Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/342

Click to flip

342 Cards in this Set

  • Front
  • Back

Which Office 365 Enterprise Plan contains Microsoft Access?

All of the Enterprise Plans
What are the three Office 365 SME Plans?

Business Essentials
Business


Business Premium

Which Office 365 SME plan contains just Office?

Business

What are the Office 365 Enterprise Plans?

Pro Plus - Office Only



E1 - Exchange & Online Apps




E3 - Exchange/Apps/Azure Rights Management/Skype/Yammer/Business Intel

E5 - Also has DLP/Compliance/PSTN and Advanced Threat Protection`

What Office 365 Plans have support for unlimited users?

All of the Enterprise plans

What is the size limit off an Exchange Online mailbox?

100GB

What is the size limit of the Enterprise Exchange Online Archive?

Unlimited

What are the other Office 365 Licencing Plans? (Not SME / Enterprise)

E4 - No longer available

K1 - Kiosk Licences (Used for Shared computers)

Non-Profit - Available in E1 / E3 / E5 / Business Essentials / Business Premium models




Education Licencing - Heavily Discounted licensing

Which Office 365 Packages come with Advanced Business Intelligence and PSTN features?

Enterprise E5

What Office 365 Plans come with Compliance/e-discovery (Litigation Hold, In-Place Hold) and Data Loss Prevention?

Enterprise E3 & E5 Plans

Which Office 365 Plans contain Microsoft Project and Microsoft Visio?

None of the plans include these products.




They must be purchased as a Standalone Product.

Which Office 365 Products can be purchased separately?

Exchange Online
Sharepoint Online


OneDrive for Business
Skype for Business
Office Apps
Project Online
Yammer
Business Intelligence
Visio Pro
Azure Rights Management

What is the default Microsoft Office 365 domain name?

onmicrosoft.com

How do you rename the Sharepoint Online Team site URL to your custom URL?

This isn't possible, Sharepoint will use your Microsoft Tenant domain and cannot be customised.

How do you change the Country/Region of your tenant after creating it?

You can't as the Tenant Country/Region selection effects the following:

- Location of Data Center
- Performance
- Available Service Offerings
- Compliance
- Billing Currency

Can you change the Region that the users are located in Office 365?

Yes, the user's location/region can be changed.




The Tenant Region/Location can not.

What is the Office 365 Password Requirements?

Passwords must be 8-16 Characters long, contain 3 out of the four characters listed (Upper case, lower case, number and symbols)

What are the 5 Tenant Admin Roles and Permissions?

What is the URL for the Office 365 Admin Centre?

https://portal.office.com

Which two Admin roles can assign licenses to users in Office 365?

Global Administrators




User Management Administrators

Can you mix licenses between organisation types (Business/Non-Profit)?

No, you cannot mix between organisation license types (Business/Enterprise, Non-Profit, Education, Government)

Can you have both a Business Premium licence and an E3 licence in the same Tenant?

Yes. You cannot, however, mix licence types ( Business/Enterprise, Non-Profit, Education, Government)

What happens when you delete an Office 365 user account?

- The users Office 365 licence will be removed


- The deleted user data will be permanently deleted after 30 days (Soft Delete)


- A hard delete will delete the users data immediately but must be done via Powershell

What do you need to install in order to connect to Office 365 via Powershell?

- Microsoft Online Service Sign-In Assistant (64-Bit)


- Windows Azure Active Directory Module for Windows Powershell (64-Bit)

Which Command do you use to connect to Office 365 via PowerShell?

Import-Module MSOnline
$UserCredential = Get-CredentialConnect-MsolService -Credential $UserCredential

What does the following command do?

Set-ExecutionPolicy Unrestricted

Allows PowerShell to run all Scripts with zero Restrictions

What Powershell cmdlet is used to return all the subscriptions that the company has purchased?
(Licence Type)

Get-MsolSubscription

What Powershell cmdlet returns all SKU's that the company owns?
(Licence Count)

Get-MsolAccountSku

What does the New-MsolLicenceOptions command do?

The New-MsolLicenceOptions cmdlet creates a new Licence Options Object. The cmdlet disabled specific service plans when assigning a user licence using Add-MsolUser and Set-MsolUserLicence cmdlets

What does the Set-MsolUserLicence Cmdlet do?

The Set-MsolUserLicence cmdlet can be used to adjust the licences for a user. This can include, adding a new licence, removing a licence, updating the licence options or a combination of these.

What are the two installation methods for Office?

Click-To-Run
- Deployed via Portal Download
- Deployed via Office Deployment Tool (Setup.exe or SCCM)

Windows Installed
- MSI Install downloaded from Microsoft (Offline Installer)

What are the two update channels?

Current Channel


- Updates Every Month
- Default for Office 365 Business
-Includes Monthly Security & Non-Security Updates



Deferred Channel
- Updates 3 x per year (4 Month Schedule)
- Default for Office 365 ProPlus (Enterprise)
-Includes Monthly Security Updates & Non-Security Updates




First Release for Deferred Channel


- Early access for validation testing.

What are the three methods for setting update channels for Office 365 Users?

Portal Download - Allows users to install/reinstall Office with new Update and release preferences set via Office 365 Admin Centre




Office Deployment Tool (ODT) - Uses XML File set configuration options. Deploys to users from local install path via setup.exe or SCCM

Group Policy Administration Templates - Downloaded ADMX from Microsoft and install to GPMC/Gpedit to set channel for local machines

Can Windows Update, WSUS and SCCM be used to push Office 365 updates?

No.

Where can you change the Software download settings in the Office 365 Admin Portal?

Services & add-ins > Software Download Settings




You can also set what is available from here.

Where are the release preferrences set in the Office 365 Admin Center

Organization Profile > Release preferences

What is the URL for the Office 365 Roadmap website?

http://fasttrack.microsoft.com/roadmap

Where is the Group Policy Admin templates located?

C:\Windows \PolicyDefinitions




If you're missing the Microsoft Office options in Group Policy it is because you have not imported the Policies.

Global Admin

Subscription Notes

Tenant Names

Licence & Subscription notes

Powershell and Subscription Notes

New Features and Updates

What are the 4 steps in the Domain Setup Wizard

- Add Domain


- Verify Domain


- Setup your online services


- Update DNS

How do you add a domain via the Office 365 Admin Center?

