Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
129 Cards in this Set
- Front
- Back
What items use strictly TCP port 443 in an Office 365 environment? |
-Office 365 Portal -Outlook -OWA -SharePoint Online -Lync Client -ADFS Federation/Proxy |
|
What items use TCP port 443/80 in an Office 365 environment? |
-Azure AD sync tool -Mail migration tools -Exchange |
|
What items use TCP port 25 in an Office 365 environment? |
Mail Routing |
|
What items use TCP port 143/993 in an Office 365 environment? |
IMAP simple migration tool |
|
What items use TCP port 995 in an Office 365 environment? |
POP3/S |
|
What items use TCP port 5223 in an Office 365 environment? |
Lync mobile client push notifications |
|
What items use TCP port 587 in an Office 365 environment? |
SMTP relay |
|
What is PSOM? |
PSOM is the media protocol for data collaboration. PSOM will use TLS as the underlying transport. PSOM can be used by conferencing clients to establish media channels with the Web Conferencing Server to negotiate or transfer media. |
|
What is STUN? |
STUN (Session Traversal Utilities for NAT) reflects the NAT IP addresses of the external user’s endpoint visible to the internal user’s Lync client. This helps the external user’s Lync client determine which IP addresses other clients can see across firewalls. TURN allocates media ports on the external A/V edge of the Edge Server to allow the internal user’s Lync endpoint to connect to the external user’s Lync endpoint.
|
|
What transport mechanisms does "Lync Online outbound data sharing" use? |
PSOM/TLS 443 |
|
What transport mechanisms does "Lync Online outbound audio, video, app sharing" use? |
STUN/TCP 443 |
|
What transport mechanisms does "Lync Online outbound audio and video sessions" use? |
STUN/UDP 3478 |
|
What transport mechanisms does "Lync to Phone outbound" use? |
UDP 20 000-45 000 |
|
What transport mechanisms does "Lync outbound audio and video sessions" use? |
UDP 50 000 - 59 000 |
|
What host names can be used for non SSL content caching? |
r3.res.outlook.com r4.res.outlook.com prod.msocdn.com |
|
What are the minimum system requirments for the "Office 365 best practices analyzer"? |
>Windows 7 SP1 x64 >IE9 |
|
Where can the "Office 365 best practices analyzer" be downloaded from? |
From the tools section in the Office 365 Admin Centre. |
|
What is the purpose of "Office 365 best practices analyzer"? |
Diagnosing client connectivity |
|
What is the purpose of "Office 365 OnRamp Tool"? |
Checks for Office 365 deployment readyness in on premises environment |
|
Where can the "Office 365 OnRamp Tool" be accessed from? |
onramp.office365.com |
|
What methods can be used to add and administer users to Office 365? |
- Office 365 Admin Console - CSV - Powershell - Directory syncronisation |
|
What Powershell cmdlet and mandatory parameters can be used to add a new user to Office 365? |
New-msoluser -userprincipalname -displayname |
|
What Powershell cmdlet and parameters can be used to change the properties of an Office 365 user? |
set-msoluser-userprincipalname -passwordneverexpires -strongpasswordrequired |
|
What Powershell cmdlet and parameters can be used to remove user from Office 365? |
remove-msoluser -objectid -userprincipalname |
|
How long is the grace period from when a Office 365 user is deleted and permanently deleted? |
30 days |
|
What method can be used to restore an Office 365 user that has been deleted within the 30 day grace period? |
restore-msoluser -userprincipalname |
|
What method can be used to display details of an Office 365 user? |
Get-msoluser |
|
What method can be used to assign an Office 365 license to an existing Office 365 user? |
set-msoluserlicense -userprincipalname -addlicenses :licensetype |
|
What information is required when creating an Office 365 user? |
- Display Name - User Name |
|
Where can you view available licenses for your Office 365 users? |
- under "Assigned license" section of each user - under the Billing > licenses section of the admin center menu |
|
What are the default options for viewing active users? |
-All users -Sign-in allowed users -Sign-in blocked users -unlicensed users -users with errors -billing admins -global admins -password admins -service admins -user management admins |
|
What are the 3 types of Office 365 groups? |
-Exchange Online Groups -SharePoint Online Default Groups -Office 365 Security Groups |
|
Where are Exchange Online Groups managed? |
Exchange Admin Center (EAC) |
|
What types of exchange online groups can be created? |
-Distribution Groups -Security Groups -Dynamic Distribution Groups |
|
Describe the function of an Exchange Online Distribution Group |
Used to distribute messages to recipients |
|
Describe the function of an Exchange Online Security Group |
