MS-900 Microsoft 365 Fundamentals

🎓 Don't Forget Your Learning Badge!

Congratulations on completing your study! You can redeem your learning badge here to showcase your achievement.

Describe cloud concepts (5–10%)

Describe the different types of cloud services available

Describe Microsoft software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS) concepts and use cases

1. Software as a Service (SaaS) delivers fully managed, ready-to-use applications over the internet. Microsoft 365 is a popular SaaS solution, where users access productivity tools like Word and Excel through a web browser, and Microsoft manages everything including updates, storage, and infrastructure.
1. Infrastructure as a Service (IaaS) provides virtualized computing resources like servers, storage, and networking over the cloud. With services like Azure Virtual Machines, users can build and host custom environments, install their own applications, and control operating systems while Microsoft handles the physical hardware.
1. Platform as a Service (PaaS) offers a managed framework for building, testing, and deploying applications without managing the underlying hardware or OS. Azure SQL Database and Azure App Service are PaaS examples, allowing developers to focus on coding and data without worrying about maintenance, scaling, or security.
1. Each service type fits different needs: SaaS is best for teams wanting instant access to business software; IaaS suits companies needing flexible, customizable server setups; and PaaS helps developers create new apps quickly with built-in tools and scaling.
1. Choosing the right model improves productivity and efficiency. Beginners can start with SaaS for immediate results, while data-focused projects may leverage PaaS to quickly build data analytics solutions without deep cloud expertise.

Example: A small IT team uses Microsoft 365 (SaaS) for email and collaboration; sets up an Azure Virtual Machine (IaaS) for testing custom data applications; and uses Azure SQL Database (PaaS) to manage company data securely without worrying about backups or server maintenance.

Use Case: A business analyst new to Azure Data wants to create dashboards and reports from company data. She uses Power BI (SaaS) to visualize data, stores raw data in Azure Blob Storage (IaaS), and uses Azure Data Factory (PaaS) to automate data movement and transformation—enabling easy, scalable data analytics with minimal IT involvement.

For more information see these links:

Describe differences between Office 365 and Microsoft 365

Office 365 focuses on providing cloud-based productivity applications like Word, Excel, PowerPoint, Outlook, Teams, and SharePoint. It is primarily a subscription service for these apps and related collaboration tools.
Microsoft 365 includes everything in Office 365 but adds additional services such as Windows operating system licenses and advanced security and device management tools. This makes Microsoft 365 a more comprehensive solution for organizations.
In simple terms, Office 365 is about cloud apps, while Microsoft 365 is an all-in-one package that covers productivity apps, security, and device management. Microsoft 365 is especially useful for businesses that need to manage their users’ devices and safeguard data.
There are different pricing plans for both Office 365 and Microsoft 365, tailored to small businesses, enterprises, education, and government organizations, so organizations can choose the package that fits their needs best.

Example: A small IT consulting company uses Office 365 to allow employees to collaborate on documents using Word and Excel online, and to communicate via Teams. As the business grows, they switch to Microsoft 365 to also provide security features like advanced threat protection and manage employee devices remotely.

Use Case: For a team of Azure data engineers working remotely, Microsoft 365 allows them not only to share data securely through Teams and SharePoint (like Office 365) but also ensures that their devices comply with company security policies, using the device management feature in Microsoft 365. This helps protect sensitive client data while enabling flexible remote work.

For more information see these links:

Describe the benefits of and considerations for using cloud, hybrid, or on-premises services

Describe public, private, and hybrid cloud models

Public cloud services, like Microsoft Azure, are provided by third-party vendors over the internet. They offer scalability, flexibility, and pay-as-you-go pricing that allows organizations to quickly access resources without large upfront investments. Public cloud environments are shared among multiple users, making them ideal for general workloads that require rapid innovation and access to the latest technologies.
Private cloud refers to resources dedicated solely to one organization, either hosted on-premises or by a remote provider. Private cloud offers more control over security, compliance, and customization, making it suitable for organizations with strict data privacy or regulatory requirements. However, costs and maintenance responsibilities are higher, and scalability is limited compared to public cloud.
Hybrid cloud combines both public and private cloud infrastructures, enabling data and applications to move between them as needed. This model provides greater flexibility—businesses can keep sensitive data in private clouds while leveraging public clouds for scalable workloads. Hybrid clouds are useful when organizations want to maximize existing investments and address unique business or regulatory needs, but they require robust integration and management solutions.

Example: An IT department at a retail company uses Azure public cloud services for its customer-facing website, storing product data and handling large spikes during sales events. At the same time, sensitive customer data like payment information is kept on a private cloud to ensure strict security compliance. Hybrid cloud tools help synchronize inventory and transaction data across both environments.

Use Case: A new Azure Data administrator at a healthcare provider stores patient records in a private cloud to comply with regulatory requirements, while analytics workloads run on Azure’s public cloud. They use hybrid cloud integration to securely access and analyze patient data, improve care recommendations, and maintain privacy standards.

For more information see these links:

Compare costs and advantages of cloud, hybrid, and on-premises services

Cloud services offer a pay-as-you-go model, which means you only pay for the resources you use. This can reduce upfront costs and eliminate the need for major capital investments in hardware and infrastructure. However, costs can increase with usage and if resources are not efficiently managed.
On-premises solutions require significant upfront investments in physical hardware, software licenses, and dedicated IT staff for maintenance. Although you have complete control over your environment, ongoing maintenance, upgrades, power, and cooling add to the total cost of ownership.
Hybrid services combine cloud and on-premises approaches, allowing you to use existing infrastructure while expanding to the cloud when needed (for example, to handle spikes in demand). This can optimize costs by allocating workloads where it makes sense, but adds complexity in management and integration.
Cloud services offer easier scalability and typically include built-in high availability, backup, and disaster recovery options, often at a lower operational cost than maintaining equivalent capabilities on-premises.
Tools such as the Azure Pricing Calculator and TCO Calculator can help organizations assess and compare the costs and potential savings by moving from on-premises to cloud or hybrid services.

Example: A small IT company currently runs all its data analytics workloads on servers located in its office (on-premises). As the business grows, they experience occasional spikes in usage that their on-premises servers cannot handle without expensive upgrades. By moving their analytics workloads to Azure (cloud), they pay only for extra compute when needed, avoiding a major investment in new hardware. Alternatively, they could keep sensitive workloads on-premises and burst to the cloud during spikes, leveraging a hybrid model.

Use Case: A beginner Azure Data professional is tasked with migrating a database for reporting purposes. Using the Azure TCO Calculator, they evaluate current on-premises costs (hardware, power, IT labor) and compare these with Azure SQL Database costs. They then propose a hybrid solution: keep legacy systems on-premises for compliance, while shifting reporting queries to Azure, which can be quickly scaled and incurs lower maintenance costs.

For more information see these links:

Describe the concept of hybrid work and flexible work

Hybrid work is a workplace model that allows employees to work both on-site (in the office) and remotely (from home or other locations), depending on business needs and employee preference.
Flexible work refers to the ability for employees to adjust their working hours and location, enabling a better balance between work and personal life—such as variable start/end times or part-time remote work.
Enabling hybrid and flexible work typically requires robust IT infrastructure, allowing secure access to both cloud and on-premises resources. Tools like Microsoft 365 facilitate safe connectivity, collaboration, and device management for workers regardless of their location.
Organizations can use cloud-based services and secure device management (e.g., multi-factor authentication and compliance policies) to ensure data protection and productivity in both remote and on-premises environments.
A hybrid workspace management system, such as Othership Workplace Scheduler, helps schedule desks, meeting rooms, and track who is working where, making it easier to coordinate flexible work arrangements.

Example: An IT company uses Microsoft 365 to allow its data analysts to work from home three days a week and in the office two days a week. Employees can access company data and files via SharePoint and OneDrive, collaborate in real time with Teams, and securely sign in using multi-factor authentication, ensuring their work is safe and productive wherever they are.

Use Case: A new Azure Data analyst joins an organization that supports hybrid work. With Microsoft 365 and secure cloud-connected devices, the analyst can analyze datasets, join virtual meetings, and share insights with the team whether they’re at the office or working remotely. The IT department manages the analyst’s device settings, app permissions, and access policies via the cloud, ensuring compliance and security.