Setup> Domains

Why can't the domain company.local be added to Office 365?

Because it is a non-routable domain

What are the two ways to verify a domain?

- TXT Record
- MX Record

What are Microsofts Office 365 Name Servers if you wanted to move DNS to Office 365?

- ns1.bdm.microsoftonline.com


- ns2.bdm.microsoftonline.com

What is the command to add a new domain to Office 365?

New-MsolDomain




Example:

New-MsolDomain -Name o365.davidatkin.com -Authentication "managed"

What is the command to set the default domain?

Set-MsolDomain -Name o365.davidatkin.com -IsDefault

What is the command to List domains in Office 365?

Get-MsolDomain

Example:
Get-MsolDomain -DomainName o365.davidatkin.com

What Powershell command is used to remove a domain in Office 365?

Remove-MsolDomain -DomainName o365.davidatkin.com -Force

Powershell Command to verify the records needed to verify domain ownership in Office 365?

Get-MsolDomainVerificationDNS
Examples:
Get-MsolDomainVerificationDNS -DomainName o365.davidatkin.com
Get-MsolDomainVerificationDNS -DomainName o365.davidatkin.com -Mode (DnstxtRecord / Dnsmxrecord)

What is the Powershell command to confirm DNS records (Ownership & Services)?

Confirm-MsolDomain




Example:
Confirm-MsolDomain -DomainName o365.davidatkin.com

Add Domain

Set Domains as default

Moving DNS to MS

Powershell Domain Management

What two commands in Powershell use -Name instead of -DomainName?

New-MsolDomain -Name
Set-MsolDomain -Name

What does Microsoft recommend the criteria for pilot users?

- 5% of User base
- Mix Age, Experience and Seniority
- Select Full time employees
-Different Parts of the organisation
- Min of 6 months with the company
- Already trained on company software
- Willing to provide feedback (Positive & Negative)

What is the limit on Office 365 message sizes?

150MB Max
25MB by default

What is the web address for the Office 365 Health, Readiness and connectivity checks?

https://portal.office.com/tools

What are the Health Readiness check pre-requisites?

Must have a 64-Bit version of Windows 7 or later with .NET 3.5

Internet Explorer 9.0

Windows Powershell V2.0

What is the new name for DIRSync?

Azure Active Directory Connect (A AS Sync)

What tool is used to fix DirSync/Azure AD Connect issues?

IdFix




- Stand-alone ".exe" - No installation
- Do not run on a domain controller. Run on Domain joined PC
- .NET 4.0 required
- 64-Bit machine needed
- Run with a user account that had r/w access to AD.

What is the IdFix min specification?

4GB RAM


10GB HDD Space

Where can you find the resources to create a test plan?

https://fasttrack.microsoft.com

What are the three Office365 FastTrack phases?

Envision
- Define Vision, Identify Scenarios, Create Plan

Onboard
- Self Deployment, Qualified Partner, Microsoft FastTrack Assistance (>50 Users Required)

Drive Value
-Engage, Measure, Manage

Exchange Migrations Notes (1):

- Cannot Install 3rd Party add-ins
- IMAP migrations will not include calendar and contacts
- Public folders need to be public folder mailboxes (Available in Exchange 2013 +)


- Distribution lists can be converted to Office 365 groups (If all users are in the tenant and not managed or nested)

Exchange Migrations Notes (2):

- 150MB Message Limit (25MB default)
- 50GB Mailbox Limit
- Bulk email senders may violate Exchange Online frequency limits
- Mailboxes can stay on-premise in Hybrid Scenarios

OneDrive for Businesses Migration Notes:

- 10GB File Limit
- Cannot Migrate files with unsupported filenames or filenames that are too long

Sharepoint Online Migration Notes:

Team sites can be migrated or individual components (lists, calendars etc) can be migrated

Skype for Business Notes:

Cannot use Skype for Business, Lync 2013, and Lync 2010 all Simultaneously (2 out of 3 is OK)

What does SMART stand for when referring to FastTrack?

S Specific
M Measurable
A Attainable
R Relevant
T Timely

What does SPF stand for?

Sender Policy Framework
Sender Protection Framework

What does SCP stand for in AD?

Service Connection Point

What does the Include: mean in an SPF Record.

Includes any other SPF records specified in that domain




- Nested records

What port does the SIPFederationTLS SRV Records use in Office 365?

5061

What port does the SIP SRV record use in Office 365?

443

Which record needs to be changed in order to receive mail from Sharepoint Online?

The SPF Record.




It needs to be changed to:




"v=spf1 includes:sharepointonline.com ~all"




The office protection SPF is nested in the above.

Should you use a Proxy server with Office 365?

No - Avoid using a proxy, this is because it can have issues with the amount of SSL and Authentication traffic that will be going to the Proxy to get to Office 365.




If the Proxy is needed then it's suggested that you whitelist various URL's and IPs which can be found on Microsofts Sites.

What ports need to be open to communicate with Skype for Business? (Destination Ports)

Destination Ports:

- SIP/PSOM/Control - TCP 80/443
- A/V/DTS - UDP 3478, 3479,3480, 3481
- Apple iOS Push Notifications - TCP 5223

What ports need to be open for streaming media with Skype for Business?

TCP/UDP
Type: Souce:

Audio 50,000-50,019
Video 50,020-50,039
DTS 50,040-50,059

Destination Ports are:
50,000 - 59,999

What does DTS mean in Skype for Business?

Desktop Sharing

What tools can be used for recommending Bandwidth for Office 365

Exchange Client Network Bandwidth Calc

Skype for Business Bandwidth Calculator

What tool is required to use Office 2007 and Office 2010 in Office 365?

Office Desktop Setup Tool

When will support for Office 2007 end?

October 2017

What is Azure Rights Management?

A Cloud base service which provides:



Encryption
Identity Management
Authorisation
Secure Files and Folders

Works across multiple devices

What are the benefits of Azure Rights Management?

Protect All file types
Protect files anywhere
Share Files Securely by Email
Auditing and Monitoring
Support B2B
File classification
Easy activation

Comes with a free downloader

What is Rights Management?

