Professional Documents
Culture Documents
MS-900 Exam Prep - Microsoft 365 Fundamentals
MS-900 Exam Prep - Microsoft 365 Fundamentals
1|Page
MS-900 Exam Prep: Microsoft 365 Fundamentals
2|Page
MS-900 Exam Prep: Microsoft 365 Fundamentals
Contents
PREFACE ...................................................................................................................................... 6
Who this Book is For .................................................................................................................. 6
What this Book Covers ............................................................................................................... 6
To Get the Most out of this Book................................................................................................ 7
Get in Touch ................................................................................................................................ 8
BASIC CLOUD CONCEPTS ...................................................................................................... 9
Cloud Computing Principles ....................................................................................................... 9
Funding Models and Compute Costs ........................................................................................ 10
Cloud Computing Models ......................................................................................................... 12
Cloud Service Types ................................................................................................................. 13
Cloud Computing Benefits ........................................................................................................ 15
Chapter Review: What You’ve Learned ................................................................................... 16
KEY MICROSOFT CLOUD OFFERINGS ............................................................................ 17
Microsoft Azure ........................................................................................................................ 17
Microsoft 365 ............................................................................................................................ 18
Other Cloud Solutions ............................................................................................................... 20
Chapter Review: What You’ve Learned ................................................................................... 20
CORE MICROSOFT 365 SERVICES AND CONCEPTS ..................................................... 22
Windows 10 Enterprise ............................................................................................................. 22
Exchange Online ....................................................................................................................... 24
SharePoint Online ..................................................................................................................... 25
Microsoft Teams ....................................................................................................................... 26
Microsoft InTune....................................................................................................................... 27
Other Services in Microsoft 365 ............................................................................................... 28
Office 365 ProPlus .................................................................................................................... 28
Exchange Online vs Exchange Server ...................................................................................... 30
SharePoint Online vs on-premises SharePoint Server .............................................................. 31
Chapter Review: What You’ve Learned ................................................................................... 31
DEPLOYING WINDOWS 10 AND OFFICE 365 PROPLUS ............................................... 33
Planning Deployments .............................................................................................................. 33
Windows 10 Deployment Options ............................................................................................ 35
3|Page
MS-900 Exam Prep: Microsoft 365 Fundamentals
4|Page
MS-900 Exam Prep: Microsoft 365 Fundamentals
5|Page
MS-900 Exam Prep: Microsoft 365 Fundamentals
PREFACE
The shift to the cloud is now in full swing. That being the case, it is critical that, as an IT
professional, you remain ahead of the curve by learning about the technologies that are in
demand. IT professionals that do not will quickly find themselves sidelined and a new crop of
cloud-centric engineers emerges.
I chose to focus on Microsoft 365 in this book because the Microsoft 365 offering features many
products and services that are now in demand. Whether it’s Windows 10 Enterprise, Office 365
ProPlus, Enterprise Mobility + Security, or any of the numerous underlying sub-services and
features, it’s critical that you understand them all – because if you can’t effectively plan, deploy,
and manage all aspects of the Microsoft 365 suite, you’ll be left behind.
Focusing on the Microsoft 365 suite has allowed me to create a book that not only teaches you
how to plan, deploy, and manage Microsoft 365, but it also prepares you for the Microsoft 365
Fundamentals certification exam.
6|Page
MS-900 Exam Prep: Microsoft 365 Fundamentals
how it differs from Office 365. We’ll also look at some of the core benefits of Microsoft 365 and
at the similarities among Amazon AWS, Google Cloud, and Microsoft Azure.
In Chapter 3, we'll cover the core services that are available to Microsoft 365 subscribers. You'll
learn about Windows 10 Enterprise, Exchange Online, and SharePoint Online. As you work
through Chapter 3, you’ll also learn about Microsoft Teams, Microsoft Intune, and several other
Microsoft 365 services. We’ll round out the chapter with Office 365 ProPlus and the differences
between the on-prem versions of Exchange and SharePoint with their cloud-based counterparts.
Chapter 4 will introduce you to deployment planning and deployment options for both
Windows 10 and Office 365 ProPlus. We’ll also cover Windows-as-a-Service, Office 365
ProPlus updates, and Office 365 licensing and activation.
Chapter 5 is essentially the halfway point of this book. In this chapter, we’ll cover unified
endpoint management, where you’ll learn about device management and the various Enterprise
Mobility + Security components.
In Chapter 6, you’ll learn about teamwork in Microsoft 365. We’ll cover ways that Microsoft
365 facilitates teamwork and at the analytics options in Microsoft 365.
Chapter 7 introduces you to security fundamentals in Microsoft 365. In this chapter, we’ll cover
the four pillars of protection, identity and access management, and threat protection in Microsoft
365. We’ll also cover information protection concepts and security management in Microsoft
365.
In Chapter 8, we’ll get into Microsoft 365 security features. You’ll learn about identity and
access in Microsoft 365 and about threat protection in Microsoft 365. We’ll also cover the
Microsoft 365 Security Center and the Secure Score.
Chapter 9 represents the home stretch. In this chapter, you’ll learn about compliance in
Microsoft 365. We’ll cover the Service Trust Portal, Compliance Manager, and the Microsoft
Compliance Center.
Winding things down in Chapter 10, we’ll dive into Microsoft 365 pricing and support, where
you’ll learn about the various Microsoft 365 subscription options and about managing Microsoft
365 licenses. We’ll round out the chapter with billing and support in Microsoft 365.
By the time you finish this course, you should have a foundation level understanding of
Microsoft 365 and you should be able to pass the MS-900 exam.
7|Page
MS-900 Exam Prep: Microsoft 365 Fundamentals
Get in Touch
Be sure to connect with me! You can find me on LinkedIn. I also run labITout.com, the website
that IT professionals use to learn how to deploy real-world IT solutions.
8|Page
MS-900 Exam Prep: Microsoft 365 Fundamentals
CHAPTER 1
BASIC CLOUD CONCEPTS
Welcome to Basic Cloud Concepts! In this chapter, we're going to cover several topics. We're
going to start off with the principles of cloud computing, and then we'll dive into funding models
and compute costs. We’ll then discuss the different cloud computing models and cloud service
types. We’ll round things out by looking at the benefits of cloud computing.
Exchange Online is a cloud-based version of the on-prem Microsoft Exchange offering. This
offering provides services such as email, calendar, and contact sharing. Teams, which has
replaced Skype, provides instant messaging services for end users, along with computer-to-
9|Page
MS-900 Exam Prep: Microsoft 365 Fundamentals
computer audio and video calls. It also facilitates document sharing and collaboration among
team members.
Productivity services like Microsoft Office 365 facilitate collaboration among team members.
Search services offer search functionality (no surprise). This search functionality can be
integrated into custom applications. The Azure Search service, quite obviously, would be a prime
example of search services that are offered.
Storage services, not surprisingly, provide a platform that organizations can use to store data.
Storing data in Azure makes it more easily accessible by users from all kinds of devices.
Microsoft Azure Storage and Microsoft OneDrive for Business are two good examples of storage
services that Microsoft makes available.
10 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
Storage costs usually include all storage-related hardware components as well as the cost of
supporting that hardware. In larger organizations, these costs can become quite large – and as
was the case with server costs, storage costs also fall into the CapEx bucket.
Network costs include networking hardware such as cabling, switches, routers, and the like.
WAN connections and internet connections also fall under network costs. These network
hardware expenses fall into the CapEx bucket, just like storage hardware and server hardware
costs.
Backup and archive costs are generally split between CapEx and OpEx. While the hardware
costs associated with a backup and archive infrastructure fall under CapEx, consumables like
tapes and backup maintenance support typically full under OpEx.
Business continuity and disaster recovery costs are usually considered mostly CapEx, because
they typically include redundant hardware, backup generators, and even redundant datacenters.
However, the infrastructure and personnel costs are typically considered OpEx.
Datacenter infrastructure costs, like electricity, floor space, and cooling, are generally
considered OpEx expenses.
Technical personnel, or IT staff, is considered an OpEx cost.
Cloud Compute Costs
So, what about cloud computing costs? Which buckets do these costs fall into?
Instead of physical hardware and datacenter costs, cloud computing incurs different costs, which
for accounting purposes, are all OpEx. These costs include things like VM leases, software
leases, and charges incurred as a result of scaling out.
11 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
VM leases are considered OpEx because the cost is usually based on the pay-per-use model. The
same thing goes for software leases.
Scaling charges that are based on demand instead of fixed hardware or capacity are usually
billed as you go as well. That being the case, these charges also fall under OpEx.
So, as you can see, the lion’s share of computing costs is suddenly switched to OpEx when an
organization moves to the cloud.
12 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
as they are needed. And last, but not least, public clouds offer high reliability because they rely
on a vast network of underlying hardware.
Private Cloud
A private cloud is a cloud environment that you deploy into your own datacenter. You manage
the cloud hardware and you provide self-service access to your compute resources to the users in
your organization. A private cloud is essentially a simulation of a public cloud as far as your
users are concerned. However, your organization is 100% responsible for the purchase and
maintenance of the underlying hardware and the services that you provide.
Although they are more expensive than public clouds, private clouds offer more flexibility over
their public counterparts because they can be customized to meet specific business needs – and
because the resources within a private cloud are not shared with other organizations, they offer
improved security as well. Private clouds also offer similar scalability and efficiency to that of a
public cloud.
