MS-900

Continuity and availability

Data storage redundancy Monitoring data Preventative measures

Yammer

a secure enterprise social network internal to an organization. Yammer enables leaders and coworkers to connect and engage from anywhere to share ideas, co-create culture, align on strategy, and innovate.

Subscription Options

365 Home: for personal and family life 365 Education: Academic licenses for educators 365 Business: small and medium sized organizations. Offers full set of 365 tools 365 Enterprise: for large organizations.

Federation

A common example of federation in practice is when a user logs in to a third-party site with their social media account, such as Twitter. In this scenario, Twitter is an identity provider, and the third-party site might be using a different identity provider, such as Azure AD. There's a TRUST RELATIONSHIP between Azure AD and Twitter

Four pillars of an identity infrastructure

Administration. Administration is about the creation and management/governance of identities for users, devices, and services Authentication. The authentication pillar tells the story of how much an IT system needs to know about an identity to have sufficient proof that they really are who they say they are Authorization. The authorization pillar is about processing the incoming identity data to determine the level of access an authenticated person or service has Auditing. The auditing pillar is about tracking who does what, when, where, and how

identity provider

An identity provider creates, maintains, and manages identity information while offering authentication, authorization, and auditing services identity provider issues a security token to the server for client

Enhanced Cloud App Discovery in Azure Active Directory

Azure Active Directory Premium P1 includes Azure Active Directory Cloud App Discovery at no extra cost

Enterprise Mobility and Security

Azure Active Directory Premium Plan 1 and 2: for identity and access management Azure Information Protection Premium Plan 1 and 2: classify and protect docs and emails Microsoft Intune: for endpoint management Azure Advanced Threat Protection: Identify, detect and investigate threats Microsoft Advanced Threat Analytics: on premises solution to protect and organization's network Microsoft Cloud App Security: visibility and control over data travel to cloud services

Retention Actions

Delete and Allow Recovery Permanently Delete Move to Archive

Reports, Whitepapers, and Artifacts

BCP and DR - Business Continuity and Disaster Recovery Pen Test and Security Assessments Privacy and Data Protection FAQ and Whitepapers

Modern Lifecycle Policy

Customers stay current as per the servicing and system requirements published for the product or service. Stay current means that customers accept and apply all servicing updates for their products and services. Customers must be licensed to use the product or service. Microsoft must currently offer support for the product or service.

What is a Cloud Access Security Broker?

CASBs help organizations protect their environment by providing a wide range of capabilities across the following pillars: Visibility - Discover and control the use of Shadow IT Threat protection - Protect against cyberthreats and anomalies Data security - Protect your sensitive information anywhere in the cloud Compliance - Assess your cloud apps' compliance

Service Trust Portal Categories

Certifications, Regulations, and Standards Reports, Whitepapers, and Artifacts Industry and Regional Resources Resources for your Organization

Compliance Concepts

Data residency - When it comes to compliance, data residency regulations govern the physical locations where data can be stored and how and when it can be transferred, processed, or accessed internationally Data sovereignty - data, particularly personal data, is subject to the laws and regulations of the country/region in which it's physically collected, held, or processed Data privacy - Providing notice and being transparent about the collection, processing, use, and sharing of personal data

Support Types

Community Forms Proactive Support: SARA tool chat and phone support pre-sales support FastTrack: connect with Microsoft engineers to help Premiere Support: onsite support and dedicated Support thru Microsoft Partner

Confidentiality, Integrity, Availability (CIA)

Confidentiality refers to the need to keep confidential sensitive data such as customer information, passwords, or financial data Integrity refers to keeping data or messages correct Availability refers to making data available to those who need it, when they need it

Microsoft's privacy principles

Control Transparency Security Strong legal protections No content-based targeting Benefits to you

Exchange Online

Create a shared mailbox so users can access and send email messages and share a common calendar. Create distribution groups, which are a collection of two or more recipients that appears in the shared address book. When an email is sent to a distribution group, it's received by all members in the group Exchange has built-in anti-spam and anti-malware protection and customizable anti-spam and anti-malware policies. Defender for Office 365 can be enabled for added protection against advanced threats, like phishing, business email compromise, and malware attacks. Defender also provides spoof protection, and mailbox intelligence for all recipients.

