Intune provide tools for applying Windows updates to client computers in your organization. Configuration Manager allows rich management and tracking capabilities of these updates, including maintenance windows and automatic deployment rules.
Mobile Device Management (MDM)
___________ with Intune provide tools for applying Windows updates to client computers in your organization. Configuration Manager allows rich management and tracking capabilities of these updates, including maintenance windows and automatic deployment rules.
Mobile Device Management (MDM)
This approach allows you to simplify deployment and management, improve security, provide better end-user experiences, and lower costs for your Windows devices. With _____, you can now manage Windows 10 devices of all kinds, from desktop PCs to HoloLens and Surface Hubs, company-owned or employee-owned, as well as mobile devices using one management platform.
Modern management
Microsoft Viva Insights bring together which Microsoft 365 services to empower individuals, managers, and leaders to improve organizational productivity and wellbeing?
MyAnalytics, Workplace Analytics, Glint. In addition to using Workplace Analytics and MyAnalytics, Viva Insights also uses Glint through LinkedIn.
Zero Standing access is defined as?
Not getting security permissions by default Zero Standing Access means users who need privileged access, must request permissions for access, and once received it is just-in-time and just-enough access to perform the job at hand.
Zero Standing access is defined as?
Not getting security permissions by default. Zero Standing Access means users who need privileged access, must request permissions for access, and once received it is just-in-time and just-enough access to perform the job at hand.
Power BI Pro
Not in Premium capacity Collaborate with Premium per-user and Pro users by creating and sharing content. Premium capacity Collaborate with free, Premium per user, and Pro users by creating and sharing content.
Is an online service that's built on Microsoft Azure Rights Management (Azure RMS), which is used by Azure Information Protection (AIP). Includes encryption, identity, and authorization policies to help secure your email.
Office 365 Message Encryption (OME)
___ platform enables you to extend the functionality of Office applications, including Word, Outlook, and Excel. Office add-ins provide several options for how your solution can interact with an Office application. In this unit, we discuss two of those options: Task pane Content
Office add-ins
If you install M365 apps, how often do you need to be connected to the Internet?
Once, every 30 days to ensure your license is still active.
A cloud- based service that enables you to store and protect files, share files with others, access files from anywhere using an app or web-browser, and restore all files to a previous date and time. You can easily and securely store and access your files from all your devices. You can work with others regardless of whether they're inside or outside your organization and terminate that sharing whenever you want.
OneDrive
Simply a cloud-based file share for a small business or a highly utilized storage system that provides the basis for all collaboration within an enterprise. Enables you to securely share and work together on all your files.
OneDrive
You have recently been asked to manage a project that includes people from inside and outside your organization. You need to share files with everyone on the project. Which Microsoft product is most suitable?
OneDrive. You can password protect files and share files with people inside and outside your organization.
To reduce bandwidth consumption, you can enable...
Peer-to-peer content sharing. Or if your organization uses Window Intune, Windows updates can be deployed using Intune. o Reduce bandwidth consumption o Speed up content distribution by enabling peer to peer sharing
Benefits of M365
Personal productivity: 1. Enable teamwork and simplify workflow. 2. Stay productive on the go. 3. Get more done with AI-enabled tools. Organizational productivity: 1. Harness organizational knowledge 2. Manage all your endpoints 3. Protect your business
Refers to cloud computing services that supply an on-demand environment for developing, testing, delivering and managing software applications. Designed to make it easier for developers to quickly create web or mobile apps, without worrying about setting up or managing the underlying infrastructure of servers, storage, network and databases needed for development.
Platform as a service (PaaS)
_________ are used across the Microsoft Teams service to ensure the experience end-users receive conforms to the needs of the organization.
Policies
A suite of apps, services, connectors, and data platforms that provide a rapid application development environment to build custom apps for your business needs. Can quickly build custom business apps that connect to your business data stored either in the underlying data platform Common Data Service or in various online and on-premises data sources
Power Apps
If you're looking for deep data analytics and improved visualization capabilities, you'll need to use _____. It is a collection of software services, apps, and connectors that work together to turn your independent sources of data into coherent, visually immersive, and interactive insights. Your data may be an Excel spreadsheet or a collection of cloud-based and on-premises hybrid data warehouses. It lets you connect to your data sources, visualize and discover new insights, and share it with anyone or everyone you want.
Power BI
Is a collection of software services, apps, and connectors that work together to turn your unrelated sources of data into coherent, visually immersive, and interactive insights. Your data may be an Excel spreadsheet, or a collection of cloud-based and on-premises hybrid data warehouses. Lets you easily connect to your data sources, visualize and discover what's important, and share that with anyone or everyone you want.
Power BI
Is a collection of software services, apps, and connectors that work together to turn your independent sources of data into coherent, visually immersive, and interactive insights. 3 distinct flavors:
Power BI Flavors: § A Windows desktop application called Power BI Desktop § An online SaaS (Software as a Service) service called the Power BI service § Power BI mobile apps for Windows, iOS, and Android devices
Users can create chatbots using ___________ without writing any code. Users can then integrate those bots into Microsoft Teams by publishing the bots and making them reachable to Microsoft Teams from the ___________ portal.
Power Virtual Agents
Users can create chatbots using ______________ without writing any code. Users can then integrate those bots into Microsoft Teams by publishing the bots and making them reachable to Microsoft Teams from the ________ portal.
Power virtual agents
Users can create chatbots without writing any code. Can then integrate those bots into Teams by publishing the bots and making them reachable to MS Teams.
Power virtual agents
Users can create chatbots without writing any code. Users can then integrate those bots into Microsoft Teams by publishing the bots and making them reachable to Microsoft Teams from the portal.
Power virtual agents
Users can create applications in ______. Those applications can then be added directly to Microsoft Teams by creating tabs for those apps.
PowerApps
Subcategory for Compliance Score - Preventive actions:
Preventative actions are designed to handle specific risks, like using encryption to protect data at rest if there were breaches or attacks.
Categories for what: Identity, data, device, apps, and infrastructure.
Secure Score breakdown
Microsoft 365 for business is designed for...
Small and medium sized organizations. Like Microsoft 365 Enterprise, Microsoft 365 for business offers the full set of Office 365 productivity tools and includes security and device management features. It doesn't include some of the more advanced information protection, compliance, or analytics tools available to enterprise subscribers. It's designed for organizations that need up to 300 licenses; if your organization is larger than that, you'll have to subscribe to a Microsoft 365 Enterprise plan instead.
Identities, devices, applications, data, infrastructure, and networks are...
The 6 foundational pillars of the Zero Trust model
If you opened a new office abroad, you should use ____ for compliance management.
The regional compliance page of the service trust portal
What is the purpose of applying sensitivity labels to your data?
To enforce data protection policies. Data sensitivity labels are linked to data protection policies that then protect the data, for example by encrypting data.
True of Fales: Configuration Manager manages on-premises infrastructure and Intune manages cloud-based functions.
True
Enable your users to send text-based messages to your organization's web services. Your services can then respond with a message consisting of text or a card that includes text and image type content.
Webhooks
_____ sets up and pre-configures new devices, getting them ready for use. It's designed to simplify the lifecycle of Windows devices, for both IT and end users, from initial deployment through end of life.
Windows Autopilot
4 steps to set up and use privileged access:
o Create an approvers group o Enable privileged access o Create an access policy o Submit/approve privileged access requests
M365 for business is designed for _______ sized organizations
small and medium
Modern Lifecycle Policy tells you...
when products will be discontinued.
Compliance Manager tracks the following types of controls:
· Microsoft-managed controls: controls for Microsoft cloud services, which Microsoft is responsible for implementing. · Your controls: sometimes referred to as customer-managed controls, these are implemented and managed by the organization. · Shared controls: responsibility for implementing these controls is shared by the organization and Microsoft.
M365 for Business
- Designed for small and medium sized organizations. - 3 plans: 1. Basic: $5/user/month. Cannot: host webinars that include attendee registration pages, email confirmations and reporting, use Microsoft Bookings, Desktop versions of office apps for PC and Mac, Advanced security, Device Management. 2. Standard: $12.50/user/month. No: Advanced security, Device management. 3. Premium: $20/user/month.
Viva Insights for Managers can...
...provide data-driven, privacy-protected insights and recommendations to foster healthy, successful teams. For instance, Viva Insights can help a manager see if their team is at risk of burnout and provide recommendations like encouraging your team to turn off notifications, set boundaries in their calendar, and set daily priorities to focus on what matters most.
Your organization can keep track of the health status of services in 3 different ways:
1. Admin app: Your administrators can use the Admin App to view and stay up to date with the health status of the services on the go. 2. Microsoft system center: Your administrators can view all service communications from within System Center if your organization has the Office 365 Management Pack. 3. API: Your organization can use the Office 365 Service Communications API to create or use tools that can connect and monitor the service status for you in real-time.
3 plans for M365 for Business
1. Basic: $5/user/month. Cannot: host webinars that include attendee registration pages, email confirmations and reporting, use Microsoft Bookings, Desktop versions of office apps for PC and Mac, Advanced security, Device Management. 2. Standard: $12.50/user/month. No: Advanced security, Device management. 3. Premium: $20/user/month.
M365 for business has 4 subscription tiers:
1. Business basic: Exchange, OneDrive, SharePoint, Teams 2. Apps for business: M365 apps, OneDrive 3. Business standard: M365 apps, Exchange, OneDrive, SharePoint, Teams 4. Business premium: M365 apps, Exchange, OneDrive, SharePoint, Teams, Intune, Azure Information Protection
Support options for M365 services:
1. Community-based support 2. M365 support assistant 3. Web, email, and telephone support 4. FastTrack 5. Premier Support for M365 6. Support through a Microsoft partner
M365 for enterprise has 3 subscription tiers:
1. F3: Partial - M365 mobile and web only, meetings and voice, IAM, threat protection, information protection Complete - email and calendar, social and intranet, files and content, task management, device and app management, security management 2. E3: Partial - meetings and voice, advanced analytics, IAM, threat protection, information protection Complete - M365 apps email and calendar, social and intranet, files and content, task management, device and app management, security management 3. E5: Everything from E3 + advanced compliance
Manage and deploy OneDrive based on size of organization: 1. Small 2. Medium 3. Enterprise
1. Local install and manage through OneDrive admin center 2. Scripted install or Intune MDM and manage through O365 with MDM, admin center or intune with MDM 3. Microsoft Endpoint Manager with Intune or Windows Autopilot and manage through Microsoft Endpoint Configuration Manager, Group Policy Objects (GPOs)
M365 Home
1. M365 Family: $99.99/year - up to 6 people, up to 6TB of cloud storage, premium safety features in mobile app 2. M365 Personal: $69.99/year - 1 person, 1TB of storage § Office Home & Student - 1 time purchase for PC and Mac
The two different service models require different approaches:
1. Migration (for cloud only deployments) 2. Coexistence for hybrid deployments
Benefits of M365
1. Personal productivity - enable teamwork and simplify workflow - stay productive on the go - get more done with AI-enabled tools 2. Organizational productivity - harness organizational knowledge - manage all your endpoints - protect your business
The parts of Power BI: 1. Windows Desktop Application 2. Online SaaS service 3. Windows, iOS, and Android devices
1. Power BI Desktop 2. Power BI service 3. Power BI mobile apps
2 types of updates that Microsoft provides with each update:
1. Security updates: help keep office protected from malicious attacks. 2. Quality updates: provide stability or performance improvements for Office.
M365 optimizes costs by:
1. Vendor license cost consolidation 2. IT administration and deployment savings 3. Reduce total cost of risk 4. Physical and travel expense cost displacement 5. Save on automation and process improvements 6. Capital expenditure to operational expenditure cash flow
Focus on 3 areas when deciding which cloud model to choose:
1. cost, 2. security/reliability 3. compliance, functionality Also consider: o Recent investment in hardware o Outdated hardware and systems o Limited in-house IT resources o Available capital
All releases of Windows 10 have _______ of servicing for all editions--these updates provide security and feature updates for the release. Customers running Enterprise and Education editions have an additional _______ of servicing for specific Windows 10 releases, for a total of ______ from initial release.
18 months 12 months 30 months
Service Credits your organization can receive is linked to your monthly uptime percentage: <99.9% monthly uptime percentage = <99% monthly uptime percentage = <95% monthly uptime percentage =
25% service credit 50% service credit 100% service credit
How many plans for M365 Enterprise?
3 E3 E5: E5 includes all of the same features as E3 plus the latest advanced threat protection, security, and collaboration tools. F3 (formerly F1): F3 is designed for Firstline Workers through purpose-built tools and resources that allow them to do their best work.
Windows as a Service offers ___ number of servicing channels:
3 Insider preview. This channel receives Windows features before general release, often during development. This allows organizations to test and evaluate new features and provide feedback to Microsoft. Semi-annual channel. Feature updates are released to the semi-annual channel twice a year. Long-term servicing channel. Designed for specialist devices that do not run Office apps such as medical equipment or ATMs. These receive new features every two or three years.
Windows as a Service offers ____ servicing channels each receiving feature updates at different frequencies.
3 o Insider preview. This channel receives Windows features before general release, often during development. This allows organizations to test and evaluate new features and provide feedback to Microsoft. o Semi-annual channel. Feature updates are released to the semi-annual channel twice a year. o Long-term servicing channel. Designed for specialist devices that do not run Office apps such as medical equipment or ATMs. These receive new features every two or three years.
Signal, Decision, Enforcement.
3 key elements of Conditional Access. Conditional Access is the tool used by Azure AD to bring signals together, to make decisions, and enforce organizational policies.
You can deploy Windows 10 using the following methods:
4 methods: Windows Autopilot. Customize the out-of-box experience (OOBE) to deploy apps and settings that are pre-configured for your organization. Include just the apps your users need. Autopilot is the easiest way to deploy a new PC running Windows 10. In-place upgrade. Upgrade a device's operating system without reinstalling. You can migrate apps, user data, and settings from one version of Windows to another (like going from Windows 8.1 to Windows 10). Dynamic provisioning. Create a provisioning package to quickly configure one or more devices, even those without network connectivity. Subscription activation. Use a subscription to switch from one edition of Windows 10 to another. For example, you can switch from Windows 10 Pro to Windows 10 Enterprise. When a licensed user signs into a device (and they have credentials associated with a Windows 10 E3 or E5 license), the OS changes from Windows 10 Pro to Windows 10 Enterprise, and all the appropriate Windows 10 Enterprise features are unlocked.
Licensing for identity and conditional access
4 types: 1. Free: includes single sign-on, self-service password change, multi-factor authentication, basic security/usage reports, and business-to business collaboration 2. M365: includes all the free features plus identity, self-service password reset, and device write-back (two-way synchronization between on-premises directories and Azure) 3. Premium P1: includes free, Office 365, and premium features including Conditional access based on group, location, and device status, Microsoft Cloud App Discovery, Advanced security and usage reports, advanced group access management, and hybrid identities 4. Premium P2: includes all the above plus Azure Identity protection, which includes risk based conditional access policies, risky accounts detection, risk event investigations and Identity governance capabilities, including Privileged Identity Management (PIM)
These are the ______. Control: Putting you, the customer, in control of your privacy with easy-to-use tools and clear choices. Transparency: Being transparent about data collection and use so that everyone can make informed decisions. Security: Protecting the data that's entrusted to Microsoft by using strong security and encryption. Strong legal protections: Respecting local privacy laws and fighting for legal protection of privacy as a fundamental human right. No content-based targeting: Not using email, chat, files, or other personal content to target advertising. Benefits to you: When Microsoft does collect data, it's used to benefit you, the customer, and to make your experiences better.
6 privacy principles
These are: o Control: Putting you, the customer, in control of your privacy with easy-to-use tools and clear choices. o Transparency: Being transparent about data collection and use so that everyone can make informed decisions. o Security: Protecting the data that's entrusted to Microsoft by using strong security and encryption. o Strong legal protections: Respecting local privacy laws and fighting for legal protection of privacy as a fundamental human right. o No content-based targeting: Not using email, chat, files, or other personal content to target advertising. o Benefits to you: When Microsoft does collect data, it's used to benefit you, the customer, and to make your experiences better.
