Describe cloud concepts (5–10%)

Describe the different types of cloud services available

Microsoft Cloud Service Models: SaaS, IaaS, and PaaS

Software as a Service (SaaS)

Software as a Service, commonly known as SaaS, is a delivery model where applications are hosted and managed in a service provider’s datacenter. Users access these applications over the Internet, typically through a web browser. The cloud provider manages the infrastructure, middleware, app software, and app data. This model offers the highest level of service, with the provider taking care of everything from hardware to application updates.

Use Cases for SaaS: - Business Applications: Tools like Microsoft Office 365 provide productivity software for tasks such as email, document editing, and collaboration. - Customer Relationship Management (CRM): Services like Microsoft Dynamics 365 help businesses manage and analyze customer interactions and data. - Human Resources Management: Solutions for recruiting, onboarding, and employee management.

Infrastructure as a Service (IaaS)

Infrastructure as a Service, or IaaS, provides virtualized computing resources over the Internet. In this model, the cloud provider hosts the infrastructure components that would traditionally be present in an on-premises datacenter, including servers, storage, and networking hardware. The customer typically manages the operating systems, middleware, and applications.

Use Cases for IaaS: - Test and Development: Teams can quickly set up and dismantle test and development environments, bringing new applications to market faster. - Website Hosting: IaaS provides a cost-effective and scalable solution for hosting websites. - Storage, Backup, and Recovery: Organizations can avoid the capital outlay for storage and complexity of storage management, which typically requires skilled staff to manage data and meet legal and compliance requirements.

Platform as a Service (PaaS)

Platform as a Service, or PaaS, is a cloud computing model that provides customers a platform allowing them to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app. PaaS includes infrastructure—servers, storage, and networking—but also middleware, development tools, business intelligence (BI) services, database management systems, and more.

Use Cases for PaaS: - Application Development: Streamlines the development process with preconfigured tools and built-in features. - Analytics or Business Intelligence: Tools provided can help organizations analyze and mine their data, finding insights and patterns and predicting outcomes to improve forecasting, product design decisions, investment returns, and other business decisions. - Additional Services: PaaS providers may offer other services that enhance applications, such as workflow, directory, security, and scheduling.

For more detailed information on these services, you can visit the following URLs: - What is SaaS? - What is IaaS? - What is PaaS?

These resources provide a comprehensive understanding of the different service models offered by Microsoft Azure and can be instrumental in grasping the concepts and use cases for each.

Describe cloud concepts (5–10%)

Describe the different types of cloud services available

Differences between Office 365 and Microsoft 365

Office 365 and Microsoft 365 are both offerings from Microsoft that cater to different needs of organizations. While they share some commonalities, there are distinct differences that set them apart.

Office 365

Office 365 is primarily a suite of cloud-based productivity applications. It includes services such as:

  • Email and Calendaring: Through Exchange Online.
  • Office Applications: Access to Word, Excel, PowerPoint, and other Office apps.
  • Collaboration Tools: SharePoint Online for document management and collaboration, and Microsoft Teams for communication.
  • Storage: OneDrive for Business provides cloud storage.

Office 365 is available in various plans tailored for: - Enterprise organizations. - Education organizations. - Government organizations, including GCC, GCC High, and DoD. - Organizations operated by 21Vianet in China. - Office 365 Germany https://learn.microsoft.com/en-us/purview/ediscovery-legacy-retirement https://learn.microsoft.com/en-us/purview/ediscovery-legacy-retirement https://learn.microsoft.com/en-us/purview/ediscovery-legacy-retirement .

Microsoft 365

Microsoft 365, on the other hand, is a more comprehensive offering that includes everything in Office 365, plus additional features:

  • Security: Advanced security features to protect against cyber threats.
  • Device Management: Tools for managing and securing devices, such as Intune.
  • Windows 10 or Windows 11 Enterprise: Depending on the plan, it may include an operating system license.
  • Compliance: Advanced compliance solutions to help meet regulatory requirements.

Microsoft 365 is also available for: - Enterprise organizations. - Education organizations. - Government organizations, including GCC, GCC High, and DoD. - Organizations operated by 21Vianet in China. - Microsoft 365 Germany https://learn.microsoft.com/en-us/purview/ediscovery-legacy-retirement https://learn.microsoft.com/en-us/purview/ediscovery-legacy-retirement .

Key Takeaways

  • Office 365 focuses on productivity and collaboration tools.
  • Microsoft 365 includes all the features of Office 365, plus additional security, device management, and compliance tools.
  • Both have tailored offerings for different types of organizations, including enterprise, education, government, and specific geographic regions.

For additional information on the offerings and to help distinguish between the two, you can refer to the following resources:

It’s important to note that Microsoft has deprecated TLS versions 1.0 and 1.1 in Office 365 and Office 365 GCC to maintain the best-in-class encryption for customers https://learn.microsoft.com/en-us/purview/prepare-tls-1.2-in-office-365 . Additionally, when considering retention or deletion of content for Microsoft 365 groups, different policies apply to group mailboxes and SharePoint team sites https://learn.microsoft.com/en-us/purview/retention-settings .

By understanding these differences, organizations can make informed decisions about which suite best meets their needs.

Describe cloud concepts (5–10%)

Describe the benefits of and considerations for using cloud, hybrid, or on-premises services

Public, Private, and Hybrid Cloud Models

Public Cloud

The public cloud is a model where cloud services and infrastructure are hosted off-site by a cloud provider and shared across multiple tenants. Users access services and manage their accounts via the internet. The public cloud offers a high degree of elasticity and scalability because resources can be provisioned on-demand to meet user needs. It operates on a pay-as-you-go pricing model, which can lead to cost savings as users pay only for the resources they consume. Examples of public cloud providers include Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).

For more information on public cloud services, you can visit: Microsoft Azure Public Cloud.

Private Cloud

A private cloud is a cloud computing model where the infrastructure and services are maintained on a private network. These services are typically hosted on-premises within an organization’s data center, though they can also be hosted by third-party service providers. The private cloud is designed for a single organization, offering greater control over security, compliance, and data sovereignty. Organizations that have specific requirements for privacy and control often opt for private cloud solutions.

For additional details on private cloud solutions, refer to: Microsoft Azure Private Cloud.

Hybrid Cloud

Hybrid cloud is a computing environment that combines public and private clouds, allowing data and applications to be shared between them. This model provides businesses with greater flexibility and more deployment options. A hybrid cloud strategy can enable an organization to scale its on-premises infrastructure up to the public cloud when needed, while keeping sensitive data on-premises to meet regulatory requirements or specific business needs. It offers the benefits of both models, such as scalability and flexibility from the public cloud, along with the enhanced security and control of a private cloud.

For a deeper understanding of hybrid cloud computing, you can explore: Microsoft Azure Hybrid Cloud.

Each cloud model offers distinct advantages and can be selected based on the specific needs and goals of an organization. It is important to consider factors such as cost, compliance, scalability, and security when choosing the appropriate cloud model for your organization’s workloads and data.

Describe cloud concepts (5–10%)

Describe the benefits of and considerations for using cloud, hybrid, or on-premises services

Costs and Advantages of Cloud, Hybrid, and On-Premises Services

When comparing the costs and advantages of cloud, hybrid, and on-premises services, it is essential to consider several factors that impact the overall value and efficiency of each model.

Cloud Services

Advantages: - Scalability: Cloud services offer the ability to scale resources up or down based on demand, ensuring that you pay only for what you use. - Global Reach: Cloud platforms often provide a global network that allows for deploying services and applications worldwide. - Reduced Capital Expenditure: There is no need for significant upfront investments in hardware and infrastructure. - Innovation: Cloud services are continually updated with the latest features, which can drive innovation within organizations.

Cost Considerations: - Operational Expenses: While capital expenses are reduced, operational expenses can vary based on usage, services, and management tools required. - Data Transfer Costs: Moving data in and out of the cloud can incur costs, which need to be factored into the overall budget.

Hybrid Services

Advantages: - Flexibility and Control: Hybrid services allow for keeping sensitive data on-premises while leveraging the cloud for less critical data and workloads. - Cost Efficiency: Hybrid models can optimize costs by allowing organizations to use their existing infrastructure while expanding capabilities with cloud services https://learn.microsoft.com/en-us/azure/defender-for-cloud/multicloud . - Compliance and Data Sovereignty: Organizations can meet regulatory requirements by storing data in on-premises datacenters when necessary https://learn.microsoft.com/en-us/azure/defender-for-cloud/multicloud .

Cost Considerations: - Complexity: Managing a hybrid environment can be complex and may require additional tools and expertise. - Integration: Integrating on-premises and cloud services can involve additional costs for networking and security.

On-Premises Services

Advantages: - Full Control: Organizations have complete control over their infrastructure and data. - Customization: On-premises solutions can be highly customized to meet specific organizational needs. - Performance: For some workloads, on-premises infrastructure can offer better performance, especially when low latency is critical.

Cost Considerations: - Capital Expenditure: Significant upfront investment is required for hardware, facilities, and maintenance. - Maintenance and Upgrades: Organizations are responsible for the ongoing maintenance and upgrades of their infrastructure. - Less Flexibility: Scaling infrastructure to meet demand can be slower and more costly compared to cloud services.

For additional information on designing high-performance storage for Azure virtual machines, which can also apply to on-premises servers, you can refer to the following resource: Design your Azure VM for high storage performance https://learn.microsoft.com/en-us/azure/sentinel/migration-ingestion-target-platform .

In summary, the choice between cloud, hybrid, and on-premises services depends on the specific needs, regulatory requirements, and financial considerations of an organization. Each model offers distinct advantages and cost implications that must be carefully evaluated to determine the best fit for the organization’s objectives.

Describe cloud concepts (5–10%)

Describe the benefits of and considerations for using cloud, hybrid, or on-premises services

Hybrid Work and Flexible Work Concepts

Hybrid work is a model that combines both in-office and remote work, allowing employees to split their time between working at a physical office location and working from a location of their choice, such as their home. This model provides flexibility in terms of location and often, work hours, catering to the needs of a diverse workforce that values the ability to balance work with personal life.

Flexible work, on the other hand, refers to work arrangements that give employees greater freedom in deciding how to fulfill their work responsibilities. This can include flexibility in work hours, the structure of the workday, and the choice of work location. Flexible work arrangements are designed to accommodate individual work styles and personal commitments, promoting a work-life balance that can lead to increased job satisfaction and productivity.