Generic Term for assigning and controlling permissions for a resource

What is Digital Rights Management (DRM)?

Various access control technology for restricting usage

For digital content - Films and series etc

What is Information Rights Management?

Implementation of one or more technologies in support of a Policy

What does FCI stand for?

File Classification Infrastructure

- Automates classification processes on Windows Server file servers
- Giving certain types of files certain permissions

What is ARM?
What is AD RMS?

ARM - Azure Rights Management

AS RMS - On-Premise Active Directory Rights Management

What is Azure IP?

Azure Information Protection

Cloud based solution to classify, label and protect documents and emails.

What Office 365 plans include ARM?
(Azure Rights Management)

E3/E5 Subscription

Standalone -
Acure Infroamtion Protection premium P1 / P2

Free -
Microsoft Rights Management Service (RMS) for individuals

What is BYOK?

Bring your own Key

What do you need in order to manage Azure Rights Management (ARM) via Powershell?

Download the Azure Rights Management Module for PowerShell
(Azure Rights Management Administration Tool)

PowerShell v2
.NET Framework 4.5


How do you connect to Azure Active Directory Rights Management (AADRM) via PowerShell?

Import-Module aadrm

$UserCredential = Get-Credential

Connect-AadrmService -Credential $UserCredential

What is the Powershell command for controlling which Security Groups can protect documents and who cannot?

Controlling users via AD Security Group:



Set-AadrmOnboardingControlPolicy -SecurityGroupObjectID "ID"




*This must be a security group, not a user*

What is the Powershell command for controlling which users can protect documents and who cannot - By their Subscription license?

Set-aadrmOnboardingControlPolicy -UserRmsUserLicence $true -Scope All

*Cmdlet allows only users who have a license assigned to protect content by Azure Rights Management*

Where do you enable Azure Rights Management?

Services & Add-ins > Microsoft Azure Information Protection




(For Advanced Feature you need an Azure Subscription)

What are the Azure Rights Management Integration Options?

Native Office Integration

RMS Sharing Applications (Windows)
RMS Sharing Applications (MAC)

Azure Information Protection App (iOS/Roid)

Exchange Online Integration

Sharepoint Online/One-Drive for Business Integration

What Microsoft Office packages come with Azure RM Native Office Integration?

Microsoft Office 2013
Microsoft Office 2016
Microsoft Office 2016 (Mac)

Microsoft Office 2010*
*Needs RMS Sharing Application

What are the Two types of protection for Documents in RMS?

Native
- Office Files
- Supported text & Image files




Generic

What do you get with Native RMS Protection?

Native Office Files


- No changes to the file extensions
- No wrapper




Supported text & Image files


- Wrapper in new file type


- Adds a 'p' to file extensions (.pdocx, .pgif)




*Features - Authorisation & Restricted Access

What do you get with Generic RMS Protection?

Files not supported by Native RM Protection
- Wrapper in new file type
- File extensions changed (Adds a "p" - .ppdf, .pgif)

Authoisation Only
- No restricted access once opened

What are the two templates you start off with in Azure RM?

Read-Only
- Display Name:


- Specific permission: View Content

Read or Modify
- Display Name: -Confidential
- Specific permission:

How do you restrict access to an Office Document in Office?

File > Info > Protect Document/Workbook > Restrict Access

Which two roles can manage the Azure RIgnts Management Environment?

Office 365 Tenant (Global Administrator)




Azure RM Administrator (AadrmRoleBasedAdministrator)

What is an Azure Rights Management Super User?

It's a backup door user that has access to decrypt and view all protected documents and files.


Used to access leavers files etc

Must be granted permission by an RM Administrator of Global Administrator

How does an Azure Rights Management Administrator manage ARM Settings?

Via Powershell

How do you become a SuperUser in Azure Rights Management?

The Azure Active Directory Rights Management Admin or Global Admin must first enable the SuperUser Ability.

Once the SuperUser ability is turned on it must be enabled.

What PowerShell command is used to Add Azure RMS Administrator roles from groups or users?

Add-AadrmRoleBasedAdministrator
-SecurityGroupDisplayName
-EmailAddress
-ObjectID




Note - Even though the -SecurityGroupDisplayName says 'Group', you can also define a 'User'

What PowerShell command is used to View a list of Azure RMS Administrators?

Get-AadrmRoleBasedAdministrator

What PowerShell command is used to Remove an Azure RMS Administrator role from groups or users?

Remove-AadrmRoleBasedAdministrator


-SecurityGroupDisplayName


-EmailAddress


-ObjectID Note




Even though the -SecurityGroupDisplayName says 'Group', you can also define a 'User'

What is the command to Enable the Azure Active Directory Super User Feature?

Enable-AadrmSuperUserFeature

To Disable:
Disable-AadrmSuperUserFeature

Note, this is Tenant wide. You're enabling/disabling the SuperUser feature on the tenant

How do you assign the Azure RM SuperUser role to a User?

Add-AadrmSuperUser


-EmailAddress
-ServicePrincipleID

Note:
This is for users only. There is another command for Groups

How do you assign the Azure RM SuperUser role to a Group?

Add-AadrmSuperUserGroup
-GroupEmailAddress



*Note*
You can only have one SuperUser Group!

How do you get a list of current SuperUsers?

Get-AadrmSuperUser
How do you get a list of the current SuperUser Groups?

Get-AadrmSuperUserGroup

How do you remove the SuperUser Group from your organisation?

Clear-AadrmSuperUserGroup

How does an Azure RM SuperUser recover documents?

It needs to be done via the Azure RM Protection Tool



Powershell module
Supplement to Azure Rights Management PowerShell Module

As an Azure Active Directory Rights Management SuperUser, how do you get the status of a file to see if it is protected by RMS?

Get-RMSFileStatus
-File

What is the command to import the RMS protection tool in PowerShell?

Import-Module RMSProtection

How does a SuperUser protect a file or folder?

Powershell:

Protect-RMSFile
-File
-Folder
-InPlace (Will replace the file. By default a new one is created in addition to the original)
-TemplateID

How does a SuperUser unprotect a file or folder?

PowerShell:




Unprotect-RMSFile


-File


-Folder


-InPlace


-Recurse

How do you get a list of RMS Templates?