6 privacy principles
3 distinct flavors of Power BI:
A Windows desktop application called Power BI Desktop An online SaaS (Software as a Service) service called the Power BI service Power BI mobile apps for Windows, iOS, and Android devices
Is used to represent people who are all part of a single organization, and regularly collaborate. All users who are part of the same Microsoft 365 tenant can use it to work together.
A Yammer network
____ provides new auditing capabilities that can help your organization with forensic and compliance investigations. Is available for organizations with a Microsoft 365 Enterprise E5 subscription. Additionally, a Microsoft 365 E5 Compliance add-on license can be assigned to users for when per-user licensing is required for _____ features, as is the case for long-term retention of audit logs and access to crucial events for investigations.
Advanced Audit in M365
____ provides an end-to-end workflow to preserve, collect, review, analyze, and export content that's responsive to your organization's internal and external investigations. It also lets legal teams manage the entire legal hold notification workflow to communicate with custodians involved in a case. The built-in workflow aligns with the eDiscovery process outlined by the Electronic Discovery Reference Model (EDRM) which provides practical global resources to improve e-discovery, privacy, security, and information governance.
Advanced eDiscovery
What are included in M365 Enterprise E5 but not in M365 Enterprise E3?
Advanced threat protection, security and collaboration tools.
Which of the following are included in M365 Enterprise E5, but not in Microsoft Enterprise E3?
Advanced threat protection, security and collaboration tools. E5 includes all the same features as E3 plus the latest advanced threat protection, security and collaboration tools.
Which of the following are included in M365 Enterprise E5, but not in Microsoft Enterprise E3?
Advanced threat protection, security and collaboration tools. E5 includes all the same features as E3 plus the latest advanced threat protection, security and collaboration tools.
Which of the following are included in Microsoft 365 Enterprise E5, but not in Microsoft Enterprise E3?
Advanced threat protection, security, and collaboration tools E5 includes all of the same features as E3 plus the latest advanced threat protection, security, and collaboration tools.
Chat one-to-one or in groups - keep people informed, and get input. Eliminate email clutter including acknowledgments and putting multiple people on copy. Keep in-boxes clear for important messages. Encourage open discussion, asking questions and promoting thoughtful debate. Start a call or share screens to get things done faster. Messages are real-time, but don't interrupt your colleagues' work. So everyone can be productive. You can chat from your mobile device to keep in touch wherever you are. Useful files can be shared using Teams to keep everything close to hand.
Advantages of using chat in Microsoft Teams
Which of these is the correct list of SharePoint built-in workflows?
Approval, Collect Feedback, Collect Signatures, Publishing Approval, Three-state. SharePoint provides all these workflows to accelerate getting started with workflows.
Segment access by network, user, devices, and application. Use encryption to protect data, and use analytics to get visibility, detect threats, and improve your security.
Assume breach
Uses a public key and private key pair. Either key can encrypt data, but a single key can't be used to decrypt encrypted data. To decrypt, you need a paired key.
Asymmetric encryption
Refers to making data available to those who need it. It's important to the organization to keep customer data secure, but at the same time it must also be available to employees who deal with customers. While it might be more secure to store the data in an encrypted format, employees need access to decrypted data.
Availability
Is a cloud-based identity service that centralizes identity and access management across cloud and on-premises environments. It has built in support for synchronizing with your existing on-premises Active Directory or can be used stand-alone. This means that all your applications, whether on-premises, in the cloud, or even mobile can share the same credentials.
Azure AD
Features in this Azure AD service tier: Single Sign-on across Azure and Microsoft 365 Cloud Authentication (Pass-Through Auth, Password Hash sync, Seamless SSO) Azure AD Connect sync (extend on-premises directories to Azure AD) Self-Service Password Change for cloud users Azure AD Join: desktop SSO & administrator BitLocker recovery Password Protection (global banned password) Multi-Factor Authentication
Azure AD Free
_______ is used by Endpoint Manager for identity of devices, users, groups, and multi-factor authentication (MFA). _______ Premium, which may be an additional cost, has other features to help protect devices, apps, and data, including dynamic groups, auto-enrollment, and Conditional Access.
Azure Active Directory
Is used by Endpoint Manager for identity of devices, users, groups, and multi-factor authentication (MFA).
Azure Active Directory (AD)
Used by Endpoint Manager for identity of devices, users, groups, and multi-factor authentication (MFA).
Azure Active Directory (AD)
A cloud-based solution that helps an organization classify and optionally, protect its documents and emails by applying labels. Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations.
Azure Information Protection
____ is a cloud-based solution that helps an organization classify and optionally, protect its documents and emails by applying labels. Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations. Used to apply classification to documents and emails. When you do, the classification is identifiable regardless of where the data is stored or with whom it's shared. The labels can include visual markings such as a header, footer, or watermark. Metadata is added to files and email headers in cleartext. The clear text ensures that other services, such as data loss prevention solutions, can identify the classification and take appropriate action.
Azure Information Protection
You use ________________ to apply classification to documents and emails. When you do, the classification is identifiable regardless of where the data is stored or with whom it's shared. The ________________ can include visual markings such as a header, footer, or watermark. Metadata is added to files and email headers in cleartext. The clear text ensures that other services, such as data loss prevention solutions, can identify the classification and take appropriate action.
Azure Information Protection labels
Is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing alert detection, threat visibility, proactive hunting, and threat response.
Azure Sentinel: New name for Microsoft Threat Protection
______ is a service that allows users to connect to a Windows desktop running in the cloud. They enjoy all the benefits of Windows desktop and Microsoft 365 apps, without the overhead of installing software on the local device.
Azure Virtual Desktop
_______ on Surface lets you run Virtual Desktop Infrastructure (VDI) on a Surface device. _________ on Surface blurs the lines between the local desktop experience and the virtual desktop where touch, pen, ink, and biometric authentication span both physical and virtual environments.
Azure Virtual Desktop
Service that allows users to connect to a Windows desktop running in the cloud. Enjoy benefits of Windows desktop and M365 apps without the overhead of installing software on the local device. If you can't run something on your PC, you can run it on here...
Azure Virtual Desktop (AVD)
Lets you run Virtual Desktop Infrastructure (VDI) on a Surface device. Blurs the lines between the local desktop experience and the virtual desktop where touch, pen, ink, and biometric authentication span both physical and virtual environments. o Flexible form factors like 2-in-1 devices. o Persistent, on-demand, and just-in-time work scenarios. o Windows 10 modern device security and manageability.
Azure Virtual Desktop on Surface
GDPR stands for which of the following? a) General Data Privacy Regulation b) General Data Protection Regulation c) General Data Primary Regulation d) General Data Proposed Regulation
B) General Data Protection Regulation
§ Translating complicated regulations, standards, company policies, or other control frameworks into a simple language. § Providing access to a large variety of out-of-the-box assessments and custom assessments to help organizations with their unique compliance needs. § Mapping regulatory controls against recommended improvement actions. § Providing step-by-step guidance on how to implement the solutions to meet regulatory requirements. § Helping admins and users to prioritize actions that will have the highest impact on their organizational compliance by associating a score with each action.
Benefits of Compliance Manager
These 2 are the: _________ Personal productivity o Enable teamwork and simplify workflow § Connect, meet, call and connect business applications all in one places with Teams. o Stay productive on the go § Transition from computer to mobile devices with mobile apps o Get more done with AI-enabled tools § Fuel creativity, discover new insights, elevate search and get personalized assistance with built-in intelligence features. Organizational productivity o Harness organizational knowledge o Manage all your endpoints o Protect your business
Benefits of M365
Managed from the Microsoft 365 admin center. The options available and pricing associated with any account depend on your subscription and number of licensed users. Each service has a specified price that's typically rated on a per-user, per-month basis.
Billing in M365
Capability that includes simplified IT management with Microsoft Endpoint Manager, business process automation, extensibility with Teams and Power Platform, business voice and phone system with Teams, Forms and workflow management, business intelligence with Workplace Analytics, and work management with Project Online.
Business Management
What capability is this: Includes simplified IT management with Microsoft Endpoint Manager, business process automation, extensibility with Teams and Power Platform, business voice and phone system with Teams, Forms and workflow management, business intelligence with Workplace Analytics, and work management with Project Online.
Business management
_____ gives your organization the ability to automate time-intensive tasks, optimizing operations, and bringing a new level of efficiency to your organization. _______ allows your employees to use their skills for the jobs they were hired to do instead of routine tasks that may take up valuable time.
Business process automation
How can a PowerApps application be added to Microsoft Teams channel?
By creating a tab. These apps can be added directly to Teams by creating tabs for those apps. Apps can be accessed from the tabs
How can your administrators stay up to date with the health of your services when on the go?
By using the Admin App to view the health status. Your administrators can use the Admin App to view and stay up to date with the health status of the services on the go.
You are a security manager for your organization. You need to configure document classification. Which tool should you use? a) Classification explorer b) Azure Identity Protection c) Azure Information Protection d) Exchange Data Loss Prevention Policies
C) Azure Information Protection
A company experiences a Microsoft 365 outage that affects an entire region. You check the Service Health Dashboard and observe that the service is healthy. After the incident is resolved, you need to find information in Service Health Dashboard that describes what happened during the outage. What should you use? a) Message Center b) incident closure summary c) Post-Incident Review (PIR) d) service request
C) Post-Incident Review (PIR)
Prerequisites for OneDrive
Client and app requirements. Even though you can upload, download, and interact with your OneDrive files from a web browser, the ideal OneDrive experience comes from the Windows and Mac sync apps, and the iOS and Android mobile apps. With that in mind, OneDrive is available for most operating systems and browsers, and requires minimal hardware. License requirements. There are multiple methods by which you can acquire a license for OneDrive. However, a few OneDrive features are available only within certain licensing models. For info about the licensing requirements for OneDrive, its advanced features, and any special licensing required for them, see Office 365 plans.
Are cloud-based security solutions that provide a layer of security to enable oversight and control of activities and information across public and custom cloud SaaS apps and IaaS services. Are broken down into four key capability areas, including Shadow IT discovery, information protection, threat protection, and compliance.
Cloud Access Security Broker (CASB)
Are cloud-based security solutions that provide a layer of security to enable oversight and control of activities and information across public and custom cloud SaaS apps and IaaS services. Are broken down into four key capability areas, including Shadow IT discovery, information protection, threat protection, and compliance.
Cloud Access Security Broker (CASB)
Provides a pay-as-you-go subscription model for Windows 10 with per-user, per-month pricing that enables your business to scale up or down from month to month as your needs change.
Cloud Solution Provider (CSP)
Your subscription is provided through an expert _______ who can manage your whole Microsoft 365 subscription, licenses and settings, and provide tier 1 support.
Cloud Solution Provider (CSP) model
Your subscription is provided through an expert partner who can manage your whole Microsoft 365 subscription, licenses and settings, and provide tier 1 support.
Cloud solution provider model
Endpoint Manager comes in 3 parts:
Cloud, on-premises, and cloud + on premises. Cloud: All data is stored in Azure. And, no more data centers. This approach gives you the mobility benefits of the cloud, and the security benefits of Azure. On-premises: If you have an on-premises infrastructure that includes Configuration Manager, or aren't ready to use the cloud, then you can keep your existing systems. Cloud + on-premises: Many environments are mixed, and use a cloud-attach approach. Meaning they use a combination of cloud and on-premises. For new devices, use the benefits of Intune to access and protect data. If you use Configuration Manager, connect to the cloud for additional functionality and analytics. If you want to move some workloads to the cloud, then co-management is a good option.
Combines your existing on-premises Configuration Manager investment with the cloud using Intune and other Microsoft 365 cloud services. You choose whether Configuration Manager or Intune is the management authority for the seven different workload groups.
Co-management
When you enroll existing Configuration Manager clients in ______, you gain the following: Conditional access with device compliance Intune-based remote actions, for example: restart, remote control, or factory reset Centralized visibility of device health Link users, devices, and apps with Azure Active Directory (Azure AD) Modern provisioning with Windows Autopilot Remote actions
Co-management
_____ combines your existing on-premises Configuration Manager investment with the cloud using Intune and other Microsoft 365 cloud services. You choose whether Configuration Manager or Intune is the management authority for the seven different workload groups.
Co-management
_____ combines your existing on-premises Configuration Manager investment with the cloud using Intune and other Microsoft 365 cloud services. You choose whether Configuration Manager or Intune is the management authority for the seven different workload groups. As part of Endpoint Manager, _______ uses cloud features, including Conditional Access.
Co-management
A new admin has joined the team and needs to be able to access the M365 Compliance Center. Which of the following roles could the admin use to access the Compliance Center?
Compliance Administrator Role
A new admin has joined the team and needs to be able to access the Microsoft 365 Compliance Center. Which of the following roles could the admin use to access the Compliance Center?
Compliance Administrator Role This is one of the multiple roles you can use to access the Compliance Center.
A new admin has joined the team and needs to be able to access the M365 Compliance Center. Which of the following roles could the admin use to access the Compliance Center?
Compliance Administrator role.
____ is available to customers with a Microsoft 365 SKU with one of the following roles: Global administrator Compliance administrator Compliance data administrator
Compliance Center
Benefits of this are: § Translating complicated regulations, standards, company policies, or other control frameworks into a simple language. § Providing access to a large variety of out-of-the-box assessments and custom assessments to help organizations with their unique compliance needs. § Mapping regulatory controls against recommended improvement actions. § Providing step-by-step guidance on how to implement the solutions to meet regulatory requirements. § Helping admins and users to prioritize actions that will have the highest impact on their organizational compliance by associating a score with each action.
Compliance Manager
Is an end-to-end solution in Microsoft 365 compliance center to enable admins to manage and track compliance activities. Is a calculation of the overall compliance posture across the organization. The compliance score is available through this.
Compliance Manager
Provides many benefits, including: Translating complicated regulations, standards, company policies, or other control frameworks into a simple language. Providing access to a large variety of out-of-the-box assessments and custom assessments to help organizations with their unique compliance needs. Mapping regulatory controls against recommended improvement actions. Providing step-by-step guidance on how to implement the solutions to meet regulatory requirements. Helping admins and users to prioritize actions that will have the highest impact on their organizational compliance by associating a score with each action.
Compliance Manager
This helps simplify compliance and reduce risk by providing prebuilt assessments based on common regional and industry regulations and standards. Admins can also use custom assessment to help with compliance needs unique to the organization.
Compliance Manager
This tracks the following types of controls: · Microsoft-managed controls: controls for Microsoft cloud services, which Microsoft is responsible for implementing. · Your controls: sometimes referred to as customer-managed controls, these are implemented and managed by the organization. · Shared controls: responsibility for implementing these controls is shared by the organization and Microsoft.
Compliance Manager
___ tracks the following types of controls: Microsoft-managed controls: controls for Microsoft cloud services, which Microsoft is responsible for implementing. Your controls: sometimes referred to as customer-managed controls, these are implemented and managed by the organization. Shared controls: responsibility for implementing these controls is shared by the organization and Microsoft.
Compliance Manager
____ helps simplify compliance and reduce risk by providing: Prebuilt assessments based on common regional and industry regulations and standards. Admins can also use custom assessment to help with compliance needs unique to the organization. Workflow capabilities that enable admins to efficiently complete risk assessments for the organization. Step-by-step improvement actions that admins can take to help meet regulations and standards relevant to the organization. Some actions will also be managed for the organization by Microsoft. Admins will get implementation details and audit results for those actions. Compliance score, which is a calculation that helps an organization understand its overall compliance posture by measuring how it's progressing with improvement actions.
Compliance Manager
____ is an end-to-end solution in Microsoft 365 compliance center to enable admins to manage and track compliance activities. While _____ is a calculation of the overall compliance posture across the organization.
Compliance Manager Compliance Score Compliance Manager gives admins the capabilities to understand and increase their compliance score, so they can ultimately improve the organization's compliance posture and help it to stay in line with compliance requirements.
A customer has requested a presentation on how the Microsoft 365 Compliance Center can help improve their organization's compliance posture. The presentation will need to cover Compliance Manager and compliance score. What is the difference between Compliance Manager and compliance score?
Compliance Manager is an end-to-end solution in M365 Compliance Center to enable admins to manage and track compliance activities. Compliance score is a calculation of the overall compliance posture across the organization.
