20347A - Enabling and Managing Office 365: Lab Steps For XTREMELABS

1-1
20347A – Enabling and Managing

Office 365
Lab Steps for XTREMELABS

This document supersedes the Lab Step documentation provided in the standard 20347A Digital
MOC distribution when the class is using Microsoft Labs Online for student lab access.
When XTREMELABS is being used to teach this class, students should refer to the Skillpipe reader
only for general course material in each module. When performing the required lab steps students
should use this document and not the steps described in the Skillpipe module documentation.
The XTREMELABS implementation of labs for this course uses pre-created Lab VMs which are
hosted on the XTREMELABS platform. Doing so ensures a much more efficient lab experience
during the course and allows students to focus on the core content without learning about Azure
internals.
Note that this XTREMELABS hosted Lab implementation differs from the standard XTREMELABS
Lab environment, in that the lab sessions runs for 5 contiguous days and each lab section is
cumulative, building on the previous steps. Students and instructors should review the “Notes
about XTREMELABS Hosted 20347A Labs” section before starting the lab environment.
NOTE: If you wish to review the detailed lab steps, click this
Lab Answer Key Document link.
Contents
General Differences with 20347A XTREMELABS ......................................................................................... 4
Module 1 – Planning and provisioning Office 365 .......................................................................................... 6
Lab: Provisioning Office 365 .......................................................................................................................... 6
Exercise 1: Configuring an Office 365 Tenant ...................................................................................... 7
Exercise 2: Configuring a custom domain ............................................................................................. 8
Exercise 3: Exploring the Office 365 administrator interfaces............................................................... 9
Module Review and Takeaways .................................................................................................................. 10
Module 2 - Managing Users, Groups, and Licenses .................................................................................... 12
Lab A: Managing Office 365 users and passwords ..................................................................................... 12
Exercise 1: Managing Office 365 users and licenses by using the Office 365 admin center .............. 12
Exercise 2: Manage Security and Distribution Groups........................................................................ 15

Lab B: Managing Office 365 groups and administration .............................................................................. 16
Exercise 1: Managing Office 365 Groups ........................................................................................... 17
Exercise 2: Managing Office 365 users and groups by using Windows PowerShell .......................... 18
1-2 Preparing for Office 365
Exercise 3: Configuring delegated administrators............................................................................... 21
Module 3 - Configuring client connectivity to Microsoft Office 365 ............................................................... 24
Lab: Configuring client connectivity to Office 365 ........................................................................................ 25

Exercise 1: Configuring DNS records for Office 365 clients................................................................ 25
Exercise 2: Running the Office 365 connectivity analyzer tools.......................................................... 27
Exercise 3: Connecting Office 2016 clients......................................................................................... 29

Module 4 - Planning and configuring directory synchronization ................................................................... 30
Lab: Configuring directory synchronization .................................................................................................. 30
Exercise 1: Preparing for directory synchronization ............................................................................ 31
Exercise 2: Configuring directory synchronization .............................................................................. 33

Exercise 3: Managing Active Directory users and groups ................................................................... 35
Module 5 - Planning and deploying Office 365 ProPlus ............................................................................... 38

Lab: Managing Office 365 ProPlus installations .......................................................................................... 38
Exercise 1: Preparing an Office 365 ProPlus managed installation .................................................... 39
Exercise 2: Managing user-driven Office 365 ProPlus installations .................................................... 40
Exercise 3: Managing centralized Office 365 ProPlus installations .................................................... 42

Module 6 - Planning and managing Exchange Online recipients and permissions ...................................... 44
Lab: Managing Exchange Online recipients and permissions ..................................................................... 44
Exercise 1: Configuring Exchange Online recipients .......................................................................... 45

Exercise 2: Configuring delegated administration ............................................................................... 47
Module 7 – Planning and configuring Exchange Online services ................................................................ 50
Lab A: Configuring message transport in Exchange Online ........................................................................ 50
Exercise 1: Configuring message-transport settings........................................................................... 51
Lab B: Configuring email protection and client policies ............................................................................... 53
Exercise 1: Configuring email protection............................................................................................. 54
Exercise 2: Configuring client access policies .................................................................................... 55
Module 8 - Planning and deploying Skype for Business Online ................................................................... 58
Lab: Configuring Skype for Business Online ............................................................................................... 58

Exercise 1: Configuring Skype for Business Online organization settings .......................................... 59
Exercise 2: Configuring Skype for Business Online user settings ...................................................... 60
Exercise 3: Configuring a Skype Meeting Broadcast .......................................................................... 61

Enabling and Managing Office 365™ 1-3
Module 9 - Planning for and configuring SharePoint Online ........................................................................ 64
Lab: Configuring SharePoint Online ............................................................................................................ 64
Exercise 1: Configuring SharePoint Online settings ........................................................................... 64

Exercise 2: Creating and configuring SharePoint Online site collections............................................ 65
Exercise 3: Configuring and verifying external user sharing ............................................................... 67

Module 10 - Planning and configuring an Office 365 collaboration solution ................................................. 69
Lab: Planning and configuring an Office 365 collaboration solution ............................................................ 69
Exercise 1: Configuring Yammer Enterprise ....................................................................................... 69
Exercise 2: Configuring OneDrive for Business .................................................................................. 71
Exercise 3: Configuring Office 365 groups .......................................................................................... 72

Module 11 - Planning and configuring Rights Management and compliance .............................................. 75
Lab: Configuring Rights Management and compliance ............................................................................... 75

Exercise 1: Configuring Rights Management in Office 365................................................................. 75
Exercise 2: Configuring compliance features ...................................................................................... 77
Module 12 - Monitoring and troubleshooting Microsoft Office 365 ............................................................... 82

Exercise 1: Monitoring Office 365 ....................................................................................................... 82
Exercise 2: Monitoring service health and analyzing reports .............................................................. 84

Module 13 - Planning and configuring identity federation ............................................................................ 86
Lab: Planning and configuring identity federation ........................................................................................ 86
Objectives ........................................................................................................................................... 86
Exercise 1: Deploying Active Directory Federation Services (AD FS) and Web Application Proxy .... 86
Exercise 2: Configuring federation with Microsoft Office 365 .............................................................. 88
Course Evaluation ........................................................................................................................................ 89

Notes about XTREMELABS Hosted

20347A Labs
The Microsoft Labs Online (XTREMELABS) implementation for course 20347AC differs from the standard
XTREMELABS experience. The Virtual Machines which each student and instructor uses are hosted on the
XTREMELABS platform with a unique pre-built environment created specifically for that user. Before using
the lab environment to complete the steps in this manual, all users should review the following notes which
describe the difference between this and other XTREMELABS environments.
General Differences with 20347A XTREMELABS

 User attachment to Lab Instance - once a user has launched their 20347A lab instance they are
automatically attached to it for 5 days.
o For the duration of the class (5 days) the user may not launch any other courses under that user ID.
o Once attached, when logging into the XTREMELABS platform the user will be taken directly to their
running 20347A instance.
o At the conclusion of the class 5 days after class start the 20347A lab instance will be closed and the
user may launch any other course labs to which they have access, but not the 20347A class.
 No “End Lab” Option” - There is no “End Lab” option for the 20347A XTREMELABS user interface.
o To prevent users from accidentally tearing down their working and partially configured 20347A
environments the web UI does not contain the “End Lab” option.
o All student tenants will normally be torn down automatically 5 days after the lab is launched.
o Each student’s environment will continue to run during the 5 days to ensure that VMs are always
available and connectivity with O365 is maintained.
 Use this Manual for all Lab Steps - This is a specific version of the student Lab Steps which must be
used with this XTREMELABS hosted implementation.
o Users should not follow the lab steps in the standard DMOC course content as they do not match
this lab environment.
o This specific version can be downloaded from the Lab View page of the XTREMELABS 20347A.
o This manual is based on the standard 20347A lab manual set, but many steps have been removed
or modified as they are no longer required in this implementation.
 Firefox Browser Not Recommended - We do not recommend using Firefox browser to access this
course XTREMELABS lab environment.
o A bug in the FireFox HTML5 implementation causes some keyboard characters to be dropped.
o Specifically, such important characters such as hyphen and colon (- and :) may not be accessible.
o We therefore recommend students and instructors using Internet Explorer, Chrome or Safari as
these are fully tested and known to be working.
 Unique User Session Numbers
o Once a user has connected to their 20347A XTREMELABS Lab Instance, they are presented with
the Lab View web page.
o On that page each lab user is provided with a unique IP address and two globally unique names
used during the labs.
o These are presented in top right of the lab View UI, above the VM “tiles.”
o The names and IP addresses are unique to

each lab user and are used to publish
specific endpoints on the Internet. They
o must be typed exactly as written.
o These names are used at many points
throughout all modules of the course. The
IP address is used in only two modules.
 Domain Name Formats – The steps use two different unique domain names during the Lab Steps, as
follows (using the example unique names based on AVBYY8 from the graphic above):
Used in
Names Typical Format as typed
Modules
O365 Domain AdatumAVBYY8.onmicrosoft.com All
UPN AVBYY8a.xtremelabs.us All
Lab environment virtual machines:

 LON-CL1 is a Windows 10 client computer that is a member of the Adatum.com domain.
 LON-CL2 is a standalone Windows 10 client computer.
 LON-CL3 and LON-CL4 are Windows 10 client computers that are part of the Adatum.com domain.
 LON-DC1 is the domain controller and DNS for Adatum.com domain.
 LON-DS1 is a Windows Server 2012R2 that is a member of the Adatum.com domain
 LON-WAP1 is a standalone Windows Server 2012R2 server.
Domain names:
 Adatum.com is the Adatum Corporation 's internal private domain name.
 AdatumAVXXXX.onmicrosoft.com is the temporary Office 365 domain assigned to Adatum Corporation
at the start of the pilot project. This identifier is unique to your session and is displayed in your Lab View
web page.
Module 1 – Planning and provisioning

Office 365
Lab: Provisioning Office 365
Scenario
A. Datum Corporation is considering moving some of the core on-premises services such as Exchange
Server, Skype for Business Server, and SharePoint Server to Office 365. The project steering committee
needs to ensure that Office 365 can provide the required functionality, and accommodate the corporate
security and compliance requirements. To get started, A. Datum has decided to begin a pilot deployment of
Office 365 for a group of users in the London office.
As one of the most experienced IT admins at A. Datum, you are responsible for implementing the pilot
project. To start, you need to configure the Office 365 tenant, and then configure the custom domain that
your organization uses. You also need to ensure that you are comfortable with the Office 365 administrator
interfaces.
Objectives
By the end of this lab, you will be able to:
 Configure an Office 365 tenant.
 Configure a custom domain.
 Explore the Office 365 administrator interfaces.
Lab Setup
Estimated Time: 75 minutes
Virtual machines: 20347A-LON-DC1 and 20347A-LON-CL1

User name: Holly
Password: Pa$$w0rd
This course uses the new Office 365 admin center for all labs. If you are connected to the previous Office
365 admin center when you connect to Office 365, click the banner at the top of the page to connect to the
new admin center.
In all tasks:
 In references to AdatumAVXXXX.onmicrosoft.com, replace AVXXXX with your unique Office 365
name displayed in the online lab portal.
 In references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN name
displayed in the online lab portal.
This lab requires the following virtual machines: (use only the VMs required for your lab)
 LON-DC1
o Sign in as Adatum\Administrator using the password Pa$$w0rd
 LON-CL1
o Sign in as Adatum\Holly using the password Pa$$w0rd
Exercise 1: Configuring an Office 365 Tenant

Scenario
The first step in starting the pilot deployment is to configure the Office 365 tenant. You need to create a new
tenant using the AdatumAVXXXX.onmicrosoft.com domain name.
Note: For simplicity, this lab uses an ordinary Office 365 trial account, not a FastTrack pilot
extended tenant account. Also note that you need to create an account with a unique name in
the form: AdatumAVXXXX.onmicrosoft.com. You can use the alphanumeric value for AVXXXX
provided for you in the lab interface.
The main tasks for this exercise are as follows:

 Create the tenant account.
 Verify Office 365 service health.
 Task 1: Create the tenant account

1. On LON-CL1, logged on as Adatum\Holly, open Microsoft Edge, and go to the following URL:
https://products.office.com/en-us/business/office-365-enterprise-e3-business-software
2. Click Free trial.

3. For Step 1, in the Welcome, let’s get to know you page, complete the following fields. Regardless of
your location, use the following information:
o Country: United Kingdom

o First name: Holly
o Last name: Dickson
o Business email address: (use your new Microsoft account that you created for this course)
o Business phone number: Your mobile phone number, including international code for your
current country
o Company name: A. Datum

o Organization size: 50-249 people
4. Click Next.
5. For Step 2, you have to create a unique domain for the Company name to use in the course. Use the
AVXXXX name provided in the lab interface. For the rest of the fields, use the following information:
6. User name: Holly
7. Company name: AdatumAVXXXX (where AVXXXX is your unique Adatum number)

8. Password: Pa$$w0rd
9. Confirm password: Pa$$w0rd
10. Click Next.

11. For Step 3, you have to confirm your identity by using your mobile phone. Under Prove. You’re Not. A.
Robot., from the drop-down box, select the code for the country that you are now in.
12. In the Phone number box, enter your correct mobile phone number.
13. Ensure that the Text me option is selected, and then click Text me.
14. When you receive the confirmation text on your mobile phone, enter the code provided in the Enter your
verification code box. Click Create my account.
15. Wait until the Office 365 tenant is provisioned, and then click You’re ready to go…
16. Click the Admin tile to go to the Office 365 admin center.
17. On the update your admin contact info page, provide your phone number and Microsoft account email
address to verify your account.
Note: If you are connected to the previous Office 365 admin center when you connect to Office 365,
click the banner at the top of the page to connect to the new admin center.
18. If a Manage Office 365 on the go page appears, close the page.
 Task 2: Verify Office 365 service health

1. Use Health on the left-hand menu to display the Service health dashboard.
2. Review any service interruption records or additional information in the status page.
Note: During Microsoft testing, on rare occasions Office 365 did not create the trial tenant
properly; as a result, the tenant did not have all the services available to it. If this happens to you,
you should create a new trial tenant using a different business email (Microsoft account).
3. Close Microsoft Edge.
4. If prompted, click Close all tabs.
Results: After completing this exercise, you should have successfully provisioned the Office 365 tenant
account for A. Datum Corporation.
Exercise 2: Configuring a custom domain

Scenario
Now that you have configured the Office 365 tenant, the next step is to configure the custom domain that you
will use for the pilot deployment. You need to create a custom domain using the AVXXXXa.xtremelabs.us
address, and verify the ownership for the group.

 Add the custom domain.
 Complete the custom domain setup.
 Task 1: Add the custom domain

1. In LON-CL1, start Microsoft Edge and then browse to login.microsoftonline.com.
2. Sign in as Holly@AdatumAVXXXX.onmicrosoft.com with the password Pa$$w0rd.
3. Click Admin.
4. In the left-hand navigation, select Settings, select Domains, then select Add domain to start the
domain setup wizard.
5. In the text box on the Which domain do you want to use? page, enter your domain name in the form
of AVXXXXa.xtremelabs.us.
6. Click Next.
7. Use a TXT record to verify you own this domain.
8. Write down the TXT record shown in the TXT value column. This entry will be similar to
MS=msXXXXXXXX. Record this value below:
9. MS=_______________________
10. Switch to LON-DC1.
11. In DNS Manager, create a new forward lookup zone called AVXXXXa.xtremelabs.us
12. Right-click AVXXXXa.xtremelabs.us, and click Other New Records.
13. Under Select a resource record type, scroll down to Text (TXT), and click Create Record.
14. In the New Resource Record box, leave the Record name field blank.
15. In the Text field, enter MS=msXXXXXXXX that you recorded in step 8.
16. Click OK to create the record.
17. In the Resource Record type dialog box, click Done.
18. Switch back to LON-CL1 and in the Office 365 admin center, click Verify.
 Task 2: Complete the custom domain setup

1. Complete the domain setup wizard, reviewing the DNS records that you need to create for the custom
domain.
2. Select the option to skip the configuration of DNS records now. You will configure these in later labs.
Results: After completing this exercise, you should have added a custom domain and verified domain
ownership.
Exercise 3: Exploring the Office 365 administrator interfaces

Scenario
To familiarize yourself with the Office 365 administrator portals, and to get familiar with the default Office
365 configuration, you need to explore the Office 365 administrator interfaces.

 Explore the Office 365 admin center.
 Explore the Exchange admin center.
 Explore the Skype for Business admin center.
 Explore the SharePoint admin center.
 Task 1: Explore the Office 365 admin center

1. In LON-CL1, in the Admin center, click Home.
2. On the left navigation menu, scroll down to explore all available items.
3. On the left navigation menu, review the users list.
4. On the left navigation menu, in Message center, review the messages.

