MS-100

Contents
Set Up Microsoft 365 Tenancy and Subscriptions .................................................................................. 2
MS 365 for different Organization ...................................................................................................... 2
Tenancy Meaning in O365 .................................................................................................................. 2
Plan and Create and office 365 Tenant............................................................................................... 2
Office 365 vs Microsoft 365 ................................................................................................................ 2
Users Identity ...................................................................................................................................... 2
Organization Custom Domain ............................................................................................................. 3
To review licenses allocated ............................................................................................................... 3
List of purchased product ................................................................................................................... 3
Plan for O365 On-Premises Infrastructure ......................................................................................... 3
Office 365 web service Josn ................................................................................................................ 3
Planning Identity and Authentication ................................................................................................. 3
Manage Microsoft 365 Subscription and Tenant Health ........................................................................ 4
Monitor Service health ....................................................................................................................... 4
Managing Service health Alerts .......................................................................................................... 4
Creating Service request ..................................................................................................................... 4
Usage Metrics ..................................................................................................................................... 4
Using Office 365 Management Solution OMS .................................................................................... 4
Scheduling Security and Compliance Reports .................................................................................... 5
Identifying Data and Methods for Migration.......................................................................................... 5
Email migration is more complex ................................................................................................... 5
Files and folders migration ............................................................................................................. 5
Skype for business migration .......................................................................................................... 6
Migrating Email to Office 365 ............................................................................................................. 6
Office 365 service Limit ................................................................................................................... 6
Migration Method........................................................................................................................... 6
Planning for Directory Synchronization .............................................................................................. 6
Federated Authentication ............................................................................................................... 7
PHS Password Hash Synchronization .............................................................................................. 7
Pass-Through Authentication ......................................................................................................... 7
Federated authentication ............................................................................................................... 7
Intro
Office 365 is a subscription-based service for popular MS office Tools and services

Access these both in your browser or as client-installed application

O365 also included Identity and authentication services, as well as collaboration tools

Manage users, Licenses and Authentication to 3rd party apps (SSO)

Collaborate with OneDrive, Teams, Skype for business

Set Up Microsoft 365 Tenancy and Subscriptions

MS 365 for different Organization
• Education (Free)
• Home use plan; include both single user and family use
• Business pricing is separated into variety of tiers;

Office.com

Tenancy Meaning in O365

Your overall presence in the Office 365 ecosystem is known as Tenant

Your organization's presence in office 365 is called tenancy

Every User in Office 365 a member of one and only one Tenant (although they can be Guest in
others)

Plan and Create and office 365 Tenant

The most important consideration will be your plan level

- Small business plan (up to 300 users) P

- Enterprise Plan (Unlimited Users)
- Government Plan
- Educational Plan

Office 365 vs Microsoft 365

Ms 365 – Extend feature to the client (E3)

• Device App management

• Identity and access management
• Threat protection
• Security management ….

Users Identity
<user>@<tenant name>.microsoft.com
User’s use this email address as their identity in O365

Organization Custom Domain

Dashboard – Domain – Associate custom domain name

To validate your ownership of a domain name, which types of DNS records can be used?

MX or TXT record

To review licenses allocated

Billing – Subscription – active

Get-azureadsuscribedsku | select -Property Sku*, consumedunits -expandProperty Prepaidunits

List of purchased product

Dashboard- Setup – products

Plan for O365 On-Premises Infrastructure

Organization access to office 365 services will go through Firewalls and proxy servers

• Whitelist Appropriate addresses and ports to Allow traffic

• https://docs.microsoft.com/en-us/office365/enterprise/managing-office-365-endpoints

Office 365 web service Josn

Microsoft offers a JSON-enabled RESTful API that can supply endpoint details to your firewall
automatically.

https://docs.microsoft.com/en-us/Office365/Enterprise/office-365-ip-web-service

Planning Identity and Authentication

Administration can define which Authentication methods are available for users

Authentication Validate you are who claimed to be!