A customer has requested a presentation on how the Microsoft 365 Compliance Center can help improve their organization's compliance posture. The presentation will need to cover Compliance Manager and compliance score. What is the difference between Compliance Manager and compliance score?
Compliance Manager is an end-to-end solution in Microsoft 365 Compliance Center to enable admins to manage and track compliance activities. Compliance score is a calculation of the overall compliance posture across the organization. Compliance Manager provides admins with the capabilities to understand and improve their compliance score so that they can ultimately improve the organization's compliance posture and help it to stay in line with its compliance requirements.
Is calculated using scores that are assigned to actions. Actions come in two types: · Your improved actions: actions that the organization is expected to manage. · Microsoft actions: actions that Microsoft manages for the organization.
Compliance Score
Shows the compliance score, and will forward admins to the Compliance Manager where they can see a breakdown. Measures the progress in completing recommended improvement actions within controls. Helps an organization to understand its current compliance posture. It also helps an organization to prioritize actions based on their potential to reduce risk.
Compliance Score Card
Shows the compliance score, and will forward admins to the Compliance Manager where they can see a breakdown of the compliance score. Measures the progress in completing recommended improvement actions within controls. The score helps an organization to understand its current compliance posture. It also helps an organization to prioritize actions based on their potential to reduce risk.
Compliance score card
This card shows the compliance score, and will forward admins to the Compliance Manager where they can see a breakdown of the compliance score. Compliance score measures the progress in completing recommended improvement actions within controls. The score helps an organization to understand its current compliance posture. It also helps an organization to prioritize actions based on their potential to reduce risk.
Compliance score card
It spans Microsoft 365 services, including Intune, Microsoft 365, and Windows 10. It provides granular access to keep your corporate data secure while allowing users to do their best work from any device and from any location. Helps protect sensitive data by evaluating users, devices, apps, location, and assessing the risk before granting access. This helps ensure that only approved users and devices can access critical company resources. Multiple questions about conditional access. One was to the effect of: You want additional security around a federated third-party application, but not when you use outlook.
Conditional Access
It spans Microsoft 365 services, including Intune, Microsoft365, and Windows 10. It provides granular access to keep your corporate data secure while allowing users to do their best work from any device and from any location. Helps protect sensitive data by evaluating users, devices, apps, location, and assessing the risk before granting access. This helps ensure that only approved users and devices can access critical company resources.
Conditional Access
You want additional security around a federated third-party application, but not when you use outlook.
Conditional Access
_____ policies at their simplest are if-then statements. If a user wants to access a resource, then they must complete an action.
Conditional Access
Are if-then statements. If a user wants to access a resource, then they must complete an action.
Conditional Access policies
Provides a flexible set of policies that can be configured to provide granular control over the circumstances in which users can access an organization's resources.
Conditional access
When an access request is received, __________ uses signal information from the source of the request to build a context for determining the overall risk, which is used to make an informed decision as to whether the session request should be granted or revoked.
Conditional access
Is an on-premises management solution to manage desktops, servers, and laptops that are on your network or internet-based. You can cloud-enable it to integrate with Intune, Azure Active Directory (AD), Microsoft Defender ATP, and other cloud services. Use to deploy apps, software updates, and operating systems. You can also monitor compliance, query and act on clients in real time, and much more.
Configuration Manager
Is an on-premises management solution to manage desktops, servers, and laptops that are on your network or internet-based. You can cloud-enable it to integrate with Intune, Azure Active Directory (AD), Microsoft Defender ATP, and other cloud services. Use to deploy apps, software updates, and operating systems. You can also monitor compliance, query and act on clients in real time, and much more.
Configuration Manager
_____ is an on-premises management solution to manage desktops, servers, and laptops that are on your network or internet-based. You can cloud-enable it to integrate with Intune, Azure Active Directory (AD), Microsoft Defender ATP, and other cloud services.
Configuration Manager
_____ is an on-premises management solution to manage desktops, servers, and laptops that are on your network or internet-based. You can cloud-enable it to integrate with Intune, Azure Active Directory (AD), Microsoft Defender ATP, and other cloud services. Use to deploy apps, software updates, and operating systems. You can also monitor compliance, query and act on clients in real time, and much more.
Configuration Manager
When using Windows Autopilot to configure a user's device, which of the following statements describe the only interaction required from the end user?
Connect to a network and verify their credentials. From the IT pro's perspective, the only interaction required from the end user is to connect to a network and to verify their credentials. Everything beyond that is automated.
A way for your users to subscribe to receive alerts and information from your web services.
Connectors
Which extensibility feature of MS Teams allows for applications like GitHub to be integrated into a Teams channel?
Connectors. Use connectors for third-party apps like GitHub, BitBucket, Salesforce and more.
Which extensibility feature of Microsoft Teams allows for applications like GitHub to be integrated into a Teams channel?
Connectors. Use connectors for third-party apps like GitHub, Bitbucket, Salesforce, and more.
Your new colleagues on the admin team are unfamiliar with the concept of shared controls in Compliance Manager. How would the concept of shared controls be explained?
Controls that both your organization and Microsoft share responsibility for implementing. Compliance manager evaluates Microsoft's and your company's controls.
Subcategory for Compliance Score - Corrective actions:
Corrective actions help admins to minimize the adverse effects of security incidents, by undertaking corrective measures to reduce their immediate effect or possibly even reverse damage.
When organizations consider cloud solutions, they usually focus on three areas:
Cost Security/reliability and compliance Functionality
If application compatibility testing isn't a significant concern, and if your users need the newest features of Microsoft 365 Apps as soon as they are available. What channel should you choose for your organization?
Current Channel
Which channel for your organization: If application compatibility testing isn't a significant concern, and if your users need the newest features of Microsoft 365 Apps as soon as they are available.
Current Channel
Types of updates for Microsoft 365 Apps
Current Channel, which receives feature updates approximately every month. Monthly Enterprise Channel, which receives feature updates once a month, on the second Tuesday of the month. Semi-Annual Channel (Preview), which receives feature updates in March and September. This is typically used for pilot users and application compatibility testers. Semi-Annual Enterprise Channel, which receives feature updates every six months, in January and July.
Types of updates for M365 apps + when is it used + do all your users need to be on the same update channel?
Current channel: receives feature updates approx. every month. For businesses where they need the newest features ASAP. Monthly Enterprise Channel: receives feature updates once a month, on second Tuesday of the month. Used when you need a predictable schedule for monthly updates. Semi-annual channel (preview): receives feature updates in March and September. Typically used for pilot users and application compatibility testers. Semi-annual enterprise channel: receives feature updates every six months in January and July. Used for orgs that have add-ins, macros that need to be tested. No - not all users in your organization need to be on the same update channel. All updates are provided/installed at the same time.
Supports requests to access data in Exchange Online, SharePoint Online, and OneDrive for Business. Ensures that Microsoft can't access your content to perform a service operation without your explicit approval. Brings you into the approval workflow for requests to access your content.
Customer Lockbox
Identity and director infrastructure Applications Network controls O/S Responsibility falls to customer when... To MS when...
Customer: IaaS and On-prem (fully the customer) MS: SaaS and PaaS (mixed depending on model)
Microsoft 365 Activity Reports are accessed through which interface? a) Security & Compliance Center b) SharePoint Admin Center c) Report Center d) Microsoft 365 Admin Center
D) Microsoft 365 Admin Center
Designed to protect sensitive information and prevent its inadvertent disclosure and is implemented through policies.
DLP
What type of policy can be used to identify, monitor, and automatically protect sensitive information across O365?
DLP policies
What type of policy can be used to identify, monitor, and automatically protect sensitive information across Office 365?
Data Loss Prevention policies identify, monitor, and automatically protect sensitive information across Office 365.
What is the main benefit of Azure Information Protection?
Data classification labels are identifiable regardless of where the data is stored (or who it is shared with).
What is the main benefit of Azure Information Protection?
Data classification labels are identifiable regardless of where the data is stored. Azure Information Protection keeps the data classification label regardless of where the data is stored, or who it is shared with.
Provides snapshots of how sensitive info and labels are being used across your organization's locations.
Data classification portal
What type of policy can be used to identify, monitor, and automatically protect sensitive information across O365?
Data loss prevention policies
Allows Windows 10 clients to source content from other devices on their local network that have already downloaded the updates, or from peers over the internet.
Delivery Optimization
2 peer-to-peer options for content distribution
Delivery Optimization BranchCache
_____ allows Windows 10 clients to source content from other devices on their local network that have already downloaded the updates, or from peers over the internet.
Delivery optimization
When deploying Microsoft 365, to users without Internet access, which deployment method should you use?
Deploy Microsoft 365 Apps from a local source does not require users to have an Internet connection.
Groups of devices that are used to pilot new features, before they are deployed to the rest of the organization.
Deployment rings
______ are groups of devices that are used to pilot new features, before they are deployed to the rest of the organization.
Deployment rings
Is a cloud-based service that integrates with Configuration Manager. It provides insight and intelligence for you to make more informed decisions about the update readiness of your Windows clients. The service combines data from your organization with data aggregated from millions of devices connected to the Microsoft cloud. It provides information on security updates, apps, and devices in your organization, and identifies compatibility issues with apps and drivers. Create a pilot for devices most likely to provide the best insights for assets across your organization.
Desktop Analytics
_____ is a cloud-based service that integrates with Configuration Manager. It provides insight and intelligence for you to make more informed decisions about the update readiness of your Windows clients. The service combines data from your organization with data aggregated from millions of devices connected to the Microsoft cloud. It provides information on security updates, apps, and devices in your organization, and identifies compatibility issues with apps and drivers. Create a pilot for devices most likely to provide the best insights for assets across your organization.
Desktop Analytics
_______ is a cloud-based service that integrates with Configuration Manager. It provides insight and intelligence for you to make more informed decisions about the update readiness of your Windows clients. The service combines data from your organization with data aggregated from millions of devices connected to the Microsoft cloud.
Desktop Analytics
Subcategory for Compliance Score - Detective actions:
Detective actions actively monitor systems to identify irregularities that could represent risks, or that can be used to detect breaches or intrusions. Examples of these types of actions are system access audits, or regulatory compliance audits.
Includes Windows Enterprise, Microsoft 365 Admin Center, Microsoft Intune, Windows Autopilot, Windows Analytics Device Health, and Microsoft Endpoint Configuration Manager.
Device and app management
Compliance Score: _______ rely upon users to understand and adhere to a policy. For example, a policy requiring users to lock their computer when they leave it is a discretionary action because it relies on the user.
Discretionary actions
M365 Enterprise plan: § Productivity apps combined with core security and compliance capabilities for your enterprise ($32/user/month with annual commitment) · No: meetings and voice (teams), advanced analytics, identity and access management, threat protection, information protection, compliance management
E3
M365 for Enterprise o Partial: Meetings and voice, Advanced analytics, Identity and access management, Threat protection, Information protection o No: Advanced compliance
E3
Which M365 Enterprise Plan: Productivity apps combined with core security and compliance capabilities for your enterprise ($32/user/month with annual commitment) · No: meetings and voice (teams), advanced analytics, identity and access management, threat protection, information protection, compliance management
E3
Which M365 for Enterprise? o Partial: Meetings and voice, Advanced analytics, Identity and access management, Threat protection, Information protection o No: Advanced compliance
E3
3 plans of M365 Enterprise
E3: Productivity apps combined with core security and compliance capabilities for your enterprise ($32/user/month with annual commitment) E5: all same features as E3 plus latest advanced threat protection, security and collaboration tools. ($57/user/month with annual commitment) F3: (fka F1): designed for Firstline workers through purpose-built tools and resources that allow them to do their best work. ($8/user/month with annual commitment) · No: email and calendar, meetings and voice (teams), advanced analytics, identity and access management, threat protection, information protection, compliance management.
M365 Enterprise plan: all same features as E3 plus latest advanced threat protection, security and collaboration tools. ($57/user/month with annual commitment)
E5
Which of the following are included in Microsoft 365 Enterprise E5, but not in Microsoft Enterprise E3?
E5 includes all of the same features as E3 plus the latest advanced threat protection, security, and collaboration tools.
_________is a digital platform that puts people at the center by bringing together systems of work with systems of support into an integrated employee experience. It provides people with the resources and support they need to succeed and thrive, no matter their location.
EXP (Employee Experience Platforms)
The human resources organization wants to ensure that stored employee data is encrypted. Which security mechanism would they use?
Encryption at rest could be part of a security strategy to protect stored employee data.
Eventually older products can no longer be supported and these products will reach the _____. Once a product reaches _____ it will no longer receive updates.
End of support
Combines services you may know and already be using, including Microsoft Intune, Configuration Manager, Desktop Analytics, co-management, Microsoft Defender, and Windows Autopilot. These services are part of the Microsoft 365 stack to help secure access, protect data, and respond and manage risk.
Endpoint Manager
Includes the following services: Microsoft Intune, Configuration Manager, Co-management, Desktop Analytics, Windows Autopilot, Azure AD, Endpoint Manager admin center.
Endpoint Manager
Is a one-stop web site to create policies and manage your devices. It plugs-in other key device management services, including groups, security, conditional access, and reporting. This also shows devices managed by Configuration Manager and Intune (in preview).
Endpoint Manager Admin Center
_____ is a one-stop web site to create policies and manage your devices. It plugs-in other key device management services, including groups, security, conditional access, and reporting. This admin center also shows devices managed by Configuration Manager and Intune (in preview).
Endpoint Manager admin center
_________ is a one-stop web site to create policies and manage your devices. It plugs-in other key device management services, including groups, security, Conditional Access, and reporting. This admin center also shows devices managed by Configuration Manager and Intune (in preview).
Endpoint Manager admin center
There are two main paths to reach to co-management:
Existing Configuration Manager clients: You have Windows 10 devices that are already Configuration Manager clients. You set up hybrid Azure AD, and enroll them into Intune. New internet-based devices: You have new Windows 10 devices that join Azure AD and automatically enroll to Intune. You install the Configuration Manager client to reach a co-management state.
M365 for Enterprise o Partial: Office mobile apps and Office for web only, Meetings and voice, Identity and access management, Threat protection, Information protection. o No: Advanced analytics, Advanced Compliance
F3
Which M365 Enterprise Plan: § designed for Firstline workers through purpose-built tools and resources that allow them to do their best work. ($8/user/month with annual commitment) · No: email and calendar, meetings and voice (teams), advanced analytics, identity and access management, threat protection, information protection, compliance management
F3
Which M365 for Enterprise? o Partial: Office mobile apps and Office for web only, Meetings and voice, Identity and access management, Threat protection, Information protection. o No: Advanced analytics, Advanced Compliance
F3
Is an open standard for passwordless authentication. Allows users and organizations to leverage the standard to sign in to their resources without a username or password using an external security key or a platform key built into a device.
FIDO2
The below are: o Business requirements. o Environment considerations. o Amount of administrative control needed. o Network capacity. o Current deployment capabilities.
Factors to deploy Windows 10
Differences between M365 Family and M365 Personal
Family: 2-6 people Up to 6TB Microsoft Family Safety mobile app Personal: 1 person 1TB
Your organization is connected with dedicated Microsoft engineers, project managers, and resources to help deploy Microsoft 365 services and resolve issues along the way
FastTrack
Are released 2x/year (more frequent but smaller) and the benefits include: § There is less disruption and effort to apply. § Users are more productive with earlier access to new Windows features. § Users take less time to adapt to smaller changes. § The workload and cost impact of updating Windows is reduced.
Feature Updates
Are released twice per year, around March and September. As the name suggests, these updates add new features to Windows 10, delivered in bite-sized chunks compared to the previous practice of Windows releases every 3-5 years.
Feature Updates
2 types of updates for Windows-as-a-Service:
Feature Updates and Quality Updates. Feature updates are released twice a year. Because these updates are more frequent, they are smaller. This gives you a number of benefits: There is less disruption and effort to apply new features. Users are more productive with earlier access to new Windows features. Users take less time to adapt to smaller changes. The workload and cost impact of updating Windows is reduced. Quality updates include fixes and security patches. These are usually issued once a month. In addition, a cumulative update is released that includes all previous updates. There are several benefits from monthly quality updates: Identified security issues are fixed and deployed quickly, helping to keep devices secure. Everyone receives security fixes regularly, keeping all devices aligned.