Learning Objectives

Describe how Microsoft 365 drives productivity and empowers workers. Describe the differences between Office 365, Microsoft 365, and Windows 365. Describe the Microsoft 365 subscription options. Create a Microsoft 365 trial organization.

Microsoft Defender for Office 365 Plan 2

Everything in Plan 1 plus: Threat Trackers Threat Explorer Automated investigation and response (AIR) Attack Simulator advanced hunting

Priva

Exchange Online SharePoint Online OneDrive for Business Microsoft Teams

Release Types

Feature updates add new functionality and are released twice a year Quality updates provide security and reliability fixes. These updates are issued once a month

feedback on Microsoft 365 services

Feedback In-product experiences Windows Feedback Hub Microsoft Tech Community Microsoft Store UserVoice forums

Industry and Regional Resources

Financial Services Healthcare and Life Sciences Media and Entertainment United States Government Regional Resources

Zero Trust Pillars

Identities. may be users, services, or devices Devices. Monitoring devices for health and compliance is an important aspect of security Applications. This includes discovering all applications being used Data. should be classified, labeled, and encrypted based on its attributes Infrastructure, whether on-premises or cloud based, represents a threat vector Networks. should be segmented, including deeper in-network micro segmentation

Explain service level agreement (SLAs)

Incident A set of events or single event that results in downtime. Uptime The total time your services are functional. Downtime The definition of downtime depends on the relevant service. For example, with Microsoft Teams, any period of time where users are unable to initiate online meetings, see presence statuses, or unable to instant message is considered downtime. Your downtime reduces the total time your services are functional (your uptime). Claim A claim raises information about an incident. Your organization is responsible for submitting a claim on an incident. The organization should provide the details about the experienced downtime, affected users, and how it was attempted to resolve the incident. Microsoft is responsible for processing the claim. Service credit Service credits are submitted by the organization's admin. If the claim is successfully approved by Microsoft, your organization will receive service credits. The service credit will be the percentage of the total monthly fees your organization paid for the month where you experienced downtime. Service level The performance metric(s) set forth in the SLA that Microsoft agrees to meet in the delivery of the Services. Uptime agreement The uptime agreement is defined by the monthly uptime percentage. This percentage is for a given active tenant in a calendar month and the calculation varies depending on the product or service. For example, the calculation could be as follows: 𝑈𝑠𝑒𝑟 𝑀𝑖𝑛𝑢𝑡𝑒𝑠 − 𝐷𝑜𝑤𝑛𝑡𝑖𝑚𝑒 / 𝑈𝑠𝑒𝑟 𝑀𝑖𝑛𝑢𝑡𝑒𝑠 𝑥 100. Monthly uptime percentage Service credit < 99.9% 25% < 99% 50% <95% 100%

Responsibility of Customer

Information and data Devices (mobile and PCs) Accounts and identities

Microsoft Endpoint Manager

Intune - cloud-based mobile device management (MDM) and mobile application management (MAM) provider for your apps and devices Configuration Manager - on-premises management solution to manage desktops, servers, and laptops that are on your network or internet-based Co-Management - combines your existing on-premises Configuration Manager investment with the cloud using Intune and other Microsoft 365 cloud services Desktop Analytics - provides information on security updates, apps, and devices in your organization, and identifies compatibility issues with apps and drivers Autopilot - sets up and pre-configures new devices, getting them ready for use Azure AD - used by Endpoint Manager for identity of devices, users, groups, and multi-factor authentication (MFA). Azure AD Premium, which may be an extra cost, has other features to help protect devices, apps, and data, including dynamic groups, auto-enrollment, and conditional access