Baseline Authentication

1. User\Password
2. Security Question
3. Email verification

These 3called Self-service password reset (SSPR)

MFA – Multi Factor Authentication

1- MS authentication App
2- OATH Hardware Token

• SMS-Text Message
 • Voice Call

App-Specific password

Identity Provider: the services that performs Authentication

Cloud only - User managed entirely in AZURE AD (O365)

Hybrid; User managed in AD as well as Azure Ad (Azure AD)

Manage Microsoft 365 Subscription and Tenant Health

Monitor Service health
Responsibility for maintaining O365 and infrastructure is entirely Microsoft's

Responsibility for monitoring the health of the service is ours

Dashboard – HEALTH – Service Health

Managing Service health Alerts

Service Alerts allow Microsoft to be Transparent About UP time and outages so you can track current
and historical availability.

Service incident Notification (Alerts) come in two forms

1- Planned Maintenance events (No less than 5 days Prior) and update hourly
2- Unplanned downtime
Dashboard – Health – Message Centre

Creating Service request

First

1- Check docs.microsoft.com
2- Need help?
O365 assistant -interaction Support

Usage Metrics
Which Microsoft tool is used to aggregate and view usage metrics for Office 365?

Power BI (Data visualization tool)

Basic Usage Metrics available in the Admin portal

Dashboard – Report – Usage

Using Office 365 Management Solution OMS

Using Office 365 Management Solution connects O365 tenants to Azure Monitor

- Account usage patterns and behavioural Trends

- Administrator activities and high privilege OPS
- Unwanted user behaviour
- Audit Compliance
To collect data from Office 365 you'll need to add a data connector to which type of workspace.

log Analytics

• The O365 management solution can be added to the subscription through;

1- Create an Office app in Azure Active directory
2- Configure the App for O365 (delegate Appropriate permission to the API)
3- Create a public/private key pair
4- Add admin consent and subscribe to a log Analytics workspace

The recommended method to install and configure the O365 solution is enabling the O365
connector in Azure Sentinel

Azure monitor has been replaced with Azure sentinel

Scheduling Security and Compliance Reports

Dashboard – Reports -Security and Appliances (protection.office.com)

Identifying Data and Methods for Migration

Consider DATA migration to bulk load data into your office 365 tenant from existing sources

3 type of data you can migrate

1- Email
2- Files\Folders
3- Skype for business account

Email migration is more complex

• Exchange deployment assistant
Hybrid
Cloud only

https:// technet.microsoft.com/en-us/exdeploy2013

Migrate email from another IMAP enabled system

User can migrate their own email and contacts (export PSD)

https://docs.microsoft.com/en-us/exchange/mailbox-migration/decide-on-a-migration-path

Files and folders migration

Files and folders in your organization can be migrated from different sources

- Move files to sharepoint online

Sharepoint migration tool
PowerShell
https://docs.microsoft.com/en-us/sharepointmigration/migrate-to-sharepoint-online

- Leveraging OneDrive for cloud file storage

 OneDrive Sync will allow users to customize which files and folders are synced to OneDrive
can be configured for SharePoint

Skype for business migration

- Required an on-perm AD server with Azure AD Connect
- After Skype is configured for hybrid usage, user can be migrated with either
Skype admin control panel
Powershell

https://docs.microsoft.com/en-us/office365/enterprise/migrate-data-to-office-365

Migrating Email to Office 365

- Migrate with exchange server
- Migrate with IMAP enabled service (Gmail, Yahoo, ETC..)
- Self-Service Import by users (PST)

Office 365 service Limit

- Address book limits
- Storage limits
- Retention limits
- Distribution limits
- …

https://docs.microsoft.com/en-us/office365/servicedescriptions/exchange-online-service-
description/exchange-online-limits