Hybrid cloud
A hybrid cloud is essentially a combination of a public and a private cloud. Hybrid clouds allow
organizations to run their applications in whichever location is most appropriate. A typical use
case for a hybrid cloud would be a situation where an organization wants to host a public-facing
website in the public cloud that connects back to a secure database that’s hosted in the private
cloud, or even in an on-prem datacenter.
Organizations will often deploy hybrid clouds when they need to protect sensitive data or when
they wish to extend the capabilities of their on-prem systems. For example, an organization that
needs to run an application that will only run on an older OS or on older hardware, might opt to
keep the old system running locally, but connect it to the public cloud for authorization or
storage.
Hybrid clouds can also be used to reduce data protection costs. For example, if your organization
needs to deploy a PKI and Information Rights management infrastructure to protect its data, the
cost of doing so locally might be quite high. However, enabling these features from the cloud
will allow you to protect both your cloud and on-prem data and documents.
Some key advantages of the hybrid cloud model include increased control, the ability to leverage
resources in the public cloud when they are needed, and a cost-effective way to scale out to the
cloud when needed. A hybrid cloud also eases the transition of your workloads to the cloud.
However, there are a couple caveats to consider when thinking about deploying a hybrid cloud.
Not only is a hybrid cloud more complicated to setup and manage, but it’s often more expensive
than choosing just one model – be it public or private.
13 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
Infrastructure-as-a-Service (IaaS)
Infrastructure-as-a-Service, or IaaS as it is known, is the most flexible cloud service type
available, because it provides you with complete control over the underlying hardware that runs
your application. Instead of purchasing physical hardware like servers, switches, routers, and
such to host your app, infrastructure-as-a-service allows you to you rent it.
While infrastructure-as-a-service offers more control, due to the associated hardware costs, it is
not a good solution for organizations that are interested in minimizing their infrastructure and
application maintenance costs.
Platform-as-a-Service (PaaS)
Platform-as-a-Service, or PaaS, provides organizations with a platform they can use to build,
test, and deploy software solutions on. That being the case, platform-as-a-service is not usually a
good fit for organizations that require a service like Exchange Online, which is already fully
developed.
The purpose of platform-as-a-service is to allow organizations to create applications quickly,
without having to deal with the deployment or management of any underlying infrastructure. For
example, an organization that deploys a web application using platform-as-a-service can do so
without having to install an operating system or even the web server software itself. The
organization won’t even have to worry about system updates.
Software-as-a-Service (SaaS)
Software-as-a-Service refers to software that is centrally hosted and managed for the customer.
This service type typically provides the same version of the software or application to all
customers. The software or application usually runs on-demand in either a web browser or via
Remote Desktop Services. It’s usually licensed via a monthly or annual subscription, and
because it’s accessed remotely over the internet, it usually doesn’t require deployment or any
ongoing maintenance.
Services like Microsoft 365 and Exchange Online are typical examples of software-as-a-service
offerings because they deliver software products over the internet, on a subscription basis.
14 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
15 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
systems that support the Blue Widget Corporation, it is the cloud provider that will ensure the
hardware is always the latest and greatest.
Reliability
Organizations obviously require reliable IT solutions. If the IT infrastructure of an organization
is not solid, this will often negatively affect the organization’s earnings. By leveraging cloud
computing, organizations can be sure that their data is always available and that their
applications are always running.
By leveraging cloud computing, organizations can focus on their core businesses, instead of
dealing with IT management tasks - and they can do so while reducing their IT costs. This is
what makes cloud computing so attractive.
16 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
CHAPTER 2
KEY MICROSOFT CLOUD OFFERINGS
Welcome to Key Microsoft Cloud Offerings. In this chapter, we are going to take a look at
Microsoft Azure, Microsoft 365, and even some other cloud platforms.
You’ll learn what Microsoft Azure is and about key services that it provides. We’ll take a look at
Azure Active Directory, Azure Information Protection, Azure Backup, and the Azure Content
Delivery Network. We will also talk a little bit about Azure Key Vault, Multi-Factor
Authentication, Azure Virtual Machines, and Azure Virtual Networks.
Next, we will cover Microsoft 365. We are going to talk about what Microsoft 365 is, about
some of its key offerings, and how it differs from Office 365. We’ll also look at some of the core
benefits of Microsoft 365.
We’ll wrap this chapter up by looking at the similarities among Amazon AWS, Google Cloud,
and Microsoft Azure.
By the time we finish this section, you should have a pretty good understanding of what
Microsoft Azure brings to the table, what Microsoft 365 brings to the table, and how AWS and
Google are similar to Microsoft.
Microsoft Azure
Azure is Microsoft’s cloud computing platform. Organizations use it to deploy and manage
applications and services. It’s hosted by a global network of Microsoft managed data centers.
Leveraging Microsoft Azure allows organizations to deploy, in days or weeks, solutions that, at
one time, took months to deploy.
While Microsoft Azure offers well over 100 different services, some are more important than
others.
Azure Active Directory, for example, is used for identity management and access control for
cloud applications and resources. You can even synchronize Azure AD with traditional on-prem
Active Directory domain controllers. Azure AD also offers single sign-on, or SSO, capabilities
that allows you to simplify access to cloud applications for your users by allowing them to login
to all apps and resources using a single set of login credentials.
Azure Information Protection, or AIP, is an offering that allows organizations to use encryption,
identity, and authorization policies to protect their sensitive information.
Azure Backup can be used to backup machines to the cloud and to restore from the cloud.
The Azure Content Delivery Network allows organizations to provide content to its users,
regardless of their location in the world, through a network of global data centers. The purpose of
17 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
the content delivery network is to allow delivery of this content with minimal latency and
increased availability.
Azure Key Vault is used to protect and manage keys, certificates, and other secrets in Azure.
These secrets can be protected using hardware security modules, or HSMs.
Multi-Factor Authentication is another key offering available through Azure. It allows you to
configure multiple methods of authentication, which, in turn, helps prevent unauthorized access
to not only cloud applications, but also to on-prem applications.
Virtual Machines and Virtual Networks are two of the staples of Microsoft Azure. They allow
you to create virtual networks within Azure and to deploy Windows servers and Linux servers in
Azure, and to connect them to your virtual networks. Your virtual networks can then be
connected to on-prem networks through various VPN connections.
To read more about the many different Azure services that are available, visit this URL.
Microsoft 365
Microsoft 365 is actually a collection of three
main products, each of which consists of its own
sub-collection of products and services. When
you purchase a Microsoft 365 subscription, you
get Office 365 Enterprise, Windows 10
Enterprise, and Enterprise Mobility + Security,
or EMS.
Office 365 Enterprise includes Office 365
ProPlus, which is Microsoft’s suite of the latest
office apps for PC and Mac. Office 365 ProPlus includes things like Microsoft Word, Excel,
PowerPoint, and Outlook. It also includes several online services for email, file storage,
collaborations, and meetings.
Windows 10 Enterprise is Microsoft’s flagship desktop operating system (you probably already
knew this). It features robust deployment, device management, and application management
features.
Enterprise Mobility + Security allows organizations to more effectively manage and protect its
users, devices, apps, and data in a mobile centric cloud environment. EMS includes Microsoft
InTune, Azure AD Premium, and Azure Rights Management.
Microsoft 365 versus Office 365
The terms “Microsoft 365” and “Office 365” are often used interchangeably.
Office 365 is a productivity suite that bundles several productivity tools into a software-as-a-
service model. As I mentioned earlier, Office 365 includes the latest office applications and some
other online services.
18 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
Microsoft 365, however, is different. It’s actually a larger offering, that includes Office 365
Enterprise, Windows 10 Enterprise, and EMS. You can view Microsoft 365 as an umbrella of
offerings, under which Office 365 falls.
Microsoft 365 Benefits
Because it’s an umbrella of services that includes Office 365, Windows 10 Enterprise, and
Enterprise Mobility and Security in a single subscription, Microsoft 365 helps organizations in
several different areas.
Creativity
The powerful capabilities of Microsoft 365 can be used by users to create slick presentations,
mixed-reality experiences, and other high-quality content. With its AI-powered tools, Microsoft
365 also helps organizations turn data into actionable insights.
Teamwork
Microsoft 365, as you would expect, also provides several tools that can be used to facilitate
teamwork and collaboration within organizations. A tool like Microsoft Teams, for example,
allows users to collaborate in real time. It allows them to chat, hold meetings, and even share
files and applications.
Users can leverage Microsoft Outlook to access, email, calendars, contacts, and documents.
SharePoint Online is another collaboration tool. It allows users to share things like news,
applications, and even resources across the organization by building portals and dynamic sites.
OneDrive for Business provides users the ability to securely share files and to track versioning
history.
Simplicity
Because Microsoft 365 allows organizations to centrally provision, deploy, and manage all of
their devices, whether they are mobile devices or PCs, Microsoft 365 vastly reduces IT
19 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
complexity and lowers costs. It helps organizations become more agile as a result. Leveraging
cloud security allows organizations to improve their security posture, while allowing them to
administer their applications, their services, their devices, their data, and their users, all from a
single web-based admin portal.
Security
Microsoft 365’s holistic approach to security allows organizations to protect users, devices,
applications, and data. Its built-in intelligent security protects organizations against threats and
even offers automated remediation of many of those threats.
20 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
At this point, you should have a pretty good understanding of what Microsoft Azure brings to the
table, what Microsoft 365 brings to the table, and how AWS and Google Cloud are similar to
Microsoft.
Click here for the full 3-hour video course.
21 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
CHAPTER 3
CORE MICROSOFT 365 SERVICES AND CONCEPTS
Welcome to Core Microsoft 365 Services and Concepts. In this chapter, we are going to cover
the core services that are available to Microsoft 365 subscribers.
