Microsoft Exam
Azure Active Directory (AD)
Azure AD is used by Endpoint Manager for identity of devices, users, groups, and multi-factor authentication (MFA)
KPIs
Key performance indicators
MAM
Mobile Application Management
subscriptions
a logical container used to provision resources in azure
Microsoft Yammer
a social networking tool to openly connect and engage across your organization
Power Apps
a suite of apps, services, connectors, and data platforms that provide a rapid application development environment to build custom apps for your business needs
Azure Cost Management
a suite of tools, used after you deploy, provided by Microsoft that help you analyze, manage, and optimize the costs of your workloads
Azure Security Center
a unified infrastructure security management system that strengthens the security posture of your data centers (cloud and on-premises) provides security guidance for compute, data, network, storage, app, and other services
Microsoft Bookings
a web-based appointment scheduling system that integrates with Outlook to provide your customers with the means to book an appointment with members of your staff
CSP
cloud service provider
Power Apps Studio
is the app designer used for building canvas apps
Azure SLAs
purpose of an Azure SLA? provides a clear explanation of availability (and sometimes performance) of an Azure service actions that can affect an SLA? failing to deploy a service in a manner that meets the SLA requirements
Reserved Instances
reserve virtual machines in advance and save up to 72% compared to pay-as-you-go (PAYG) pricing with 1-yr or 3-yr commitment
SIEM
security information event management
SOAR
security orchestration automated response
azure VMs
server virtualization (compute) on-demand without need for hardware purchase
public cloud
services are offered over the public internet and available to anyone who wants to purchase the. cloud resources, such as servers and storage, are owned and operated by a third-party cloud service provider, and delivered over the internet
Windows Autopilot
sets up and pre-configures new devices, getting them ready for use. It's designed to simplify the lifecycle of Windows devices, for both IT and end-users, from initial deployment through end of life
Azure Sovereign Regions
special regions that you might need to consider compliance or legal purposes: Azure Government, China, and Germany operated by special trustees
operational expenditure (OpEx)
spending money on services or products now, and being billed for them now. You can deduct this expense in the same year you spend it. There is no up-front cost, as you pay for a service or product as you use it.
Azure DDoS
standard tier provides enhanced DDoS mitigation features to defend against DDoS attacks includes logging, alerting, and telemetry thats not included in the free Basic tier present by default
policy
the definition of the conditions which you want to control/govern
What comprises an IaaS model?
third-party provider that hosts, services, and maintains all aspects of the system on behalf of the end user explanation: An IaaS model can basically manage all physical components of your cloud needs.
Conditional Access
used by Azure AD to bring signals together to make decisions and enforce organizational policies
Network Security Group
(basically ACL) contains security rules that allow or deny inbound network traffic to, or outbound traffic from, several types of Azure resources for each rule you can specify source and destination, port, and protocol can be applied to a subnet or NIC
Quickly create powerful cloud web-based apps.
Azure App Service
An event-driven, serverless compute service.
Azure Functions
Monitors and diagnoses network issues by using scenario-based analysis.
Azure Network Watcher
Content add-ins
Content add-ins can be used to insert an object into an Excel spreadsheet or PowerPoint presentation. That object can be a web-based data visualization, media, or other external content
resource group
- a container that holds related resources - used to group resources that share a common resource lifecycle
availability zones
- unique physical locations within a region with independent power, network, and cooling - comprised of one or more datacenters - tolerant to datacenter failures via redundancy and isolation
built-in SharePoint workflows
-Approval -Collect Feedback -Collect Signatures -Publishing Approval -Three-state
services included w/ Endpoint Manager
-Microsoft Intune -Configuration Manager -Co-management -Desktop Analytics -Windows Autopilot -Azure Active Directory -Endpoint Manager admin center
Microsoft FastTrack
...is a migration support service for Microsoft 365 subscribers
Microsoft Intune
100% cloud-based mobile device management (MDM) and mobile application management (MAM) provider for your apps and devices
Why would infrastructure as a service (Iaas) be recommended for an organization?