Migration Method
1- Cutover Migration
Migrate all on-premises mailbox to O365 quickly (hours or days)
Max 2000 Mailboxes
Recommended 150 for performance reason
2- Staged Migration
Migrate mailboxes in smaller stages over a longer period
3- Hybrid deployment
4- Imap Migration
Allows Migration from 3rd party hosted solution (non-Ms provider)

https://docs.microsoft.com/en-us/exchange/mailbox-migration/office-365-migration-best-
practices

Planning for Directory Synchronization

The most common choice for leveraging O365 is to use a 'Hybrid'

- Use both On-Premises Exchange and exchange online

-Directory Synchronization keeps user accounts current between the two installations ( AD DS -
Azure Ad)

Important question is how to handle Authentication?

1. Managed Authentication –
Azure AD handles Authentication either with password Hashes or by communicating with
on-premises Active directory

Federated Authentication
Azure AD redirects authentication requests to another identity provider (often on perm AD)

PHS Password Hash Synchronization

- Most common way
- Easy to setup
- Simple to implement
- Require for some Azure AD feature (Identity Port)

Pass-Through Authentication
Credential will pass through AD to O365

- All Management occurs on-prem

- No Password Hash in cloud
- Enable stricter security requirements (eg; Log on hours)

Federated authentication
User accounts are Managed On-Premises, synchronized to azure AD, but Authentication is
handled by a 3rd party provider

- Smart cared based Authentication

- 3rd party MFA
- Authentication requirements not supported by AD

Import PST files

PST export outlook data

Mailboxes can be brought over one-by-one using a PST import Feature

PST import feature is fine grained and detailed, and can be enabled for users to self-service migrate

PST files can be uploaded to the cloud or sent via hard disk

https://docs.microsoft.com/en-us/microsoft-365/compliance/importing-pst-files-to-office-
365?view=o365-worldwide

Admin center – Security Compliance – Data governance – New Import Job

Manage Azure AD Identities and Roles

Understanding Identity Synchronization

Identity Synchronization leverages on-premises identity to populate office 365's identity model
Synchronization allows on-premises identities to be pushed to the cloud and then updated and
maintained on a regular basis

The hybrid model allows for both feature-rich Authentication using on-premises active directory as
well as flexible Authentication with office 365

Synchronization is done with the Azure AD connect utility

IDFIX Tools
Download and running IdFix tool prior to running your first Synchronization

IdFix can identify errors or potential issues in your on-premises AD such as duplicates or formatting
errors

Planning Identity Synchronization

1) Server to install Azure AD connect on
I) Windows Server Standard or Enterprise (essential only supports in 2019)
II) Installing on Domain controller is not recommended
III) Full GUI required (not supported on Core)
IV) Server 2008 R2 or later and domain-joined

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-
prerequisites

2) Database for AD connect to use

I) By default will install and manage its SQL server 2012 express local DB (10GB –
100000Objects)
II) SQL Server 2008 R2 or later, Case-insensitive collation, one Sync 'Engine' per instance
3) Password Sync? Or the Federation?

Installing Azure AD Connect

1- Download the utility
2- Installation
- The express setting for a single AD
- Customize

User Sign-in Method

1- Password Hash Synchronization
Password hash synchronization is an extension to the directory synchronization feature
implemented by Azure AD Connect sync. You can use this feature to sign in to Azure AD
services like Office 365. You sign in to the service by using the same password you use to
sign in to your on-premises Active Directory instance.
(password Hashed – Authenticate against O365 without communicating AD on premises)

2- Pass-through Authentication
Azure Active Directory (Azure AD) Pass-through Authentication allows your users to sign in
to both on-premises and cloud-based applications using the same passwords. ... When users
sign in using Azure AD, this feature validates users' passwords directly against your on-
premises Active Directory.