We’re going to start off by taking a look at Windows 10 Enterprise, where we’ll review the
different features and benefits it offers. We will then take a look at Exchange Online and the
features and benefits that it brings to the table. After covering Exchange Online, we’ll dive into
SharePoint Online and it’s features and benefits.
Next, we’ll look at the benefits and of Microsoft Teams and of Microsoft InTune. We’ll look at
the ways that Teams facilitates collaboration, and at how Microsoft InTune facilitates
management of mobile devices.
Later on, we’ll touch on several other services in Microsoft 365. We’ll quickly review services
such as Yammer, Project Online, Office Visio Pro for Office 365, and several other Microsoft
365 services.
We will then look at Office 365 ProPlus. You’ll learn what applications are included in Office
365 ProPlus and how it compares to Office Professional 2019. We’ll also cover the different
deployment options for Office 365 ProPlus.
After learning about Office 365 ProPlus, you’ll learn about the differences between Exchange
Online and the on-prem Exchange Server offering. We’ll round things out by covering the
differences between SharePoint Online and SharePoint server.
By the time you finish this chapter, you should have a pretty broad understanding of the different
core Microsoft 365 services that are available to you.
Windows 10 Enterprise
Windows 10 Enterprise is a staple of any Microsoft 365 subscription. It offers organizations
intelligent security, flexible management, streamlined updates, and robust productivity tools.
Security Intelligence
Windows 10 comes with many built-in tools that organizations can use to detect and
automatically respond to malware and hacking threats. It provides protection for not only user
identities and devices, but also data. The intelligent security graph allows Windows 10 to
investigate and remediate threats as they evolve. The combination of intelligence, machine
learning, and behavioral analytics that the intelligent security graph leverages results in faster
response times when threats are detected. The best part about all of this protection is that it’s
built-in.
22 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
Management Flexibility
Windows 10 also comes with several tools that organizations can use to deploy, manage, and
update their devices – even if their users are remote. Organizations can customize their devices
and leverage built-in endpoint management. They can also manage corporate identities and data
on personal devices without affecting any personal data on those personal devices.
Windows 10 makes it easier for organizations to move to cloud-based device management that
can be performed using tools such as InTune and Config Manager. Users can even run
incompatible applications on Windows 10 devices by leveraging Windows Virtual Desktop.
Streamlined Updates
Instead of offering major upgrades every few years, like they’ve done in the past, Microsoft has
moved to a different update model that offers feature updates twice a year. That said, it’s
important to note that 99% of applications that run on Windows 7 will run on Windows 10.
Because of this new flexibility that is provided, organizations can manage and distribute their
updates by leveraging Microsoft infrastructure or by leveraging whatever current method they
are using. To ensure Windows updates are as least disruptive to organizations as possible, the
updates become smaller and easier to distribute with every new release.
Productivity Tools
A key benefit of Windows 10 is the improved productivity that it facilitates. It facilitates
improved productivity by providing faster and safer ways for users to get work done. For
example, users can use Cortana to find applications, documents, and messages, while using
Timeline to get a chronological look at their activities and documents. Windows 10 users can
also collaborate through Office 365 apps, OneNote, and even Microsoft Whiteboard.
23 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
Exchange Online
Exchange Online is Microsoft’s cloud-based messaging and collaboration platform. It’s used by
organizations all over the world - mostly for email, calendaring, contact info. Exchange Online
supports Microsoft Outlook, Outlook Web Access, and Outlook Mobile. It can be accessed by
users from android devices, iOS devices, and Windows 10 devices.
When an organization deploys Exchange Online, its users each get their own 50GB mailboxes
for storing emails. Some Office 365 plans also offer online archives for users that provide
additional storage.
In addition to a mailbox, each user gets a calendar that can be used track upcoming events and
appointments. Users can also use their calendars to check the availability of coworkers and to
book meetings. They can even delegate access to their calendars so that other users can access
them if needed.
A cool feature of Exchange Online is the ability for users to view and edit their attachments right
online in Outlook for the Web. The locally installed version of Office/Outlook is not even
necessary.
Shared mailboxes allow groups of users to share information via a central mailbox, while
resource mailboxes can be set up for meeting rooms and equipment. These resource mailboxes
can be used to reserve those rooms and resources.
For organizations that still rely on public folders, this feature is (unfortunately) still available in
Exchange Online. I, personally, would like to see public folders go away.
Exchange Online also features lots of message policies and compliance features, including
message encryption, e-discovery, retention policies, data loss prevention, and journaling.
24 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
To protect against spam and malware, every Exchange Online subscription comes with
Exchange Online Protection. Exchange Online Protection, or EOP, is a configurable anti-spam
and anti-malware solution.
Because Microsoft recognizes there are organizations with specific mail flow requirements,
Exchange Online also allows you to create connectors to facilitate these specific mail flow
requirements. An example of this would be a send connector that enforces certain security
settings whenever mail is sent to a specific domain. This is often seen in the medical, financial,
and legal fields.
Exchange Online also offers the flexibility of mobile access and multiplatform access. This
means that Exchange Online users can access their mailboxes and calendars via Outlook from
both Windows machines and Mac machines, using MAPI over HTTPS. They can also use
Outlook on the Web to access their mailboxes and calendars from virtually anywhere in the
world. The Microsoft Exchange ActiveSync service allows users to access their mailboxes and
calendars from mobile devices.
Organizations that require a hybrid solution can integrate Exchange Online with their on-prem
Exchange Servers. This can be done by creating what is called a hybrid deployment. A hybrid
deployment allows the Exchange Online organization and the on-prem exchange organization to
share a single namespace (or domain) for messaging. Correctly configured hybrid deployments
also allow for calendar sharing between the on-prem users and the cloud users. Hybrid also
facilitates mailbox moves between Exchange Online and the on-prem Exchange Server.
To facilitate migrations from on-prem Exchange Servers and IMAP messaging services to
Exchange Online, Microsoft offers several migration tools.
As you can see, Exchange Online is a rather robust messaging platform that offers several
collaboration tools, management tools, and migration tools.
SharePoint Online
SharePoint Online is Microsoft’s cloud version of its original SharePoint server offering. This
service allows an organization’s users to access information from virtually any device.
SharePoint Online is often used to create team centric sites, which facilitate improved
communications and collaboration of team members.
25 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
An internal user must be assigned an appropriate Microsoft 365 license or SharePoint Online
license before using SharePoint Online. Users with access to SharePoint Online can share files
and folders with other users, whether they are inside the organization or outside the organization.
These sharing capabilities, however, can be controlled by site administrators.
Once an organization deploys SharePoint Online, its users can build sites, pages, lists, and even
complete document libraries. These users can also customize their pages through the addition of
web parts.
The SharePoint Online service is ideal for teams in an organization who wish to share important
news and updates with their members and with other users throughout the organization.
Other features and benefits of SharePoint Online include the ability of users to discover sites,
files, and even other people within their organization. Flows, forms, and lists allow users to
manage their business processes more effectively. Users can even use SharePoint Online to co-
author documents with other users, and they can synchronize and store their files in the cloud.
This further facilitates collaboration by allowing other users to securely work with those files.
At the end of the day, the main drive of SharePoint Online is to facilitate collaboration among
users, whether they are internal or external to an organization.
Microsoft Teams
Much like its predecessor, Skype for business, Microsoft Teams functions as a central hub for
collaboration. It’s an offering that provides chat-based services that allow users to more easily
collaborate. Microsoft Teams also allows team members to share documents and insights, as well
as status updates. By providing presence information for users, Microsoft Teams makes it easier
to manage projects and to locate users. You can even use the Teams mobile app to remain
available and to collaborate while on the go.
You can use Microsoft Teams to communicate in various ways, including chat, meetings, and
even calls. You can host audio conferences, video conferences, and web conferences. You can
also communicate with users both inside and outside your own organization. Microsoft Teams
also provides whiteboard services so that Teams can collaborate on projects in real time.
26 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
By integrating with Office 365 applications, like Microsoft Word, Excel, PowerPoint, and others,
Microsoft Teams allows users to co-author and share files.
Combining Microsoft Teams with Office 365 phone system, Office 365 calling plan, or phone
system direct routing creates a globally scalable calling experience.
It is clear that Microsoft is positioning Microsoft Teams as its go-to communications solution.
Microsoft InTune
Microsoft InTune is a cloud service that is used to manage all kinds of devices, including
laptops, computers, tablets, and mobile devices/phones. It supports iOS devices, Android
devices, and even Mac OSX devices.
InTune uses Azure AD as its directory store for
identity. You can also integrate InTune with
management solutions like Microsoft SCCM to more
effectively manage devices. Organizations will often
leverage Microsoft InTune to manage devices that
cannot be managed by group policy. These devices
typically include mobile phones and devices that are
not Active Directory domain members. Microsoft
InTune can also be used to manage Windows 10
devices that are joined to Azure Active Directory.
A key security feature of Microsoft InTune is its ability to prohibit users from copying corporate
data from managed applications that might be installed on devices that are unmanaged.
InTune allows employees to access corporate data from their own personal devices and is helpful
for managing organization-owned devices like mobile phones. InTune ensures that devices and
apps that are used to access corporate data comply with established security policies of the
organization. By using Microsoft InTune to deploy application protection policies, you can
standardize corporate device deployments.
27 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
Because Microsoft InTune is included with Enterprise Mobility + Security, or EMS, you’ll need
an EMS license to use it. Its integration with Azure Active Directory and certain device OS
features creates a solid device management solution.