What are these: Known folder move Files on-demand Modern attachments Real-time team collaboration Files restore Recycle bin Auditing and reporting Encryption of data in transit and at rest Customer-controlled encryption keys M365 customer lockbox Multi-geo storage locations Government cloud
Features of OneDrive
Which of the following statements describes the types of sites that can be created from the SharePoint home page?
From the SharePoint home screen, you can create Team sites or Communication sites.
Phase in the product/service/lifecycle: It's the release version and is fully supported. Products and services have been through a full development and test lifecycle to ensure stability and reliability. With Microsoft 365, new features are added to the products and services periodically. It's useful for IT developers, and administrators, to be aware of preview features before they have their release.
General availability (GA)
When a product or service is ____, it's the release version and is fully supported. Products and services have been through a full development and test lifecycle to ensure stability and reliability. With Microsoft 365, new features are added to the products and services periodically. It's useful for IT developers, and administrators, to be aware of preview features before they have their release.
General availability (GA)
When a product or service is ____, it's the release version and is fully supported. ____ products and services have been through a full development and test lifecycle to ensure stability and reliability. With Microsoft 365, new features are added to the products and services periodically. It's useful for IT developers, and administrators, to be aware of preview features before they have their _____ release. Organizations can then educate users about these new features and ensure products are used optimally.
General availability (GA)
Verify explicitly. Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies. Use the least privileged access. Limit user access with Just-In-Time and Just Enough Access (JIT/JEA), risk-based adaptive policies, and data protection to protect both data and productivity. Assume breach. Minimize blast radius for breaches and prevent lateral movement by segmenting access by network, user, devices, and application. Verify all sessions are encrypted end to end. Use analytics to get visibility, drive threat detection, and improve defenses.
Guiding principles of Zero Trust
How does Microsoft's 365 records management solution help organizations meet their regulatory and legal obligations?
Helping organizations be more efficient by disposing of documents and data that are no longer required.
How does Microsoft's 365 records management solution help organization meet their regulatory and legal obligations?
Helping organizations be more efficient by disposing of documents and data that are no longer required. Microsoft 365 Records management helps organizations to be more efficient by disposing of documents and data that are no longer required.
Is a combination of cloud services with on-premises services to support your IT needs
Hybrid
It connects on-premises resources to the cloud, effectively making the new cloud services an extension of your on-premises infrastructure. The hybrid cloud model lets you extend capabilities or features that aren't available in your existing on-premises systems (like mobility and productivity) to your infrastructure.
Hybrid Cloud Model
Uses accounts that originate in an on-premises Active Directory Domain System (AD DS) and have been transferred or copied in the Azure AD tenant of a Microsoft 365 subscription.
Hybrid Identity
If you currently use OneDrive or MySites in SharePoint Server on-premises, we highly recommend deploying.... Users are redirected from their on-premises ____ to ____ in Microsoft 365. _____ allows for seamless navigation to _____ in the cloud from both SharePoint on-premises and Microsoft 365.
Hybrid OneDrive
A _____ migration lets you keep critical resources on-premises while also working with cloud services. It connects on-premises resources to the cloud, effectively making the new cloud services an extension of your on-premises infrastructure. The _____ model lets you extend capabilities or features that aren't available in your existing on-premises systems (like mobility and productivity) to your infrastructure.
Hybrid cloud
Lets you keep critical resources on-premises while also working with cloud services. It connects on-premises resources to the cloud, effectively making the new cloud services an extension of your on-premises infrastructure. Lets you extend capabilities or features that aren't available in your existing on-premises systems (like mobility and productivity) to your infrastructure.
Hybrid cloud
______ migration lets you keep critical resources on-premises while also working with cloud services.
Hybrid cloud
Can I only customize the reports from the Power BI web interface?
In addition to customizing the reports from the Power BI web interface, users can also use Power BI Desktop to connect directly to the Microsoft 365 reporting service to build their own reports.
Upgrade a device's operating system without reinstalling. You can migrate apps, user data, and settings from one version of Windows to another (like going from Windows 8.1 to Windows 10). You can also update from one release of Windows 10 to the next (like going from Windows 10, version 1803, to Windows 10, version 1809).
In-place upgrade
Threat protection
Includes Microsoft Advanced Threat Analytics and Windows Defender Antivirus and Device Guard. Microsoft 365 E5 also includes Microsoft Defender Advanced Threat Protection, Microsoft 365 Advanced Threat Protection, and Azure Advanced Threat Protection.
Security management
Includes Microsoft Secure Score and Microsoft Security and Compliance Center.
Files and content
Includes OneDrive, Stream, and Sway.
Device and app management
Includes Windows Enterprise, Microsoft 365 Admin Center, Microsoft Intune, Windows Autopilot, Windows Analytics Device Health, and Microsoft Endpoint Configuration Manager.
Identity and access management
Includes Windows Hello, Credential Guard, and Direct Access, and Azure Active Directory Premium plan 1. Microsoft 365 E5 also includes Azure Active Directory Premium plan 2.
Information protection
Includes Windows Information Protection and BitLocker and Azure Information Protection P1. Microsoft 365 E5 and E3 subscriptions also include Microsoft 365 data loss prevention. Microsoft 365 E5 further includes Azure Information Protection P2 and Cloud App Security.
WaaS - Quality Updates
Includes fixes and security patches. Usually issued once a month. Cumulative update is released that includes all previous updates. Benefits from monthly quality updates include: § Identified security issues are fixed and deployed quickly, helping to keep devices secure. § Everyone receives security fixes regularly, keeping all devices aligned.
_____ are policies that an admin can configure to prevent individuals or groups from communicating with each other. When in place, people who shouldn't communicate with other specific users won't be able to find, select, chat, or call those users. Checks are in place to prevent unauthorized communication.
Information barriers (IB)
What are information barriers (IB)?
Information barriers are policies that an admin can configure to prevent individuals or groups from communicating with each other.
Is about being able to intelligently govern data across your environment, to reduce risk. Includes: Manage data, monitor data, manage inactive mailboxes, records management
Information governance
Includes Windows Information Protection and BitLocker and Azure Information Protection P1. Microsoft 365 E5 and E3 subscriptions also include Microsoft 365 data loss prevention. Microsoft 365 E5 further includes Azure Information Protection P2 and Cloud App Security.
Information protection
Refers to keeping data or messages correct. When you send an email message, you want to be sure that the message received is the same as the message you sent. When you store data in a database, you want to be sure that the data you retrieve is the same as the data you stored. Encrypting data keeps it confidential, but you must then be able to decrypt it so that it's the same as before it was encrypted. Integrity is about having confidence that data hasn't been tampered with or altered.
Integrity
A cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). Enables users to be productive while keeping your organization data protected. It integrates with other services, including Microsoft 365 and Azure Active Directory (Azure AD) to control who has access, and what they have access to, and Azure Information Protection for data protection. When you use it with Microsoft 365, you can enable your workforce to be productive on all their devices, while keeping your organization's information protected. o Choose to be 100% cloud with Intune or be co-managed with Configuration Manager and Intune o Set rules and configure settings on personal and organization owned devices to access data and networks o Deploy and authenticate apps on devices o Protect your company info by controlling the way users access and share info o Be sure devices and apps are compliant with security requirements
Intune
Is an MDM and MAM provider for your devices. Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). Is integrated as part of the Microsoft Endpoint Manager in Microsoft 365, and enables users to be productive while keeping your organization data protected. It integrates with other services, including Microsoft 365 and Azure Active Directory (Azure AD) to control who has access, and what they have access to, and Azure Information Protection for data protection. When you use it with Microsoft 365, you can enable your workforce to be productive on all their devices, while keeping your organization's information protected.
Intune
Processes certificate requests from devices that use certificates for authentication and S/MIME email encryption.
Intune Certificate Connector
Adds entries to your on-premises Active Directory domain for computers that enroll using Windows Autopilot.
Intune Connector for AD
Allows (or blocks) device access to your Exchange servers if devices are enrolled in Intune, and compliant with your policies.
Intune Exchange Connector
Allows (or blocks) device access to your Exchange servers if devices are enrolled in Intune, and compliant with your policies.
Intune Exchange connector
Processes certificate requests from devices that use certificates for authentication and S/MIME email encryption.
Intune certificate connector
What is the main benefit of Workplace Analytics?
It helps the organization to understand how groups collaborate. Workplace Analytics helps you understand how your organization invests its time by giving you insight into how groups collaborate across the organization.
What is the main benefit of Workplace Analytics?
It helps the organization to understand how groups collaborate. Workplace Analytics helps you understand how your organization invests its time by giving you insight into how groups collaborate across the organization.
With the cloud solution provider (CSP) model, who provides your subscription?
It is provided by a CSP partner With the cloud solution provider (CSP) model, your subscription is provided through an expert CSP partner
Limit user access with just-in-time and just-enough access (JIT/JEA), risk-based adaptive policies, and data protection to protect both data and productivity.
Least privilege access
Azure AD tier that: includes all the free features plus identity, self-service password reset, and device write-back (two-way synchronization between on-premises directories and Azure)
M365
Azure AD service tier that includes all the free features plus identity, self-service password reset, and device write-back (two-way synchronization between on-premises directories and Azure)
M365 Apps
Includes the Microsoft productivity suite of applications, such as Word, Excel, PowerPoint, Outlook, and Teams for both Windows and Mac devices. It isn't just a web-based version of Office - instead it's a full version of Office that your users install and run on all their devices. The Office applications that come with it are fully compatible with the on-premises or online versions of Exchange Server or SharePoint Server.
M365 Apps
Is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.
M365 Defender
____ is available for educational organizations and empowers educators to unlock creativity, promote teamwork, and provide a simple and safe experience in a single, affordable solution built for education. Academic licenses can be tailored to fit any institution's needs, including productivity and security solutions for faculty, staff, and students.
M365 Education
E3, E5, and F3 (formerly F1)
M365 Enterprise E5 includes all of the same features as E3 plus the latest advanced threat protection, security, and collaboration tools. F3 is designed for Firstline Workers through purpose-built tools and resources that allow them to do their best work.
The licensing options for M365: The features are the same, but Microsoft 365 Personal is for one person with multiple devices, whereas Microsoft 365 Family is for up to six people with multiple devices.
M365 Home
____ exists to bring the same great productivity benefits into your personal and family life.
M365 Home
Uses data from how people are currently working to identify areas where they might be more productive. There are a variety of metrics to help you understand your organization's data and working practices.
M365 Workplace Analytics
______ uses data from how people are currently working to identify areas where they might be more productive. Identifies collaboration patterns that may impact productivity, workforce effectiveness, and employee engagement. Has been designed to help organizations identify trends across countries, departments, or teams. Organizational culture plays a large part in how we work. Organizations can identify working patterns across similar groups, and consider changes that might help people work more effectively.
M365 Workplace Analytics
Designed for IT professionals to manage the organization's M365 subscription. It is a cloud service that allows you to carry out a variety of tasks, such as adding and removing users, managing licenses, resetting passwords, and viewing reports.
M365 admin center
_____ is designed for IT professionals to manage the organization's M365 subscription. It is a cloud service that allows you to carry out a variety of tasks, such as adding and removing users, managing licenses, resetting passwords, and viewing reports.
M365 admin center
Designed for small and medium sized organizations (M365)
M365 for Business
M365: A1, A3, A5 Office365: A1, A3, A5 Enterprise Mobility + Security: A3, A5 Windows 11: A3, A5
M365 for Education M365 apps Email, calendar, and scheduling Social, intranet and storage Meetings, calling and chat Classroom tools Knowledge, insights and content Automation, app building and chatbots Viva learning Project and task management Analytics Threat Protection Endpoint and app management Identity and access management Information governance Information Protection Ediscovery and auditing Insider risk management Windows Security and Compliance Microsoft Viva Content Services Team Services Storage Power platform Other https://edudownloads.azureedge.net/msdownloads/Microsoft-Modern-Work-Plan-Comparison-Education_11-2021.pdf
This subscription includes Microsoft Azure Active Directory P1 to create and manage user and group accounts.
M365 for business
What M365 subscription option is appropriate for companies under 300 employees?
M365 for business
Which of the following M365 subscription option is appropriate for companies with under 300 employees?
M365 for business
The licensing options for M365: Microsoft 365 for business, for small to medium sized organizations, and Microsoft 365 for enterprise, for enterprise sized organizations.
M365 for organizations
E3
M365 plan: Productivity apps combined with core security and compliance capabilities for your enterprise No: meetings and voice (teams), advanced analytics, identity and access management, threat protection, information protection, compliance management $32/user/month with annual commitment
E5
M365 plan: All same features as E3 plus latest advanced threat protection, security and collaboration tools. $57/user/month with annual commitment
Classification in Compliance Score: These actions shouldn't be bypassed. For example, creating a policy to set requirements for password length or expiration. These actions depend on the users understanding and adhering to a policy. For example, a policy where users are required to ensure their devices are locked before they leave them.
Mandatory Discretionary
These action types have points assigned to them that count towards the compliance score.
Mandatory - these actions shouldn't be bypassed. For example, creating a policy to set requirements for password length or expiration. Discretionary - these actions depend on the users understanding and adhering to a policy. For example, a policy where users are required to ensure their devices are locked before they leave them.
Designed for IT professionals to manage the organization's M365 subscription. It is a cloud service that allows you to carry out a variety of tasks, such as adding and removing users, managing licenses, resetting passwords, and viewing reports.
Microsoft 365 Admin Center
Are available in both for business and for enterprise subscriptions. The version of _____ will differ dependent on your subscription type, but the apps are the same.
Microsoft 365 Apps
Protects: identities with Microsoft Defender for Identity (MSDI), Endpoints with Microsoft Defender for Endpoint (MSDE), Applications with Microsoft Cloud App security (MCAS), and email and collaboration with Microsoft Defender for Office 365 (MSDO)
Microsoft 365 Defender Suite
Advanced analytics
Microsoft 365 E5 includes MyAnalytics and Power BI Pro. E3 subscriptions include MyAnalytics.
_____ is a service that works with the Microsoft 365 tools you use already so you can collaborate with your teammates when writing documents, creating spreadsheets, working on project plans, scheduling meetings, or sending emails.
Microsoft 365 Groups
The new home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure. Here you can easily view the security health of your organization, act to configure devices, users, and apps, and get alerts for suspicious activity. The Microsoft 365 security center is specifically intended for security admins and security operations teams to manage and better protect their organization.
Microsoft 365 Security Center
Which of the portals below allows modifying the payment method and frequency of a Microsoft 365 subscription?
Microsoft 365 admin center You modify the payment method and frequency of your Microsoft 365 subscription in the Microsoft 365 admin center.
Microsoft 365 has two categories of subscription for organizations:
Microsoft 365 for business, for small to medium sized organizations Microsoft 365 for enterprise, for enterprise sized organizations.
How does Microsoft 365 reduce the total cost of risk?
Microsoft 365 reduce the total cost of risk by improving security.
The new home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure. Here you can easily view the security health of your organization, act to configure devices, users, and apps, and get alerts for suspicious activity. Is specifically intended for security admins and security operations teams to manage and better protect their organization.
Microsoft 365 security center
To gain insights on how your organization is adopting the various services within Microsoft 365. You can visualize and analyze data, create custom reports and share the insights within your organization. You can also gain insights into how specific regions or departments are using Microsoft 365. Gives you access to a pre-built dashboard that provides a cross-product view of the last 12 months and contains a number of pre-built reports.
Microsoft 365 usage analytics
______ works with any account that uses two-factor verification and supports the time-based one-time password (TOTP) standards.
Microsoft Authenticator app
A scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Delivers intelligent security analytics and threat intelligence across the enterprise, providing alert detection, threat visibility, proactive hunting, and threat response.
Microsoft Azure Sentinel
Is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Delivers intelligent security analytics and threat intelligence across the enterprise, providing alert detection, threat visibility, proactive hunting, and threat response.
Microsoft Azure Sentinel
A web-based appointment scheduling system that integrates with Outlook to provide your customers with the means to book an appointment with members of your staff.
