Professional Documents
Culture Documents
20347A - Enabling and Managing Office 365: Lab Steps For XTREMELABS
20347A - Enabling and Managing Office 365: Lab Steps For XTREMELABS
Note that this XTREMELABS hosted Lab implementation differs from the standard XTREMELABS
Lab environment, in that the lab sessions runs for 5 contiguous days and each lab section is
cumulative, building on the previous steps. Students and instructors should review the “Notes
about XTREMELABS Hosted 20347A Labs” section before starting the lab environment.
NOTE: If you wish to review the detailed lab steps, click this
Lab Answer Key Document link.
Contents
General Differences with 20347A XTREMELABS ......................................................................................... 4
Exercise 1: Managing Office 365 users and licenses by using the Office 365 admin center .............. 12
Exercise 2: Managing Office 365 users and groups by using Windows PowerShell .......................... 18
1-2 Preparing for Office 365
Objectives ........................................................................................................................................... 86
Exercise 1: Deploying Active Directory Federation Services (AD FS) and Web Application Proxy .... 86
o To prevent users from accidentally tearing down their working and partially configured 20347A
environments the web UI does not contain the “End Lab” option.
o All student tenants will normally be torn down automatically 5 days after the lab is launched.
o Each student’s environment will continue to run during the 5 days to ensure that VMs are always
available and connectivity with O365 is maintained.
Use this Manual for all Lab Steps - This is a specific version of the student Lab Steps which must be
used with this XTREMELABS hosted implementation.
o Users should not follow the lab steps in the standard DMOC course content as they do not match
this lab environment.
o This specific version can be downloaded from the Lab View page of the XTREMELABS 20347A.
o This manual is based on the standard 20347A lab manual set, but many steps have been removed
or modified as they are no longer required in this implementation.
Firefox Browser Not Recommended - We do not recommend using Firefox browser to access this
course XTREMELABS lab environment.
o A bug in the FireFox HTML5 implementation causes some keyboard characters to be dropped.
o Specifically, such important characters such as hyphen and colon (- and :) may not be accessible.
o We therefore recommend students and instructors using Internet Explorer, Chrome or Safari as
these are fully tested and known to be working.
Unique User Session Numbers
o Once a user has connected to their 20347A XTREMELABS Lab Instance, they are presented with
the Lab View web page.
o On that page each lab user is provided with a unique IP address and two globally unique names
used during the labs.
o These are presented in top right of the lab View UI, above the VM “tiles.”
Enabling and Managing Office 365™ 1-5
Used in
Names Typical Format as typed
Modules
As one of the most experienced IT admins at A. Datum, you are responsible for implementing the pilot
project. To start, you need to configure the Office 365 tenant, and then configure the custom domain that
your organization uses. You also need to ensure that you are comfortable with the Office 365 administrator
interfaces.
Objectives
By the end of this lab, you will be able to:
Configure an Office 365 tenant.
Configure a custom domain.
Explore the Office 365 administrator interfaces.
Lab Setup
Estimated Time: 75 minutes
This course uses the new Office 365 admin center for all labs. If you are connected to the previous Office
365 admin center when you connect to Office 365, click the banner at the top of the page to connect to the
new admin center.
In all tasks:
In references to AdatumAVXXXX.onmicrosoft.com, replace AVXXXX with your unique Office 365
name displayed in the online lab portal.
In references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN name
displayed in the online lab portal.
This lab requires the following virtual machines: (use only the VMs required for your lab)
LON-DC1
o Sign in as Adatum\Administrator using the password Pa$$w0rd
LON-CL1
o Sign in as Adatum\Holly using the password Pa$$w0rd
Enabling and Managing Office 365™ 1-7
Note: For simplicity, this lab uses an ordinary Office 365 trial account, not a FastTrack pilot
extended tenant account. Also note that you need to create an account with a unique name in
the form: AdatumAVXXXX.onmicrosoft.com. You can use the alphanumeric value for AVXXXX
provided for you in the lab interface.
o Business email address: (use your new Microsoft account that you created for this course)
o Business phone number: Your mobile phone number, including international code for your
current country
4. Click Next.
5. For Step 2, you have to create a unique domain for the Company name to use in the course. Use the
AVXXXX name provided in the lab interface. For the rest of the fields, use the following information:
12. In the Phone number box, enter your correct mobile phone number.
13. Ensure that the Text me option is selected, and then click Text me.
1-8 Preparing for Office 365
14. When you receive the confirmation text on your mobile phone, enter the code provided in the Enter your
verification code box. Click Create my account.
15. Wait until the Office 365 tenant is provisioned, and then click You’re ready to go…
16. Click the Admin tile to go to the Office 365 admin center.
17. On the update your admin contact info page, provide your phone number and Microsoft account email
address to verify your account.
Note: If you are connected to the previous Office 365 admin center when you connect to Office 365,
click the banner at the top of the page to connect to the new admin center.
18. If a Manage Office 365 on the go page appears, close the page.
Note: During Microsoft testing, on rare occasions Office 365 did not create the trial tenant
properly; as a result, the tenant did not have all the services available to it. If this happens to you,
you should create a new trial tenant using a different business email (Microsoft account).
Results: After completing this exercise, you should have successfully provisioned the Office 365 tenant
account for A. Datum Corporation.
3. Click Admin.
Enabling and Managing Office 365™ 1-9
4. In the left-hand navigation, select Settings, select Domains, then select Add domain to start the
domain setup wizard.
5. In the text box on the Which domain do you want to use? page, enter your domain name in the form
of AVXXXXa.xtremelabs.us.
6. Click Next.
8. Write down the TXT record shown in the TXT value column. This entry will be similar to
MS=msXXXXXXXX. Record this value below:
9. MS=_______________________
11. In DNS Manager, create a new forward lookup zone called AVXXXXa.xtremelabs.us
13. Under Select a resource record type, scroll down to Text (TXT), and click Create Record.
14. In the New Resource Record box, leave the Record name field blank.
15. In the Text field, enter MS=msXXXXXXXX that you recorded in step 8.
16. Click OK to create the record.
17. In the Resource Record type dialog box, click Done.
18. Switch back to LON-CL1 and in the Office 365 admin center, click Verify.
Results: After completing this exercise, you should have added a custom domain and verified domain
ownership.
3. On the left navigation menu, click each of the items, and review the results displayed on the right pane.
4. On the left navigation menu, click each of the items, and review the results displayed on the right pane.
8. On the left navigation menu, click each of the items, and review the results displayed in the right pane.
9. Close Microsoft Edge.
Results: After completing this exercise, you should have provided a high-level overview of administrative
portals of Office 365.
Best Practices
Best practices for this stage of the Office 365 deployment process are:
Ensure that you understand the organization’s need for Office 365.
Identify any in-house services that are not going to transition to Office 365.
Recruit the right people to be pilot users.
