MS-900
Continuity and availability
Data storage redundancy Monitoring data Preventative measures
Yammer
a secure enterprise social network internal to an organization. Yammer enables leaders and coworkers to connect and engage from anywhere to share ideas, co-create culture, align on strategy, and innovate.
Subscription Options
365 Home: for personal and family life 365 Education: Academic licenses for educators 365 Business: small and medium sized organizations. Offers full set of 365 tools 365 Enterprise: for large organizations.
Federation
A common example of federation in practice is when a user logs in to a third-party site with their social media account, such as Twitter. In this scenario, Twitter is an identity provider, and the third-party site might be using a different identity provider, such as Azure AD. There's a TRUST RELATIONSHIP between Azure AD and Twitter
Four pillars of an identity infrastructure
Administration. Administration is about the creation and management/governance of identities for users, devices, and services Authentication. The authentication pillar tells the story of how much an IT system needs to know about an identity to have sufficient proof that they really are who they say they are Authorization. The authorization pillar is about processing the incoming identity data to determine the level of access an authenticated person or service has Auditing. The auditing pillar is about tracking who does what, when, where, and how
identity provider
An identity provider creates, maintains, and manages identity information while offering authentication, authorization, and auditing services identity provider issues a security token to the server for client
Enhanced Cloud App Discovery in Azure Active Directory
Azure Active Directory Premium P1 includes Azure Active Directory Cloud App Discovery at no extra cost
Enterprise Mobility and Security
Azure Active Directory Premium Plan 1 and 2: for identity and access management Azure Information Protection Premium Plan 1 and 2: classify and protect docs and emails Microsoft Intune: for endpoint management Azure Advanced Threat Protection: Identify, detect and investigate threats Microsoft Advanced Threat Analytics: on premises solution to protect and organization's network Microsoft Cloud App Security: visibility and control over data travel to cloud services
Retention Actions
Delete and Allow Recovery Permanently Delete Move to Archive
Reports, Whitepapers, and Artifacts
BCP and DR - Business Continuity and Disaster Recovery Pen Test and Security Assessments Privacy and Data Protection FAQ and Whitepapers
Modern Lifecycle Policy
Customers stay current as per the servicing and system requirements published for the product or service. Stay current means that customers accept and apply all servicing updates for their products and services. Customers must be licensed to use the product or service. Microsoft must currently offer support for the product or service.
What is a Cloud Access Security Broker?
CASBs help organizations protect their environment by providing a wide range of capabilities across the following pillars: Visibility - Discover and control the use of Shadow IT Threat protection - Protect against cyberthreats and anomalies Data security - Protect your sensitive information anywhere in the cloud Compliance - Assess your cloud apps' compliance
Service Trust Portal Categories
Certifications, Regulations, and Standards Reports, Whitepapers, and Artifacts Industry and Regional Resources Resources for your Organization
Compliance Concepts
Data residency - When it comes to compliance, data residency regulations govern the physical locations where data can be stored and how and when it can be transferred, processed, or accessed internationally Data sovereignty - data, particularly personal data, is subject to the laws and regulations of the country/region in which it's physically collected, held, or processed Data privacy - Providing notice and being transparent about the collection, processing, use, and sharing of personal data
Support Types
Community Forms Proactive Support: SARA tool chat and phone support pre-sales support FastTrack: connect with Microsoft engineers to help Premiere Support: onsite support and dedicated Support thru Microsoft Partner
Confidentiality, Integrity, Availability (CIA)
Confidentiality refers to the need to keep confidential sensitive data such as customer information, passwords, or financial data Integrity refers to keeping data or messages correct Availability refers to making data available to those who need it, when they need it
Microsoft's privacy principles
Control Transparency Security Strong legal protections No content-based targeting Benefits to you
Exchange Online
Create a shared mailbox so users can access and send email messages and share a common calendar. Create distribution groups, which are a collection of two or more recipients that appears in the shared address book. When an email is sent to a distribution group, it's received by all members in the group Exchange has built-in anti-spam and anti-malware protection and customizable anti-spam and anti-malware policies. Defender for Office 365 can be enabled for added protection against advanced threats, like phishing, business email compromise, and malware attacks. Defender also provides spoof protection, and mailbox intelligence for all recipients.
