Exam Prep | MS-100: Microsoft 365 Identity and Services | BRK2157
Everyone. Well. Good. Afternoon everyone, thank you for coming to be our k2. 157, the exam prep for ms 100. The. First in the series of two for enterprise administrator, M 365. If. That's not what you think you're here for, that's. What we're gonna do my, name is Ed Baker I'm, a, Microsoft certified, trainer I'm a regional lead for the UK and I'm, an enterprise mobility MVP. So my specialty is Azure, Active Directory Intune, device. Management all that sort of stuff, we're. Going to cover today this is a 75, minute session I know there's a lot of 45, minute sessions this is a 75, minute session because. This exam if it doesn't already in the very near future we'll. Have performance-based, testing, in which I'll explain and, go through. What. Are we going to do today well. The. Idea is that I talk about the. Exam. Itself help you prepare for the exam give. You some key, information on, the areas that are. Likely to be examined, what. It is not is an exam cram it's not intended for you to come here get answers go out of the gutter the exam. Room and into it or go to this room and into an exam room. It's, an overview of certification, specifically, on this exam and. From. Somebody who trains it and regularly puts people through exams on it the sort of things we should be covering and the, areas you should be spending your time in, studying so. Before I go into that I'd like to just ask if, anybody, here has got any Microsoft certifications. Okay. If, you haven't already taken advantage of it get yourself across to the Microsoft learn stand. Get. A wristband, and you get access to the Microsoft, certification. Lounge where, there's extra. Good Wi-Fi special, Wi-Fi snacks. And lots. Of little activities, you can do in there its own just. It's where the exam certifications, are taken, any. Would take the exam here this week already, I'm. Not going to ask you how you did but they're, filling up fast first, time they've given free exams out they're filling up fast, there. Are no more scheduled exams left but if you walk up you may be able to get a slot that's been a no-show okay. So that's exams. And certification, and. Anybody. Already, got any of the new role based exams. Okay. That's a lot fewer the role based exams have been out for 12 months now they were released at ignite. Last year. And. We. Have the. Modern workplace track. There's the isère track. The. Dynamics. Track or the business applications, track and the. Asha. Track this, is the modern workplace, certification. Track, so. There's. Fundamentals. Level which is the MS. 900. Which. Is a one-hour. Exam and. Is. About 40. 50 questions, it's, not intended, for B to be for people who regularly do things day to day in the product it's intended for people who need to understand what the product does, we. Then have a number of associate, level exams and associate, level certifications, some of them are single some, of them are double so. As an, example the, certified. Security. Administrator, associate, is a, single exam the MS 500, some of them you require two the, reason I'm telling you all of this is that to get hold of the one you're here for now the certified. Enterprise, administrator. You. Need to have one, of the exams or one of the certifications. In the center so. It's a prerequisite, to gaining this, expert, level exact expert level certification. Released. Very recently this, week there are two new ones they're both in beta at the moment the certified, Microsoft. 365 developer, and the. Team's. Administrator. Which, is very different from the teamwork administrator. The, teamwork administrator, is SharePoint, onedrive, and. Teams the. Team's. Administrator. Is just that it's just teams and, management. And usage of the team service, and team's application. So. The people that Microsoft. Anticipate, that will be taking this set.