Enabling and Managing Office 365™ 1-11
Check that you have suitable infrastructure to support a connection to Office 365.
Review Question
Question: If you are selected to lead the Pilot at A. Datum Corporation, what personal qualities,
skills, and experience would you need to demonstrate to maximize the probability of the
organization moving to Office 365?
1-12 Preparing for Office 365
Objectives
After completing this lab, you will be able to:
Manage Office 365 users and licenses by using the Office 365 admin center.
Manage Office 365 password policies.
Lab Setup
Estimated Time: 35 minutes
Virtual machine: 20347A-LON-DC1, 20347A-LON-CL1
User name: Adatum\Administrator for LON-DC1 and Adatum\Holly for LON-CL1
Password: Pa$$w0rd
In all tasks:
In references to AdatumAVXXXX.onmicrosoft.com, replace AVXXXX with your unique Office 365
name that displays on the online lab portal.
In references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN Name
displayed on the online lab portal.
Exercise 1: Managing Office 365 users and licenses by using the Office 365
admin center
Scenario
The Office 365 tenant for A. Datum is now configured, and you need to start creating Office 365 users and
then managing the user licenses.
Results: After completing this exercise, you should have created and managed user accounts and
licenses according to business needs.
Enabling and Managing Office 365™ 1-15
Note: This setting does not correspond with a real-world scenario. Use it as a sample scenario
to verify the policy applied in the next exercise task.
4. In the Days before a user is notified about expiration box, leave the default value of 14
5. Verify that the “Password policy has been updated” message appears at the top of the page.
2. On the upper-right side of the window, verify that the notification appears with the following information:
“Time to change your password. Your password will expire in 13 days.”
Note: You have now verified that your password policy is applied. In a real-world scenario,
after you verify that the password policy is applied, you would need to increase the number of days
before the password expires, according to your organizational policy.
Results: After completing this exercise, you should have configured and validated an Office 365 password
policy.
1-16 Preparing for Office 365
Objectives
After completing this lab, you will be able to:
Manage Office 365 groups by using the Office 365 admin center.
Lab Setup
Estimated Time: 60 minutes
In all tasks:
In references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN name that
displays on the online lab portal.
This lab requires the following virtual machines:
LON-DC1
LON-CL1
Task 1: Install Microsoft Azure Active Directory module for Windows PowerShell
1. On LON-CL1, open Microsoft Edge, and browse to http://aka.ms/t01i1o.
2. Download and install Microsoft Online Services Sign-In Assistant for IT Professionals RTW.
3. In Microsoft Edge, connect to http://aka.ms/siqtee.
4. Download and install the Microsoft Azure AD module for Windows PowerShell.
Task 2: Create new users and assign licenses by using Windows PowerShell
1. On LON-CL1, on the desktop, right-click the Windows Azure Active Directory Module for Windows
PowerShell shortcut, and then click Run as administrator.
Connect-msolservice
Get-MsolUser -UnlicensedUsersOnly
8. Use the following command to assign a license to Catherine Richard; replace AVXXXXa in the –Add
Licenses attribute with the onmicrosoft.com domain name provided by the hosting provider:
9. Use the following command to assign a license to Tameka Reed; replace AVXXXXa in the –
AddLicenses attribute with the onmicrosoft.com domain name provided by the hosting provider:
10. Use the following command to prevent a user from signing in to Office 365:
12. Use the following command to view the Deleted Users list:
Get-MsolUser –ReturnDeletedUsers
Get-MsolUser –ReturnDeletedUsers
16. Verify that Catherine Richard is no longer in the Deleted Users list.
17. Use the following command to view the Active Users list:
Get-MsolUser
5. To bulk import several users from a CSV file, copy and paste this code into the Administrator: Windows
Azure Active Directory Module for Windows PowerShell window on LON-CL1, and then press Enter:
Get-MsolUser
7. In the Office 365 admin center, verify the new user accounts.
8. In the Exchange admin center, verify that the users have been assigned mailboxes.
3. Use the following command to configure a variable for the first user account:
4. Use the following command to configure a variable for the second user account:
5. Use the following command to add Catherine Richard to the Marketing group:
6. Use the following command to add Tameka Reed to the Marketing group:
7. Use the following command to verify the members of the Marketing group:
3. At the command prompt, type the following command, and then press Enter:
Results: After completing this exercise, you should have created new users, assigned licenses, modified
existing users, and configured groups and user passwords by using the Windows PowerShell command-
line interface.
4. In the Office 365 admin center, configure Tameka Reed as a Password administrator from the list.
6. In the Office 365 admin center, configure Christie Thomas as User management administrator.
2. Use the following command to add Nona to the company administrator role:
1-22 Preparing for Office 365
3. Use the following command to input the service support administrator role to the $role variable:
5. Verify that Sallie McIntosh is in the list of users who have the Service Support Administrator role.
6. Use the following command to input the billing administrator role to the $role variable:
8. Verify that Francisco Chaves is in the list of users who have the billing administrator role.
9. Use the following command to input the company administrator role to the $role variable:
11. Verify that Nona Snider is in the list of users who have the Company Administrator role.
12. At the command prompt, type the following command, and then press Enter:
Exit
4. Verify that you cannot modify any settings for Jessica Jenning’s user account.
7. Sign out as Tameka Reed, and then sign back in as Christie@AVXXXXa.xtremelabs.us using the
temporary password assigned in Lab A. Change the password to Pa$$w0rd.
8. Verify that you can modify settings on the Jessica Jennings user account. Change her phone number to
555-1234 and then block her sign in access.
9. Verify that you can add a new user named Chris Breland.
10. Verify that you can also delete the user account that you created.
Enabling and Managing Office 365™ 1-23
Results: After completing this exercise, you should have assigned delegated administrators in the Office
365 admin center, managed delegated administration with Windows PowerShell, and verified delegated
administration.
Question: How will you configure Office 365 password policies in your organization, and will
you use multi-factor authentication?
Question: Why is it more convenient to assign permissions to security groups than to users?
Question: In which management scenarios will you use Office 365 with Windows PowerShell
rather than the Office 365 admin center?
Best Practices
Always perform detailed planning for user and group management, and check the plan in a test
Office 365 tenant before deploying in production.
Plan and test user administrative tasks to improve user management efficiency and to eliminate
errors in the production environment, especially when running Windows PowerShell scripts.
Plan for multi-factor authentication to help administrators choose the authentication method that
suits their organizational security requirements.
Plan administrative roles to distribute administrative tasks according to organizational security and
business requirements.
1-24 Preparing for Office 365
Objectives
After completing this lab, you will be able to:
Configure DNS records for Office 365.
Lab Setup
Estimated Time: 60 minutes
Password: Pa$$w0rd
In all tasks:
In references to AdatumAVXXXX.onmicrosoft.com, replace AVXXXX with your unique Office 365
name that is displayed in the online lab portal.