Learning Objectives
Describe how Microsoft 365 drives productivity and empowers workers. Describe the differences between Office 365, Microsoft 365, and Windows 365. Describe the Microsoft 365 subscription options. Create a Microsoft 365 trial organization.
Microsoft Defender for Office 365 Plan 2
Everything in Plan 1 plus: Threat Trackers Threat Explorer Automated investigation and response (AIR) Attack Simulator advanced hunting
Priva
Exchange Online SharePoint Online OneDrive for Business Microsoft Teams
Release Types
Feature updates add new functionality and are released twice a year Quality updates provide security and reliability fixes. These updates are issued once a month
feedback on Microsoft 365 services
Feedback In-product experiences Windows Feedback Hub Microsoft Tech Community Microsoft Store UserVoice forums
Industry and Regional Resources
Financial Services Healthcare and Life Sciences Media and Entertainment United States Government Regional Resources
Zero Trust Pillars
Identities. may be users, services, or devices Devices. Monitoring devices for health and compliance is an important aspect of security Applications. This includes discovering all applications being used Data. should be classified, labeled, and encrypted based on its attributes Infrastructure, whether on-premises or cloud based, represents a threat vector Networks. should be segmented, including deeper in-network micro segmentation
Explain service level agreement (SLAs)
Incident A set of events or single event that results in downtime. Uptime The total time your services are functional. Downtime The definition of downtime depends on the relevant service. For example, with Microsoft Teams, any period of time where users are unable to initiate online meetings, see presence statuses, or unable to instant message is considered downtime. Your downtime reduces the total time your services are functional (your uptime). Claim A claim raises information about an incident. Your organization is responsible for submitting a claim on an incident. The organization should provide the details about the experienced downtime, affected users, and how it was attempted to resolve the incident. Microsoft is responsible for processing the claim. Service credit Service credits are submitted by the organization's admin. If the claim is successfully approved by Microsoft, your organization will receive service credits. The service credit will be the percentage of the total monthly fees your organization paid for the month where you experienced downtime. Service level The performance metric(s) set forth in the SLA that Microsoft agrees to meet in the delivery of the Services. Uptime agreement The uptime agreement is defined by the monthly uptime percentage. This percentage is for a given active tenant in a calendar month and the calculation varies depending on the product or service. For example, the calculation could be as follows: 𝑈𝑠𝑒𝑟 𝑀𝑖𝑛𝑢𝑡𝑒𝑠 − 𝐷𝑜𝑤𝑛𝑡𝑖𝑚𝑒 / 𝑈𝑠𝑒𝑟 𝑀𝑖𝑛𝑢𝑡𝑒𝑠 𝑥 100. Monthly uptime percentage Service credit < 99.9% 25% < 99% 50% <95% 100%
Responsibility of Customer
Information and data Devices (mobile and PCs) Accounts and identities
Microsoft Endpoint Manager
Intune - cloud-based mobile device management (MDM) and mobile application management (MAM) provider for your apps and devices Configuration Manager - on-premises management solution to manage desktops, servers, and laptops that are on your network or internet-based Co-Management - combines your existing on-premises Configuration Manager investment with the cloud using Intune and other Microsoft 365 cloud services Desktop Analytics - provides information on security updates, apps, and devices in your organization, and identifies compatibility issues with apps and drivers Autopilot - sets up and pre-configures new devices, getting them ready for use Azure AD - used by Endpoint Manager for identity of devices, users, groups, and multi-factor authentication (MFA). Azure AD Premium, which may be an extra cost, has other features to help protect devices, apps, and data, including dynamic groups, auto-enrollment, and conditional access