Of Certification, exams or, the role that it's intended for or are these people people. Who operate at the tenant, level, so. When the tenant is set up who sets domains who, sets the services, who, decides whether in external, sharing is allowed for people all those sort of things the. Identity. And compliance, policies, right. At the highest level. It's. Designed so that you the guys and the girls take in this exam will have. Lots. Of experience, of taking the workloads lots of experience, of managing these environments, and that's, why it is a requirement, to have the. Associate. One of the associate, level exams, before you sit it, having. Said that there's, nothing wrong if this is what you do with going to take the courses or taking both exams you'll. Have the exams you'll have passed the exams you won't get the certification though, until, you go and take one, of the other associate, ones. Within. This track if you pass, on past the the. One certification, required on the left-hand side of the screen what, are we testing what, a microsoft, expecting, you to understand, to be able to go and sit in the exam well. Historically the. Official, curriculum courses would cover about 60%. Of what is in the exam you're. Supposed to come in with 15 or 20 percent of knowledge in your expert trainer who's training you is supposed to have the rest of the knowledge and help you and guide you through it whereas, now. The. Course, is map, 100%. To the exam objectives which they never used to do so all the role based courses map 100%. To. The exams that's, not to say that every, single question, is going to be covered directly, in the exams in the course it won't but. All the, curriculum. Ideas and items will be covered so. Each, exam, has a number of objective. Domains, today. We're going to be do the, top-level one that the 100. Tomorrow. Afternoon. I'm doing the 101, which. Is only a 45-minute session, and we'll go through the bottom, so. There are four areas in this exam Microsoft, 365, services, user, identity. And roles, access. And authentication and, office, 365, workloads. And, applications. So. You expect you to have experience, and knowledge. Of doing these things and I would say that nowadays if, you, if you exclude, the performance-based testing, it's, not, easy and I wouldn't say impossible but it's really not easy to, go and pass one of these exams unless you have experience, hands-on using the product. So. Before if you don't use it regularly you don't do these sort of set up skills regular it's a really good idea to get yourself into a trial tenant create a brand new trial tenant and do the setups even. To the degree of buying yourself a dummy domain to set, up domain so you know how that works and what you do because. It's not the sort of thing you do on a regular, basis. And. Just. A reiteration you, don't get the great certification, on the right side until you've passed one on the left side. Exam. Basics exams haven't changed dramatically, in the length or the style over the last four or five years. Performance-based. Testing, has been added they are still in general, between, 40, and 60 odd questions, in. General, expect, to the exam to take about three hours with all the bits at the beginning in the end if you. Take an exam in not your native language and you're in your own country, then. You have extra. Time added for you normally about half an hour you, would have to check that with the test center you're taking it out though, especially. As at the expert level some, of the questions use English in a a.
Way, That might not be natural to people who it's not their first language you. No, longer just get choose one from this list of four or choose two from this list of five there, are lots and lots of, different exam, item, types, if. You go to the Microsoft. Comm. Slash learn website and go to the exams and look at exams overall at, the bottom of there you'll see a number. About five or six videos, short one two-minute videos just, giving you a demonstration of, individual, types of question so, that you don't expect everything to be a single, item or a single multiple. Choice and there. Are case studies in this exam a case. Study is a block, of text, with. Lots of things you should be or they expecting you to read and then between five and seven questions, normally. It's. Not time separately, it used to be it's not times separately so you don't get timed out on your case study. As. One who's done hundreds, of these things I recommend. You don't read the case study I recommend. You read the question and then go, to the case study to find the bits you need because the case study has a lot of text, and, if you read it the beginning of your, one. Out of eight questions. By. The time you get to question three you guaranteed. Have forgotten, because you're under stress you've forgotten what's in the first few bits in that case study so you'll have to go and reread it so don't read the case study just, read the bit that applies to the question you're answering and make sure you scan through the case study. To. Find all the information relating, to that individual, question. They. Can be quite complex case studies as well but. Some of the questions can simply, be one a one one-sentence. Question such as you. Need to deploy this app. Taking. Into account the security requirements so. You go to the case study you find the security requirements you, look at app one which if that's the app you're deploying and then you search for app one throughout the case study it makes it much quicker a much, simpler. But. Then after, your first few questions the, odds are if you're. Going to be taking, a role, based exam, one of these or one of the other ones and it's not in beta. You'll. Get one of these it'll. Suddenly or possibly, two of these it'll suddenly open up a portal and you'll. Sign in and it'll give you credentials, and then you'll have between. Five. And ten. Tasks. To do and, it'll say in the, format of a normal question you click on a task and it will say do this you. Then have to go and do it so. It's proving, you can do what the job suggests. You need to do and. Microsoft are not prescriptive, how, you do it because let's face it there are normally three or four ways of doing things this, isn't a simulation, that says you have to follow this track it's, a live system, it's a tenant there's been spun up for the exam often. With users, and groups and everything you need in it and all, you need to do is go and do it so PowerShell, is just as good an answer if you've got access to the past shell in the system certainly in the Geo exams you definitely do because you've got the cloud shell. But. If this is an azure ad question. Which you could have you could do cloud. Shell to answer the question. Just. Be aware you don't have to do things in a particular way which. Is a good time to mention that in a Microsoft 365, you can do things in different portals, if you do things in the m36, 5 portals, they. Apply to the whole tenant. And to most services, if you do things in a service like exchange online normally. It will only apply to the service you need to make sure your if you think this is a DLP question, I'm going to do this and you do it at the exchange level, and they wanted you to do it for SharePoint it, may not work so you need to make sure you read the question and follow, exactly what you're doing you. Would normally get two of these and then. Once, they have gone through and finished you would then do some more questions and all the scoring would be down at the end you'd get your result and.