For more information see these links:

Describe Microsoft 365 apps and services (45–50%)

Describe productivity solutions of Microsoft 365

Describe the productivity and content creation capabilities of the core Microsoft 365 Apps including Microsoft Word, Excel, PowerPoint, and OneNote

Microsoft Word, Excel, PowerPoint, and OneNote are core Microsoft 365 Apps designed to boost productivity by helping users create, edit, and share documents, spreadsheets, presentations, and digital notes.
These apps offer both desktop and web versions, allowing you to access your files from any device with an internet connection. Cloud storage ensures your work is safely saved and easy to recover or share with others.
Real-time collaboration features let multiple users work on the same document at once. For example, teams can co-author, comment, and review documents, streamlining teamwork and reducing errors.
OneNote functions as a digital notebook, helping users organize notes, ideas, and research in one place. It’s ideal for capturing meetings, brainstorming sessions, and tracking project details.
Templates and integrated tools—such as graphs in Excel, slide layouts in PowerPoint, and proofreading in Word—help beginners quickly create professional documents and presentations without advanced technical skills.

Example: A new Azure Data Analyst uses Excel to build a simple data dashboard that summarizes key metrics from a dataset. They use Word to document their analysis process, PowerPoint to present their findings to the team, and OneNote to capture feedback and additional questions for follow-up.

Use Case: An IT professional new to Azure Data can collaborate with colleagues by sharing an Excel spreadsheet containing sample data, working together in real-time to cleanse and visualize the information. They document methodologies in Word, present insights using PowerPoint, and track learning progress and project notes in OneNote—all within the Microsoft 365 ecosystem.

For more information see these links:

Describe the productivity benefits and capabilities of Microsoft 365 Copilot and Microsoft 365 Copilot Chat

Microsoft 365 Copilot is an AI-powered assistant that integrates seamlessly with Microsoft 365 apps like Word, Excel, Outlook, and Teams. It helps automate repetitive tasks such as summarizing emails, drafting documents, and extracting key information, allowing users to focus on more valuable work.
Microsoft 365 Copilot Chat provides a secure chat interface where users can ask questions, generate content, summarize meeting transcripts, or get insights from their business data in real time. The chat assistant can access files, emails, and other content from within your organization, ensuring privacy and compliance.
Copilot can be extended using connectors, APIs, and custom agents that leverage organizational data—this means businesses can tailor Copilot to automate specialized workflows, answer industry-specific queries, or surface actionable insights from internal datasets, improving productivity and decision-making.
Copilot Chat offers enterprise-grade data protection and privacy, so business and user data are never used for AI model training or shared externally. This makes it safe for IT professionals and data users to leverage Copilot within regulated environments.
For IT and Azure Data beginners, Copilot and Copilot Chat simplify complex research, data analysis, and report generation by transforming natural language requests into actionable outputs—helping users learn and be productive with minimal technical knowledge.

Example: An IT technician new to Azure Data needs to quickly summarize a week-long email thread discussing a client’s security incident. Using Microsoft 365 Copilot in Outlook, the technician asks Copilot to summarize the thread. In seconds, Copilot provides a concise summary including the main issue, steps taken, and action items—saving the technician hours of manual reading and note-taking.

Use Case: A company is moving to Azure Data services and wants to help employees transition. The IT team uses Microsoft 365 Copilot Chat to create a knowledge bot that answers common Azure Data setup questions, guides users through initial configurations, and summarizes documentation tailored for beginners. Employees get instant, accurate assistance, boosting adoption and reducing the IT team’s support burden.

For more information see these links:

Describe project management capabilities of Microsoft 365 including Microsoft Project, Planner, Bookings, Forms, Lists, To Do, and Loop

Microsoft 365 provides a range of project management tools suitable for different needs. Microsoft Project offers advanced scheduling and resource management for detailed tracking, whereas Planner enables visual, team-based task management with boards and buckets for organizing tasks.
Tools like To Do and Lists help individuals and teams organize personal tasks and shared data. To Do is good for daily checklists, reminders, and assigning simple tasks, while Lists offers customizable tables for tracking information like project status, inventory, or issue logs.
Microsoft Loop, Bookings, and Forms support collaboration and workflow efficiency. Loop allows for co-creation and real-time collaboration, integrating tasks from Planner and To Do; Bookings automates scheduling of meetings or appointments; Forms helps gather feedback or requirements from stakeholders during project execution.

Example: An IT team is launching a new Azure Data solution. They use Planner to break down the project into tasks such as ‘Setup Azure Storage’, ‘Create Data Pipeline’, and ‘Review Security Settings’. Each task is assigned to a team member, with deadlines and attached reference documents. Progress is tracked visually on a Kanban board, while individual contributors manage personal action items in To Do.

Use Case: A beginner data analyst in IT can use Microsoft Lists to create an issue log for a new Azure Data migration project. They share the list with teammates, update statuses, and use Forms to collect user feedback after migration. Tasks to resolve issues are assigned in Planner, while Loop is used to aggregate real-time input and share updates in Teams, covering project coordination from start to finish.

For more information see these links:

Describe collaboration solutions of Microsoft 365

Describe the email and calendaring capabilities of Microsoft Exchange and Outlook

Microsoft Exchange Online provides a secure, cloud-based platform for email and calendaring, allowing users to access emails, manage contacts, and keep track of tasks from any device using Outlook or Outlook on the web.
Outlook integrates with Exchange Online, enabling users to schedule meetings, send calendar invites, view attendee availability, set reminders, and share calendars easily—making collaboration and time management straightforward.
Exchange Online and Outlook offer robust security features like Exchange Online Protection, which filters out spam and malicious emails to protect organization data, along with admin tools for managing user permissions and mail flow.
Shared mailboxes and public folder mailboxes allow teams to collaborate by sharing email threads, calendars, and notes in organized, accessible formats, improving communication and content sharing in an IT environment.
Resource mailboxes in Exchange (such as for meeting rooms or equipment) allow users to check availability and book resources directly from their Outlook calendar—saving time and reducing scheduling conflicts.

Example: In an IT organization using Azure Data services, the project team uses Outlook integrated with Exchange Online to schedule weekly status meetings. Team members can view each other’s availability, book a shared conference room resource, send invitations, and attach relevant documents from OneDrive—all in one interface.

Use Case: A new Azure Data analyst receives a shared mailbox through Exchange Online to monitor support requests. Using Outlook, they can access group emails, use the shared calendar to coordinate coverage with colleagues, and set reminders for follow-ups—making onboarding and daily operations much smoother.

For more information see these links:

Describe the collaboration and communication capabilities of Microsoft Teams and Teams Phone

Microsoft Teams enables real-time chat, allowing users to communicate instantly through private or group messages, which increases productivity and reduces email clutter.
Teams supports online meetings and video calls, both for one-on-one and group sessions, with built-in features like screen sharing, file sharing, and collaborative whiteboards to enhance teamwork and remote collaboration.
Teams Phone integrates traditional calling capabilities, letting users make and receive phone calls directly from the Teams app, including call forwarding, voicemail, and contact management—all within a unified platform accessible across devices.
Content can be shared and collaboratively edited during meetings via Office 365 apps (Word, Excel, PowerPoint) directly in Teams, making it easy to work on documents together in real time.
Teams provides secure communications with privacy controls and compliance with industry standards, making it suitable for professional use in regulated environments such as IT services.

Example: Imagine an IT support team troubleshooting a client’s Azure Data integration. They use Teams chat for quick updates, share error logs via file sharing, start a video call to screen-share troubleshooting steps, and use Teams Phone to reach an external expert if needed—all from the same platform.

Use Case: An IT analyst new to Azure Data joins a project team in Microsoft Teams. She attends regular group meetings via Teams, shares scripts and documentation in the team’s chat, uses the integrated phone feature to call external trainers, and collaborates on data migration plans with colleagues using shared files and live editing—making onboarding and collaboration easy and centralized.

For more information see these links:

Describe the collaboration benefits and capabilities of Microsoft 365 Copilot and Microsoft 365 Copilot Chat

Microsoft 365 Copilot and Copilot Chat use AI to make teamwork easier—summarizing meetings, highlighting key takeaways, and organizing actions directly in Microsoft Teams and other Office apps.
With Copilot Chat, users can ask questions related to documents, chats, or meetings across apps like Word, Excel, Outlook, and Teams, getting instant, secure answers based on their organization’s content.
Copilot Pages let teams generate, edit, and share content together in real time, supporting tasks like brainstorming, planning, and developing project templates—all within the Copilot workspace.
Copilot helps individuals draft responses in Outlook, refine messaging, and create content that others can review and improve collaboratively.
IT and data teams benefit from centralized summaries, tracking decisions and next steps from meetings and chats, reducing the need for manual note-taking or searching through long email threads.