Microsoft Bookings
The 3 primary components of this are... A booking page where your customers and clients can schedule appointments with a staff member. This web-based scheduling page can be shared via a direct link, your Facebook page, and even through link embedding within your website. A web-based, business-facing page where Bookings calendar owners and administrators within an organization can define appointment types and details, manage staff schedules and availability, set business hours, and customize how appointments are scheduled. A business-facing mobile app where Bookings calendar owners and administrators can see all of their appointments, access customer lists and contact information, and make manual bookings on the go.
Microsoft Bookings
___ is a web-based appointment scheduling system that integrates with Outlook to provide your customers with the means to book an appointment with members of your staff. Automated notification emails reduce no-shows and enhance customer satisfaction.
Microsoft Bookings
Is a web-based appointment scheduling system that integrates with Outlook to provide your customers with the means to book an appointment with members of your staff. Has 3 primary components:
Microsoft Bookings Components: A booking page, a web-based business-facing page, business-facing mobile app
A Cloud Access security broker (CASB). It operates as an intermediary between a cloud user and the cloud provider, to provide rich visibility to your cloud services, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services.
Microsoft Cloud App Security (MCAS)
A user-based subscription service that provides rich visibility and control over data travel and sophisticated analytics to identify and combat cyberthreats across all your cloud services. Is a Cloud Access Security Broker (CASB).
Microsoft Cloud App Security (MCAS)
Built on a framework that provides the following capabilities: § Discover and control the use of Shadow IT § Protect your sensitive information anywhere on the cloud § Protect against cyberthreats and anomalies § Assess the compliance of your cloud apps
Microsoft Cloud App Security (MCAS)
What framework provides: § Discover and control the use of Shadow IT § Protect your sensitive information anywhere on the cloud § Protect against cyberthreats and anomalies § Assess the compliance of your cloud apps
Microsoft Cloud App Security (MCAS)
___ is a user-based subscription service that provides rich visibility and control over data travel and sophisticated analytics to identify and combat cyberthreats across all your cloud services. Which is powered by native integrations with industry-leading security and identity solutions, including Azure Active Directory, Intune, and Azure Information Protection, identifies and combats these threats by operating as an intermediary, or broker, between a cloud user and the cloud provider.
Microsoft Cloud App Security (MCAS)
o Discover and control the use of Shadow IT: Identify the cloud apps, IaaS, and PaaS services used by your organization, some of which may not even be known or controlled by the IT department. Investigate usage patterns, assess the risk levels and business readiness of more than 16,000 SaaS apps against more than 80 risks. o Protect your sensitive information anywhere in the cloud: Understand, classify, and protect the exposure of sensitive information at rest. Leverage out-of-the-box policies and automated processes to apply controls in real time across all your cloud apps. o Protect against cyberthreats and anomalies: Detect unusual behavior across cloud apps to identify ransomware, compromised users or rogue applications, analyze high-risk usage, and remediate automatically to limit the risk to your organization. o Assess the compliance of your cloud apps: Assess if your cloud apps meet relevant compliance requirements, including regulatory compliance and industry standards. Prevent data leaks to non-compliant apps and limit access to regulated data.
Microsoft Cloud App Security (MCAS) and Cloud Access Security Broker (CASB) Framework
Which of the following is a Cloud Access Security Broker that supports various deployment modes including log collection, API connectors, and reverse proxy?
Microsoft Cloud App Security is a Cloud Access Security Broker that supports various deployment modes including log collection, API connectors, and reverse proxy.
Which of the following is a Cloud Access Security Broker that supports various deployment modes including log collection, API connectors, and reverse proxy?
Microsoft Cloud App Security.
____ is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps. Is a Cloud Access security broker (CASB). It operates as an intermediary between a cloud user and the cloud provider, to provide rich visibility to your cloud services, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services.
Microsoft Cloud App security (MCAS)
Is a feature in the Microsoft 365 compliance center that helps admins to manage an organization's compliance requirements with greater ease and convenience. Can help organizations throughout their compliance journey, from taking inventory of data protection risks, to managing the complexities of implementing controls, staying current with regulations and certifications, and reporting to auditors.
Microsoft Compliance Manager
___ is a feature in the Microsoft 365 compliance center that helps admins to manage an organization's compliance requirements with greater ease and convenience. Can help organizations throughout their compliance journey, from taking inventory of data protection risks, to managing the complexities of implementing controls, staying current with regulations and certifications, and reporting to auditors.
Microsoft Compliance Manager
New name for Office 365 Advanced Threat Protection Safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools, including Microsoft Teams, SharePoint Online, OneDrive for Business, and other Office clients.
Microsoft Defender for 0365
____ is a unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response. Is a platform designed to help enterprise networks protect endpoints, by preventing, detecting, investigating, and responding to advanced threats.
Microsoft Defender for Endpoint (MSDE)
Which service integrates with MCAS to discover cloud app usage beyond the corporate network?
Microsoft Defender for Endpoint is used to discover cloud app usage beyond the corporate network.
____ uses Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
Microsoft Defender for Identity (MSDI)
Which of the following is a cloud-based security solution that identifies, detects, and helps to investigate advanced threats, compromised identities, and malicious insider actions directed at your organization?
Microsoft Defender for Identity (MSDI) is a cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
Which of the following is a cloud-based security solution that identifies, detects and helps to investigate advanced threats, compromised identities, and malicious insider actions directed at your organization?
Microsoft Defender for Identity (MSDI). MSDI is a cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
____ safeguards your organization against malicious threats by detecting, investigating, and responding to attacks across email and other collaboration vectors like Microsoft Teams, SharePoint Online, and OneDrive for Business and Office clients. Safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools, including Microsoft Teams, SharePoint Online, OneDrive for Business, and other Office clients.
Microsoft Defender for Office 365
Comes in 2 flavors: § Plan 1: · Configuration, protection and detection capabilities · Safe attachments · Safe links · ATP for SharePoint, OneDrive, and Microsoft Teams · ATP anti-phishing protection · Real-time detections § Plan 2: · Includes Plan 1 plus automation, investigation, remediation and education capabilities · Threat trackers · Threat explorer · Automated investigation and response · Attack simulator
Microsoft Defender for Office 365 (MSDO)
Safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools, including Microsoft Teams, SharePoint Online, OneDrive for Business, and other Office clients.
Microsoft Defender for Office 365 (MSDO)
What includes: § Threat protection policies § Reports § Threat investigation and response capabilities § Automated investigation and response capabilities
Microsoft Defender for Office 365 (MSDO)
Which of the following safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools?
Microsoft Defender for Office 365 (MSDO)
This includes the following: Configuration, protection, and detection capabilities: Safe Attachments - checks email attachments for malicious content. Safe Links - Links are scanned for each click: safe links remain accessible and malicious links are dynamically blocked. ATP for SharePoint, OneDrive, and Microsoft Teams - Protects your organization when users collaborate and share files, by identifying and blocking malicious files in team sites and document libraries. ATP anti-phishing protection - Detects attempts to impersonate your users and internal or custom domains. Real-time detections - a real-time report that allows you to identify and analyze recent threats.
Microsoft Defender for Office 365 Plan 1
This includes the following: Microsoft Defender for Office 365 Plan 1 capabilities plus automation, investigation, remediation, and education capabilities: Threat Trackers - provide the latest intelligence on prevailing cybersecurity issues. Threat Explorer - a real-time report that allows you to identify and analyze recent threats. Automated investigation and response - include a set of security playbooks that can be launched automatically, such as when an alert is triggered, or manually. Attack Simulator - allows you to run realistic attack scenarios in your organization to identify vulnerabilities.
Microsoft Defender for Office 365 Plan 2
New name for Microsoft Defender Advanced Threat Protection Is a platform designed to help enterprise networks protect endpoints, by preventing, detecting, investigating, and responding to advanced threats.
Microsoft Defender for endpoint (MSDE)
____ is an enterprise survey capability that helps businesses obtain the feedback they need to make smarter decisions. It supports businesses seeking to transform customer, product, and employee experiences. It offers capabilities that make capturing and analyzing customer and employee feedback simpler than ever. Your customers can respond to the surveys by using any web browser or mobile device. As the responses are submitted, analyze them with Power BI reports and make effective decisions accordingly.
Microsoft Dynamics 365 Customer Voice
Microsoft Endpoint Manager is part of which capability of Microsoft 365?
Microsoft EndPoint Manager is part of the Business Management capability for Microsoft 365.
Servicing Tool: Provides the greatest control over servicing Windows as a service. IT pros can defer updates, approve them, and have multiple options for targeting deployments and managing bandwidth usage and deployment times.
Microsoft Endpoint Configuration Manager
_____ is an on-premises product used to manage Windows, macOS PCs, and servers. It has a rich set of capabilities that allow you to customize the following areas: Application management OS deployment Software update management Device compliance
Microsoft Endpoint Configuration Manager
Helps deliver the modern workplace and modern management to keep your data secure, in the cloud and on-premises. Includes the services and tools you use to manage and monitor mobile devices, desktop computers, virtual machines, embedded devices, and servers.
Microsoft Endpoint Manager
Helps deliver the modern workplace and modern management to keep your data secure, in the cloud and on-premises. Includes the services and tools you use to manage and monitor mobile devices, desktop computers, virtual machines, embedded devices, and servers.
Microsoft Endpoint Manager
______ is a secure and intelligent management solution that improves productivity and collaboration with the familiar experiences users expect and gives IT the flexibility to support diverse scenarios for both bring your own device (BYOD) and corporate-owned devices.
Microsoft Endpoint Manager (MEM)
Simplify the management of all devices in your estate through...
Microsoft Endpoint Manager (MEM) - simplified management
OneDrive deployment tool and management for an enterprise
Microsoft Endpoint Manager with Intune or Windows Autopilot Microsoft Endpoint Configuration Manager, Group Policy Objects (GPOs), and so on
Allows you to quickly gather data with easy-to-create surveys, polls, and questionnaires that can be distributed online and accessed from any web browser. Track responses in real-time or export results into several Microsoft and third-party tools to share and act on findings.
Microsoft Forms
Maps the connection of people and content to surface insights. For example, in most places where you type a name in Office 365, the autocomplete suggests people based on the "people I work with" edge. Specific examples of this include: Email address autocomplete in Outlook Context-based people and content guidance in Delve and SharePoint Recently used documents.
Microsoft Graph
What two options are available to developers wanting to incorporate or use Microsoft Graph in their applications?
Microsoft Graph REST API, Microsoft Graph Native SDKs Actionable insights give you recommendations for appropriate actions and guidance on how to improve your compliance
What two options are available to developers wanting to incorporate or use Microsoft Graph in their applications?
Microsoft Graph REST API, Microsoft Graph Native SDKs. Actionable insights give you recommendations for appropriate actions and guidance on how to improve your compliance.
_____ is a 100% cloud-based mobile device management (MDM) and mobile application management (MAM) provider for your apps and devices. It lets you control features and settings on Android, Android Enterprise, iOS/iPadOS, macOS, and Windows 10 devices.
Microsoft Intune
Microsoft provides a project management tool to help you manage your projects and the teams working on them. Organize the activities in your project, starting with the overall plan, then assigning tasks to groups, known as buckets. Each task can be assigned a name or label, assigned to a team member, and given a deadline. Fully integrates into Teams and Outlook to ensure that all your team members are fully updated about the tasks and activities they are working on and status updates on the project.
Microsoft Planner
Is a representation of your organization's security posture and your opportunity to improve it. Following the recommendations can protect your organization from threats. From a centralized dashboard in the Microsoft 365 security center, organizations can monitor and work on the security of their Microsoft 365 identities, data, apps, devices, and infrastructure.
Microsoft Secure Score
______ is a measurement of an organization's security posture, with a higher number indicating more improvement actions taken. Following the recommendations can protect your organization from threats. From a centralized dashboard in the Microsoft 365 security center, organizations can monitor and work on the security of their Microsoft 365 identities, data, apps, devices, and infrastructure.
Microsoft Secure Score
A video service that allows members of your organization to upload, watch, and share videos in a secure manner. Makes it possible for you to share video content of meetings, training sessions, classes, and live events to help facilitate collaboration for your organization's teams.
Microsoft Stream
Is a video service that allows members of your organization to upload, watch, and share videos in a secure manner. It makes it possible for you to share video content of meetings, training sessions, classes, and live events to help facilitate collaboration for your organization's teams.
Microsoft Stream
Advantages of this are: Chat one-to-one or in groups - keep people informed, and get input. Eliminate email clutter including acknowledgments and putting multiple people on copy. Keep in-boxes clear for important messages. Encourage open discussion, asking questions and promoting thoughtful debate. Start a call or share screens to get things done faster. Messages are real-time, but don't interrupt your colleagues' work. So everyone can be productive. You can chat from your mobile device to keep in touch wherever you are. Useful files can be shared using Teams to keep everything close to hand.
Microsoft Teams
Central point of access that your teams can use to work together on their projects through chat-based workspaces.
Microsoft Teams
Helps you to reinvent the meeting life cycle and work more efficiently at every step. From scheduling to follow-up, when you are busy it can be difficult to manage everything. Saves you time and empowers you to get more done.
Microsoft Teams
Helps your teams to continually share documents, status updates, and more, so you can all stay connected and up to date with each other, whether you're at your desk, or on the go using your mobile device. Collaboration isn't limited to your organization, enables you to work together with anyone outside your organization in the same way. Users can access it through their internet browser, or by installing it on their computer or mobile device. Channels, Chat, Voice and Video Calls, Security and Compliance, Remote Collaboration/Distance Learning
Microsoft Teams
Is designed to help you have more productive meetings. It comes with many different features and capabilities that you can use to help your teams to quickly engage and improve how they work together through meetings: Scheduling and joining meetings Multi-party meetings Meeting devices Content sharing in meetings Record and publish with Microsoft Stream Automatic transcription of videos Live events Real-time captions
Microsoft Teams
Is the hub for teamwork where groups that actively engage and are working on core projects can connect and collaborate
Microsoft Teams
_____ is your central hub for collaboration within your organization and provides a chat-based workspace to help everyone work efficiently. Helps you to reinvent the meeting life cycle and work more efficiently at every step. From scheduling to follow-up, when you are busy it can be difficult to manage everything.
Microsoft Teams
Unified app in Teams that brings together Workplace Analytics, MyAnalytics and Glint. Provides quantitative and qualitative data and insights to empower individuals, managers and leaders to improve organizational productivity and wellbeing.
Microsoft Viva Insights
____ is a new unified app in Teams that brings together Workplace Analytics, MyAnalytics and Glint. It provides quantitative and qualitative data and insights to empower individuals, managers, and leaders to improve organizational productivity and wellbeing.
Microsoft Viva Insights
Allows employees to easily discover informal and formal learning in the flow of work. It aggregates content from LinkedIn Learning, 3rd party training content, and internal content of your own. Along with providing aggregation and recommendations, it also allows managers to assign, track, and report on training within and across multiple teams.
Microsoft Viva Learning
Allows employees to easily discover informal and formal learning in the flow of work. It aggregates content from LinkedIn Learning, Microsoft Learn, 3rd party training content, and internal content of your own.
Microsoft Viva Learning
Allows employees to easily discover informal and formal learning in the flow of work. It aggregates content from LinkedIn Learning, Microsoft Learn, 3rd party training content, and internal content of your own. Along with providing aggregation and recommendations, it also allows managers to assign, track, and report on training within and across multiple teams.
Microsoft Viva Learning
Focuses on knowledge and expertise. It uses artificial intelligence (AI) to identify knowledge and experts and organize them into shared topics. Topic pages are surfaced as cards right in the flow of work in Office and Teams.
Microsoft Viva Topics
Focuses on knowledge and expertise. It uses artificial intelligence (AI) to identify knowledge and experts and organize them into shared topics. Topic pages are surfaced as cards right in the flow of work in Office and Teams. Automatically surfaces topic cards as people work in apps like Office, SharePoint, and Microsoft Teams. When employees click on a card, a topic page appears with documents, videos, and related people. Experts at the company can also help curate the information shown in Viva Topics by sharing knowledge through simple, highly customizable web sites called Topic Pages.