A third-party provider hosts the software, hardware, services, and other aspects of the system. explanation: An organization that wants to maximize costs in the company and needs the scaling would choose this cloud.
Power BI free license
A user with the Power BI (Free) license type, can access content My Workspace that has been shared with them
App designer
App designer for model-driven apps lets you define the sitemap and add components to build a model-driven app
scalability
Apps in the cloud can scale vertically and horizontally: Scale vertically to increase compute capacity by adding RAM or CPUs to a virtual machine. Scaling horizontally increases compute capacity by adding instances of resources, such as adding VMs to the configuration.
MFA (multi-factor authentication)
Azure AD MFA works by requiring two or more of the following authentication methods: - something you know (pin or password) - something you have (trusted device) - something you are (biometric)
Publish APIs to developers, partners, and employees securely and at scale.
Azure API Management
Azure AD
Azure Active Directory is Microsoft's cloud-based identity and access management service which helps employees sign in and access resources such as: internal resources, such as apps on your corporate network or custom cloud apps external resources, such as Microsoft 365, the Azure portal, and many SaaS apps
Optimizes app server farm delivery while increasing application security.
Azure Application Gateway
Managed service for parallel and high-performance computing applications.
Azure Batch
Storage service for very large objects, such as video files or bitmaps.
Azure Blob storage
Fully managed service caches frequently used and static data to reduce data and application latency.
Azure Cache for Redis
Deploy this fully managed search as a service.
Azure Cognitive Search
Containerized apps run on Azure without provisioning servers or VMs.
Azure Container Instances
Delivers high-bandwidth content to customers globally.
Azure Content Delivery Network
Globally distributed database that supports NoSQL options.
Azure Cosmos DB
Protects Azure-hosted applications from distributed denial of service (DDOS) attacks.
Azure DDoS Protection
Provides ultra-fast DNS responses and ultra-high domain availability.
Azure DNS
Service that migrates databases to the cloud with no application code changes.
Azure Database Migration Service
Fully managed and scalable MariaDB relational database with high availability and security.
Azure Database for MariaDB
Fully managed and scalable MySQL relational database with high availability and security.
Azure Database for MySQL
Fully managed and scalable PostgreSQL relational database with high availability and security.
Azure Database for PostgreSQL
Integrate this collaborative Apache Spark-based analytics service with other big data services in Azure.
Azure Databricks
Connects to Azure over high-bandwidth dedicated secure connections.
Azure ExpressRoute
File shares that can be accessed and managed like a file server.
Azure File storage
Implements high-security, high-availability firewall with unlimited scalability.
Azure Firewall
Process massive amounts of data with managed clusters of Hadoop clusters in the cloud.
Azure HDInsight
Messaging hub that provides secure communications between and monitoring of millions of IoT devices.
Azure IoT Hub
Cluster management for VMs that run containerized services.
Azure Kubernetes Service
Balances inbound and outbound connections to applications or service endpoints.
Azure Load Balancer
Collaborative visual workspace where you can build, test, and deploy machine learning solutions by using prebuilt machine learning algorithms and data-handling modules.
Azure ML Studio
Cloud-based environment you can use to develop, train, test, deploy, manage, and track machine learning models. It can auto-generate a model and auto-tune it for you. It will let you start training on your local machine, and then scale out to the cloud.
Azure Machine Learning Service
Send push notifications to any platform from any back end.
Azure Notification Hubs
A data store for queuing and reliably delivering messages between applications.
Azure Queue storage
RBAC (Role Based Access Control)
Azure RBAC helps you manage who has access to Azure resources, what they can do with those resources, and which resources/areas that have access to
Fully managed relational database with auto-scale, integral intelligence, and robust security.
Azure SQL Database
Distributed systems platform that runs in Azure or on-premises.
Azure Service Fabric
Add real-time web functionalities easily.
Azure SignalR Service
Fully managed data warehouse with integral security at every level of scale at no extra cost.