In references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN name that is
displayed in the online lab portal.
This lab requires the following virtual machines:
LON-DC1
o Sign in as Adatum\Administrator with the password Pa$$w0rd
LON-CL1
o Sign in as Adatum\Holly with the password Pa$$w0rd
LON-CL2
o Sign in as LON-CL2\Francisco with the password Pa$$w0rd
Enabling and Managing Office 365™ 1-25
Review the recommended DNS records in the Office 365 admin center.
Task 1: Review the recommended DNS records in the Office 365 admin center
1. Switch to the LON-CL1 virtual machine.
5. In the Domains window, under the Adatum domain on the right, review the recommended DNS records.
6. On the DNS errors page, review the records that need to be configured for your domain.
7. Leave the Microsoft Edge window open.
2. In DNS Manager, expand Forward Lookup Zones, expand AVXXXXa.xtremelabs.us zone, and then
create following record:
2. On the Service Location (SRV) tab, enter the following information, and then click OK:
Service: _sip
Protocol: _tls
Priority: 100
Weight: 1
Port number: 443
Host offering this service: sipdir.online.lync.com
Time to live: 1 hour (default)
3. In the Resource Record Type dialog box, click Create Record
4. On the Service Location (SRV) tab, enter the following information, and then click OK:
Service: _sipfederationtls
Protocol: _tcp
Priority: 100
Weight: 1
Port number: 5061
Host offering this service: sipfed.online.lync.com
Time to live: 1 hour (default)
5. In the Resource Record Type dialog box, scroll back up the list, click Alias (CNAME), and then click
Create Record.
6. On the Alias (CNAME) tab, enter the following information, and then click OK:
Alias name: sip
Fully qualified domain name: sip.AVXXXXa.xtremelabs.us
Fully qualified domain name (FQDN) for target host: sipdir.online.lync.com
Time to live: 1 hour (default)
7. In the Resource Record Type dialog box, click Create Record.
8. On the Alias (CNAME) tab, enter the following information, and then click OK:
Alias name: lyncdiscover
Fully qualified domain name: lyncdiscover.AVXXXXa.xtremelabs.us
Fully qualified domain name (FQDN) for target host: webdir.online.lync.com
Time to live: 1 hour (default)
9. Switch back to LON-CL1, and then in the Office 365 admin console, click Continue setup.
10. You should now see that most records are not listed anymore (you should see msoid,
enterpriseregistration, enterpriseenrollment, and SPF records). Click to close the page.
11. In the top bar, click the Office 365 apps icon.
16. In the Office 365 portal, click Mail, and configure your time zone.
17. Create a new email to Holly Dickson.
18. When the name resolves, note her instant message (IM) status. It might take a couple of minutes for her
status to update.
19. Initiate an IM session with Holly Dickson.
21. Reply to the IM. Note that you now can send IMs between the two users.
22. Close both IM windows, and then close the Microsoft Edge windows on both virtual machines.
Results: After completing this exercise, you should have reviewed the recommended DNS records in the
Office 365 admin center, configured the DNS records for external clients, and configured the DNS records
for internal clients.
3. On the Microsoft Remote Connectivity Analyzer page, on the Office 365 tab, perform an Office 365
Exchange Domain Name Server (DNS) Connectivity Test, and for Domain Name, type
AVXXXXa.xtremelabs.us.
4. Perform verification by entering the characters that you see in the Verification field.
Note: If you receive a message about having performed too many tests in 60 seconds, wait for
a minute, and then repeat the test.
5. When you see Connectivity Test Successful, review the checks that were made against the Exchange
Online domain.
1-28 Preparing for Office 365
7. On the Office 365 tab, perform Office 365 Lync Domain Name Server (DNS) Connectivity Test, and
in the Sign-in address text box, type Francisco@AVXXXXa.xtremelabs.us.
Note: If you receive a message about having performed too many tests in 60 seconds, wait for
a minute, and then repeat the test.
8. When you see Connectivity Test Successful, review the checks that were made against the Skype for
Business Online domain.
10. Under Microsoft Office Outlook Connectivity Tests, perform the Outlook Connectivity test.
11. On the Outlook Connectivity page, in Email Address and Microsoft Account, enter
Francisco@AVXXXXa.xtremelabs.us.
14. Check I understand that I must use the credentials of a working account from my Exchange
domain to be able to test connectivity to it remotely. I also acknowledge that I am responsible for
the management and security of this account.
15. When you see Connectivity Test Successful with Warnings, under Test Details, review the checks
that have been made against Outlook Anywhere. Note in particular the message that contains
information about the Autodiscover steps that fail.
16. Under Run Test Again at the top right, note that you can copy this test to the clipboard, or save it as
XML or HTML.
4. In the pop-up window, type Francisco@AVXXXXa.xtremelabs.us, clear the Allow OCPA to run in the
background collecting diagnostics every few hours for you check box, and then click OK.
5. Wait until Office 365 Client Performance Analyzer generates the results.
6. Review the results, and then click Show Trace Route Details.
Results: After completing this exercise, you should have run the Microsoft Connectivity Analyzer tool, and
the Office 365 Client Performance Analyzer tool.
Enabling and Managing Office 365™ 1-29
2. Start Outlook 2016, and then sign in by using the following details:
o Password: Pa$$w0rd
o Retype Password: Pa$$w0rd
3. Verify that you are connected to Exchange Online. Close the First things first dialog box.
o Password: Pa$$w0rd
Task 2: Verify that Skype for Business can connect to Office 365
1. Switch to the LON-CL1 virtual machine.
2. Start Skype for Business, and on the Skype for Business sign in page, type
Holly@AVXXXX.onmicrosoft.com, and then click Sign in.
3. Verify that you are connected to Skype for Business Online.
o Password: Pa$$w0rd
Results: After completing this exercise, you should have verified that Outlook 2016 can connect to Office
365, verified that Skype for Business can connect to Office 365, and verified OneDrive for Business
connectivity to Office 365.
Analyzing Office 365 clients and deciding which clients meet the organization’s business requirements.
Performing a detailed review of all DNS record changes that are needed for Office 365 deployment process.
Without a proper DNS configuration, there might be issues when clients connect to Office 365 services.
Planning network connectivity. When you migrate your infrastructure to Office 365, all of your organization’s
resources are hosted in the cloud. Therefore, you need a reliable Internet connection to support client
connections to Office 365.
Planning changes that you need to configure in your organization’s network infrastructure, such as firewalls and
internal DNS servers that provide connectivity to Office 365.
Preparing a thorough support plan for users to help them transition to Office 365 services.
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 90 minutes
Virtual machines: 20347A-LON-DC1, 20347A-LON-DS1, 20347A-LON-CL1, and 20347A-LON-CL2
Password: Pa$$w0rd
In all tasks:
Note: When you connect to the Office 365 admin center, you may be prompted to provide an
authentication phone and authentication email address. If you see this window, click Cancel.