Example: A team of Azure Data newcomers is working on a cloud migration project. During a Teams meeting, Copilot automatically summarizes the discussion, lists each member’s assigned tasks, and provides a draft of next steps. Using Copilot Chat, the team leader asks follow-up questions about project documents stored in SharePoint, getting instant insights and links to the relevant files.

Use Case: An IT professional in a cloud migration project uses Copilot Chat to quickly review meeting transcripts, receive a summary of technical challenges discussed, and share actionable next steps with colleagues. This helps ensure everyone stays aligned and saves time otherwise spent on manual communication and content searching.

For more information see these links:

Describe the employee experience capabilities of the Microsoft Viva apps

Microsoft Viva apps create a unified employee experience platform by integrating collaboration, learning, communication, goals, and feedback directly into Microsoft Teams and Microsoft 365. This helps employees stay connected, informed, and engaged in their daily work.
Viva Connections provides a customizable gateway to company news, resources, and communities—all from Microsoft Teams—making it easy for employees to find important information, corporate updates, and tools relevant to their role, region, or interests.
Viva Insights delivers data-driven recommendations to improve individual and team wellbeing and productivity. Employees and managers receive actionable insights, such as suggestions to schedule focus time or reminders to take breaks, all while keeping data private and secure.
Viva Learning integrates training resources from the company and third-party providers into the daily workflow, making it easy for employees to access learning content, track courses, and upskill without leaving tools they already use.
Viva Engage, Viva Pulse, and Viva Glint support feedback, engagement, and collaboration by enabling quick surveys, sharing experiences, building communities, and conducting employee pulse checks. This increases transparency, provides leaders with actionable feedback, and encourages knowledge and idea sharing across teams.

Example: Imagine a new Azure Data engineer at an IT company who, on their first day, opens Microsoft Teams and sees a Viva Connections dashboard showing onboarding guides, required training in Viva Learning, company announcements, and an invitation to join the Azure Data Engineers community via Viva Engage—all in one place.

Use Case: A team of Azure Data professionals uses Viva Goals to align their monthly objectives (like completing a new data pipeline) with company targets. They track their progress in Teams, access learning modules on the latest Azure features via Viva Learning, and regularly provide feedback through Viva Pulse surveys, making it easy for managers to spot roadblocks and celebrate wins.

For more information see these links:

Describe the ways that you can extend Microsoft Teams by using collaborative apps such as Whiteboard, Microsoft Planner, Microsoft Power Apps, and Power Automate

1. Integrating collaborative apps with Microsoft Teams can enhance teamwork by allowing users to work together on shared projects, tasks, and ideas without leaving the Teams environment. Apps like Whiteboard enable real-time brainstorming and visual collaboration, making meetings more interactive and productive.
1. Microsoft Planner can be added as a tab in a Teams channel, enabling teams to create, assign, and track tasks directly within conversations. This keeps everyone on the same page and helps manage project progress efficiently.
1. By embedding apps like Power Apps and Power Automate into Teams, users can automate routine processes and build custom solutions that meet specific business needs. For example, Power Apps can help create a custom data entry form, while Power Automate can trigger workflows based on actions in Teams or other apps.

Example: A data analysis team in an IT company uses Microsoft Planner within Teams to assign and track data cleanup tasks. During virtual meetings, they use Whiteboard to map out the project workflow, then automate task notifications using Power Automate so that team members receive updates when their assigned jobs are due.

Use Case: A new Azure data specialist sets up a Teams channel for a data migration project. They add Microsoft Planner for tracking data migration steps, use Power Apps to build a simple form for reporting issues, and configure Power Automate to create tasks in Planner automatically when a data issue is reported. This streamlines collaboration and ensures accountability across the project team.

For more information see these links:

Describe device and cloud endpoint management concepts and deployment options in Microsoft 365

Describe the endpoint management capabilities of Microsoft 365 including Microsoft Intune, co-management with Configuration Manager, Endpoint Analytics, Windows Autopilot, and Windows Autopatch

Microsoft Intune is a cloud-based service in Microsoft 365 used to manage devices, apps, and security policies. It supports Windows, macOS, iOS, and Android devices, and allows organizations to deploy apps, configure device settings, enforce security, and monitor compliance from a central portal.
Co-management enables organizations to use both Microsoft Intune and on-premises Configuration Manager (SCCM) together. This hybrid approach lets you manage workloads such as compliance policies and Windows updates from the cloud, while retaining control over other tasks like operating system deployment on-premises.
Endpoint Analytics provides insights into the health, performance, and usage of devices. It helps identify issues that impact user productivity, such as slow boot times or frequent crashes, allowing IT teams to proactively resolve problems before they affect employees.
Windows Autopilot simplifies the rollout of new Windows devices by automating setup and configuration. IT can pre-configure devices so that users only need to log in with their credentials, turning devices into fully managed endpoints without manual imaging or onsite setup.
Windows Autopatch automates the process of applying updates to Windows devices and Microsoft 365 apps. It ensures all managed devices stay up to date securely with minimal IT involvement, reducing risk and saving time.

Example: A company wants to give every new employee a laptop. Using Windows Autopilot, IT ships devices directly to employees. When employees turn on their laptops, they’re automatically set up with company settings and software, ready to use after signing in.

Use Case: In an organization transitioning to remote work, IT uses co-management (Intune + Configuration Manager) to enroll and manage both office and remote devices. Endpoint Analytics helps monitor device performance, while Windows Autopatch keeps all devices securely updated, reducing support calls from employees who depend on Microsoft 365 apps like Teams and Outlook.

For more information see these links:

Compare the differences between Windows 365 and Azure Virtual Desktop

Windows 365 is a Software as a Service (SaaS) solution that provides Cloud PCs managed by Microsoft. Users access personalized Windows desktops through the cloud, with minimal setup and no need to manage backend infrastructure.
Azure Virtual Desktop (AVD) is a Platform as a Service (PaaS) offering, allowing organizations to build and fully control virtual desktop environments in Azure. IT teams are responsible for setup, maintenance, scaling, configuration, and licensing.
Windows 365 is best for simple, predictable deployments and smaller teams or organizations wanting an easy cloud PC experience. Azure Virtual Desktop offers greater flexibility, scalability, and custom configuration, making it suitable for complex or large-scale environments requiring multi-session desktops and tailored networking.
Both solutions use common networking components (like gateway, broker, and web services) for secure connectivity. However, Windows 365 abstracts much of this complexity, while Azure Virtual Desktop requires more hands-on network and resource management.
Licensing differs: Windows 365 uses a fixed per-user, per-month model, while Azure Virtual Desktop can be billed based on usage, requiring separate licenses for Office and other services. Windows 365 typically integrates management and updates (via Intune), whereas Azure Virtual Desktop often requires manual management.

Example: A startup wants laptops for its remote team without worrying about server setup or updates. With Windows 365, each employee gets a managed Cloud PC with its own apps and security, accessed from any device. IT only configures initial user accounts; Microsoft handles the rest. If the company grows and needs custom software, multi-session desktops, or special networking, they might consider Azure Virtual Desktop, where IT manages all details but gains higher flexibility.

Use Case: An IT administrator at a small tech company, new to Azure cloud management, wants to provide remote workers with secure and standardized desktops. They choose Windows 365 for its easy deployment and hands-off management, minimizing their learning curve and operational burden. As the company grows and requires more custom integrations—such as specialized database applications and advanced networking—the administrator begins exploring Azure Virtual Desktop for expanded capabilities.

For more information see these links:

Describe the deployment and release models for Windows-as-a-Service (WaaS) including deployment rings

Windows-as-a-Service (WaaS) changes how Windows updates are managed by releasing smaller, more frequent feature and quality updates, instead of waiting for major upgrades every few years. This keeps devices secure and up-to-date with the latest features.
Deployment and release models in WaaS use servicing channels such as the General Availability Channel and Long-Term Servicing Channel. The General Availability Channel receives regular feature updates for most devices, while the Long-Term Servicing Channel is reserved for specialized devices (like ATMs or medical equipment) and gets updates less frequently.
Deployment rings are groups of devices that receive updates in stages. Organizations start with a small ring (pilot group) to test updates with early adopters, then progressively expand to broader rings, ensuring compatibility and reducing risks before full deployment.
IT admins can manage WaaS deployments using tools like Microsoft Configuration Manager or Intune. These tools help create and monitor servicing plans (deployment rings), configure update timing, and filter updates based on device needs (architecture, language, etc.).
Using deployment rings and servicing channels together allows organizations to control when and how devices receive updates, minimizing disruptions and tailoring the update process to business requirements.