Both hybrid and flexible work concepts are part of a broader shift towards more adaptable work environments, driven by advancements in technology that enable communication and collaboration from anywhere. Organizations adopting these models often rely on digital tools and platforms to support their workforce, ensuring that employees have access to the necessary resources and can stay connected with their teams regardless of their physical location.

For more information on hybrid and flexible work, you can explore the following resources:

These resources provide insights into how hybrid and flexible work models are implemented and the benefits they offer to both employees and employers. They also discuss the challenges that may arise and how to address them to create a successful and productive work environment.

Describe Microsoft 365 apps and services (45–50%)

Describe productivity solutions of Microsoft 365

Core Productivity Capabilities and Benefits of Microsoft 365

Microsoft 365 is a comprehensive suite that includes a variety of productivity tools designed to enhance collaboration, communication, and data management within organizations. Below are the core capabilities and benefits of some of the key components of Microsoft 365: Microsoft Outlook and Exchange, Microsoft 365 apps, and OneDrive.

Microsoft Outlook and Microsoft Exchange

  • Email and Calendar Management: Microsoft Outlook is an email client that integrates seamlessly with Microsoft Exchange, the mail server. Together, they provide robust email management, calendar scheduling, and task organization capabilities.
  • Accessibility: Users can access their emails, calendars, and contacts from any device, ensuring productivity on the go.
  • Security: Exchange Online offers advanced security features to protect against spam, malware, and other threats https://learn.microsoft.com/en-us/purview/microsoft-365-service-encryption .
  • Collaboration: Outlook allows for easy sharing of calendars and scheduling of meetings, enhancing team coordination.

Microsoft 365 Apps

  • Office Applications: Microsoft 365 apps include widely used productivity tools such as Word, Excel, PowerPoint, and more, which are essential for document creation, data analysis, and presentations.
  • Real-time Collaboration: Multiple users can work on the same document simultaneously, facilitating teamwork and productivity.
  • Cloud-based: Being cloud-based, these apps ensure that documents are always up to date and accessible from anywhere.
  • Updates: Continuous updates provide the latest features and security improvements without the need for manual installation.

OneDrive

  • File Storage and Sharing: OneDrive offers cloud storage, allowing users to store files securely and access them from any location https://learn.microsoft.com/en-us/purview/microsoft-365-service-encryption .
  • Collaboration: Users can share files and collaborate in real-time, with the ability to control permissions for viewing and editing .
  • Integration: OneDrive integrates with Microsoft 365 apps, enabling seamless collaboration on documents stored in the cloud.
  • Data Loss Prevention: OneDrive helps prevent data loss with features like versioning and recycle bin, allowing users to recover previous versions of documents or restore deleted files.

For additional information on these components, you can visit the following URLs:

Please note that the URLs provided are for reference and further exploration of the topics discussed.

Describe Microsoft 365 apps and services (45–50%)

Describe productivity solutions of Microsoft 365

Core Microsoft 365 Apps Overview

Microsoft 365 offers a suite of productivity applications that cater to various document creation, communication, and collaboration needs. Below is a detailed explanation of the core applications included in Microsoft 365:

Microsoft Word

Microsoft Word is a powerful word processing application that allows users to create, edit, and share documents. With built-in support for Azure Rights Management, users can easily protect their documents and collaborate with others while maintaining the integrity of sensitive information. Users can sign in with their Microsoft 365 credentials to access IRM features without additional configuration https://learn.microsoft.com/en-us/azure/information-protection/configure-office-apps .

Microsoft Excel

Excel is a spreadsheet application used for data analysis and visualization. It offers advanced features for calculating, organizing, and manipulating data. While Excel supports labels with user-defined permissions, it is important to note that these are not compatible with co-authoring features, meaning that applying such a label will prevent simultaneous document editing https://learn.microsoft.com/en-us/azure/information-protection/known-issues .

Microsoft PowerPoint

PowerPoint is a presentation software that enables users to create dynamic, visually compelling presentations. Similar to Word and Excel, PowerPoint supports sensitivity labels, but applying labels with user-defined permissions can restrict co-authoring capabilities https://learn.microsoft.com/en-us/azure/information-protection/known-issues .

Microsoft Outlook

Outlook is an email client that also manages calendars, tasks, contacts, and notes. It integrates seamlessly with other Microsoft 365 apps, allowing users to manage their communications and schedule effectively. Outlook supports information rights management, enabling users to protect their emails just as they would protect documents in Word or Excel https://learn.microsoft.com/en-us/azure/information-protection/configure-office-apps .

OneNote

OneNote is a digital notebook that provides a flexible canvas for capturing, organizing, and sharing notes. It can sync across devices, allowing users to access their notes anywhere. OneNote integrates with other Microsoft 365 applications, making it easy to collaborate and share information within the ecosystem.

For more detailed information on the capabilities and configuration of these applications, refer to the following resources:

Please note that the URLs provided are for additional information and should be used to supplement the study guide.

Describe Microsoft 365 apps and services (45–50%)

Describe productivity solutions of Microsoft 365

Work Management Capabilities of Microsoft 365

Microsoft 365 offers a suite of tools designed to enhance productivity and facilitate work management across various business functions. Below is a detailed explanation of the key work management capabilities within Microsoft 365:

Microsoft Project

Microsoft Project is a project management tool that provides features for planning, scheduling, and controlling projects. It allows users to assign tasks, track progress, manage budgets, and analyze workloads. Project integrates with other Microsoft products, enabling collaboration and communication within project teams.

  • Key Features:
    • Gantt charts for scheduling and visualizing project timelines.
    • Built-in templates to get started quickly.
    • Reporting tools for tracking project performance.
    • Resource management for optimizing team workload.

Microsoft Planner

Planner is a task management application that enables teams to create, assign, and organize work visually. It is designed for collaborative work and integrates seamlessly with Microsoft Teams.

  • Key Features:
    • Kanban boards for organizing tasks into buckets.
    • Ability to attach files, links, and checklists to tasks.
    • Notifications and email integration to keep team members updated.
    • Mobile app availability for on-the-go task management.

Microsoft Bookings

Bookings is an online scheduling tool that makes it easy for customers to book appointments with a business. It provides a customizable booking page that can be shared with customers, who can then choose available times for services.

  • Key Features:
    • Customizable web page for customers to schedule appointments.
    • Automated email confirmations and reminders.
    • Integration with staff calendars to show real-time availability.
    • Ability to manage multiple staff members and services.

Microsoft Forms

Forms is a tool for creating surveys, quizzes, and polls. It is user-friendly and allows for quick data collection and analysis. Forms can be used for feedback, registrations, assessments, and more.

  • Key Features:
    • Easy-to-use interface for creating custom forms.
    • Real-time response data and analytics.
    • Ability to export data to Excel for further analysis.
    • Option to share forms with specific people or publicly.

Microsoft Lists

Lists is an app that helps users track information and organize work. It is flexible and can be used for a variety of purposes, such as tracking issues, managing inventory, or organizing events.

  • Key Features:
    • Customizable templates for different use cases.
    • Rich column types, including text, choice, and date.
    • Integration with Power Automate for workflow automation.
    • Ability to share lists and collaborate with others.

Microsoft To Do

To Do is a personal task management app that helps users stay organized and manage their day-to-day tasks. It integrates with Outlook for a unified task and email experience.

  • Key Features:
    • Personalized daily planner with suggested tasks.
    • Ability to set reminders, due dates, and notes.
    • Integration with Microsoft 365 apps for a cohesive experience.
    • Syncs across devices for access anywhere.

For additional information on these tools, you can visit the following URLs:

These tools collectively contribute to the robust work management ecosystem within Microsoft 365, enabling businesses to streamline processes, collaborate effectively, and increase overall productivity.

Describe Microsoft 365 apps and services (45–50%)

Describe collaboration solutions of Microsoft 365

Collaboration Benefits and Capabilities of Microsoft 365

Microsoft 365 offers a suite of tools that enhance collaboration and productivity across various platforms. Below is a detailed explanation of the collaboration benefits and capabilities provided by Microsoft Exchange, Outlook, SharePoint, OneDrive, and Stream.

Microsoft Exchange

Outlook

SharePoint

OneDrive

  • Seamless File Access: OneDrive allows users to store, access, and share files from anywhere, facilitating collaboration and ensuring that team members can work on documents simultaneously.
  • Integration with Office: OneDrive is tightly integrated with Office apps, enabling real-time co-authoring and version control for efficient teamwork.

Microsoft Stream

  • Video Sharing: Stream enables organizations to upload, view, and share videos securely, enhancing communication and learning through a rich media format.
  • Integration with Other Apps: Stream is integrated with other Microsoft 365 apps, allowing users to embed videos in SharePoint, Teams, and Yammer, fostering a collaborative environment.

By leveraging these tools, organizations can improve their collaboration capabilities, ensuring that team members can work together effectively, regardless of their location. Each tool offers unique features that contribute to a comprehensive and secure collaborative ecosystem within Microsoft 365.

Describe Microsoft 365 apps and services (45–50%)

Describe collaboration solutions of Microsoft 365

Microsoft Teams is a comprehensive collaboration platform that integrates seamlessly with other Microsoft 365 services to provide a central hub for teamwork. It offers a range of features designed to enhance productivity and facilitate efficient communication within organizations. Here are the key collaboration benefits and capabilities of Microsoft Teams and Teams Phone:

Microsoft Teams Collaboration Benefits and Capabilities

Additional Resources

For more information on the collaboration benefits and capabilities of Microsoft Teams and Teams Phone, you can visit the following URLs:

Please note that the URLs provided are for additional information and are not part of the exam content. They are included to supplement the study guide with further resources.

Describe Microsoft 365 apps and services (45–50%)

Describe collaboration solutions of Microsoft 365

Describe the Microsoft Viva Apps

Microsoft Viva is an employee experience platform that brings together communications, knowledge, learning, resources, and insights. It is designed to help employees learn, grow, and thrive, with new experiences that integrate with the productivity and collaboration capabilities in Microsoft 365 and Microsoft Teams.

Viva Topics: Viva Topics uses AI to automatically organize company-wide content and expertise into relevant categories like projects, products, processes, and customers. It allows employees to access a knowledge network that connects people to information and experts across the company with ease.