5. Do not close the browser window.
 Task 2: Explore the Exchange admin center

1. On the left navigation menu, expand Admin centers, and then click Exchange.
2. A new tab will open displaying Exchange admin center.
3. On the left navigation menu, click each of the items, and review the results displayed on the right pane.
 Task 3: Explore the Skype for Business admin center

1. Click the portal.office.com tab.
2. On the left navigation menu, under Admin centers, click Skype for Business.
3. A new tab will open displaying Skype for Business admin center.
4. On the left navigation menu, click each of the items, and review the results displayed on the right pane.
 Task 4: Explore the SharePoint admin center

5. Click the portal.office.com tab.
6. On the left navigation menu, click Admin centers, and then click SharePoint.
7. A new tab will open displaying SharePoint admin center.
8. On the left navigation menu, click each of the items, and review the results displayed in the right pane.
Results: After completing this exercise, you should have provided a high-level overview of administrative
portals of Office 365.
 To prepare for the next module

Keep the virtual machines running for the lab in the next module.
Module Review and Takeaways

Having completed this module, you can now describe the features and benefits of Office 365, provision
new tenant accounts, and plan a pilot deployment of Office 365.
Best Practices
Best practices for this stage of the Office 365 deployment process are:
 Ensure that you understand the organization’s need for Office 365.
 Identify any in-house services that are not going to transition to Office 365.
 Recruit the right people to be pilot users.
Check that you have suitable infrastructure to support a connection to Office 365.
Review Question
Question: If you are selected to lead the Pilot at A. Datum Corporation, what personal qualities,
skills, and experience would you need to demonstrate to maximize the probability of the
organization moving to Office 365?
Module 2 - Managing Users, Groups,

and Licenses
Lab A: Managing Office 365 users and passwords
Scenario
After configuring an Office 365 tenant and preparing it for pilot deployment, you are now ready to start
creating user and group accounts in Office 365. You and your team need to be familiar with how to configure
these accounts by using the Office 365 admin center because this will be your primary tool for managing the
environment after the deployment is fully functional. Additionally, you need to make sure that the password
policy for Office 365 users matches the password policy for on-premises users.
Objectives
After completing this lab, you will be able to:
 Manage Office 365 users and licenses by using the Office 365 admin center.
 Manage Office 365 password policies.
Lab Setup
Virtual machine: 20347A-LON-DC1, 20347A-LON-CL1
User name: Adatum\Administrator for LON-DC1 and Adatum\Holly for LON-CL1
Password: Pa$$w0rd
In all tasks:
name that displays on the online lab portal.
 In references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN Name
displayed on the online lab portal.
This lab requires the following virtual machines:

 LON-DC1:
o Sign in as Adatum\Administrator with the password Pa$$w0rd.
 LON-CL1:
o Sign in as Adatum\Holly with the password Pa$$w0rd.
Exercise 1: Managing Office 365 users and licenses by using the Office 365
admin center
Scenario
The Office 365 tenant for A. Datum is now configured, and you need to start creating Office 365 users and
then managing the user licenses.

 Create Office 365 users.

 Edit Office 365 users.
 Verifying user settings.
 Task 1: Create Office 365 users

1. On LON-CL1, verify that you signed in as Adatum\Holly.
2. On LON-CL1, open Microsoft Edge, and then browse to https://portal.office.com/.
3. Sign in as Holly@AdatumAVXXXX.onmicrosoft.com, where AVXXXX is your unique Adatum number,
with the password Pa$$w0rd.
4. In the Office 365 admin center, create a new Lindsey Gates user account with user name Lindsey.
5. On the Create new user account results page, view the temporary password, and then note the
temporary password here: ____________
6. Repeat steps 4 and 5 to create the following users:
o Christie Thomas
o Amy Santiago
o Sallie McIntosh
o Francisco Chaves
7. Note their temporary passwords here:
o Christie Thomas _____________
o Amy Santiago _______________
o Sallie McIntosh _____________
o Francisco Chaves ___________
 Task 2: Editing Office 365 Users

1. In the Office 365 admin center, in the Active Users list, select user Francisco Chaves, and then
change his Department attribute to Accounts.
2. In the Set sign-in status section, select Blocked.
3. In the Active Users list, under Display name, click Francisco Chaves.
4. Verify that the Department box displays Accounts.
5. Verify that Sign-in status is set to Blocked.
6. In the Active Users list, select Lindsey Gates, and then delete the user.
7. Under Users, click Deleted Users.
8. Verify that Lindsey Gates is in this list.
9. In the Deleted Users list, select the Lindsey Gates check box.
10. On the toolbar, click Restore. Note the new temporary password for the user.
11. Click Close.
12. Click Active Users.
13. Verify that Lindsey Gates is in this list.
14. Close Microsoft Edge
 Task 3: Verify user settings

1. On LON-CL1, open Microsoft Edge, and then browse to https://login.microsoftonline.com/.
2. Sign in as Lindsey@AVXXXXa.xtremelabs.us, where AVXXXXa is your unique Adatum number, with

the temporary password that you noted in the previous task.
3. If prompted, update Lindsey’s password to Pa$$w0rd.
4. If prompted, enter your new password again, and then click Sign in.
5. If you were not prompted to change your password at sign in, access the Office 365 settings page and
reset Lindsey’s password to Pa$$w0rd.
6. Verify that you can access the Office 365 portal home page.
7. Close and reopen Microsoft Edge, and then browse to https://login.microsoftonline.com/.
8. Sign in as Francisco@AVXXXXa.xtremelabs.us, where AVXXXXa is your unique Adatum number, with
the temporary password that you noted in the previous task. Update the password for Francisco to
Pa$$w0rd.
9. Verify that you cannot sign in and that the message states that your account has been blocked.
11. Open Microsoft Edge, and then browse to https://login.microsoftonline.com/.
12. Sign in as holly@AdatumAVXXXX.onmicrosoft.com, where AVXXXX is your unique Adatum number,
13. In the Office 365 admin center, edit the user account for Francisco Chaves by configuring the Sign-in
status section to Allowed.
14. Sign out of Office 365.
16. Sign in as Francisco@AVXXXXa.xtremelabs.us, where AVXXXXa is your unique Adatum number and
using the temporary password.
17. Update the password for Francisco to Pa$$w0rd.
18. Verify that you can access the Office 365 portal.
Results: After completing this exercise, you should have created and managed user accounts and
licenses according to business needs.
Exercise 2: Manage Security and Distribution Groups

Scenario
Your organization has configured a password policy for on-premises users that requires a complex
password, and it requires users to change their passwords every 60 days. You need to ensure that the
password policy for the pilot users on Office 365 matches the policy for on-premises users, and you need to
report any settings that you cannot configure to match.

 Configure the Office 365 password policy.
 Validate the password policy.
 Task 1: Configure the Office 365 password policy

2. Sign in as Holly@AdatumAVXXXX.onmicrosoft.com with the password Pa$$w0rd.
3. In the Office 365 admin center, set the password expiration policy to 14 days before the passwords
expire.
Note: This setting does not correspond with a real-world scenario. Use it as a sample scenario
to verify the policy applied in the next exercise task.
4. In the Days before a user is notified about expiration box, leave the default value of 14
5. Verify that the “Password policy has been updated” message appears at the top of the page.
 Task 2: Validate the password policy

1. In the Office 365 admin center, sign out as Holly, and then sign in as
Lindsey@AVXXXXa.xtremelabs.us, where AVXXXXa is your unique Adatum number, with the
password Pa$$w0rd.
2. On the upper-right side of the window, verify that the notification appears with the following information:
“Time to change your password. Your password will expire in 13 days.”
Note: You have now verified that your password policy is applied. In a real-world scenario,
after you verify that the password policy is applied, you would need to increase the number of days
before the password expires, according to your organizational policy.
Results: After completing this exercise, you should have configured and validated an Office 365 password
policy.
Lab B: Managing Office 365 groups and administration

Scenario
In addition to creating user accounts, you also need to know how to create group accounts in Office 365. In
this pilot project, you will use Windows PowerShell commands to manage users and groups. If the pilot is
successful, you can manage several hundred users and groups, and Windows PowerShell will be a means to
manage them efficiently. One of the goals in the pilot project is to test delegated administration in Office 365,
so you also need to delegate password management and billing management to different users.
Objectives
 Manage Office 365 groups by using the Office 365 admin center.
 Manage Office 365 users and groups by using Windows PowerShell.

 Configure delegated administrators.
Lab Setup
Virtual machine: 20347A-LON-DC1, 20347A-LON-CL1

User name: Adatum\Administrator for LON-DC1 and Adatum\Holly for LON-CL1
Password: Pa$$w0rd
In all tasks:

 In references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN name that
displays on the online lab portal.
 LON-DC1
 LON-CL1

Exercise 1: Managing Office 365 Groups

Scenario
Your organization has a policy that groups rather than individual user accounts must be in use to assign
permissions. Ensure that you can manage groups in the Office 365 admin center.

 Creating Office 365 security groups.
 Manage security groups.
 Task 1: Create Office 365 security groups

2. Sign in as Holly@AdatumAVXXXX.onmicrosoft.com, where AVXXXX is your unique Adatum number,
3. In the Office 365 admin center, create a new group named Sales, with a description of Sales
department users.
4. Add Lindsey Gates and Christie Thomas as group members.
5. In the Office 365 admin center, create a new group named Accounts, with a description of Accounts
department users.
6. Add Francisco Chaves and Sallie McIntosh as group members.
 Task 2: Manage security groups

1. In the Office 365 admin center, verify that you can see the following groups:
o Sales
o Accounts
2. In the groups list, click the Sales group.
3. Add Amy Santiago as a member of the Sales group.
4. Ensure that Amy Santiago now lists under the Display name list.
5. Delete the Sales group, and then click Active Users.
6. Confirm that Amy Santiago’s account still exists in the list of users
Exercise 2: Managing Office 365 users and groups by using Windows

PowerShell
Scenario
If the pilot project is a success, you expect that you will need to manage hundreds of user and group
accounts. To manage these efficiently, you will need to use Windows PowerShell. In preparation for this, you
need to familiarize yourself with managing users and groups by using Windows PowerShell.

Installing Microsoft Azure Active Directory module for Windows PowerShell.
Create new users and assign licenses by using Windows PowerShell.

Modify existing users by using Windows PowerShell.
Configure groups and group membership by using Windows PowerShell.
Configure user passwords by using Windows PowerShell.
 Task 1: Install Microsoft Azure Active Directory module for Windows PowerShell
1. On LON-CL1, open Microsoft Edge, and browse to http://aka.ms/t01i1o.
2. Download and install Microsoft Online Services Sign-In Assistant for IT Professionals RTW.
3. In Microsoft Edge, connect to http://aka.ms/siqtee.
4. Download and install the Microsoft Azure AD module for Windows PowerShell.
 Task 2: Create new users and assign licenses by using Windows PowerShell
1. On LON-CL1, on the desktop, right-click the Windows Azure Active Directory Module for Windows
PowerShell shortcut, and then click Run as administrator.
2. If a User Account Control dialog box appears, click Yes.

3. At the command prompt, type the following command, and then press Enter:
Connect-msolservice
4. In the Enter Credentials dialog box, sign in as holly@AdatumAVXXXX.onmicrosoft.com, where

AVXXXX is your unique Adatum number, with the password Pa$$w0rd.
5. Use the following command to create a new user account:
New-MsolUser –UserPrincipalName Catherine@AVXXXXa.xtremelabs.us –DisplayName “Catherine

Richard” –FirstName “Catherine” –LastName “Richard” –Password ‘Pa$$w0rd’ –
ForceChangePassword $false –UsageLocation “CH”
6. Use the following command to create another new user:
New-MsolUser –UserPrincipalName tameka@AVXXXXa.xtremelabs.us –DisplayName “Tameka Reed”

–FirstName “Tameka” –LastName “Reed” –Password ‘Pa$$w0rd’ –ForceChangePassword $false –
UsageLocation “CH”
7. Use the following command to determine which users are unlicensed:
Get-MsolUser -UnlicensedUsersOnly
8. Use the following command to assign a license to Catherine Richard; replace AVXXXXa in the –Add
Licenses attribute with the onmicrosoft.com domain name provided by the hosting provider:
Set-MsolUserLicense -UserPrincipalName Catherine@AVXXXXa.xtremelabs.us –AddLicenses

“AdatumAVXXXX:ENTERPRISEPACK”
9. Use the following command to assign a license to Tameka Reed; replace AVXXXXa in the –
AddLicenses attribute with the onmicrosoft.com domain name provided by the hosting provider:
Set-MsolUserLicense -UserPrincipalName Tameka@AVXXXXa.xtremelabs.us –AddLicenses

“AdatumAVXXXX:ENTERPRISEPACK”
10. Use the following command to prevent a user from signing in to Office 365:
Set-MsolUser -UserPrincipalName Catherine@AVXXXXa.xtremelabs.us -blockcredential $true
11. Use the following command to delete a user:
Remove-MsolUser –UserPrincipalName Catherine@AVXXXXa.xtremelabs.us –Force

1.
12. Use the following command to view the Deleted Users list:
Get-MsolUser –ReturnDeletedUsers
13. Verify that Catherine Richard is in the Deleted Users list.
14. Use the following command to restore a deleted user
Restore-MsolUser –UserPrincipalName Catherine@AVXXXXa.xtremelabs.us
15. Use the following command to view the Deleted Users:
Get-MsolUser –ReturnDeletedUsers
16. Verify that Catherine Richard is no longer in the Deleted Users list.
17. Use the following command to view the Active Users list:
Get-MsolUser
18. Verify that Catherine Richard is in the Active Users list.
19. Use the following command to allow a user to sign in:
Set-MsolUser -UserPrincipalName Catherine@AVXXXXa.xtremelabs.us -blockcredential $false
 Task 3: Modify existing users by using Windows PowerShell

1. On LON-CL1, open C:\labfiles\O365users.csv by using Notepad.
2. In Notepad, replace Adatumyyxxxx.hostdomain.com with AVXXXXa.xtremelabs.us.
3. In Notepad, replace adatumyyXXXX:ENTERPRISEPACK with your unique onmicrosoft.com domain

name, followed by ENTERPRISEPACK.
4. Close and save O365users.csv.

5. To bulk import several users from a CSV file, copy and paste this code into the Administrator: Windows
Azure Active Directory Module for Windows PowerShell window on LON-CL1, and then press Enter:
Import-Csv -Path C:\labfiles\O365Users.csv | ForEach-Object { New-MsolUser -

UserPrincipalName $_."UPN" -AlternateEmailAddresses $_."AltEmail" -FirstName
$_."FirstName" -LastName $_."LastName" -DisplayName $_."DisplayName" -BlockCredential
$False -ForceChangePassword $False -LicenseAssignment $_."LicenseAssignment" -Password
$_."Password" -PasswordNeverExpires $True -Title $_."Title" -Department $_."Department" -
Office $_."Office" -PhoneNumber $_."PhoneNumber" -MobilePhone $_."MobilePhone" -Fax
$_."Fax" -StreetAddress $_."StreetAddress" -City $_."City" -State $_."State" -PostalCode
$_."PostalCode" -Country $_."Country" -UsageLocation $_."UsageLocation" }
6. Use the following command to view the Active Users list:
Get-MsolUser
7. In the Office 365 admin center, verify the new user accounts.
8. In the Exchange admin center, verify that the users have been assigned mailboxes.
 Task 4: Configure groups and group membership by using Windows PowerShell
1. Use the following command to create a Marketing group:
New-MsolGroup –DisplayName “Marketing” –Description “Marketing department users”
2. Use the following command to configure a variable for the group:
$MktGrp = Get-MsolGroup | Where-Object {$_.DisplayName -eq "Marketing"}
3. Use the following command to configure a variable for the first user account:
$Catherine = Get-MsolUser | Where-Object {$_.DisplayName -eq "Catherine Richard"}
4. Use the following command to configure a variable for the second user account:
$Tameka = Get-MsolUser | Where-Object {$_.DisplayName -eq "Tameka Reed"}
5. Use the following command to add Catherine Richard to the Marketing group:
Add-MsolGroupMember -GroupObjectId $MktGrp.ObjectId -GroupMemberType "User" -

GroupMemberObjectId $Catherine.ObjectId
6. Use the following command to add Tameka Reed to the Marketing group:
Add-MsolGroupMember -GroupObjectId $MktGrp.ObjectId -GroupMemberType "User" -

GroupMemberObjectId $Tameka.ObjectId
7. Use the following command to verify the members of the Marketing group:
Get-MsolGroupMember -GroupObjectId $MktGrp.ObjectId
 Task 5: Configure user passwords by using Windows PowerShell

1. Use the following command to modify the password policy:
Set-MsolPasswordPolicy -DomainName “AdatumAVXXXX.onmicrosoft.com” –ValidityPeriod “90” -

NotificationDays “14”
2. Use the following command to assign a new password to Tameka’s account:
Set-MsolUserPassword –UserPrincipalName “Tameka@AVXXXXa.xtremelabs.us”

–NewPassword ‘Pa$$w0rd123’
Get-MsolUser | Set-MsolUser –PasswordNeverExpires $false
Results: After completing this exercise, you should have created new users, assigned licenses, modified
existing users, and configured groups and user passwords by using the Windows PowerShell command-
line interface.
Exercise 3: Configuring delegated administrators

Scenario
Members of the pilot project team have different responsibilities during the pilot. To ensure that team
members have only the permissions that they require to perform various tasks in Office 365, you are going to
assign different administrator roles to different users.
Assign delegated administrators in the Office 365 admin center.
Manage delegated administration with Windows PowerShell.
Verify delegated administration.

