Microsoft 365 Administrator Essentials

This course covers the following key elements of Microsoft 365 administration:

Microsoft 365 tenant management, Microsoft 365 identity synchronization, and Microsoft 365 security and compliance.

In Microsoft 365 tenant management, you learn how to configure your Microsoft 365 tenant, including your organizational profile, tenant subscription options, component services, user accounts and licenses, security groups, and administrative roles.

You then transition to configuring Microsoft 365, with a primary focus on configuring Office client connectivity.

Finally, you explore how to manage user-driven client installations of Microsoft 365 Apps for enterprise deployments.

The course then transitions to an in-depth examination of Microsoft 365 identity synchronization, with a focus on Azure Active Directory Connect and Connect Cloud Sync.

You learn how to plan for and implement each of these directory synchronization options, how to manage synchronized identities, and how to implement password management in Microsoft 365 using multifactor authentication and self-service password management.

In Microsoft 365 security management, you begin examining the common types of threat vectors and data breaches facing organizations today.

You then learn how Microsoft 365’s security solutions address each of these threats.

You are introduced to the Microsoft Secure Score, as well as to Azure Active Directory Identity Protection.

You then learn how to manage the Microsoft 365 security services, including Exchange Online Protection, Safe Attachments, and Safe Links.

Finally, you are introduced to the various reports that monitor an organization’s security health.

You then transition from security services to threat intelligence; specifically, using Microsoft 365 Defender, Microsoft Defender for Cloud Apps, and Microsoft Defender for Endpoint.

Once you have this understanding of Microsoft 365’s security suite, you then examine the key components of Microsoft 365 compliance management.

This begins with an overview of all key aspects of data governance, including data archiving and retention, Microsoft Purview message encryption, and data loss prevention (DLP). You then delve deeper into archiving and retention, paying particular attention to Microsoft Purview insider risk management, information barriers, and DLP policies. You then examine how to implement these compliance features by using data classification and sensitivity labels.

Before attending this course, students must have:

• Completed a role-based administrator course such as Messaging, Teamwork, Security, Compliance, or Collaboration.
• A proficient understanding of DNS and basic functional experience with Microsoft 365 services.
• A proficient understanding of general IT practices.
• A working knowledge of PowerShell.

Recommended prerequisites:

• M-MD102 - Managing Endpoints

• Spiegare le differenze tra le diverse edizioni di Windows.
• Selezionare il dispositivo Windows più adatto alle proprie esigenze.
• Descrivere i requisiti hardware minimi consigliati per l’installazione di Windows 11.
• Descrivere Azure AD.
• Confrontare Azure AD con Active Directory Domain Services (AD DS).
• Descrivere come Azure AD viene utilizzato come directory per le applicazioni cloud.
• Descrivere Azure AD Premium P1 e P2, i servizi di dominio di Azure AD, RBAC e ruoli utente in Azure AD.
• Creare e gestire gli utenti in Azure AD e i gruppi in Azure AD.
• Utilizzare i cmdlet di Windows PowerShell per gestire Azure AD.
• Descrivere come sincronizzare gli oggetti da AD DS ad Azure AD.
• Descrivere Microsoft Endpoint Manager.
• Comprendere i vantaggi della gestione di un client con Configuration Manager.
• Distribuire il client di Configuration Manager.
• Monitorare il client di Configuration Manager.
• Gestire i dispositivi di Configuration Manager.
• Preparare Microsoft Intune per l’iscrizione dei dispositivi.
• Configurare Microsoft Intune per l’iscrizione automatica.
• Spiegare come registrare i dispositivi Windows, Android e iOS in Intune.
• Individuare quando e come utilizzare Intune Enrollment Manager.
• Capire come monitorare ed eseguire azioni remote sui dispositivi iscritti.
• Monitorare le assegnazioni dei profili.
• Capire come vengono sincronizzati i profili e come forzare manualmente la sincronizzazione.
• Utilizzare PowerShell per eseguire e monitorare gli script sui dispositivi.
• Spiegare i vari tipi di profilo utente esistenti in Windows.
• Descrivere il funzionamento di un profilo utente.
• Configurare i profili utente per risparmiare spazio.
• Spiegare come distribuire e configurare il reindirizzamento delle cartelle.
• Spiegare il Roaming dello Stato dell’Impresa.
• Configurare l’Enterprise State Roaming per i dispositivi Azure AD.
• Spiegare come distribuire le applicazioni utilizzando Intune e Configuration Manager.
• Imparare a distribuire le applicazioni utilizzando i Criteri di gruppo.
• Comprendere le applicazioni di Microsoft Store
• Imparare a distribuire le applicazioni utilizzando Microsoft Store Apps.
• Imparare a configurare le Microsoft Store Apps
• Spiegare come gestire le applicazioni in Intune
• Comprendere come gestire le app su dispositivi non registrati
• Comprendere come distribuire le app di Microsoft 365 utilizzando Intune
• Imparare a configurare e gestire la modalità IE in Microsoft Edge
• Conoscere le opzioni di inventario delle app in Intune
• Descrivere come accedere alle risorse aziendali
• Comprendere i tipi di VPN e la loro configurazione
• Descrivere Always On VPN e la sua configurazione
• Descrivere i criteri di conformità dei dispositivi
• Distribuire un criterio di conformità del dispositivo
• Descrivere l’accesso condizionato
• Creare criteri di accesso condizionato
• Generare rapporti di inventario e rapporti di conformità utilizzando Microsoft Intune
• Creare rapporti e monitorare la conformità dei dispositivi
• Creare report personalizzati utilizzando il Data Warehouse Intune
• Utilizzare l’API Microsoft Graph per la creazione di report personalizzati
• Descrivere Microsoft Defender for Endpoint e le sue principali funzionalità
• Descrivere Microsoft Defender Application Guard, Microsoft Defender Exploit Guard, Windows Defender System Guard
• Comprendere le funzionalità di Windows Security
• Descrivere Windows Defender Credential Guard
• Gestire Microsoft Defender Antivirus, Windows Defender Firewall e Windows Defender Firewall con sicurezza avanzata
• Descrivere Microsoft Defender per le applicazioni cloud
• Pianificare l’utilizzo di Microsoft Defender per le applicazioni in-the-cloud
• Implementare e utilizzare Microsoft Defender per le applicazioni in-the-cloud
• Descrivere i fondamenti dell’uso delle immagini nei metodi di distribuzione tradizionali.
• Identificare i principali vantaggi, le limitazioni e le decisioni da prendere quando si pianifica una distribuzione di Windows utilizzando Microsoft Deployment Toolkit (MDT).
• Comprendere come Configuration Manager si basa su MDT e come entrambi possono lavorare in armonia.
• Spiegare le diverse opzioni e considerazioni quando si sceglie l’esperienza di interazione con l’utente durante la distribuzione e quali metodi e strumenti supportano queste esperienze.
• Descrivere le funzionalità di Configuration Manager, i componenti chiave di Configuration Manager.
• Identificare come risolvere i problemi delle distribuzioni di Configuration Manager.
• Descrivere il funzionamento dell’attivazione delle sottoscrizioni.
• Descrivere i vantaggi dei pacchetti di provisioning.
• Spiegare come Windows Configuration Designer crea i pacchetti di provisioning.
• Descrivete i vantaggi dell’utilizzo dell’iscrizione MDM con Azure AD join.
• Identificare gli scenari di utilizzo di Azure AD join.
• Copmprendere quali carichi di lavoro che possono essere trasferiti a Intune.
• Pianificare la transizione alla gestione moderna utilizzando le tecnologie esistenti.
• Pianificare la transizione a una gestione moderna utilizzando Microsoft Intune.
• Descrivere le caratteristiche principali di Windows 365, l’esperienza di gestione, il modello di sicurezza, le opzioni di distribuzione di Windows 365, il modello di licenza di Windows 365
• Descrivere le caratteristiche principali di Azure Virtual Desktop, l’esperienza di gestione, il modello di sicurezza, le opzioni di distribuzione

This course is designed for persons aspiring to the Microsoft 365 Administrator role and have completed at least one of the Microsoft 365 role-based administrator certification paths.

Job role: Administrator

1- Configure your Microsoft 365 experience

• Introduction
• Configure your Microsoft 365 experience
• Manage your tenant subscriptions in Microsoft 365
• Integrate Microsoft 365 with customer engagement apps
• Complete your tenant configuration in Microsoft 365
• Knowledge check
• Summary

2- Manage users, contacts, and licenses in Microsoft 365

• Introduction
• Determine the user identity model for your organization
• Create user accounts in Microsoft 365
• Manage user account settings in Microsoft 365
• Manage user licenses in Microsoft 365
• Recover deleted user accounts in Microsoft 365
• Perform bulk user maintenance in Azure Active Directory
• Create and manage guest users
• Create and manage contacts
• Summary

3- Manage groups in Microsoft 365

• Introduction
• Examine groups in Microsoft 365
• Create and manage groups in Microsoft 365
• Create groups in Exchange Online and SharePoint Online
• Knowledge check
• Summary