Viva Connections: Viva Connections provides a personalized gateway to your digital workplace where employees can access internal communications and company resources, like policies and benefits, directly from Microsoft Teams.

Viva Learning: Viva Learning aggregates learning resources in one place. It brings together content from LinkedIn Learning, Microsoft Learn, third-party providers, and an organization’s own custom content, making it easier for employees to discover and share learning within the flow of their work.

Viva Insights: Viva Insights offers data-driven, privacy-protected insights and recommendations to improve productivity and wellbeing. It provides personal insights for individuals, managers, and leaders to help everyone in the organization thrive.

Viva Engage: Viva Engage fosters a culture of inclusion, building community, and enabling people to express themselves in the digital workplace. It supports private messages and public community conversations, and it must be in native mode to support checking of messages and attachments https://learn.microsoft.com/en-us/purview/named-entities-learn .

For more detailed information on Microsoft Viva apps, you can visit the following URLs: - Viva Topics Overview - Viva Connections Overview - Viva Learning Overview - Viva Insights Overview - Viva Engage Overview

Please note that the URLs provided are for additional information and are not part of the exam content.

Describe Microsoft 365 apps and services (45–50%)

Describe collaboration solutions of Microsoft 365

Microsoft Teams can be extended using collaborative apps to enhance productivity and collaboration within the team environment. Collaborative apps in Teams can be integrated in various ways:

  1. Tabs: Custom tabs can be created within a channel or chat to provide content and services tailored to the team’s needs. These tabs can host internal tools, dashboards, or even third-party services.

  2. Bots: Bots can be added to Teams to interact with users, automate tasks, provide updates, and assist with data retrieval. They can be part of a conversation or work in the background.

  3. Messaging Extensions: These allow users to interact with apps directly from the message compose box. They can share rich content or complete specific tasks without switching context.

  4. Webhooks and Connectors: Teams supports incoming webhooks as a way to get content from external services delivered into a channel. Connectors are a set of predefined webhooks that provide updates from popular services such as Trello, GitHub, and Azure DevOps.

  5. Activity Policies with Microsoft Defender for Cloud Apps: By integrating Microsoft Defender for Cloud Apps, you can set activity policies to monitor and enforce automated processes. This can be used to monitor activities within Teams and ensure compliance with organizational policies https://learn.microsoft.com/en-us/purview/audit-teams-audit-log-events .

For more information on extending Microsoft Teams with collaborative apps, you can refer to the following URLs:

By leveraging these extensions, teams can create a more integrated and efficient workflow, customizing their Teams environment to fit their unique needs and processes.

Describe Microsoft 365 apps and services (45–50%)

Describe endpoint modernization, management concepts, and deployment options in Microsoft 365

Endpoint Management Capabilities of Microsoft 365

Microsoft 365 offers a comprehensive set of endpoint management tools that enable organizations to manage and secure devices across various platforms. The key components of Microsoft 365’s endpoint management capabilities include Microsoft Endpoint Manager (MEM), Intune, AutoPilot, and Configuration Manager with cloud attach.

Microsoft Endpoint Manager (MEM)

Microsoft Endpoint Manager is an integrated solution for managing all of your devices. MEM combines services such as Intune and Configuration Manager into a single platform, providing a unified endpoint security management system for protecting corporate resources. MEM allows IT administrators to manage policies, deploy software, and ensure that devices are compliant with company security requirements.

  • Intune: Intune is a cloud-based service in the MEM suite that focuses on mobile device management (MDM) and mobile application management (MAM). It allows you to control how your organization’s devices are used, including mobile phones, tablets, and laptops. Intune also enables you to deploy apps, configure security policies, and perform remote actions like password reset or data wipe on lost devices.

    For more information on Intune, visit: Intune-based deployment for Microsoft Defender for Endpoint on Mac https://learn.microsoft.com/en-us/purview/device-onboarding-offboarding-macos-intune-mde .

  • AutoPilot: Windows AutoPilot simplifies the way devices get deployed, reset, and repurposed, with an experience that is zero-touch for IT. AutoPilot enables the provisioning of new devices with a cloud-driven process that transforms a new device into a business-ready and cloud-managed state without IT having to touch the device.

  • Configuration Manager with Cloud Attach: Configuration Manager is part of the MEM suite and provides a comprehensive solution for change and configuration management for the Microsoft platform. It enables IT to deploy applications, software updates, and operating systems, and to monitor and remediate computers for compliance settings. With cloud attach, you can benefit from cloud-powered capabilities like co-management, which allows you to simultaneously manage Windows 10 devices with both Configuration Manager and Intune.

For additional details on Microsoft Endpoint Manager, refer to the Microsoft Intune admin center https://learn.microsoft.com/en-us/purview/device-onboarding-offboarding-macos-intune .

Intune

Intune is a cloud-based enterprise mobility management (EMM) service that helps enable your workforce to be productive while keeping your corporate data protected. It integrates with Azure Active Directory (Azure AD) to control who has access, and with Azure Information Protection for data protection. It can manage iOS, Android, Windows, and macOS devices.

AutoPilot

AutoPilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. It can also be used to reset, repurpose, and recover devices. This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that’s easy and simple.

Configuration Manager with Cloud Attach

Configuration Manager provides a comprehensive management solution for computer systems. It enables patch management, deployment of applications and software updates, and compliance settings management. When attached to the cloud (cloud attach), it offers additional capabilities such as cloud management gateway, cloud distribution points, and co-management with Intune.

For more information on Configuration Manager, see the deployment guide for macOS https://learn.microsoft.com/en-us/purview/device-onboarding-offboarding-macos-intune .

By leveraging these tools, organizations can ensure that their endpoints are secure, managed, and consistently configured to meet the necessary standards and policies. These capabilities are essential for maintaining control over devices that access corporate data and resources, especially in a modern workplace where remote work and device mobility are common.

Describe Microsoft 365 apps and services (45–50%)

Describe endpoint modernization, management concepts, and deployment options in Microsoft 365

Windows 365 vs. Azure Virtual Desktop

When comparing Windows 365 and Azure Virtual Desktop (AVD), it’s important to understand that both are Microsoft services that provide virtual desktop experiences, but they cater to different use cases and offer distinct features.

Windows 365 is a cloud service that provides a complete Windows experience, personalized and streamed to any device. With Windows 365, users get their own persistent cloud PC that maintains its state across sessions. Here are some key aspects of Windows 365:

Azure Virtual Desktop, on the other hand, is a comprehensive desktop and app virtualization service running in the cloud. It’s highly customizable and is ideal for organizations with virtualization experience. Key features include:

Both services support various Windows versions and are available in commercial clouds and government clouds. They also have specific requirements for roles and permissions for setup and management https://learn.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint .

For more detailed information on Windows 365 and Azure Virtual Desktop, you can refer to the following URLs: - Windows 365: [https://learn.microsoft.com/en-us/azure/virtual-desktop/windows-10-multisession-faq] https://learn.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint - Azure Virtual Desktop: [https://learn.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop] https://learn.microsoft.com/en-us/azure/firewall/fqdn-tags - Network requirements for Windows 365: [https://learn.microsoft.com/en-us/windows-365/enterprise/requirements-network] https://learn.microsoft.com/en-us/azure/firewall/fqdn-tags - Network endpoints for Azure Virtual Desktop: [https://learn.microsoft.com/en-us/azure/sentinel/connect-windows-security-events] https://learn.microsoft.com/en-us/azure/sentinel/connect-azure-virtual-desktop

In summary, Windows 365 is best for organizations looking for an easy-to-manage cloud PC for each user, while Azure Virtual Desktop offers more customization and flexibility for complex virtualization needs.

Describe Microsoft 365 apps and services (45–50%)

Describe endpoint modernization, management concepts, and deployment options in Microsoft 365

Windows-as-a-Service (WaaS) Deployment and Release Models

Windows-as-a-Service (WaaS) is a model that Microsoft has adopted to deliver Windows 10 updates. This approach ensures that users always have access to the latest features, security updates, and performance improvements. The WaaS model includes several deployment and release models, as well as the concept of deployment rings. Below is a detailed explanation of these components:

Deployment Models

WaaS offers two primary deployment models:

  1. Windows Update: This is the standard method for consumers and some businesses. It allows Windows 10 devices to receive updates directly from the Windows Update service. By default, the Windows Update client is configured to download updates from Windows Update https://learn.microsoft.com/en-us/azure/automation/update-management/configure-wuagent .

  2. Windows Server Update Services (WSUS): WSUS enables IT administrators to deploy the latest Microsoft product updates within their organizations. Administrators can specify sources for scanning and downloading updates, and if updates are not approved in WSUS, update deployment fails https://learn.microsoft.com/en-us/azure/automation/update-management/configure-wuagent .

Release Models

WaaS has a predictable release schedule with two types of updates:

  1. Feature Updates: These updates include new functionality and are typically released twice a year. They are equivalent to what used to be called “upgrades.”

  2. Quality Updates: Also known as “cumulative updates,” these include security and reliability fixes and are released monthly.

Deployment Rings

Deployment rings in WaaS are essentially groups of devices used to initially pilot, and then to broadly deploy, each feature update in an organization. They are defined as follows:

  • Insider Preview Ring: This ring is for early adopters and IT staff who want to test the features and functionality of the next release of Windows 10.

  • Fast Ring: Devices in this ring receive updates after they have been validated by Microsoft and are considered suitable for users who are comfortable with using pre-release software.

  • Slow Ring: Updates for this ring are rolled out after additional validation and are suitable for broader testing within an organization.

  • Release Preview Ring: This is the final testing phase before an update is made available to the general public. It is intended for final validation and to ensure compatibility with existing systems.

  • Broad Deployment Ring: After an update has been thoroughly tested in the previous rings, it is then rolled out to the broad deployment ring, which includes the majority of devices in an organization.

Additional Resources

For more information on deployment models, you can refer to the following URLs:

For more information on the Log Analytics agent and its upgrade methods, which can be relevant to managing WaaS deployments, please visit:

Understanding these deployment and release models, as well as the concept of deployment rings, is crucial for managing and maintaining Windows 10 devices within an organization. It allows for a structured and phased approach to rolling out updates, ensuring stability and minimizing disruption.