Azure Synapse Analytics
Run analytics at a massive scale by using a cloud-based enterprise data warehouse that takes advantage of massively parallel processing to run complex queries quickly across petabytes of data.
Azure Synapse Analytics
Table storage is a service that stores non-relational structured data (also known as structured NoSQL data) in the cloud, providing a key/attribute store with a schemaless design.
Azure Table storage
Distributes network traffic across Azure regions worldwide.
Azure Traffic Manager
Accesses Azure Virtual Networks through high-performance VPN gateways.
Azure VPN Gateway
Windows or Linux virtual machines (VMs) hosted in Azure.
Azure Virtual Machine
Scaling for Windows or Linux VMs hosted in Azure.
Azure Virtual Machine Scale Sets
Connects VMs to incoming virtual private network (VPN) connections.
Azure Virtual Network
Creates a unified wide area network (WAN) that connects local and remote sites.
Azure Virtual WAN
Disaster recovery
By taking advantage of cloud-based backup services, data replication, and geo-distribution, you can deploy your apps with the confidence that comes from knowing that your data is safe in the event of disaster.
disaster recovery
By taking advantage of cloud-based backup services, data replication, and geo-distribution, you can deploy your apps with the confidence that comes from knowing that your data is safe in the event of disaster.
What would you use to manage Windows-as-a-Service? -Configuration Manager -Windows updates -Windows Virtual Desktop
Configuration Manager *Configuration Manager allows you to configure Windows-as-a-Service including Service Channels and Deployment rings.
Which of the following statements is correct? -Configuration Manager manages both on-premises infrastructure and cloud-based functions -Configuration Manager manages on-premises infrastructure and Intune manages cloud-based functions -Windows autopilot is the new method for infrastructure management for both on-premises and cloud-based scenarios.
Configuration Manager manages on-premises infrastructure and Intune manages cloud-based functions
When using Windows Autopilot to configure a user's device, which of the following statements describe the only interaction required from the end user? -Connect to a network and then start the Intune client. -Connect to a network and verify their credentials. -Connect to a network and then run a PowerShell script (provided by IT) to connect to the Autopilot server.
Connect to a network and verify their credentials.
Windows Autopilot
Customize the out-of-box experience (OOBE) to deploy apps and settings that are pre-configured for your organization. Include just the apps your users need. Autopilot is the easiest way to deploy a new PC running Windows 10. You can also use it with Configuration Manager to upgrade Windows 7 or Windows 8.1 to Windows 10.
high availability
Depending on the service-level agreement (SLA) that you choose, your cloud-based apps can provide a continuous user experience with no apparent downtime, even when things go wrong.
When deploying Microsoft 365 to users without Internet access, which deployment method should you use? -from a local source -from the cloud -from Configuration Manager
Deploy Microsoft 365 from a local source
agility
Deploy and configure cloud-based resources quickly as your app requirements change.
Long-term servicing channel
Designed for specialist devices that do not run Office apps such as medical equipment or ATMs. These receive new features every two or three years.
DFCI
Device Firmware Configuration Interface
true or false: you need to purchase an Azure account before you can use any Azure resources
False you can use a free Azure account or Microsoft Learn sandbox to create resources
Semi-annual servicing channel
Feature updates are released to the semi-annual channel twice a year.
(Excel) Get & Transform
Get & Transform lets you connect, combine, and refine data sources to meet your analysis needs steps: Connect - make connections to data sitting in the cloud, in service, or locally Transform - shape the data to meet your needs; the original source remains unchanged Combine - create a data model from multiple data sources, and get a unique view into the data Share - once your query is complete you can save it, copy it, or use it for reports
Which administrator role sets up the Microsoft 365 tenant?
Global Administrator
Endpoint Manager
Includes the following services: -Microsoft Intune -Configuration Manager -Co-management -Desktop Analytics -Windows Autopilot -Azure Active Directory -Endpoint Manager admin center
Fully managed global IoT software as a service (SaaS) solution that makes it easy to connect, monitor, and manage IoT assets at scale.