1.
 Task 1: Assign delegated administrators in the Office 365 admin center

2. Sign in as Holly@AdatumAVXXXX.onmicrosoft.com, with the password Pa$$w0rd.

3. In the Office 365 admin center, configure Francisco Chaves as a Billing administrator using an
alternate email address of user@alt.none.
4. In the Office 365 admin center, configure Tameka Reed as a Password administrator from the list.
5. In the Alternative email address text box, type user@alt.none.
6. In the Office 365 admin center, configure Christie Thomas as User management administrator.
7. In the Alternative email address text box, type user@alt.none.
 Task 2: Manage delegated administration with Windows PowerShell

1. In Windows PowerShell, use the following command to add Sallie to the service support administrator
role:
Add-MsolRoleMember –RoleName “Service Support Administrator” –RoleMemberEmailAddress

“Sallie@AVXXXXa.xtremelabs.us”
2. Use the following command to add Nona to the company administrator role:
Add-MsolRoleMember –RoleName “Company Administrator” –RoleMemberEmailAddress

“Nona@AVXXXXa.xtremelabs.us”
3. Use the following command to input the service support administrator role to the $role variable:
$role = Get-MsolRole –RoleName “Service Support Administrator”
4. Use the following command to list the role members:
Get-MsolRoleMember –RoleObjectId $role.ObjectId
5. Verify that Sallie McIntosh is in the list of users who have the Service Support Administrator role.
6. Use the following command to input the billing administrator role to the $role variable:
$role = Get-MsolRole –RoleName “Billing Administrator”
8. Verify that Francisco Chaves is in the list of users who have the billing administrator role.
9. Use the following command to input the company administrator role to the $role variable:
$role = Get-MsolRole –RoleName “Company Administrator”
11. Verify that Nona Snider is in the list of users who have the Company Administrator role.
Exit
 Task 3: Verify delegated administration

1. On the Office 365 page sign out if needed and then sign in as Tameka@AVXXXXa.xtremelabs.us,
where AVXXXXa is your unique Adatum number, with the password Pa$$w0rd123.
2. Change Tameka’s password to Pa$$w0rd.
3. Access the new Office 365 admin center.
4. Verify that you cannot modify any settings for Jessica Jenning’s user account.
5. Verify that you can reset Jessica’s password.
6. Write down the temporary password assigned to Jessica: ______________________________
7. Sign out as Tameka Reed, and then sign back in as Christie@AVXXXXa.xtremelabs.us using the
temporary password assigned in Lab A. Change the password to Pa$$w0rd.
8. Verify that you can modify settings on the Jessica Jennings user account. Change her phone number to
555-1234 and then block her sign in access.
9. Verify that you can add a new user named Chris Breland.
10. Verify that you can also delete the user account that you created.
Results: After completing this exercise, you should have assigned delegated administrators in the Office
365 admin center, managed delegated administration with Windows PowerShell, and verified delegated
administration.

Review Questions
Question: What is the most efficient way of creating user accounts if your organization decides
to migrate to Office 365?
Question: How will you configure Office 365 password policies in your organization, and will
you use multi-factor authentication?
Question: Why is it more convenient to assign permissions to security groups than to users?
Question: In which management scenarios will you use Office 365 with Windows PowerShell
rather than the Office 365 admin center?
Question: In which scenarios will you use RBAC in Office 365?
Best Practices
 Always perform detailed planning for user and group management, and check the plan in a test
Office 365 tenant before deploying in production.
 Plan and test user administrative tasks to improve user management efficiency and to eliminate
errors in the production environment, especially when running Windows PowerShell scripts.
 Plan for multi-factor authentication to help administrators choose the authentication method that
suits their organizational security requirements.
 Plan administrative roles to distribute administrative tasks according to organizational security and
business requirements.
Module 3 - Configuring client

connectivity to Microsoft Office 365
Scenario
You configured the Office 365 tenant and the custom domain for A. Datum Corporation. You also created
user accounts for your pilot users. The next step you must perform is to ensure that clients can connect to
Office 365, and that their configuration is automatic, where possible. To enable these features, you must
configure the required DNS records for your custom domain, and use the Office 365 connectivity tools to
verify connectivity. You then must configure Office 2016 clients to connect to Office 365.
Objectives
 Configure DNS records for Office 365.
 Run Office 365 connectivity analyzer tools.
 Configure and verify client connectivity.
Lab Setup
Virtual machines: 20347A-LON-DC1, 20347A-LON-CL1, and 20347A-LON-CL2

User name: Adatum\Administrator, Adatum\Holly, LON-CL2\Francisco
Password: Pa$$w0rd
In all tasks:
In references to AdatumAVXXXX.onmicrosoft.com, replace AVXXXX with your unique Office 365
name that is displayed in the online lab portal.
In references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN name that is
 LON-DC1
o Sign in as Adatum\Administrator with the password Pa$$w0rd
 LON-CL1
o Sign in as Adatum\Holly with the password Pa$$w0rd
 LON-CL2
o Sign in as LON-CL2\Francisco with the password Pa$$w0rd
Lab: Configuring client connectivity to Office 365
Exercise 1: Configuring DNS records for Office 365 clients

Scenario
All users in the pilot group at A. Datum are going to use the custom domain name in their email address and
sign-in credentials. You want to ensure that these users can sign in and that clients are configured
automatically, so you must configure the DNS records that the custom domain requires.
Review the recommended DNS records in the Office 365 admin center.
Configure the DNS records for external clients.
 Task 1: Review the recommended DNS records in the Office 365 admin center
1. Switch to the LON-CL1 virtual machine.
2. On the desktop, open Microsoft Edge.

3. Connect to http://login.microsoftonline.com, and then sign in as
holly@AVXXXX.onmicrosoft.com.com, replacing AVXXXX with your unique Adatum number, and with
the password Pa$$w0rd.
4. In the Office 365 admin center, in the Domains window, review the domain names assigned to the
Adatum tenant.
5. In the Domains window, under the Adatum domain on the right, review the recommended DNS records.
6. On the DNS errors page, review the records that need to be configured for your domain.
7. Leave the Microsoft Edge window open.
 Task 2: Configure the DNS records for external clients
Configure DNS for an authoritative answer

1. On LON-DC1, start Server Manager, and then open the DNS Manager.
2. In DNS Manager, expand Forward Lookup Zones, expand AVXXXXa.xtremelabs.us zone, and then
create following record:
o New Host (A or AAAA)… – NLS01 – IP Address in Lab Network Info
3. Alter the following records:
o Name Server (NS) – Replace FQDN with NLS01.AVXXXXa.xtremelabs.us and resolve
o Start of Authority (SOA) – Replace Primary Server with NLS01.AVXXXXa.xtremelabs.us
Configure DNS settings for Exchange Online

1. Create the following records:
o Alias (CNAME) – autodiscover - autodiscover.outlook.com
o Mail Exchanger (MX) – AVXXXXa-xtremelabs-us.mail.protection.outlook.com
Configure DNS settings for Skype for Business Online

1. On LON-DC1, in DNS Manager, expand the AVXXXXa.xtremelabs.us zone, and then create following
service (SRV) records:
2. On the Service Location (SRV) tab, enter the following information, and then click OK:
 Service: _sip
 Protocol: _tls
 Priority: 100
 Weight: 1
 Port number: 443
 Host offering this service: sipdir.online.lync.com
 Time to live: 1 hour (default)
3. In the Resource Record Type dialog box, click Create Record
4. On the Service Location (SRV) tab, enter the following information, and then click OK:
 Service: _sipfederationtls
 Protocol: _tcp
 Priority: 100
 Weight: 1
 Port number: 5061
 Host offering this service: sipfed.online.lync.com
5. In the Resource Record Type dialog box, scroll back up the list, click Alias (CNAME), and then click
Create Record.
6. On the Alias (CNAME) tab, enter the following information, and then click OK:
 Alias name: sip
 Fully qualified domain name: sip.AVXXXXa.xtremelabs.us
 Fully qualified domain name (FQDN) for target host: sipdir.online.lync.com
7. In the Resource Record Type dialog box, click Create Record.
8. On the Alias (CNAME) tab, enter the following information, and then click OK:
 Alias name: lyncdiscover
 Fully qualified domain name: lyncdiscover.AVXXXXa.xtremelabs.us
 Fully qualified domain name (FQDN) for target host: webdir.online.lync.com
9. Switch back to LON-CL1, and then in the Office 365 admin console, click Continue setup.
10. You should now see that most records are not listed anymore (you should see msoid,
enterpriseregistration, enterpriseenrollment, and SPF records). Click to close the page.
11. In the top bar, click the Office 365 apps icon.
12. Click Mail, and configure your time zone.

13. On LON-CL2, verify that you are signed in as Francisco.
14. Open Microsoft Edge, and then connect to https://login.microsoftonline.com.
15. Sign in as Francisco@AVXXXXa.xtremelabs.us with the password Pa$$w0rd.
16. In the Office 365 portal, click Mail, and configure your time zone.
17. Create a new email to Holly Dickson.
18. When the name resolves, note her instant message (IM) status. It might take a couple of minutes for her
status to update.
19. Initiate an IM session with Holly Dickson.
20. On LON-CL1, click the IM dialog box.
21. Reply to the IM. Note that you now can send IMs between the two users.
22. Close both IM windows, and then close the Microsoft Edge windows on both virtual machines.
Results: After completing this exercise, you should have reviewed the recommended DNS records in the
Office 365 admin center, configured the DNS records for external clients, and configured the DNS records
for internal clients.
Exercise 2: Running the Office 365 connectivity analyzer tools

Scenario
Before you connect any clients to Office 365, you must ensure that the environment’s configuration is correct.
To do this, you will run the Office 365 connectivity analyzer tools.
 Run the Microsoft Connectivity Analyzer tool.
 Run the Office 365 Client Performance Analyzer.
 Task 1: Run the Microsoft Connectivity Analyzer tool

1. On LON-CL1, open Microsoft Edge.
2. In the address bar, enter https://testconnectivity.microsoft.com/.
3. On the Microsoft Remote Connectivity Analyzer page, on the Office 365 tab, perform an Office 365
Exchange Domain Name Server (DNS) Connectivity Test, and for Domain Name, type
AVXXXXa.xtremelabs.us.
4. Perform verification by entering the characters that you see in the Verification field.
Note: The verification code is not case-sensitive.
Note: If you receive a message about having performed too many tests in 60 seconds, wait for
a minute, and then repeat the test.
5. When you see Connectivity Test Successful, review the checks that were made against the Exchange
Online domain.
6. Click Start Over.
7. On the Office 365 tab, perform Office 365 Lync Domain Name Server (DNS) Connectivity Test, and
in the Sign-in address text box, type Francisco@AVXXXXa.xtremelabs.us.
Note: If you receive a message about having performed too many tests in 60 seconds, wait for
a minute, and then repeat the test.
8. When you see Connectivity Test Successful, review the checks that were made against the Skype for
Business Online domain.
9. Click Start Over.
10. Under Microsoft Office Outlook Connectivity Tests, perform the Outlook Connectivity test.
11. On the Outlook Connectivity page, in Email Address and Microsoft Account, enter
Francisco@AVXXXXa.xtremelabs.us.
12. In Password and Confirm password, enter Pa$$w0rd.
13. Select Use Autodiscover to detect server settings.
14. Check I understand that I must use the credentials of a working account from my Exchange
domain to be able to test connectivity to it remotely. I also acknowledge that I am responsible for
the management and security of this account.
15. When you see Connectivity Test Successful with Warnings, under Test Details, review the checks
that have been made against Outlook Anywhere. Note in particular the message that contains
information about the Autodiscover steps that fail.
16. Under Run Test Again at the top right, note that you can copy this test to the clipboard, or save it as
XML or HTML.
 Task 2: Run the Office 365 Client Performance Analyzer

1. In the Microsoft Connectivity Analyzer window, on the Client tab, in the Microsoft Office 365 Client
Performance Analyzer section, click Microsoft Office 365 Client Performance Analyzer.
2. In the Office 365 Client Performance Analyzer window, download and install Office 365 Client
Performance Analyzer.
3. Run Exchange Analyzer.
4. In the pop-up window, type Francisco@AVXXXXa.xtremelabs.us, clear the Allow OCPA to run in the
background collecting diagnostics every few hours for you check box, and then click OK.
5. Wait until Office 365 Client Performance Analyzer generates the results.
6. Review the results, and then click Show Trace Route Details.
7. Review the details, and then close the window.
Results: After completing this exercise, you should have run the Microsoft Connectivity Analyzer tool, and
the Office 365 Client Performance Analyzer tool.
Exercise 3: Connecting Office 2016 clients

Scenario
The final step is to ensure that the Office 2016 clients can connect to Office 365.
 Verify that Outlook 2016 can connect to Office 365.
 Verify that Skype for Business can connect to Office 365.
 Task 1: Verify that Outlook 2016 can connect to Office 365

2. Start Outlook 2016, and then sign in by using the following details:
o Your Name: Holly Dickson
o E-mail Address: Holly@AdatumAVXXXX.onmicrosoft.com
o Password: Pa$$w0rd
o Retype Password: Pa$$w0rd
3. Verify that you are connected to Exchange Online. Close the First things first dialog box.
4. On LON-CL2, repeat steps 1 through 3 by using the following information:

o Your Name: Francisco Chaves
o E-mail Address: Francisco@AVXXXXa.xtremelabs.us
o Retype Password: Pa$$w0rd.
 Task 2: Verify that Skype for Business can connect to Office 365
2. Start Skype for Business, and on the Skype for Business sign in page, type
Holly@AVXXXX.onmicrosoft.com, and then click Sign in.
3. Verify that you are connected to Skype for Business Online.
4. On LON-CL2, repeat steps 1 through 3 by using the following information:
o Sign-in address: Francisco@AVXXXXa.xtremelabs.us
5. Keep the virtual machines running for the next module.
Results: After completing this exercise, you should have verified that Outlook 2016 can connect to Office
365, verified that Skype for Business can connect to Office 365, and verified OneDrive for Business
connectivity to Office 365.

Best Practices
Planning is the key to a successful Office 365 client deployment, and your planning process should
include:
Analyzing Office 365 clients and deciding which clients meet the organization’s business requirements.
Performing a detailed review of all DNS record changes that are needed for Office 365 deployment process.
Without a proper DNS configuration, there might be issues when clients connect to Office 365 services.
Planning network connectivity. When you migrate your infrastructure to Office 365, all of your organization’s
resources are hosted in the cloud. Therefore, you need a reliable Internet connection to support client
connections to Office 365.
Planning changes that you need to configure in your organization’s network infrastructure, such as firewalls and
internal DNS servers that provide connectivity to Office 365.
Preparing a thorough support plan for users to help them transition to Office 365 services.
Module 4 - Planning and configuring

directory synchronization
Lab: Configuring directory synchronization
Scenario
The pilot deployment of Office 365 is well underway at A. Datum. The project steering committee has made
the recommendation to continue with migrating additional departments to Office 365. The first step in
completing the migration is to configure directory synchronization so that user and group accounts will be
synchronized for the on-premises AD DS domain rather than managing all user and group accounts in
Office 365.
Objectives
 Prepare the on-premises AD DS domain for directory synchronization.

 Install and configure directory synchronization with Azure AD Connect.
 Manage user and group accounts by using directory synchronization.
Lab Setup
Virtual machines: 20347A-LON-DC1, 20347A-LON-DS1, 20347A-LON-CL1, and 20347A-LON-CL2
User names: Adatum\Administrator, Adatum\Holly, LON-CL2\Francisco
Password: Pa$$w0rd
In all tasks:

 In references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN name
Note: When you connect to the Office 365 admin center, you may be prompted to provide an
authentication phone and authentication email address. If you see this window, click Cancel.

 LON-DC1
 LON-DS1
 LON-CL1
 LON-CL2
o Sign in as LON-CL2\Francisco using the password Pa$$w0rd
Exercise 1: Preparing for directory synchronization

Scenario
Before directory synchronization can be configured, there are several checks that the team needs to run,
including identifying duplicate accounts in AD DS, filtering the directory, correcting UPNs, and enabling
directory synchronization in Office 365.
In this exercise, you will prepare the environment for directory synchronization.
 Configure UPN.
 Prepare problem user accounts.
 Run the IdFix tool and fix identified issues.
 Configure the Office 365 tenant for directory synchronization.
 Task 1: Configure UPN

1. On LON-DC1, open Active Directory Domains and Trusts, and add AVXXXXa.xtremelabs.us as an
Alternate UPN Suffix.
2. Using Windows PowerShell, update the UPN on every user in AD DS with “@AVXXXXa” for the domain
name. To do this, type the following command and then press Enter:
Get-ADUser –Filter * -Properties SamAccountName | foreach { Set-ADUser $_ -

UserPrincipalName ($_.SamAccountName + “@AVXXXXa.xtremelabs.us” )}
 Task 2: Prepare problem user accounts

1. On LON-DC1, set the Execution policy in Windows PowerShell to Unrestricted, change the path to
C:\labfiles and then run the Windows PowerShell cmdlet .\CreateProblemUsers.ps1.
2. This Windows PowerShell script will make the following changes in AD DS:
o Amr Zaki. Add the "@" character to the beginning of "adatum" for the UserPrincipalName
attribute.
o Brad Sutton. Replace the existing string with "brad@adatum.com" for the emailAddress
attribute.
o Don Funk. Replace the existing string with “brad@adatum.com” for the emailAddress
attribute.
o Holly Dickson. Replace the existing string with “holly@adatum.com” for the EmailAddress
attribute.
o Kelly Rollins. Replace the existing string with “ “ for the emailAddress attribute.
 Task 3: Run the IdFix tool and fix identified issues

1. On LON-CL1, download the IdFix DirSync Error Remediation Tool from https://www.microsoft.com/en-
us/download/details.aspx?id=36832.
2. Extract the files to C:\Deployment Tools\IdFix and then run IDFix as an administrator.
3. In the IdFix tool, click Query, and then sort the errors by the ERROR column.
4. On the Actions menu, select Edit for each of these objects, and then click Apply:
o Amr Zaki
o Holly Dickson
o Kelly Rollins
Click Query.
5. Click to sort the errors by the UPDATE column, and for each of these objects, replace the mail attribute
with the appropriate string. On the Actions menu, select EDIT.
o Don Funk. mail attribute should be “don@adatum.com”.
o Kelly Rollins. mail attribute should be “kelly@adatum.com”.
6. Click Apply, and click Query.