Example: An IT department at a small company divides its computers into three rings for deploying Windows updates: the first ring includes IT staff computers (early adopters), the second ring includes department heads (pilot group), and the third ring includes all other employee computers. Updates are first tested on IT computers, then gradually pushed to wider groups after confirming stability.

Use Case: A new Azure Data analyst in an enterprise might work on a device that’s part of the ‘broad deployment’ ring, meaning their Windows updates are rolled out after initial validation by IT and pilot users. This approach ensures the latest security patches and features are applied with minimal disruption to daily work, supporting compliance and security needs in the cloud-enabled workplace.

For more information see these links:

Identify deployment and update channels for Microsoft 365 Apps

Microsoft 365 Apps offer three main update channels: Current Channel, Monthly Enterprise Channel, and Semi-Annual Enterprise Channel. Each channel determines how frequently users receive new features and updates. Choosing the right channel helps IT control the timing of updates and feature rollouts.
Current Channel delivers the latest features as soon as they are ready, making it ideal for users who need immediate access to new capabilities. Monthly Enterprise Channel provides updates once a month on a predictable schedule, suitable for organizations that require stability and predictable changes. Semi-Annual Enterprise Channel rolls out updates every six months, useful for environments needing extensive testing before updates.
Deployment and update channels can be managed using tools like the Office Deployment Tool, Group Policy, Configuration Manager, or directly through the Microsoft 365 admin center. Admins can assign different update channels to different user groups or devices to meet varying business needs, but all Microsoft 365 Apps on the same device must use the same update channel.
Not all devices have to use the same update channel, which gives organizations flexibility. For example, IT staff or developers may use channels that get updates first, while general staff use channels with a slower, more predictable update cadence. Staggered deployment helps minimize disruption and allows time for testing.
When planning for Microsoft 365 Apps deployment, consider factors like user readiness, network bandwidth, compatibility with other applications, and support needs before selecting an update channel. Admins can change update channels post-deployment if requirements change.

Example: An IT department uses Monthly Enterprise Channel for all sales employees to provide predictable monthly updates, reducing surprises and downtime during sales campaigns, while developers are assigned to Current Channel to access new features early for application testing.

Use Case: A small company migrating to Azure Data services wants to minimize disruption for employees new to cloud and Microsoft 365. The IT team configures all devices for Semi-Annual Enterprise Channel to ensure updates come only twice a year, giving staff enough time to learn new features and minimizing workplace confusion.

For more information see these links:

Describe Microsoft 365 administration capabilities

Describe the capabilities of the Microsoft 365 Admin center and the reports available

Centralized Management: The Microsoft 365 Admin center provides a single, web-based dashboard where administrators can manage users, groups, services, and security settings across the organization. This makes it easy to configure settings, assign licenses, reset passwords, and more from one place.
Comprehensive Reporting: The Reports section in the Admin center offers detailed insights into how your organization is using Microsoft 365 services, such as email, SharePoint, OneDrive, Teams, and more. These reports show usage trends, identify active/inactive users, and help monitor adoption.
Service Health and Issue Tracking: Admins can check the status and health history of Microsoft 365 services at any time. The Message Center in the Admin center notifies admins about upcoming feature changes and potential issues, helping them troubleshoot or plan for updates.
Customizable Data Privacy: Reports can be configured to show or hide identifiable user information to comply with privacy regulations. By default, names are anonymized, but admins can adjust this based on organizational needs.
Actionable Data for Optimization: Activity and usage reports allow admins to optimize license allocations (e.g., identify users who aren’t using assigned services), improve security by monitoring for unusual activity, and support end-user adoption through targeted training.

Example: Imagine an IT administrator for a small business using Microsoft 365. They regularly check the Reports dashboard in the Admin center and notice that several users have not used their email accounts for over a month. They use this information to follow up with those users or reassign unused licenses, saving on subscription costs.

Use Case: A new Azure Data professional in IT needs to monitor email security. By accessing the Microsoft 365 Admin center, they view the ‘Mail protection’ reports to track occurrences of spam and malware in company email accounts. This helps them identify potential security threats quickly and take preventative actions, such as updating threat protection policies.

For more information see these links:

Describe the capabilities of the Microsoft 365 user portal

The Microsoft 365 user portal allows users to manage their own account settings, including updating personal information, changing passwords, and setting up security options such as multi-factor authentication. This self-service capability reduces reliance on IT support for routine account maintenance.
Users can easily access and manage the apps they use through the portal. The My Apps portal provides a centralized dashboard where users can launch applications, request access to additional services, and see the status of their access requests, helping them work more efficiently with cloud services like Teams, SharePoint, and Outlook.
The user portal includes features for monitoring personal sign-in history and activity. Users can see when and where they’ve signed in, identify unusual sign-in attempts, and report suspicious activity. This empowers users to help maintain account security and respond quickly to potential security threats.

Example: An Azure Data beginner logs in to the Microsoft 365 user portal to update their recovery email address and enable multi-factor authentication, helping ensure they can securely access Azure-related resources like datasets in SharePoint and Power BI reports without IT assistance.

Use Case: A new member of the IT team, unfamiliar with Azure Data, uses the My Apps portal to discover and request access to Microsoft Teams and SharePoint Online for collaborating on a data migration project. The portal guides them through the process, automatically notifying administrators for approval and making it easy to work with required apps.

For more information see these links:

Describe the reports available in other admin centers such as SharePoint, Teams, and Exchange

SharePoint admin center provides site usage reports that show how often sites are visited, what documents are being shared, and which users are active. These insights help admins track collaboration trends and identify unused resources.
Teams admin center offers reports on team activity, such as number of messages sent, meetings organized, and call participation. Admins use these to ensure effective communication and monitor team engagement.
Exchange admin center includes email activity and mailbox usage reports, showing how many emails are sent and received, inbox sizes, and active users. This helps in managing storage and understanding email usage patterns.
Across all admin centers, privacy settings allow organizations to control whether user, group, or site details are visible in reports, supporting compliance with local privacy laws.
These reports are accessible to users with specific admin roles, such as Global Admin, SharePoint Admin, Teams Admin, and Exchange Admin, ensuring only authorized users view sensitive data.

Example: An IT administrator in a medium-sized organization reviews the SharePoint site usage report and finds that a project site hasn’t been accessed for three months. They contact the team to confirm if the project is complete or if resources need to be archived, saving storage and simplifying site management.

Use Case: A new Azure Data professional uses Teams activity reports to identify low-engagement departments within the company. They then recommend training sessions to boost collaboration and improve data sharing between those teams.

For more information see these links:

Describe the capabilities of the Microsoft Copilot dashboard

Comprehensive Usage Insights: The Microsoft Copilot dashboard gives IT administrators a clear overview of how Copilot is being used within the organization. It displays adoption rates, usage patterns, and growth trends to help monitor how often employees interact with Copilot tools.
Measuring Productivity and ROI: The dashboard highlights productivity metrics and provides indicators to measure the impact of Copilot on employee efficiency. It also offers data points that help assess the return on investment (ROI) from deploying Copilot features.
Actionable Recommendations: Based on user activity and results, the Copilot dashboard suggests practical steps for improving Copilot adoption and its overall effectiveness. Admins get targeted insights, such as identifying groups that might benefit from more training or highlighting features that are underutilized.
Easy Setup and Delegation: Administrators can enable the Copilot dashboard from the Microsoft 365 admin center, then delegate access to relevant team members, ensuring that the right stakeholders can review and act on Copilot insights.
Data Privacy and Security: The dashboard supports privacy configurations, including minimum group size and report customization, helping admins stay compliant with organizational and industry standards while accessing meaningful analytics.

Example: An IT administrator in a midsize company uses the Copilot dashboard to discover that teams in the finance department are adopting Microsoft Copilot more rapidly than those in sales. The dashboard reveals that sales team members are not using features like Copilot Chat as much as expected. With this information, the admin can organize additional training sessions and share usage tips tailored to the sales department.