Just. On an exam taking, topic do not panic if these stop working. There. Was a slight floor with a juror the other day where people couldn't sign in for a while and this exam came up how, do I sign in don't, worry there are people there to help you if it, all fails then, you will get more time or they will pause the exam and restart the exam it's not worth panicking, over the test if it's not something you're doing wrong sometimes, they freeze they're getting much much better and they're, an extremely, good way of proving, that you know what you're doing. So. That's, the exams in the exam technique and that sort of stuff what about what's actually in this exam. Well. The first objective domain. Or. The force for Dermott they Forge your objective domain as I mentioned earlier are design and implement services. Twenty. To twenty twenty-five. To thirty percent of your questions, will be based on this topic don't, spend all your revision time on this topic you're only going to get a quarter, or a third of the questions, on this topic. Spend. More time on managing user identity, which you would imagine in this role that's what you would be doing conditional. Access multi-factor. Authentication. Possibly. Even. Hybrid. Identity. Access. And authentication similarly. And then right at the end of the ten to 15% plan. Office 365, workloads, in applications. But. It doesn't leave you there it tells you what is in each of these so the. Format over the next 30, 35, minutes will, be me going through some of these giving, you hints and tips about areas, you should be thinking of followed. By a practice, test question, on each, one of these topics or each one of these domains. So. You're gonna get tested so. Here, we've got managing domains. Obviously. When you create a tenant, you get an on Microsoft com domain which is part of the multi tenant as your Active Directory, in. A, production environment it's, highly unlikely that you will be using that on Microsoft, com domain so it's not, guaranteed but, it's a perfectly. Decent question or two question topic to ask how, do you deal with custom, domains what. Do you have to do for custom domains. You. Need to know those. User. Identities, for a new domain name what. If you've got an, on-premises. Domain that, has a dot local, domain name. Like. Some people did when Microsoft told them to do it when they put 2003. And 2018. That's not a root Abul domain you can't use it so you need to be aware of where, you might change that and the circumstances. In which you would not do your hybrid identity. And. Then. Simple things like making. The primary, domain name the. New one not the old one. This. Area of the exam because this is an expert level exam so this is the top level exam you get questions, that ask you about planning and designing which. Are a little I would say fuzzy because they're not they're very direct and they're very open but, they leave, you to do more of the thinking about what, you need to do as an answer so, here we've got one plan for Microsoft 365, on-premises. Infrastructure. And. You're going but Microsoft 365, is a path solution, for SAS, solution, why do I need on-premises, well, integrates, you've got your hybrid identity, you've, got other features you can use on-premises, that will connect to what Microsoft 365, you, can use, applications. On-premises, that you authenticate, into using, Microsoft 365, so, you need to cover those areas as well which. Is a good time to mention this, is perfect, for copying, and pasting out of the exam spec dropping. Into a OneNote, with the wonderful news yesterday that one, know 2016. Is going to be updated again I'm going to carry on on the desktop edition as well and, then. You can apply your learning using, OneNote by, linking. All of these options to things you've done take it to Docs Microsoft, comm find, out what to do run the tutorial, play with it practice. Setting. Up your tenancy and subscription, there. Are so many different ways and so many different settings for this one, of the difficulties, with training, any cloud technology, is you practice, new prep from Sunday evening ready for your Monday morning class and you turn up and the. Portal has changed or, it. Used to be security and compliance and now it's a security, portal in a compliance portal but, if you type security, in compliance you still go to the old boy so. You. Will find there are very very few exam questions that rely on navigation. Now because they can't do that because navigation.