7. Remediate any remaining issues.
 Task 4: Configure the Office 365 tenant for directory synchronization

1. On LON-CL1, open Windows Azure Active Directory Module for Windows PowerShell and connect to
MSOnline with the following credentials:
o User name: Holly@AdatumAVXXXX.onmicrosoft.com
2. In Windows PowerShell, enable directory synchronization for Office 365 by using the following
command:
Set-MsolDirSyncEnabled -EnableDirSync $true -Force
3. In the Office 365 admin center, verify that directory synchronization has been enabled.
Results: After completing this exercise, you will have resolved issues in AD DS identified by the IdFix tool
and you will have enabled Active Directory synchronization in Office 365.
Exercise 2: Configuring directory synchronization

Scenario
Now that the environment is prepared for directory synchronization, the next step is to install and configure
the Azure AD Connect tool and configure an initial synchronization.
 Download and install Azure AD Connect.

 Run the Azure AD Connect tool with custom settings.
 Configure synchronization service filtering for organizational units.
 Configure synchronization service filtering for object attribute.

Verify that synchronization was successful.
 Task 1: Download and install Azure AD Connect

1. Sign in to LON-DS1 with the following credentials:
o User name: Adatum\Administrator
2. Open Internet Explorer and connect to the Office 365 portal: https://portal.microsoftonline.com.
3. If you are connected to the previous Admin center, click the banner at the top of the window to connect
to the new Admin center.
4. Sign in with the following credentials:
o User name: holly@AdatumAVXXXX.OnMicrosoft.com
5. Change the domain portion of Holly Dickson’s account to @AVXXXXa.xtremelabs.us.
6. Close Internet Explorer, open it again, and connect to the Office 365 admin center. Sign in as
Holly@AVXXXXa.xtremelabs.us using the password Pa$$w0rd.
7. From the previous Office 365 admin center, download and install Azure AD Connect with Customized
Settings. You will need to configure the security settings for the Internet zone to enable file downloads.
 Task 2: Run the Azure AD Connect tool with custom settings

1. On LON-DS1, complete the configuration of Azure AD and connect with the following settings:
o Connect to Azure AD, use the following credentials:
 User name: holly@AVXXXXa.xtremelabs.us
 Password: Pa$$w0rd
o Connect your directories, use the following credentials:
 User name: Adatum\Administrator
 Password: Pa$$w0rd
o Filtering: Select only the IT OU.
o Do not make changes on other pages of the wizard.
o On the Ready to configure page, clear the option to Start the synchronization process as
soon as the initial configuration completes, and click Install.
2. Once the installation completes, on the Configuration complete page, click Exit.
3. On the Start screen, sign out of LON-DS1, and then sign back in as Adatum\Administrator with the
password Pa$$w0rd.
 Task 3: Configure synchronization service filtering for organizational units

 On LON-DS1, configure the Active Directory Connector in Synchronization Service Manager for the
following:
o Containers: Add the Research OU.
 Task 4: Configure synchronization service filtering for object attribute

1. On LON-DS1, use the Synchronization Rules Editor to configure a filter on the inbound synchronization
rule with the following:
o Name: “In from AD – User DoNotSyncFilter”
o Connected System: Adatum.com
o CS Object Type: User

o Metaverse Object Type: Person
o Link Type: Join

o Precedence: 50
o Scoping filter:
 Attribute: MSDS-cloudExtensionAttribute15
 Operator: EQUAL
 Value: NoSync
o Transformation:
 FlowType: Constant
 Target Attribute: cloudFiltered
 Source: True
o Use the Windows PowerShell to start the synchronization by executing the following command:
Start-ADSyncSyncCycle –PolicyType Initial
 Task 5: Verify that synchronization was successful

1. Ensure that you are signed in to LON-DS1 with the following credentials:
2. Open Internet Explorer and connect to http://aka.ms/siqtee.
3. Download and install the Microsoft Azure Active Directory Module for Windows PowerShell.
4. Use the following methods to verify synchronization:
o Synchronization Service Manager
o Windows PowerShell
o Office 365 admin center
Results: After completing this exercise, you will have installed Azure AD Connect with customized
settings. Upon completion of the installation, you will start directory synchronization to Office 365 and have
verified that synchronization was successful.
Exercise 3: Managing Active Directory users and groups

Scenario
Now that directory synchronization is in place and working, you need to identify how managing user and
group accounts has changed with directory synchronization.
 Create a new user and group account.
 Move a user out of the scope of synchronization.
 Move a user into the scope of synchronization.
 Change group membership.

 Force synchronization.
 Validate the results of directory synchronization.
 Task 1: Create a new user and group account

1. On LON-DC1, use Active Directory Users and Computers to create the following user in the Research
OU:
o First name: Perry
o Last name: Brill
o User logon name: Perry@AVXXXXa.xtremelabs.us

2. Uncheck User much change password at next logon.
3. Select Password never expires.

4. E-mail: Perry@AVXXXXa.xtremelabs.us
Use Active Directory Users and Computers to create the following group in the Research OU:
o Group name: Project Team
o Group scope: Universal
o Group type: Distribution
5. E-mail: projectteam@AVXXXXa.xtremelabs.us
6. Members:
o Chris Sells
o Lukas Keller
o Sabine Royant
 Task 2: Move a user out of the scope of synchronization

1. On LON-DS1, run the following command to verify that Josh Bailey is an Office 365 user.
Get-MsolUser -Search Josh

2. On LON-DC1, in Active Directory Users and Computers, move Josh Bailey from the Research OU to the
Sales OU.
 Task 3: Move a user into the scope of synchronization

 On LON-DC1, use Active Directory Users and Computers to move the user David So to the Research
OU.
 Task 4: Change group membership

 On LON-DC1, use Active Directory Users and Computers to remove these users from the Research
group:
o Allie Bellew
o Anil Elison
o Aziz Hassouneh
 Task 5: Force synchronization

 On LON-DS1, use Windows PowerShell to force an unscheduled, delta directory synchronization.
 Task 6: Validate the results of directory synchronization

 On LON-CL1, verify that the changes in AD DS were successfully synchronized to Office 365.
Results: After completing this exercise, you will have identified how managing user and group accounts
has changed with directory synchronization.

Review Question
Question: What are some of the typical issues that can arise if UPN suffixes are not properly
configured before directory synchronization is deployed?
Real-world Issues and Scenarios

Because directory synchronization is the link between your on-premises AD DS objects and the services
in Office 365, be very careful when making changes to Azure AD Connect or the Synchronization
Service Manager after production deployment. For example, a minor mistake in filtering could
accidentally delete all user mailboxes in Office 365 very quickly.
In some environments, you might test all changes on a separate directory synchronization server in test
that is connected to a separate Office 365 tenant (trial). In addition, you should manually initiate run
profiles for each management agent in Synchronization Service Manager and observe the pending
actions before exporting to Office 365. In some cases, it might be a good idea to create a new run profile
for exporting to Azure AD that includes a maximum limit on the number of allowed deletions.
Tools
IdFix. The Office 365 IdFix tool provides you the ability to identify and remediate the majority of object
synchronization errors in your AD DS forests in preparation for deployment to Office 365.
Having completed this module, you can now prepare an on-premises environment ready for directory
synchronization, install and configure Azure AD Connect, and manage Active Directory users and groups
with directory synchronization to Office 365 enabled.
Best Practices
 You must have a proper project plan.
 If using filtering, it should be set up before synchronizing any objects.
 You should work with a cloud services partner.

 You should perform thorough capacity planning.
 You should remediate AD DS before deploying directory synchronization.
 You should add all SMTP domains as verified domains before synchronizing.
Common Issues and Troubleshooting Tips

Common Issue Troubleshooting Tip
Directory synchronization filtering is no

longer working.
After installing Azure AD Connect, you

might be prompted with the following error
message when you open Synchronization
Service Manager:
"Unable to connect to the Synchronization
Service."
Module 5 - Planning and deploying

Office 365 ProPlus
Lab: Managing Office 365 ProPlus installations
Scenario
Most users in your organization are using Office 2013 on their desktops. As part of the Office 365 pilot
project, you would like to upgrade the clients to Office 365 ProPlus to take advantage of the new features
available in Office 2016.
The project steering committee has not yet decided whether they will allow users to install Office 365
ProPlus, or whether they will use a centralized installation mechanism. As part of the pilot project, you need
to evaluate each option for deploying and managing Office 365 ProPlus.
Objectives
 Prepare an Office 365 ProPlus managed installation.
 Manage user-driven Office 365 ProPlus installations.
 Manage centralized Office 365 ProPlus installations.
Lab Setup
Virtual machines: 20347A-LON-DC1, 20347A-LON-DS1, 20347A-LON-CL1, 20347A-LON-CL3, and

20347A-LON-CL4
User name: Adatum\Administrator on LON-DC1 and LON-DS1, Adatum\Holly on LON-CL1,
Adatum\Roman on LON-CL3, and Adatum\Maira on LON-CL4
Password: Pa$$w0rd
In all tasks:
 In references to AdatumAVXXXX.onmicrosoft.com, use your unique AVXXXX Office 365 name

displayed in the Lab Page of your web browser.
 In references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN Name

 LON-DC1
 LON-DS1
 LON-CL1

 LON-CL3
o Sign in as Adatum\Roman using the password Pa$$w0rd
 LON-CL4
o Sign in as Adatum\Maira using the password Pa$$w0rd
Exercise 1: Preparing an Office 365 ProPlus managed installation

Scenario
One of the Office 365 ProPlus installation options that you are evaluating is using a managed deployment.
To start, you will download and install the Office Deployment Tool, and start the download for Office 365
ProPlus.

 Download the Office 365 deployment tool.
 Modify an Office 365 ProPlus installation.
 Task 1: Download the Office 365 deployment tool

1. On LON-CL1, on the taskbar, click File Explorer.
2. In File Explorer, click Local Disk (C:) in the left navigation pane.
3. In File Explorer, click the Home tab, and then click New Folder.
4. Type Office16, and then press Enter.
5. In File Explorer, right-click Office16, click Share with, and then click Specific people.
6. In the File Sharing dialog box, click the drop-down list box, select Everyone from the list, click Add, and
then click Share.
7. In the File Sharing dialog box, click Done.
8. From the taskbar, open the Microsoft Edge browser.
9. In the address bar, type https://portal.microsoftonline.com, and then press Enter.

10. Sign in as holly@AVXXXXa.xtremelabs.us, with the password Pa$$w0rd.
11. On the Office 365 home page, click Admin. Click Switch back to the old admin center to switch to
previous Office365 admin center.
12. In the Office 365 admin center, in the left panel, click SERVICE SETTINGS, and then click User
software.
13. Under the Manually deploy user software area, click Learn how to download and deploy software.
14. On the How admins can download Office 365 user software to deploy to users page, click Manage
user software in Office 365.
15. In the Manually download and install the Office apps by using the Office Deployment Tool section,
click the Office Deployment Tool (Office 2016 version) link to open the Office Deployment Tool
download page.
16. On the download page, expand Details, System Requirements, and Install Instructions.
17. Read and familiarize yourself with each section. You can mark this page as a favorite to refer to later.
18. Click Download and notice the information bar at the bottom of the browser.
19. Once the download is completed, click Run.
20. In the User Account Control dialog box, click Yes.

21. Accept the license agreement and click Continue.
22. Browse to the Office16 folder on This PC’s C: drive.
23. Click OK. You should see that the files were extracted successfully. Click OK.
24. Navigate to the Office16 folder with File Explorer. You should see two files in the newly created Office
Deployment Tool folder named configuration and setup.
 Task 2: Modify an Office 365 ProPlus installation

1. On LON-CL1, back up the Office Deployment Tool configuration.xml file in the C:\Office 16 folder
created earlier by saving another copy.
2. By using Notepad, open the configuration.xml file and edit the first Add line after <Configuration> to
read<Add SourcePath=”\\LON-CL1\Office16\” OfficeClientEdition=”32” Branch=”Current”>.
3. Remove all comments from the code.
4. Comment out the VisioProRetail from the code and save the file as AdatumConfiguration.xml.
5. From File Explorer, open a command window.

6. Type Setup /? to see options available.
7. Type setup.exe /download \\LON-CL1\Office16\AdatumConfiguration.xml to start the download of
Office 365 ProPlus.
8. Verify that the download has started in File Explorer.
Results: You will have downloaded a copy of the Microsoft Office 365 ProPlus install for managed
deployment to a shared folder. You will also download and install the Office Deployment Tool on the same
machine.
Exercise 2: Managing user-driven Office 365 ProPlus installations

Scenario
As part of the pilot project, you need to understand the process of installing Office 365 ProPlus directly from
the Office 365 portal. You must also explore options for managing the installation. A. Datum Corporation
plans to use a combination of user-driven and managed deployments, depending on the employment
relationship and working practices of individual users. Associates, those who have brought their own devices,
and remote employees will all install Office 365 ProPlus manually from the Office 365 website. Holly, the
administrator, will then determine what happens to users when she activates and deactivates Office 365
ProPlus subscriptions. She will also explore the different ways licensing effects the user.
 Manage user rights to install Office 365 ProPlus.
 Install Office 365 ProPlus from the Office 365 portal.
 Manage office licenses.

 Reactivate Office 365 ProPlus.
 Task 1: Manage user rights to install Office 365 ProPlus

1. On LON-CL1, if required, connect to the new Office 365 admin center as Holly with the password of
Pa$$w0rd to assign various combinations of licensing to Office 365 users.
2. Edit user Brad Sutton by adding Office 365 Enterprise E3 license using a location of United Kingdom,
but removing the Office 365 ProPlus option.
3. Edit user Maira Wenzel and assign an Office 365 Enterprise E3 license using the location of the United
Kingdom.
4. Repeat the previous step for Roman Miler.
5. In the Office 365 admin center, on the Settings menu, access the Service & add-ins page.
6. On the Software download settings page, disable downloads for both Office 2013 and Office 2016.
7. Sign out, and then sign in as Brad Sutton with the user name brad@AVXXXXa.xtremelabs.usand the
password Pa$$w0rd.
8. Access Brad’s Office 365 settings and verify that he does not have the option to install the Office 365
apps.
9. Sign out as Brad Sutton, and then sign in as Roman Miler with the user name
roman@AVXXXXa.xtremelabs.uswith the password of Pa$$w0rd.
10. Navigate to the Office 365 settings page, and then click Install software.
11. Note that the users looked similar, but Brad is not assigned a license. Roman has a license, but Holly
deactivated version 2016 for all users.
12. Before signing out, verify that Phone & tablet apps are available.
13. Sign out as Roman and close the browser.

14. Open a new browser, and then sign in to the Office 365 environment with the administrator Holly’s
credentials and password.
15. Go back to the Office 365 admin center and enable downloads for Office 2016.
16. Sign out of Office 365 as Holly and sign in as Brad.

17. Verify that Brad does not have any software to install, due to licensing.
18. Switch to LON-CL3 and sign in as Roman.
19. Open a browser and go to https://portal.office.com.

20. Sign in as Roman and navigate to the Install software page.
21. Do not install, but notice what is available.
22. Notice how to change from 32-bit to 64-bit options on the Office 365 ProPlus advanced menu.
23. You will install the software in the next lab.
 Task 2: Install Office 365 ProPlus from the Office 365 portal
1. On LON-CL3, on the Office365 portal, select the appropriate language and version, and then install on
the local computer.
2. Make sure to accept licensing agreements and decline reporting options.
3. Check on the status of the download from the taskbar.
4. When installed, open Word 2016 from the Windows start menu.
5. In Word, in the upper-right corner, switch accounts by signing out as Roman and adding the account for
Holly.
6. Create a document with some content and save to an Adatum Publishing Team Site folder in the
Documents folder with the file name Meeting Agenda.
7. Switch back to Roman’s Office 365 session in the browser.
8. Notice the new option of Manage installs on the Install software page.
9. Check the Tools & add-ins page to see what is installable.
 Task 3: Manage Office licenses

1. On LON-CL3, sign out of Office 365 as Roman, and sign in as Holly Dickson, the administrator.
2. From the Office 365 admin center, disable Roman Miler’s license to Office 365 ProPlus.
3. Sign out of Office 365 as Holly and sign in as Roman.
4. Navigate to the Install software page to confirm that Office is no longer available for download. What
will happen to the Office software that is already installed?
 Task 4: Reactivate Office 365 ProPlus

1. On LON-CL3, sign in to Office 365 as Holly, the administrator, and then reactivate Roman Miler’s
Office 365 ProPlus software license.
Results: When completed, you should be able to activate Office 365 ProPlus for self-service installations.
You should also be able to set licensing options correctly for end users so that deployment and installation
is possible.
Exercise 3: Managing centralized Office 365 ProPlus installations

Scenario
In addition to the user-driven installations, you also need to evaluate using a centralized means to install
Office 365 ProPlus.