Use Case: For someone new to Azure Data working in IT, the Copilot dashboard can help quickly identify areas where Copilot tools are making a positive impact. For example, by analyzing usage data and productivity metrics, an admin can recognize that after enabling Copilot’s data summarization features, report preparation times have decreased by 20%. Armed with this actionable insight, the admin can coordinate with business leaders to encourage broader adoption of Copilot’s AI capabilities by sharing success stories and best practices.

For more information see these links:

Describe security, compliance, privacy, and trust in Microsoft 365 (25–30%)

Describe identity and access management solutions of Microsoft 365

Describe the identity and access management capabilities of Microsoft Entra ID

Centralized Identity Management: Microsoft Entra ID allows IT administrators to manage user identities, credentials, and access permissions from a single platform. This centralization makes it easier to onboard and offboard employees, manage group memberships, and enforce consistent security policies.
Single Sign-On (SSO): With Entra ID, users sign in once with their organizational credentials to access thousands of integrated cloud and on-premises applications, reducing password fatigue and enhancing user productivity.
Multi-Factor Authentication (MFA): Entra ID supports MFA, adding an extra layer of security by requiring users to verify their identity through a second method (like a mobile app or text message) in addition to their password.
Role-Based Access Control (RBAC) and Privileged Identity Management: Administrators can assign specific permissions to users and groups based on their job roles, and control access to sensitive data and resources. Temporary privileged access can also be assigned and monitored to minimize security risks.
Security Monitoring and Auditing: Entra ID provides comprehensive monitoring, alerting, and reporting features, including machine learning-based reports to detect unusual sign-in activity or potential security threats and to maintain compliance.

Example: A company uses Microsoft Entra ID to allow its employees to access Microsoft 365, Salesforce, and Box with a single username and password. If an employee forgets their password, they can reset it themselves using the self-service password management feature, while IT administrators can track sign-in attempts and detect any suspicious activity via built-in security reports.

Use Case: A data analyst who is new to Azure Data needs secure access to multiple cloud-based data tools, such as Microsoft 365 and Power BI. Using Microsoft Entra ID, their manager quickly grants access through group membership, enforces MFA to protect sensitive data, and monitors login activity—all from a centralized dashboard, ensuring compliance and security as the analyst onboards.

For more information see these links:

Describe cloud identity, on-premises identity, and hybrid identity concepts

On-premises identity means user accounts are created, stored, and managed locally within an organization’s own servers, typically using Active Directory Domain Services (AD DS). Access and authentication are performed using the internal network infrastructure.
Cloud identity is where user accounts exist only in the cloud, managed by Microsoft Entra ID (formerly Azure AD). Users access cloud services like Microsoft 365, and all authentication and account management happen entirely in the cloud.
Hybrid identity is a combination of on-premises and cloud identity. User accounts are created and managed on-premises but are synchronized to Microsoft Entra ID in the cloud using tools like Microsoft Entra Connect. This allows users to have a single identity to access both on-premises resources and cloud services such as Microsoft 365.
Hybrid identity improves flexibility and security by allowing organizations to use familiar on-premises identity tools while enabling access to cloud applications. Changes to user accounts on-premises are automatically reflected in the cloud, reducing duplicate administration.
Choosing the right identity model depends on your organization’s needs: on-premises-only for internal apps, cloud-only for fully remote or modern setups, or hybrid for organizations migrating to the cloud or needing access to both environments.

Example: A company manages user accounts and passwords in their local Active Directory server at their main office (on-premises identity). As they start using Microsoft 365 for emails and collaboration, they deploy Microsoft Entra Connect to synchronize user accounts to Microsoft Entra ID. Employees can then use the same username and password to log in to their office computers and to Microsoft 365 services. This is hybrid identity in action.

Use Case: An IT team new to Azure Data is migrating their data workloads to the cloud but still runs some critical apps locally. By implementing hybrid identity, they can manage all user accounts in their existing on-premises Active Directory, while ensuring users have seamless access to both legacy on-premises applications and new Microsoft 365 cloud services with a single login.

For more information see these links:

Describe how Microsoft uses methods such as multi-factor authentication (MFA), self-service password reset (SSPR), and conditional access, to keep identities, access, and data secure

Multi-factor authentication (MFA) adds an extra layer of protection beyond just passwords. Users must verify their identity using a code sent to their phone, an app notification, or biometrics (like a fingerprint). This makes it much harder for attackers to access accounts, even if they’ve stolen a password.
Self-service password reset (SSPR) lets users reset or change their passwords without needing IT help. If a user forgets their password or gets locked out, they follow secure prompts (like verifying with their phone or email) to regain access quickly. This keeps users productive and reduces support workload.
Conditional Access policies allow organizations to set rules for when and how users can access resources. For example, access can be allowed only from trusted devices or locations, or require MFA if a risky sign-in is detected. These policies help control who gets into important data and apps, based on risk and circumstances.
Combined registration and security policies mean users can enroll for MFA and SSPR at the same time, streamlining onboarding. Conditional Access can also protect the registration process itself, making sure only legitimate users set up their security methods.
Emergency and service accounts can be excluded from Conditional Access policies to avoid lockouts. Temporary Access Pass can enable secure, time-limited access for registration or troubleshooting.

Example: A new employee at an IT company forgets their password while setting up Azure Data services. Instead of waiting for help desk support, they use self-service password reset—verifying their identity with a code sent to their mobile phone—and immediately create a new secure password. The system then automatically applies company password rules and writes the updated password back for on-premises and cloud access.

Use Case: In a data analytics team using Microsoft 365 and Azure, administrators enforce Conditional Access policies that require MFA when accessing sensitive datasets outside of the office. Team members use self-service password reset when needed and can only register their security information (like phone numbers and authenticator apps) from trusted devices, reducing the risk of identity attacks during registration.

For more information see these links:

Describe threat protection solutions of Microsoft 365

Describe Microsoft Defender XDR, Defender for Endpoint, Defender for Office 365, Defender for Identity, Defender for Cloud Apps, and the Microsoft Defender Portal

Microsoft Defender XDR is an extended detection and response (XDR) platform that unifies protection across your devices, identities, emails, and cloud apps, helping you monitor and respond to threats from a single dashboard in the Microsoft Defender portal.
Defender for Endpoint protects computers, laptops, and mobile devices by detecting suspicious activities and automatically investigating and responding to security threats, reducing the risk of cyberattacks on your organization’s devices.
Defender for Office 365 safeguards your email and collaboration tools in Microsoft 365 against phishing, malware, and unsafe attachments, ensuring that communications and shared documents are secure.
Defender for Identity monitors both on-premises and cloud-based user accounts, using signals to detect compromised accounts or insider threats, allowing quick response to identity-based risks.
Defender for Cloud Apps provides visibility and protection over SaaS applications, monitoring user activities, enforcing data protection policies, and alerting your team when risky behavior is detected.

Example: A new employee receives a suspicious email with a link. Defender for Office 365 identifies the email as a phishing attempt, blocks access to the malicious link, and alerts the security team for follow-up, all visible in the Microsoft Defender portal.

Use Case: An IT team in the healthcare sector uses the Microsoft Defender portal to watch for unusual access patterns in patient data applications. Defender for Identity alerts them to a compromised staff account, while Defender for Endpoint automatically isolates the device, preventing further unauthorized access and data exposure.

For more information see these links:

Describe Microsoft Secure Score benefits and capabilities

Microsoft Secure Score provides a clear, measurable way to assess your organization’s current security health. By viewing your Secure Score in the Microsoft Defender portal, you can understand which security practices have already been implemented and where gaps may exist.
Secure Score offers actionable recommendations to improve your security posture. These actions are prioritized by potential impact and can be filtered by products, making it easier for IT teams to focus their efforts efficiently.
You can track your progress over time and compare your score against industry benchmarks. This helps you set achievable key performance indicators (KPIs) and demonstrate incremental improvements to stakeholders.
Secure Score supports improved incident prevention by highlighting critical vulnerabilities in identities, devices, apps, and data, allowing beginners to proactively address security threats rather than react after an incident occurs.
The platform accommodates practical workflows by letting users filter, group, assign statuses, and add notes or tags for each recommended action, making security tasks more manageable even for smaller IT teams or those new to security management.

Example: Imagine an IT administrator at a mid-sized company logs into the Microsoft Defender portal and sees that their organization’s Secure Score is 45%. Upon reviewing the recommended actions, one top suggestion is to enable multi-factor authentication (MFA) for all accounts. By enabling MFA, the admin not only increases the organization’s Secure Score, but also makes accounts much less vulnerable to unauthorized access.