Get-RMSTemple
-Culture


-Force
-RMSServer (used for on prem)

What PowerShell cmdlet is used to enable RMS Exchange Integration?

Connect to Exchange First




Set-IRMConfiguration -RMSOnlineKeySharingLocation "https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc"


Import-RMSTrustedPublishingDomain -RMSOnline -Name "RMS Online"


Set-IRMConfiguration -InternalLicensingEnabled $true Test-IRMConfiguration -Sender

How do you connect to Exchange Online with PowerShell?

$Cred = Get-Credential




$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic -AllowRedirection




Import-PSSession $Session

How Often are the Custom ARM templates refreshed?

Every 7 days in Office 2013 / 2016




Once a day if the RMS Application Sharing is installed




Exchange must have its templates manually refreshed with the following command:




Import-RMSTrustedPublishingDomain

What does RBAC stand for?

Role Based Access Control

- Permissions are grouped into Roles

What does DAC stand for?

Discretionary Access Control

ACL, ACEs

What does MAC stand for when talking about permissions?

Mandatory Access Control

Labels, Classifciations

What can a Billing Administrator do?

- Make Purchases
- Manage Subscriptions
- Manage Support Tickets
- Monitors Service Health

What can a Password Administrator do?

Can only reset passwords for users - Only Non-Admins

What can a Service Administrator do?

Read Only access to most of Office 365

- Opens Support Tickets and Management
- Viewing User information
- View Health Status

What can a User Management Administrator do?

- Reset Passwords
- Monitor Service Health
- Manage User Accounts
- Manage Service Requests

Which 4 Office 365 roles allows a user to be a Skype for Business Administrator?
Global Administrator
Password Administrator
Skype for Business Administrator
User Management Administrator

How do you get a list of Roles in Office 365?

Get-MsolRole

-RoleName


-ObjectName
-TenantID

What command is used to list Global Admins in Office 365 PowerShell?

$role = Get-MsolRole -RoleName "Company Administrator"

Get-MsolRoleMember -RoleObjectID $role.ObjectId

How do you Add or Remove an Office 365 Role member?
Add-MsolRoleMember
Remove-MsolRoleMember

-RoleName
-RoleObjectId
-RoleMemberEmailAddress

-RoleMemberObjectId
-RoleMemberType
-TenantId

How do you set a UsageLocation in Office 365 PowerShell?

Set-MsolUser -UserPrincipalName -UsageLocation GB

How do you assign an Office 365 Licence in PowerShell?

Get-MsolAccountSku
(gets name of licence)

Set-MsolUserLicence -UserPrincipleName -AddLicenses

Admin Roles in Office 365


How do you set the password policy for the entire tenant in Office 365?

Set-MsolPasswordPolicy -DomainName -NotificationDays -ValidityPeriod

How do you set a Password Policy for a specific user to never expire?

Set-MsolUser -UserPrincipalName -PasswordNeverExpires $true

When you setup Azure Connect what happens to the password expiration policy in Office 365?

They get set to Never Expire.




If the local AD Passwords expire, the old passwords may still work in Office 365 until it's reset.

Can you have the following password in Office 365:




ad*2869.@

No, you can't have a password with the following in it (in succession):




.@

How do you disable Strong Passwords in Office 365?

Set-MsolUser -UserPrincipleName -StrongPasswordRequired $false

How do you reset a user password via Office 365?

Set-MsolUserPassword -UserPrincipleName -NewPassword -ForceChangePassword $true

What is the default password history in Office 365?

1 Password

You can't use your previous password.

Which two fields are required when importing users into Office 365 via CSV:

Username (Login Name)




Display Name




Note:


Username Domain needs to exist in the tenant

What is the max amount of users you can import with CSV?

250 Max




2 Minimum

What are the User Name field limits in Office 365?

30 Characters before @
48 Characters after @




Max 79 Characters including the @

How do you get information of a deleted user in PowerShell

Get-MsolUser -UserPrincipleName -ReturnDeletedUsers

What are the three Authentication Factors?

Knowledge Factor - What you know
Passwords

Possession Factor - What you have
Tokens / Cards

Inherence Factor - What you are
Biometrics

Max amount of App Passwords in Office 365?

40

What are App Passwords for in MFA?

It's so that you can assign a specific password to Apps like Office.




It stops the App from needing MFA and uses a one-time generated password.

Security Groups

- Additional SID in Azure
- Used for assigning permissions
- Cannot be used for E-Mail

Mail-Enabled Security Group

Security Group and Distribution Group

Office 365 Groups

Shared Mailbox + OneDrive (SharePoint Site)

What are the MFA Statuses in Office 365?

Disabled - Not Enabled
Enabled - Enabled but not setup yet
Enforced - Enabled and being used

How do you hard delete an Office 365 user when it has been soft deleted?

Remove-MsolUser -UserPrincipleName -RemoveFromRecycleBin

What does Sku in AccountSku mean?

Stock Keeping Unit

Billable unit

What is the description for the OFFICESUBSCRIPTION service plan?

Office Professional Plus

What is the description for the SHAREPOINTWAC service plan?

Office Online

What is the description for the MCOSTANDARD Service Plan?

Skype for Business Online

How do you get a list of unlicenced Office 365 users?

Get-MsolUser -UnlicensedUsersOnly

What does CRUD stand for?

Create New-
Read Get-
Update Set-
Delete Remove-

What are the main MsolUser switches?

New-
Get-
Set-
Remove-
Restore-

How do you change a users UserPrincipalName?

Set-MsolUserPrincipalName

How do you specify a role with the Get-MsolRole cmdlet?

By ObjectID

How do you list roles assigned to a user?

Get-MsolUserRole

How do you set a licence for a user?

Set-MsolUserLicence

How do you set single sign on with a domain?

Set-MsolDomainAuthentication

What does the Set-MsolUser cmdlet do?

Sets the following:




User Info
Password Expiration
Password Complexity

What does the Set-MsolUserPassword do?

Sets User Passwords

What does the Set-MsolPasswordPolicy Cmdlet do?

Tenant-Wide expiration days and notification days

What does the Set-MsolUserLicense cmdlet do?

Assigns and removes user licenses

What does the Set-MsolUserPrincipalName cmdlet do?