Used to provide access to distribute messages |
|
Describe the function of an Exchange Online Dynamic Distribution Group |
Dynamically populated groups used to distribute messages to recipients |
|
What are some the default groups for SharePoint Online if a public template is used? |
Visitors, Members, Owners, Approvers, Designers |
|
What are the default groups for SharePoint Online if a team template is used? |
Visitors, Members, Owners |
|
Office 365 security groups can be used to manage access to SharePoint Online resources how? |
Office 365 security groups can be nested inside SharePoint Online groups. |
|
What are the pre-requisites to installing the Azure AD PowerShell Module? |
- Windows 7 and < - .Net Framework 3.5.1 - Online Services Sign-in Assistant v7.0 or < (x86/x64) - Azure Admins Console |
|
What is the cmdlet used to establish a connection to manage an Office 365 account? |
connect-msolservice |
|
What common parameters can be used in conjunction with the new-msoluser cmdlet? |
-userprincipalname -displayname -password -passwordneverexpires -strongpasswordrequired -usagelocation -licenseassugnment |
|
What common parameters can be used in conjunction with the get-msoluser cmdlet? |
-userprincipalname -usagelocation -returndeletedusers -license -unlicensedusersonly |
|
What common parameters can be used in conjunction with the set-msoluser cmdlet? |
-userprincipalname -displayname -passwordneverexpires -strongpasswordrequired -usagelocation -licenseassignment |
|
What common parameters can be used in conjunction with the remove-msoluser cmdlet? |
-userprincipalname -removefromrecyclebin |
|
What common parameters can be used in conjunction with the remove-msoluser cmdlet? |
-userprincipalname |
|
What cmdlet can be used to get licencing information for a Office 365 account? |
get-msolaccountsku |
|
What cmdlet can be used to change the licensing properties of a user |
set-msoluserlicense |
|
What common parameters can be used with set-msoluserlicense? |
-userprincipalname -addlicenses -removelicenses |
|
What cmdlet can be used to create a Office 365 security group? |
new-msolgroup |
|
What are the common parameters of new-msolgroup? |
-displayname -description |
|
What cmdlet can be used to modify the properties an Office 365 security group? |
set-msolsecuritygroup |
|
What are the common parameters of new-msolgroup? |
-description |
|
What cmdlet can be used to get a list of members an Office 365 security group? |
get-msolgroupmember |
|
What are the common parameters of get-msolgroupmember? |
-groupobjectid |
|
What cmdlet can be used to add a member to an Office 365 security group? |
add-msolgroupmember |
|
What are the common parameters of add/remove-msolgroupmember? |
-groupobjectid -groupmembertype -groupmemberobjectid |
|
What cmdlet can be used to delete a Office 365 security group? |
remove-msolsecuritygroup |
|
What are the common parameters of remove-msolsecuritygroup? |
-objectid -force |
|
What does a Office 365 Global Administrator/company administrator Admin role give a user permission to do? |
All tasks in the Office 365 Admin Center: -Manage domains -Manage organisation information -delegate administrator roles to other users -use directory synchronization -Exchange Online Admin -Exchange Company Admin -SharePoint Online Admin -Lync Online Admin |
|
What does a Office 365 User Management Admin/user account admin role give a user permission to do? |
-Manage users, groups and service requests, reset passwords and monitor health -cannot reset passwords for billing, global/company admin or service/service support admin. -Lync Online Admin |
|
What does a Office 365 Password Admin/helpdesk admin role give a user permission to do? |
-Manage passwords (excluding those with an admin role) and service requests, monitor health. -Exchange Helpdesk Admin -Lync Online Admin |
|
What does a Office 365 Service Admin/service support admin role give a user permission to do? |
-Manage service requests and monitor health. Admin permissions must be assigned to the online service before this role. -Lync Online Admin |
|
What does a Office 365 Billing Admin role give a user permission to do? |
-Make purchases, manage subscriptions and support tickets, monitor health. -Lync Online Admin |
|
What cmdlet can be used to show the available roles on an Office 365 tenant? |
get-msolrole |
|
What cmdlet can be used to add a user to a role on an Office 365 tenant? |
add-msolrolemember |
|
what are the common parameters of add/remove-msolrolemember? |
-rolename -rolememberemailaddress |
|
What cmdlet can be used to get the role assigned to an Office 365 user? |
get-msoluserrole |
|
What are the common parameters of get-msoluserrole? |
-userprincipalname |
|
What are the common parameters of get-msolrole? |