3- Federation with AD FS
 4- Federation with PingFederate
5- Do not configure
6- Enable single sign-on

Key benefits of using Azure AD Pass-through Authentication

• Great user experience
o Users use the same passwords to sign into both on-premises and cloud-based
applications.
o Users spend less time talking to the IT helpdesk resolving password-related issues.
o Users can complete self-service password management tasks in the cloud.
• Easy to deploy & administer
o No need for complex on-premises deployments or network configuration.
o Needs just a lightweight agent to be installed on-premises.
o No management overhead. The agent automatically receives improvements and
bug fixes.
• Secure
o On-premises passwords are never stored in the cloud in any form.
o Protects your user accounts by working seamlessly with Azure AD Conditional
Access policies, including Multi-Factor Authentication (MFA), blocking legacy
authentication and by filtering out brute force password attacks.
o The agent only makes outbound connections from within your network. Therefore,
there is no requirement to install the agent in a perimeter network, also known as a
DMZ.
o The communication between an agent and Azure AD is secured using certificate-
based Authentication. These certificates are automatically renewed every few
months by Azure AD.
• Highly available
o Additional agents can be installed on multiple on-premises servers to provide high
availability of sign-in requests.
Feature highlights
• Supports user sign-in into all web browser-based applications and into Microsoft
Office client applications that use modern Authentication.
• Sign-in usernames can be either the on-premises default username
(userPrincipalName) or another attribute configured in Azure AD Connect (known
as Alternate ID).
• The feature works seamlessly with Conditional Access features such as Multi-Factor
Authentication (MFA) to help secure your users.
• Integrated with cloud-based self-service password management, including password
writeback to on-premises Active Directory and password protection by banning
commonly used passwords.
• Multi-forest environments are supported if there are forest trusts between your AD
forests and if name suffix routing is correctly configured.
• It is a free feature, and you don't need any paid editions of Azure AD to use it.
• It can be enabled via Azure AD Connect.
• It uses a lightweight on-premises agent that listens for and responds to password
validation requests.
• Installing multiple agents provides high availability of sign-in requests.
 • It protects your on-premises accounts against brute force password attacks in the
cloud.
Federation
ADFS & WAP servers are
ADFS Requirement
required
AD Connect
Requirement
Yes
AuthN Agent No
Azure AD redirects you to
ADFS as the authentication
domain configured as
federated domain. ADFS
How it works
server authenticate the
User with AD and return a
security token to
authenticate with Azure AD
Yes, via On-Premise AD
Single Sing On (SSO)
credential
Yes, when device connected
Seamless SSO
to AD
Password Remains In On-Premise
On-Premise ADFS or
MFA Support
through Azure AD
On-Premise ADFS or
Conditional Access
through Azure AD
HA for Depends on the ADFS
Authentication
infrastructure
Account lockout in
On-Premise
Immediate effect
Disable On-Premise
AD Account
Reflect when sign-in occurs
Authenticates to
Azure AD
Security Token from ADFS
• Password maintained in On-
Advantages
Premise
Password Hash
Sync
Not Required
Yes
No
AD Connect sync the Hash
of the Password Hash in
Azure AD and Azure AD
accepts both the user name
and password validate it
with the synced hash.
No
Yes, when device connected
to AD
Azure AD
Azure AD
Azure AD
Available in azure AD
Still be active in the cloud
Reflect to Azure AD on the
next sync cycle
User Name & Password
• Cost effective & Easy to
deploy
Pass-Through
Not Required
Yes
Yes. Installed on AD
Connect server or
member server
Azure AD accepts the
user name and password
and send it On-Premise
AuthN agent server
which will authenticate
with AD and return the
successful
Authentication to Azure
AD
Requires seamless SSO
enabled
Yes, when device
connected to AD
In On-Premise
Azure AD
Azure AD
Depends on AuthN agent
deployments
Immediate effect
Reflect when sign-in occurs
Kerberos Token
• No need of ADFS deployment
• Cloud Authentication
 • On-Premise MFA • Cloud Authentication & • Seamless SSO.
• On-Premise Conditional Access scalability • Simple deployment of AuthN
Support • Identity Protection agent.
• Seamless SSO. • User to remember one • HA for AuthN agent.
password • Automatic certification roll
• Ability to login cloud over
service even if AD down.