Changes a UserPrincipalName

What can't the Set-MsolUser cmdlet NOT modify?

UserPrincipalName
LicenseAssignment
Password

How many Azure Tenants can an Azure AD Connect sync server sync to?

Just one.




Each Azure AD Connect can only sync to one Azure Tenant




Each Azure Tenant can only have one AD Connect Sync Server

What is GALSync?

A program to sync from multiple forests into multiple Azure Tenants.




User A is created as a User in Azure Tenant A


User A is created as a contact in Azure Tenant B

What is Azure AD Connect Staging Mode?

It's where you have an identical sync server used for redundancy or for testing purposes.




The Staging server is set to read only mode and does not write to Azure which is why it does not break the Azure/AD Sync 1:1 rule.

How do you add a UPN domain suffix in Active Directory?

Active Directory Domains and Trusts

Active Directory cleanups prior to Sync



What Azure AD Connect filtering can you do?

Domain
OU Filtering
Security Group Filtering (No nested groups)
Attribute filtering

Does Azure AD Connect support AD Writeback?

No


Writeback is writing from one local AD to another local AD




Or from one Azure AD to another local AD

What fields do Azure use by default to associate an AD user with their azure user account?

Active Directory ObjectGUID


Azure Immutable ID

What is needed for Azure Password Writeback?

An Azure Premium account

Azure AD Connect - On-Prem requirements



What is the minimum server operating system required if you wanted to install Azure AD Connect with Password Sync?

Windows Server 2008 R2 SP1




Azure AD connect can be installed onto a Windows Server 2008 but will not have Password Sync.

What is the minimum Active Directory Domain and Forest level requirements for Azure AD Connect?

Windows 2003

What is the minimum RAM and HDD requirements for Azure AD Connect?

RAM:


4GB (<50K objects),


16GB (50K-100k),


32GB (100k+)




HDD:


70GB (<50k objects),


100GB (50k-100k),


300GB (100k-300k),


450GB (300k-600k)




CPU:
1.66Ghz

Can Azure AD Connect be installed on Server Core?

No - It needs GUI




It also cannot be installed on SBS and Server Essentials.

What attributes need to be present for the user in order for Azure AD Connect to synchronise a user to Azure AD?

ObjectGUID (Or another defined SourceAncor)


UserPrincipalName

AccountEnabled (userAccountControl Attrib)

What are the SQL Requirements for Azure AD Connect?

SQL Server 2008 SP4


to


SQL Server 2014

What program is used to manage the Azure AD Connect sync after it has been setup?

Synchronisation Service Manager

When is the Group filtering applied in Azure AD Connect?

The Azure AD Connect Metaverse

What is the Azure AD Connect sync order?

Active Directory Import


Azure AD Import


Active Directory Full/Delta Synchronisation


Azure AD Full/Delta Synchronisation


Azure AD Export


Active Directory Export



What will happen to a users Office 365 account if you filter them out of the synchronisation when they already have an account in Office 365?

The user will be soft deleted.

AD syncs into the connector space as User Schema and enters the Metaverse as...

Person Schema

Why would you do a Full AD Connect Sync over a Delta?

If an Office 365 Admin has changed the password of a synced user via Office 365 a Full Sync must be fun.



A Delta sync won't fix this problem.

What is the cmdlet to get the AD Connect scheduler?

Get-ADSyncScheduler

What is the shortest sync cycle in AD Connect?

30 Minutes

How do you force an immediate sync cycle?

Start-ADSyncSyncCycle -Policy Type




Initial is a 'Full' Sync Cycle

How do you force a stop of immediate sync cycle?

Stop-ADSyncSyncCycle

How do you change the AD Connect Sync Cycle in Powershell?

Set-ADSyncScheduler -CustomizedSyncCycleInterval

How do you check the current status of an AD Connect Sync in powershell?

Get-ADSyncConnectorRunStatus

What do you do if you have multiple users provisioned in Office 365 due to the user not being recognised on Sync?

Remove the User from the Sync OU, or assign an attribute to the user in AD and create an Attribute rule in Sync service manager.



Sync up to remove the duplicate user




Then run a command in Office 365 to get the ImmutableID of the removed (synced user)




Delete user from Office 365 Recycle Bin




Assign the ImmutableID to the unsynced user (The one previously managed by O365)




Move user back in Syncable OU in AD (Or remote Attrib filter) and re-sync

How does Office 365 validate a user in ADFS?

With its Token and Claims (issued by the federation server)

What type of redirect is used by Office 365to send an ADFS user back to the Federation Server for authentication?

302 Redirect

What is the format of the Token, claims and session info called when presenting to Office 365?

SAML Assertion

What is the process for an internal ADFS user to authenticate with Office 365?

User goes to portal.office.com and enters login details




User is redirected to the Federation Server via a 302 Redirection




User logs into Federation Server




Federation server checks AD and validates credentials




AD Server assigns Token and Claims, the Federation server passes back to the user.




Redirects back to Office 365

What is the process for an external ADFS user to authenticate with Office 365?

User goes to portal.office.com and enters login details




User is redirected to the WAP Proxy Server via a 302 Redirection




User logs into Proxy Server




Proxy Server speaks to the Federation Server




Federation server checks AD and validates credentials




AD Server assigns Token and Claims, the Federation server passes back to the Proxy and the Proxy passes back to the user.




Redirects back to Office 365 (302)

What is Modern Authentication?

OAuth

What kind of Token is used in Modern Authentication?

JSON Web Token




JWT

What is an STS?

Secure Token Server
(Federation Server)

ADFS Versions:

Version 2.0


- Windows Server 2008 / 2008 R2 (Req Download)




Version 2.1:


Windows Server 2012

Version 3.0:


Windows Server 2012 R2

What has changed in ADFS version 3.0?

- WAP replaces Web Proxy


- No more IIS Requirements


- Modern Authentication / OAuth2 / ADAL


- Support for Azure MFA


- No more stand-alone servers (Farms only)

What is the most important ADFS Service/Server Name?

The Federation Service Name




This is the name that all clients, servers and applications use.




This should be different from the Federation Server names




Used for both FS Cluster and WAP/Proxy

What do you need in order to use multiple WAP Servers?