Microsoft Viva Topics
____ focuses on knowledge and expertise. It uses artificial intelligence (AI) to identify knowledge and experts and organize them into shared topics. Topic pages are surfaced as cards right in the flow of work in Office and Teams.
Microsoft Viva Topics
Connect with people across your organization who you might not work with directly on a regular basis. Facilitate community collaboration and idea-sharing for your organization.
Microsoft Yammer
____ is moving everything from an old system to a new system, with the intent of eventually removing the old system. In the context of your cloud deployment, you move your data and applications from local resources up into the cloud, to infrastructure provided by your CSP.
Migration
Which channel for your organization: If your users need the newest features of Microsoft 365 Apps, but you need a predictable release schedule for monthly feature updates
Monthly Enterprise Channel
If you require frequent feature updates at a predictable channel, which update channel is best?
Monthly Enterprise Channel receives feature updates once a month, on the second Tuesday of the month.
If you require frequent feature updates at a predictable channel, which update channel is best?
Monthly Enterprise Channel. Receives feature updates once a month, on the second Tuesday of the month.
Migration is:
Moving everything from an old system to a new system, with the intent of eventually removing the old system. In the context of your cloud deployment, you move your data and applications from local resources up into the cloud, to infrastructure provided by your CSP.
If you have data residency requirements, consider ____ for OneDrive. You can specify a preferred data location (PDL), from available locations around the world.
Multi-Geo
Which of the following terms describes the way in which OneDrive data is stored globally?
Multi-Geo. It is an Office 365 feature that allows organizations to span their storage over multiple Office 365 geo locations and specify in which of those to store users' data.
Which of the following measures might an organization implement as part of the defense in-depth security methodology?
Multi-factor authentication is an example of defense in-depth at the identity and access layer.
Provides insights into two of the key factors in personal productivity: how people spend their time and who they spend it with.
MyAnalytics
Provides insights into two of the key factors in personal productivity: how people spend their time and who they spend it with. Processes information in a way that protects employee privacy and supports compliance with local data privacy regulations.
MyAnalytics
Provides insights into two of the key factors in personal productivity: how people spend their time and who they spend it with. Is delivered as an email every week. Metrics include: focus and wellbeing, network and collaboration, productivity insights.
MyAnalytics
What is: Analytics about your work patterns delivered as an email. A summary of your working patterns generated form your everyday work in M365. It is delivered as a report by email once a week.
MyAnalytics
Where can a user go, in order to manage their verification methods?
MyProfile. You can use myprofile.microsoft.com site to keep your verification methods and security information up to date.
What is the underlying theory behind the Zero Trust model?
Never trust, always verify. Every access request is strongly authenticated, authorized within policy constraints and inspected for anomalies before granting access.
How many times a year do new features get released with Windows-as-a-Service?
New features are released twice a year. By releasing new features in bite sized chunks, rather than major new versions, the work required by IT people is reduced.
Power BI (free)
Not in Premium capacity Use as a personal sandbox where you create content for yourself and interact with that content. A free license is a great way to try out the Power BI service. You can't consume content from anyone else or share your content with others. Premium capacity Interact with content assigned to Premium capacity and shared with you. Free, Premium per-user, and Pro users can collaborate without requiring the free users to have Pro accounts.
A cloud- based service that enables you to store and protect files, share files with others, access files from anywhere using an app or web-browser, and restore all files to a previous date and time. You can easily and securely store and access your files from all your devices. You can work with others regardless of whether they're inside or outside your organization and terminate that sharing whenever you want. Helps protect your work through advanced encryption while the data is in transit and at rest in data centers.
OneDrive
Is a cloud- based service that enables you to store and protect files, share files with others, access files from anywhere using an app or web-browser, and restore all files to a previous date and time. You can easily and securely store and access your files from all your devices. You can work with others regardless of whether they're inside or outside your organization and terminate that sharing whenever you want.
OneDrive
Is a cloud- based service that enables you to store and protect files, share files with others, access files from anywhere using an app or web-browser, and restore all files to a previous date and time. You can easily and securely store and access your files from all your devices. You can work with others regardless of whether they're inside or outside your organization and terminate that sharing whenever you want. Helps protect your work through advanced encryption while the data is in transit and at rest in data centers.
OneDrive
To view the current health status of your Microsoft 365 services and tenant, and information about outages or disruptions to services, you should use:
Organization's administrators can use the M365 admin center
§ Threat & vulnerability management § Attack surface reduction § Next generation protection § Endpoint detection and response § Automated investigation & remediation § Microsoft Threat Experts § Management & APIs
Pillars to Microsoft Defender for Endpoint (MSDE)
Microsoft Defender for O365 flavor: · Configuration, protection and detection capabilities · Safe attachments · Safe links · ATP for SharePoint, OneDrive, and Microsoft Teams · ATP anti-phishing protection · Real-time detections
Plan 1
Microsoft Defender for O365 flavor: · Includes Plan 1 plus automation, investigation, remediation and education capabilities · Threat trackers · Threat explorer · Automated investigation and response · Attack simulator
Plan 2
What are information barriers (IB)?
Policies that an admin can configure to prevent individuals or groups from communicating with each other.
A _____________ is a collection of predefined policies and settings.
Policy package
What are the phases of the insider risk management workflow in M365?
Policy, alerts, triage, investigate, and action.
Is a suite of apps, services, connectors, and data platforms that provide a rapid application development environment to build custom apps for your business needs.
Power Apps
______ is a suite of apps, services, connectors, and data platforms that provide a rapid application development environment to build custom apps for your business needs. You can quickly build custom business apps that connect to your business data stored either in the underlying data platform Common Data Service or in various online and on-premises data sources, for example, SharePoint, Excel, Microsoft 365, Dynamics 365, SQL Server, and so on).
Power Apps
Is a service that helps you create automated workflow between your favorite apps and service to synchronize files, get notices, collect data, and more.
Power Automate
Is an online workflow service that automates actions across the most common apps and services. Can be used to automate workflows between your favorite applications and services, sync files, get notifications, collect data, and much more.
Power Automate
Is an online workflow service that automates actions across the most common apps and services. For example, you can create a flow that adds a lead to Microsoft Dynamics 365 and a record in MailChimp whenever someone with more than 100 followers tweets about your company. You can use this to automate workflows between your favorite applications and services, sync files, get notifications, collect data, and much more.
Power Automate
A collection of software services, apps, and connectors that work together to turn your independent sources of data into coherent, visually immersive, and interactive insights.
Power BI
What subscription of BI? § Not in premium capacity: Use as a personal sandbox where you create content for yourself and interact with that content. A license is a great way to try out the service. You can't consume content from anyone else or share your content with others. § Premium capacity: Interact with content assigned to Premium capacity and shared with you. Can collaborate without requiring the users to have Pro accounts.
Power BI (free)
What subscription of BI? § Not in premium capacity: Collaborate with Premium per-user and users by creating and sharing content. § Premium capacity: Collaborate with free, Premium per user, and users by creating and sharing content.
Power BI (pro)
Power BI has 3 flavors:
Power BI Desktop: a Windows desktop application Power BI Service: online SaaS Power BI mobile apps: for Windows iOS and Android
What is the minimum Power BI license required for users to consume content shared with them?
Power BI. A user with the Power BI (free) license type, can access content My Workspace that has been shared with them.
To automate processes, analyze data, and create virtual agents, use...
Power Platform integration
Website auto chat bot is called...
Power Virtual Agent
Users can create chatbots using ____ without writing any code. Users can then integrate those bots into Microsoft Teams by publishing the bots and making them reachable to Microsoft Teams from the portal.
Power Virtual Agents
Users can create applications in _______. Those applications can then be added directly to Microsoft Teams by creating tabs for those apps.
PowerApps
Users can create applications. Applications can then be added directly to MS Teams by creating tabs for those apps.
PowerApps
Azure AD service tier that includes free, Office 365, and premium features including Conditional Access based on group, location, and device status, Microsoft Cloud App Discovery, Advanced security and usage reports, advanced group access management, and hybrid identities
Premium P1
Azure AD tier that: includes free, Office 365, and premium features including Conditional access based on group, location, and device status, Microsoft Cloud App Discovery, Advanced security and usage reports, advanced group access management, and hybrid identities
Premium P1
Features in this Azure AD service tier: M365 + Password protection (custom banned password) Self-service password reset/change/unlock with on-premises write-back Conditional Access based on group, location, and device status Multi-Factor Authentication with Conditional Access Microsoft Identity Manager Group access and management
Premium P1
Azure AD tier that: includes all the above plus Azure Identity protection, which includes risk based conditional access policies, risky accounts detection, risk event investigations and Identity governance capabilities, including Privileged Identity Management (PIM)
Premium P2
Features in this Azure AD service tier: Premium P1 + Identity protection Risk based conditional access policies Privileged Identity Management (PIM) Entitlement management
Premium P2
The following are subcategories of actions that can be classified as mandatory or discretionary - in the Compliance Score...
Preventative actions are designed to handle specific risks, like using encryption to protect data at rest if there were breaches or attacks. Detective actions actively monitor systems to identify irregularities that could represent risks, or that can be used to detect breaches or intrusions. Examples of these types of actions are system access audits, or regulatory compliance audits. Corrective actions help admins to minimize the adverse effects of security incidents, by undertaking corrective measures to reduce their immediate effect or possibly even reverse damage.
A product, or service, might be released to a limited number of users in a _____ to test new features or functionality. Typically, users can sign up to be members of a _____, but the preview release isn't made available to the general public.
Private preview
A product, or service, might be released to a limited number of users in a ______________ to test new features or functionality. Typically, users can sign up to be members of a _____________, but the release isn't made available to the general public.
Private preview
Phase in the product/service/lifecycle: A product, or service, might be released to a limited number of users in a private preview to test new features or functionality. Typically, users can sign up to be members of a private preview, but the preview release isn't made available to the general public.
Private preview
A product, or services, lifecycle typically has three phases:
Private preview Public preview General Availability (GA)
Allows granular access control over privileged admin tasks in Microsoft 365. It can help protect your organization from breaches that use existing privileged admin accounts with standing access to sensitive data or access to critical configuration settings.
Privileged access management
Allows granular access control over privileged admin tasks in Microsoft 365. It can help protect your organization from breaches that use existing privileged admin accounts with standing access to sensitive data or access to critical configuration settings. Requires users to request just-in-time access to complete elevated and privileged tasks through a highly scoped and time-bounded approval workflow.
Privileged access management
Allows your organization to operate with zero standing access, this means that users who need privileged access, must request permissions for access, and once received it's just-in-time and just-enough access to perform the job at hand. Zero standing access provides a layer of defense against standing administrative access vulnerabilities.
Privileged access management in M365
Capabilities that include instant messaging and online meetings with Teams, email and calendaring with Outlook, familiar Office apps on all devices, advanced file storage and sharing with OneDrive, intranet and team sites and enterprise social networks with Yammer.
Productivity and Teamwork
Enable teamwork and simplify workflow Stay productive on the go Get more done with AI-enabled tools Harness organizational knowledge Manage all your endpoints Protect your business
Productivity benefits of M365
What are the following reports: Productivity score Usage Security & Compliance
Productivity score. This score benchmarks work done in your organization compared to other organizations like yours. Usage. View usage by time period and Microsoft 365 service to understand how people in your organization are using Microsoft 365 services. Security & Compliance. View data about malware detections, targeted users, threat protection, encryption, etc.
Phase in the product/service/lifecycle: To receive feedback from a broad range of users, Microsoft typically releases previews of products and services before their GA release. These products and services are clearly marked as preview and include beta or pre-release features and services.
Public preview
To receive feedback from a broad range of users, Microsoft typically releases ______ of products and services before their GA release. These products and services are clearly marked as preview and include beta or pre-release features and services. Because preview features are pre-release, they aren't supported and should only be used to test upcoming functionality.
Public preview
To receive feedback from a broad range of users, Microsoft typically releases __________ of products and services before their GA release. These products and services are clearly marked as preview and include beta or pre-release features and services. Because preview features are pre-release, they aren't supported and should only be used to test upcoming functionality.
Public preview
Deliver both security and non-security fixes. They are typically released on the second Tuesday of each month, though they can be released at any time. Include security updates, critical updates, servicing stack updates, and driver updates. Are cumulative, so installing the latest quality update is sufficient to get all the available fixes for a specific Windows 10 feature update.
Quality Updates
Includes fixes and security patches. Usually issued once a month. Cumulative update is released that includes all previous updates. Benefits include: § Identified security issues are fixed and deployed quickly, helping to keep devices secure. § Everyone receives security fixes regularly, keeping all devices aligned.
Quality Updates
A common use of Power Automate is to:
Receive notifications
WaaS - Feature Updates
Released 2x/year. They are more frequent but smaller. Benefits include: § There is less disruption and effort to apply new features. § Users are more productive with earlier access to new Windows features. § Users take less time to adapt to smaller changes. § The workload and cost impact of updating Windows is reduced.
______ is software that's centrally hosted and managed by a cloud service provider (CSP) for customers. In general, CSPs provide one version of an app for all customers and license it through a monthly or annual subscription.
SaaS (software as a service)
When browsing Microsoft compliance documentation in the Service Trust Portal, you have found several documents that are specific to your industry. What is the best way of ensuring you keep up to date with the latest updates?
Save the documents to your My Library. Saving the document to the My Library section to the Service Trust Portal, will ensure you have the latest updates.
When browsing Microsoft compliance documentation in the Service Trust Portal, you have found several documents that are specific to your industry. What is the best way of ensuring you keep up to date with the latest updates?
Saving the document to the My Library section of the Service Trust Portal, will ensure you have the latest updates.
What categories are included in the Secure Score breakdown?
Secure Score includes scores for identity, data, device, apps, and infrastructure.
What is Microsoft Secure Score?
Secure Score is a measurement of an organization's security posture, with a higher number indicating more improvement actions taken
What is Microsoft Secure Score?
Secure Score is a measurement of an organization's security posture. Higher number indicates more improvement actions taken.
Are categorized into identity, data, device, apps, and infrastructure. You're given points for configuring recommended security features, performing security-related tasks, or addressing the improvement action with a third-party application or software, or an alternate mitigation. Shows you the full set of possible improvements, regardless of license, so you can understand security best practices and improve your score. Keep in mind that security should be balanced with usability, and not every recommendation can work for your environment.
Secure Score points
Capabilities that include solutions for identity and access management, information protection and governance, threat protection, security management, insider risk management, compliance management, and eDiscovery.
Security and Compliance
What capability is this: Includes solutions for identity and access management, information protection and governance, threat protection, security management, insider risk management, compliance management, and eDiscovery.
Security and compliance
Which channel for your organization: If your organization has line-of-business applications, add-ins, and macros that need to be tested to determine if they work with an[BC1] updated version of Microsoft 365 Apps.
Semi-Annual Enterprise Channel
____ from Microsoft Information Protection let you classify and protect your organization's data while ensuring that user productivity and collaboration aren't hindered. Used to not only classify data, but also protect sensitive data.
Sensitivity Labels
_____ from Microsoft Information Protection let you classify and protect your organization's data while ensuring that user productivity and collaboration aren't hindered. · When you assign a sensitivity label to a group, document, or email, it's like a stamp that's applied to content. That label is: customizable, clear text, persistent. · With a sensitivity label, you can: encrypt, mark the content, apply the label automatically, protect content in containers such as sites and groups.
Sensitivity Labels
When you create a ____________, you can automatically assign that ___________ to content when it matches conditions that you specify. As a result, the protection associated with that label is automatically applied. You can also use it to apply encryption.
Sensitivity label
o Only users within your organization can open a confidential document or email. o Only users in a specific department can edit and print a document or email, while all other users in your organization can only read it. o Users cannot forward or copy information from an email. o Users cannot open a document after a specified date.
Sensitivity labels to apply encryption
Overlapping with PaaS, _________ focuses on building app functionality without spending time continually managing the servers and infrastructure required to do so. The cloud provider handles the setup, capacity planning, and server management for you. ________ architectures are highly scalable and event-driven, only using resources when a specific function or trigger occurs.