Is Not a valid test, occasionally. But, very very rarely so. You need to be aware of where, you need to do things specifically, indefinitely, for the performance-based testing, because. It won't tell you where to go and do stuff it'll give you a task and let you go and do it and you can waste an awful lot of time trying to find it. Health. Normally. In the courses that Mike Suffern. Monitoring. And health don't. Carry that much weight at the end so normally the last module or, they used to be the last module in mock now, you'll find that if you run the courses for these monitoring. Is there is a key feature and, one. Of the areas that changes, more regularly is the monitoring because, they're developing, it and using machine learning on all of their reports. And monitoring features and it changes quite regularly so often you'll go to the portal and it will say click, here for the new one you're going to see in a week or two or click here for the new portal because, they're giving you new, areas, to go through. Licensing. Licensing is, key you. Need, to decide your licensing, strategy, because, you might not have an e5 license, for everybody might have an e3 you might not have as your Active Directory premium for, everybody. If. You've got an M 365. Tenant you might have but. If you've got an office 365 tenant with add-ons you might not have read. The question make sure you're looking at what they're asking you and what the licensing, is, but. More importantly, what about applying licenses, where do I do that how do I do it do. I do it at a group level if. I do it at a group level what's the danger of doing it at a group level any. Ballo if anybody's got any questions don't wait stand, by the microphone and shout, at me because I'm answer them anytime obviously. If you applied licensing. At a group level and the, person comes out of the group they, lose their license, and. If you don't put them into another group that you've done group licensing, after, 30 days what, happens their.
Mailbox Goes away, things. You need to think about, things. That if I was writing exam questions I go that's a that's a tricky one I'd write that sort of thing. Migration. Migration is, a key area of this particular section. Specifically. Migrating. Mailboxes, and data, and. Importing. Those wonderful, wonderful PST, files we all love PFC files for. You shaking your head sir for a very small business for, 10 people how. Would you do it I would. Probably get them to import their you save their PST s and I'd import it because it would save me time but. There's. Three, or four different types, of, migration. For. Exchange online depending. On what you're currently using depending. On the number of users depending. On how you want it to work afterwards, and that's, a perfect, bit of exam questioning, technique it's like I've got a whole ball game there to start asking new questions on, about. Which one works where and why, so know the differences, between each if you can do something more than four ways know, the differences between the ways you can do it and when you would use them. Okay. I. Mentioned. Managing domains. Managing. Domains is really important, because it's the first thing almost the first thing you do when, you've got a brand new tenant, and, you. Need to prove you own the domain and, you, can do that in one of two ways you can do it with, DNS. Record whether it be txt or MX because some DNS systems don't let you put text records in so hopefully. They all allow you to put MX records but. Then once you've done that you. Will get a list, of all, the other DNS. Records, that it's going to create for you that's. A perfect thing to know, so. What do you need for your what used to be linked online that still has the link in the title. What type. Of DNS. Records will, be created, once you've verified your, domain. It's. Worth going into a deep dive on the. DNS config. There. They are. Excuse. Missing. Can. Be done automatically, or you can say no I know what I'm doing I'm going to do it manually. You. Can even let. Microsoft. 365 manage your DNS if you want to in those circumstances. The. Vet will be available obviously and, wherever there's a hyperlink. There it'll take you to the docs Microsoft. Comm example, of how you would do these things. Another. Tricky one implementation. Identity. There. Are lots and lots of ways you. Can use hybrid. Identity you, can use cloud only you can use hybrid identity you, can use hybrid identity with, heart, passions of passion hashed. Passwords, you, can use hybrid identity with pass-through authentication. With a DFS so. Read the question carefully as, to where they want authentication. To happen what's, possible, with hybrid or hybrid. Identity. So. The top one here will show you an. Ad. Ad. FS proxy, which of course now is the WAP proxy, so it shouldn't say ad FS proxy, it should say whap Windows, application, web application, proxy. Obviously. All of them need ad connect. Certain. Parts of AD Connect will run. The job for you absolutely fine on the Express wizard but. If you need anything different, like. An exchange hybrid. Or you, need multi forest or you need certain OU's, choosing, anything, like that you, need to run the wizard in custom. Mode. And. Then. At the bottom we've got pass-through. Authentication. Which, would allow you to authenticate on premises without having to deploy all that, ad FS. But. You should be able to go through the planning cycle here and. Be. Able to give reasonable answers, as to what you would do in all of these areas how, am I going to manage my mobile devices am i using in tune am i using something else well that you've bought into it you've got em 365, or, you've bought. Microsoft. Endpoint, manager. As. Announced, yesterday, as. Your information, protection. Have. You already got as your ad are or have you got already got ad RMS and are you going to integrate them or are you just gonna stick with a IP as your information, protection, no.