Semi Annual Enterprise Channel
It pushes minor updates once a month on the second Tuesday but receives feature updates only twice a year in January and July
Types of Sharepoint Sites
Team Sites - teams sites connect a team with its members to share content and resources Communication Sites - broadcast info to other teams or the entire organization Hub Sites - organize team and communication sites together
Microsoft 365 for home
Microsoft 365 Personal and Microsoft 365 Family. Personal is for a single person with multiple devices and family is for up to six people
Licenses
Microsoft 365 products and services are available as user subscription licenses (USLs) and are licensed on a per-user basis Full USLs - are for new customers who haven't previously purchased Microsoft products and services. Add-on USLs - are for on-premises software customers who want to add Microsoft 365 cloud products and services. From SA USLs - are for on-premises Software Assurance customers that want to transition to the cloud. Step Up USLs - are for customers who want to upgrade the level of their service
Microsoft Defender for Office 365 availability
Microsoft Defender for Office 365 is included in certain subscriptions, such as Microsoft 365 E5, Office 365 E5, Office 365 A5, and Microsoft 365 Business Premium or you can purchase it as an add-on
Billing Account Options
Microsoft Online Services Program. This billing account is created when you sign up for a Microsoft 365 subscription directly Microsoft Products & Services Agreement (MPSA) Program: This billing account is created when your organization signs an MPSA Volume Licensing agreement to purchase software and online services Microsoft Customer Agreement: This billing account is created when your organization works with a Microsoft representative, an authorized partner, or purchases independently
Deployment methods for Windows
Modern deployment methods Dynamic deployment methods Traditional deployment methods
Difference Between 365s
Office 365 evolved from Business Productivity Online Suite (BPOS). Microsoft 365 added on features beyond the core office suite such as Windows, Teams, and other cloud-based security. Windows 365 allows you to create and run PCs remotely thru a cloud PC. Can stream to any device
Shared Responsibility Model
On-Premises - most responsibility for customer IaaS PaaS SaaS - least responsibility but still responsible for employee data, devices, accounts and identities
support options for Microsoft 365
The support option chosen to deal with a particular issue depends on: The tool or service where the issue has arisen. The type of subscription your organization uses. The kind of support your organization needs.
Viva Insights
Personal: Personal wellbeing, Stay connected, Protect time,Daily briefing, Effective meetings Manager: Nudges. Intelligent nudges or reminders help you stay connected with your team Reflective Insights, Action Plans Organizational: Leaders can see how people are protecting personal time, staying connected, managing focus time, and prioritizing manager coaching
Windows 365
Personalized Windows 365 Cloud PCs available across devices. Stream your apps, data, content, and settings from the Microsoft cloud to any device and pick up where you left off. Simple to deploy and manage from a single console. Uses a local profile that is stored directly on the cloud PC. Easily set up and scale Cloud PCs to fit your needs and securely support changing workforce needs and new business scenarios. Native integration across Azure Active Directory, Microsoft Defender, Microsoft 365 applications, and Microsoft Endpoint Manager. Windows 365 is provisioned for you once a license is assigned to you. Dedicated to a single user.