 Configure a Group Policy Object (GPO) to distribute the custom installation.
 Verify the installation.
 Task 1: Configure a Group Policy Object (GPO) to distribute the custom installation
1. Using an administrative sign in on the LON-DC1 server, use Server Manager tools to create a new
organizational unit (OU) named Adatum_Computers.
2. Move LON-CL4 to the new OU.
3. Open Group Policy Management from Server Manager.
4. Create a Group Policy Object (GPO) linked to the newly created Adatum_Computers.
5. Name the GPO DeployO365.
6. By using the Group Policy Management Editor, expand Computer Configuration, expand Policies,
expand Windows Settings, and then open Scripts (Startup/Shutdown).
7. Create a new text document with the following line: \\LON-CL1\Office16\setup.exe /configure \\LON-
CL1\Office16\AdatumConfiguration.xml.
8. Save the file as DeployO365.cmd.
9. Delete New Text Document.

10. In Group Policy Management Editor, in the Startup Properties dialog box, add a script.
11. Add the DeployO365.cmd file, and then click OK.
Note: Where and how do you think this might start up?
 Task 2: Verify the installation

1. On LON-CL4, sign in as Maira Wenzel.
2. Open the Command Prompt as Adatum\Holly and run gpupdate /force.
3. Restart LON-CL4.
4. Wait five minutes after the restart to allow the Group Policy settings to take effect.
5. Sign in as Maira and navigate to the start menu.
6. Verify that Microsoft Office 2016 Tools folder installed.

7. Open Word 2016 and activate with Maira’s Office 365 credentials.
8. In the First things first dialog box, click No thanks, click Accept, and then close the dialog box.
9. Open a blank document, type some text, and then save it.
10. In Task Manager, check the processes, details, and services for Click-to-Run.
11. Close all open programs.
Results: You will have enabled centralized managed deployment of Office 365 ProPlus and implemented a
standardized Microsoft Office configuration by using one version of Office.
Question: Why do you need to edit the configuration.xml file when preparing to use managed
deployments of Office 365 ProPlus?
Question: How can you verify that the Click-to-Run service is running?
Module 6 - Planning and managing

Exchange Online recipients and
permissions
Lab: Managing Exchange Online recipients and
permissions
Scenario
A. Datum Corporation is ready to move a second group of pilot users to Office 365. Before completing the
move, you must ensure that you can manage Exchange recipients in Exchange Online. You also must
ensure that you can delegate permissions in Exchange Online.
Objectives
 Configure Exchange Online recipients.

 Delegate administrative permissions.
Lab Setup
Virtual machines: 20347A-LON-DC1, 20347A-LON-DS1, 20347A-LON-CL1

User names: Adatum\Administrator, Adatum\Holly
Password: Pa$$w0rd
In all tasks:
In references to Adatumyyxxxx.xtremelabs.us, replace AVXXXXa with your unique Office 365 name
In references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN name
 LON-DC1
 LON-DS1
 LON-CL1

Exercise 1: Configuring Exchange Online recipients

Scenario
In preparation for migrating more users to Office 365, you need to ensure that you can manage Exchange
Online recipients by using the Exchange admin center and Windows PowerShell.
 Create user mailboxes.

 Create groups and assign mailboxes.
 Connect to Exchange Online with Windows PowerShell.
 Create resource mailboxes.

 Configure additional Exchange Online recipients.
 Task 1: Create user mailboxes

1. On LON-CL1, in Internet Explorer, navigate to https://login.microsoftonline.com/ and sign in as
holly@AVXXXXa.xtremelabs.us, with the password Pa$$w0rd.
2. Open the Office 365 admin center.
3. Create the following user accounts:

o Martina Blair
o Matt Villagomez (since Matt@AVXXXXa.xtremelabs.us is in use, use the username MattV)
o Olivia Emerson
o Kendra Sexton
4. For each user:
a. Type password: Pa$$w0rd
a. Make this person change their password the next time they sign in: Not selected
b. Select licenses for this user: Office 365 Enterprise E3
5. Open the Exchange admin center and click recipients.
Note: It might take a few minutes for the mailboxes to appear. Click the refresh icon
periodically until they do.
 Task 2: Create groups and assign mailboxes

Create the following distribution groups with the following members:
 IT
o Olivia Emerson
 Managers
o Martina Blair
 Development
o Matt Villagomez
 Sales
o Kendra Sexton
 Task 3: Connect to Exchange Online with Windows PowerShell

1. On the desktop, right-click Windows Azure Active Directory Module for Windows PowerShell, and
then click Run as administrator.
Note: If you copy the following commands from the courseware, you can paste them into the
virtual machine. On the Virtual Machine Connection menu, click Clipboard, and then click
Type clipboard text.
2. In the Windows PowerShell window, run the following cmdlet:

$credential = Get-Credential
3. Sign in as holly@AVXXXXa.xtremelabs.us with the password Pa$$word.

connect-msolservice –credential $credential
6. $exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri

"https://outlook.office365.com/powershell-liveid/" -Credential $credential -Authentication "Basic" -
AllowRedirectionIn the Windows PowerShell window, run the following cmdlet:
Import-PSSession $exchangeSession -DisableNameChecking

Get-AcceptedDomain
Note: This command returns the list of accepted domains and verifies that you can connect to
your Office 365 subscription.
 Task 4: Create resource mailboxes

1. In the Exchange Admin center, open resources.

New-Mailbox -Name "Conference Room" –Room

Set-CalendarProcessing "Conference Room" -AutomateProcessing AutoAccept

New-Mailbox -Name "Demonstration Laptop” –Equipment

Set-CalendarProcessing "Demonstration Laptop” -AutomateProcessing AutoAccept
Note: If you receive an error when you run the set-calendarprocessing cmdlet for either of
these objects, wait a few moments and repeat.
6. In the Exchange Admin center, click Refresh. You should be able to see both resources.

Set-mailbox “Conference room” –resourcecapacity “25”
8. In Exchange Admin center, click Refresh. You should be able to see the changes you made in the
details pane on the right.
 Task 5: Configure additional Exchange Online recipients

1. On LON-CL1, open C:\Labfiles\ExternalContacts.csv and review its contents. Close the file.
2. In Exchange Admin center, click contacts.

CD C:\Labfiles

Import-Csv .\Externalcontacts.csv | %{New-MailContact -Name $_.Name -DisplayName $_.Name
-ExternalEmailAddress $_.ExternalEmailAddress -FirstName $_.FirstName -LastName
$_.LastName}

$Contacts = Import-CSV .\externalcontacts.csv

$contacts | ForEach {Set-Contact $_.Name -StreetAddress $_.StreetAddress -City $_.City -
StateorProvince $_.StateorProvince -PostalCode $_.PostalCode -Phone $_.Phone -MobilePhone
$_.MobilePhone -Pager $_.Pager -HomePhone $_.HomePhone -Company $_.Company -Title
$_.Title -OtherTelephone $_.OtherTelephone -Department $_.Department -Fax $_.Fax -
Initials $_.Initials -Notes $_.Notes -Office $_.Office -Manager $_.Manager}
7. In the Exchange Admin center, click Refresh. You can see the newly created objects.
Results: After completing this exercise, you will have created and configured Microsoft Exchange Online
recipients.
Exercise 2: Configuring delegated administration

Scenario
A. Datum has delegated some administrative tasks in Exchange Server 2016 on-premises and would like to
duplicate this configuration in Exchange Online.
 Assign users to built-in role groups.

 Create a new admin role and assign a user to it.
 Create a new role assignment policy.
 Task 1: Assign users to built-in role groups

1. In the Exchange admin center, on the permissions tab, on the admin roles tab, click Organization
management, and then click Edit.
2. Add Olivia as a member of the role.
 Task 2: Create a new admin role and assign a user to it

1. Switch to Windows PowerShell.
2. In the Windows PowerShell window, run the following cmdlets:

Enable-OrganizationCustomization
New-RoleGroup –Name BranchOfficeAdmins –roles “Mail Recipients”, “Distribution Groups”,

“Move Mailboxes”, “Mail Recipient Creation”

Add-RoleGroupMember "BranchOfficeAdmins" -Member Martina

Get-RoleGroupMember "BranchOfficeAdmins"
5. In the Exchange admin center, click Refresh. Ensure that you can see the new BranchOffice Admins
role group.
 Task 3: Create a new role assignment policy

1. In the Exchange Admin center, click user roles.
2. Switch to Windows PowerShell.
3. In the Windows PowerShell window, run the following command:

New-RoleAssignmentPolicy "Limited Mailbox Configuration" -Roles MyBaseOptions,
MyAddressInformation, MyDisplayName
4. To change the default role assignment policy for new mailboxes, in the Windows PowerShell window,
run the following command:
Set-RoleAssignmentPolicy "Limited Mailbox Configuration" -IsDefault
5. When prompted, type Y, and then press Enter.
6. In the Exchange admin center, click Refresh. You can see the new role assignment policy.
Results: After completing this exercise, you will have configured delegated administration of your
Exchange Online organization.
 To prepare for the next module

When you have finished the lab, leave all of the virtual machines running.

Review Questions
Question: What do you need to do to manage your Exchange Online tenant by using Windows
PowerShell?
Question: What types of groups can you use in Exchange Online?

Module 7 – Planning and configuring

Exchange Online services
Lab A: Configuring message transport in Exchange
Online
Scenario
The pilot project is going well at A. Datum Corporation. However, before you finish the pilot project and
perform a full deployment, you need to confirm that you can configure Exchange Online settings to match the
on-premises settings for options such as message transport.
Objectives
 Configure message transport settings.
Lab Setup
Virtual machines: 20347A-LON-DC1, 20347A-LON-DS1, 20347A-LON-CL1, 20347A-LON-CL2

User names: Adatum\Administrator, Adatum\Holly, Lon-CL2\Francisco
Password: Pa$$w0rd
In all tasks:
In references to AdatumAVXXXX.onmicrosoft.com, replace AVXXXX with your unique Office 365
name that displays in the online lab portal.
In references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN name that
displays in the online lab portal.
LON-DC1

LON-DS1

LON-CL1
LON-CL2
Exercise 1: Configuring message-transport settings

Scenario
A. Datum has several email transport settings configured in their on-premises Exchange environment. You
need to ensure that you also can configure the same settings in Exchange Online, including:
A custom send and receive connector that will enforce TLS when sending email messages to, or
receiving them from, a partner organization.
A transport rule that will apply a disclaimer to all messages sent to external users
A transport rule that requires moderator approval for all messages sent to the manager distribution
list.
A journal rule that will retain a copy of all messages sent to and from members of the Development
department.
You also need to verify that you can track messages sent between users on Office 365 and sent to
external users.
 Connect to Exchange Online in Windows PowerShell.
 Create a custom send and receive connector to enforce TLS.

 Create transport rules.
 Create a journal rule for members of the research department.
 Track internal and external message delivery.
 Task 1: Connect to Exchange Online in Windows PowerShell

1. On LON-CL1, open Windows Azure Active Directory Module for Windows PowerShell.
Note: You might have a Windows PowerShell connection to Office 365 open from a previous
lab. If so, you can use the existing connection and skip this step.
2. Run the following command, and then sign in as Holly@AVXXXXa.xtremelabs.us with the password
Pa$$w0rd.
$cred=Get-Credential
3. Run the following command:
$Session=New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri

https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic
–AllowRedirection
4. Run the following command:
Import-PSSession $Session
 Task 2: Create a custom send and receive connector to enforce TLS

1. Use Microsoft Edge to sign in to Exchange admin center as Holly@AVXXXXa.xtremelabs.us with the
password of Pa$$w0rd.
2. Browse to connectors in mail flow.
3. Create a new connector with the following settings:

o Name: Humongous Insurance Outgoing
o From: Office 365
o To: Partner organization

o For email sent to: humongousinsurance.com
o Use MX records for delivery
o Require TLS using a certificate from a trusted CA

o Validation email: postmaster@humongousinsurance.com
Note: Validation of mail flow will fail because the connector is to a fictitious organization. This
is expected behavior for this lab.
4. Create a new connector with the following settings:

o Name: Humongous Insurance Incoming
o From: Partner organization
o To: Office 365
o For email received from: humongousinsurance.com
o Reject messages that do not use TLS
 Task 3: Create transport rules

1. On LON-CL1, in the Exchange admin center, create a new disclaimer rule with the following settings:
o Name: A. Datum Disclaimer
o Apply the rule if: The recipient is located Outside the organization
o Disclaimer text: <HR> If you are not the intended recipient of this message, you must
delete it
2. Create a new rule that sends messages to a moderator, with the following settings:
o Name: Moderate Managers
o Apply the rule if: The recipient is a member of Managers
o Do the following: Forward the message for approval to Holly Dickson

3. On LON-CL2, use Microsoft Edge to sign in to Outlook on the web as
Francisco@AVXXXXa.xtremelabs.us with the password Pa$$w0rd.
4. Send a message to alias@outlook.com, where alias@outlook.com is the Microsoft account that you
configured at the beginning of this course, and then verify that the disclaimer was added.
5. Send a message to Martina to test the moderation rule.
6. On LON-CL1, open Outlook 2016, read the approval request, and then approve it.
 Task 4: Create a journal rule for members of the research department

1. On LON-CL1, in the Exchange admin center, browse to journal rules in compliance management.
2. Configure undeliverable journal reports to be sent to Holly Dickson.
3. Create a new journal rule with the following settings:
o Send journal reports to: journal@humongousinsurance.com

o Name: Development messages
o If the message is sent to or received from: The Development group
o Journal all messages
 Task 5: Track internal and external message delivery

1. On LON-CL1, in the Exchange admin center, browse to message trace in mail flow.
2. Perform a search with the default settings.
3. Review the most recent message sent from Francisco to alias@outlook.com, and then verify that the
disclaimer was applied.
4. Review the most recent message sent from Francisco to Martina, and then verify that the message was
sent for moderation.
Results: After completing the exercise, you will have configured message-transport settings.
Lab B: Configuring email protection and client policies

Scenario
The pilot project is going well at A. Datum. Before finishing it and moving into a full deployment, you need to
confirm that you can configure the Exchange Online settings to match the on-premises settings for options
such as anti-spam and antivirus settings, and client access policies.
Objectives
After completing this lab, you will have:
 Configured anti-spam and antivirus settings
 Configured client access policies
Lab Setup
Virtual machines: 20347A-LON-DC1, 20347A-LON-DS1, 20347A-LON-CL1, 20347A-LON-CL2
User names: Adatum\Administrator, Adatum\Holly, and LON-CL2\Francisco
Password: Pa$$w0rd
In all tasks:

 In references to AdatumAVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN name
that displays in the online lab portal.
LON-DC1
LON-DS1

LON-CL1
LON-CL2
Exercise 1: Configuring email protection

Scenario
You also need to explore the anti-spam and antivirus settings that are available in Exchange Online, and you
must:
Configure a policy to ensure that an administrator account is notified when Exchange Online
receives a message that contains malware.
Ensure that internal users are notified when their messages are not delivered.
Ensure that you can block all email from IP addresses that you specify.
Ensure that Sales users receive all messages, even if there is a high likelihood that the message is
spam.
Ensure that Exchange Online quarantines all messages for other users if there is a high probability
that the message is spam.
Configure the malware filter.
Configure the connection filter.
Configure the spam filter.
Test the spam filter settings (optional).
 Task 1: Configure the malware filter

1. On LON-CL1, in the Exchange admin center, browse to malware filter in protection.
2. Modify the Default malware filter to:
o Notify internal senders when a message is blocked
o Notify Holly@AVXXXXa.xtremelabs.us when messages from internal or external senders are

blocked
 Task 2: Configure the connection filter

 On LON-CL1, in the Exchange admin center, configure the Default connection filter with the
following settings:
o Block 192.168.0.0/24
o Enable safe list
 Task 3: Configure the spam filter

1. On LON-CL1, in the Exchange admin center, modify the Default spam filter to quarantine high-
confidence spam.
2. Create a new spam filter with the following settings:
o Name: Sales spam policy
o Spam: Prepend subject line with text

o High confidence spam: Move message to Junk Email folder
o Prepend subject line with this text: Junk
o Applied to: members of Sales group
 Task 4: Test the spam filter settings (optional)

1. Sign in to your alias@outlook.com accounts.
2. Create a new message to send to kendra@AVXXXXa.xtremelabs.us.

3. In the body of the message, include the text XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-
STANDARD-ANTI-UBE-TEST-EMAIL*C.34X, and then send the message.
4. Create a new message to send to francisco@AVXXXXa.xtremelabs.us.

5. In the body of the message, include the text XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-
STANDARD-ANTI-UBE-TEST-EMAIL*C.34X, and then send the message.
6. On LON-CL1, in the Exchange admin center, browse to quarantine in protection.
7. Verify that the message sent to Francisco is in quarantine, but the message sent to Kendra is not.
8. Release the message sent to Francisco.
9. On LON-CL2, in Outlook on the web, verify that the message was delivered to Francisco.
Results: After completing this exercise, you should have configured anti-spam and antivirus settings.
Exercise 2: Configuring client access policies

Scenario
A. Datum wants to be able to restrict some options for Outlook on the Web and mobile clients. You need to
configure policies for Outlook Web App, mobile device access, and mailboxes.
 Configure an Outlook Web App policy.
 Configure mobile-device access.