IoT Central
Fully managed service that allows data analysis models to be pushed directly onto IoT devices, which allows them to react quickly to state changes without needing to consult cloud-based AI models.
IoT Edge
What additional security measure is suggested for users that want to access corporate applications on their own devices?
MFA (multi-factor authentication)
MEM
Microsoft Endpoint Manager
Microsoft Forms
Microsoft Forms allows you to quickly gather data with easy-to-create surveys, polls, and questionnaires that can be distributed online and accessed from any web browser
What two options are available to developers wanting to incorporate or use Microsoft Graph in their applications?
Microsoft Graph REST API, Microsoft Graph Native SDKs
Microsoft Graph
Microsoft Graph provides a unified programmability model that you can use to build apps for organizations and consumers that interact with your organization's data
Privacy (Microsoft core tenets)
Microsoft making meaningful choices for how and why data is collected and used
MDM
Mobile Device Management
Which of the following terms describes the way in which OneDrive data is stored globally? -Multi-Geo -Geo-Centric Datacenter -Colocation
Multi-Geo - is an Office 365 feature that allows organizations so span their storage over multiple Office 365 geo locations and specify in which of those to store users' data.
NIST
National Institute of Standards and Technology
If you install Microsoft 365 apps, how often do you need to be connected to the internet? -Never -Once, every 30 days -always
Once, every 30 days
Service that hosts enterprise SQL Server apps in the cloud.
SQL Server on Azure Virtual Machines
How do you control the frequency of updates with Windows-as-a-Service? -Windows updates -Deployment rings -Service Channel
Service Channel
Task pane add-ins
Task pane add-ins allow user interaction through a panel displayed within an Office application. Through the task pane interface, you can enable the user to modify documents or emails, view data from a data source, and more.
Which of the following statements describes the types of sites that can be created from the SharePoint home page? -Skype -Team -OneDrive
Team - From the SharePoint Online home screen, you can create Team sites or Communication sites.
Office add-ins
The Office add-ins platform enables you to extend the functionality of Office applications, including Word, Outlook, and Excel. Office add-ins provide several options for how your solution can interact with an Office application.
Endpoint Manager admin center
The admin center is a one-stop web site to create policies and manage your devices
Insider preview servicing channel
This channel receives Windows features before general release, often during development. This allows organizations to test and evaluate new features and provide feedback to Microsoft.
IaaS (Infrastructure as a Service)
This cloud service model is the closest to managing physical servers; a cloud provider will keep the hardware up-to-date, but operating system maintenance and network configuration is up to you as the cloud tenant. For example, Azure virtual machines are fully operational virtual compute devices running in Microsoft datacenters. An advantage of this cloud service model is rapid deployment of new compute devices. Setting up a new virtual machine is considerably faster than procuring, installing, and configuring a physical server.
Which group of users might benefit from Windows Virtual Desktop? -Users who need to run a Mac desktop -Users who work with confidential data -Users with poor internet connectivity
Users who work with confidential data. *Windows Virtual Desktop can be configured to ensure that data is never stored on the local device
Create and deploy mission-critical web apps at scale.
Web Apps feature of Azure App Service
What is Windows-as-a-Service? -The ability to run Windows as a virtual desktop -Windows 10 with regular feature updates -Windows 10 Mobile
Windows 10 with regular feature updates
WVD
Windows Virtual Desktop
Which enables organizations to create self-contained provisioning packages? -Windows Configuration Designer -Microsoft Intune -Microsoft Autopilot
Windows configuration designer
Workplace Analytics
Workplace Analytics and MyAnalytics gather data and use AI to provide insights into the working habits of individuals and organizations.
elasticity
You can configure cloud-based apps to take advantage of autoscaling, so your apps always have the resources they need.
geo-distribution
You can deploy apps and data to regional datacenters around the globe, thereby ensuring that your customers always have the best performance in their region.