Defense in Depth
Physical - limit access to datacenter Identity - MFA, conditional access Perimeter - DDoS protection Network - network segmentation Compute - closing ports to virtual machines Application - secure apps Data - encrypt data
Collaborative Apps with Teams
Power BI - uses data and graphs Power Apps - create apps for Teams Power Automate - automate tasks Dynamics 365 - provide details of customers before meeting Power Virtual Agents - create chat bots
Intelligent Apps - Connected Experiences
PowerPoint Designer Editor in Word Researcher in Word
Microsoft Priva Solutions
Priva Privacy Risk Management, which provides visibility into your organization's data and policy templates for reducing risks Priva Subject Rights Requests, which provides automation and workflow tools for fulfilling data requests
Type of Clouds
Private Public Hybrid
365 Admin Reports
Productivity score. The score in this report measures the work done in your organization compared to other organizations like yours Usage. View these reports by time period and Microsoft 365 product or service to understand how people in your organization are using the products and services
Work Management
Project: can use Project for the web to plan and manage work that may require dynamic scheduling, subtasks, and/or dependent tasks, regardless of team size Planner: Planner provides a simple and visual way for teams to organize their work Bookings: web-based appointment scheduling and management system To Do: task management app that makes it easy to plan and manage your day and can be integrated with Outlook and Planner
Current Channel
Provides updates as Microsoft releases them
Monthly Enterprise Channel
Release updates on a scheduled monthly basis
Microsoft Defender for Office 365 Plan 1
Safe Attachments Safe Links Safe Attachments for SharePoint, OneDrive, and Microsoft Teams Anti-phishing protection Real-time detections
View the health status of Microsoft 365 services
Select Health under the left navigation pane then Service health. You can also select the service health card on the home dashboard Reported Issues, select Report an issue and complete a short form. Administrators can also view specific details about other service issues, like what kind of impact an issue may be having on the service by selecting Incidents or Advisories
Azure Virtual Desktop
Set up a multi-session Windows Client deployment that delivers a full Windows experience with scalability. Present Microsoft 365 Apps for Enterprise and optimize it to run in multi-user virtual scenarios. Provide Windows 7 virtual desktops with free Extended Security Updates. Bring your existing Remote Desktop Services (RDS) and Windows Server desktops and apps to any computer. Virtualize both desktops and apps. Manage desktops and apps from different Windows and Windows Server operating systems with a unified management experience. Uses FSLogix profile container technology. Dedicated to a single user or used by multiple users.
Teams
Teams can be created to be private to only invited users. Teams can also be public and open to anyone within the organization. A team has a limit of up to 10,000 simultaneous members. Files that you share in a channel (on the Files tab) are stored in SharePoint Types of Meetings: Meetings - audio, video, and screen sharing up to 1,000 people. view only 1-20,000 Webinars - dynamic, hosted presentations or events that audiences remotely attend using a phone, tablet, or computer. Participants up to 1,000 have fully interactive capabilities Live Events - using Microsoft Stream, Microsoft Teams, or Yammer. Host live events with up to 20,000 participants
Microsoft 365 Roadmap
The roadmap also groups the features into three update phases: In development Rolling out Launched Search by product, keyword or feature ID. Filter by product, release phase, cloud instance, platform, or new or updated. Sort by general availability date or newest to oldest. Download the current features in development as a CSV file. View additional information about each update. Use the RSS feed to be notified of feature updates in real-time. Share an entire roadmap page or email a single feature.