A Network Load Balancer

How does the WAP/Proxy know where the Federation Server(s) is?

It is done via a manual entry to the HOST file on each WAP / Proxy.





What certificates are required for ADFS?

Server Authentication (SSL) Certificate - Public CA)
- Secure incoming communications from clients to ADFS authentication endpoints

Secure Communications Certificate (Public CA)
-Provides WCF messaging security for internal communications


- Same Cert as Servrer Auth Cert




-Token-Signing Certificate (Self-Signed)
Signed Tokens sent to relying parties

- Token Decryption Certificate (Self Signed)
Decrypt encrypted tokens received from idPs

What are the two types of Databases that can be used for ADFS Federated Servers?

Windows Internal Database (Best Practice)



Windows SQL (Not on same server)

ADFS - Windows Internal Database


- Up to 30 Servers (<=100 Trusts, ADFS 3.0)


- Up to 5 Server ( >100 Trusts or ADFS 2, 2.1


- Less cost, no additional licensing


- HA (1 Primary, Additional Db's read only) - LB
- No SAML Artifact Resolution


- No Token Replay Detection


- Can be converted to SQL Later

ADFS - Windows SQL (Not on same server)


- No limit of Servers


- More Cost, requires SQL Licensing


- HA (leveraging SQL Clustering) - LB


- SAML Artifact Resolution


- Token Replay Detection


- Cannot be converted to WID

ADFS capacity planning:

< 1000 Users
You can install ADFS on existing DCs
Shared NLB

1000-15,000 User
2 x Dedicated FS Servers


Dedicated NLB

15K - 60K users


3 - 5 x Dedicated FS Server


Dedicated NLB

In ADFS 3.0, how do you install the WAP/Proxy?

It's installed under the Remote Access Role

In ADFS 2.1, how do you install the WAP/Proxy?

It's an option with the ADFS Role

What port is needed for ADFS ClientTLS?

49443

What DNS records can you use for ADFS

A-Records only.

How do you stop a user from being able to log into Office 365 when ADFS is enabled?

Issue Claim Authorisation Rules

How would you stop a user from logging into Office 365 using their first name when ADFS is enabled?

Create an Acceptance claim rule and a new Authorisation deny rule.




By default active directory only sets claim rules on certain attributes. Need to add a transformation rule to push the attribute and then a Claim Authorisation Rule to deny users based on that attribute.

Where can you find the deny logs in Windows for ADFS?

Event Viewer > Applications and Services > AD FS > Admin

What are the two Passive ADFS authentication methods?

SAML - /adfs/ls
Oauth - /adfs/oauth

How do you enable Modern Authentication in Exchange online?

Set-OrganizationConfig -OAuth2ClientProfileEnabled $true




Verify with:
Get-Organizationconfig | FT Name,Oauth*

How do you enable Modern Authentication in Skype for Business online?

Set-CdOAuthConfiguration -ClientAfalAuthOveride Allowed



Get-CdOAuthConfiguration

What is the reason for being unable to connect to the MSolService internally from PowerShell once you've enabled Azure MFA Server?

By default internal MFA authentication only supports Windows Authentication, when you connect to MsolService it is doing it via Form Based Authentication.




You need to enable Form Based Authentication internally via the Azure MFA Server.

Should an ADFS Proxy server be joined to a Domain?

No!




AD FS Proxy servers should not be joined to the domain.

What are acceptance Rules in ADFS?

Set of tule run when authentication is required

What are Authorization rules in ADFS?

Set of rules when authentication is granted or denied

What are Issuance Rules in ADFS?

Set of rules run when deciding what claims rules to send to requesting party

What is the purpose for the ADFS Service Account?

It Runs the "Active Directory Federations Services" Service.




It performs Kerberos Authentication tasks

What is the AD FS Service Account requirements?

It needs to be a Domain User




It needs "Logon as a service" rights on FS




It needs a Password does not expire to be set




It needs the same account on all Federation Servers in Farms




It needs "Logon as a Batch Job" rights (Only if you run Scheduled tasks

How do you enable Group Managed Service Accounts in Windows Server 2012?

Done by PowerShell:



Add-KdsRootKey -EffectiveImmediately




**Mandatory 10 Hour Wait**

Is Windows Network Load Balancer supported on a Domain Controller?

No

What is the PowerShell cmdlet to install ADFS?

Install-WindowsFeature -Name ADFS-Federation -IncludeManagementTools

What is the PowerShell Cmdlet to install an additional ADFS Server into an existing ADFS Farm?

Add-AdfsFarmNode -PrimaryComputerName -CertificateThumbprint -GroupServiceAccountIdentifier

Modules required for Converting an Office 365 Domain to an ADFS Domain

Active Directory Powershell Module


Azure AD Powershell Module


Microsoft Online services Sign-In Assistant

What is the PowerShell command to convert an Office 365 standard domain to a Federate domain?

Convert-MsolDomainToFederated -DomainName

What command is used to specify the primary Federated Server if running the Convert-MsolDomainToFederated from a workstation?

Set-MsolADFSContect -Computer

What does the New-AdfsOrganization command do?

It can be used to create an object in order to pipe information into the Set-AdfsProperties cmdlet to set the ADFS Organization Properties

$MyOrg = New-AdfsOrganization -DisplayName "Org Name" -OrganizationUrl "http://"

Set-AdfsProperties -OrganizationInfo $MyOrg

PS Cmdlet to get ADFS Settings from PowerShell?

Get-MsolDomainFederationSettings

How do you set a new SSL Certificate on Federation Servers?

Set-AdfsCertificate -Thumbprint




Must be run on all FS Servers. Restart the service afterwards.

How do you set a new SSL Certificate on ADFS WAP Servers?

Set-WebApplicationProxySslCertificate -Thumbprint



How do you set a new ADFS Service Communications Certificate in PS?

Set-AdfsCertificate -CertificateType Service-Communications -Thumbprint

What command is used to customize Web Links and wording on the ADFS Login Pages?

Set-AdfsGlobalWebContent

What command is used to customize the imaging on the ADFS Login Pages?