Describe Microsoft 365 apps and services (45–50%)

Describe endpoint modernization, management concepts, and deployment options in Microsoft 365

Deployment and Update Channels for Microsoft 365 Apps

When preparing for the deployment of Microsoft 365 Apps, it is important to understand the different update channels available, as they determine how frequently your apps will receive feature updates and security patches. Here’s a detailed explanation of the deployment and update channels for Microsoft 365 Apps:

  1. Current Channel: This channel provides users with the newest features of Office as soon as they are available. It is suitable for organizations that want to provide their users with the latest Office features as soon as they are ready https://learn.microsoft.com/en-us/purview/sensitivity-labels-versions .

  2. Monthly Enterprise Channel: This channel offers a stable set of features that have been released previously in the Current Channel. It is updated with new features once a month and is designed for organizations that want to minimize the frequency of feature changes for their users https://learn.microsoft.com/en-us/purview/sensitivity-labels-versions .

  3. Semi-Annual Enterprise Channel: Targeted for organizations that prefer to update their Office apps only a few times a year, this channel receives updates with new features twice a year, in January and July. It provides the most stable and thoroughly tested features suitable for broad deployment https://learn.microsoft.com/en-us/purview/sensitivity-labels-versions .

The minimum version numbers for these channels can differ, and new versions of Office apps are made available at different times for each channel. It is recommended to compare the minimum versions in the tables with the versions you have, omitting leading zeros for easier comparison https://learn.microsoft.com/en-us/purview/sensitivity-labels-versions .

For additional information on the update channels for Microsoft 365 Apps, you can refer to the following resources:

It is also worth noting that new capabilities that are in private preview are not included in the tables, but organizations might be able to join these previews by nominating themselves for the Microsoft Information Protection private preview program https://learn.microsoft.com/en-us/purview/sensitivity-labels-versions .

By understanding these deployment and update channels, organizations can better plan their Office apps deployment strategy to align with their operational requirements and risk tolerance for feature updates.

Describe Microsoft 365 apps and services (45–50%)

Describe analytics capabilities of Microsoft 365

Describe the Capabilities of Viva Insights

Microsoft Viva Insights is a part of the broader Microsoft Viva suite, designed to provide insights and analytics to help individuals and organizations optimize productivity and wellbeing. Below are the key capabilities of Viva Insights:

  1. Insights for Individuals and Teams:
    • Viva Insights offers personal insights to help individuals understand their work patterns and improve productivity and wellbeing. These insights are private and secure, providing personalized recommendations such as taking regular breaks and setting aside focus time.
  2. Insights for Managers and Leaders:
    • For managers and leaders, Viva Insights provides visibility into work trends that can affect employee wellbeing and productivity. It helps leaders make informed decisions based on data-driven insights about collaboration patterns and work habits within their teams.
  3. Advanced Analytics for Analysts:
  4. Privacy and Compliance:
    • Viva Insights is built with privacy by design. Administrators can configure privacy settings to ensure compliance with organizational policies and regulations. Analysts and administrators have distinct roles with specific permissions to safeguard individual privacy https://learn.microsoft.com/en-us/purview/audit-log-activities .
  5. Organizational Data Insights:
    • Administrators have the capability to upload and verify organizational data, which can be used to enrich the insights provided by Viva Insights. This includes the ability to update data access settings and privacy settings, such as setting minimum group sizes for reporting to protect individual identities https://learn.microsoft.com/en-us/purview/audit-log-activities .
  6. Integration with Microsoft 365:
    • Viva Insights is integrated with Microsoft 365, allowing it to leverage data from various Microsoft services securely. This integration helps provide a comprehensive view of collaboration and communication within the organization.
  7. Actionable Recommendations:
  8. Compliance and Retention Policies:

For more information on Viva Insights and its capabilities, you can visit the following resources: - Introducing Microsoft Viva Insights - Admin guide for personal insights - Storyline in Viva Engage - Detect channel signals with communication compliance

These resources provide additional details on how Viva Insights can be leveraged to enhance productivity, wellbeing, and compliance within an organization.

Describe Microsoft 365 apps and services (45–50%)

Describe analytics capabilities of Microsoft 365

Microsoft 365 Admin Center Capabilities

The Microsoft 365 Admin Center is a central location for administrators to manage various aspects of the Microsoft 365 services. It provides a comprehensive set of tools that allow for the management of users, devices, policies, and more. Here are some of the key capabilities of the Microsoft 365 Admin Center:

For more information on the Microsoft 365 Admin Center, you can visit the official documentation: Microsoft 365 Admin Center Overview.

Microsoft 365 User Portal Capabilities

The Microsoft 365 User Portal, often accessed through various user apps and services, is designed for end-users to manage their own settings and information. Here are some capabilities available to users:

For additional information on user capabilities within Microsoft 365, you can refer to the following resources: - Outlook Help & Learning - Teams Help & Learning - SharePoint Help & Learning

Please note that the capabilities of both the Microsoft 365 Admin Center and the User Portal may evolve over time, and it is recommended to refer to the latest documentation for the most current information.

Describe Microsoft 365 apps and services (45–50%)

Describe analytics capabilities of Microsoft 365

Reports in the Microsoft 365 Admin Center and Other Admin Centers

Microsoft 365 Admin Center Reports

The Microsoft 365 Admin Center provides a variety of reports that give insights into the usage of Microsoft 365 services within an organization. These reports can help administrators track user activity, understand service adoption, and monitor security incidents.

  • Usage Reports: These reports provide data on how users in your organization are utilizing Microsoft 365 services, such as Exchange, SharePoint, and Teams. They can help identify trends and areas for improvement in user engagement.
  • Security Reports: Security reports in the Microsoft 365 Admin Center can help you monitor for potential security issues, such as sign-in attempts and user account changes.
  • Compliance Reports: Compliance reports are available to help ensure that your organization is meeting data governance and regulatory requirements.

For more detailed information on the reports available in the Microsoft 365 Admin Center, you can visit the following URL: Microsoft 365 Reports in the admin center.

Microsoft Entra Admin Center Reports

The Microsoft Entra Admin Center, previously known as the Azure Active Directory Admin Center, offers reports related to identity and access management.

Additional information on managing your Microsoft Entra directory can be found here: Manage your Microsoft Entra directory https://learn.microsoft.com/en-us/purview/use-your-free-azure-ad-subscription-in-office-365 .

Exchange Admin Center Reports

The Exchange Admin Center (EAC) provides reports and features for messaging compliance and data lifecycle management.

  • Retention Policies and Retention Tags: These are part of the messaging records management (MRM) and are older compliance features originally configurable from the Classic EAC. It is recommended to use the newer Microsoft 365 features for data lifecycle management instead of these older features https://learn.microsoft.com/en-us/purview/named-entities-learn .

For more information on using retention policies and retention labels, please refer to: Use retention policies and retention labels instead of older features https://learn.microsoft.com/en-us/purview/named-entities-learn .

Teams Admin Center Reports

The Teams Admin Center allows administrators to manage and report on various aspects of Microsoft Teams.

For more information on managing Teams messaging policies, visit: Manage messaging policies in Teams https://learn.microsoft.com/en-us/purview/communication-compliance-teams .

Customer Lockbox Requests

Customer Lockbox ensures that Microsoft cannot access your content to perform a service operation without your explicit approval.

For more details on Customer Lockbox, you can access the latest SOC 1 SSAE 16 audit report here: Microsoft Service Trust Portal https://learn.microsoft.com/en-us/purview/customer-lockbox-requests .

Communication Compliance Admin Center

The Communication Compliance Admin Center is designed for compliance admins, information protection admins, and investigators to manage communication compliance policies.

For more information on communication compliance policies, see: Communication compliance policies https://learn.microsoft.com/en-us/purview/communication-compliance-teams .

By utilizing these reports and admin centers, administrators can effectively manage and monitor their Microsoft 365 environments, ensuring compliance, security, and efficient operation.

Describe security, compliance, privacy, and trust in Microsoft 365 (25–30%)

Describe identity and access management solutions of Microsoft 365

Identity and Access Management Capabilities of Microsoft Entra ID

Microsoft Entra ID is a comprehensive identity and access management solution that provides secure management of access to Azure services and resources. Below are the key capabilities of Microsoft Entra ID:

  1. User and Group Management: Microsoft Entra ID allows the creation and management of users and groups. This includes setting permissions to grant or deny access to enterprise resources https://learn.microsoft.com/entra/architecture/architecture .

  2. Authentication: It supports self-service password reset, Multi-Factor Authentication (MFA), custom banned password lists, and smart lockout features to enhance security https://learn.microsoft.com/entra/fundamentals/whatis .

  3. Application Management: Administrators can manage both cloud and on-premises applications with features like Application Proxy, single sign-on, and integration with Software as a Service (SaaS) apps https://learn.microsoft.com/entra/fundamentals/whatis .

  4. Conditional Access: Conditional Access policies enable the management of access to cloud applications, ensuring secure and compliant access based on user, location, device, and application https://learn.microsoft.com/entra/fundamentals/whatis .

  5. Device Management: Microsoft Entra ID provides tools to manage how devices, whether cloud-based or on-premises, access corporate data https://learn.microsoft.com/entra/fundamentals/whatis .

  6. Hybrid Identity: With Microsoft Entra Connect and Connect Health, a single user identity is used for authentication and authorization to all resources, regardless of their location https://learn.microsoft.com/entra/fundamentals/whatis .

  7. Identity Protection: This feature helps detect potential vulnerabilities affecting an organization’s identities and configure automated responses to suspicious actions https://learn.microsoft.com/entra/fundamentals/whatis .

  8. Privileged Identity Management (PIM): PIM allows organizations to manage, control, and monitor access within their organization, providing just-in-time access when needed https://learn.microsoft.com/entra/fundamentals/whatis .

  9. Identity Governance: This includes managing access controls for employees, business partners, vendors, and apps, as well as performing access reviews https://learn.microsoft.com/entra/fundamentals/whatis .

  10. Managed Identities for Azure Resources: This feature provides Azure services with an automatically managed identity in Microsoft Entra ID for authenticating services like Azure Key Vault https://learn.microsoft.com/entra/fundamentals/whatis .

  11. Monitoring and Health: Insights into security and usage patterns in the environment are available to help maintain the health of the identity system https://learn.microsoft.com/entra/fundamentals/whatis .