Semi Annual Enterprise Channel

It pushes minor updates once a month on the second Tuesday but receives feature updates only twice a year in January and July

Types of Sharepoint Sites

Team Sites - teams sites connect a team with its members to share content and resources Communication Sites - broadcast info to other teams or the entire organization Hub Sites - organize team and communication sites together

Microsoft 365 for home

Microsoft 365 Personal and Microsoft 365 Family. Personal is for a single person with multiple devices and family is for up to six people

Licenses

Microsoft 365 products and services are available as user subscription licenses (USLs) and are licensed on a per-user basis Full USLs - are for new customers who haven't previously purchased Microsoft products and services. Add-on USLs - are for on-premises software customers who want to add Microsoft 365 cloud products and services. From SA USLs - are for on-premises Software Assurance customers that want to transition to the cloud. Step Up USLs - are for customers who want to upgrade the level of their service

Microsoft Defender for Office 365 availability

Microsoft Defender for Office 365 is included in certain subscriptions, such as Microsoft 365 E5, Office 365 E5, Office 365 A5, and Microsoft 365 Business Premium or you can purchase it as an add-on

Billing Account Options

Microsoft Online Services Program. This billing account is created when you sign up for a Microsoft 365 subscription directly Microsoft Products & Services Agreement (MPSA) Program: This billing account is created when your organization signs an MPSA Volume Licensing agreement to purchase software and online services Microsoft Customer Agreement: This billing account is created when your organization works with a Microsoft representative, an authorized partner, or purchases independently

Deployment methods for Windows

Modern deployment methods Dynamic deployment methods Traditional deployment methods

Difference Between 365s

Office 365 evolved from Business Productivity Online Suite (BPOS). Microsoft 365 added on features beyond the core office suite such as Windows, Teams, and other cloud-based security. Windows 365 allows you to create and run PCs remotely thru a cloud PC. Can stream to any device

Shared Responsibility Model

On-Premises - most responsibility for customer IaaS PaaS SaaS - least responsibility but still responsible for employee data, devices, accounts and identities

support options for Microsoft 365

The support option chosen to deal with a particular issue depends on: The tool or service where the issue has arisen. The type of subscription your organization uses. The kind of support your organization needs.

Viva Insights

Personal: Personal wellbeing, Stay connected, Protect time,Daily briefing, Effective meetings Manager: Nudges. Intelligent nudges or reminders help you stay connected with your team Reflective Insights, Action Plans Organizational: Leaders can see how people are protecting personal time, staying connected, managing focus time, and prioritizing manager coaching

Windows 365

Personalized Windows 365 Cloud PCs available across devices. Stream your apps, data, content, and settings from the Microsoft cloud to any device and pick up where you left off. Simple to deploy and manage from a single console. Uses a local profile that is stored directly on the cloud PC. Easily set up and scale Cloud PCs to fit your needs and securely support changing workforce needs and new business scenarios. Native integration across Azure Active Directory, Microsoft Defender, Microsoft 365 applications, and Microsoft Endpoint Manager. Windows 365 is provisioned for you once a license is assigned to you. Dedicated to a single user.

Defense in Depth

Physical - limit access to datacenter Identity - MFA, conditional access Perimeter - DDoS protection Network - network segmentation Compute - closing ports to virtual machines Application - secure apps Data - encrypt data

Collaborative Apps with Teams

Power BI - uses data and graphs Power Apps - create apps for Teams Power Automate - automate tasks Dynamics 365 - provide details of customers before meeting Power Virtual Agents - create chat bots

Intelligent Apps - Connected Experiences

PowerPoint Designer Editor in Word Researcher in Word

Microsoft Priva Solutions

Priva Privacy Risk Management, which provides visibility into your organization's data and policy templates for reducing risks Priva Subject Rights Requests, which provides automation and workflow tools for fulfilling data requests