Configure UPN.
Prepare problem user accounts.
Run the IdFix tool and fix identified issues.
2. Using Windows PowerShell, update the UPN on every user in AD DS with “@AVXXXXa” for the domain
name. To do this, type the following command and then press Enter:
2. This Windows PowerShell script will make the following changes in AD DS:
o Amr Zaki. Add the "@" character to the beginning of "adatum" for the UserPrincipalName
attribute.
o Brad Sutton. Replace the existing string with "brad@adatum.com" for the emailAddress
attribute.
1-32 Preparing for Office 365
o Don Funk. Replace the existing string with “brad@adatum.com” for the emailAddress
attribute.
o Holly Dickson. Replace the existing string with “holly@adatum.com” for the EmailAddress
attribute.
o Kelly Rollins. Replace the existing string with “ “ for the emailAddress attribute.
3. In the IdFix tool, click Query, and then sort the errors by the ERROR column.
4. On the Actions menu, select Edit for each of these objects, and then click Apply:
o Amr Zaki
o Holly Dickson
o Kelly Rollins
Click Query.
5. Click to sort the errors by the UPDATE column, and for each of these objects, replace the mail attribute
with the appropriate string. On the Actions menu, select EDIT.
o Don Funk. mail attribute should be “don@adatum.com”.
o Password: Pa$$w0rd
2. In Windows PowerShell, enable directory synchronization for Office 365 by using the following
command:
3. In the Office 365 admin center, verify that directory synchronization has been enabled.
Results: After completing this exercise, you will have resolved issues in AD DS identified by the IdFix tool
and you will have enabled Active Directory synchronization in Office 365.
Enabling and Managing Office 365™ 1-33
o Password: Pa$$w0rd
5. Change the domain portion of Holly Dickson’s account to @AVXXXXa.xtremelabs.us.
6. Close Internet Explorer, open it again, and connect to the Office 365 admin center. Sign in as
Holly@AVXXXXa.xtremelabs.us using the password Pa$$w0rd.
7. From the previous Office 365 admin center, download and install Azure AD Connect with Customized
Settings. You will need to configure the security settings for the Internet zone to enable file downloads.
o On the Ready to configure page, clear the option to Start the synchronization process as
soon as the initial configuration completes, and click Install.
2. Once the installation completes, on the Configuration complete page, click Exit.
1-34 Preparing for Office 365
3. On the Start screen, sign out of LON-DS1, and then sign back in as Adatum\Administrator with the
password Pa$$w0rd.
o Password: Pa$$w0rd
3. Download and install the Microsoft Azure Active Directory Module for Windows PowerShell.
o Windows PowerShell
o Office 365 admin center
Enabling and Managing Office 365™ 1-35
Results: After completing this exercise, you will have installed Azure AD Connect with customized
settings. Upon completion of the installation, you will start directory synchronization to Office 365 and have
verified that synchronization was successful.
Use Active Directory Users and Computers to create the following group in the Research OU:
5. E-mail: projectteam@AVXXXXa.xtremelabs.us
6. Members:
o Chris Sells
o Lukas Keller
o Sabine Royant
2. On LON-DC1, in Active Directory Users and Computers, move Josh Bailey from the Research OU to the
Sales OU.
o Allie Bellew
o Anil Elison
o Aziz Hassouneh
Results: After completing this exercise, you will have identified how managing user and group accounts
has changed with directory synchronization.
In some environments, you might test all changes on a separate directory synchronization server in test
that is connected to a separate Office 365 tenant (trial). In addition, you should manually initiate run
profiles for each management agent in Synchronization Service Manager and observe the pending
actions before exporting to Office 365. In some cases, it might be a good idea to create a new run profile
for exporting to Azure AD that includes a maximum limit on the number of allowed deletions.
Tools
IdFix. The Office 365 IdFix tool provides you the ability to identify and remediate the majority of object
synchronization errors in your AD DS forests in preparation for deployment to Office 365.
Having completed this module, you can now prepare an on-premises environment ready for directory
synchronization, install and configure Azure AD Connect, and manage Active Directory users and groups
with directory synchronization to Office 365 enabled.
Enabling and Managing Office 365™ 1-37
Best Practices
You must have a proper project plan.
You should add all SMTP domains as verified domains before synchronizing.
The project steering committee has not yet decided whether they will allow users to install Office 365
ProPlus, or whether they will use a centralized installation mechanism. As part of the pilot project, you need
to evaluate each option for deploying and managing Office 365 ProPlus.
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 60 minutes
Password: Pa$$w0rd
In all tasks:
In references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN Name
displayed in the online lab portal.
LON-DS1
o Sign in as Adatum\Administrator using the password Pa$$w0rd
LON-CL1
LON-CL4
3. In File Explorer, click the Home tab, and then click New Folder.
4. Type Office16, and then press Enter.
5. In File Explorer, right-click Office16, click Share with, and then click Specific people.
6. In the File Sharing dialog box, click the drop-down list box, select Everyone from the list, click Add, and
then click Share.
11. On the Office 365 home page, click Admin. Click Switch back to the old admin center to switch to
previous Office365 admin center.
12. In the Office 365 admin center, in the left panel, click SERVICE SETTINGS, and then click User
software.
13. Under the Manually deploy user software area, click Learn how to download and deploy software.
14. On the How admins can download Office 365 user software to deploy to users page, click Manage
user software in Office 365.
15. In the Manually download and install the Office apps by using the Office Deployment Tool section,
click the Office Deployment Tool (Office 2016 version) link to open the Office Deployment Tool
download page.
16. On the download page, expand Details, System Requirements, and Install Instructions.
17. Read and familiarize yourself with each section. You can mark this page as a favorite to refer to later.
18. Click Download and notice the information bar at the bottom of the browser.
19. Once the download is completed, click Run.
23. Click OK. You should see that the files were extracted successfully. Click OK.
24. Navigate to the Office16 folder with File Explorer. You should see two files in the newly created Office
Deployment Tool folder named configuration and setup.
4. Comment out the VisioProRetail from the code and save the file as AdatumConfiguration.xml.
Results: You will have downloaded a copy of the Microsoft Office 365 ProPlus install for managed
deployment to a shared folder. You will also download and install the Office Deployment Tool on the same
machine.
2. Edit user Brad Sutton by adding Office 365 Enterprise E3 license using a location of United Kingdom,
but removing the Office 365 ProPlus option.
3. Edit user Maira Wenzel and assign an Office 365 Enterprise E3 license using the location of the United
Kingdom.
4. Repeat the previous step for Roman Miler.
5. In the Office 365 admin center, on the Settings menu, access the Service & add-ins page.
6. On the Software download settings page, disable downloads for both Office 2013 and Office 2016.
7. Sign out, and then sign in as Brad Sutton with the user name brad@AVXXXXa.xtremelabs.usand the
password Pa$$w0rd.