 Configure a mailbox policy for mobile devices.
 Validate mobile-device management policies (optional).

 Task 1: Configure an Outlook Web App policy

1. On LON-CL1, in the Exchange admin center, browse to the Outlook Web App policies in permissions.
2. Create a new Outlook Web App policy named Limited features with the following features disabled:
o Instant messaging
o Text messaging
o Unified messaging
o LinkedIn contact sync
o Journaling
o Direct file access for private computers.
3. Associate the Limited features Outlook Web App policy with Kendra Sexton.
4. In Outlook, create a new message for Kendra Sexton, and the attach the
C:\Windows\Logs\DISM\dism.log file.
5. On LON-CL2, sign out of Outlook on the web, and then sign in again as
Kendra@AVXXXXa.xtremelabs.us with the password Pa$$w0rd.
6. Verify that Kendra is unable to access the attachment in the new message.
 Task 2: Configure mobile-device access

1. On LON-CL1, in the Exchange admin center, browse to mobile device access in mobile.
2. Edit the Exchange ActiveSync Access settings to quarantine new mobile devices and notify Holly
Dickson.
 Task 3: Configure a mailbox policy for mobile devices

1. On LON-CL1, browse to mobile device mailbox policies in mobile.
2. Modify the Default policy to:

o Require a password
o Allows simple passwords

o Minimum password length of 4
 Task 4: Validate mobile-device management policies (optional)

1. On your mobile device, add a new ActiveSync account for Francisco Chaves.
2. If Autodiscover does not detect the server name, enter outlook.office365.com.
3. Your device will be placed into quarantine, and you must approve the device before you can send and
receive messages.
4. After you configure the Exchange ActiveSync account, the security settings from the mobile device
mailbox policy will apply, and you may be prompted to create a password on your device.
5. When you are done testing, you can delete the account from your mobile device.
6. Leave the virtual machines running for the next lab.
Results: After completing this exercise, you should have configured client access policies.

Review Questions
Question: Why is it important not to remove the last on-premises Exchange server when
directory synchronization is in place?
Question: You recently migrated all of your organizational mailboxes to Office 365. Many of
your users have mobile devices that connect by using Exchange ActiveSync. Your security
officer was shocked when he saw that a user did not have a password on his mobile device.
Why did this happen, and how can you fix it?
Module 8 - Planning and deploying

Skype for Business Online
Lab: Configuring Skype for Business Online
Scenario
As part of an Office 365 implementation, A. Datum Corporation wants to use Skype for Business Online to
provide IM and online conferencing. You need to configure the Skype for Business Online service settings
and the user settings to meet A. Datum’s requirements.
Objectives
 Configure Skype for Business Online organization settings.
 Configure Skype for Business Online user settings.
 Configure a Skype Meeting Broadcast.
Lab Setup
Virtual machines: 20347A-LON-DC1, 20347A-LON-DS1, 20347A-LON-CL1, 20347A-LON-CL3, 20347A-

LON-CL4
User name: Adatum\Administrator
Password: Pa$$w0rd
In all the tasks, where you see references to AdatumAVXXXX.onmicrosoft.com, replace AVXXXX
with your unique Office 365 name that is displayed in the online lab portal.
Where you see references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN
LON-DC1
o Sign in as Adatum\Administrator
LON-DS1
LON-CL1
LON-CL3

LON-CL4
o Sign in as Adatum\Maira using the password Pa$$w0rd

Exercise 1: Configuring Skype for Business Online organization settings

Scenario
A. Datum needs to ensure that internal users can communicate with some external users, but the company
also wants the option to block communication with some specified domains. A. Datum also wants to
customize the default meeting page to provide company-specific information. You need to configure the
required settings.
 Download and install the Skype for Business Online module for Windows PowerShell.
 Enable Skype Meeting Broadcast for the organization.

 Configure the organization settings for Skype for Business Online.
 Configure the meeting invitation settings.
 Validate the meeting invitation settings.
 Task 1: Download and install the Skype for Business Online module for Windows
PowerShell
1. On LON-CL1, in Microsoft Edge, connect to http://go.microsoft.com/fwlink/?LinkId=294688.
2. Download and install the Skype for Business Online module for Windows PowerShell.
 Task 2: Enable Skype Meeting Broadcast for the organization

1. On LON-CL1, connect to Skype for Business Online by running the following commands in Windows
PowerShell. Use Holly’s credentials to connect:
$cred = Get-Credential
$SfBSession = New-CSOnlineSession –Credential $cred
Import-PSSession $SfBSession
2. Enable meeting broadcasts by using the Set-CsBroadcastMeetingConfiguration cmdlet with the

EnableBroadcastMeeting parameter. Task 3: Configure the organization settings for Skype for
Business Online
1. On LON-CL1, use Windows PowerShell to configure the following:

c. Enable privacy mode by using the Set-CSPrivacyConfiguration cmdlet with the
EnablePrivacyMode parameter.
d. Disable push notifications for Apple devices by using the Set-

CSPushNotificationConfiguration cmdlet with the EnableApplePushNotification parameter.
e. Verify the privacy and push notification settings by running the Get-CSPrivacyConfiguration
and Get-CSPushNotificationConfiguration cmdlets.
f. Allow users to communicate with public Skype users by using the

Set-CsTenantFederationConfiguration cmdlet with the AllowPublicUsers parameter.
g. Allow users to communicate with federated partners by using the

Set-CsTenantFederationConfiguration cmdlet with the AllowFederatedUsers parameter.
2. Use the following commands to enable communication with all federated partners except for litware.com:
$AllDomains = New-CsEdgeAllowAllKnownDomains
$BlockedDomain = New-CsEdgeDomainPattern -Domain "litware.com"
Set-CsTenantFederationConfiguration -AllowedDomains $AllDomains –BlockedDomains
$BlockedDomain
Get-CsTenantFederationConfiguration
3. Open Microsoft Edge, and then connect to https://portal.office.com.
4. Sign in as Holly@AVXXXXa.xtremelabs.us with the password Pa$$w0rd.
5. In the Skype for Business admin center, verify the following settings:
o Privacy mode is set to display presence information only to a user’s contacts.

o Apple Push Notification Service is not enabled.
o External communications are enabled for all domains except for litware.com.
 Task 4: Configure the meeting invitation settings

1. On LON-CL1, in the Skype for Business admin center, configure the following meeting invitation settings:
o Help URL: http://help.adatum.com
o Footer text: Sample legal disclaimer
2. Use the Get-CsMeetingConfiguration cmdlet to verify the meeting invitation settings.
 Task 5: Validate the meeting invitation settings

1. On LON-CL1, open Skype for Business 2016, and then sign in as Holly@AVXXXXa.xtremelabs.us.
2. On LON-CL1, open Microsoft Outlook 2016.

3. Create a new Skype meeting request, and then send it to Maira.
4. Open the meeting, and then verify the help link and custom footer text.
Results: After completing this exercise, you should have configured Skype for Business Online service
settings.
Exercise 2: Configuring Skype for Business Online user settings

Scenario
You need to configure different Skype for Business Online user settings based on the department of which
the user is a member. You will use Windows PowerShell to configure the settings.
 Configure Skype for Business user settings.
 Verify Skype for Business communications.
 Task 1: Configure Skype for Business user settings

1. On LON-CL1, in the Office 365 admin center, edit the Christie Thomas user account to remove the
option to use Skype for Business.
2. In the Skype for Business admin center, verify that Christie Thomas is not listed as a Skype for Business
user.
3. Edit Maira Wenzel’s Skype for Business user settings to remove the option to record meetings, and to
prevent her from communicating with public Skype users.
4. Edit Francisco Chaves’s Skype for Business user settings to enable him to connect to audio meetings
only.
 Task 2: Verify Skype for Business communications

1. On LON-CL4, ensure that you are signed in as Maira. Open Outlook 2016 and configure a profile for
Maira@AVXXXXa.xtremelabs.us.
2. Open Skype for Business and sign in as Maira@AVXXXXa.xtremelabs.us with the password Pa$$w0rd.
3. On LON-CL1, create a Skype meeting request for a meeting that will start within the next 15 minutes,
and then send the request to Francisco Chaves and Maira Wenzel.
4. In Skype for Business, send Maira an IM.
5. On LON-CL4, respond to the message.

6. Accept the meeting request from Holly, and then join the meeting.
7. On LON-CL1, join the meeting, and then verify that Maira is connected to the meeting.
8. On LON-CL1, share your desktop.
9. On LON-CL4, verify that Holly’s desktop is visible in the meeting window.
10. On LON-DC1, open Internet Explorer, and then connect to https://portal.office.com. Sign in as
Francisco@AVXXXXa.xtremelabs.us.
11. Open Mail, and then accept Holly’s meeting request.
12. Open Calendar, and join the meeting, and then install the Skype for Business Web App plug-in.
13. Verify that you can join the meeting and that Holly’s desktop is visible.
14. Close the Internet Explorer window.
15. On LON-CL4, disconnect from the meeting.
16. On LON-CL1, disconnect from the meeting.
Results: After completing this exercise, you should have configured Skype for Business Online user
settings and validated Skype for Business Online functionality.
Exercise 3: Configuring a Skype Meeting Broadcast

Scenario
A. Datum is interested in exploring the option of hosting large company meetings and external meetings on
Skype for Business. You need to configure a Skype Meeting Broadcast.
 Configure a Skype Meeting Broadcast.
 Validate the Skype Meeting Broadcast configuration.
 Task 1: Configure a Skype Meeting Broadcast

1. On LON-CL1, connect to https://broadcast.skype.com, and then sign in as
holly@AVXXXXa.xtremelabs.us with the password Pa$$w0rd.
2. Create a new broadcast meeting with the following information:
o Meeting title: Test broadcast meeting
o Meeting time: Today’s date

o Start time: Within the next 15 minutes
o Duration: 1 hour
o Members: Roman Miler
o Access: Secure
o Attendees: Maira Wenzel
3. Create and send an Outlook invitation to the meeting.
 Task 2: Validate the Skype Meeting Broadcast configuration

1. On LON-CL3, ensure that you are signed in as Roman. Open Outlook 2016 and configure a profile for
Roman@AVXXXXa.xtremelabs.us.
2. Open Skype for Business and sign in as Roman@AVXXXXa.xtremelabs.us with the password
Pa$$w0rd.
3. In Outlook 2016, accept the broadcast meeting request from Holly.
4. Join the broadcast meeting. Verify that Roman can join the meeting.
5. Start the broadcast as a content only meeting.
6. On LON-CL4, accept the broadcast meeting request from Holly.
7. Join the meeting as Maira.

8. Verify that Maira can join the meeting.
9. On LON-CL3, stop the broadcast.
10. On both LON-CL3 and LON-CL4, disconnect from the meeting.
11. Keep the virtual machines running for the next lab.
Results: After completing this exercise, you should have configured a broadcast meeting and verified
that users can join the meeting.
Question: How will you change the Windows PowerShell steps that you ran in the lab if you
want to block all communication with external domains except for litware.com?
Question: Do you think that your organization will use Skype Meeting Broadcast?

Common Issue and Troubleshooting Tip
Users cannot authenticate to

Skype for Business Online.
Tools
The following tools are covered in this module:
Skype for Business admin center. Accessible from the Office 365 admin center, use this tool to
configure Skype for Business Online service settings and user settings.
Skype for Business Server Management Shell. Use this tool to configure Skype for Business
Online settings.
The Skype for Business Online module for Windows PowerShell. This provides the Windows
PowerShell commands that are required to configure Skype for Business Online when you use
the
Skype for Business Server Management Shell.

Module 9 - Planning for and

configuring SharePoint Online
Lab: Configuring SharePoint Online
Scenario
Now that the pilot group is getting comfortable with Exchange Online and Skype for Business Online, the
next step is to start using SharePoint Online. You need to start the SharePoint Online deployment by
configuring the service settings, creating and configuring site collections, and configuring external user
sharing.
Objectives
 Configure SharePoint Online settings.
 Create and configure SharePoint Online site collections.

 Configure and verify external user sharing.
Lab Setup
Virtual machines: 20347A-LON-DC1, 20347A-LON-DS1, and 20347A-LON-CL1
User names: Adatum\Administrator for LON-DC1 and LON-DS1 and Adatum\Holly for LON-CL1
Password: Pa$$w0rd
 In all of the tasks where you see references to AdatumAVXXXX.onmicrosoft.com, replace AVXXXX
with your unique Office 365 name that displays on the online lab portal.
 Where you see references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN
LON-DC1
LON-DS1
LON-CL1
o Sign in as Adatum\Holly with the password Pa$$w0rd
Exercise 1: Configuring SharePoint Online settings

Scenario
As a first step in the SharePoint Online deployment, you will configure using Yammer as the default
enterprise social networking tool of the SharePoint Online service settings.
 Configure settings.
 Configure user profiles.
 Configure apps.
 Task 1: Configure settings

1. On LON-CL1, open Microsoft Edge, connect to https://portal.office.com, and then sign in as Holly
Dickson.
2. Access the SharePoint admin center.

3. In settings, configure the following options:
o Enable automatic site collection storage management.
o Select Yammer as the Enterprise Social Newsfeed.

o Enable external sharing for authenticated users and users gaining access through anonymous
guest links.
 Task 2: Configure user profiles

1. In User profiles, select the user profile of Brad, and add Holly as his manager.
2. Under My Site Settings, configure Holly as the secondary site owner.
 Task 3: Configure apps

1. Configure store settings in the app section.
2. Disable apps from starting when documents are opened in the browser.
Results: After completing this exercise, you should have configured SharePoint Online service settings.
Exercise 2: Creating and configuring SharePoint Online site collections

Scenario
As a first step in the SharePoint Online deployment, you will create two different site collections, one for the
Accounts Project group, and one for the Marketing group.
 Create a site collection using the SharePoint admin center.
 Create a site collection using Windows PowerShell.
 Configure permissions on the site collections.
 Verify access to the site collections.
 Task 1: Create a site collection using the SharePoint admin center

1. Open Microsoft Edge and sign in to https://portal.office.com with the user name
holly@AVXXXXa.xtremelabs.us, and the password of Pa$$w0rd.
2. Access the SharePoint admin center.

3. In the leftmost side, click Site collections, and create a new site named marketing. Use the
https://AdatumAVXXXX.sharepoint.com/sites/marketing URL, and add Holly as the site
administrator.
4. Wait for the site collection to be created.
Note: It can take a few minutes until the Sharing menu on the ribbon is active. You can speed
this up by refreshing the page by pressing the F5 key.
5. Change the Sharing settings to Allow sharing with all external users, and by using anonymous
access links.
 Task 2: Create a site collection using Windows PowerShell

1. Download the SharePoint Online Management Shell tool from http://aka.ms/f04q5o and install it.
2. Open the SharePoint Online Management Shell as an administrator.
3. Connect to the SharePoint admin center by running the following command:

4. Connect-SPOService –Url https://AdatumAVXXXX-admin.sharepoint.com –credential
holly@AVXXXXa.xtremelabs.usEnter your password.
5. Create a new SharePoint Online site by running the following command:
New-SPOSite -Url https://AdatumAVXXXX.sharepoint.com/sites/AcctsProj -Owner

holly@AVXXXXa.xtremelabs.us -StorageQuota 500 -NoWait -Template PROJECTSITE#0 –Title
“Accounts Project”
6. Close the Windows PowerShell window.
 Task 3: Configure permissions on the site collections

1. In Microsoft Edge, open a new InPrivate window, connect to the SharePoint admin center, and then
select the /marketing site.
2. Edit the properties of the site, and add Brad Sutton as an additional site collection administrator.
3. Sign in as Brad@AVXXXXa.xtremelabs.us and verify if you are a site collection administrator of the site.
 Task 4: Verify access to the site collections

1. On LON-CL1, connect to https://AdatumAVXXXX.sharepoint.com/sites/marketing.
2. Sign in as maira@AVXXXXa.xtremelabs.us, with the password of Pa$$w0rd.
3. Verify that you cannot access the site, and then request access.
4. Connect to https://AdatumAVXXXX.sharepoint.com/sites/marketing.
5. Sign in as holly@AVXXXXa.xtremelabs.us, with the password of Pa$$w0rd.
6. On the Site Permissions page, approve Maira Wenzel’s access request, and then add Perry Brill to the
site members group.
7. Access the site again as Maira and verify that she has access.
8. Access the site as Perry and verify that he has access.
Results: After completing this exercise, you should have created and configured SharePoint Online site
collections.
Exercise 3: Configuring and verifying external user sharing

Scenario
Now, you will create a new site collection and configure the SharePoint Online service settings. Then, you
will share the site and documents with external users.
 Configure global settings for external user sharing.

 Configure a site collection for external user sharing.
 Verify external user sharing.
 Task 1: Configure global settings for external user sharing

1. In Microsoft Edge, access the SharePoint admin center by signing in as Holly.
2. In settings, enable external sharing for authenticated users and users gaining access through
anonymous guest links.
 Task 2: Configure a site collection for external user sharing

1. Select the /AcctsProj website and configure it for sharing with external and anonymous guest links.
2. Share the AcctProj site with the Microsoft account you used for setting up your Office 365 trial. Grant
the user member permissions.
3. On the Marketing site, create a new document in the Documents folder. Enter some text in the
document.
4. Share the document with the Microsoft account you used for setting up your Office 365 trial. Grant the
user edit permissions.
 Task 3: Verify external user sharing

1. Sign in to Outlook.com using your Microsoft account, and then use the link provided in the email to verify
that the external user can access the AcctProj site.
2. Verify that the user can also access and edit the document in the Marketing document library.
3. Close all browser tabs and close the browser.
4. Leave the virtual machines running for the next lab.
Results: After completing this exercise, you should have configured a new site collection for external user
sharing, and you should have shared a site and a document with external users.