Use Case: A new Azure Data team is onboarding to Microsoft 365 and wants to ensure their sensitive information is safe from threats. By regularly checking the Microsoft Secure Score and completing the high-impact recommended actions (like securing admin accounts and enforcing proper device policies), the team steadily improves their overall security. This reduces the risk of accidental data leaks or breaches while building team understanding of best security practices.

For more information see these links:

Describe how Microsoft 365 addresses the most common types of threats against endpoints, applications, and identities

Microsoft Defender for Endpoint protects devices such as laptops, PCs, and mobile phones by automatically detecting, blocking, and responding to malware, ransomware, and suspicious activity across your network. It provides early warnings and simple dashboards for monitoring threats.
Microsoft Defender for Office 365 secures business email, files, and collaboration tools from phishing attacks, unsafe links, and malicious attachments. Its real-time scanning helps prevent employees from clicking harmful content often found in emails.
Microsoft Entra ID Protection and Defender for Identity help safeguard user identities by detecting unusual sign-in activities, compromised credentials, and risky behaviors. These tools can automatically block access or require additional authentication when threats are detected.

Example: An employee receives a phishing email pretending to be from IT support, asking them to click a link and enter their password. Defender for Office 365 recognizes the malicious link and blocks the email, preventing the user from interacting with it.

Use Case: A new Azure Data Administrator in an IT company manages sensitive company reports. Microsoft 365 automatically monitors login behavior for their account with Entra ID Protection. If the account is accessed from an unusual location or device, access is flagged as risky, and the Administrator is prompted to verify their identity, safeguarding company data against credential theft.

For more information see these links:

Describe trust, privacy, risk, and compliance solutions of Microsoft 365

Describe the Zero Trust Model

Zero Trust is a security model that assumes no user, device, app, or network can be trusted by default, whether they are inside or outside the company. Instead, it enforces strict controls at every access attempt.
It is based on three core principles: 1) Verify explicitly – Always authenticate and authorize based on all available data points (like user identity, device health, and location), 2) Use least privilege access – Give users the minimal access needed to perform their tasks, and 3) Assume breach – Always work from the mindset that a breach could happen, so segment access and monitor for threats.
Unlike traditional security approaches that trust users or devices inside the network perimeter, Zero Trust ensures every request is continuously verified and policies adapt to changing risks, using tools like multifactor authentication and conditional access in Microsoft 365.

Example: Imagine a company where employees work from both the office and home. With Zero Trust, even if an employee is at the office, trying to access company data in Microsoft 365, they must verify their identity using a password and an additional factor like a phone approval. Access is granted only if their device is compliant and their location is recognized, reducing the risk if their credentials are stolen.

Use Case: A new Azure Data analyst joins an IT team and needs to access sensitive customer reports stored in SharePoint Online. With the Zero Trust model, the analyst is given access only to the specific data needed for their job (least privilege). Every login requires multifactor authentication, and if the analyst tries to access the reports from an unapproved device or unusual location, access is blocked or additional verification is required. This keeps customer data more secure and limits risks from compromised accounts.

For more information see these links:

Describe Microsoft Purview compliance solutions such as insider risk, auditing, and eDiscovery

Microsoft Purview Insider Risk Management helps organizations detect, investigate, and reduce internal threats such as data leaks or intellectual property theft by monitoring user activity and using machine learning to identify risky behavior.
Purview Audit solutions record and retain detailed logs of user and administrator actions across Microsoft 365 environments, making it easy for IT teams to search for and analyze events during security investigations, regulatory audits, or internal reviews.
Purview eDiscovery enables IT and legal teams to search, collect, and preserve electronic information—including emails, files, and chats—from Microsoft 365 services. This is crucial for responding to legal or regulatory requests that require electronic evidence.
These solutions are designed with privacy controls such as pseudonymization and role-based access, protecting user identities while ensuring compliance teams get the actionable insights they need.

Example: An IT company uses Microsoft Purview Audit to monitor user actions like document sharing, editing, and deletion in SharePoint and OneDrive. When a sensitive file is accidentally shared outside the company, the audit log quickly identifies the responsible user and the time of the event, helping the IT admin address the issue and strengthen sharing policies.

Use Case: A beginner-level Azure Data engineer at an IT firm supports compliance with industry regulations by setting up Purview eDiscovery and Audit. If a legal request arises, the engineer can easily search and export relevant emails and documents from users’ mailboxes, meeting legal obligations without disrupting business operations or violating privacy.

For more information see these links:

Describe Microsoft Purview Information Protection features such as sensitivity labels and data loss prevention

Sensitivity Labels: Microsoft Purview Information Protection uses sensitivity labels to classify and protect documents and emails. Labels can be applied manually by users or automatically by policies based on the presence of sensitive data, such as credit card numbers or personal information. These labels travel with the data, ensuring protection even when files are shared internally or externally, or stored outside Microsoft 365.
Data Loss Prevention (DLP) Policies: DLP policies in Microsoft Purview help prevent sensitive information from being shared inappropriately. DLP scans files, emails, and chats to detect sensitive data using keywords, data types, and machine learning classifiers. Policies can block sharing, display user warnings, or require extra approval before sensitive data is sent outside the organization.
End-to-End Coverage and Productivity: Purview Information Protection extends across Microsoft 365 apps (Word, Excel, Outlook, Teams), cloud services (SharePoint, OneDrive), and endpoints (Windows, macOS). The solution is designed to balance security and user productivity, letting users collaborate securely while ensuring data governance and compliance with privacy regulations.

Example: An IT consultant working for a financial services company uses Microsoft 365 to store client information. Documents containing client social security numbers are automatically labeled as ‘Confidential.’ If an employee tries to email such a document to someone outside the organization, a DLP policy blocks the email and informs the user that the content contains sensitive information that can’t be shared externally.

Use Case: A new Azure Data administrator manages customer data in Microsoft 365. By configuring sensitivity labels, all files with customer identification numbers are classified as ‘Highly Confidential.’ DLP policies are set so these files cannot be shared outside the company’s trusted group of users. This ensures compliance with regulations and prevents accidental data leaks, helping the administrator protect sensitive data while allowing internal collaboration.

For more information see these links:

Describe how Microsoft supports data residency to ensure regulatory compliance

Microsoft 365 offers data residency options, allowing organizations to choose where their data is stored, such as selecting specific countries or regions to meet local regulatory requirements. This helps businesses comply with laws that dictate data must remain within specific geographical boundaries.
Microsoft adheres to a shared responsibility model for compliance: Microsoft maintains and updates its infrastructure to comply with global and regional standards, while customers are responsible for configuring their settings and managing their data according to local laws.
Microsoft 365 includes tools and features to track, control, and audit data access, ensuring only authorized users can view or modify sensitive information. Enhanced security measures, such as Customer Lockbox and advanced encryption, further help satisfy regulatory expectations around privacy and control.

Example: A company in Germany stores its Microsoft 365 email and document data within the German datacenter region. This guarantees that all user information is processed and stored locally, helping the business comply with stringent German data protection laws like the GDPR.

Use Case: An IT manager new to Azure Data at a healthcare startup selects Microsoft 365’s data residency options to store patient data within their local region. This enables the startup to meet national healthcare compliance regulations and easily pass security audits required for medical data processing.

For more information see these links:

Describe the capabilities and benefits of Microsoft Priva

Microsoft Priva helps organizations automatically identify, manage, and protect personal data across their Microsoft 365 environment. By providing visibility into where sensitive information is stored and how it is handled, Priva supports data privacy and helps organizations reduce privacy risks.
Priva includes tools for responding to subject rights requests (SRRs), like data access or deletion requests, making it easier to comply with privacy regulations such as GDPR. The solution streamlines and tracks requests, ensuring organizations reply in a timely and consistent manner.
With Priva, IT teams can set up customizable privacy policies that detect risky data behaviors (such as sharing sensitive data outside the organization). Actionable notifications guide users to resolve issues, promoting privacy awareness and reducing accidental data exposure.

Example: A company using Microsoft 365 stores customer support emails that may contain personal data, such as names or addresses. With Priva, they can quickly find these emails, monitor access, and help ensure that only authorized staff can view or process them, helping meet privacy and regulatory requirements.

Use Case: An IT team at a cloud services company receives a data subject request from a client asking to see all the personal information the company holds about them. Using Microsoft Priva’s Subject Rights Requests feature, the team can efficiently locate the relevant data throughout Microsoft 365, review it for sensitive content, and securely share it with the requester in compliance with privacy laws.