Logo & Illustration

Set-AdfsWebTheme

Customizing ADFS 2.0/2.1 Web Page - Location:

Logo - Web.config



Example - CommonResources.en.resx
Instructions - CommonResources.en.resx


Page Title - CommonResources.en.resx

Hostname Header - MasterPage.master.cs


Authorized Use - MasterPage.master.cs

How do you change the theme for the ADFS login Page?

Set-AdfsWebConfig -ActiveThemeName

Create a new Theme for the ADFS login

New-AdfsWebTheme -TargetName "Name"

A Managed Domain is any domain that doesn't depend on Federated services.

Office 365




or




Azure AD Sync

How do you convert a Federated Domain back to a Managed Domain?

Convert-MsolDomainToStandard

How do you convert a Federated Office 365 User back to a Managed User?

Convert-MsolFederatedUser

How do you turn off Federated sign in for a domain when a Federated server is not reachable?

Set-MsolDomainAuthentication -DomainName -Authentication

What is the max number of objects in the Windows Internal Database?

100,000

How did you launch the Proxy configuration wizard in ADFS 2.0 / 2.1

Run FspConfigWizard.exe

AdfsGlobalWebContent

Text & URLs

AdfsWebTheme

Logo's, Css, Illustrations, Loading Scripts

Set-AdfsWebConfig

Sets the default theme

What are the two categories of reports?

Activity




Usage

Office 365 Reports:

Get-O365

Activations Report:


Licence Type (Pro Plus / Business)
What Device it's on




Active Users Report:


Licenced? (Exchange, One Drive....)
Last Activity Date
Licence Assigned Date
Products Assigned

Exchange Service Reports

Get-Mailbox
Get-Stale

Email Activity




Email App Usage




Mailbox Usage

One Drive / Sharepoint Reports:

Get-SPO

OneDrive Activity User

OneDrive Usage Site URL

Skype Business Reports

Get-CS

P2P


Conference Organized
Conference Participated

How do you import reports directly into Excel?

Reporting Web Service - OData Data Feed

Exchange Reports:

Auditing



Protection



Rules



DLP

Mail Flow Reports:




Get-MailTrafficTopReport
Get-MailTrafficSummary
Get-MailTrafficReport

Top Mail Senders

Top Mail Recipients

Top Spam Recipients

Top Malware Recipients

What is a BCL

Bulk Complaint Level




0 Good
9 Definitely Spam

Malware Reports:

Get-MailDetailMalwareReport

Top Malware for Mail
Top 10 Malware Agents




Malware Detections


Number of malware detections

Spam Detection Reports:

Get-MailDetailSpamReport

Spam Detections
Senders/Email/IP/Content

Spoof Mail Report (E5 ATP Only)
Spoof Senders

Rules Reports

Content or content filtering rules

Top rules matches for mail
Rule matches for mail

DLP Reports:

Top DLP Policy matches for mail

Top DLP rule matches for mail

DLP policy matches by severity for mail

DPL policy matches, overrides, and false positives for mail

Audit log reports check activity for Office 365 services

User Activity




Admin Activity

How do you turn on user Mailbox Auditing in Office 365?




Done per mailbox
None Owner actions

Set-Mailbox -Identity -AuditEnabled $true

How do you add Owner actions to the Mailbox Audit?

Set-Mailbox -AuditOwner MailboxLogin,HardDelete....




(What you want to track is after the command)

How do you get to the Unified Office 365 Audit log reports?

Security & Compliance Center

Https://protection.office.com

Which audit report do you run to see what an external admin or Microsoft have been going?

External Admin Audit Log report

Office 365 Audit Log:

- Off by default


- 90 Day limit


- Dates and times are in UCP


- Only the most recent 1000 Entries show up
- Can Export Search or download all result (50K)


- Must be a Global Admin
- Must have Audit log or view Audit log permissions

Powershell Exchange Audit log commands:

Instantly Generated:


Search-MailboxAuditLog
Search-AdminAuditLog
Search-UnifiedAuditLog

Sent via email:
New-MailboxAuditLogSearch
New-AdminAuditLogSearch

How do you turn on/off the Office 365 admin audit log?

Set-AdminAuditLogConfig

What is a Portal Email Hygiene Report?

Exchange Online reports for:




Inactive Mailboxes


Storage Quotas
Message Tracing

What are the Powershell cmdlets for Exchange Stale Mailbox Reports?

Get-StaleMailboxReport




Get-StaleMailboxDetailReport

What are the Commands for the Exchange usage report(s)?

Get-MailboxUsageReport


Get-MailboxUsageDetailedReport

What command is used for doing a Message Trace command in Powershell?




Results are for last 7 days

Get-MessageTrace




Get-MessageTraceDetail

What is the command to do a Message Trace with Powershell for items upto 90 Days old?

Start-HistoricalSearch
Stop-HistoricalSearch


Get-HistoricalSearch
(Shows Historical Search history - Past 10 Days)

GTUBE - Test for Spam

Google the content

How do you get Alerted when there is an issue with Office 365?

The Office 365 Admin App

What is the Max Service Health History on the Service Health Dashboard

30-Days

How do you monitor Office 365 Status in SCOM?

Office 365 Management Pack for System Center Operations Manager




Comes as a .mpb file

What are the two types of Support in Office 365?

Concierge Support - < 50 Users




General Support - >50 Users

What are the Connectivity Analyzer tools?

Remote Connectivity Analyser Tool (RCAT)




Microsoft Connectivity Analyser Tool (MCAT)




Lync Connectivity Analyser (LCA)

Remote Connectivity Analyser - RCA




Validate/Troubleshoot Office 365


Eliminate On-Prem Configuration

Microsoft Connectivity Analyser Tool - MCA




Locally Installed


Test End-To-End Connectivity

RCA:




Exchange DNS
Outlook Connectivity
ActiveSync
SMTP MailFlow


POP/IMAP
ADFS SSO
Free-Busy


EWS (Sync, Notifications etc)


Lync Connectivity - On-Prem Lync Only
Lync/Skype DNS / Autodiscover (Onsite Only)

MCAT:

Exchange DNS
Outlook Connectivity
ActiveSync - On-Prem Exchange Only
SMTP Mailflow
ADFS SSO
Free-Busy
Other Outlook Config Settings


Lync/Skype DNS / Autodiscover (Onsite only)


Lync Connectivity - On-Prem Lync Only

LCA Tests:

Lync/Skype DNS / Autodiscover (Onsite only)


Lync Connectivity - On-Prem Lync Only

What are the 3 Free / Busy Sharing Tools?