• Authentication prompt
when switching
• Doesn't provide cloud applications.
authentication scalability. • HA to be setup On-Premise
• No granular logon • Password gathered at Azure
Disadvantages • Identity Protection required P2
restrictions. AD
License.
• Azure AD Premium license
• SSL requirement.
required for self-service
password reset.

Which property in Active Directory is used to match with a verified domain in Office 365?

UPN suffix

Configuring Password Sync and Filtering

Changing Confioguration under Azure AD coonect

1- Lunch Azure Ad connect

2- Configure
- View current configuration
- Customize Sync options
- Configure device options
- Refresh directory Schema
- Configure staging mode
- Change user sign in
- Manage federation
- Troubleshoot

If there are conflicting password complexity requirements between your on-premises Active
Directory and Azure Active Directory, which of the following happens?

The on-premises AD rules override the Azure AD rules

Understanding the Sync Service Manager

Azure Ad connect Sync, Maintains a "Metavers" of all objects and Two "connector spaces" for each
directory

The Key to Matching objects is the "Source Anchor"

Synchronization sevice Manager on the AD – Sever

In details look

1- Connectors
 - Properties

The immutable attribute used to identify an identity even as other attributes are change uniquely is
known generally as SOURCEANCHOR

Managing the Synchronization Scheduler

Ther is no GUI to setup

PS

Get-AdSyncScheduler Basic default details

Set-ADSyncScheduler -CustomizedSyncCycleIntervale 03:00:00

Set-ADSyncScheduler -SynCycleEnabled $false

Start-ADSyncCycle -PolicyType Delta

Delta means just update the changes

Which PowerShell cmdlet will start a synchronization cycle?

Managing Azure AD Connect Health

This service is installed part of the AD installation process

Service

1- Azure AD connect Health Sync insights Service

2- Azure AD Connect Health Sync Monitoring Sevice

Azure AD connect needs one premume License P1 and assign to the user

Implementing Multi-Forest Scenarios

- Azure AD does not support Multi-Sync Servers to one tenant
- Identities should be represented once and only once in Azure AD

AD Connect Default configuration

- Ech user\Identity has only one enabled Account and its located in thr Authenticating forest
- UPN UserPrincipalName and the source anchor comes from this forest
- Each user has only one mailbox, in the forest with the best Global Address List GAL data for
the user

Manage Azure AD Identities and Roles

Managing and Importing Users
Which of the following are valid options for bulk importing users?
1- PowerShell
2- Home-Active user- Import - CSV

Managing Passwords and SSPR

Auto Generate is more secure

The ideal is Self Service Password Reset (it is not enabled by default)
Enable SSPR
Azure AD admin center – Self Service password reset – Enabled

1- Create a group
2- Add Members (depends on the subscription -Cloud users\On promises)
3- Configuration

SSPR needs MFA

Creating and Managing Groups

Assigning permissions and users to groups or roles is known as which of the following?

RBAC = Role-Based Access Controls

Group Licensing is available under Azure AD to assign Security groups

Creating Access Reviews

Portal.azure.com

Identity Governs- Access reviews – on-boarding access review (p2 License needed) – New access
review

Managing Administrator Roles

The principal of Least Privilage; users should have as much as a privilege as required to perform their
task, Admin Users with Specific Permissions

To setup;

Active users – edit user, edit user roles – customize administrator

Assigning the fewest permissions required for a user to perform their job is known as which of the
following? the principal of Least Privilege

Delegating Administrator Rights

Proper delegation means identifying roles

• Tasks Performed Routinely

• Tasks with limited Risk
• Functions that require "Trivial" works
• Establish emergency/firecall Accounts
• Temporarily elevate permissions as needed