Type of Clouds

Private Public Hybrid

365 Admin Reports

Productivity score. The score in this report measures the work done in your organization compared to other organizations like yours Usage. View these reports by time period and Microsoft 365 product or service to understand how people in your organization are using the products and services

Work Management

Project: can use Project for the web to plan and manage work that may require dynamic scheduling, subtasks, and/or dependent tasks, regardless of team size Planner: Planner provides a simple and visual way for teams to organize their work Bookings: web-based appointment scheduling and management system To Do: task management app that makes it easy to plan and manage your day and can be integrated with Outlook and Planner

Current Channel

Provides updates as Microsoft releases them

Monthly Enterprise Channel

Release updates on a scheduled monthly basis

Microsoft Defender for Office 365 Plan 1

Safe Attachments Safe Links Safe Attachments for SharePoint, OneDrive, and Microsoft Teams Anti-phishing protection Real-time detections

View the health status of Microsoft 365 services

Select Health under the left navigation pane then Service health. You can also select the service health card on the home dashboard Reported Issues, select Report an issue and complete a short form. Administrators can also view specific details about other service issues, like what kind of impact an issue may be having on the service by selecting Incidents or Advisories

Azure Virtual Desktop

Set up a multi-session Windows Client deployment that delivers a full Windows experience with scalability. Present Microsoft 365 Apps for Enterprise and optimize it to run in multi-user virtual scenarios. Provide Windows 7 virtual desktops with free Extended Security Updates. Bring your existing Remote Desktop Services (RDS) and Windows Server desktops and apps to any computer. Virtualize both desktops and apps. Manage desktops and apps from different Windows and Windows Server operating systems with a unified management experience. Uses FSLogix profile container technology. Dedicated to a single user or used by multiple users.

Teams

Teams can be created to be private to only invited users. Teams can also be public and open to anyone within the organization. A team has a limit of up to 10,000 simultaneous members. Files that you share in a channel (on the Files tab) are stored in SharePoint Types of Meetings: Meetings - audio, video, and screen sharing up to 1,000 people. view only 1-20,000 Webinars - dynamic, hosted presentations or events that audiences remotely attend using a phone, tablet, or computer. Participants up to 1,000 have fully interactive capabilities Live Events - using Microsoft Stream, Microsoft Teams, or Yammer. Host live events with up to 20,000 participants

Microsoft 365 Roadmap

The roadmap also groups the features into three update phases: In development Rolling out Launched Search by product, keyword or feature ID. Filter by product, release phase, cloud instance, platform, or new or updated. Sort by general availability date or newest to oldest. Download the current features in development as a CSV file. View additional information about each update. Use the RSS feed to be notified of feature updates in real-time. Share an entire roadmap page or email a single feature.

Describe Microsoft Defender for Endpoint

Threat and vulnerability management Attack surface reduction Next generation protection Endpoint detection and response Automated investigation and remediation Microsoft Threat Experts Management and APIs

For Office 365

Threat protection policies reports threat investigation and response capabilities Automated investigation and response capabilities

Types of add-ons

Traditional add-ons are linked to a specific subscription. If you cancel the subscription, the linked add-on is also canceled. Standalone add-ons appear as a separate subscription on the Your products page within the Microsoft 365 admin center. They have their own expiration date and are managed the same way you would any other subscription

Keep track of incidents

Unplanned downtime Planned maintenance

Zero Trust Model

Verify explicitly. Always authenticate and authorize based on the available data points Least privileged access. Limit user access with just-in-time and just-enough access Assume breach. Segment access by network, user, devices, and application