Describe Microsoft Defender for Endpoint
Threat and vulnerability management Attack surface reduction Next generation protection Endpoint detection and response Automated investigation and remediation Microsoft Threat Experts Management and APIs
For Office 365
Threat protection policies reports threat investigation and response capabilities Automated investigation and response capabilities
Types of add-ons
Traditional add-ons are linked to a specific subscription. If you cancel the subscription, the linked add-on is also canceled. Standalone add-ons appear as a separate subscription on the Your products page within the Microsoft 365 admin center. They have their own expiration date and are managed the same way you would any other subscription
Keep track of incidents
Unplanned downtime Planned maintenance
Zero Trust Model
Verify explicitly. Always authenticate and authorize based on the available data points Least privileged access. Limit user access with just-in-time and just-enough access Assume breach. Segment access by network, user, devices, and application
Microsoft Viva Modules
Viva Connections - It's a gateway to the employee experience, with personalized news, communications, tasks, people and resources. Employees can get easy access to the tools and resources they need from one place. Viva Insights - help everyone in the organization work smarter and achieve balance.It uses quantitative and qualitative data to empower individuals, managers, and leaders to improve organizational productivity and wellbeing. Viva Topics - The topic page gives you more details, including definitions, relevant people, and resources from across Microsoft 365 and external sources like ServiceNow. It's like Wikipedia for the enterprise where AI does the first draft. Viva Learning - your team can discover, share, recommend, and learn from content libraries provided by both your organization and partners. Home, My Learning, Manage
DaaS Desktop as a Service
WIndows 365 and Azure Virtual Desktop
Deployment rings
a deployment method used to separate devices into a deployment timeline The purpose of the preview ring is to evaluate the new features of the update The purpose of the limited ring is to validate the update on representative devices across the network Broad is for wide deployment
Cloud Solution Provider model
provides a pay-as-you-go subscription model with per-user, per-month pricing that enables your business to scale up or down from month to month as your needs change
Windows 10 Deployment Options
Windows Autopilot: new devices are automatically configured from the cloud In-Place Upgrade: quick and reliable move to Windows 10 for existing devices Subscription Activation: user is upgraded from Windows 10 Pro to Enterprise when they sign in
Servicing channels
Windows Insider Program General Availability Channel Long-term servicing channel
WaaS Windows as a Service
Windows with regular updates
Multiple Devices
You can have Office apps on up to 5 PCs and 5 Tablets depending on plan
anctioning and unsanctioning apps
You can use the cloud app catalog to rate the risk for your cloud apps based on regulatory certifications, industry standards, and best practices
Authorization
after authentication, deciding what permissions they have
Conditional Access
provides real-time visibility and control over access and activities within your cloud apps
Microsoft 365 for frontline workers
designed to empower frontline workers and optimize frontline impact. It has three subscription tiers that include different features: F1, F3, and F5
MFA
enable MFA sign in select additional authentication mode specify secondary authentication reset password
Microsoft 365 Enterprise
enterprise-sized organizations and has four subscription tiers that include different features: Apps for Enterprise, E3, E5, and F3 Your organization can also choose from three Office 365 subscription tiers: E1, E3, and E5
Microsoft 365 Defender
for Identity - use AD to identify and investigate threats for Endpoint - endpoint preventative protection and post breach detection for Cloud Apps - cross-SaaS solution that brings deep visibility, strong data controls, and enhanced threat protection to your cloud apps for Office 365 - against malicious threats posed by email messages, links (URLs), and collaboration tools
Microsoft 365 Education
for educational institutions and has two subscription plans for faculty and students that include different features: A1, A3, and A5
Microsoft 365 Government
for government institutions and has two subscription plans that include different features: G1, G3, and G5
Enterprise Agreements (Volume Licensing)
for organizations that want to license software and cloud services for a minimum three-year period. The Enterprise Agreement offers the best value to organizations with 500 or more users or devices
Microsoft 365 Business
for small to medium-sized organizations that have up to 300 employees. It has four subscription tiers that include different features: Apps for Business, Business Basic, Business Standard, and Business Premium
Priva Subject Rights Requests
individuals (or data subjects) may make requests to review or manage the personal data about themselves that companies have collected
App connectors
integrate Microsoft and non-Microsoft cloud apps with Microsoft Defender for Cloud Apps, extending control and protection
Cloud Discovery
maps and identifies your cloud environment and the cloud apps your organization uses
Authentication
process of proving that a person is who they say they are
Encryption Types
symmetric uses the same key to encrypt and decrypt the data Asymmetric encryption uses a public key and private key pair
Hashing
transforming plaintext of any length into a short code called a hash. Used for passwords For hackers, passwords are often "salted". This refers to adding a fixed-length random value to the input of hash functions to create unique hashes for same input
product or service lifecycle
typically has three phases: Private preview Public preview General availability (GA)
single sign-on (SSO)
user logs in once and that credential is used to access multiple applications or resources. When you set up SSO between multiple identity providers, it's called federation
Hybrid Work
work model that supports remote, on-site, and on-the-go workers