Office Visio Pro for Office 365 is a subscription-based version of Microsoft’s Visio Pro
diagramming tool. When licensed, users can install office Visio Pro for Office 365 on up to five
different devices. To learn more about office Visio Pro for Office 365, visit this URL.
Project Pro for Office 365 is a solution that provides project management capabilities for
organizations. This offering is a desktop-based solution. Visit this URL to read more about
project Pro for Office 365.
Other Microsoft 365 services that deserve honorable mention include Microsoft Dynamics 365,
OneDrive for Business, Planner, Power BI, Microsoft Staff Hub, Stream, Microsoft Delve, and
Sway. You won’t be expected to know every detail about every service, but you should at least
familiarize yourself with their overall descriptions.
28 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
office. The applications that come with Office 365 ProPlus can be used with both the on-prem
versions of Exchange, SharePoint, and Skype for Business, as well as the online versions.
You can install Office 365 ProPlus right from the Internet or from a shared location on your local
network. However, it’s important to note that there is no Windows installer package that users
can download and install.
Although users need to be connected to the Internet to perform the initial installation of Office
365 ProPlus, they do not need to be continuously connected to the Internet to use it once it’s
been installed. Users, however, will need to connect to the internet at least once every 30 days to
confirm that they still are licensed to use Office 365 ProPlus.
Office 365 ProPlus is updated regularly with new features, security updates, and other updates as
well. New features and improvements are released on a semi-annual basis or on a monthly basis.
The frequency that an organization receives these updates is determined by the option chosen by
the organization through the use of update channels.
Office 365 ProPlus vs Office Professional Plus 2019
Although office ProPlus is similar in many ways to Office Professional Plus 2019, there are
some significant differences between the two.
For example, while Office 365 ProPlus is updated with new features on a regular basis, Office
Professional Plus 2019 features remain the same. Another difference between the two is the fact
that users can install Office 365 ProPlus on multiple devices (up to 5) with just a single license,
while Office Professional Plus 2019 is limited to one device per license.
Deployment options for Office 365 ProPlus also differ from those for Office Professional Plus
2019, because users can install Office 365 ProPlus for themselves, right from a web-based portal.
Office Professional Plus 2019 features no such portal installation option.
29 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
I should also mention that the license activation is different for the two as well. While Office 365
ProPlus is activated by connecting to the internet, Office Professional Plus 2019 is activated
through volume activation methods, including Key Management Service (KMS). It’s also
important to be aware that Office 365 ProPlus requires regular internet connectivity in order to
remain activated. Office Professional Plus 2019 has no internet connectivity requirement.
Deploying Office 365 ProPlus
There are several ways to deploy Office 365 ProPlus. You can use Configuration Manager, the
Office Deployment Tool, or Microsoft InTune to perform Office 365 ProPlus deployments. You
can, of course, also install directly from the Office 365 portal. We’ll cover these deployment
options in detail later on.
30 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
school Exchange admins, in an odd twist, often appreciate the access they have to these
components in an on-prem deployment.
Other Services and Features
While Exchange Web Services (EWS) are available in both the online version and the on-prem
version of Exchange, only the on-prem version offers custom EWS throttling settings. Other
features, such as rights management, archiving, and legal holds are available in both the on-prem
version and in Exchange Online.
31 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
We then took a close look at Office 365 ProPlus. You learned what applications are included in
Office 365 ProPlus and how it compares to Office Professional 2019. We also covered the
different deployment options for Office 365 ProPlus.
After learning about Office 365 ProPlus, you learned about the differences between Exchange
Online and the on-prem Exchange Server offering. We rounded things out by covering the
differences between SharePoint Online and SharePoint server.
At this point you should have a pretty broad understanding of the different Microsoft 365 core
services that are available.
Click here for the full 3-hour video course.
32 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
CHAPTER 4
DEPLOYING WINDOWS 10 AND OFFICE 365 PROPLUS
Welcome to Deploying Windows 10 and Office 365 ProPlus. In this chapter, we are going to
cover the different ways that you can deploy Windows 10 and Office 365 ProPlus in your
environment. We will start things off by covering the steps you need to take to plan for Windows
10 and Office 365 ProPlus deployments. We’ll cover hardware assessment and application
compatibility assessment, along with network assessment and optimization.
Next, we’ll cover the different deployment options for Windows 10. We’ll look at things like
Windows autopilot, in-place upgrades, and dynamic provisioning. We will also look at
subscription activation as a means for switching from one edition of Windows 10 to another.
After covering the deployment options for Windows 10, will take a look at the different
deployment options for Office 365 ProPlus. We will take a look at Configuration Manager, the
office deployment tool, and manual installation from the Office 365 portal.
Once we finish working through the different Office 365 ProPlus deployment options, we’ll
cover servicing channels and deployment rings.
Coming down the home stretch, we will cover updates for Office 365 ProPlus. We’ll take a look
at the different update channels for Office 365 ProPlus including the Monthly Channel, the
semiannual targeted channel, and the Semi-Annual Channel. In this lecture, you’ll learn how to
choose the appropriate update channel for your organization and how updates are installed for
Office 365 ProPlus.
Rounding things out, we’ll dive into licensing and activation in Office 365 ProPlus, where you’ll
learn about licensing Office 365 ProPlus, reduced functionality mode, and how to activate Office
365 ProPlus. You’ll also learn how to manage activated installations.
Planning Deployments
When planning an enterprise deployment of Windows 10 and Office 365 ProPlus, you need to
ensure that you properly assess your environments and your network. You also need to make
sure that any existing hardware and applications in your environment will work with your new
software.
Assessing Compatibility
Although virtually all applications that have been written in the last decade will run on Windows
10 - and virtually all add-ins and VBA macros that are based on previous versions of Office will
work in the latest versions of Office - your organization should ensure that existing applications
and hardware will support Windows 10 and Office 365 ProPlus before rolling them out.
33 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
The Windows Analytics Upgrade Readiness Tool is provided to assess desktop, device, and
application readiness. This tool provides information about application and driver compatibility,
and it provides a detailed assessment of any identified issues that could prevent an upgrade. It
also provides links to suggested fixes for any issues it identifies.
The Readiness Toolkit for Office Add-Ins and VBA is designed to help organizations identify
compatibility issues with existing Microsoft VBA macros and add-ins. This tool scans for VBA
macros in Word, Excel, PowerPoint, Access, Outlook, Project, Visio, and Publisher files.
Desktop App Assure is a new service that you can use to address issues with Windows 10 and
Office 365 ProPlus application compatibility.
This service comes with the Fast-Track
Center Benefit for Windows 10. To get
access to the Fast-Track Center Benefit for
Windows 10, you must have an eligible
subscription. An eligible subscription is one
that includes at least 150 licenses for an
eligible service or plan for your Office 365
tenant.
Before deploying Windows 10 and Office
365 ProPlus in production, Microsoft
recommends that you first deploy them to a
pilot group of users on a pilot group of
devices across the organization. By testing
your deployment with a pilot group first, you
can mitigate any issues that crop up before
you deploy into production.
Network Assessment and Optimization
Before deploying and managing updates for Windows 10 and Office 365 ProPlus, you need to
ensure you have the necessary bandwidth to do so. The Office 365 ProPlus installation files are
at least 1.6 GB in size – and this is just for the core files. Each language that you deploy will add
another 250 MB.
34 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
To help deal with network bandwidth limitations, there are several built-in methods for
automatically limiting bandwidth. Express Update Delivery and Binary Delta Compression both
help reduce the size of your update downloads. These methods ensure that you only download
the changes that have occurred between the current update and the previous update. This
typically vastly minimizes the impact to your network.
There also peer-to-peer options available. These options essentially shift Windows 10 and Office
365 ProPlus traffic away from the center of your network. What this does is reduce the need for
throttling. Using a peer-to-peer option allows computers to find necessary update files on other
machines in the local network, instead of downloading those files from a central distribution
share on the network or from the internet.
There are currently three peer-to-peer options available. These options include Branch Cache,
Peer Cache, and Delivery Optimization.
Branch Cache allows you to download source files in a distributed environment without crushing
your network. What Branch Cache does is retrieve the content from the main office or from
hosted cloud content servers. It then
caches that content at your branch office
locations. Users from these locations can
then access that content locally instead of
accessing it over the WAN.
Peer Cache comes with Configuration
Manager. It allows clients to share source
files directly from other clients.
Organizations will often use Peer Cache to
manage the deployment of source files to
users in remote locations. You can use
Branch Cache and Peer Cache together in
the same environment.
With Delivery Optimization, your clients can download source files from alternate sources,
including other peers on the local network. This is in addition to Windows Update Servers.
Delivery Optimization can be used with Windows Update, Windows Server Update Services
(WSUS), Windows Update for Business, and Configuration Manager.
By assessing hardware and application compatibility, and assessing and optimizing your
network, you can ensure a smooth deployment of Windows 10 and Office 365 ProPlus.
35 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
With Windows Autopilot, you can customize the out of box experience (OOBE) so that you can
deploy applications and settings that are preconfigured specifically for your organization. This
allows you to include just the applications that your users need. Windows Autopilot is probably
the easiest way to deploy new PCs that run Windows 10. It can also be used in conjunction with
Configuration Manager to upgrade Windows 7 and Windows 8.1 machines to Windows 10.
Leveraging In-Place Upgrades allow you to upgrade to Windows 10 without reinstalling the OS.
This method allows you to migrate applications, user data, and settings from one version of
Windows to another. You can also use an in-place upgrade to update a Windows 10 machine
from one release to the next.