  12. Workload Identities: Microsoft Entra ID allows software workloads such as applications, services, scripts, or containers to have an identity to authenticate and access other services and resources https://learn.microsoft.com/entra/fundamentals/whatis .

For additional information on these capabilities, the following resources can be consulted:

These resources provide a deeper dive into the features and functionalities of Microsoft Entra ID, helping users to understand how to effectively manage identities and access within their organizations.

Describe security, compliance, privacy, and trust in Microsoft 365 (25–30%)

Describe identity and access management solutions of Microsoft 365

Cloud Identity, On-Premises Identity, and Hybrid Identity Concepts

Cloud Identity

Cloud identity refers to identity management that is hosted in the cloud. In this model, user accounts, group memberships, and other identity-related attributes are created and managed directly within a cloud service. Microsoft Entra ID, formerly known as Azure Active Directory (Azure AD), is an example of a cloud identity provider. It offers Identity as a Service (IDaaS) for applications across cloud and on-premises environments, supporting modern authentication methods that are not natively available in traditional on-premises Active Directory (AD) https://learn.microsoft.com/en-us/training/modules/describe-identity-principles-concepts/5-describe-concept-of-directory-services-active-directory .

For more information on cloud identity and Microsoft Entra ID, you can visit the following URL: Microsoft Entra ID Overview https://learn.microsoft.com/en-us/training/modules/describe-identity-principles-concepts/5-describe-concept-of-directory-services-active-directory .

On-Premises Identity

On-premises identity systems are based on directory services that are hosted within an organization’s own data center. Active Directory Domain Services (AD DS) is a widely used on-premises directory service developed by Microsoft. It stores information about domain members, including devices and users, verifies their credentials, and defines their access rights. A server running AD DS is known as a domain controller (DC). AD DS is essential for organizations with on-premises IT infrastructure, allowing them to manage multiple infrastructure components and systems using a single identity per user https://learn.microsoft.com/en-us/training/modules/describe-identity-principles-concepts/5-describe-concept-of-directory-services-active-directory .

For additional details on on-premises identity and AD DS, refer to the following URL: Active Directory Domain Services Overview https://learn.microsoft.com/en-us/training/modules/describe-identity-principles-concepts/5-describe-concept-of-directory-services-active-directory .

Hybrid Identity

Hybrid identity combines both on-premises and cloud-based identity solutions, allowing organizations to manage identities across both environments. This is particularly useful for organizations that run a mix of on-premises and cloud applications. Hybrid identity can be achieved by synchronizing identity information from an on-premises AD DS environment to a cloud-based Microsoft Entra tenant using tools like Microsoft Entra Connect. This synchronization enables legacy applications that have been migrated to Azure to use traditional LDAP connections for identity information, while also leveraging cloud-based features such as domain join, LDAP read, LDAP bind, NTLM and Kerberos authentication, and Group Policy https://learn.microsoft.com/en-us/entra/identity/domain-services/scenarios .

For a deeper understanding of hybrid identity and synchronization with Microsoft Entra Connect, the following URL provides more information: Hybrid Identity with Microsoft Entra Domain Services https://learn.microsoft.com/en-us/entra/identity/domain-services/scenarios .

In summary, cloud identity is managed entirely in the cloud, on-premises identity is managed within an organization’s own infrastructure, and hybrid identity is a blend of both, allowing for a cohesive identity management strategy across diverse IT environments. Each approach has its own set of features and considerations, and the choice of identity solution depends on the specific needs and existing infrastructure of an organization.

Describe security, compliance, privacy, and trust in Microsoft 365 (25–30%)

Describe identity and access management solutions of Microsoft 365

Microsoft’s Security Methods for Identity, Access, and Data Protection

Microsoft employs a multi-layered approach to secure identities, access, and data, leveraging technologies such as Multi-Factor Authentication (MFA), Self-Service Password Reset (SSPR), and Conditional Access. These methods are integral to maintaining a robust security posture and mitigating potential security risks.

Multi-Factor Authentication (MFA)

MFA is a critical component of Microsoft’s security strategy. It requires users to provide two or more verification factors to gain access to resources, such as applications, online accounts, or VPNs. The goal is to create a layered defense that makes it more difficult for an unauthorized person to access a target such as a physical location, computing device, network, or database. If one factor is compromised or broken, the attacker still has at least one more barrier to breach before successfully breaking into the target https://learn.microsoft.com/en-us/purview/protect-access-to-data-and-services .

Microsoft supports various MFA methods, including:

For more information on MFA, visit Microsoft’s MFA documentation.

Self-Service Password Reset (SSPR)

SSPR is a feature that allows users to reset their passwords without administrative intervention, reducing the workload on IT departments and minimizing downtime for users who may have forgotten their passwords. Microsoft’s implementation of SSPR includes robust security measures to ensure that the password reset process is secure and that only the rightful account owner can perform the reset https://learn.microsoft.com/en-us/azure/sentinel/data-connectors/azure-active-directory .

For additional details on SSPR, refer to Microsoft’s SSPR documentation.

Conditional Access

Conditional Access is a tool within Microsoft Entra that helps organizations enforce access control policies to their environments. It evaluates signals from a user’s access request, such as user identity, device health, location, and network conditions, against configured policies. Based on these evaluations, Conditional Access can dynamically grant or deny access, or require additional verification such as MFA https://learn.microsoft.com/microsoft-365/solutions/financial-services-secure-collaboration .

Key capabilities of Conditional Access include:

For a deeper understanding of Conditional Access, explore Microsoft Entra Conditional Access.

By integrating these security methods, Microsoft provides a comprehensive framework to protect against unauthorized access and ensure that sensitive data remains secure. These technologies are part of a broader suite of security features that work together to create a secure and resilient environment for users and organizations.

Describe security, compliance, privacy, and trust in Microsoft 365 (25–30%)

Describe threat protection solutions of Microsoft 365

Microsoft 365 Defender Suite Overview

Microsoft 365 Defender is an integrated suite of security solutions designed to protect across identities, endpoints, applications, and email. The suite includes the following components:

Defender for Endpoint

Microsoft Defender for Endpoint is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. It offers:

  • Threat & vulnerability management to discover, prioritize, and remediate vulnerabilities and misconfigurations.
  • Attack surface reduction to minimize the areas where your organization is vulnerable to cyber threats.
  • Endpoint detection and response (EDR) capabilities to detect, investigate, and respond to advanced threats on your network.
  • Automated investigation and remediation to reduce the volume of alerts in minutes at scale.
  • For more information, visit the Defender for Endpoint documentation.

Defender for Office 365

Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools. It includes:

  • Threat protection policies to set up anti-phishing and anti-spam policies.
  • Reports to monitor Defender for Office 365 performance.
  • Threat investigation and response capabilities.
  • Automated investigation and response features.
  • For additional details, refer to the Defender for Office 365 documentation.

Defender for Identity

Defender for Identity is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions. Key features include:

  • Monitoring users, entity behavior, and activities with learning-based analytics.
  • Protecting user identities and credentials stored in Active Directory.
  • Identifying and investigating suspicious user activities and advanced attacks across the cyber kill chain.
  • More information can be found on the Defender for Identity page.

Defender for Cloud Apps

Defender for Cloud Apps is a Cloud Access Security Broker (CASB) that supports various deployment modes including log collection, API connectors, and reverse proxy. It provides:

  • Visibility into your cloud apps and services.
  • Sophisticated analytics to identify and combat cyberthreats.
  • Control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your Microsoft and third-party cloud services.
  • For a comprehensive guide, visit the Defender for Cloud Apps documentation.

Microsoft 365 Defender Portal

The Microsoft 365 Defender portal is the central place to view and manage security across your Microsoft identities, data, devices, apps, and infrastructure. Here you can:

  • Investigate and remediate malicious or suspicious activities.
  • Utilize integrated and automated security solutions to streamline the security experience.
  • Access the Microsoft 365 Defender portal at https://security.microsoft.com.

Each component of the Microsoft 365 Defender suite is designed to provide a comprehensive security solution for the modern workplace, integrating seamlessly to protect against a wide range of threats.

Describe security, compliance, privacy, and trust in Microsoft 365 (25–30%)

Describe threat protection solutions of Microsoft 365

Microsoft Secure Score Benefits and Capabilities

Microsoft Secure Score is a measurement of an organization’s security posture, with a higher number indicating more improvement actions taken. Below are the key benefits and capabilities of Microsoft Secure Score:

  1. Security Posture Assessment: Secure Score helps organizations assess and understand their security posture by reviewing security recommendations and prioritizing them. This enables organizations to identify the most critical security vulnerabilities that should be addressed first https://learn.microsoft.com/en-us/azure/defender-for-cloud/release-notes-archive .

  2. Unified View Across Environments: Microsoft Defender for Cloud’s cloud security posture management capabilities now support environments such as Azure, AWS, and GCP. This allows enterprises to view their overall security posture across different cloud environments within their Secure Score, providing a comprehensive and unified security assessment https://learn.microsoft.com/en-us/azure/defender-for-cloud/release-notes-archive .

  3. Security Posture Dashboard: The Security posture dashboard replaces the Secure Score page, offering a combined score for all environments or a breakdown based on selected combinations of environments. This dashboard enhances visibility and understanding of an organization’s security stance https://learn.microsoft.com/en-us/azure/defender-for-cloud/release-notes-archive .

  4. Recommendations and Quick Fixes: The redesigned Recommendations page provides advanced filters and a user-friendly interface. It also includes a new capability for bulk remediation of recommendations with a single click, simplifying the process of improving the Secure Score by addressing security misconfigurations efficiently https://learn.microsoft.com/en-us/azure/defender-for-cloud/release-notes-archive .

  5. API Access: Organizations can access their Secure Score through the Secure Score API, which provides flexibility to query data and build custom reporting mechanisms. The API can be used to get scores for specific subscriptions and list security controls and their current scores https://learn.microsoft.com/en-us/azure/defender-for-cloud/secure-score-access-and-track .

  6. Mobile and Web Access: The Defender for Cloud Overview dashboard displays the Secure Score as a percentage value, including underlying values. The Azure mobile app also shows the Secure Score, allowing users to tap and see details that explain the score https://learn.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls .

For additional information on Microsoft Secure Score, you can refer to the following resources: - Security posture - Security recommendations - Reference guide to security recommendations - Secure Scores API - Secure Score Controls API - GitHub community for secure score tools

By leveraging these capabilities, organizations can not only monitor and improve their security posture but also demonstrate compliance with security standards and reduce the risk of security breaches.

Describe security, compliance, privacy, and trust in Microsoft 365 (25–30%)

Describe threat protection solutions of Microsoft 365

Microsoft 365 Threat Protection Overview

Microsoft 365 provides a comprehensive suite of security features designed to address the most common types of threats against endpoints, applications, and identities. Here’s a detailed explanation of how Microsoft 365 tackles these threats:

Endpoints Protection

Applications Security

Identity Security

Cross-Service Protection

For additional information on how Microsoft 365 addresses security threats, you can refer to the following resources:

This comprehensive approach ensures that Microsoft 365 users are protected against a wide array of threats, leveraging advanced analytics, machine learning, and integrated security measures to keep data and identities secure.

Describe security, compliance, privacy, and trust in Microsoft 365 (25–30%)

Describe trust, privacy, risk, and compliance solutions of Microsoft 365

Describe the Zero Trust Model

The Zero Trust Model is a security framework that operates on the principle of “never trust, always verify.” It is designed to protect modern digital environments by enforcing robust access controls and not assuming that actors, systems, or services operating from within the security perimeter are to be trusted. Instead, the Zero Trust Model requires verification at every step.

Key Principles of Zero Trust

  1. Verify Explicitly: Every access request should be authenticated, authorized, and continuously validated for security configuration and posture before granting access.

  2. Use Least Privilege Access: Permissions should be limited to the minimum necessary to perform a task. This includes Just-In-Time (JIT) and Just-Enough-Access (JEA), along with risk-based adaptive policies and data protection to reduce the risk of excessive permissions.

  3. Assume Breach: The model operates under the assumption that a breach has occurred or can occur, and thus minimizes the impact by segmenting access and applying end-to-end encryption. It also uses analytics to detect threats and improve defenses https://learn.microsoft.com/en-us/azure/defender-for-cloud/zero-trust .

Zero Trust Pillars

The Zero Trust Model is built upon six foundational pillars that work together to enforce organization security policies:

  1. Identities: Verifying who is requesting access to ensure they are who they claim to be.

  2. Devices: Ensuring that devices meet the organization’s security standards before granting access.

  3. Applications: Controlling access to applications and validating their security posture.

  4. Data: Protecting data both at rest and in transit with encryption and other security measures.

  5. Infrastructure: Securing the underlying physical and virtual infrastructure that supports IT services.

  6. Network: Limiting access to the network and monitoring for unusual activity https://learn.microsoft.com/en-us/training/modules/describe-security-concepts-methodologies/8-summary-resources https://learn.microsoft.com/en-us/purview/compliance-manager-whats-new .

Implementing Zero Trust with Microsoft Technologies

Microsoft provides guidance and solutions to help organizations implement a Zero Trust strategy:

For additional information and guidance on implementing the Zero Trust Model, the following resources are available:

By adhering to the Zero Trust Model, organizations can significantly enhance their security posture and better protect against the evolving landscape of cyber threats.

Describe security, compliance, privacy, and trust in Microsoft 365 (25–30%)

Describe trust, privacy, risk, and compliance solutions of Microsoft 365

Microsoft Purview Compliance Solutions

Microsoft Purview offers a suite of compliance solutions designed to help organizations manage and mitigate risks, ensure compliance with legal and regulatory standards, and respond to litigation and investigations. The key components of Microsoft Purview compliance solutions include Insider Risk Management, Auditing, and eDiscovery.

Insider Risk Management

Insider Risk Management in Microsoft Purview is a solution for identifying and managing potential risks within an organization, such as data theft, leaks, or other malicious insider actions. To configure Insider Risk Management, organizations should:

  1. Understand the fundamentals of Insider Risk Management https://learn.microsoft.com/en-us/purview/named-entities-learn .
  2. Plan for Insider Risk Management and verify licensing requirements https://learn.microsoft.com/en-us/purview/named-entities-learn .
  3. Set up Insider Risk Management settings to tailor the solution to the organization’s needs https://learn.microsoft.com/en-us/purview/named-entities-learn .
  4. Configure permissions and policy prerequisites & connectors to ensure proper governance https://learn.microsoft.com/en-us/purview/named-entities-learn .
  5. Create and configure Insider Risk Management policies to detect risky activities https://learn.microsoft.com/en-us/purview/named-entities-learn .

For more information on Insider Risk Management, refer to the following resources: - Insider Risk Management Overview https://learn.microsoft.com/en-us/purview/named-entities-learn - Insider Risk Management Policies https://learn.microsoft.com/en-us/purview/insider-risk-management-plan - Investigate Insider Risk Activities https://learn.microsoft.com/en-us/purview/insider-risk-management-plan - Take Action on Insider Risk Cases https://learn.microsoft.com/en-us/purview/insider-risk-management-plan

Auditing

Auditing in Microsoft Purview allows organizations to track and investigate activities across various services in Microsoft 365. Audit events are enabled by default, and organizations can view these events to monitor user actions and ensure compliance https://learn.microsoft.com/en-us/azure/information-protection/reports-aip . Audit (Premium) provides additional capabilities, such as increased access to auditing logs through the Office 365 Management Activity API https://learn.microsoft.com/en-us/purview/audit-solutions-overview .

For more detailed information about Auditing, including Audit (Premium) features, visit: - Auditing Solutions Overview https://learn.microsoft.com/en-us/azure/information-protection/reports-aip - Audit (Premium) in Microsoft 365 https://learn.microsoft.com/en-us/purview/audit-solutions-overview

eDiscovery

eDiscovery tools in Microsoft Purview are designed for legal teams to identify, collect, and preserve electronic information that may be relevant to litigation or investigations. Training IT administrators, eDiscovery managers, and compliance investigation teams in the basics of Content search, eDiscovery (Standard), and eDiscovery (Premium) is crucial for effective use of these tools https://learn.microsoft.com/en-us/purview/named-entities-learn .

To get started with eDiscovery, see the following resources: - Describe the eDiscovery and Audit Capabilities of Microsoft Purview https://learn.microsoft.com/en-us/purview/named-entities-learn

By leveraging these compliance solutions, organizations can better protect against internal and external threats, maintain regulatory compliance, and efficiently manage legal and investigative processes.

Describe security, compliance, privacy, and trust in Microsoft 365 (25–30%)

Describe trust, privacy, risk, and compliance solutions of Microsoft 365

Microsoft Purview Information Protection Features

Microsoft Purview Information Protection (formerly known as Azure Information Protection) is a comprehensive solution designed to help organizations discover, classify, and protect sensitive information across various locations, such as cloud services, on-premises, and in third-party SaaS applications. Below are two key features of Microsoft Purview Information Protection:

Sensitivity Labels

Sensitivity labels are a core feature of Microsoft Purview Information Protection. They enable organizations to classify and protect their data based on its sensitivity. Sensitivity labels can be applied to documents and emails to control access and enforce protection actions like encryption and content marking. Here’s how they work:

For more information on sensitivity labels, visit: - Learn about sensitivity labels - Get started with sensitivity labels - Create and configure sensitivity labels and their policies

Data Loss Prevention (DLP)

Data Loss Prevention is another critical feature of Microsoft Purview Information Protection that helps prevent the accidental sharing of sensitive information. DLP policies can identify, monitor, and protect sensitive data across Microsoft 365 apps and services:

For more information on Data Loss Prevention, visit: - Get started with the data loss prevention alerts - Data Loss Prevention in Microsoft Purview Information Protection

By implementing these features, organizations can enhance their information protection strategies and ensure that sensitive data is appropriately managed and secured.

Describe security, compliance, privacy, and trust in Microsoft 365 (25–30%)

Describe trust, privacy, risk, and compliance solutions of Microsoft 365

Microsoft’s Support for Data Residency and Regulatory Compliance

Microsoft provides robust support for data residency to ensure regulatory compliance, which is a critical consideration for organizations operating in various jurisdictions with different data protection regulations.

Data Residency in Microsoft Services: - Microsoft Purview processes data and stores metadata information without storing customer data. The processing of data occurs within the data region, and customer metadata remains within the region where Microsoft Purview is deployed. This adherence to data residency helps meet the requirements of regions with strict data sovereignty laws https://learn.microsoft.com/en-us/purview/governance-solutions-overview .

Compliance with Data Residency Regulations: - Data residency regulations dictate the permissible locations for data storage and set rules for data transfer, processing, and access across international borders. These regulations vary by jurisdiction and are essential for compliance https://learn.microsoft.com/en-us/training/modules/describe-security-concepts-methodologies/6-describe-compliance-concepts .

Microsoft Sentinel and Data Sovereignty: - In Microsoft Sentinel, data is primarily stored and processed within the same geography or region. However, there are exceptions, such as when leveraging Microsoft’s Machine Learning for detection rules, which may involve data being copied outside the workspace geography for processing. Microsoft Sentinel’s architecture is designed to validate and prove data access under all conditions, a key requirement for data sovereignty in many countries https://learn.microsoft.com/en-us/azure/sentinel/best-practices-workspace-architecture .

Data Residency and Business Solutions: - When designing business solutions, data residency is a key factor due to compliance requirements, such as the European Union’s General Data Protection Regulation (GDPR), which mandates that data collected on EU citizens be stored within the EU https://learn.microsoft.com/en-us/azure/defender-for-cloud/plan-multicloud-security-determine-data-residency-requirements .

Considerations for Multicloud Security: - For multicloud resources, the location of the connector resource hosted in an Azure resource group should be chosen based on data residency requirements. For example, data retrieved from AWS/GCP is stored in GDPR-EU or US regions, depending on where the data is stored in the originating cloud https://learn.microsoft.com/en-us/azure/defender-for-cloud/plan-multicloud-security-determine-data-residency-requirements .

Additional Resources: - For further information on data residency and compliance, the following URLs can be referenced: - Geographical availability and data residency in Microsoft Sentinel https://learn.microsoft.com/en-us/azure/sentinel/best-practices-workspace-architecture . - Data residency in Azure https://learn.microsoft.com/en-us/azure/sentinel/best-practices-workspace-architecture . - Storing and processing EU data in the EU - EU policy blog https://learn.microsoft.com/en-us/azure/sentinel/best-practices-workspace-architecture . - Determining compliance requirements for multicloud security https://learn.microsoft.com/en-us/azure/defender-for-cloud/plan-multicloud-security-determine-data-residency-requirements .