For more information see these links:

Describe Microsoft 365 pricing, licensing, and support (10–15%)

Identify Microsoft 365 pricing and billing management options

Describe the pricing model for Microsoft cloud services including enterprise agreements, cloud solution providers, and direct billing

Enterprise Agreements (EA): Large organizations can enter into an Enterprise Agreement, which provides volume licensing and potentially discounted pricing for Microsoft cloud services like Microsoft 365 and Azure. EAs require a minimum commitment, typically for three or more years, and are managed directly with Microsoft or through a partner.
Cloud Solution Provider (CSP): With the CSP model, customers purchase Microsoft cloud services from an accredited Microsoft partner (the CSP), who manages billing, support, and subscription provisioning. The CSP sets their own pricing, can bundle in value-added services, and acts as the ongoing point of contact for the customer.
Direct Billing (Microsoft Customer Agreement): This model allows organizations—usually small or mid-sized businesses—to purchase Microsoft 365 and Azure services directly from Microsoft online. Pricing is pay-as-you-go, with flexible terms that let customers scale up or down as needed. Billing and subscription management are handled in the Microsoft 365 or Azure portals, with no third-party involvement.

Example: A mid-size IT consulting firm wants to set up Microsoft 365 and Azure for a client. If the client signs an Enterprise Agreement, they’ll get discounted rates and a consolidated bill for all their licenses. If they prefer personalized service, they can work with a Cloud Solution Provider, who manages their subscriptions and offers support. Alternatively, if they are a smaller business comfortable managing everything themselves, they can sign up for Microsoft 365 or Azure directly and pay monthly with a credit card, only for what they use.

Use Case: A start-up data analytics company new to Azure wants to experiment with cloud services before committing to long-term contracts. They choose the direct billing model, signing up through the Azure Portal. This allows them to track precise usage and costs, set spending alerts, and only pay for what they use as their business grows. If they need additional support later, they may switch to a Cloud Solution Provider for more guidance and value-added services.

For more information see these links:

Describe available billing and bill management options including billing frequency and methods of payment

Microsoft 365 offers flexible billing frequencies for subscriptions: you can pay monthly or yearly, depending on your organization’s needs. The billing frequency can be changed in the Microsoft 365 admin center, but for some account types (MCA), changes are only possible at renewal time.
Payment methods for Microsoft 365 business subscriptions include credit and debit cards and billing profiles. A billing profile allows organizations to manage payment details centrally and pay for all subscriptions. You can edit or replace your payment method (e.g., update card information, switch cards, or add wire transfer details) directly in the admin center.
Recurring billing is turned on by default for subscriptions paid using a card or billing profile. This means Microsoft automatically charges your chosen payment method at the end of each billing period, ensuring uninterrupted service. You can turn recurring billing on or off at any time; if off, payment must be made manually each period.

Example: An IT department at a small company subscribes to Microsoft 365 and pays with the organization’s business credit card. They set the subscription to yearly billing to reduce management tasks, and recurring billing is enabled, so the card is automatically charged each year without manual intervention.

Use Case: A business analyst new to Azure Data at a mid-sized IT firm manages Microsoft 365 subscriptions. To streamline payments, they set up a billing profile linked to the company’s debit card, choose monthly billing for better cash flow management, and enable recurring billing. This way, the subscriptions are paid automatically each month, allowing the team to focus on data tasks without worrying about manual renewals.

For more information see these links:

Identify licensing options available in Microsoft 365

Describe license management

License management in Microsoft 365 involves assigning, tracking, and managing software licenses to ensure that users have the right access to Microsoft 365 apps and services.
There are several ways to assign licenses: through the Microsoft 365 admin portal for a few users, via PowerShell scripts for bulk assignments, or with group-based licensing in Microsoft Entra ID for easier management of larger organizations.
Licenses determine which Microsoft 365 services a user can access. If a license is not assigned, the user won’t be able to install or use apps like Word, Excel, or Teams.
Each Microsoft 365 license allows a user to install the productivity apps on multiple devices (up to five PCs, five tablets, and five smartphones), and installations are monitored by Microsoft’s cloud services.
Automated license assignment and removal (especially through group-based licensing) helps organizations quickly onboard or offboard employees, minimizing manual effort and reducing errors.

Example: An IT administrator for an Azure Data-focused company wants to give all new hires access to Office apps. By using group-based licensing in Entra ID, they automatically assign the correct licenses to every employee added to the ‘Data Analysts’ group — no need to assign licenses one by one.

Use Case: A company just hired five new data analysts. Instead of individually assigning Microsoft 365 licenses, the IT admin adds each new analyst to the ‘Data Analysts’ group in Entra ID. As soon as they become group members, the analysts automatically receive the necessary Microsoft 365 licenses and can immediately install and use Office apps needed for their work.

For more information see these links:

Describe the differences between base licensing and add-on licensing

Base licensing provides the essential features and access to Microsoft 365 services, such as email, cloud storage, and productivity apps. It acts as the foundation for user access.
Add-on licensing allows organizations to extend the functionality of their base license by purchasing additional features or services, such as advanced security, compliance tools, or specific applications not included in the standard package.
Base licenses are required for every user to access core services, while add-on licenses are optional and can be assigned to individual users or devices based on specific needs—helping organizations stay flexible and cost-effective.
Add-ons typically depend on an existing base license. For example, to activate Teams Phone features, a user must already have a base licensing option like Microsoft 365 E3 or Business Standard.
Choosing between base licensing and add-on licensing helps organizations optimize costs by only paying for the advanced features or capacity when needed, ensuring that they tailor the environment to their actual business requirements.

Example: An IT department provides all staff with Microsoft 365 Business Standard (base license) for email and Office apps. Later, the company decides some data analysts need advanced threat protection for sensitive data. The department adds Microsoft Defender for Office 365 (add-on license) just for those users needing extra security, rather than upgrading everyone.

Use Case: A new Azure data specialist uses Microsoft 365 Business Standard as a base license for cloud collaboration and productivity. When the specialist begins managing sensitive customer information using Microsoft Teams, the organization purchases Compliance add-on licensing for secure messaging and retention policies—ensuring necessary protections are in place for regulated data, but only for the roles that need it.

For more information see these links:

Identify support options for Microsoft 365 services

Describe how to create a support request for Microsoft 365 services

Access the Microsoft 365 admin center: To create a support request, log in to the Microsoft 365 admin center at https://admin.microsoft.com. Only users with admin permissions can access support options and submit requests.
Initiate a support request via ‘Help & support’: In the admin center, locate and select the ‘Help & support’ option, usually found at the bottom right of the page. This area allows you to start typing your issue and view suggested troubleshooting articles.
Describe your issue and provide contact information: If self-help resources don’t solve your problem, choose ‘Contact Support.’ Enter a clear description of your issue, specify relevant details, select your preferred contact method (phone or email), and confirm your contact information.
Track and manage your request: After submitting, your support request will be shown in the ‘Help & support’ tab, where you can monitor the status, add updates, and review past requests.
Prepare supporting details: Gather essential information before submitting, such as error messages, affected services/users, tenant ID, and any related attachments, as strong details help Microsoft support assist you faster.

Example: A new IT admin for a small company discovers that users cannot access shared files in Microsoft Teams. The admin logs in to the Microsoft 365 admin center, goes to ‘Help & support’, types ‘Teams file access issue’, follows the prompts, and submits a detailed support request including error messages and affected user details.

Use Case: An analytics team new to Azure Data in a mid-sized organization finds that Power BI Service is not syncing with their Azure SQL Database. After basic troubleshooting, their team admin logs in to the admin center, collects relevant error logs and user IDs, and submits a comprehensive support request to Microsoft 365 support, choosing email as the preferred contact method and tracking the request status for updates.

For more information see these links:

Describe support options for Microsoft 365 services

Microsoft 365 offers multiple support channels, including online self-service, community forums, and direct technical support. The Microsoft 365 admin center is the main platform to create service requests, track issue resolution, and access help resources.
Basic support (via the Microsoft 365 admin center) covers technical break-fix issues with apps like Word, Excel, and Outlook. This type of support helps restore normal function but does not cover product feature requests, code debugging, or data recovery.
For advanced needs, such as implementing single sign-on (SSO) or integrating with third-party tools, organizations may require paid support options like Microsoft Unified Support or consulting services. Self-service guides and Microsoft community forums are also available for step-by-step help or peer advice.
To open a support case, you need admin permissions and a valid Microsoft 365 subscription procured directly from Microsoft. If purchased through a partner, you should contact the partner for support.
Service health monitoring and the ability to provide product feedback are also accessible from the admin center, helping organizations stay informed and influence future Microsoft 365 improvements.