Dynamic Provisioning allows you to create a package that you can use to quickly configure
multiple devices, even those that have no network connectivity. Using Windows Configuration
Designer, you can create provisioning packages and install them over the network, or even from
a USB drive. They can also be installed in NFC tags or barcodes.
Using Subscription Activation, you can use subscriptions to switch from one edition of Windows
10 to another. An example of this would be a scenario where you need to switch a user from
Windows 10 Pro to Windows 10 Enterprise. In this scenario, if a licensed user signs into the
Windows 10 device, assuming the user has a Windows 10 E3 or E5 license, the operating system
automatically changes from Windows 10 Pro to Windows 10 Enterprise. This unlocks the
Windows 10 Enterprise features. I should mention that if the associated E3 or E5 license expires,
the Windows 10 device simply reverts back to the Windows 10 Pro addition. You are, however,
offered a grace period of up to 90 days before it reverts back.
So, as you can see there are several ways to deploy Windows 10.
36 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
Customization Tool. These configuration files are then used to define the configuration of
Office. This process provides you with more control over your installations. There are also
similar options available when you use InTune to deploy Office 365 ProPlus.
I should mention here, that depending on how you decide to deploy Office 365 ProPlus, you can
choose to deploy directly from the cloud or you can download Office to local storage on your
network, where you can then deploy from. Microsoft, however, recommends that you deploy
Office directly from the cloud because it minimizes administrative overhead. When deployed in
this fashion, Office 365 ProPlus is installed on your client devices right from the Office Content
Delivery Network. If you find that your internet bandwidth can’t support installations directly
from the cloud, you can use Configuration Manager to manage your deployments and updates
that can be pulled from a local network location.
The deployment option you choose will be largely dependent on your network infrastructure,
your user base, and your corporate policies.
Windows-as-a-Service
Under the Windows-as-a-Service model, Microsoft has simplified the OS build and deployment
process. Instead of providing major OS revisions every few years, with service packs released
between those revisions, Windows updates are now treated more like ongoing maintenance tasks.
This means that Windows will now receive updates and revisions on a more frequent basis.
These updates and revisions are also applied with less disruption.
These new updates fall into two different buckets. These buckets include Feature Updates and
Quality Updates. Feature Updates are updates that add new functionality. They are released
twice a year and can be deployed using existing management tools. Feature Updates are typically
smaller because they are more frequent. Because they are smaller, the impact to organizations
when deploying them is reduced.
Quality Updates are security updates and fixes. These updates are typically issued once a month.
More specifically, the second Tuesday of each month, otherwise known as Patch Tuesday. When
a cumulative update is released on Patch Tuesday, it includes all previous updates. This makes it
easier to ensure that devices are fully up to date.
You can use deployment rings and servicing channels to control how updates are applied - and
when.
37 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
Servicing Channels
There are three servicing channels offered by Windows-as-a-Service. Each channel receives new
feature updates on a different schedule. These channels include the Semi-Annual Channel, the
Long-Term Servicing Channel, and Windows Insider. The purpose of these servicing channels is
to provide organizations with a way to control the frequency at which they deploy Windows 10
features.
Deployment Rings
Deployment rings are similar to machine groups that you may have used previously to manage
updates for earlier versions of Windows in WSUS. There used to gradually deploy Windows 10.
You can use deployment rings to group devices together and to ensure those devices receive their
updates through the same servicing channels.
You can use the same management tools to deploy servicing channel updates that you used in
earlier versions of Windows. For example, you can use the Windows Insider program to allow
users to familiarize themselves with Windows features before they are released to the larger
population of users within the organization. This allows organizations to get a look at early
builds and to test them before they are released to the general public.
You can use the Semi-Annual Channel to receive updates as soon as Microsoft publishes them.
Feature updates go out to the Semi-Annual Channel Once in the spring and once in the fall.
You can also use the Long-Term Servicing Channel to deploy updates to your organization. The
Long-Term Servicing Channel is for computers and other devices that essentially perform a
single task or several specialized tasks. For these types of computers and devices, the Long-Term
Servicing Channel prevents them from receiving feature updates. However, quality updates are
not affected. I should point out that the Long-Term Servicing Channel is only available in the
Windows 10 Enterprise LTSC edition. Feature updates are released to LTSC about once every
three years.
A typical deployment ring strategy might consist of four rings. For example, the first ring may be
a preview ring that leverages the Windows Insider Program. This ring would be reserved for a
small group of devices that you wish to use for testing. The next ring would be the targeted
ring, which leverages the Targeted Semi-Annual Channel. You would use this ring to evaluate
important updates before you deploy them to other devices in your environment. The next ring
would be the production ring. This ring would leverage the Semi-Annual Channel and would be
used to deploy updates to production machines. A fourth ring might be a critical ring. This
critical ring would leverage the Semi-Annual Channel as well, but it would be reserved for
machines that are critical, and which are only updated after thorough testing throughout the rest
of your organization.
Ring strategies like the one in this example allow organizations to control how updates are
deployed to all of their devices.
38 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
Windows-as-a-Service, when leveraged properly, is essentially an ongoing process that you use
to handle Windows updates in an organization. The servicing models that are available for
managing Windows-as-a-Service updates include Windows Update (or standalone), Windows
Update for Business, WSUS, and System Center Configuration Manager (SCCM).
Windows Update offers limited control over feature updates. Devices are typically manually
configured to use the Semi-Annual Channel. An organization that uses Windows Update can
specify when updates get installed and to what devices. I should also mention that the updates do
not even have to come from an on-prem server.
Windows Update for Business provides control over update deferments while also allowing for
centralized management through group policy. You can use Windows Update for Business to
defer updates for up to a year. Devices that are updated using Windows Update for Business
need to be updated periodically and monitored using one system.
Windows Server Update Services, or WSUS, allows for significant control over Windows
updates. This tool, which is native to the Windows Server OS, allows organizations to not only
defer updates, but to also add an approval layer for updates that allows organizations to specify
groups of computers that should receive updates.
System Center Configuration Manager offers the most control and is the most cost-effective
option to service Windows-as-a-Service. Updates can be deferred and approved by IT staff, and
there are also multiple options for targeting and bandwidth management. System Center
Configuration Manager allows for consistent scheduling of updates across all devices within the
enterprise. I should point out, however, that application deployments and operating system
updates must originate from an on-prem server when using system Center Configuration
Manager.
So which servicing option, should you choose? Well, the servicing option that you choose will
be largely governed by the resources you have available to you, your IT staff, and the knowledge
of that IT staff. If you already use. System Center Configuration Manager to manage your
Windows updates, it probably makes sense to continue using it. However, if you are already
using a solution like WSUS, it probably makes sense to continue using WSUS. Your
environment and your staff will ultimately determine which solution is right for you.
39 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
The three primary update channels that are available for Office 365 ProPlus include the Monthly
Channel, the Targeted Semi-Annual Channel, and the Semi-Annual Channel. The Monthly
Channel, as you would expect, receives feature updates roughly every month. The Targeted
Semi-Annual Channel receives feature updates in March and in September. Organizations will
often use this channel for its pilot users and for application compatibility testing. The Semi-
Annual Channel receives feature updates twice a year, once in January and again in July.
The feature updates that are released in the Semi-Annual Channel will generally have already
been released through the Monthly Channel in prior months. I should note that the Semi-Annual
Channel is the default update channel for Office 365 ProPlus.
Microsoft also provides additional updates for each channel as needed. These include Security
Updates and Quality Updates. While Security Updates are often released on patch Tuesday,
which is the second Tuesday of every month, they can be released at other times when needed.
Quality Updates are non-security updates which are also released on patch Tuesday.
Choosing the Right Update Channel
Organizations obviously have different needs - and these needs will determine which update
channels are needed. For example, an organization might leverage the Semi-Annual Channel if it
uses business applications, add-ins, and macros that must be tested to ensure they work with an
updated version of Office 365 ProPlus.
However, an organization that wants its users to have access to the latest Office 365 ProPlus
features as soon as they become available might want to leverage the Monthly Channel,
assuming there is no need for any kind of application compatibility testing.
It’s important to note that an organization can leverage different update channels for different
users. Not all users need to be on the same channel.
Installing Updates for Office 365 ProPlus
When an Office 365 ProPlus update occurs, all updates for the specific channel are installed at
the same time. For example, you won’t get a separate download for Security Updates, a separate
download for Quality Updates, etc. They are all installed at the same time. I should also mention
that updates are cumulative. This means that the latest update will include all previously released
feature, security, and quality updates for the specific channel.
Office 365 ProPlus goes out and checks for updates on a regular basis. These updates are then
downloaded and installed automatically. Although users can continue using their office
applications while uploads are being downloaded, once the actual update installation begins,
those users will be prompted to save their work and to close their apps to allow the installation of
the downloaded updates.
40 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
licensed, each user can install Office 365 ProPlus on up to five different computers or devices.
Because each installation is activated and kept activated automatically, you don’t even have to
keep track of product keys. You also don’t have to worry about dealing with KMS or MAK
services. What you do have to do, however, is ensure that your users connect to the internet at
least once every 30 days so their licenses can be kept activated by the Office licensing service.
41 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
When Office 365 ProPlus is installed, it communicates back to the Office Licensing Service and
the Activation and Validation Service. It does this so it can obtain and activate a product key.
Whenever a user logs into his computer, the computer will connect to the Activation and
Validation service. This is done in order to verify the license status of the software and to extend
the product key.