All Of the scenarios no. The protocols, that are used for on-premises, - protocol that used for authentication, in, Azure. Ad as well, there's. An awful lot of azure ad included. In this. Setting. Up your tendenci there, is now a setup program and, i reran it this morning and found something very different which i'll show you before we finish where, you now get some. Floating screens come in and give you the option to do it manually or give you the option to go through a guided setup process to tell you the things you need to set up which. Are unique to em 365, compared, to the office 365 tenant we. Need to know the differences, unfortunately. As licensing in this exam we need to know what you get an e3 and what you get an e5. You. Might need to know what you get in f1, or. What don't you get in f1. We. Don't have enough time for me to list them all but, you will know you will need to know what's available and, what the differences are. Course. You can. Can. We have the microphone icon here. Like. With new new features, like pastor authentication comes, to mind. Do. You know like roughly what would the. Timeframe. Be okay exactly yes I. Can help you with that so what you're saying is how, long are the questions valid for and when. Will they change so yeah. Depending. On what exam it is and the, throughput of that exam and whether it's a cloud-based or non cloud-based exam, every, one or three months the, entire pool. Is scrubbed okay somebody. Goes, through every, question and says whether it's a valid. Question still, but it needs changing because, some of the things don't exist anymore or whether, it's just not a valid question. Staff if you got a staff up question, that's, not there is it July July, doc oh is it October anyway that that's going, that. Won't be a valid question anymore so that would have to come out and then in the same time new, questions, are written ok, so, you will get new questions, on new features and old. Questions, removed, when they're no longer valid but, as an example Skype for business you're still gonna get Skype for business questions, because they sit alongside each other at the moment until. It's no longer available you'll, still get Skype for business questions, ok. That's. Not to say that you might find a question in there that is a topic, that has now gone away but went away last month and we haven't reached the scrub but, if it went away last month I'd, hope your revision had picked it up and you be able to answer it. Yeah.
There's. A couple of little posh le things I've written in the bottom just so that you you're, aware that posh, shel can come into this exam, which is a really good thing there's much less, passion they used to be in exams but. Certain. Things you can only do in pass shel it's really worth knowing the things you can only do in PowerShell and. The. Things you might, want to do in Paschal cuz it's much quicker yes so could you go to the microphone so that. So. The question was are they expect you to memorize Pasha no but, they would expect you to know that the. EM Sol module, is for Microsoft online services, and you wouldn't necessarily use Azure RM, or azure ad module. However. If. It's an entirely PowerShell, question, then, yes they would expect you to know how the command, works but. They wouldn't bet they're unlikely to put five commandlets, there and say pick. Pick one of these like. Has happened in the past but they might do. Absolutely. But at the moment it's still there and some, people can and you can only do the odd two or three things in it so it would be a cracking. Yes. It's. A transition, everything's a transition, isn't it so that's like Anna's, your exam you do in Azure RM module go hold. I'm supposed to be using a Zed not Azure RM so. You've. Got to keep current I've got to keep current. Upgrading. Your existing subscriptions, to Microsoft 365, there are many many many users out there with office 365, and enterprise mobility but, they haven't got the Windows 10 III, or e5 license attached you, need to know how to upgrade or when you can upgrade. Mostly. Wizard-based but if your CSP, obviously you get it through a partner and you can choose how you buy it as well. Tenant. Health tenant. Health is quite a key area as well making sure that. Everything. You've done is correct and everything you're managing, and monitoring is correct one things I didn't mention which I might mention in the bill later is if you're going to do. Hybrid. Identity and you're going to put all of your lovely Active Directory users into. Azure ad there is one thing you should do first. Absolutely. Because no, matter how well you keep your as your on-premises, Active Directory there, are going to be things that don't look quite right to Azure ad and you want to put all good stuff into Azure ad so, you could download and run idée fixe top. Tip download. And run idée fixe and if you've never done it download.