-rolename |
|
What cmdlet can be used to get the members of a role in Office 365? |
get-msolrolemember |
|
What are the common parameters of get-msolrolemember? |
-roleobjectid |
|
What cmdlet can be used to remove the members of a role in Office 365? |
remove-msolrolemember |
|
What is a delegated administrator? |
It is a role reserved for if you wish to have your Office 365 tennant managed by someone outside of your organisation. |
|
What is the sequence of events that must take place in order to add a delegated administrator? |
1. Review email with offer terms 2. Click link to offer authorization 3. Click yes to authorize partner as delegated admin. 4. create subscription tenant account if it has not already been created. 5. Verify delegated admins |
|
What are the two types of delegated admins? |
Full administration=global admin/company admin Limited administration=password admin/helpdesk admin |
|
What are the default password settings for Office 365 users? |
-expires after 90 days -notification after 14 days |
|
what is the range of days that you can set password expiration to? |
14-730 |
|
what is the range of days that you can set password reset notification to? |
1-30 |
|
what password settings are available in PowerShell but not in the Office 365 admin center? |
- Password never expires - Remove strong password complexity requirments |
|
If a user has been assigned the Global Admin role and needs their password reset, what options does the user have? |
- have another global admin reset their password -use the forgot my password link (need an alternate email address or if a non onmicrosoft email address is used, a phone that can receive a text message). |
|
What cmdlet can be used to rest a users password in Office 365? |
set-msoluserpassword |
|
What are the common parameters of set-msoluserpassword? |
-userprincipalname -newpassword |
|
What happens if you do not specify the -newpassword parameter when using the set-msoluserpassword cmdlet? |
the users password will be randomly generated |
|
What cmdlet can be used to modify the password policy in Office 365? |
set-msolpasswordpolicy |
|
What are the common parameters of set-msolpasswordpolicy? |
-domainname -validityperiod -notificationdays |
|
What are the pre-requisites to managing Information Rights Management using PowerShell? |
The "Azure Rights Management Administration Tool" must be installed. |
|
How do you enable information rights management using PowerShell? |
enable-aadrm |
|
What does AADRM stand for? |
Azure Active Directory Rights Management |
|
How do you connect/disconnect to the AADRM service using PowerShell? |
connect/disconnect-aadrmservice |
|
What cmdlet can be used to make/remove/get a user a information rights management administrator? |
add/remove/get-aadrmrolebasedadministrator |
|
What are the common parameters of add-aadrmrolebasedadministrator? |
-emailaddress |
|
What is the command used to establish a PsSession with the Exchange instance of an Office 365 tenant? |
New-PSSession -ConfigurationName microsoft.exchange -connectionuri https://ps.outlook.com/powershell -Credential $credential -Authentication basic -AllowRedirection $credential = SecureString |
|
How is the RMS key sharing location set using PowerShell? |
set-irmconfiguration -rmsonlinekeysharinglocation "https://sp-rms.au.aadrm.com/tennantmanagement/servicepartner.svc" |
|
How is the trusted publishing domain imported using PowerShell? |
import-rmstrustedpublishingdomain -rmsonline -name "rms online" |
|
How is IRM enabled in exchange online using PowerShell? |
set-irmconfiguration -internallicensingenabled $true |
|
How can the IRM configuration for Exchange Online be tested using PowerShell? |
test-irmconfiguration -rmsonline test-irmconfiguration -sender |
|
What are the steps for enabling IRM integration in Exchange? |
1. Enable IRM 2. Establish a PowerShell session with the Exchange instance 3. Set the RMS online key sharing location 4. Import the trusted publishing domain 5. Enable IRM in exchange online 6. Test the IRM in exchange online 7. Disconnect the PsSession |
|
What does IRM integration with exchange enable? |
the ability to send mail with -no restrictions -confidential (content can be modified but not cant be copied or printed) -confidential view only (content can't be modified, copied or printed) -do not forward (content can't be modified, copied, printed or forwarded) |
|
How can you enable IRM for individual messages? |
1. open OWA 2. click ... 3. mouse over "set permissions" 4. select the appropriate permission from the list. |
|
How can you enable IRM for all messages in outlook? |
1. go to exchange admin 2. click mail flow 3. create a new rule 4. create relevant rule. |
|
What are the steps to enabling IRM for SharePoint Online?