Microsoft Viva Modules

Viva Connections - It's a gateway to the employee experience, with personalized news, communications, tasks, people and resources. Employees can get easy access to the tools and resources they need from one place. Viva Insights - help everyone in the organization work smarter and achieve balance.It uses quantitative and qualitative data to empower individuals, managers, and leaders to improve organizational productivity and wellbeing. Viva Topics - The topic page gives you more details, including definitions, relevant people, and resources from across Microsoft 365 and external sources like ServiceNow. It's like Wikipedia for the enterprise where AI does the first draft. Viva Learning - your team can discover, share, recommend, and learn from content libraries provided by both your organization and partners. Home, My Learning, Manage

DaaS Desktop as a Service

WIndows 365 and Azure Virtual Desktop

Deployment rings

a deployment method used to separate devices into a deployment timeline The purpose of the preview ring is to evaluate the new features of the update The purpose of the limited ring is to validate the update on representative devices across the network Broad is for wide deployment

Cloud Solution Provider model

provides a pay-as-you-go subscription model with per-user, per-month pricing that enables your business to scale up or down from month to month as your needs change

Windows 10 Deployment Options

Windows Autopilot: new devices are automatically configured from the cloud In-Place Upgrade: quick and reliable move to Windows 10 for existing devices Subscription Activation: user is upgraded from Windows 10 Pro to Enterprise when they sign in

Servicing channels

Windows Insider Program General Availability Channel Long-term servicing channel

WaaS Windows as a Service

Windows with regular updates

Multiple Devices

You can have Office apps on up to 5 PCs and 5 Tablets depending on plan

anctioning and unsanctioning apps

You can use the cloud app catalog to rate the risk for your cloud apps based on regulatory certifications, industry standards, and best practices

Authorization

after authentication, deciding what permissions they have

Conditional Access

provides real-time visibility and control over access and activities within your cloud apps

Microsoft 365 for frontline workers

designed to empower frontline workers and optimize frontline impact. It has three subscription tiers that include different features: F1, F3, and F5

MFA

enable MFA sign in select additional authentication mode specify secondary authentication reset password

Microsoft 365 Enterprise

enterprise-sized organizations and has four subscription tiers that include different features: Apps for Enterprise, E3, E5, and F3 Your organization can also choose from three Office 365 subscription tiers: E1, E3, and E5

Microsoft 365 Defender

for Identity - use AD to identify and investigate threats for Endpoint - endpoint preventative protection and post breach detection for Cloud Apps - cross-SaaS solution that brings deep visibility, strong data controls, and enhanced threat protection to your cloud apps for Office 365 - against malicious threats posed by email messages, links (URLs), and collaboration tools

Microsoft 365 Education

for educational institutions and has two subscription plans for faculty and students that include different features: A1, A3, and A5

Microsoft 365 Government

for government institutions and has two subscription plans that include different features: G1, G3, and G5

Enterprise Agreements (Volume Licensing)

for organizations that want to license software and cloud services for a minimum three-year period. The Enterprise Agreement offers the best value to organizations with 500 or more users or devices

Microsoft 365 Business

for small to medium-sized organizations that have up to 300 employees. It has four subscription tiers that include different features: Apps for Business, Business Basic, Business Standard, and Business Premium

Priva Subject Rights Requests

individuals (or data subjects) may make requests to review or manage the personal data about themselves that companies have collected

App connectors

integrate Microsoft and non-Microsoft cloud apps with Microsoft Defender for Cloud Apps, extending control and protection

Cloud Discovery

maps and identifies your cloud environment and the cloud apps your organization uses

Authentication

process of proving that a person is who they say they are

Encryption Types

symmetric uses the same key to encrypt and decrypt the data Asymmetric encryption uses a public key and private key pair

Hashing

transforming plaintext of any length into a short code called a hash. Used for passwords For hackers, passwords are often "salted". This refers to adding a fixed-length random value to the input of hash functions to create unique hashes for same input

product or service lifecycle

typically has three phases: Private preview Public preview General availability (GA)

single sign-on (SSO)

user logs in once and that credential is used to access multiple applications or resources. When you set up SSO between multiple identity providers, it's called federation

Hybrid Work

work model that supports remote, on-site, and on-the-go workers