BranchCache
a bandwidth optimization technology included in some editions of Windows Server 2016, Windows 10 operating system, and some other operating systems. Files are cached on each individual client, and other clients can retrieve them as needed.
Key Vault
a cloud service for securely storing and accessing secrets a secret is anything that you want to tightly control access to. such as, API keys, passwords, certificates, or cryptographic keys
Microsoft Intune
a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM)
Desktop Analytics
a cloud-based service that integrates with Configuration Manager. It provides insight and intelligence for you to make more informed decisions about the update readiness of your Windows clients
Azure Sentinel
a cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution
initiative
a collection of Azure policy definitions that are grouped together towards a specific goal
Power BI
a collection of software services, apps, and connectors that work together to turn your independent sources of data into coherent, visually immersive, and interactive insights.
hybrid cloud
a computing environment that combines a public cloud and a private cloud by allowing data and applications to be shared between them
blueprint
a container for composing sets of standards, patterns, and requirements for implementation of Azure cloud services, security, and design often used in the same sentence as the phrase "new environments"
azure geography
a discrete market, typically containing two or more regions that preserves data residency and compliance boundaries
Single Sign-on (SSO)
a doesn't have to sign into every application they use the user logs in once and that credential is used for multiple apps. often called 'modern authentication'
Defense in-Depth
a layered (defense in depth) approach that does not rely on one method to completely protect your environment
Hybrid Use Benefit
a licensing benefit that helps you to significantly reduce the costs of running your workloads in the cloud lets you use your on-premises Software Assurance-enabled Windows Server and SQL Server licenses on Azure
Azure Firewall
a managed, cloud-based network security service that protects your Azure Virtual Network resources is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability
Microsoft Secure Score
a measurement of an organization's security posture, with a higher number indicating more improvement actions taken
Tags
a name and value pair used to logically organize Azure resources, resource groups, and subscriptions into a logical ordered structure tags can be the basis for applying business policies or tracking costs you can also enforce tagging rules with Azure policies
Windows-as-a-Service (WaaS)
a new model for Windows 10. Instead of a major release every three or four years, features are released more frequently, such as semi-annually.
Microsoft Planner
a project management tool to help you manage your projects and the teams working on them. Planner lets you organize the activities in your project, starting with the overall plan, then assigning tasks to groups.
region pairs
a relationship between 2 azure regions within the same geographic region for disaster recovery purposes
Windows Virtual Desktop (WVD)
a service that allows users to connect to a Windows desktop running in the cloud. It is a desktop and app virtualization service that runs on Azure
Dedicated Hosts
a service that provides dedicated physical servers, able to host one or more virtual machines in one Azure subscription
Spot Pricing
access unused Azure compute capacity at deep discounts--up to 90% compared to pay-as-you-go prices applies to Azure VMs only use for non-mission critical services
Reserved Capacity
achieve significant savings on Azure SQL Database, Azure Cosmos DB and Azure Synapse Analytics and Azure Cache for Redis discount is product specific enables you to easily manage costs across predictable and variable workloads and help optimize budgeting and forecasting
Intune Connector for Active Directory
adds entries to your on-premises Active Directory domain for computers that enroll using Windows Autopilot
Intune Exchange connector
allows (or blocks) device access to your Exchange servers if devices are enrolled in Intune, and compliant with your policies.
Delivery Optimization
allows Windows 10 clients to source content from other devices on their local network that have already downloaded the updates, or from peers over the internet.
Microsoft Stream
an Enterprise Video service where people in your organization can upload, view, and share videos securely
app service
an HTTP-based service for hosting web applications, REST APIs, and mobile back ends
Configuration Manager
an on-premises management solution to manage desktops, servers, and laptops that are on your network or internet-based
resources
any entity managed by azure. for example, a virtual machine, virtual network, or storage account
Azure AD Premium
at additional cost; has additional features to help protect devices, apps, and data, including dynamic groups, auto-enrollment, and conditional access.