4- Add a custom domain in Microsoft 365

• Introduction
• Plan a custom domain for your Microsoft 365 deployment
• Plan the DNS zones for a custom domain
• Plan the DNS record requirements for a custom domain
• Create a custom domain in Microsoft 365
• Knowledge check
• Summary

5- Configure client connectivity to Microsoft 365

• Introduction
• Examine how automatic client configuration works
• Explore the DNS records required for client configuration
• Configure Outlook clients
• Troubleshoot client connectivity
• Knowledge check
• Summary

6- Configure administrative roles in Microsoft 365

• Introduction
• Explore the Microsoft 365 permission model
• Explore the Microsoft 365 admin roles
• Assign admin roles to users in Microsoft 365
• Delegate admin roles to partners
• Manage permissions using administrative units in Azure Active Directory
• Elevate privileges using Azure AD Privileged Identity Management
• Knowledge check
• Summary

7- Manage tenant health and services in Microsoft 365

• Introduction
• Monitor the health of your Microsoft 365 services
• Monitor tenant health using Microsoft 365 Adoption Score
• Monitor tenant health using Microsoft 365 usage analytics
• Develop an incident response plan
• Request assistance from Microsoft
• Knowledge check
• Summary

8- Deploy Microsoft 365 Apps for enterprise

• Introduction
• Explore Microsoft 365 Apps for enterprise functionality
• Explore your app compatibility by using the Readiness Toolkit
• Complete a self-service installation of Microsoft 365 Apps for enterprise
• Deploy Microsoft 365 Apps for enterprise with Microsoft Endpoint Configuration Manager
• Deploy Microsoft 365 Apps for enterprise from the cloud
• Deploy Microsoft 365 Apps for enterprise from a local source
• Manage updates to Microsoft 365 Apps for enterprise
• Explore the update channels for Microsoft 365 Apps for enterprise
• Manage your cloud apps using the Microsoft 365 Apps admin center
• Knowledge check
• Summary

9- Analyze your Microsoft 365 workplace data using Microsoft Viva Insights

• Introduction
• Examine the analytical features of Microsoft Viva Insights
• Create custom analysis with Microsoft Viva Insights
• Configure Microsoft Viva Insights
• Examine Microsoft 365 data sources used in Microsoft Viva Insights
• Prepare organizational data in Microsoft Viva Insights
• Knowledge check
• Summary

10- Explore identity synchronization

• Introduction
• Examine authentication options in Microsoft 365
• Examine provisioning options in Microsoft 365
• Explore directory synchronization
• Explore Azure AD Connect
• Knowledge check
• Summary

11- Prepare for identity synchronization to Microsoft 365

• Introduction
• Plan your Azure Active Directory deployment
• Prepare for directory synchronization
• Choose your directory synchronization tool
• Plan for directory synchronization using Azure AD Connect
• Plan for directory synchronization using Azure AD Connect Cloud Sync
• Knowledge check
• Summary

12- Implement directory synchronization tools

• Introduction
• Configure Azure AD Connect prerequisites
• Configure Azure AD Connect
• Monitor synchronization services using Azure AD Connect Health
• Configure Azure AD Connect Cloud Sync prerequisites
• Configure Azure AD Connect Cloud Sync
• Knowledge check
• Summary

13- Manage synchronized identities

• Introduction
• Manage users with directory synchronization
• Manage groups with directory synchronization
• Use Azure AD Connect Sync Security Groups to help maintain directory synchronization
• Configure object filters for directory synchronization
• Troubleshoot directory synchronization
• Knowledge check
• Summary

14- Manage secure user access in Microsoft 365

• Introduction
• Manage user passwords
• Enable pass-through authentication
• Enable multi-factor authentication
• Explore self-service password management
• Implement Azure AD Smart Lockout
• Implement entitlement packages in Azure AD Identity Governance
• Implement conditional access policies
• Create and run an access review
• Investigate authentication issues using sign-in logs
• Knowledge check
• Summary

15- Examine threat vectors and data breaches

Introduction

• Explore today's work and threat landscape
• Examine how phishing retrieves sensitive information
• Examine how spoofing deceives users and compromises data security
• Compare spam and malware
• Examine how an account breach compromises a user account
• Examine elevation of privilege attacks
• Examine how data exfiltration moves data out of your tenant
• Examine how attackers delete data from your tenant
• Examine how data spillage exposes data outside your tenant
• Examine other types of attacks
• Knowledge check
• Summary

16- Explore the Zero Trust security model

• Introduction
• Examine the principles and components of the Zero Trust model
• Plan for a Zero Trust security model in your organization
• Examine Microsoft's strategy for Zero Trust networking
• Adopt a Zero Trust approach
• Knowledge check
• Summary