Office will remain fully functional as long as the computer connects to the internet at least once
every 30 days. Office will enter Reduced Functionality Mode if a computer goes off-line for
more than 30 days. Once the computer connects back to the internet, the Activation and
Validation Service will automatically reactivate the installation and it will become fully
functional again.
Managing Activated Installations
As I mentioned previously, an Office 365 ProPlus license allows a user to install Office on up to
five different computers. However, if that user tries to install Office 365 Pro on sixth computer,
the user will first need to deactivate one of the existing five installations. This causes the
installation that is deactivated to go into Reduced Functionality Mode.
42 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
Rounding things out we dove into licensing and activation in Office 365 ProPlus, where you
learned about licensing Office 365 ProPlus, Reduced Functionality Mode, and how to activate
Office 365 ProPlus. You also learned how to manage activated installations.
At this point, you should have a good idea of what all goes into planning for and deploying
Windows 10 and Office 365 ProPlus. Click here for the full 3-hour video course.
43 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
CHAPTER 5
UNIFIED ENDPOINT MANAGEMENT
Welcome to Unified Endpoint Management. In this chapter, we are going to cover unified
endpoint management topics.
We will start things off with device management in today’s workplace. You’ll learn about key
unified endpoint management concepts and how IT departments can support different devices in
the modern workplace.
Next, we’ll cover the many different components of the Enterprise Mobility and Security suite.
You’ll learn about Azure AD, SCCM, Azure Information Protection, and much, much more.
You’ll learn what each component is and what role each component plays.
Rounding things out, we’ll get into cloud-connected device management, where you’ll learn
about the different ways that you can manage cloud-connected devices.
We have quite a bit to get to. So, let’s get started.
44 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
45 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
Organizations need to decide whether they will allow user owned devices to access corporate
applications and data or if they will only allow this access only if the owner of the device allows
the organization to manage the device. Organizations also need to decide what actions can be
taken to protect any corporate data that is stored on the device. In the event the device is lost or if
the user leaves the company.
The proliferation of BYOD in today’s modern workplace has made work easier for end users, but
as you can see, it also presents significant challenges to IT departments.
Azure AD Premium is a central identity store. All applications in EMS and in Microsoft 365
use this identity store. There are three different levels of Azure AD premium. They include
Basic, P1, and P2. The Basic level includes basic features that can be used to facilitate endpoint
management. However, the P1 and P2 plans come with additional features, including Self-
Service Password Reset, Write-Back from Azure AD to On-Prem Active Directory, and
Microsoft Azure MFA for Cloud and On-Prem Apps. Other features that come with the P1 and
P2 plans include Conditional Access Based on Group, Location, and Device, and in the case of
P2, Conditional Access Based on Sign-In or User Risk.
46 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
security policies, deploy applications, and even remotely wipe devices when they are lost or
stolen.
System Center Configuration Manager, or SCCM, is an on-prem product that organizations
can use to manage Windows PCs, Mac OS PCs, and servers. This product allows organizations
to customize application management, OS deployments, and even device compliance.
Azure Information Protection, or AIP, is a component of EMS that organizations can use to
encrypt documents and to enforce policies on how those documents can be used.
Microsoft Advanced Threat Analytics is another component of EMS. With Advanced Threat
Analytics, organizations can detect suspicious activities and malicious attacks. This allows them
to adapt to the ever-changing landscape of cybersecurity threats. Microsoft Advanced Threat
Analytics also helps organizations reduce false positives.
Cloud App Security is an add-on that can be combined with your organizations Microsoft 365
subscription. It provides visibility into cloud apps and services, while also providing analytics
that you can use to identify and mitigate security threats.
Cloud App Security takes data that’s been collected from your organization’s firewalls and proxy
servers and uses it to track cloud application usage. Using Cloud App Security, you can identify
unauthorized applications that are in use and that might be a threat to your organization. It also
allows organizations to identify unusual usage patterns.
Microsoft Identity Manager essentially combines Microsoft’s identity and access management
solutions together. It takes different on-prem authentication stores, including AD, Oracle, LDAP,
47 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
and others, and bridges them with Azure AD to provide a consistent identity experience for on-
prem applications as well as SaaS solutions.
Azure Advanced Threat Protection, or ATP, is a cloud-based solution that allows
organizations to not only identify and detect threats and malicious activities but to also
investigate them as well. You can use Azure Advanced Threat Protection to identify suspicious
user and device activity and to analyze threat intelligence from the cloud, and on-prem. Azure
Advanced Threat Protection helps protect user identities and credentials that are stored in Active
Directory and allows you to view attack information on a simple timeline. This allows for faster
triage.
As you can see, Enterprise Mobility and Security offers quite a few tools that you can use to
manage security and devices within your organization.
48 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
also allows you to offer single sign-on to cloud resources, automatic device licensing, self-
service functionality, Windows Hello for Business, and enterprise state roaming.
So, with that said, if you have an existing on-prem Configuration Manager infrastructure,
connecting it with a cloud-based InTune management system through the co-management
function allows you to reap significant benefits.
49 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
CHAPTER 6
TEAMWORK IN MICROSOFT 365
Welcome to Teamwork in Microsoft 365! In this chapter, we are going to cover teamwork in
Microsoft 365 and analytics in Microsoft 365.
We will kick things off by looking at the different teamwork tools that are available in Microsoft
365 and how to choose the right teamwork tools for your needs. We'll look at tools like
SharePoint Online, Outlook, Microsoft Teams, and more.
Next, we'll take a look at the different ways you can work together on files and content and how
you can use teamwork tools to run meetings and projects.
We'll round things out by touching on the analytic tools that Microsoft 365 includes, where you'll
learn about MyAnalytics and about Workplace Analytics.
50 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
Other teamwork tools available in Microsoft 365 include Microsoft Graph and Office 365
Groups. Using Microsoft graph provides a seamless connection between people and relevant
content, while Office 365 groups enables a single team identity across applications and services,
along with a centralized policy management system that enhances security and compliance for
your organization.
Choosing the Right Tools
Choosing the right tools for your organization is important to ensuring your team members have
what they need to complete their jobs. Those team members can be categorized as inner loop or
outer loop.
Inner loop users are those who you actively work with on a day-to-day basis. To facilitate
communications with inner loop users, you should probably use Microsoft Teams.
Outer loop users are users that you don’t necessarily work with on a regular basis but who have a
vested interest in whatever project it is that you are working on. Project stakeholders would be a
good example of outer loop users when it comes to a specific project because, while you won’t
necessarily work with them on a regular basis, they do want to hear what’s going on with the
project they are involved in. In these cases, you could use Yammer to share information and
ideas. An alternative for those who prefer email, would be Outlook.
SharePoint should be your tool of choice when you need to manage team content and files
because it essentially brings together the content from Microsoft Teams, Yammer, and Outlook.
You can also use SharePoint to keep track of your project information.
Working Together
Because users will often need to work together in real time, on a specific document, Microsoft
365 offers co-authoring capabilities with all core office applications.
For example, your users can co-author a Word document when it is stored in OneDrive for
Business or even in SharePoint. Presence information that Microsoft Teams offers adds to the
51 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
co-authoring experience, while providing a chat-based workspace for those users who are
actively working on the document that they are co-authoring.
The shared storage, versioning controls, and permission settings that OneDrive for Business and
SharePoint offer allow multiple users to edit the same document seamlessly.
Through Microsoft Teams, all users on a given team, including external users, have a single
point of access to all the tools they need to move their projects forward. Because Teams is
integrated with applications like Word, Excel, PowerPoint, Power BI, and Stream, team
members are able to collaborate without leaving the shared Teams workspace.
When team members work on files in Teams, those files are automatically stored in SharePoint.
Team members can hold chats and collaborate on shared deliverables.
I should note that you can customize Microsoft Teams to fit your environment. For example, you
can enable, disable, and configure apps for Teams - this includes tabs, connectors, and lots of
other features provided by Teams. You can specify whether external applications are enabled,
and you can control which users can sideload apps. Organization-wide user settings like guest
access and external access can be configured as well. These settings allow users to work with
people outside the organization. There are many other settings that can be configured as well,
including filesharing, cloud file storage, email integration, and more.
Meetings and Projects
It should come as no surprise that most workers spend as much as one-third of their time in
meetings. Nobody likes them, but they are a necessity. Microsoft 365 makes meetings less
painful and more productive by allowing users to not only easily schedule calls and online
meetings, but to also quickly start them through a call or instant message.
Microsoft 365 also allows you to create shared workspaces to host all of your Teams meetings,
files, apps, and even team conversations. Microsoft 365 automates processes and workflows and
allows you to save time by leveraging self-service tools to manage and schedule tasks.
Outlook’s calendar and file integration make it easier for users to leverage meeting tools
seamlessly. Team members can even access shared calendars and link to shared files in both
SharePoint and in OneNote. Microsoft Teams organizes conversations, files, meetings, and tools
into a single hub that also offers audio and video capabilities. Video and screen sharing
capabilities of Microsoft Teams, along with features like auto translation, transcription, and
recording, allow users to get more out of the experience. Notes and action items can even be
automatically transcribed and distributed to meeting attendees at the end of the meeting.
52 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
MyAnalytics can be used to see how you are spending your time at work. It then suggests
different ways that you can work smarter instead of harder. To allow this magic to happen,
MyAnalytics, which is included in Microsoft 365 E5 subscriptions, looks at email data,
meetings, team chats, calls, and how you use Office 365. There are no agents to install, nor is
there any tracking software to deal with.