Review Question
Question: Create a checklist for proper site collection planning.
Best Practices
SharePoint Online offers several configuration options; planning a collaboration solution and configuring
SharePoint Online are tasks that you must do upfront to have a good SharePoint Online environment
where your users can start working with.
The main points you should consider are:
 Do proper planning before you start with user onboarding.
 Create a sharing policy that is consistent throughout the service.
 Automate site collection generation as much as possible.


an Office 365 collaboration solution
Lab: Planning and configuring an Office 365 collaboration
solution
Scenario
With all of the core Office 365 components configured and working well, the next step for A. Datum
administrators is to explore options for using Office 365 to enhance collaboration within the organization. To
do this, you will enable and configure Yammer Enterprise, OneDrive for Business, and Office 365 groups.
Objectives
 Enable and configure Yammer Enterprise.
 Configure OneDrive for Business.

 Configure Office 365 groups.
Lab Setup
Virtual Machines: 20347A-LON-DC1, 20347A-LON-DS1, 20347A-LON-CL1, 20347A-LON-CL3

User name: Adatum\Administrator on LON-DC1 and LON-DS1, Adatum\Holly on LON-CL1, and
Adatum\Roman on LON-CL3
Password: Pa$$w0rd
In all tasks where you see references to AdatumAVXXXX.onmicrosoft.com, replace AVXXXX
with your unique Office 365 name that is displayed in the online lab portal.
Where you see references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique
UPN name displayed in the online lab portal.

LON-DC1
LON-DS1

LON-CL1
LON-CL3
 Exercise 1: Configuring Yammer Enterprise

Scenario
As a first step in exploring the collaboration options, you will configure Yammer Enterprise for A. Datum.
Yammer Enterprise is enabled by default, so you need to configure the settings and explore the user
experience with Yammer.
 Configure a Yammer organization setting.
 Configure Yammer service settings, and enforce Office 365 identity.

 Configure the Yammer user experience.
 Use Yammer.
 Task 1: Configure a Yammer organization setting

1. On LON-CL1, open Microsoft Edge, connect to https://portal.office.com, and sign in as Holly Dickson.
2. Access the Yammer admin center.
3. Click Usage Policy.

4. Select the two options that users need to accept the usage policy and that a policy reminder is displayed.
5. Name the Usage policy ADatum Acceptable Use Policy.
6. Enter the following as the use policy details:

7. Welcome to Yammer! Our goal is to provide a collaborative environment to connect with
colleagues and bridge various departments and geographic locations to share meaningful
information.
8. Click Save.
9. Accept the policy.
10. Configure so that users receive weekly digest of group messages.
11. Disable usage of third-party applications.

12. Configure Soft Delete data retention policy.
13. Monitor the following keywords on Yammer: gambling, erotic, warez.
 Task 2: Configure Yammer service settings, and enforce Office 365 identity
1. Go to Content and Security, and click Security settings.
2. Select the Enforce Office 365 identity in Yammer check box.
3. Confirm that you are ready and save.
 Task 3: Configure the Yammer user experience

1. Access the Yammer SETTINGS.
2. Go to Notifications to configure the settings, and change the digest to weekly.
3. Select only the options:

o I receive a message in my inbox
o I log in from somewhere new
o I post a message via email (This will send a confirmation email)
4. Click Save.
 Task 4: Use Yammer

1. Sign in to Yammer as Roman@AVXXXXa.xtremelabs.us with the password Pa$$w0rd.
2. Invite Christie to use Yammer.
3. Accept usage policy.
4. Share the post from Holly.

5. Post a message to the company timeline “free gambling here”.
6. Sign out and sign in as Holly@AVXXXXa.xtremelabs.us.
7. Open the mailbox of Holly.

8. Verify that you received a message from Yammer with report about monitored keyword appearance in
Roman post.
9. Close the browser.
Results: After completing this exercise, you should have enabled Yammer Enterprise for A. Datum.
Exercise 2: Configuring OneDrive for Business

Scenario
After you enable Yammer Enterprise, you are ready to configure OneDrive for Business for A. Datum. If you
have Office 2013 or Office 2016 installed, you have the sync client on your computer, and you can start using
OneDrive for Business.
 Enable OneDrive for Business synchronization.

 Create files to synchronize with OneDrive for Business.
 Share files with other users.
 Task 1: Enable OneDrive for Business synchronization

1. On LON-CL3, open Word 2016 and verify that Word is licensed to Roman Miler. If it is not, change the
account to Roman’s account.
2. Open Microsoft Edge, and connect to https://portal.office.com.
3. Sign in as Roman@AVXXXXa.xtremelabs.us with the password Pa$$w0rd.
4. In the Office 365 portal, click OneDrive.
5. Create a Word document on the OneDrive site.
6. Select the option to synchronize the OneDrive folder.
7. When prompted, select the option to Show my files.
8. File Explorer opens and displays the location where the synchronized files will be stored. Verify that the
Word document has been synchronized to the local computer.
 Task 2: Create files to synchronize with OneDrive for Business

1. On LON-CL3, in the OneDrive for Business folder, create two new folders named Private and
Project A.
2. In Private folder, create a new Word document named Holidays.docx. Open the file, type some text,
save the document, and then close Microsoft Word.
3. In Project A folder, create a new Word document named project targets.docx. Open the file, type
some text, save the document, and then close Word.
4. Verify that both files are synchronized to Office 365.
5. To view the files online, switch to the Microsoft Edge windows, and verify that the two folders with the
files are displayed in OneDrive for Business.
6. In Microsoft Edge, navigate to the folder Private, open the synchronized document Holidays.docx, add
some text in Word Online, and then return to the OneDrive for Business Files site.
7. Switch back to File Explorer, navigate to the folder Private, and then open Holidays.docx. You will see
that the changes made in Word Online are synchronized automatically.
 Task 3: Share files with other users

1. In File Explorer, right-click the folder named Project A, click View Online.
2. Select the option to share the Project targets document.
3. Share the document with edit permissions with Holly Dickson.
4. Open an InPrivate Microsoft Edge window and connect to Office 365 as Holly. Access Holly’s mail.
5. Verify that you can open and edit the document shared by Roman.
6. In Roman’s online OneDrive for Business folder, stop sharing the document.
7. Close all Microsoft Edge windows.
Results: After completing this exercise, you should have configured OneDrive for A. Datum.
Exercise 3: Configuring Office 365 groups

Scenario
The final Office 365 collaboration solution that you need to explore is Office 365 groups. You need to
configure Office 365 groups, including membership, privacy, and subscription options, and explore the user
interaction with Office 365 groups.
 Configure a private Office 365 group.
 Configure a public Office 365 group with Windows PowerShell.
 Explore the Office 365 group components.
 Task 1: Configure a private Office 365 group

1. On LON-CL1, sign in to http://portal.office.com as Holly.
2. In the Office 365 admin center create a new Office 365 group named AdatumMarketing, and set it to
private.
3. Assign Holly Dickson as the group owner, and Roman Miler as a group member.
4. Set the group language as English (United Kingdom).

 Task 2: Configure a public Office 365 group with Windows PowerShell

1. Connect to Exchange Online Remote PowerShell.
2. Create a new unified group named Planning Group by using the new-unified group cmdlet.
3. After the group is created, add Holly@AVXXXXa.xtremelabs.us as a group owner.
4. Add Francisco@AVXXXXa.xtremelabs.us as a group member.
 Task 3: Explore the Office 365 group components

1. On LON-CL1, connect to https://portal.office.com as Holly@AVXXXXa.xtremelabs.us.
2. Browse Office 365 groups through the Outlook Web App.
3. View the Planning Group.
4. Create a new conversation in the group.
5. Switch to the group calendar, and then add an entry named Planning meeting for tomorrow.
6. Check if the calendar item synchronizes to Holly’s calendar.

7. In the group Files, add a new Word document.
8. On LON-CL3, open Microsoft Edge, and sign in to https://portal.office.com as

Roman@AVXXXXa.xtremelabs.us, with the password Pa$$w0rd.
9. Click Outlook. Verify that the AdatumMarketing group appears in your Groups list.
10. Join the Planning Group and verify that you see the message and document that Holly created in the
group.
Results: After completing this exercise, you should have configured Office 365 groups at A. Datum.
Question: If you enforce Office 365 identities in Yammer, what is the impact for Yammer users
with no Office 365 identities?
Question: Which Windows PowerShell cmdlets can you use to create an Office 365 group and
to add the group owner?

Best Practices:
 Always enable Yammer Enterprise as the primary Enterprise Social Network within Office 365.
 Design a usage policy.
 Familiarize yourself with the administration options within Yammer Enterprise.
 Support users during their initial experience of using Yammer.

 Familiarize yourself with the different OneDrive for Business sync clients and their limitations and
features.
 Create a consistent sharing policy across Office 365.

 Decide if and when you should use Office 365 groups, because they are essential to some of the
Office 365 components.
 Decide if Office 365 groups will be user centric or centrally managed.

Synchronization is not working in

OneDrive for Business
Multiple Yammer Networks exist for

different Office 365 domains
Office 365 groups are enabled and used

without administrative awareness
Review Question
Question: Discuss the differences between Office 365 groups and Yammer and possible use
cases where you need one tool or the other.

Rights Management and compliance
Lab: Configuring Rights Management and compliance
Scenario
The compliance and security groups at A. Datum Corporation have concerns with the implications of moving
internal services and content to a cloud-based solution, such as Office 365. To receive project approval, you
need to show how you can use the Rights Management and compliance features to address these concerns.
Objectives
 Configure Rights Management in Office 365.

 Configure compliance features in Office 365.
Lab Setup
Estimated Time: 75 Minutes
Virtual machines: 20347A-LON-DC1, 20347A-LON-DS1, and 20347A-LON-CL1
User names: Adatum\Administrator on LON-DC1 and LON-DS1, and Adatum\Holly on LON-CL1
Password: Pa$$w0rd
In all the tasks, where you see references to AdatumAVXXXX.onmicrosoft.com, replace AVXXXX with your
unique Office 365 name that is displayed in the online lab portal.
Where you see references to AVXXXXa.xtremelabs.us, replace AVXXXXa with your unique UPN name
 LON-DC1:
 LON-DS1:
 LON-CL1:
Exercise 1: Configuring Rights Management in Office 365

Scenario
You need to configure Rights Management in Exchange Online and SharePoint Online to help ensure that
confidential information is not shared with unauthorized users.
 Configure Rights Management for Exchange Online.

 Configure Rights Management for SharePoint Online.
 Validate the Azure Rights Management functionality.
 Task 1: Configure Rights Management for Exchange Online

1. On LON-CL1, sign in to http://portal.office.com as Holly.
2. In the Office 365 admin center, in the left side menu, select Settings, click Services & add-ins, the click
Microsoft Azure Right Management.
3. Click Manage Microsoft Azure Rights Management settings, then click activate.
4. Open Windows PowerShell.

5. Use the following commands to connect to remote Exchange Online with remote PowerShell. Use
Holly’s credentials to connect.
$Cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri

https://outlook.office365.com/powershell-liveid/ -Credential $Cred -Authentication Basic -
AllowRedirection
Import-PSSession $Session
6. Use the following command to set the IRM sharing location to the region you are in.
Set-IRMConfiguration -RMSOnlineKeySharingLocation https://sp-

rms.na.aadrm.com/TenantManagement/ServicePartner.svc Note: Depending on the
location of your tenant, replace the link in the preceding command with one of the following:
 For Europe: https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc
 For Asia: https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc

 For South America: https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc
7. Use the following command to configure Azure RMS as a trusted publishing domain.
Import-RMSTrustedPublishingDomain -RMSOnline -name "RMS Online"
8. Use the following command to set the IRM configuration for licensed users only.
Set-IRMConfiguration -InternalLicensingEnabled $true
9. Use the following command to test the configuration.
Test-IRMConfiguration -Sender holly@AVXXXXa.xtremelabs.us
10. Remove the remote Windows PowerShell session, and then close Windows PowerShell.
 Task 2: Configure Rights Management for SharePoint Online

1. From the Office 365 admin center, connect to the SharePoint admin center.
2. Go to the settings page.

3. Enable IRM, and refresh the IRM settings
 Task 3: Validate the Azure Rights Management functionality

1. On LON-CL1, open Word 2016, and add holly@AVXXXXa.xtremelabs.us as the Office account.
2. Close Word 2016.
3. Open Outlook 2016. Create a new message for Brad Sutton. On the Options tab, click Permission, and
then connect to the Rights Management server to get templates.
4. Click Permission again, apply the Do not Forward policy, and then send the message.
5. In Microsoft Edge, connect to https://AdatumAVXXXX.sharepoint.com/sites/marketing.
6. Click Documents, and then access the library settings.
7. Enable Information Rights Management (IRM), and then configure a policy with the following settings:
b. Restrict permissions on this library on download
h. Title: Marketing Policy
i. Description: Marketing policy for downloads
j. Allow viewers to write on a copy of the downloaded document

9. Open Microsoft Edge, and then connect to https://portal.office.com. Sign in as
Brad@AVXXXXa.xtremelabs.us with the password Pa$$w0rd.
10. Check Brad’s email, and then verify that you received an email from Holly that is IRM protected. Click the
message.
11. Verify that you do not have the option to forward or print the message.
12. In Microsoft Edge, connect to https://AdatumAVXXXX.sharepoint.com/sites/marketing.

13. Open the document in the Documents library, and then verify that you get a message that the document
is read-only.
Results: After completing this exercise, you will have configured Rights Management for Exchange
Online and SharePoint Online.
Exercise 2: Configuring compliance features

Scenario
You need to implement the compliance features required to address the security requirements.
 Configure Protection Center permissions and audit logging.
 Configure archive mailboxes.
 Configure retention tags and policies.
 Configure content deletion and preservation policies.
 Configure data loss protection policies in SharePoint Online.

 Configure data loss protection policies for email.
 Create compliance check content.
 Validate the configuration.

 Task 1: Configure Protection Center permissions and audit logging

1. On LON-CL1, open Microsoft Edge, and then sign in to https://portal.office.com as
holly@AVXXXXa.xtremelabs.us.
2. In the Office 365 admin center, click Compliance, and then open the Protection Center.
3. In the Protection Center, configure Brad Sutton as a Compliance Administrator and Christie Thomas as
an eDiscovery Manager.
4. Click Reports, and then click View reports.
5. Click Office 365 audit log report.

6. On the Audit log search page, click Start recording user and admin activities, and then click Turn
on and click OK.
 Task 2: Configure archive mailboxes

1. On LON-CL1, open Microsoft Edge, and then connect to https://protection.office.com as
Brad@AVXXXXa.xtremelabs.us. Brad is a member of the Compliance Administrator role group, so he
can connect to the protection website.
2. In the navigation pane, click Data management, and then click Archive.
3. Configure Christie Thomas and Jessica Jennings with archive mailboxes.
 Task 3: Configure retention tags and policies

1. In the retention area of the Protection Center, create the following retention tags for your organization:
o Default Policy Tag (DPT):
 Name: Research User 1 year move to archive
 Retention Action: Move to Archive
 Retention Period: 365 days
o DPT:
 Name: Default 2 years move to Deleted Items
 Retention Action: Delete and Allow Recovery
o Retention Policy Tag (RPT) on the Deleted Items folder:
 Name: Purge Deleted Items 30 days
 Retention Action: Permanently Delete
o Personal tag:
 Name: 2 Year Delete
 Retention Action: Delete and Allow Recovery
o Personal tag:
 Name: Never archive
 Retention Action: Move to Archive
 Retention Period: Never

2. Create the following retention policies for your organization:
o Retention policy for Research users:
 Name: Research MRM Policy
 Retention tags included:
 6 Month Delete
 1 Year Delete
 2 Year Delete
 Never Delete
 Research user 1 year move to archive
 Default 2 year move to Deleted Items
 Purge Deleted Items 30 days
 Personal 1 year move to archive
 Never archive
3. Apply the retention policy for Research users to Christie Thomas’s mailbox.
 Task 4: Configure content deletion and preservation policies

1. On the Retention page, click Manage document deletion policies for SharePoint Online and OneDrive for
Business.
2. Verify that Brad does not have permission to configure SharePoint Online deletion settings. Close
Microsoft Edge.
3. Open Microsoft Edge, and then connect to https://protection.office.com as
4. Access the Retention page, and then select the option to manage document deletion policies for
SharePoint Online and OneDrive for Business.
5. On the Compliance Policy Center page, edit Sample Document Policy by using the following settings:
c. Set the name as Marketing Document Policy.
k. Create a new rule named Delete Messages at 7 years that will permanently delete messages
seven years after they were created.
l. Set the new rule as the default rule.
6. On the Compliance Policy Center page, click Policy Assignments for Site Collections.
7. Apply Marketing Document Policy to the Marketing site collection, and then mark the policy as
mandatory.
8. On the Retention page, under Preserve, create a new preservation policy as follows:
d. Type Retain contract details as the policy name, and then click Next.
m. Make sure that the search locations include Francisco Chaves’s mailbox and the
https://AdatumAVXXXX.sharepoint.com/sites/AcctsProj/ site collection.
n. Configure the policy to search for the word Contract.
o. Configure the policy to retain content for seven years.