And Run idée fixe on on your Active Directory cuz it works really well. Ok. You. May you may find some. URLs. There as well because. There are URLs for portals. And URLs for this and URLs for that they're not expecting you to remember all of them just, know the ones that are really obvious than the differences. Service. Requests, very, small section, but do know how to raise a service request and the fact that if it doesn't work online you can phone them. So. If the wizard doesn't work you can do email or phone them if you want. You. Can export most of your reports, into, bi. You, can no longer export it into OMS, you. May see OMS written places but you'd exported, into log analytics, not OMS. Because. OMS as a product has now gone away and, Microsoft, 365, reporting, in the reporting, areas, of the portal will show you how to do all of that. The. 365. Usage analytics and the adoption analytics, excellent. Pre-built, power bi solutions, very. Useful. Yeah. Eventually yeah. Mine. Just stopped. Security, and compliance reports, absolutely. Security, and compliance is, critical in this section know. How to schedule them know how to look at them know what you can do with your security and compliance options, and also, know that some things you'll find in security, some, things you'll find in compliance now, the security element goes across both this and the 101 exam, but. Be. Aware that you will find elements, of it in both. Usage. Metrics this, is why, I was saying it's such a good power bi tool fantastic. But if it's going away it's going away you, can download, this and place, it in to connect, it to your office to your M 365. Tenant and see, all your usage, and analytics. Key. Here for your migration remember, I mentioned migration, and email migration and migration topics, you. Need to know what you can do so if I say to you I'm using Gmail and I want to get off Gmail, I, can. Only migrate, in one way I. Have. To do IMAP. But. What can I do in IMAP can I get everything. No. The difference is. No. The difference between a cutover migration. And. A staged migration and, what number of users you might need to do both all those sort of things. Find. Your users find the mailboxes, note. The different ways of migrating. Import. PST, files it's. Nitch it's small but it's an it's an absolutely. Useful way of doing small business migration, if it's a very small business. And. If. You want your users to do it your users can do most of it. For. Them. So. First, first test. Have. A quick read of this I'll read it for those at home your, company has recently decided, to move to Microsoft 365, wise, decision, you need to configure a custom domain to manage new users added to contoso com domain in the cloud what. Should you do first. That's. A typical example of a Microsoft question this, isn't what this isn't a question from the exam if you, want more questions like this lots of them in the. Hub. In the hands-on. Lab area the. Measurer, practice, tests are available if. You think they're good and you and you want them you can sign up for them and it's a cost cost thing but you can sign up with measure up to take these 150. Questions for each exam and they're Microsoft's preferred provider. But. What, should you do first is, a key. Type. Of question. Because. In your mind you'll have what you want to do but what's the very very first thing you have to do here complete, a network evaluation, using traceroute, to ensure you've got connectivity, configure. Azure Active Directory connect, to ensure there's directory synchronization, add. Contoso, calm, as a verified domain and Microsoft 365, and inch booing Microsoft 365 ensure, it's set as a primary domain change, the primary domain from on quantity, on Microsoft calm to, control, in, Microsoft, 365. You. Ever look. Anybody. Think anything other than see. Hey. User. Identity, and, roles. Don't. We all just love role based access. Role. Based access is fantastic. However you, need to make sure that. The role you're using or the role group in certain circumstances. Is the right one and has the least privilege, you'll see questions you, need to give this person the admit the ability, to do this this and this which, role do you need to give them you must use the least privilege. So. Don't give them global admin, but. You need to give them something that. Again. Relevant, to your question about posh Elsa you're not going to be expected, to know everything about everything but, you are going to be expected, to know critical. Roles like. Reader. Security. Admin what. They can do and what they can't do okay. And. Also, you have roles in exchange, that. Don't appear at the same level as roles in Azure ad you've got azure ad roles, that don't appear in the Microsoft, 365, roles because they use role groups, so.