I should point out for the security conscious that MyAnalytics does not use any data from any
from your other activities such as applications or websites that you view.
To learn more about MyAnalytics, visit this URL.
Workplace Analytics focuses on the organization as a whole. This is different from MyAnalytics,
which provides insights at the individual level. Using Workplace Analytics allows you to
identify collaboration processes that impact your organization’s productivity and workforce
effectiveness. Workplace Analytics helps organizations understand how they spend their time
and how their groups work together. This allows those organizations to define best practices and
to become more efficient.
To read more about Workplace Analytics, visit this URL.
53 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
CHAPTER 7
SECURITY FUNDAMENTALS
Welcome to Security Fundamentals. In this chapter, we are going to cover a few different
fundamental security topics.
We will start things off by covering the 4 key security pillars of protection. We'll look at identity
and access management, threat protection, information protection, and security management.
Next, we’ll cover key identity and access management concepts.
After covering identity and access management concepts, we'll look at threat protection concepts,
where you'll learn about the ways you can protect your network against threats from devices and
against network threats. Rounding out the chapter, you'll learn about information protection
concepts and security management concepts.
Pillars of Protection
Any respectable security design will provide defense in depth. Defense in depth is a security
concept that involves the use of several different layers of security to protect data. Defense in
depth is important because if a hacker is able to compromise one layer of defense, there are still
several others to offer protection. An example of defense in depth in a network environment
would be in architecture that features an external firewall, a DMZ, an internal firewall, and then
firewalls that are configured on each computer.
Because no single security solution can ensure data security at all times, organizations should
take this layered defense in depth approach to protect themselves. Protecting data on computers
or servers, for example, may include drive encryption, file and folder permissions, and maybe
even rights management.
Microsoft takes a holistic approach to security. In doing so, it helps organizations protect their
identities, their data, their applications, and their devices, whether they reside on-prem, in the
cloud, or are mobile.
The key pillars that are foundational to the security of every computer system include identity
and access management, threat protection, information protection, and security management.
54 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
A local user account is specific to a local Windows 10 device only. A local account on one
computer will not allow access to resources on another computer. Devices can also have local
accounts. For example, all Windows 10 computers have local accounts, but those local accounts
are usually not used interactively.
Because most organizations use traditional Active Directory forests to manage their users and
computers, domain accounts are another prominent type of user account. These types of accounts
are used to authenticate users when they access domain joined devices.
Azure AD accounts are user accounts that are stored in Azure Active Directory. These accounts
are generally used to access resources and services that are hosted in the cloud. Office 365
immediately comes to mind. Organizations that use both a traditional on-prem Active Directory
and an Azure Active Directory can integrate the two via synchronization with Azure AD
Connect.
Microsoft accounts include an email address and password. These accounts are used to sign into
many different services and can be used regardless of the user location or organization that a user
is a member of. Users that have signed into services like Xbox live or Outlook.com, among
others, already have a Microsoft account.
Microsoft accounts can also be used to authenticate with Azure AD.
There are of course many other types of accounts, including social accounts, like Facebook
accounts and Twitter accounts.
Since user accounts are the primary way of determining who a user is it’s critical that those
accounts be protected and it’s critical that the identity verification process is protected as well.
This is referred to as identity protection.
Microsoft 365 offers several features that can be used to identify compromised user accounts. It
can, for example, detect new or unusual sign in locations that often indicate an account has been
compromised. You can then take action based on these unexpected changes.
Threat Protection
Every time a device connects to your infrastructure, it has the potential to bring with it security
risks. For example, if a particular device does not have a properly configured firewall running, it
is a threat to the network every time it connects - especially if the device often connects to
unsecured public networks when it’s not on the corporate LAN.
55 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
A device without antivirus or antimalware protection is obviously a threat because of its risk of
being infected with malware. When a device like this attaches to the network, such malware can
then be spread to other devices within the organization.
Unpatched operating systems and applications are additional threats to the organization that
originate from devices. Because malicious software often takes advantage of unpatched systems,
these types of systems and devices can serve as an opening to the corporate LAN.
Poor passwords and poor physical security are also risks that devices introduce to the corporate
network. A phone or a device that is protected with an easy to guess PIN or password is a risk
because if it is stolen, the data on that device is readily accessible. As far as physical security
goes, many users will often leave their devices unattended in public places like airports and
Internet cafés. In such scenarios, not only can a device be stolen, but it can also be tampered
with.
Many of these risks to device security can be mitigated through end-user education on how to
properly secure devices with complex passwords, pins, and biometric protection. That said,
education only goes so far. As a result, in order to properly secure your organization’s IT
infrastructure, you need to be able to enforce corporate security settings on these devices,
including those that are owned by the users. By restricting access to corporate resources to only
those devices that adhere to such policies, you can better protect your environment.
Network security is a whole other ball of wax. While there are many different types of attacks
that threaten a network, most can be mitigated with some proper network access planning.
To protect your network, you need to take a holistic approach. Every possible threat must be
identified and there needs to be a plan for mitigation. For example, there should be a rigorous
form of authentication in place for devices that wish to connect to the network. Another way to
protect against network sourced threats is to only allow guest users to access the Internet from
guest networks, and not from the corporate network.
56 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
Data in transit is data moving between devices. An example of data in transit would be a user
accessing files on a file server or when a user reads his email on his cell phone. Authentication
and encryption are used to ensure the safety of data that is in transit from one device to another.
So, the key takeaway here is that there are two information protection concepts to keep in mind.
You must protect data at rest, and you must protect data in transit.
Security Management
Security management actually is a combination of the first three concepts that we’ve discussed.
It brings together identity and access management, threat protection, and information protection.
In order to address these other pillars of security. You need an effective security management
process.
Because security management is both proactive and reactive, it’s important to implement
solutions that address both sides of the coin. Taking a proactive security management position
will often require you to deploy certain types of authentication, like complex passwords and
MFA, to meet perceived threats.
Reactive management will require you to deploy tools that you can use to identify security
threats that are happening right now. This means you should deploy monitoring tools that cannot
only identify active threats, but that can also help you take the correct mitigation steps.
By taking the right security management tact, you can ensure that you are properly addressing
the three other key pillars of security.
57 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
Rounding things out, you learned about information protection concepts and security
management concepts.
Click here for the full 3-hour video course.
58 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
CHAPTER 8
MICROSOFT 365 SECURITY FEATURES
Welcome to Microsoft 365 Security Features. In this chapter, we are going to review a few key
Microsoft 365 security features.
We will start things off by covering identity and access in Microsoft 365. We'll look at secure
authentication solutions, conditional access, and identity protection.
Next, we’ll cover key threat protection solutions that Microsoft 365 offers. We'll review Azure
Active Directory Identity Protection, Advanced Threat Protection, Azure Security Center, and a
few others.
After covering the key threat protection solutions in Microsoft 365, we'll take a look at the
Microsoft Security Center and the Secure Score.
59 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
typically consist of something the user knows, such as a password or pin, something the user has,
which would often be a smart card or digital certificate or even a phone, and it’s something the
user is, which is usually some sort of biometrics.
Windows Hello is a Windows 10 feature that replaces passwords with two factor authentication
on both PCs and mobile devices. This is a newer type of user credential that gets tied to a
specific device and leverages either a pin or some form of biometric. Users can use Windows
Hello to authenticate in Active Directory and in Azure Active Directory.
Microsoft Authenticator is an application that organizations can use to keep accounts secure. It
works by offering two factor verification and phone sign in. Two factor verification is the
standard verification method. The first factor is the user’s password. However, once a user signs
into a device, app, or site, using his username and password, the user must use Microsoft
Authenticator to either approve a notification or answer a verification code that is provided.
The phone sign-in option is another version of two factor verification that allows users to sign in
without a password. Instead of using a username and password combination, users can login with
a username and a mobile device with a fingerprint, face, or pin.
Conditional Access
Conditional access allows organizations to provide granular access to data and applications. It
allows users to work from virtually any location and from just about any device. Conditional
Access evaluates users, devices, apps, location, and risk before granting a specific user access to
a corporate resource. This ensures that only those approved users can access company resources
from only approved devices.
Conditional Access evaluates access
requests against several different criteria. It
then compares this criterion to policies that
you define. After comparing against these
policies, Conditional Access will decide
whether or not access is allowed.
I should mention that Conditional Access
spans multiple Microsoft 365 services
including Office 365, Windows 10, and
InTune.
Identity Protection
Because most security breaches occur as a result of stolen user identities, identity protection is
critical. Not only do you need to protect all of your user identities from being compromised, but
you also need to ensure that you are proactively preventing compromised identities from being
abused.
60 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
Microsoft 365 offers several ways for organizations to protect their identities. They include
Azure Active Directory Identity Protection, Microsoft Cloud App Security, Azure Advanced
Threat Protection, and Windows 10’s built-in identity protection capabilities.
Azure Active Directory Identity Protection helps organizations identify attempts to compromise
user accounts. Whenever it identifies unusual behavior from an account, Azure Active Directory
Identity Protection can block access and even require additional authentication options.
Microsoft Cloud App Security provides analytics for cloud apps and services. This helps
organizations understand protections that are in place for their data across cloud apps.
Azure Advanced Threat Protection, or ATP, is a cloud-based security solution. Using ATP,
organizations can identify, detect, and investigate many different threats, compromised identities,
and other malicious activity that’s directed at the organization.
The built-in identity protection capabilities of Windows 10, including Windows Hello, can be
used to further protect user identities.