Serverless computing
Monthly Uptime Percentages...what are their Service Credits? <99.9% <99% <95%
Service Credit: 25% 50% 100%
Provide specific guarantees of service for Microsoft 365 services.
Service Level Agreements
Provides information, tools, and other resources about Microsoft security, privacy, and compliance practices. Sign in with your Microsoft cloud services account to access all the available documentation.
Service Trust Portal
How do you control the frequency of updates with Windows as a service?
Service channel. The service channel determines the frequency with which Windows 10 is updated with new features.
Allow organizations to choose when to deploy new features.
Servicing Channels
A method of controlling the frequency at which organizations deploy Windows 10 features. Allow you to control how and when updates are applies.
Servicing channels
Are a method of controlling the frequency at which organizations deploy Windows 10 features. Allow you to control how and when updates are applies.
Servicing channels
Are a method of controlling the frequency at which organizations deploy Windows 10 features. _____ allow you to control how and when updates are applies.
Servicing channels
4 steps to... o Create an approvers group o Enable privileged access o Create an access policy o Submit/approve privileged access requests
Set up and use privileged access
Helps organizations share and manage content, knowledge, and applications to: Empower teamwork Quickly find information Seamlessly collaborate across the organization
SharePoint
Is the center for files, news, and pages sharing within the team and the center for sharing information outside of the team.
SharePoint
Is the cloud evolution of Microsoft SharePoint Server. It's a cloud service that enables you to store, organize, and add third-party apps, access information from almost any device, and allow sharing with external people by default, all by using a web-browser. It helps you create team or communication-focused sites for efficient collaboration and communication. Internal users with an appropriate Microsoft 365 or They can share files or folders with others inside or outside the organization. Sharing outside the organization can be controlled by site administrators.
SharePoint
It's a cloud service that enables you to store, organize, and add third-party apps, access information from almost any device, and allow sharing with external people by default, all by using a web-browser. It helps you create team or communication-focused sites for efficient collaboration and communication.
SharePoint
What service has this: o Build sites and pages, document libraries, and lists. o Add web parts to customize their pages. o Share important visuals, news, and updates with a team. or more broadly. o Search and discover sites, files, people, and news from across their organization. o Manage their business processes with flows, forms, and lists. o Co-author documents with other users. o Sync and store their files in the cloud so anyone can securely work with them. o Catch up on news on-the-go with the SharePoint mobile app.
SharePoint
With _____, users can: Build sites and pages, document libraries, and lists. Add web parts to customize their pages. Share important visuals, news, and updates with a team. or more broadly. Search and discover sites, files, people, and news from across their organization. Manage their business processes with flows, forms, and lists. Co-author documents with other users. Sync and store their files in the cloud so anyone can securely work with them. Catch up on news on-the-go with the SharePoint mobile app.
SharePoint
Where can reports about SharePoint activity and usage be found?
SharePoint Admin Center. Use the SharePoint Admin Center to view reports about how SharePoint is being used within your organization.
Can create websites, pages, document libraries and lists. o Share important visuals, news, and updates with a team. or more broadly. o Search and discover sites, files, people, and news from across their organization. o Manage their business processes with flows, forms, and lists. o Co-author documents with other users. o Sync and store their files in the cloud so anyone can securely work with them. o Catch up on news on-the-go with the SharePoint mobile app.
Sharepoint
It's a cloud service that enables you to store, organize, and add third-party apps, access information from almost any device, and allow sharing with external people by default, all by using a web-browser. It helps you create team or communication-focused sites for efficient collaboration and communication.
Sharepoint
What are the 3 key elements of Conditional Access?
Signal, Decision, Enforcement. Conditional Access is the tool used by Azure AD to bring signals together, to make decisions, and enforce organizational policies.
A method for delivering software applications over the Internet, on demand and typically on a subscription basis. Cloud providers host and manage the software application and underlying infrastructure, and handle any maintenance, such as software upgrades and security patching. Users connect to the application over the Internet, usually with a web browser on their phone, tablet or PC.
Software as a service (SaaS)
Links to collections of integrated solutions that are used to manage end-to-end compliance scenarios across three compliance solutions areas: The Information protection & governance section quickly shows you how to use Microsoft 365 compliance solutions to protect and govern data in your organization. The Insider risk management section on the home page shows how your organization can identify, analyze, and act on internal risks before they cause harm. The Discovery & respond section on the home page shows how your organization can quickly find, investigate, and respond to compliance issues with relevant data.
Solution Catalog
Links to collections of integrated solutions that are used to manage end-to-end compliance scenarios across three compliance solutions areas: § The Information protection & governance section quickly shows you how to use Microsoft 365 compliance solutions to protect and govern data in your organization. § The Insider risk management section on the home page shows how your organization can identify, analyze, and act on internal risks before they cause harm. § The Discovery & respond section on the home page shows how your organization can quickly find, investigate, and respond to compliance issues with relevant data.
Solution catalog card
Links to collections of integrated solutions that are used to manage end-to-end compliance scenarios across three compliance solutions areas: § The Information protection & governance section quickly shows you how to use Microsoft 365 compliance solutions to protect and govern data in your organization. § The Insider risk management section on the home page shows how your organization can identify, analyze, and act on internal risks before they cause harm. § The Discovery & respond section on the home page shows how your organization can quickly find, investigate, and respond to compliance issues with relevant data.
Solution catalog card
What subscription of BI? Uses shared capacity. If the content is stored in shared capacity, users who are assigned a Power BI Pro license can collaborate only with other Power BI Pro users. They can consume content shared by other users, publish content to app workspaces, share dashboards, and subscribe to dashboards and reports. When workspaces are in Premium capacity, Pro users may distribute content to users who don't have a Power BI Pro license.
Standard BI subscription
Is designed to help users find and keep track of the content across your org. Will not just look at the description or title of a video when searching for content. It will actively search through what is actually being said in a video to see if it matches a user's search terms. Records captions
Stream
Use a subscription to switch from one edition of Windows 10 to another. For example, you can switch from Windows 10 Pro to Windows 10 Enterprise. When a licensed user signs into a device (and they have credentials associated with a Windows 10 E3 or E5 license), the OS changes from Windows 10 Pro to Windows 10 Enterprise, and all the appropriate Windows 10 Enterprise features are unlocked. If the subscription expires (or is transferred to another user), the device reverts seamlessly to Windows 10 Pro edition, after a grace period of up to 90 days.
Subscription activation
Webpages that users can embed into MS Teams. Either the scope of a Teams channel or at a personal user level.
Tabs for MS Teams
Which of the following statements describes the types of sites that can be created from the SharePoint home page?
Team. From the SharePoint home screen, you can create Team sites or Communication sites.
A collection of people, their content and the tools they need to work on projects. Can be private, where users have to be invited. Can also be public and open to anyone. Limit of up to 10,000 simultaneous members.
Teams
You are managing a project with people working in different locations. To improve collaboration and team work, you are encouraging more frequent and informal communication. Which Microsoft product is most suitable?
Teams allows people to chat one to one or in groups, or have audio or video calls. Chat is less formal than email, and you can quick switch to audio and video calls.
You want to hold a weekly meeting with your team leaders who are all based in different locations. Which Microsoft product is most suitable?
Teams allows you to hold video or audio meetings, schedule the meetings weekly, and keep meeting notes.
An organization is moving their IT infrastructure to the cloud. They want to know how to create and implement business and technology strategies in a way that will help them succeed in the cloud. What guidance can they use to help them transition to the cloud?
The Cloud Adoption Framework has been carefully designed based on cloud adoption best practices from Microsoft employees, customers, and partners. It provides a proven and consistent methodology for implementing cloud technologies.
3 Intune connectors...
The Intune Connector for Active Directory adds entries to your on-premises Active Directory domain for computers that enroll using Windows Autopilot. The Intune Exchange connector allows (or blocks) device access to your Exchange servers if devices are enrolled in Intune, and compliant with your policies. The Intune certificate connector processes certificate requests from devices that use certificates for authentication and S/MIME email encryption.
Microsoft 365 provides two subscriptions for home users which are:
The features are the same, but: Microsoft 365 Personal is for one person with multiple devices, whereas Microsoft 365 Family is for up to six people with multiple devices.
Bookings can be scheduled and staffed in two different ways...
The first way is by the customer using a standalone booking page or an embedded booking page that you integrate into your web site. The other way is for you or one of your employees to enter the bookings manually, such as when a customer calls for an appointment.
An organization has deployed Microsoft 365 applications to all employees. Who is responsible for the security of the personal data relating to these employees?
The organization. In the shared responsibility model, the customer organization always has responsibility for their data, including personal data relating to employees.
What are the phases of the insider risk management workflow in Microsoft 365?
The phases of the insider risk management workflow in Microsoft 365 are policy, alerts, triage, investigate, and action.
The approval remains valid for _________ (default duration is ______) during which the requester can execute the intended task multiple times. All such executions are logged and made available for security and compliance auditing.
The requested duration (default duration is 4 hours)
Where are Microsoft Teams Meeting rooms added when creating a new Teams meeting?
The rooms will be available in the Location dropdown in the new meeting form. This way, participants know which physical meeting room to go to for the meeting.
Where are MS Teams Meeting rooms added when creating a new Teams meeting?
The rooms will be available in the Location dropdown in the new meeting form. This way, participants know which physical meeting room to go to for the meeting.
Where are Microsoft Teams Meeting rooms added when creating a new Teams meeting?
The rooms will be available in the Location dropdown in the new meeting form. This way, participants know which physical meeting room to go to for the meeting.
Security updates are usually released on ____. Quality updates, which are sometimes referred to as non-security updates, are also usually released on _____.
The second Tuesday of every month. The same day But, if necessary, both types of updates can be released at other times.
How do you control the frequency of updates with Windows-as-a-Service?
The service channel determines the frequency with which Windows 10 is updated with new features.
Includes Microsoft Advanced Threat Analytics and Windows Defender Antivirus and Device Guard. Microsoft 365 E5 also includes Microsoft Defender Advanced Threat Protection, Microsoft 365 Advanced Threat Protection, and Azure Advanced Threat Protection.
Threat protection
What is the purpose of applying sensitivity labels to your data?
To enforce data protection policies. Data sensitivity labels are linked to data protection policies that then protect the data, for example by encrypting data.
Insider risk workflow step: New activities that need investigation automatically generate alerts that are assigned a Needs review status. Reviewers can quickly identify these alerts and scroll through each to evaluate and action. Alerts are resolved by opening a new case, assigning the alert to an existing case, or dismissing the alert.
Triage
True or False: Configuration Manager manages on-premises infrastructure and Intune manages cloud-based functions.
True
True or false: Configuration Manager manages on-premises infrastructure and Intune manages cloud-based functions.
True
True or False: You can view and edit files on Apple and Android devices with M365 mobile apps.
True.
Coexistence means:
Two different systems, one on-premises and one in the cloud, connect and work together at the same time (or coexist) as a single service (such as email).
Never trust, always verify. Every access request is strongly authenticated, authorized within policy constraints and inspected for anomalies before granting access.
Underlying theory behind Zero Trust model
What tool will help you if you open a new office abroad?
Use the regional compliance page of the Service Trust portal
Makes it possible for you to use dedicated forums for each service, to post your ideas and get responses from Microsoft about whether certain functionalities and features are already in progress, or if they can be included in future updates.
UserVoice
This service enables you and other Microsoft 365 services customers to share ideas about how you think Microsoft can improve services and experiences.
UserVoice
To enable you and other Microsoft 365 services customers to share ideas about how you think Microsoft can improve services and experiences.
UserVoice
Makes it possible for you to use dedicated forums for each service, to post your ideas and get responses from Microsoft about whether certain functionalities and features are already in progress, or if they can be included in future updates.
UserVoice (MS Teams)
Which group of users might benefit from Azure Virtual Desktop?
Users who work with confidential data. AVD can be configured to ensure that data is never stored on the local device.
- Create cloud-native applications - Store, back up and recover data - Stream audio and video - Deliver software on demand - Test and build applications - Analyze data - Embed intelligence
Uses of cloud computing
Always authenticate and authorize based on the available data points, including user identity, location, device, service or workload, data classification, and anomalies.
Verify explicitly
Can help address complex challenges and respond to change by shedding light on organizational work patterns and trends.
Viva Insights
Can provide data-driven, privacy-protected insights and recommendations to foster healthy, successful teams.
Viva Insights
Help employees stay connected with their colleagues and protect time for regular breaks, focused work, and learning.
Viva Insights
Individuals: help employees stay connected with their colleagues and protect time for regular breaks, focused work, and learning. Managers: can provide data-driven, privacy-protected insights and recommendations to foster healthy, successful teams. Company leaders: can help address complex challenges and respond to change by shedding light on organizational work patterns and trends.
Viva Insights
Can help address complex challenges and respond to change by shedding light on organizational work patterns and trends. These could include wellbeing opportunities, but also things like space planning as companies re-imagine their offices for hybrid work.
Viva Insights for company leaders
Help employees stay connected with their colleagues and protect time for regular breaks, focused work, and learning with this...
Viva Insights for individuals
Can provide data-driven, privacy-protected insights and recommendations to foster healthy, successful teams. For instance, it can help a manager see if their team is at risk of burnout and provide recommendations like encouraging your team to turn off notifications, set boundaries in their calendar, and set daily priorities to focus on what matters most.
Viva Insights for managers
Enable your users to send text-based messages to your organization's web services. Your services can then respond with a message consisting of text or a card that includes text and image type content. Enable your external services to send messages to your Teams channels through an HTTP endpoint. This is useful for notification and tracking tools.
Webhooks
What is Windows-as-a-Service?
Windows 10 with regular feature updates Windows-as-a-Service is a new model for Windows 10. Instead of a major release every three or four years, features are released more frequently, such as semi-annually.
What is Windows-as-a-service?
Windows 10 with regular feature updates. Windows as a service is a newmodel for Windows 10. Instead of a major release every 3-4 years, features are released more frequently such as a semi-annually.
Perform an in-place upgrade to Windows 10 Enterprise to migrate from...
Windows 7 and Windows 8.1 on your devices to Windows 10 Enterprise
A collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. You can also use to reset, repurpose and recover devices. This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
Windows Autopilot
Customize the out-of-box experience (OOBE) to deploy apps and settings that are pre-configured for your organization. Include just the apps your users need. It is the easiest way to deploy a new PC running Windows 10. You can also use it with Configuration Manager to upgrade Windows 7 or Windows 8.1 to Windows 10.
Windows Autopilot
Is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. You can also use it to reset, repurpose and recover devices. This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
Windows Autopilot
Sets up and pre-configures new devices, getting them ready for use. It's designed to simplify the lifecycle of Windows devices, for both IT and end users, from initial deployment through end of life. Preconfigure devices, and automatically enroll devices in Intune.
Windows Autopilot
Use _______ to remotely deploy and configure Surface devices in a zero-touch process, right out of the box. The devices will be automatically enrolled and configured when they are first turned on. This process eliminates reimaging during deployment, which lets you implement new, agile methods of device management and distribution.
Windows Autopilot
____ enables you to: Automatically join devices to Azure Active Directory (Azure AD) or Active Directory (via Hybrid Azure AD Join). Auto-enroll devices into MDM services, such as Microsoft Intune (Requires an Azure AD Premium subscription for configuration). Restrict the Administrator account creation. Create and auto-assign devices to configuration groups based on a device's profile. Customize out of box experience (OOBE) content specific to the organization.
Windows Autopilot
_____ is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. You can also use it to reset, repurpose, and recover devices. This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple. Designed to simplify all parts of the lifecycle of Windows devices, for both IT and end users, from initial deployment through the eventual end of life. Using cloud-based services, it can reduce the overall costs for deploying, managing, and retiring devices by reducing the amount of time that IT needs to spend on these processes and the amount of infrastructure that they need to maintain, while ensuring ease of use for all types of end users.
Windows Autopilot
______ sets up and pre-configures new devices, getting them ready for use. It's designed to simplify the lifecycle of Windows devices, for both IT and end-users, from initial deployment through end of life. You can use _______ to preconfigure devices, and automatically enroll devices in Intune. You can also integrate ______ with Configuration Manager and co-management for more complex device configurations (in preview).
Windows Autopilot
Which of the following enables organizations to create self-contained provisioning packages?