8. Access Brad’s Office 365 settings and verify that he does not have the option to install the Office 365
apps.
9. Sign out as Brad Sutton, and then sign in as Roman Miler with the user name
roman@AVXXXXa.xtremelabs.uswith the password of Pa$$w0rd.
10. Navigate to the Office 365 settings page, and then click Install software.
11. Note that the users looked similar, but Brad is not assigned a license. Roman has a license, but Holly
deactivated version 2016 for all users.
12. Before signing out, verify that Phone & tablet apps are available.
15. Go back to the Office 365 admin center and enable downloads for Office 2016.
22. Notice how to change from 32-bit to 64-bit options on the Office 365 ProPlus advanced menu.
Task 2: Install Office 365 ProPlus from the Office 365 portal
1. On LON-CL3, on the Office365 portal, select the appropriate language and version, and then install on
the local computer.
4. When installed, open Word 2016 from the Windows start menu.
5. In Word, in the upper-right corner, switch accounts by signing out as Roman and adding the account for
Holly.
6. Create a document with some content and save to an Adatum Publishing Team Site folder in the
Documents folder with the file name Meeting Agenda.
1-42 Preparing for Office 365
8. Notice the new option of Manage installs on the Install software page.
4. Navigate to the Install software page to confirm that Office is no longer available for download. What
will happen to the Office software that is already installed?
Results: When completed, you should be able to activate Office 365 ProPlus for self-service installations.
You should also be able to set licensing options correctly for end users so that deployment and installation
is possible.
Task 1: Configure a Group Policy Object (GPO) to distribute the custom installation
1. Using an administrative sign in on the LON-DC1 server, use Server Manager tools to create a new
organizational unit (OU) named Adatum_Computers.
4. Create a Group Policy Object (GPO) linked to the newly created Adatum_Computers.
6. By using the Group Policy Management Editor, expand Computer Configuration, expand Policies,
expand Windows Settings, and then open Scripts (Startup/Shutdown).
7. Create a new text document with the following line: \\LON-CL1\Office16\setup.exe /configure \\LON-
CL1\Office16\AdatumConfiguration.xml.
10. In Group Policy Management Editor, in the Startup Properties dialog box, add a script.
Note: Where and how do you think this might start up?
3. Restart LON-CL4.
4. Wait five minutes after the restart to allow the Group Policy settings to take effect.
9. Open a blank document, type some text, and then save it.
10. In Task Manager, check the processes, details, and services for Click-to-Run.
11. Close all open programs.
Results: You will have enabled centralized managed deployment of Office 365 ProPlus and implemented a
standardized Microsoft Office configuration by using one version of Office.
Question: Why do you need to edit the configuration.xml file when preparing to use managed
deployments of Office 365 ProPlus?
Question: How can you verify that the Click-to-Run service is running?
1-44 Preparing for Office 365
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 60 minutes
Password: Pa$$w0rd
In all tasks:
In references to Adatumyyxxxx.xtremelabs.us, replace AVXXXXa with your unique Office 365 name
displayed in the online lab portal.
In references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN name
displayed in the online lab portal.
LON-DC1
LON-DS1
o Sign in as Adatum\Administrator using the password Pa$$w0rd
LON-CL1
o Olivia Emerson
o Kendra Sexton
a. Make this person change their password the next time they sign in: Not selected
b. Select licenses for this user: Office 365 Enterprise E3
Note: It might take a few minutes for the mailboxes to appear. Click the refresh icon
periodically until they do.
IT
o Olivia Emerson
Managers
o Martina Blair
Development
o Matt Villagomez
Sales
o Kendra Sexton
1-46 Preparing for Office 365
Note: If you copy the following commands from the courseware, you can paste them into the
virtual machine. On the Virtual Machine Connection menu, click Clipboard, and then click
Type clipboard text.
Note: This command returns the list of accepted domains and verifies that you can connect to
your Office 365 subscription.
Note: If you receive an error when you run the set-calendarprocessing cmdlet for either of
these objects, wait a few moments and repeat.
6. In the Exchange Admin center, click Refresh. You should be able to see both resources.
8. In Exchange Admin center, click Refresh. You should be able to see the changes you made in the
details pane on the right.
Note: If you copy the following commands from the courseware, you can paste them into the
virtual machine. On the Virtual Machine Connection menu, click Clipboard, and then click
Type clipboard text.
7. In the Exchange Admin center, click Refresh. You can see the newly created objects.
Results: After completing this exercise, you will have created and configured Microsoft Exchange Online
recipients.
Note: If you copy the following commands from the courseware, you can paste them into the
virtual machine. On the Virtual Machine Connection menu, click Clipboard, and then click
Type clipboard text.
5. In the Exchange admin center, click Refresh. Ensure that you can see the new BranchOffice Admins
role group.
Note: If you copy the following commands from the courseware, you can paste them into the
virtual machine. On the Virtual Machine Connection menu, click Clipboard, and then click
Type clipboard text.
4. To change the default role assignment policy for new mailboxes, in the Windows PowerShell window,
run the following command:
Set-RoleAssignmentPolicy "Limited Mailbox Configuration" -IsDefault
6. In the Exchange admin center, click Refresh. You can see the new role assignment policy.
Results: After completing this exercise, you will have configured delegated administration of your
Exchange Online organization.
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 35 minutes
In all tasks:
In references to AdatumAVXXXX.onmicrosoft.com, replace AVXXXX with your unique Office 365
name that displays in the online lab portal.
In references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN name that
displays in the online lab portal.
This lab requires the following virtual machines:
LON-DC1
LON-CL2
Enabling and Managing Office 365™ 1-51
A custom send and receive connector that will enforce TLS when sending email messages to, or
receiving them from, a partner organization.
A transport rule that will apply a disclaimer to all messages sent to external users
A transport rule that requires moderator approval for all messages sent to the manager distribution
list.
A journal rule that will retain a copy of all messages sent to and from members of the Development
department.
You also need to verify that you can track messages sent between users on Office 365 and sent to
external users.
The main tasks for this exercise are as follows:
Connect to Exchange Online in Windows PowerShell.
Note: You might have a Windows PowerShell connection to Office 365 open from a previous
lab. If so, you can use the existing connection and skip this step.
2. Run the following command, and then sign in as Holly@AVXXXXa.xtremelabs.us with the password
Pa$$w0rd.
$cred=Get-Credential
Import-PSSession $Session
1-52 Preparing for Office 365
Note: Validation of mail flow will fail because the connector is to a fictitious organization. This
is expected behavior for this lab.
o Apply the rule if: The recipient is located Outside the organization
o Disclaimer text: <HR> If you are not the intended recipient of this message, you must
delete it
2. Create a new rule that sends messages to a moderator, with the following settings:
4. Send a message to alias@outlook.com, where alias@outlook.com is the Microsoft account that you
configured at the beginning of this course, and then verify that the disclaimer was added.