By ensuring that data is stored and processed in compliance with local regulations, Microsoft helps organizations meet their legal obligations and maintain the trust of their customers and stakeholders.

Describe security, compliance, privacy, and trust in Microsoft 365 (25–30%)

Describe trust, privacy, risk, and compliance solutions of Microsoft 365

Microsoft Priva: Capabilities and Benefits

Microsoft Priva offers a suite of tools designed to enhance privacy management within an organization. Here’s a detailed explanation of its capabilities and benefits:

Capabilities of Microsoft Priva

  1. Privacy Risk Management:
  2. Subject Rights Requests:
  3. Integration with Compliance Solutions:
  4. Automated Testing and Monitoring:

Benefits of Microsoft Priva

  1. Proactive Risk Identification:
  2. Data Visibility:
  3. Employee Empowerment:
  4. Regulatory Compliance:
  5. Scalable Management of Data Requests:

For additional information on Microsoft Priva and its capabilities, you can visit the following URLs:

This information can be included in a study guide to provide a comprehensive understanding of Microsoft Priva’s capabilities and benefits.

Describe Microsoft 365 pricing, licensing, and support (10–15%)

Identify Microsoft 365 pricing and billing management options

Pricing Models for Microsoft Cloud Services

Microsoft offers various pricing models for its cloud services to accommodate different types of customers and their purchasing preferences. Here’s a detailed explanation of the primary pricing models:

Enterprise Agreements (EAs)

Enterprise Agreements are designed for larger organizations that want to license software and cloud services over a fixed period, typically three years. EAs offer the best value to organizations that commit to a consistent purchasing pattern and can predict their IT needs. Benefits include:

  • Customized pricing based on volume.
  • The ability to manage licenses under a single agreement.
  • Flexibility to add products and services as needed.

For more information on Enterprise Agreements, visit the Enterprise Agreement details page.

Cloud Solution Providers (CSPs)

The Cloud Solution Provider program allows Microsoft partners to sell Microsoft cloud services along with their own offerings and services. Partners in the CSP program can:

  • Own the billing process and directly manage sales.
  • Provide technical and billing support to their customers.
  • Utilize a self-service portal and APIs for managing Azure resources and subscriptions.

For a comprehensive overview of the Azure CSP, refer to the Azure CSP documentation https://learn.microsoft.com/en-us/entra/identity/domain-services/csp .

Direct Billing

Direct billing is suitable for businesses that prefer to purchase directly from Microsoft without intermediaries. This model allows customers to:

  • Pay for their usage with a credit card or invoice.
  • Receive a single bill for all Microsoft cloud services.
  • Access detailed billing information and management features.

For managing billing access and understanding the permissions associated with it, the billing access documentation provides further insights https://learn.microsoft.com/en-us/azure/sentinel/../role-based-access-control/built-in-roles#security .

Additional Considerations

For more detailed information on pricing and billing, it’s recommended to review the pricing pages for each service, such as Microsoft Defender for Cloud pricing https://learn.microsoft.com/en-us/azure/defender-for-cloud/faq-data-collection-agents and Azure Migrate pricing https://learn.microsoft.com/en-us/azure/azure-monitor/logs/cost-logs .

Please note that pricing and offerings are subject to change, and it’s important to consult the latest documentation or contact Microsoft directly for the most current information.

Describe Microsoft 365 pricing, licensing, and support (10–15%)

Identify Microsoft 365 pricing and billing management options

Billing and Bill Management Options

When managing billing and payments for Microsoft services, it is important to understand the various options available to organizations. Here is a detailed explanation of the billing and bill management options:

Billing Frequency

  • Monthly or Annual Billing: Organizations can choose between monthly or annual billing cycles depending on their subscription plan. This choice affects how often the organization is invoiced and may impact the overall cost, as some plans offer discounts for annual commitments.

Methods of Payment

  • Credit Card or Debit Card: These are commonly used methods of payment for most subscriptions. The card details are stored securely and charged automatically at the end of each billing cycle.

  • Invoice: Larger organizations may opt for invoicing, which allows them to receive a bill to be paid via bank transfer or check. This option often requires a credit check and is subject to approval by Microsoft.

  • Electronic Funds Transfer (EFT): Some regions support payment through EFT, where payments are directly debited from the organization’s bank account.

Bill Management

For additional information on billing and bill management options, you can refer to the following resources:

Understanding these billing and bill management options will help organizations effectively manage their Microsoft service subscriptions and ensure that they are in control of their spending and payment methods.

Describe Microsoft 365 pricing, licensing, and support (10–15%)

Identify licensing options available in Microsoft 365

Describe License Management

License management in the context of Microsoft 365 involves understanding the various subscription options available and ensuring that your organization has the appropriate licenses for the desired features and functionalities. It is crucial to align the licensing with the organization’s needs to leverage Microsoft Purview features effectively.

Understanding Licensing Requirements

To begin with, it is important to familiarize yourself with the licensing requirements for the specific features you intend to use. Microsoft provides detailed guidance on feature-level licensing requirements, which can be found in the Microsoft 365 guidance for security & compliance. This guidance outlines the different subscriptions that support features such as data lifecycle management and records management.

Subscription Options

Different subscriptions support various features, and the licensing requirements for users will depend on the features utilized. For instance, records management capabilities are supported by a number of different subscriptions. To explore the options for licensing your users to benefit from Microsoft Purview features, you can refer to the Microsoft 365 licensing guidance for security & compliance.

Assigning Licenses

Once you have confirmed that your organization has a subscription that includes the necessary functionality and features, the next step is to assign licenses from this subscription to each user who will classify, label, and protect documents and emails. It is important to ensure that licenses are assigned correctly and that you do not manually assign user licenses from the free RMS for individuals subscription for administering the Azure Rights Management service.

Verifying Office Editions

In some cases, if a label that applies protection is missing, it might be due to having an edition of Office that does not support applying Rights Management protection. To verify this, you can check the client status in the Sensitivity section of your Office application.

Additional Resources

For more detailed information on licensing requirements and guidance, you can visit the following URLs:

By carefully managing licenses, organizations can ensure compliance with Microsoft’s requirements and make the most of their Microsoft 365 investments.

https://learn.microsoft.com/en-us/purview/manage-data-governance https://learn.microsoft.com/en-us/purview/get-started-with-records-management https://learn.microsoft.com/en-us/azure/information-protection/rms-client/clientv2-classify-protect https://learn.microsoft.com/en-us/purview/get-started-with-data-lifecycle-management https://learn.microsoft.com/en-us/azure/information-protection/deployment-roadmap-classify-label-protect

Describe Microsoft 365 pricing, licensing, and support (10–15%)

Identify licensing options available in Microsoft 365

Base Licensing vs. Add-On Licensing

In the context of Microsoft 365 services, understanding the distinction between base licensing and add-on licensing is crucial for organizations to optimize their subscription plans according to their specific needs.

Base Licensing: Base licensing refers to the core subscription level that an organization purchases to access Microsoft 365 services. These are the foundational licenses that provide a set of features and capabilities. For example, Microsoft offers different tiers such as Microsoft 365 E3, E5, and A5 for educational institutions, each with its own set of features and services https://learn.microsoft.com/en-us/purview/dlp-migrate-exo-policy-to-unified-dlp https://learn.microsoft.com/en-us/purview/endpoint-dlp-getting-started .

Add-On Licensing: Add-on licensing, on the other hand, allows organizations to enhance their base subscription with additional features or capabilities that are not included in their base license. Add-ons are supplementary and can be tailored to the unique requirements of an organization. For instance, an organization with a Microsoft 365 E3 subscription might add Microsoft 365 E5 Compliance to gain advanced compliance features that are not available in the E3 offering https://learn.microsoft.com/en-us/purview/dlp-migrate-exo-policy-to-unified-dlp https://learn.microsoft.com/en-us/purview/endpoint-dlp-getting-started .

Key Differences:

  • Scope of Services: Base licenses provide a predefined bundle of services, while add-on licenses offer specific services or features that can be added to the base subscription.
  • Flexibility: Add-on licenses provide the flexibility to customize the subscription to meet particular needs without having to upgrade to a higher base license tier.
  • Cost Efficiency: Organizations can be more cost-efficient by only purchasing add-ons for the users or groups that require the additional services, rather than upgrading the entire base license.
  • Licensing Requirements: Certain functionalities, like advanced data loss prevention (DLP) or compliance capabilities, may require specific add-ons in addition to the base license to be accessible https://learn.microsoft.com/en-us/purview/dlp-migrate-exo-policy-to-unified-dlp https://learn.microsoft.com/en-us/purview/endpoint-dlp-getting-started .

For more detailed information on the specific features included in base licenses and the additional capabilities provided by add-on licenses, you can refer to the following URLs:

By understanding the differences between base and add-on licensing, organizations can make informed decisions to ensure they have the necessary tools and compliance features to meet their operational and regulatory requirements.

Describe Microsoft 365 pricing, licensing, and support (10–15%)

Identify support options for Microsoft 365 services

Creating a Support Request for Microsoft 365 Services

When you encounter an issue with Microsoft 365 services that you cannot resolve on your own, you can create a support request to get assistance from Microsoft Support. Here’s a step-by-step guide on how to create a support request:

  1. Identify the Issue: Before reaching out to Microsoft Support, try to troubleshoot the issue yourself using available resources and documentation. If the issue persists, proceed to create a support request.

  2. Access Microsoft 365 Admin Center: Sign in to the Microsoft 365 admin center using your admin account credentials. The admin center is the primary location for managing your organization’s Microsoft 365 services.

  3. Open a Support Request:

    • Navigate to the ‘Support’ section in the admin center.
    • Click on ‘New service request’ to initiate the process.
    • You will be prompted to describe your issue. Provide a detailed description to ensure Microsoft Support can understand and address the problem effectively.
  4. Provide Details:

  5. Review and Submit:

    • Review the information you have provided to ensure accuracy.
    • Submit the support request. Microsoft Support will review your request and may require access to your tenant to resolve the issue.
  6. Customer Lockbox Request (if needed):

  7. Monitor the Request:

  8. Audit and Review:

For additional information and guidance on creating support requests and managing Customer Lockbox requests, you can refer to the following resources:

By following these steps, you can effectively create a support request for Microsoft 365 services and ensure that your issue is addressed by Microsoft Support in a secure and controlled manner.