Example: A small IT team managing Azure Data services runs into an issue where Microsoft Excel used within Microsoft 365 is unable to connect to an external data source. The admin logs into the Microsoft 365 admin center, selects ‘Help & support,’ describes the issue, and contacts Microsoft technical support for assistance. The support engineer guides them through troubleshooting steps to restore connectivity.

Use Case: An Azure Data analyst at a company is deploying a new Power BI report using data stored in Microsoft 365 SharePoint. If connectivity issues appear, they can leverage Microsoft 365 admin center support to resolve setup or access problems. For more complex integration or SSO issues, the company could pursue advanced support or use community resources to receive best-practice guidance tailored to Azure Data scenarios.

For more information see these links:

Describe service-level agreements (SLAs) including service credits

A service-level agreement (SLA) is a formal contract between Microsoft and its customers that defines the expected level of service, such as uptime and responsiveness, for Microsoft 365 or Azure services.
SLAs typically specify measurable targets like 99.9% monthly availability. If Microsoft fails to meet these targets, customers may be eligible to receive service credits—discounts applied to future bills instead of cash refunds.
To request a service credit after an outage or SLA breach, customers must provide documentation, such as the service incident ID, outage times, and evidence of impact, then submit a support request in the Azure portal or via their partner.
It’s important to note that different Microsoft support plans (like Premier, Professional Direct, or Subscription) may offer different response times and support features, but the SLA applies to core service availability regardless of support plan.
Monitoring service health and understanding how to file an SLA credit request helps organizations manage IT risk and Azure or Microsoft 365 costs more effectively.

Example: Suppose your company uses Microsoft 365 for business email, and an unexpected outage leaves your team unable to access email for several hours during the workday. Microsoft’s SLA promises 99.9% uptime, but the downtime exceeded the allowed threshold. You collect the necessary incident information from the Microsoft 365 admin center and submit a request through the Azure portal. Microsoft reviews your claim, and if eligible, issues a service credit on your next bill.

Use Case: A data analyst new to Azure Data relies on Azure Synapse Analytics for daily reporting. If the service experiences an extended outage that interrupts data processing beyond the SLA promise, the analyst’s IT team can submit an SLA claim, providing incident IDs and evidence of impact. After review, Microsoft may credit a portion of the monthly Azure costs. This knowledge helps the team plan for future disruptions and manage project budgets.

For more information see these links:

Determine service health status by using the Microsoft 365 admin center or the Microsoft Entra admin center

Accessing Service Health: You can check the health status of Microsoft 365 services by signing in to the Microsoft 365 admin center (https://admin.microsoft.com) or the Microsoft Entra admin center with an admin account. Only certain roles, such as Global Admin, Service Support Admin, or Helpdesk Admin, are allowed to view service health.
Understanding the Dashboard: Once inside the admin center, select the ‘Health’ section and then ‘Service health’ to view a dashboard with the current status of each Microsoft cloud service (like Teams, Exchange, or SharePoint). The dashboard uses icons and color coding to indicate normal operation, advisories, or incidents, making it easy to spot any issues.
Responding to Service Issues: The Service health page shows both issues requiring action from your organization and active incidents being worked on by Microsoft. You can check if a problem is due to a known Microsoft outage before spending time troubleshooting. Past incidents and their resolutions are available in the Issue history tab for reference.

Example: A data analyst at a company notices they cannot access files in OneDrive for Business. Before submitting an IT ticket, they or their admin check the Microsoft 365 admin center and see an active service incident affecting OneDrive worldwide. This confirms the problem is on Microsoft’s side and helps avoid unnecessary troubleshooting.

Use Case: In an IT department supporting a team of analysts who rely on Microsoft Teams and SharePoint for data projects, the admin regularly checks the Microsoft 365 admin center’s Service health dashboard. If a service advisory appears for Teams, the admin can inform the analysts about possible disruptions, set expectations, and delay meetings as needed, improving communication and minimizing workflow interruptions.

For more information see these links:

MS-900 Microsoft 365 Fundamentals

🎓 Don't Forget Your Learning Badge!

Describe cloud concepts (5–10%)

Describe the different types of cloud services available

Describe Microsoft software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS) concepts and use cases

Describe differences between Office 365 and Microsoft 365

Describe the benefits of and considerations for using cloud, hybrid, or on-premises services

Describe public, private, and hybrid cloud models

Compare costs and advantages of cloud, hybrid, and on-premises services

Describe the concept of hybrid work and flexible work

Describe Microsoft 365 apps and services (45–50%)

Describe productivity solutions of Microsoft 365

Describe the productivity and content creation capabilities of the core Microsoft 365 Apps including Microsoft Word, Excel, PowerPoint, and OneNote

Describe the productivity benefits and capabilities of Microsoft 365 Copilot and Microsoft 365 Copilot Chat

Describe project management capabilities of Microsoft 365 including Microsoft Project, Planner, Bookings, Forms, Lists, To Do, and Loop

Describe collaboration solutions of Microsoft 365

Describe the collaboration and content sharing capabilities of Microsoft SharePoint, OneDrive, and Stream

Describe the email and calendaring capabilities of Microsoft Exchange and Outlook

Describe the collaboration and communication capabilities of Microsoft Teams and Teams Phone

Describe the collaboration benefits and capabilities of Microsoft 365 Copilot and Microsoft 365 Copilot Chat

Describe the employee experience capabilities of the Microsoft Viva apps

Describe the ways that you can extend Microsoft Teams by using collaborative apps such as Whiteboard, Microsoft Planner, Microsoft Power Apps, and Power Automate

Describe device and cloud endpoint management concepts and deployment options in Microsoft 365

Describe the endpoint management capabilities of Microsoft 365 including Microsoft Intune, co-management with Configuration Manager, Endpoint Analytics, Windows Autopilot, and Windows Autopatch

Compare the differences between Windows 365 and Azure Virtual Desktop

Describe the deployment and release models for Windows-as-a-Service (WaaS) including deployment rings

Identify deployment and update channels for Microsoft 365 Apps

Describe Microsoft 365 administration capabilities

Describe the capabilities of the Microsoft 365 Admin center and the reports available

Describe the capabilities of the Microsoft 365 user portal

Describe the reports available in other admin centers such as SharePoint, Teams, and Exchange

Describe the capabilities of the Microsoft Copilot dashboard

Describe security, compliance, privacy, and trust in Microsoft 365 (25–30%)

Describe identity and access management solutions of Microsoft 365

Describe the identity and access management capabilities of Microsoft Entra ID

Describe cloud identity, on-premises identity, and hybrid identity concepts

Describe how Microsoft uses methods such as multi-factor authentication (MFA), self-service password reset (SSPR), and conditional access, to keep identities, access, and data secure

Describe threat protection solutions of Microsoft 365

Describe Microsoft Defender XDR, Defender for Endpoint, Defender for Office 365, Defender for Identity, Defender for Cloud Apps, and the Microsoft Defender Portal

Describe Microsoft Secure Score benefits and capabilities

Describe how Microsoft 365 addresses the most common types of threats against endpoints, applications, and identities

Describe trust, privacy, risk, and compliance solutions of Microsoft 365

Describe the Zero Trust Model

Describe Microsoft Purview compliance solutions such as insider risk, auditing, and eDiscovery

Describe Microsoft Purview Information Protection features such as sensitivity labels and data loss prevention

Describe how Microsoft supports data residency to ensure regulatory compliance

Describe the capabilities and benefits of Microsoft Priva

Describe Microsoft 365 pricing, licensing, and support (10–15%)

Identify Microsoft 365 pricing and billing management options

Describe the pricing model for Microsoft cloud services including enterprise agreements, cloud solution providers, and direct billing

Describe available billing and bill management options including billing frequency and methods of payment

Identify licensing options available in Microsoft 365

Describe license management

Describe the differences between base licensing and add-on licensing

Identify support options for Microsoft 365 services

Describe how to create a support request for Microsoft 365 services

Describe support options for Microsoft 365 services

Describe service-level agreements (SLAs) including service credits

Determine service health status by using the Microsoft 365 admin center or the Microsoft Entra admin center