Hybrid Free/Busy Troubleshooting Tools




Remote Connectivity Analyser




Microsoft Connectivity Analyser Tool.

What is the only Supported Diagnostic Tool?

Microsoft Support & Recovery Assistant for Office 365




For troubleshooting Client login issues for individual user or their profile.

Where can a user access the Microsoft Support & Recovery Assistant for Office 365?

Outlook > File > Support

Microsoft Support & Recovery Assistant for Office 365 - What can it troubleshoot?

Office Activation


Outlook Configuration


Outlook for Mac Configuration


Mobile Devices


Outlook on the Web


Dynamix CRM


OneDrive for Business


Advanced Diagnostics (Exchange Online

What version of .NET and PowerShell is needed for Azure Rights Management?

PowerShell V2




.NET 4.5

How do you enable Azure Rights Management Integration in Sharepoint?

Step 1:




Settings> Information Rights Management> User the IRM Service




Step 2:


Modify properties IRM tab for library object

How do you enable Azure Rights Management integration in OneDrive?

Settings> Site Contents> Documents> Settings, permissions and Mgmt> IRM

What is the ARM PowerShell and .NET requirements?

PowerShell 4.0




.NET 4.5

What Powershell commands are used to get the all members in an Office 365 Role?

$role = Get-MsolRole -RoleName "name"




Get-MsolRoleMember -RoleObjectId $role.ObjectId

Notes about Exchange Online Administrator roles:

- Organisation Management is the most privileged role




- Office 365 Global Admins are members of 'Company Administrators' which is nested inside Organisation Management

Notes about Sharepoint Online Administrator Roles:

- SharePoint Online Administrator - Full SPO Privileges




- Site Collection Administrator
- Manage a Site Collection


- There can be multiple site collection admins but one must be primary


- Cannot Access SharePoint Admin Center

Which Administrator Role has Full Skype Privileges in Office 365?

Skype for Business Admin

What happens to OneDrive files and Skype for business history information when a user is deleted?

The contents are removed after 30-Days.

What does the % symbol mean when used in PowerShell?

It means ForEach-Object

Where does an ADFS SSL Certificate need to be installed?

All Federation Server
All Proxies

ADFS 3.0 Notes:
- Windows Server 2012 R2


- .NET 4.5


- No IIS or ASP.NET Required
- DC - Windows 2012 R2-


- Schema - Windows 2008+
- SQL Server 2008 / 2012 / 2014


- FARM Only

ADFS 2.1 Notes:


- Windows Server 2012


- IIS 8


- .NET 4.5


- ASP.NET 4.5


- DC- Windows 2012 -


-Schema Windows Server 2003 SP1


- SQL Server 2005 / 2008 / 2012

ADFS 2.0 Notes:


- Windows Server 2008 & 2008 R2


- IIS 7
- .NET 3.5.1
- .ASP.NET 2.0


- DC - Windows Server 2008 & 2008 R2


- Schema Windows Server 2003 SP1+
SQL - 2005 / 2008

Under 1000 Users = ADFS can be installed on Domain Controllers

ADFS Claims:




Claims are pieces of information about the authenticating user. They usually included data about the user queried from the Attribution Store (AD) or the login session.

Claim rules can be used to determine whether or not to issue authentication to the relying party, or what authentication flow should be, including whether to perform MFA.

What are the Three parts of the Claims Engine (aka Claims Pipeline)?

- Acceptance Rules (Claims Provider Trust)
Set of rules when authentication is requested




- Authorisation Rules (Relying Party Trust)


Set of rules when auth is granted/denied




- Issuance Rules (Relying Party Trust)
Set of rules run when deciding what claims to send over to the RP

Add Additional ADFS Servers:




Install-WindowsFeature ADFS-Federation -IncludeManagementTools






Add-AdfsFarmNode (Windows 2012 R2)

ADFS 2.0 / 2.1




GUI - fsconfigwizard.exe




PS - fsconfig.exe

When must the command Set-ADFSContext be run in PowerShell?

When you are converting an Office 365 Domain Name to a Federated Domain but you're not doing it from the Primary ADFS Server




Set-AdfsContext -computer

Windows Roles for ADFS:


ADFS 3.0


-Remote Access


- Web Application Proxy (Feature)




ADFS 2.1
- Active Directory Federation Services
- Federation Server Proxy Role Service

ADFS Proxy Roles:


ADFS 3.0
- Web Application Proxy




ADFS 2.0/2.1


- Web Server Role (IIS)


- Windows Process Activation Services

Where can you change the Release preferences in the Offcie 365 admin center?

Organization> Release preferences

Where can you find the Health, Readiness and connection checks for the installation of Office?

https://portal.office.com/tools

What is the minimum requirement for installing the Health, Readiness and connection checks?

Windows 7+ 64-Bit


.NET 3.5


IE 9.0
Windows Powershell 2.0

What are the idFix minimum installation requirements?

64-bit windows


.NET 4.0


4GB RAM


10GB HDD

What port does _sipfederationtls._tcp use?

5061

What ports do you need to have open for Outbound requests for Office 365?

80


443

UDP - 3478 / 3479 / 3480 / 3481 - A / V / DTS

5223 - Apple iOS push
TCP/UDP - 50,000 - 59,999

What are the Skype SOURCE ports?

50,000 - 50,019 AUDIO




50,020 - 50,039 VIDEO




50,040 - 50,059 DTS

What are the requirements for Azure Rights Management?

PowerShell v2
.NET 4.5

What report needs to be run to filter on Sender, IP, Reputation or Content?

Spam detection Report

Is ARM BYOK compatible with Exchange Online?

No



To encrypt attachments and messages you will need to use the Azure Keys.

What PowerShell command must be used to convert a Federated Domain back to a Managed Domain when the ADFS Server is unreachable?

Set-MsolDomainAuthentication

How do you update a current Office 365 configuration to enable Multiple Federated Domain support?

Update-MSOLFederatedDomain -SupportMultipeDomain