You Need to know what your roles are called and how. You can use them and what permissions, you can give to people. Identity. Synchronization, is this area so this is the Active Directory Connect, area you need to know how to deploy it and use it if you haven't. Build. A VM on-premises. Build. A domain controller connect. Active Directory connect, to your dummy on-premises. Tenant practice. Makes perfect, I learn but I don't know how you learn but I learn by doing and I just keep going keep practicing and you you. Can do it all free Windows 10 has hyper-v now so you can put a domain controller on just on your PC, and test it that way you, don't need a VPN to do it you just need a you connect. Ad. Connect health, sounds. A fantastic, product it is you, need what, to use ad health ad connects health you, need an ad premium, license it. Will manage the health of your Active Directorate or it won't manage it it will monitor the health of your, Active Directory domain, controllers, and your. Ad FS servers, if you're using those. But, actually for free it will also manage your ad connect so. You don't need p1, to manage just the ad connect bit but to use it as its intended for. Ad. FS and domain controllers, you need p1. Or. An. E3. License of EMS, or m3 65. Again. I've mentioned multi forests understand, what you have to do with ad connect run, through the wizard take it out of take it out of express mode run it in custom, look at all the options click all the button and see what happens it's. The way of learning cuz things will open up if you click one button you'll get four more you can choose for boxing for more you can choose. There. Will be questions in there about cloud only identities, there'll. Be questions about hybrid, and where you manage your identities, so I've got a synced, Active Directory into, Azure ad how. Do I manage the on-premises. Users I manage. Them through ad because that's where they came from. Groups. Dynamic, groups again if I want to use dynamic groups, I need, ad, Premium or e3. Passwords. When. You set up a brand new tenant, does anybody know the password. Default link not length of password but length of time it's valid for. Ninety. Got 90 days. Who. Said another one nope. It is, not, set it's, not, changing you, do not need to change your password if you enable, it to be, set. Its. 720 days so Microsoft are telling you. Don't. Change your passwords use MFA. News. MFA and, of. Course now you've got the best practice in MFA of making. Sure you've got to break glass users, on the, old on Microsoft, comm domain so, they can sign in even if there's an error with MFA services, because. If you can't get in you can't get in to switch MFA off for your users to use you could find a question like that then. We look at user roles how do we delegate rights to users what roles are we gonna give them. And. Then. Security, and compliance rolls quite, a lot on security, compliance which, of the security, roles can do what. Good. Little, flowchart. Here on I want, to set up synchronization. Telling. Me what I need to do again you can't see it there but you'll have it in the deck you'll be able to see it. When. You would use password, hash and seamless sign-on what is seamless sign-on when you'd use password, hash and, pass. Through authentication. For disaster recovery solution, so if your on-premises, drops you've still got the ability to sign in using. Password. Hash and. Then we go through the Federation, option as well. It. Is unlikely to test you on your knowledge of a DFS, beyond, the fact that you need to know what a DF is what a DFS, is the, fact you can build it in a be connect automatically, and. Generally. What components, it has it's. Unlikely to be testing you on the nitty-gritty of a DFS.
It's. Not a guarantee but it's unlikely because it's just too in-depth into nature. So. Here's the wizard or the ad connect, tool. Told. All the installations, for you can see in there whether you can use Federation. With, a DFS, or ping Fedder a Twitter you're going to configure it here, we've got group write back group write back if you and device write back as well group, write back is for exchange online hybrid. Password. Write back you can do as well. An. Ad. Connect health that's, the window, for managing, your ad Connect health. In. Your environment. Listing. All your Active Directory domain, controllers. As. Your ad. The. Fundamental, for getting any of this in your head is knowing, everything, you can about azure ad. What's. In it what's not in it what you can do with it what you can synchronize, with it where the users go how you manage them what you need. P2, for. So. What features of Azure Active Directory do we need p2 for we need ID ID protection, privileged. ID management, and some, very nice little bits but effectively, that's it. Access. Reviews is one of them which comes under your protection you can set up access reviews, that allow you to manage who is in what group who, has what privileges, and you. Can even set it to auto remove, privileges. If they're, not using it or if they just don't respond, to their access review. Understand. Pin privileged, Identity Management understand. ID protection. And understand. Access reviews none of which are really, m3 65 features, but there definitely has your ad premium, features which you need to know. Groups. Dynamic. Groups. Dynamic. Groups. Group. Management, differences. Between security. Groups distribution, groups office 365, groups what you get with each how. You manage them. Know. The query language, for, dynamic. Groups don't. Build yourself a couple of dynamic groups if you haven't got a, tenant. With AD, premium, go. And take. A trial on, ad premium. Technically. If you're, using dynamic groups you're using ad premium, every user that goes in a dynamic group should. Have a license for AD premium to be licensed. It's. Not required, to do that because it will physically work once the tenant works but, to be licensed, you need to have a premium, license for each user that's going to do that.