17- Explore security solutions in Microsoft 365 Defender

• Introduction
• Enhance your email security using Exchange Online Protection and Microsoft Defender for Office 365
• Protect your organization's identities using Microsoft Defender for Identity
• Protect your enterprise network against advanced threats using Microsoft Defender for Endpoint
• Protect against cyber attacks using Microsoft 365 Threat Intelligence
• Provide insight into suspicious activity using Microsoft Cloud App Security
• Review the security reports in Microsoft 365 Defender
• Knowledge check
• Summary

18- Examine Microsoft Secure Score

• Introduction
• Explore Microsoft Secure Score
• Assess your security posture with Microsoft Secure Score
• Improve your secure score
• Track your Microsoft Secure Score history and meet your goals
• Knowledge check
• Summary

19- Examine Privileged Identity Management

• Introduction
• Explore Privileged Identity Management in Azure AD
• Configure Privileged Identity Management
• Audit Privileged Identity Management
• Explore Microsoft Identity Manager
• Control privileged admin tasks using Privileged Access Management
• Knowledge check
• Summary

20- Examine Azure Identity Protection

• Introduction
• Explore Azure Identity Protection
• Enable the default protection policies in Azure Identity Protection
• Explore the vulnerabilities and risk events detected by Azure Identity Protection
• Plan your identity investigation
• Knowledge check
• Summary

21- Examine Exchange Online Protection

• Introduction
• Examine the anti-malware pipeline
• Detect messages with spam or malware using Zero-hour auto purge
• Explore anti-spoofing protection provided by Exchange Online Protection
• Explore other anti-spoofing protection
• Examine outbound spam filtering
• Knowledge check
• Summary

22- Examine Microsoft Defender for Office 365

• Introduction
• Climb the security ladder from EOP to Microsoft Defender for Office 365
• Expand EOP protections by using Safe Attachments and Safe Links
• Manage spoofed intelligence
• Configure outbound spam filtering policies
• Unblock users from sending email
• Knowledge check
• Summary

23- Manage Safe Attachments

• Introduction
• Protect users from malicious attachments by using Safe Attachments
• Create Safe Attachment policies using Microsoft Defender for Office 365
• Create Safe Attachments policies using PowerShell
• Modify an existing Safe Attachments policy
• Create a transport rule to bypass a Safe Attachments policy
• Examine the end-user experience with Safe Attachments
• Knowledge check
• Summary

24- Manage Safe Links

• Introduction
• Protect users from malicious URLs by using Safe Links
• Create Safe Links policies using Microsoft 365 Defender
• Create Safe Links policies using PowerShell
• Modify an existing Safe Links policy
• Create a transport rule to bypass a Safe Links policy
• Examine the end-user experience with Safe Links
• Knowledge check
• Summary

25- Explore threat intelligence in Microsoft 365 Defender

• Introduction
• Explore Microsoft Intelligent Security Graph
• Explore alert policies in Microsoft 365
• Run automated investigations and responses
• Explore threat hunting with Microsoft Threat Protection
• Explore advanced threat hunting in Microsoft 365 Defender
• Explore threat analytics in Microsoft 365
• Identify threat issues using Microsoft Defender reports
• Knowledge check
• Summary

26- Implement app protection by using Microsoft Defender for Cloud Apps

• Introduction
• Explore Microsoft Defender Cloud Apps
• Deploy Microsoft Defender for Cloud Apps
• Configure file policies in Microsoft Defender for Cloud Apps
• Manage and respond to alerts in Microsoft Defender for Cloud Apps
• Configure Cloud Discovery in Microsoft Defender for Cloud Apps
• Troubleshoot Cloud Discovery in Microsoft Defender for Cloud Apps
• Knowledge check
• Summary

27- Implement endpoint protection by using Microsoft Defender for Endpoint

• Introduction
• Explore Microsoft Defender for Endpoint
• Configure Microsoft Defender for Endpoint in Microsoft Intune
• Onboard devices in Microsoft Defender for Endpoint
• Manage endpoint vulnerabilities with Microsoft Defender Vulnerability Management
• Manage device discovery and vulnerability assessment
• Reduce your threat and vulnerability exposure
• Knowledge check
• Summary

28- Implement threat protection by using Microsoft Defender for Office 365

• Introduction
• Explore the Microsoft Defender for Office 365 protection stack
• Investigate security attacks by using Threat Explorer
• Identify cybersecurity issues by using Threat Trackers
• Prepare for attacks with Attack simulation training
• Knowledge check
• Summary