Enforce best practices for all admin accounts

Azure’s baseline security policy handles – Enable

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-
security-defaults

www.portal.azre.com

baseline policy
Configuring RBAC with Azure AD
To manage the security, it is better to create a group and assign permissions to the groups

And add members

• Reader; has view-only permissions

• Contributor; can update and access that resources
• High-level access (add and revoke access)

Portal.azure.com

Ex: Subscription – IAM Access control – add role assignment

Planning Security and Compliance Roles

1- The principal of Least Privilege
2- RBACK (role Groups)
We need Admin users with Specific Permissions – Assign users to roles and, roles have the
permissions

Under the permissions Panel

Role Groups
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/permissions-
in-the-security-and-compliance-center?view=o365-worldwide

The Office 365 Security and Compliance center provides default role groups for internal
Microsoft Office 365 services only. True or false? False

Manage Authentication and MFA

Devils in the Details

Username is: who? Password is: Verification

The act of a system validating that the user has entered the correct password is known as;
Authentication

Authentication Methods in Office 365

Authentication Method Usage
Password MFA and SSPR
Security Questions SSPR
Email address SSPR
MS authentication app MFA and public preview for
SSPR
OATH hardware token MFA and public preview for
SSPR
SMS MFA and SSPR
Voice Call MFA and SSPR
App Password MFA only in some instances
 Method Primary Authentication Secondary
Authentication
Password Yes
Microsoft Authenticator app Yes (preview) MFA and SSPR
FIDO2 security keys (preview) Yes MFA-only
OATH software tokens No MFA
OATH hardware tokens (preview) No MFA
SMS Yes (preview) MFA and SSPR
Voice call No MFA and SSPR
Security questions No SSPR-only
Email address No SSPR-only
App passwords No MFA only in certain cases

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-
methods

Portal.azure.com

1- Azure active directory – Security panel – Authentication Method

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-
deployment-plans

2- Azure AD – password reset

Monitoring Authentication
Sign in monitoring and alerts

Portal.azure.com

Dashboard – Monitoring

- Sign in
- Audit logs
- Logs
- Diagnostic settings
- Workbook
- Usage and inside

Dashboard- Azure AD protection- (Investigate) User flagged for risk

Risk events include multiple logins from new, disparate geographic locations.

Configuring Multi-Factor Authentication (MFA)

Two steps

1- Create the policy by Administrator

2- User register for MFA

i) Admin center – Office 365 - active user – edit user – Manage multi-factor Authentication
ii) Admin Center – Azure AD – Users – Multi-Factor Authentication
 Baseline Policy
Azure AD – Security – Conditional Access – Policies

Which Azure AD Feature can be used to apply MFA to a group in Azure AD?
Conditional Access Policy

The best practice is using Conditional Access policy

Admin Center – Azure AD- Conditional Access Policy – Create a New Policy – Assign to users
or groups

MFA configuration
Azure AD – MFA – Settings

Lockout timer – block\unblock – Fraud Alert - …

Application Deployment
Registering Applications with Azure AD
Register application with Azure AD to leverage security and identity features from office 365.

- A single set of credentials

- Single-sign on
- Multi-factor Authentication MFA
- Conditional Access Policies
- Automatic User Provisioning

Which applications can you register? All of EM

- Azure AD app marketplace has thousands of apps pre-configured for Azure AD integration
- your non-gallery can be easily integrated
- an on-premises application can leverage cloud identities and sso

How does it do that? (Authentication method)

• OAUTH 20 and openID Connect

• Security Assertion Markup Language(SAML)
• Password-Based Single-Sign-On (SSO)
• Integrated Windows Authentication (IWA) using Kerberos constrained Deligation

Adding Enterprise Application

Admin.Microsoft.com

Enterprise application – All applications – add an application

Setting up an application to use SAML authentication requires specific URLs configured both in the
application and in Azure AD