5. Send a message to Martina to test the moderation rule.
6. On LON-CL1, open Outlook 2016, read the approval request, and then approve it.
Enabling and Managing Office 365™ 1-53
3. Review the most recent message sent from Francisco to alias@outlook.com, and then verify that the
disclaimer was applied.
4. Review the most recent message sent from Francisco to Martina, and then verify that the message was
sent for moderation.
Results: After completing the exercise, you will have configured message-transport settings.
Objectives
After completing this lab, you will have:
Lab Setup
Estimated Time: 35 minutes
Password: Pa$$w0rd
In all tasks:
In references to AdatumAVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN name
that displays in the online lab portal.
LON-DC1
o Sign in as Adatum\Administrator using the password Pa$$w0rd
LON-DS1
LON-CL2
Ensure that you can block all email from IP addresses that you specify.
Ensure that Sales users receive all messages, even if there is a high likelihood that the message is
spam.
Ensure that Exchange Online quarantines all messages for other users if there is a high probability
that the message is spam.
The main tasks for this exercise are as follows:
o Block 192.168.0.0/24
7. Verify that the message sent to Francisco is in quarantine, but the message sent to Kendra is not.
8. Release the message sent to Francisco.
9. On LON-CL2, in Outlook on the web, verify that the message was delivered to Francisco.
Results: After completing this exercise, you should have configured anti-spam and antivirus settings.
o Instant messaging
o Text messaging
o Unified messaging
o Journaling
o Direct file access for private computers.
3. Associate the Limited features Outlook Web App policy with Kendra Sexton.
4. In Outlook, create a new message for Kendra Sexton, and the attach the
C:\Windows\Logs\DISM\dism.log file.
5. On LON-CL2, sign out of Outlook on the web, and then sign in again as
Kendra@AVXXXXa.xtremelabs.us with the password Pa$$w0rd.
6. Verify that Kendra is unable to access the attachment in the new message.
3. Your device will be placed into quarantine, and you must approve the device before you can send and
receive messages.
4. After you configure the Exchange ActiveSync account, the security settings from the mobile device
mailbox policy will apply, and you may be prompted to create a password on your device.
5. When you are done testing, you can delete the account from your mobile device.
Results: After completing this exercise, you should have configured client access policies.
Enabling and Managing Office 365™ 1-57
Objectives
After completing this lab, you will be able to:
Configure Skype for Business Online organization settings.
Lab Setup
Estimated Time: 60 minutes
Password: Pa$$w0rd
In all the tasks, where you see references to AdatumAVXXXX.onmicrosoft.com, replace AVXXXX
with your unique Office 365 name that is displayed in the online lab portal.
Where you see references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN
name displayed in the online lab portal.
This lab requires the following virtual machines: (use only the VMs required for your lab)
LON-DC1
o Sign in as Adatum\Administrator
LON-DS1
o Sign in as Adatum\Administrator
LON-CL1
o Sign in as Adatum\Holly using the password Pa$$w0rd
LON-CL3
Download and install the Skype for Business Online module for Windows PowerShell.
Task 1: Download and install the Skype for Business Online module for Windows
PowerShell
1. On LON-CL1, in Microsoft Edge, connect to http://go.microsoft.com/fwlink/?LinkId=294688.
2. Download and install the Skype for Business Online module for Windows PowerShell.
e. Verify the privacy and push notification settings by running the Get-CSPrivacyConfiguration
and Get-CSPushNotificationConfiguration cmdlets.
2. Use the following commands to enable communication with all federated partners except for litware.com:
$AllDomains = New-CsEdgeAllowAllKnownDomains
$BlockedDomain = New-CsEdgeDomainPattern -Domain "litware.com"
Set-CsTenantFederationConfiguration -AllowedDomains $AllDomains –BlockedDomains
$BlockedDomain
Get-CsTenantFederationConfiguration
1-60 Preparing for Office 365
5. In the Skype for Business admin center, verify the following settings:
o External communications are enabled for all domains except for litware.com.
Results: After completing this exercise, you should have configured Skype for Business Online service
settings.
2. In the Skype for Business admin center, verify that Christie Thomas is not listed as a Skype for Business
user.
3. Edit Maira Wenzel’s Skype for Business user settings to remove the option to record meetings, and to
prevent her from communicating with public Skype users.
4. Edit Francisco Chaves’s Skype for Business user settings to enable him to connect to audio meetings
only.
Enabling and Managing Office 365™ 1-61
2. Open Skype for Business and sign in as Maira@AVXXXXa.xtremelabs.us with the password Pa$$w0rd.
3. On LON-CL1, create a Skype meeting request for a meeting that will start within the next 15 minutes,
and then send the request to Francisco Chaves and Maira Wenzel.
7. On LON-CL1, join the meeting, and then verify that Maira is connected to the meeting.
10. On LON-DC1, open Internet Explorer, and then connect to https://portal.office.com. Sign in as
Francisco@AVXXXXa.xtremelabs.us.
11. Open Mail, and then accept Holly’s meeting request.
12. Open Calendar, and join the meeting, and then install the Skype for Business Web App plug-in.
13. Verify that you can join the meeting and that Holly’s desktop is visible.
14. Close the Internet Explorer window.
Results: After completing this exercise, you should have configured Skype for Business Online user
settings and validated Skype for Business Online functionality.
o Duration: 1 hour
o Access: Secure
o Attendees: Maira Wenzel
2. Open Skype for Business and sign in as Roman@AVXXXXa.xtremelabs.us with the password
Pa$$w0rd.
3. In Outlook 2016, accept the broadcast meeting request from Holly.
4. Join the broadcast meeting. Verify that Roman can join the meeting.
5. Start the broadcast as a content only meeting.
6. On LON-CL4, accept the broadcast meeting request from Holly.
11. Keep the virtual machines running for the next lab.
Results: After completing this exercise, you should have configured a broadcast meeting and verified
that users can join the meeting.
Question: How will you change the Windows PowerShell steps that you ran in the lab if you
want to block all communication with external domains except for litware.com?
Question: Do you think that your organization will use Skype Meeting Broadcast?
Tools
The following tools are covered in this module:
Skype for Business admin center. Accessible from the Office 365 admin center, use this tool to
configure Skype for Business Online service settings and user settings.
Enabling and Managing Office 365™ 1-63
Skype for Business Server Management Shell. Use this tool to configure Skype for Business
Online settings.
The Skype for Business Online module for Windows PowerShell. This provides the Windows
PowerShell commands that are required to configure Skype for Business Online when you use
the
Objectives
After completing this lab, you will be able to:
Configure SharePoint Online settings.