So, as you can see by providing secure authentication, conditional access, and identity protection
features, Microsoft 365 helps organizations manage the first security pillar which is identity and
access management by helping them identify who is accessing resources and helping them
control what can be accessed.
61 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
Azure Advanced Threat Protection, or ATP, is a cloud-based security solution. What Azure
Advanced Threat Protection does is identify and detect advanced threats, compromised
identities, and certain malicious insider actions. The security reports and analytics that ATP
offers are useful for reducing your organizations attack surface.
Azure Security Center
Azure Security Center is another security tool. It offers advanced threat protection and unified
security management across hybrid cloud workloads, which include those workloads on-prem, in
the Azure cloud, and in other clouds. Azure Security Center will even allow you to automatically
discover and onboard new Azure resources. Defined security policies are automatically applied
to ensure such new resources are compliant with your security standards. You can use Azure
Security Center to collect and analyze security data from many different sources, including
firewalls and even partner solutions.
62 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
be malicious. Attack Simulator, which comes with Advanced Threat Protection, can be used to
simulate realistic attacks as well.
Office 365 Threat Intelligence
Office 365 Threat Intelligence consists of insights and other information - and is available in the
Office 365 Security and Compliance Center. This tool can be used to understand different threats
against your users and data because it monitors different signals and gathers data from several
different sources, including email, compromised PCs, user activity, and other security incidents.
By leveraging these many different security tools, you can protect your users, identities, devices,
user data, apps, and infrastructure.
63 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
Ultimately, what you want to do is use the Microsoft Secure Score recommendations to identify
the most important settings to you and to make changes that you deem necessary.
64 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
CHAPTER 9
COMPLIANCE IN MICROSOFT 365
Welcome to Compliance in Microsoft 365. In this chapter, we are going to review a few key
Microsoft 365 compliance tools.
We will start things off by covering the Service Trust Portal and Compliance Manager. You'll
learn what they are, how to access them, and what features they offer. We will then look at
Compliance Center, where you’ll learn about what information it provides and how to access it.
65 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
Compliance Manager is used to meet compliance obligations, such as GDPR, ISO, NIST, and
HIPAA.
The three main capabilities that Compliance Manager provides include ongoing risk assessment,
actionable insights, and simplified compliance. The ongoing risk assessment is essentially a
summary of your organization’s compliance posture when measured against regulatory
requirements that apply to your business. This information is provided in the context of using
Microsoft cloud services. The compliance score that is provided on the dashboard can be used to
help make compliance decisions.
Actionable insights offer information on the compliance responsibilities that are split between
the customer and Microsoft. For components and services that are managed by the customer, the
dashboard will present recommendations and instructions for implementing them.
To ensure simplified compliance, Compliance Manager offers built-in collaboration tools that
can be used, to assign tasks to teams within your organization. You can also create audit ready
reports that link out to evidence that you collect to demonstrate your compliance.
66 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
Due to its integration with Compliance Manager, you can use Microsoft Compliance Center to
gain insights into your organization’s compliance posture as it relates to key standards and
regulations like GDPR, ISO, and NIST. You can also perform risk assessments and follow
guidance that’s provided in order to improve your privacy controls and compliance.
Microsoft Cloud Apps Security Insights, or MCAS, is available from the Compliance Center as
well. You can use MCAS to do things like identify compliance risks across apps, monitor
noncompliant employee behavior, and even identify shadow IT situations.
Once you’ve enabled the Microsoft Compliance Center for your tenants you can access it at this
URL.
Congratulations! You’ve reached the end of Compliance in Microsoft 365! Let’s review what
you’ve learned.
In this chapter, we looked at a few key Microsoft 365 compliance tools. We started things off by
covering the Service Trust Portal and Compliance Manager. You learned what they are, how to
access them, and what features they offer. We then looked at Compliance Center, where you
learned what information it provides and how to access it.
67 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
CHAPTER 10
MICROSOFT 365 PRICING AND SUPPORT
Welcome to Microsoft 365 Pricing and Support. In this chapter, we are going to review the
Microsoft 365 subscription options that are available, how to manage Microsoft 365 licenses,
how to manage billing, and how to get Microsoft 365 support.
Feature E3 E5
Windows 10 Enterprise x x
Azure Active Directory Plan 1, Windows Hello, Credential Guard, Direct access x x
68 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
Windows Defender ATP, Office 365 ATP, Office 365 Threat Intelligence x
Azure Information Protection P2, Microsoft Cloud App Security, Office 365 Cloud App
x
Security
The table above highlights the features that are included in each plan. As you can see, the E5
plan includes all of the same features as the E3 plan, plus more advanced threat protection,
security, and collaboration tools.
You can purchase Microsoft 365 Enterprise licenses through a cloud solution provider, or CSP,
or you can purchase them through an Enterprise Agreement subscription from Microsoft.
Microsoft 365 Business is well suited for smaller and medium-sized organizations. Like its
older brother, Microsoft 365 Enterprise, Microsoft 365 Business offers the same full set of office
365 productivity tools. While it does include many security and device management features,
Microsoft 365 Business does NOT include many of the advanced information protection,
compliance, or analytics tools that are available in the enterprise plan. Microsoft 365 Business is
69 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
designed for organizations with 300 users or fewer. If your organization requires more than 300
licenses, you will need to subscribe to an enterprise plan instead.
Microsoft 365 Education, as you can probably gather from its name, is intended for educational
organizations. Such organizations can obtain academic licenses that can be tailored to fit their
specific needs.
Microsoft 365 for First Line Workers is referred to as the Microsoft 365 F1 Subscription. This
plan is intended for first line workers, such as customer service reps, support engineers, and
service professionals.
While the Microsoft 365 F1 subscription is similar in many ways to the Microsoft 365 E3
subscription, the F1 plan is designed in a way that better fits the need of first line workers. For
example, since first line workers don’t typically use virtual machines, the Microsoft 365 F1
subscription includes Windows 10 E3, but doesn’t offer virtualization rights. I should also note
that Microsoft 365 F1 is far less expensive than the Microsoft 365 E1 and E3 enterprise plans.
So, the key takeaway here is that Microsoft 365 Enterprise is designed for large organizations.
Microsoft 365 Business is designed for small and medium-sized businesses. Microsoft 365
Education is for educational organizations and the Microsoft 365 F1 Subscription is designed for
first line workers.
70 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
within each license for each user. This same process is used to enable and disable many other
services and tools within a user’s license. I should note, however, that deactivating individual
features, or even all features for a specific user, does not free up the license itself. These
individual controls simply manage which features are available to the user within that assigned
license.
Admin Roles
There are various admin roles that are available within Microsoft 365. Each role can perform
different licensing actions. The roles include the Global Administrator, the Billing Administrator,
and the License Administrator.
The Global Administrator has access to all admin features in the Office 365 suite of services.
The person that signs up to buy Office 365 automatically becomes the Global Admin. It’s also
important to note that Global Admins are the only ones who can assign other admin roles, and
they are the only ones that can manage the accounts of other Global Admins.
The Billing Administrator is responsible for making purchases, managing subscriptions, and
managing support tickets. This role also monitors service health.
The License Administrator, as you may have guessed, is responsible for adding, removing, and
updating license assignments for users and groups. This role does not offer the ability to
purchase or manage subscriptions, nor does it offer the ability to create or manage users and
groups. It can, however, manage the usage location for users because that is relevant to the
licensing.
71 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
Fast-Track provides you with direct access to Microsoft 365 planning materials and to
dedicated Microsoft fast-track project managers and engineers. These resources are there to help
you deploy a Microsoft 365.
The O365 Assistant is an automated assistant bot that can be found in the Microsoft 365 admin
center. The O365 assistant is designed to help you find answers to common support questions.
Premier Support is another option available to Microsoft 365 subscribers. The Microsoft
Premier support services option is perfect for large and global enterprises with critical
dependence on Microsoft products, including Microsoft 365 and Microsoft Azure. Organizations
that are Premier Support members are assigned dedicated technical account managers and have
additional benefits like on-site support and even advisory services.
Cloud Service Provider Tier 1 Support is provided to organizations that have purchased their
Microsoft 365 subscription through a certified Tier-1 cloud solution provider, or CSP. The CSP,
in this case, is the first point of contact for all service-related issues. The CSP will escalate issues
that it can’t resolve to Microsoft.
Telephone Support is also available for some Microsoft 365 components.
Some other ways to get support for Microsoft 365 are the use of forums and communities. The
Microsoft 365 Tech Community, for example, allows you to connect with and collaborate with
other customers and to share your experiences, problems, and solutions.
The Microsoft 365 Support Forums are official Microsoft support forums that you can use to
ask questions and to get answers from both Microsoft and community members. Some of the
72 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
more popular Microsoft support forums include the Azure forums, the Windows forums, and the
Office forms.
So, as you can see billing and support are never more than a mouse click away.
73 | P a g e
MS-900 Exam Prep: Microsoft 365 Fundamentals
SO NOW WHAT?
Now that you’ve read through this book, you should enroll in the video course that this book is
based on. While the full course covers the same topics that you’ve encountered in this book, it
does so through a series of 52 video lessons, over 500 engaging visuals, several hands-on
demonstrations, numerous quizzes, and an end-of-course practice test. There are also several
downloadable infographics available as well. All told, the full course spans 3 hours.
By reading through this book and completing the associated course, you should be ready to not
only plan, deploy, and manage Microsoft 365 and its various services, but you should also be
amply prepared to pass the MS-900 Microsoft 365 Fundamentals exam!
To enroll in this best-selling Microsoft 365 Fundamentals course today, visit this link.
74 | P a g e