Application proxy Provides secure, remote Access to On-Premisses WEB Applications from an
external URL

- Provides Access through O3654 Portal

- Leverage Azure Auth controls such as conditional Access and MFA
- Replaced needs for reverse proxy or WAP
Azure AD Application Proxy relies on,

1- URL endpoint
2- Azure AD Authentications user
3- App proxy Service (on Az AD) passes token to app proxy connector
4- App Proxy Connector Manages communication between App proxy Service and local
application

A connector server to host the app proxy connector:

- Close to the app hosting server

- Does not need to be in the DMZ
- Need 80 and 443 outbound enabled to O365 URLs
- Has TLS 1.2 Enabled

Creating B2B Accounts

Business to Bussiness account (B2B) accounts are user accounts from external systems that have
access to resources in your Office 365 tenancy

- Users from – Partner organization, temporary contractors, external individuals, etc..

- Can be Sync’d from on-premises AD (as Guest Account)
- Can be graind licenses to all O365 resource, leverage authentication policies(ex; MFA and
SSO) for all applications added to your azure portal
- Have a usertype attribute of Guest

Portal.azure.com
Users- New guest user – Send invitation email
You can disable the ability for Guest users to list out users in your directory
Azure Ad – Setting – External Collaboration settings

Deploying Office Software

User can install directly from their Dashboard

Restriction;

Dashboard- Office Software – Setting

Using the Office Deployment Tool

The Office Deployment Tool ODT is a software Package that allows Admins to manage a local
installation of the Office proplus desktop application

- Create a local Download source for end-users to install from, instead of downloading over
the internet for each user
- Configure which application is allowed to be installed
- Pre-download specific language pack files

ODT is composed of two Pisces

1- Configuration.xml -The config file defining desire options for installation

2- Setup.exe – Creates the local installation source based on configuration.xml

https://docs.microsoft.com/en-us/DeployOffice/overview-office-deployment-tool
 Config.office.com

PowerShell
- The Command-Line scripting Language of Windows
- (Bash for Linux)
- Admin portal Reveles 85 – 90% of configuration
- PowerShell can Reveal information or features not available in the admin portal.
- Ideal for Bulk Task or working with data in large quantities
- Processes can be saved as repeatable

Powershell ISE

1- Install azure AD module

Install-Module -Name AzureAD
2- Connect-AzureAD
3- Now you can run your commands EX: GetAzureAdUser

Managing Licenses and User Accounts with PowerShell

Get-AzureADSubscribedSKU

Get-AzureADSubscribedSKU | Property sku*

Get-AzureADUser

Get-AzureADGroup

New-AzureADGroup

https://docs.microsoft.com/en-us/microsoft-365/enterprise/manage-user-accounts-and-licenses-
with-microsoft-365-powershell?view=o365-worldwide

You can use the PowerShell pipe feature with Office 365 cmdlets

Get-AzureAdApplication

New-AzureADApplication

User objects are assigned an app role on which type of object?

A principal service object

Service Principal represents Security Get-AzureADServiceprinciple

Object ID : is ServicePrinciple Identifier

To configure your Office Deployment Tool parameters, which technology is used?

 Questions
1- view a last of the features that were recently updated in the tenant.?

Message center in the Microsoft 365 admin center

users from your company can invite external users to access files on the SharePoint sites. You need
to ensure that the company users can invite only authenticated guest users to the sites. What should
you do?

From the SharePoint admin center, configure the sharing settings

verify whether all the Authentication Agents are used for authentication

From the Azure portal, use the Troubleshoot option on the Pass-through authentication page.

external access to the application. The solution must support multi-factor authentication

A. From an on-premises server, install a connector, and then publish the app.

B. From the Azure Active Directory admin center, enable an Application Proxy.

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-add-
onpremises-application

ensure that an administrator named Admin1 can view all the sign in details of User 1

from the past 24 hours.

A. Security administrator

B. Password administrator

C. User administrator