AuthN
authentication (AuthN) is the process of proving that you are who you say you are
AuthZ
authorization (AuthZ) is the act of granting an authenticated party permission to do something
Azure RBAC (role based access control)
built on Azure Resource Manager that provides fine-tuned access management of Azure recourses
Co-management
combines your existing on-premises Configuration Manager investment with the cloud using Intune and other Microsoft 365 cloud services
Azure Compliance Documentation
compliance documentation is grouped geographically and by industry you'll find template audit documents that you can tailor to your or your customers needs https://docs.microsoft.com/en-us/azure/compliance/
Compliance (Microsoft core tenets)
compliance with regulations is critical, and Microsoft aims to ease this task for Azure customers
private cloud
consists of computing resources used exclusively by users from one business or organization. a private cloud can be physically located at your organization's on-site (or on-premises) datacenter, or it can be hosted by a 3rd-party service provider
Online Service Terms (OST) / Product Terms site
contains all the terms and conditions for software and online services through Microsoft Commercial Licensing programs * OST has been archived and updated to Product Terms site
Microsoft Forms Pro
enterprise version of Microsoft Forms.
Microsoft Privacy Statement
explains: - what data Microsoft processes - how Microsoft processes it - for what purpose data is utilized what, how, and why they process data
Cost Impacts
factors that can affect Azure resource costs include resource types, services, locations, ingress (typically free) and egress traffic
Reducing Costs
factors that can reduce costs include reserved instances, reserved capacity, hybrid use benefit, spot pricing
Data Protection Addendum (DPA)
further defines the data processing and security terms for online services including data compliance, disclosure, security, transfer and retention
Deployment rings
groups of devices that are used to pilot new features, before they are deployed to the rest of the organization.
Cloud Adoption Framework
guidance designed to help you create and implement the business and technology strategies to succeed in Azure https://azure.microsoft.com/en-us/cloud-adoption-framework/#overview
+ provides the most flexibility + organizations determine where to run their apps + orgs control security, compliance, or legal requirements Which cloud service is this? public, private, or hybrid
hybrid
azure regions
inside of azure geographies there are regions. a set of datacenters deployed within a latency-defined perimeter and connect through a dedicated regional low-latency network
Pricing Calculator and TCO calculator
interactive calculator, used before you deploy, that allows you to estimate Azure resource costs choose region, instance, tiers, etc. to match functionality and budget needs
capital expenses (CapEx)
is the up-front spending of money on physical infrastructure, and then deducting that up-front expense over time. The up-front cost from CapEx has a value that reduces over time.
If you require frequent updates at a predictable channel, which update channel is best? -current channel -monthly Enterprise channel -semi-annual channel
monthly Enterprise channel
SharePoint workflows
pre-programmed mini-applications that streamline and automate a wide variety of business processes
Resource Locks
prevent other users in your organization from accidentally deleting or modifying critical resources the lock overrides any permissions the user might have
+ hardware must be purchased for start-up and maintenance + organizations have complete control over resources and security + organizations are responsible for hardware and maintenance and updates Which cloud service is this? public, private, or hybrid
private
Service Lifecycle
private preview - open only to companies or invited users. used for evaluation only. public preview - open to the public, but preview limitations apply. not ran in production. general availability (GA) - production use
Which type of cloud deployment model does the organization own the hardware on which the cloud runs? -public -private -hybrid -remote
private. explanation: in this environment, the organization owns the cloud, which is on its premises
Intune certificate connector
processes certificate requests from devices that use certificates for authentication and S/MIME email encryption.
Security (Microsoft core tenets)
protecting the data that's entrusted to Microsoft by using strong encryption and access controls
management groups
provide a level of scope above subscriptions. each directory is given a single top-level management group called the "Root"
+ no capital expenditure to scale up + applications can be quickly provisioned and deprovisioned + organizations are responsible for hardware maintenance and updates Which cloud service is this? public, private, or hybrid
public
Trust Center
where you can learn about the four foundational principles of trust: security, privacy, compliance and transparency https://www.microsoft.com/en-us/trust-center/product-overview