Lab Setup
Estimated Time: 60 minutes
Virtual machines: 20347A-LON-DC1, 20347A-LON-DS1, and 20347A-LON-CL1
User names: Adatum\Administrator for LON-DC1 and LON-DS1 and Adatum\Holly for LON-CL1
Password: Pa$$w0rd
In all of the tasks where you see references to AdatumAVXXXX.onmicrosoft.com, replace AVXXXX
with your unique Office 365 name that displays on the online lab portal.
Where you see references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN
name that displays on the online lab portal.
This lab requires the following virtual machines: (use only the VMs required for your lab)
LON-DC1
o Sign in as Adatum\Administrator
LON-DS1
o Sign in as Adatum\Administrator
LON-CL1
o Sign in as Adatum\Holly with the password Pa$$w0rd
Configure settings.
Configure apps.
Results: After completing this exercise, you should have configured SharePoint Online service settings.
3. In the leftmost side, click Site collections, and create a new site named marketing. Use the
https://AdatumAVXXXX.sharepoint.com/sites/marketing URL, and add Holly as the site
administrator.
Note: It can take a few minutes until the Sharing menu on the ribbon is active. You can speed
this up by refreshing the page by pressing the F5 key.
5. Change the Sharing settings to Allow sharing with all external users, and by using anonymous
access links.
2. Edit the properties of the site, and add Brad Sutton as an additional site collection administrator.
3. Sign in as Brad@AVXXXXa.xtremelabs.us and verify if you are a site collection administrator of the site.
3. Verify that you cannot access the site, and then request access.
4. Connect to https://AdatumAVXXXX.sharepoint.com/sites/marketing.
6. On the Site Permissions page, approve Maira Wenzel’s access request, and then add Perry Brill to the
site members group.
7. Access the site again as Maira and verify that she has access.
Results: After completing this exercise, you should have created and configured SharePoint Online site
collections.
Enabling and Managing Office 365™ 1-67
2. In settings, enable external sharing for authenticated users and users gaining access through
anonymous guest links.
4. Share the document with the Microsoft account you used for setting up your Office 365 trial. Grant the
user edit permissions.
2. Verify that the user can also access and edit the document in the Marketing document library.
3. Close all browser tabs and close the browser.
Results: After completing this exercise, you should have configured a new site collection for external user
sharing, and you should have shared a site and a document with external users.
Best Practices
SharePoint Online offers several configuration options; planning a collaboration solution and configuring
SharePoint Online are tasks that you must do upfront to have a good SharePoint Online environment
where your users can start working with.
1-68 Preparing for Office 365
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 60 minutes
Where you see references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique
UPN name displayed in the online lab portal.
LON-DS1
LON-CL3
o Sign in as Adatum\Roman using the password Pa$$w0rd
Scenario
As a first step in exploring the collaboration options, you will configure Yammer Enterprise for A. Datum.
Yammer Enterprise is enabled by default, so you need to configure the settings and explore the user
experience with Yammer.
The main tasks for this exercise are as follows:
Use Yammer.
Task 2: Configure Yammer service settings, and enforce Office 365 identity
1. Go to Content and Security, and click Security settings.
4. Click Save.
Enabling and Managing Office 365™ 1-71
Results: After completing this exercise, you should have enabled Yammer Enterprise for A. Datum.
8. File Explorer opens and displays the location where the synchronized files will be stored. Verify that the
Word document has been synchronized to the local computer.
2. In Private folder, create a new Word document named Holidays.docx. Open the file, type some text,
save the document, and then close Microsoft Word.
3. In Project A folder, create a new Word document named project targets.docx. Open the file, type
some text, save the document, and then close Word.
4. Verify that both files are synchronized to Office 365.
5. To view the files online, switch to the Microsoft Edge windows, and verify that the two folders with the
files are displayed in OneDrive for Business.
6. In Microsoft Edge, navigate to the folder Private, open the synchronized document Holidays.docx, add
some text in Word Online, and then return to the OneDrive for Business Files site.
7. Switch back to File Explorer, navigate to the folder Private, and then open Holidays.docx. You will see
that the changes made in Word Online are synchronized automatically.
4. Open an InPrivate Microsoft Edge window and connect to Office 365 as Holly. Access Holly’s mail.
5. Verify that you can open and edit the document shared by Roman.
6. In Roman’s online OneDrive for Business folder, stop sharing the document.
Results: After completing this exercise, you should have configured OneDrive for A. Datum.
3. Assign Holly Dickson as the group owner, and Roman Miler as a group member.
5. Switch to the group calendar, and then add an entry named Planning meeting for tomorrow.
10. Join the Planning Group and verify that you see the message and document that Holly created in the
group.
11. Keep the virtual machines running for the next lab.
Results: After completing this exercise, you should have configured Office 365 groups at A. Datum.
Question: If you enforce Office 365 identities in Yammer, what is the impact for Yammer users
with no Office 365 identities?
Question: Which Windows PowerShell cmdlets can you use to create an Office 365 group and
to add the group owner?
Decide if and when you should use Office 365 groups, because they are essential to some of the
Office 365 components.
Review Question
Question: Discuss the differences between Office 365 groups and Yammer and possible use
cases where you need one tool or the other.
Enabling and Managing Office 365™ 1-75
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 75 Minutes
Virtual machines: 20347A-LON-DC1, 20347A-LON-DS1, and 20347A-LON-CL1
Password: Pa$$w0rd
In all the tasks, where you see references to AdatumAVXXXX.onmicrosoft.com, replace AVXXXX with your
unique Office 365 name that is displayed in the online lab portal.
Where you see references to AVXXXXa.xtremelabs.us, replace AVXXXXa with your unique UPN name
displayed in the online lab portal.
This lab requires the following virtual machines:
LON-DC1:
o Sign in as Adatum\Administrator with the password Pa$$w0rd.
LON-DS1:
LON-CL1:
o Sign in as Adatum\Holly with the password Pa$$w0rd.
2. In the Office 365 admin center, in the left side menu, select Settings, click Services & add-ins, the click
Microsoft Azure Right Management.
3. Click Manage Microsoft Azure Rights Management settings, then click activate.
$Cred = Get-Credential
Import-PSSession $Session
6. Use the following command to set the IRM sharing location to the region you are in.
7. Use the following command to configure Azure RMS as a trusted publishing domain.
8. Use the following command to set the IRM configuration for licensed users only.
10. Remove the remote Windows PowerShell session, and then close Windows PowerShell.
3. Open Outlook 2016. Create a new message for Brad Sutton. On the Options tab, click Permission, and
then connect to the Rights Management server to get templates.
4. Click Permission again, apply the Do not Forward policy, and then send the message.
5. In Microsoft Edge, connect to https://AdatumAVXXXX.sharepoint.com/sites/marketing.
7. Enable Information Rights Management (IRM), and then configure a policy with the following settings:
b. Restrict permissions on this library on download
10. Check Brad’s email, and then verify that you received an email from Holly that is IRM protected. Click the
message.