|
1. Enable in O365 SharePoint Online Admin Center.
2. Apply IRM to lists and libraries (need Design Permissions) - Non - O365 users get read only view of document - O365 users download and access according to IRM policy. |
|
Where can you enable IRM for SharePoint Online? |
1. Select SharePoint from the Admin menu in the Admin center 2. click settings 3. Enable IRM |
|
How can IRM be applied to the Office Suite? |
by logging into office with an O365 account that has IRM applied |
|
What is the preferred DNS record type for setting up an O365 hybrid environment? |
TXT then MX |
|
What are the steps for adding domains to office 365? |
1. Verify ownership of the domain 2. Verify that you can change DNS records 3. Access domains in office 365 admin center 4. Verify ownership of the domain by adding TXT DNS record 5. Change default domain to new domain name 6. Add users and assign licenses |
|
what are the minimum requirements for AAD Sync? |
-Windows Server 2008-Windows server 2012 R2 -SQL Server 2008-2014 (Express less than 100000 objects) -.net framework 4.5.1 -powershell 3.0 |
|
what is one of the main advantages of using AAD sync over dirsync? |
Multiple forest support |
|
What are the advantages of using AAD connect over AAD sync or dirsync? |
-optional ADFS environment -health tools |
|
What are the advantages of implementing ADFS? |
-SSO -AD login policy -smart card -3rd party MFA |
|
What are the optional features available as part of AAD connect? |
-Exchange Hybrid Deployment - Azure AD app and attribute filtering -Password synchronization - Password writeback - Group writeback - Device writeback - Directory extension attribute sync |
|
what are the 4 stages of implementation of AAD connect |
1. Prepare (active directory environment) 2. Set up (O365 sub to allow AD synchronization) 3. install (the aad connect tool) 4. assign licenses to users in O365 |
|
what are the minimum requirements of AAD connect? |
-Windows server 2003 domain functional level - must be installed on windows server 2008 -does not need to be joined to the domain -cant be SBS or Server essentials |
|
what are the minimum requirments to enable password writeback? |
-server 2008 (DC)with latest sp |
|
what are the minimum requirments to enable password synchronization? |
windows server 2008 r2 sp1 |
|
What are the minimum requirments for ADFS web application proxy? |
-windows server 2012 r2 -winrm enabled |
|
If ADFS is being deployed what is required? |
SSL certificates |
|
what are the hardware requirements of AAD connect? |
less than 10000 objects 1.6GHz 4GB 70GB 10000-50000 1.6GHz 4GB 70GB 50000-100000 1.6GHz 16GB 100GB 100000-300000 1.6GHz 32GB 300GB 300000-600000 1.6GHz 32GB 450GB more than 600000 1.6 GHz 32GB 500GB |
|
How many objects can SQL server express handle? |
100000 |
|
when would you use the express settings when installing the AAD connect tool? |
-if users are using password synchronization - single forest enviroment |
|
what are the options when using upgrade from dirsync when installing the AAD connect tool? |
-in place upgrade -parallel deployment |
|
How can the supported user agent strings be modified to support SSO? |
set-adfsproperties wiasupporteduseragent <string> |
|
What cmdlet keeps track of when Active Directory Federation Services (AD FS) 2.0 on a server computer last synchronized its database with other federation servers in your deployment? |
get-adfssyncproperties |
|
What steps must be performed in order to |
-run set-adfssyncproperties -role primarycomputer on the new primary computer -run set-adfssyncproperties -role secondarycomputer <newprimarycomputername> on the old primary computer -use -supportmultipledomain when converted if applicable |
|
How to you perform a conversion to a federated domain? |
convert-msoldomaintofederated -domainname <domain> |
|
how can you verify the federated domain conversion has taken place? |
get-msoldomain |
|
What cmdlet can be used to convert a federated domain to a standard domain? |
convert-msoldomaintostandard -domainname <domain> -skipuserconversion $false -passwordfile <passwordfilelocation> |
|
how can you convert a individual user from a federated user to a standard user? |
convert-msolfederateduser -principalname |