Describe Microsoft 365 pricing, licensing, and support (10–15%)

Identify support options for Microsoft 365 services

Support Options for Microsoft 365 Services

When utilizing Microsoft 365 services, users have access to a variety of support options to assist with issues related to sensitivity labels, deployment, configuration, and more. Below is a detailed explanation of the support options available:

Sensitivity Labels in Microsoft Purview Compliance Portal

For assistance with sensitivity labels in the Microsoft Purview compliance portal, users can refer to the Microsoft 365 and Office 365 platform service descriptions on the Support page.

FastTrack Center Benefit

Organizations purchasing at least 150 licenses in an eligible plan for Azure Information Protection may be eligible for the FastTrack Center Benefit. This benefit allows organizations to collaborate with Microsoft specialists to assess, remediate, and enable eligible services. More information can be found on the FastTrack Center Benefit for Enterprise Mobility + Security (EMS) page.

Azure Information Protection Support

Depending on the subscription, there are specific instructions for Azure Information Protection support:

  • Azure Information Protection (standalone):

    1. Select ‘New support request’ from Help + support in the Azure portal.
    2. On the Basics pane, choose ‘Technical’ for the Issue type and ‘Information Protection’ for the service.
    3. Ensure the appropriate option is selected based on your subscription type.
  • Azure Information Protection with a Microsoft 365 subscription or Azure Rights Management: Users should see Contact support for business products - Admin Help for information on how to contact support via the Microsoft 365 admin center.

  • Azure Information Protection with Microsoft 365 Enterprise: Utilize the Microsoft 365 support channels.

Customer Lockbox

Customer Lockbox is a feature that ensures Microsoft cannot access your content for service operations without explicit approval. It is supported for services such as Exchange Online, SharePoint Online, OneDrive for Business, and Teams. For more information on Customer Lockbox and to view an overview video, users can visit the Privileged access management page.

Licensing Guidance for Security & Compliance

For details on licensing options that support Microsoft Purview offerings, including Data Loss Prevention (DLP), users can refer to the Microsoft 365 licensing guidance for security & compliance.

Email Encryption Options

For information on email encryption options available with Microsoft 365 subscriptions, users can consult the Exchange Online service description. This includes details on Azure RMS, S/MIME, TLS, and encryption of data at rest.

Azure Information Protection for Individuals

Individuals can sign up for Azure Information Protection by visiting the Microsoft Azure Information Protection page. The process includes checking if the organization already has a subscription that includes data protection using Azure Information Protection. If not, individuals can proceed with the sign-up process and download the Azure Information Protection client.

By utilizing these support options, users can ensure they have the necessary assistance to manage their Microsoft 365 services effectively.

Describe Microsoft 365 pricing, licensing, and support (10–15%)

Identify support options for Microsoft 365 services

Service-Level Agreements (SLAs) and Service Credits

Service-Level Agreements (SLAs) are formal commitments made by Microsoft regarding the performance and reliability of their Online Services. These agreements outline the standards for uptime and connectivity that customers can expect. SLAs are crucial for businesses as they provide a measure of assurance and set expectations for service availability.

Key Components of SLAs: - Uptime Guarantees: SLAs specify the percentage of time services are expected to be available and operational. For example, the DDoS Protection service offers a 99.99% uptime SLA https://learn.microsoft.com/en-us/azure/ddos-protection/ddos-protection-partner-onboarding . - Connectivity: The agreements cover the quality of connectivity that should be maintained, ensuring users can access the services without undue interruption. - Service Credits: In the event that Microsoft does not meet the SLA commitments, customers may be eligible for service credits. These credits act as compensation and are typically applied to future service bills.

Service Credits: Service credits are a form of compensation provided to customers when the service levels guaranteed in the SLA are not met. They are not refunds but rather credits that can be used towards future service payments. The amount and conditions for service credits are detailed within the SLA documentation.

Additional Resources: - For the most recent SLA documentation, which includes Azure, Dynamics 365, Office 365, and Intune, you can download the Service Level Agreement for Microsoft Online Services https://azure.microsoft.com/support/legal/sla . - Detailed information on SLAs for various services can be found at the Service Level Agreements (SLA) for Online Services page https://learn.microsoft.com/en-us/azure/azure-monitor/../network-watcher/network-watcher-monitoring-overview . - To understand how to calculate and report SLA for web tests, the SLA workbook template in the Application Insights resource can be utilized https://learn.microsoft.com/en-us/azure/azure-monitor/app/sla-report . - Specifics on the SLA for Azure DDoS Protection are available at the SLA for Azure DDoS Protection page https://learn.microsoft.com/en-us/azure/ddos-protection/ddos-protection-partner-onboarding . - Information on service limits, quotas, and the application of SLAs to different tiers of Azure AI Search services can be found in the Service limits in Azure AI Search documentation https://learn.microsoft.com/en-us/azure/vpn-gateway/../azure-resource-manager/management/azure-subscription-service-limits .

For a comprehensive understanding of SLAs and service credits, it is recommended to review the official Microsoft documentation provided in the links above. This will ensure that you have the most up-to-date and detailed information regarding the commitments Microsoft makes to its customers.

Describe Microsoft 365 pricing, licensing, and support (10–15%)

Identify support options for Microsoft 365 services

Determine Service Health Status Using Admin Centers

When managing services within a Microsoft 365 environment, it is crucial to monitor the health status of these services to ensure they are functioning correctly and efficiently. Administrators can determine the service health status by using the Microsoft 365 admin center or the Microsoft Entra admin center. Here’s how to do it:

Using the Microsoft 365 Admin Center

  1. Access the Admin Center: Sign in to the Microsoft 365 admin center with an account that has admin permissions.
  2. Navigate to Service Health: On the left-hand navigation pane, select ‘Health’ and then ‘Service health’. This will display the current health status of all services.
  3. View Status and Details: The service health dashboard provides a list of services, their current status, and any incidents or advisories that may be affecting them.
  4. Check Incident Reports: If there are any ongoing issues, you can select the specific incident to view detailed information, including the affected features, the current status of the issue, and the steps being taken to resolve it.
  5. Review Historical Data: The service health dashboard also allows you to view the history of past incidents and their resolutions.

Using the Microsoft Entra Admin Center

  1. Sign In: Access the Microsoft Entra admin center by signing in as a Global Administrator.
  2. Select Domain Services: Search for and select ‘Microsoft Entra Domain Services’.
  3. Choose Managed Domain: Select the managed domain you wish to check, such as ‘aaddscontoso.com’.
  4. Check Health Status: On the left-hand side of the Domain Services resource window, select ‘Health’. This will show the health status of the managed domain, including the last backup and Azure AD synchronization status https://learn.microsoft.com/en-us/entra/identity/domain-services/check-health .
  5. Understand Status Indicators: The health status page will display status indicators that summarize the overall health of the managed domain. These indicators include ‘Running’, ‘Needs attention (warning)’, ‘Needs attention (critical)’, and ‘Deploying’, each with a corresponding explanation https://learn.microsoft.com/en-us/entra/identity/domain-services/check-health .

For additional information on service health status and how to monitor it, you can refer to the following URLs: - Microsoft 365 admin center: Service Health Dashboard - Microsoft Entra admin center: Check Health Status

By regularly monitoring the service health status through these admin centers, administrators can stay informed about the operational state of their services and take proactive measures to address any issues that arise.

Describe Microsoft 365 pricing, licensing, and support (10–15%)

Identify support options for Microsoft 365 services

Determine Service Health Status Using Admin Centers

When managing a Microsoft 365 environment, it is crucial for administrators to monitor the health status of services to ensure they are running optimally. The health status can be determined using two primary admin centers: the Microsoft 365 admin center and the Microsoft Entra admin center.

Microsoft 365 Admin Center

The Microsoft 365 admin center provides a comprehensive dashboard that displays the health of various services within the Microsoft 365 suite. To check the service health status:

  1. Sign in to the Microsoft 365 admin center as a Global Administrator.
  2. Navigate to the “Health” section, then select “Service health.”
  3. The Service health dashboard will display a list of services with their current status. Any incidents or advisories affecting the services will be listed here.

The dashboard provides real-time and historical data about the status of Microsoft 365 services. If there are any ongoing issues, the dashboard will provide details about the problem, the services impacted, the current status, and any remediation activities being undertaken.

Microsoft Entra Admin Center

Microsoft Entra Domain Services is a critical component for managing domain services in the cloud. To review the health status of a managed domain using the Microsoft Entra admin center:

  1. Sign in to the Microsoft Entra admin center as a Global Administrator.
  2. Search for and select “Microsoft Entra Domain Services.”
  3. Choose the managed domain you wish to check, for example, aaddscontoso.com.
  4. On the left-hand side of the Domain Services resource window, select “Health.”

The health status page will show any alerts for the managed domain, including the last backup time and synchronization status with Microsoft Entra ID. The page also displays a “Last evaluated” timestamp indicating when the managed domain was last checked, which is typically evaluated every hour https://learn.microsoft.com/en-us/entra/identity/domain-services/check-health .

The overall health status is indicated in the top right of the page, with different status indicators such as “Running,” “Needs attention (warning),” “Needs attention (critical),” and “Deploying” https://learn.microsoft.com/en-us/entra/identity/domain-services/check-health .

Email Notifications

For proactive monitoring, administrators can configure email notifications to be alerted about urgent issues impacting the service. These notifications are triggered by alerts on the managed domain and can be set up through the Microsoft Entra admin center https://learn.microsoft.com/en-us/entra/identity/domain-services/notifications https://learn.microsoft.com/en-us/entra/identity/domain-services/notifications .

Additional Resources

For more detailed information on checking the health status of Microsoft Entra Domain Services, you can refer to the following URL: Check the health of your managed domain https://learn.microsoft.com/en-us/entra/identity/domain-services/notifications .

By regularly monitoring the service health status through these admin centers, administrators can stay informed about the operational status of their services and take timely action to address any issues that arise.