Windows Configuration Designer. To transform new devices into fully configured, fully managed devices, you can create self-contained provisioning packages built with the Windows Configuration Designer.
Which of the following enables organizations to create self-contained provisioning packages?
Windows Configuration Designer. To transform new devices into fully configured, fully managed devices, you can create self-contained provisioning packages built with the Windows Configuration Designer.
Addresses the following problems: · Strong passwords can be difficult to remember, and users often reuse passwords on multiple sites. · Passwords are subject to replay attacks. · Users can inadvertently expose their passwords because of phishing attacks.
Windows Hello
_____ addresses the following problems with passwords: Strong passwords can be difficult to remember, and users often reuse passwords on multiple sites. Passwords are subject to replay attacks. Users can inadvertently expose their passwords because of phishing attacks.
Windows Hello
______ provides reliable, fully integrated biometric authentication based on facial recognition or fingerprint matching. Uses a combination of special infrared (IR) cameras and software to increase accuracy and guard against spoofing. On devices that support it, an easy biometric gesture unlocks users' credentials.
Windows Hello
_______ lets users authenticate to: A Microsoft, Active Directory, or Microsoft Azure Active Directory (Azure AD) account. An Identity Provider Services or Relying Party Services that support Fast ID Online (FIDO) v2.0 authentication
Windows Hello
Is a set of technologies that protect your organization from accidental or malicious data leaks, without significant changes to your enterprise environment or apps. It provides this protection to both enterprise-owned devices and BYOD devices, and it does so without interfering with employees' regular workflows.
Windows Information Protection
A set of technologies that protect your organization from accidental or malicious data leaks, without significant changes to your enterprise environment or apps. It provides this protection to both enterprise-owned devices and BYOD devices, and it does so without interfering with employees' regular workflows.
Windows Information Protection (WIP)
Servicing Tool: Provides limited control over feature updates, with IT pros manually configuring the device to be in the Semi-Annual Channel. Organizations can target which devices defer updates by selecting the Defer upgrades check box in Start\Settings\Update & Security\Advanced Options on a Windows 10 device.
Windows Update (stand-alone)
With _______, your IT department no longer needs to perform complex imaging (wipe-and-load) processes with each new Windows release. Devices on Windows 10 semi-annual channel (SAC) versions receive the latest feature and quality updates through simple -- often automatic -- patching processes.
Windows-as-a-Service
A new way to work with the Windows desktop. New features are released twice a year. By releasing new features in bite sized chunks, rather than major new versions, the work required by IT people is reduced. There are two types of updates: features and quality fixes.
Windows-as-a-Service (WaaS)
Your IT department no longer needs to perform complex imaging (wipe-and-load) processes with each new Windows release. Devices on Windows 10 semi-annual channel (SAC) versions receive the latest feature and quality updates through simple -- often automatic -- patching processes.
Windows-as-a-service
Benefits of this are these: The data is generated from people's actual working patterns. There is no disruption or additional work required. It has built-in dashboards and reports that visualize the data. It generates insights to learn and identifies improve the way you work.
Workplace Analytics
Benefits of this include: Address wasteful collaboration and meeting cultures. Enhance process efficiency and effectiveness Drive cultural transformations. Inform leadership excellence and development. Visualize data with dashboards and reports from Power BI and other reporting tools. Inform leadership initiatives and development. Develop executive dashboards and reporting systems.
Workplace Analytics
Benefits of this include: § Address wasteful collaboration and meeting cultures. § Enhance process efficiency and effectiveness § Drive cultural transformations. § Inform leadership excellence and development. § Visualize data with dashboards and reports from Power BI and other reporting tools. § Inform leadership initiatives and development. § Develop executive dashboards and reporting systems.
Workplace Analytics
Identifies collaboration patterns that may impact productivity, workforce effectiveness, and employee engagement. It has several benefits: o The data is generated from people's actual working patterns. o There is no disruption or additional work required. o It has built-in dashboards and reports that visualize the data. o It generates insights to learn and identifies improve the way you work.
Workplace Analytics
To help you understand your organization's engagement level for Yammer. These provide useful information about users' posting, reading activities, and more.
Yammer activity reports
Provides information about devices that users are using to access Yammer. Find information about devices types, the number of devices, operating system type, and more across the organization, or on an individual user level.
Yammer device usage reports
Which report contains the number of users accessing Yammer from a mobile phone?
Yammer device usage reports. These reports provide information about devices types, the number of devices, operating system type, and more across the organization, or on an individual user level.
Which report contains the number of users accessing Yammer from a mobile phone?
Yammer device usage reports. These reports provided information about device types, the number of devices, operating system type, and more across the org or on an individual user level.
Gain a better understanding of activities in Yammer groups across your company. These provide information on posting, reading, and member activity across groups.
Yammer group activity reports
·Your organization is launching an important new product. You want to host a major online event to announce it to your industry. You will have several people speaking plus videos. Which combination of Microsoft products should you use to host the event?
Yammer, Teams and Stream. Will allow you to use different types of content and host a major online event.
Your organization is launching an important new product. You want to host a major online event to announce it to your industry. You will have several people speaking plus videos. Which combination of Microsoft products should you use to host the event?
Yammer, Teams and Stream. Will allow you to use different types of content and host a major online event.
Your organization is launching an important new product. You want to host a major online event to announce it to your industry. You will have several people speaking plus videos. Which combination of Microsoft products should you use to host the event?
Yammer, Teams, and Stream will allow you to use different types of content and host a major online event.
Where can a user go, in order to manage their verification methods?
You can use the myprofile.microsoft.com site to keep your verification methods and security information up to date.
The overall compliance score is calculated using scores that are assigned to actions. Actions come in two types:
Your improved actions: actions that the organization is expected to manage. Microsoft actions: actions that Microsoft manages for the organization.
Assumes every request is a breach in security, and verifies each request as though it originates from an unsecured network.
Zero Trust Model
3 principles: Verify explicitly, Least privileged access, Assume breach, are for what?
Zero Trust guiding principles
Indirect Cloud Solution Provider...
just sells.
3 ways to keep track of health status of services:
o Admin app: Your administrators can use the Admin App to view and stay up to date with the health status of the services on the go. o Microsoft System center: Your administrators can view all service communications from within System Center if your organization has the Office 365 Management Pack. o API: Your organization can use the Office 365 Service Communications API to create or use tools that can connect and monitor the service status for you in real-time.
Keep track of health status of services in different ways:
o Admin app: Your administrators can use the Admin App to view and stay up to date with the health status of the services on the go. o Microsoft System center: Your administrators can view all service communications from within System Center if your organization has the Office 365 Management Pack. o API: Your organization can use the Office 365 Service Communications API to create or use tools that can connect and monitor the service status for you in real-time.
M365 Roadmap
o Allows you to download the current features in development as a CSV file o Allows you to search by product, cloud instance, or platform o Allows you to view additional information about each update o Allows you to leverage RSS to be notified of feature updates in real time o Includes Windows and Azure Active Directory
Windows Autopilot enables you to:
o Automatically join devices to Azure Active Directory (Azure AD) or Active Directory (via Hybrid Azure AD Join). o Auto-enroll devices into MDM services, such as Microsoft Intune (Requires an Azure AD Premium subscription for configuration). o Restrict the Administrator account creation. o Create and auto-assign devices to configuration groups based on a device's profile. o Customize out of box experience (OOBE) content specific to the organization.
Deploying Windows 10 depends on a number of factors such as:
o Business requirements. o Environment considerations. o Amount of administrative control needed. o Network capacity. o Current deployment capabilities.
Microsoft Teams advantages:
o Chat one-to-one or in groups - keep people informed, and get input. o Eliminate email clutter including acknowledgments and putting multiple people on copy. Keep in-boxes clear for important messages. o Encourage open discussion, asking questions and promoting thoughtful debate. o Start a call or share screens to get things done faster. o Messages are real-time, but don't interrupt your colleagues' work. So everyone can be productive. o You can chat from your mobile device to keep in touch wherever you are. o Useful files can be shared using Teams to keep everything close to hand.
Benefits: when you enroll existing configuration manager clients in co-management, you gain:
o Conditional access with device compliance o Intune-based remote actions, for example: restart, remote control, or factory reset o Centralized visibility of device health o Link users, devices, and apps with Azure Active Directory (Azure AD) o Modern provisioning with Windows Autopilot o Remote actions
6 privacy principles are:
o Control: Putting you, the customer, in control of your privacy with easy-to-use tools and clear choices. o Transparency: Being transparent about data collection and use so that everyone can make informed decisions. o Security: Protecting the data that's entrusted to Microsoft by using strong security and encryption. o Strong legal protections: Respecting local privacy laws and fighting for legal protection of privacy as a fundamental human right. o No content-based targeting: Not using email, chat, files, or other personal content to target advertising. o Benefits to you: When Microsoft does collect data, it's used to benefit you, the customer, and to make your experiences better.
There are two peer-to-peer options for content distribution:
o Delivery Optimization allows Windows 10 clients to source content from other devices on their local network that have already downloaded the updates, or from peers over the internet. o BranchCache is a bandwidth optimization technology included in some editions of Windows Server 2016, Windows 10 operating system, and some other operating systems. Using BranchCache, files are cached on each individual client, and other clients can retrieve them as needed.
Benefits of Azure Virtual Desktop (AVD) for organizations:
o Deploy Windows desktops and apps in minutes. o Scale easily by provisioning access to data across devices fast. o Provide access to data while adhering to security and compliance regulations. o Gives users the same look and feel as running Office apps on a dedicated machine. o The organization pays only for what it uses with the Azure Virtual Machines and Azure storage consumed by users. o When your storage needs differ seasonally, you only pay for what you need when you need it.
WaaS offers 3 servicing channels:
o Insider preview. This channel receives Windows features before general release, often during development. This allows organizations to test and evaluate new features and provide feedback to Microsoft. o Semi-annual channel. Feature updates are released to the semi-annual channel twice a year. o Long-term servicing channel. Designed for specialist devices that do not run Office apps such as medical equipment or ATMs. These receive new features every two or three years.
Zero Trust model has 3 aspects:
o It requires signals to inform decisions. Zero Trust considers many signal sources, from identity systems to device management and device security tools, to create context-rich insights that help make informed decisions. o Policies to make access decisions. The access requested, and the signal's analyzed to deliver a decision based on finely tuned access policies, providing granular, organization-centric access control. o Enforcement capabilities to implement those decisions effectively. Decisions are enforced across the entire digital estate, such as read-only access to the SaaS app or remediating compromised passwords with a self-service password reset.
M365 for Enterprise: E3
o Partial: Meetings and voice, Advanced analytics, Identity and access management, Threat protection, Information protection o No: Advanced compliance
M365 for Enterprise E3
o Partial: Meetings and voice, Advanced analytics, Identity and access management, Threat protection, Information protection o No: Advanced compliance
M365 for Enterprise: F3
o Partial: Office mobile apps and Office for web only, Meetings and voice, Identity and access management, Threat protection, Information protection. o No: Advanced analytics, Advanced Compliance
M365 for Enterprise F3
o Partial: Office mobile apps and Office for web only, Meetings and voice, Identity and access management, Threat protection, Information protection. o No: Advanced analytics, Advanced Compliance
A product, or services, lifecycle typically has 3 phases:
o Private preview: A product, or service, might be released to a limited number of users in a private preview to test new features or functionality. Typically, users can sign up to be members of a private preview, but the preview release isn't made available to the general public. o Public preview: To receive feedback from a broad range of users, Microsoft typically releases public previews of products and services before their GA release. These products and services are clearly marked as preview and include beta or pre-release features and services. Because preview features are pre-release, they aren't supported and should only be used to test upcoming functionality. o General availability (GA): When a product or service is GA, it's the release version and is fully supported. GA products and services have been through a full development and test lifecycle to ensure stability and reliability. With Microsoft 365, new features are added to the products and services periodically. It's useful for IT developers, and administrators, to be aware of preview features before they have their GA release.
OneDrive and management options 1. Small business 2. Medium sized business 3. Enterprise 4. Pre-requisites
o Small business: § Deployment tools used: local installation § Management: OneDrive admin center o Medium sized business: § Deployment tools used: Scripted installation or Microsoft Intune mobile device management (MDM) § Management: Office365 with MDM, OneDrive admin center, Intune mobile application management (MAM) or MDM o Enterprise: § Deployment tools used: Microsoft Endpoint Manager with Intune or Windows Autopilot § Management: Microsoft Endpoint Configuration Manager, Group Policy Objects (GPOs), and so on o Pre-requisites § Client and app requirements: the ideal OneDrive experience comes from the Windows and Mac sync apps, and the iOS and Android mobile apps. With that in mind, OneDrive is available for most operating systems and browsers, and requires minimal hardware. § License requirements: A few OneDrive features are available only within certain licensing models.
Guiding principles of Zero Trust:
o Verify explicitly. Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies. o Use the least privileged access. Limit user access with Just-In-Time and Just Enough Access (JIT/JEA), risk-based adaptive policies, and data protection to protect both data and productivity. o Assume breach. Minimize blast radius for breaches and prevent lateral movement by segmenting access by network, user, devices, and application. Verify all sessions are encrypted end to end. Use analytics to get visibility, drive threat detection, and improve defenses.
3 types of Yammer reports
o Yammer activity reports: To help you understand your organization's engagement level for Yammer. These provide useful information about users' posting, reading activities, and more. o Yammer group activity reports: Gain a better understanding of activities in Yammer groups across your company. These provide information on posting, reading, and member activity across groups. o Yammer device usage reports: Provides information about devices that users are using to access Yammer. Find information about devices types, the number of devices, operating system type, and more across the organization, or on an individual user level.
Direct Cloud Solution Provider...
sells and provides support.
Discretionary - Compliance Score action is:
these actions depend on the users understanding and adhering to a policy. For example, a policy where users are required to ensure their devices are locked before they leave them.
Mandatory - Compliance Score action is:
these actions shouldn't be bypassed. For example, creating a policy to set requirements for password length or expiration.
Microsoft Bookings has 3 primary components
§ A booking page where your customers and clients can schedule appointments with a staff member. This web-based scheduling page can be shared via a direct link, your Facebook page, and even through link embedding within your website. § A web-based, business-facing page where Bookings calendar owners and administrators within an organization can define appointment types and details, manage staff schedules and availability, set business hours, and customize how appointments are scheduled. § A business-facing mobile app where Bookings calendar owners and administrators can see all of their appointments, access customer lists and contact information, and make manual bookings on the go.
3 plans for M365 Business
§ Basic: $5/user/month. Cannot: host webinars that include attendee registration pages, email confirmations and reporting, use Microsoft Bookings, Desktop versions of office apps for PC and Mac, Advanced security, Device Management § Standard: $12.50/user/month. No: Advanced security, Device management § Premium: $20/user/month.
Compliance Manager vs. Compliance Score
§ Compliance Manager is an end-to-end solution in Microsoft 365 compliance center to enable admins to manage and track compliance activities. Compliance score is a calculation of the overall compliance posture across the organization. The compliance score is available through Compliance Manager. § Compliance Manager gives admins the capabilities to understand and increase their compliance score, so they can ultimately improve the organization's compliance posture and help it to stay in line with compliance requirements.
Assessments have several components
· In-scope services: the specific set of Microsoft services applicable to the assessment. · Microsoft-managed controls: controls for Microsoft cloud services, which Microsoft implements for the organization. · Your controls: these controls, sometimes referred to as customer-managed controls, are implemented and managed by the organization. · Shared controls: responsibility for implementing these controls is shared by the organization and Microsoft. · Assessment score: shows the progress in achieving total possible points from actions within the assessment that are managed by the organization and by Microsoft.
3 subcategories of actions that can be classified as mandatory or discretionary for the compliance score:
· Preventative actions are designed to handle specific risks, like using encryption to protect data at rest if there were breaches or attacks. · Detective actions actively monitor systems to identify irregularities that could represent risks, or that can be used to detect breaches or intrusions. Examples of these types of actions are system access audits, or regulatory compliance audits. · Corrective actions help admins to minimize the adverse effects of security incidents, by undertaking corrective measures to reduce their immediate effect or possibly even reverse damage.