 Task 5: Configure data loss protection policies in SharePoint Online

1. Open Microsoft Edge, then and connect to https://protection.office.com as
Brad@AVXXXXa.xtremelabs.us.
2. In the navigation pane, click Security Policies, and then click Data loss prevention.
3. Create a new DLP policy from a template with the following settings:
a. Information to protect: Custom
b. DLP rule condition: Content contains sensitive information
c. Sensitive information type: IP address

d. Action: Send an incident report to Christie Thomas
e. Rule name: IP address check
f. DLP policy name: Test DLP policy

g. Configure the policy to send notifications and provide policy tips for users.
 Task 6: Configure data loss protection policies for email

1. Open Microsoft Edge, connect to https://protection.office.com, and then sign in as
2. In the Protection center, click Security Policies, and then click Data Loss Prevention.
3. On the Data loss prevention page, click go to the Exchange admin center.
4. Create a new custom DLP policy as follows:
a. Set the policy name as Test DLP policy for email.
b. Set the policy as enforced.
c. Create a new rule that will Block messages with sensitive information unless the sender
overrides.
d. Configure the sensitive information as IP addresses.
e. Send a notification to Christie Thomas.

f. If the user overrides the block, configure the email to use rights protection.
 Task 7: Create compliance check content

1. Open Microsoft Edge, and then connect to https://portal.office.com as
Brad@AVXXXXa.xtremelabs.us.
2. Send a new email to your Microsoft account with a subject of Server IP address and a message body of
127.0.0.1.
3. Override the message block, and then send the message.
 Task 8: Validate the configuration

1. Connect to your Microsoft account mailbox, and then verify that you received the message from Brad but
that the message attachment is encrypted and inaccessible.
2. Sign in to Office 365 as Christie@AVXXXXa.xtremelabs.us.
3. Access Christie’s mailbox, and then verify that she has an In-Place Archive.
4. Verify that she received a notification about the message that Brad sent to your Microsoft account.
Results: After completing this exercise, you will have implemented the Office 365 compliance features.
Question: What is the best approach to protect organizational financial data?
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Retention policies are helpful for reducing space in your mailbox.

Security, compliance, and governance are key elements of Office 365. With these Office 365 features, it
is possible to work within Office 365 in a security-enhanced and protection-enhanced way.
Best Practice
Security enhancement is a continuous process. Good planning and tenant preparation helps to secure
the environment for users.
Common Issue and Troubleshooting Tip

Encrypted content is not accessible

Module 12 - Monitoring and

troubleshooting Microsoft Office 365
Scenario
A. Datum Corporation’s Office 365 deployment is almost complete. As the team enters the final phase of this
project, you need to set up a suitable monitoring environment to track the status of Office 365 and to ensure
that the help desk and IT management can respond to any reported issues. Additionally, you need to learn
how to monitor and troubleshoot Office 365 issues so that you can train the support staff in these areas.
Objectives
 Analyze mail flow.

 View Office 365 reports.
Lab Setup
Virtual machines: 20347A-LON-DC1, 20347A-LON-DS1, 20347A-LON-CL1
User names: Adatum\Administrator on LON-DC1 and LON-DS1 and Adatum\Holly on LON-CL1
Password: Pa$$w0rd
 In all of the tasks, where you see references to AdatumAVXXXX.onmicrosoft.com, replace AVXXXX
with your unique Office 365 name that displays in the online lab portal.
 Where you see references to AVXXXXa.xtremelabs.us, replace AVXXXXa with your unique UPN
 LON-DC1:
 LON-DS1:

 LON-CL1:
o Sign in as Adatum\Holly by using the password Pa$$w0rd.
Exercise 1: Monitoring Office 365

Scenario
Some A. Datum users report that they cannot access their mailboxes through Outlook. You need to check
whether the issue is with client connectivity or with mail flow.
 Send an email to a nonexistent domain.
 Track mail delivery.

 Send an email to a nonexistent user.
 Track mail delivery.
 Analyze mail flow.
 Task 1: Send an email to a nonexistent domain

1. Sign in to the Office 365 admin portal as holly@AVXXXXa.xtremelabs.us by using the password
Pa$$w0rd.
2. Go to Outlook on the web, and then create an email to user@alt.none with any subject and body text.
3. Send the email.
 Task 2: Track mail delivery

1. Review the failed delivery report with the reason “The domain name in the email address is incorrect”.
2. Copy the message header of the message.
3. Browse to testconnectivity.microsoft.com.
4. Click the Message Analyzer tab, paste the content, and then click Analyze headers.
5. Note the diagnostic information and the time taken for the message to be rejected.
 Task 3: Send an email to a nonexistent user

1. Send an email from Holly to difflop4890@outlook.com.
 Task 4: Track mail delivery

1. Review the delivery failure with the “550 Requested action not taken: mailbox unavailable” reason.
2. In the Microsoft Remote Connectivity Analyzer, on the Message Analyzer tab, analyze the message
header, and then examine the results.
 Task 5: Analyze mail flow

1. Go to the new Office 365 admin center, access the Exchange admin center, click mail flow, and then
click message trace.
2. Add Holly as a sender.

3. Under Date range, select Past 24 hours.
4. Under Delivery status, select Failed, and then click Search. Note the two messages.
5. Note the differences between the message processing events: Receive, Submit, Spam Diagnostics, and
Fail for the nonexistent domain, and Submit, Receive, Spam Diagnostics, and Fail for the nonexistent
user.
6. Close the Message Trace window.
Results: After completing this exercise, you should have used the Message Header Analyzer to identify
why email failed to deliver.
Exercise 2: Monitoring service health and analyzing reports

Scenario
You identified the reports that you need to provide to A. Datum’s management. Management is particularly
interested in the number of malware and spam items that are reaching the organization. You need to
familiarize yourself with the Office 365 reporting tools. Your next task is to produce reports on the numbers of
messages that Exchange Online Protection is intercepting.
 View Office 365 service health.
 View reports in the Office 365 admin center.
 Task 1: View Office 365 service health

1. Connect to the new Office 365 admin center.
2. On the menu, access Service Health, and then view the history of the past 30 days for the Exchange
Online service.
3. Click any yellow entry in the calendar to see further details.
 Task 2: View reports in the Office 365 admin center

1. Switch back to the previous Office 365 admin center.
2. In the Office 365 admin center, click the REPORTS link.
3. Review the following reports:
o Mailbox usage
o Send and received mail

o Malware detections
o Spam detections
Results: After completing this exercise, you should have monitored the health of Office 365 services and
viewed reports in the Office 365 admin center.
Question: How would you view all the failed messages for a group of users?
Question: What is the first tool you will use to search for service incidents and failures?

Best Practice
Many tools are available to help troubleshoot issues in Office 365. As a starting point, you can use the
Office 365 do-it-yourself troubleshooter for an initial diagnosis.

Outlook client connectivity issues

Unable to connect to the Skype for Business client


identity federation
Lab: Planning and configuring identity federation
Scenario
Directory synchronization is working well, and it has resolved the issue of managing user accounts in two
locations. However, the security group at A. Datum is concerned that users will be able to log on directly to
Office 365, which reduces their options for monitoring user logons. To ensure that all users will authenticate
using the on-premises AD DS domain, you have decided to implement AD FS.
Objectives
After completing this lab, you should be able to:
 Install and configure AD FS and Web Application Proxy.

 Configure SSO with Office 365.
 Verify that SSO is working.
Lab Setup
Virtual machines: 20347A-LON-DC1, 20347A-LON-DS1, 20347A-LON-WAP1, and 20347A-LON-CL1

User name: Adatum/Administrator, Adatum/Holly
Password: Pa$$w0rd
 In all tasks, where you see references to AdatumAVXXXX.onmicrosoft.com, replace AVXXXX with
your unique Office 365 domain name displayed in the online lab portal.
 Where you see references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN

 LON-DC1
 LON-DS1
 LON-WAP1
o Sign in as LON-WAP1\Administrator using the password Pa$$w0rd
 LON-CL1
Exercise 1: Deploying Active Directory Federation Services (AD FS) and Web
Application Proxy
Scenario
A. Datum Corporation has decided to deploy AD FS and Web Application Proxy to provide SSO for Office
365. You will start the implementation by installing and configuring the AD FS and Web Application Proxy
roles.
 Add DNS records required for AD FS.
 Install and configure the AD FS server role.
 Install the Web Application Proxy server role service.

 Configure the Web Application Proxy server.
 Verify that the AD FS server is working.
 Task 1: Add DNS records required for AD FS

1. On LON-DS1, open a Windows PowerShell, and run IPConfig. Record the server IP address.
2. On LON-DC1, open the DNS Manager.
3. In the AVXXXXa.xtremelabs.us zone, create a host record with a blank name using the external IP
address provided to you by the hosting partner.
4. Create another host record with a blank name using the IP address for LON-DS1 that you recorded in
Step 1.
 Task 2: Install and configure the AD FS server role

1. Sign in to the LON-DS1 virtual machine as ADATUM\Administrator with a password of Pa$$w0rd.
2. Run the following command to create the Key Distribution Services root key to generate group Managed
Service Account passwords for the account that will be used later in this lab.
Add-KdsRootKey –EffectiveTime ((get-date).addhours(-10))
3. Use Server Manager to access the Add Roles and Features Wizard for installing the Active Directory
Federation Services server role.
4. After installing, in the Active Directory Federation Services Configuration Wizard, configure the following
settings:
o For the SSL Certificate, use the wild card certificate provided by the hosting provider.
o For the Federation Service Name, type AVXXXXa.xtremelabs.us, replacing AVXXXXa with
your unique Adatum domain name.
o For the Federation Service Display Name, type Adatum Corporation.
o Create a group managed service account named svc-ADFS
o Use the Windows Internal Database as the configuration database.
5. Finish the configuration.
 Task 3: Install the Web Application Proxy server role service

1. Sign in to the LON-WAP1 virtual machine as LON-WAP1\Administrator with a password of Pa$$w0rd.
2. Use Server Manager to access the Add Roles and Features Wizard for installing the Web
Application Proxy role service from the Remote Access server role.
 Task 4: Configure the Web Application Proxy server

1. On LON-WAP1, use Remote Access Management to open the Web Application Proxy Configuration
Wizard.
2. In the Web Application Proxy Configuration Wizard, on the Welcome page, click Next.
3. On the Federation Server page, use the following settings:

o Federation service name: AVXXXXa.xtremelabs.us, replacing AVXXXXa with your unique

Adatum domain name.
4. Use the wildcard certificate provided by the hosting partner.
 Task 5: Verify that the AD FS server is working

1. Switch to the LON-DS1 virtual machine.
2. Verify that Event ID 100 displays in Event Viewer.

3. Switch to the LON-DC1 virtual machine.
4. In Internet Explorer, open the following URL, replacing AVXXXXa with your unique Adatum domain
name, to verify that the federation service is available:
https://AVXXXXa.xtremelabs.us/adfs/fs/federationserverservice.asmx
Note: The expected output is a display of XML with the service description document. If this
page displays, then IIS on the federation server is operational and serving pages successfully.
Results: After completing this exercise, you should have deployed the AD FS server in a federation
server farm, and deployed the Web Application Proxy server to support AD FS.
Exercise 2: Configuring federation with Microsoft Office 365

Scenario
You need to complete the implementation of SSO by configuring federation between your on-premises Active
Directory domain and Office 365.
The main task for this exercise is as follows:
 Switch the Office 365 tenant to federated mode.
 Task 1: Switch the Office 365 tenant to federated mode

1. On LON-DS1, connect to https://portal.office.com and sign in as holly@AVXXXXa.xtremelabs.us with the
password Pa$$w0rd. Connect to the new Office 365 admin center if necessary.
2. Change Holly’s user name to use AdatumAVXXXX.onmicrosoft.com rather than

AVXXXXa.xtremelabs.us. Holly cannot change the AVXXXXa.xtremelabs.us to a federated domain if she
is logged in using an account from this domain.
3. Execute the following cmdlets in Windows PowerShell.
Set-ExecutionPolicy Unrestricted -force

Import-Module MSOnline
$msolcred = Get-Credential
Connect-MsolService -Credential $msolcred
Get-MsolDomain
Convert-MsolDomainToFederated -DomainName AVXXXXa.xtremelabs.us
Get-MsolFederationProperty -DomainName AVXXXXa.xtremelabs.us
Results: After completing this exercise, you should have enabled a federation trust between your on-
premises Active Directory domain and Office 365 through your AD FS federation server, and you should
have converted your domain for federated authentication in Office 365.
Course Evaluation
Your evaluation of this course will help Microsoft understand the quality of your learning experience.
Please work with your training provider to access the course evaluation form.
Microsoft will keep your answers to this survey private and confidential and will use your responses to
improve your future learning experience. Your open and honest feedback is valuable and appreciated.

20347A - Enabling and Managing Office 365: Lab Steps For XTREMELABS

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

20347A - Enabling and Managing Office 365: Lab Steps For XTREMELABS

Uploaded by

Copyright:

Available Formats

1-1

20347A – Enabling and Managing

Lab Steps for XTREMELABS

Module 1 – Planning and provisioning Office 365 .......................................................................................... 6

Lab: Provisioning Office 365 .......................................................................................................................... 6

Exercise 1: Configuring an Office 365 Tenant ...................................................................................... 7

Exercise 2: Configuring a custom domain ............................................................................................. 8

Exercise 3: Exploring the Office 365 administrator interfaces............................................................... 9

Module Review and Takeaways .................................................................................................................. 10

Module 2 - Managing Users, Groups, and Licenses .................................................................................... 12

Lab A: Managing Office 365 users and passwords ..................................................................................... 12

Exercise 2: Manage Security and Distribution Groups........................................................................ 15

Exercise 1: Managing Office 365 Groups ........................................................................................... 17

Exercise 3: Configuring delegated administrators............................................................................... 21

Module Review and Takeaways .................................................................................................................. 23

Module 3 - Configuring client connectivity to Microsoft Office 365 ............................................................... 24

Lab: Configuring client connectivity to Office 365 ........................................................................................ 25

Exercise 2: Running the Office 365 connectivity analyzer tools.......................................................... 27

Exercise 3: Connecting Office 2016 clients......................................................................................... 29

Module 4 - Planning and configuring directory synchronization ................................................................... 30

Lab: Configuring directory synchronization .................................................................................................. 30

Exercise 1: Preparing for directory synchronization ............................................................................ 31

Exercise 2: Configuring directory synchronization .............................................................................. 33

Module 5 - Planning and deploying Office 365 ProPlus ............................................................................... 38

Exercise 2: Managing user-driven Office 365 ProPlus installations .................................................... 40

Exercise 3: Managing centralized Office 365 ProPlus installations .................................................... 42

Lab: Managing Exchange Online recipients and permissions ..................................................................... 44

Exercise 1: Configuring Exchange Online recipients .......................................................................... 45

Module Review and Takeaways .................................................................................................................. 49

Module 7 – Planning and configuring Exchange Online services ................................................................ 50

Lab A: Configuring message transport in Exchange Online ........................................................................ 50

Exercise 1: Configuring message-transport settings........................................................................... 51

Lab B: Configuring email protection and client policies ............................................................................... 53

Exercise 1: Configuring email protection............................................................................................. 54

Exercise 2: Configuring client access policies .................................................................................... 55

Module Review and Takeaways .................................................................................................................. 57

Module 8 - Planning and deploying Skype for Business Online ................................................................... 58

Lab: Configuring Skype for Business Online ............................................................................................... 58

Exercise 2: Configuring Skype for Business Online user settings ...................................................... 60

Exercise 3: Configuring a Skype Meeting Broadcast .......................................................................... 61

Module Review and Takeaways .................................................................................................................. 62

Module 9 - Planning for and configuring SharePoint Online ........................................................................ 64

Lab: Configuring SharePoint Online ............................................................................................................ 64

Exercise 1: Configuring SharePoint Online settings ........................................................................... 64

Exercise 3: Configuring and verifying external user sharing ............................................................... 67

Module Review and Takeaways .................................................................................................................. 67

Lab: Planning and configuring an Office 365 collaboration solution ............................................................ 69

Exercise 1: Configuring Yammer Enterprise ....................................................................................... 69

Exercise 2: Configuring OneDrive for Business .................................................................................. 71

Exercise 3: Configuring Office 365 groups .......................................................................................... 72

Lab: Configuring Rights Management and compliance ............................................................................... 75

Module Review and Takeaways .................................................................................................................. 81

Module 12 - Monitoring and troubleshooting Microsoft Office 365 ............................................................... 82

Exercise 2: Monitoring service health and analyzing reports .............................................................. 84

Module Review and Takeaways .................................................................................................................. 84

Lab: Planning and configuring identity federation ........................................................................................ 86

Exercise 2: Configuring federation with Microsoft Office 365 .............................................................. 88

Course Evaluation ........................................................................................................................................ 89

Notes about XTREMELABS Hosted

General Differences with 20347A XTREMELABS

o The names and IP addresses are unique to

O365 Domain AdatumAVBYY8.onmicrosoft.com All

UPN AVBYY8a.xtremelabs.us All