11. Verify that you do not have the option to forward or print the message.
Results: After completing this exercise, you will have configured Rights Management for Exchange
Online and SharePoint Online.
2. In the Office 365 admin center, click Compliance, and then open the Protection Center.
3. In the Protection Center, configure Brad Sutton as a Compliance Administrator and Christie Thomas as
an eDiscovery Manager.
2. Verify that Brad does not have permission to configure SharePoint Online deletion settings. Close
Microsoft Edge.
3. Open Microsoft Edge, and then connect to https://protection.office.com as
holly@AVXXXXa.xtremelabs.us.
4. Access the Retention page, and then select the option to manage document deletion policies for
SharePoint Online and OneDrive for Business.
5. On the Compliance Policy Center page, edit Sample Document Policy by using the following settings:
c. Set the name as Marketing Document Policy.
k. Create a new rule named Delete Messages at 7 years that will permanently delete messages
seven years after they were created.
6. On the Compliance Policy Center page, click Policy Assignments for Site Collections.
7. Apply Marketing Document Policy to the Marketing site collection, and then mark the policy as
mandatory.
8. On the Retention page, under Preserve, create a new preservation policy as follows:
d. Type Retain contract details as the policy name, and then click Next.
m. Make sure that the search locations include Francisco Chaves’s mailbox and the
https://AdatumAVXXXX.sharepoint.com/sites/AcctsProj/ site collection.
2. In the navigation pane, click Security Policies, and then click Data loss prevention.
3. Create a new DLP policy from a template with the following settings:
a. Information to protect: Custom
3. On the Data loss prevention page, click go to the Exchange admin center.
4. Create a new custom DLP policy as follows:
a. Set the policy name as Test DLP policy for email.
c. Create a new rule that will Block messages with sensitive information unless the sender
overrides.
2. Send a new email to your Microsoft account with a subject of Server IP address and a message body of
127.0.0.1.
3. Access Christie’s mailbox, and then verify that she has an In-Place Archive.
4. Verify that she received a notification about the message that Brad sent to your Microsoft account.
Enabling and Managing Office 365™ 1-81
Results: After completing this exercise, you will have implemented the Office 365 compliance features.
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Best Practice
Security enhancement is a continuous process. Good planning and tenant preparation helps to secure
the environment for users.
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 30 minutes
Virtual machines: 20347A-LON-DC1, 20347A-LON-DS1, 20347A-LON-CL1
Password: Pa$$w0rd
In all of the tasks, where you see references to AdatumAVXXXX.onmicrosoft.com, replace AVXXXX
with your unique Office 365 name that displays in the online lab portal.
Where you see references to AVXXXXa.xtremelabs.us, replace AVXXXXa with your unique UPN
name that displays in the online lab portal.
This lab requires the following virtual machines:
LON-DC1:
o Sign in as Adatum\Administrator with the password Pa$$w0rd.
LON-DS1:
2. Go to Outlook on the web, and then create an email to user@alt.none with any subject and body text.
3. Browse to testconnectivity.microsoft.com.
4. Click the Message Analyzer tab, paste the content, and then click Analyze headers.
5. Note the diagnostic information and the time taken for the message to be rejected.
2. In the Microsoft Remote Connectivity Analyzer, on the Message Analyzer tab, analyze the message
header, and then examine the results.
4. Under Delivery status, select Failed, and then click Search. Note the two messages.
5. Note the differences between the message processing events: Receive, Submit, Spam Diagnostics, and
Fail for the nonexistent domain, and Submit, Receive, Spam Diagnostics, and Fail for the nonexistent
user.
Results: After completing this exercise, you should have used the Message Header Analyzer to identify
why email failed to deliver.
1-84 Preparing for Office 365
2. On the menu, access Service Health, and then view the history of the past 30 days for the Exchange
Online service.
3. Click any yellow entry in the calendar to see further details.
o Mailbox usage
o Spam detections
Results: After completing this exercise, you should have monitored the health of Office 365 services and
viewed reports in the Office 365 admin center.
Question: How would you view all the failed messages for a group of users?
Question: What is the first tool you will use to search for service incidents and failures?
Objectives
After completing this lab, you should be able to:
Lab Setup
Estimated Time: 75 minutes
In all tasks, where you see references to AdatumAVXXXX.onmicrosoft.com, replace AVXXXX with
your unique Office 365 domain name displayed in the online lab portal.
Where you see references to AVXXXXa.xtremelabs.us, replace the AVXXXXa with your unique UPN
name displayed in the online lab portal.
LON-DS1
LON-WAP1
LON-CL1
Exercise 1: Deploying Active Directory Federation Services (AD FS) and Web
Application Proxy
Scenario
A. Datum Corporation has decided to deploy AD FS and Web Application Proxy to provide SSO for Office
365. You will start the implementation by installing and configuring the AD FS and Web Application Proxy
roles.
Enabling and Managing Office 365™ 1-87
3. In the AVXXXXa.xtremelabs.us zone, create a host record with a blank name using the external IP
address provided to you by the hosting partner.
4. Create another host record with a blank name using the IP address for LON-DS1 that you recorded in
Step 1.
3. Use Server Manager to access the Add Roles and Features Wizard for installing the Active Directory
Federation Services server role.
4. After installing, in the Active Directory Federation Services Configuration Wizard, configure the following
settings:
o For the SSL Certificate, use the wild card certificate provided by the hosting provider.
o For the Federation Service Name, type AVXXXXa.xtremelabs.us, replacing AVXXXXa with
your unique Adatum domain name.
2. Use Server Manager to access the Add Roles and Features Wizard for installing the Web
Application Proxy role service from the Remote Access server role.
2. In the Web Application Proxy Configuration Wizard, on the Welcome page, click Next.
o Password: Pa$$w0rd
4. Use the wildcard certificate provided by the hosting partner.
4. In Internet Explorer, open the following URL, replacing AVXXXXa with your unique Adatum domain
name, to verify that the federation service is available:
https://AVXXXXa.xtremelabs.us/adfs/fs/federationserverservice.asmx
Note: The expected output is a display of XML with the service description document. If this
page displays, then IIS on the federation server is operational and serving pages successfully.
Results: After completing this exercise, you should have deployed the AD FS server in a federation
server farm, and deployed the Web Application Proxy server to support AD FS.
Results: After completing this exercise, you should have enabled a federation trust between your on-
premises Active Directory domain and Office 365 through your AD FS federation server, and you should
have converted your domain for federated authentication in Office 365.
Course Evaluation
Your evaluation of this course will help Microsoft understand the quality of your learning experience.
Please work with your training provider to access the course evaluation form.
Microsoft will keep your answers to this survey private and confidential and will use your responses to
improve your future learning experience. Your open and honest feedback is valuable and appreciated.