It's. Unlikely in this one but might do in 101 talk about autopilot. Dynamic. Groups for autopilot is an excellent way of working out how. You which way your device is set. User. Roles. Here. We're looking at. My. Roles. For a user and we're going to add him to a new role. This. Will show for me all of the, azure. Ad roles, it won't necessarily show. For me all of the roles available at every level so. Exchange, administrator appears. Here but. In exchange he's not called an exchange administrator. Got. Organization. Management, and. You know Microsoft 365, he's called neither if he's the top level he's called company. Administrator, so, we've got lots and lots of different roles we need to understand the differences of. Practice. Question for section two. You. Have an on-premises. Active Directory domain, name contoso com, get used to canto socom it appears a lot in all of Microsoft exams and a datum you, plan to configure, identity, synchronization. Between contoso, comm on premises and an, azure active directory you. Will opt for the password hash synchronization. For authentication, which. Means you're authenticating. In the cloud you're not authenticating. On-premises, you, prepare a checklist to set up as your ad connect you, need to check for errors in your on-prem, boo. That's. Post a on-premises, mother i've got bit dyslexic, there an apology's on-premises. Active directory before i need to run something on that before. Your first synchronization. What, should you do first you. Should, use ID. Fix if you haven't got it already you download, and you run it you should. Use. ID. Fix. Come, on there we go. Access. And authentication, you're. Seeing now where this exam focuses security. Domains. Access. Identity, authentication, it's. All security, and the, three A's this. Is where we talk about multi-factor, authentication. You. Could still get questions on MFA, server MFA. Server is the on-premises, solution, that you could connect into Azure and you. Can no longer deploy that if you've got it you can use it but. If you go to the wall and deploy it it'll say yeah can't use that anymore because. As your ad will do it for you or. As your ad MFA, will do it for you you need to know that MFA. Depending. On your license is an, ad premium. Feature if you. Don't have em 365. CSP. And business, it's not for III, it is but. Business is different you get MFA for business it's. It each one is slightly different unless they've changed it in last week. Yes. Yes. I'll bait yeah the baseline comes to you and. You. Need to know how to set this thing up and where you can set MFA up because you can set MFA up in, identity. Protection which, user user risk policy or, sign-in risk policy you, can set it up in conditional access because, you can force MFA, you, can set it up in the MFA provider, there, are lots of ways of doing it so you need to be aware that when the question asks you about something you think oh it's MFA are they, directing, you to conditional access or, are they directing, you to.
Sign, In risk policy. So. The question, is since they no longer recommend, enabling, force, is, that. What they're going to ask you the question won't be as specific as that I doubt it'll be you, want to do this this and this, either. Do it if it's a performance-based test or, how. Would you do it or why would you do it or what would you do okay, it would be because it's very specific the difference between the, MFA provider and going in and setting up MFA. Questions are more likely to be something like, trusted. IP addresses, or how. Memorized. Devices. That sort of thing, and. What. Happens with fraud alerts and, stuff. Do you auto block and. Obviously. MFA, for administrator, global, administrators, you have anyway built in. They'll. Manage authentication. You're going to be looking at or then' Takei ting on premises authenticating, your ad FS or authenticating, in the cloud and the different methods and the different ways. Application. Access, know. What the ad application. Proxy is and how you use it very important, I. Don't. Know how many people are using out there but. It's likely it's likely, to get questions. A fantastic, product works really really well but, it's not when. I say niche I wouldn't imagine 80%. Of tenancy using ad Proctor the azure ad application. Proxy. Definitely. Know how you register, an app in Azure ad. And then. We go really into the realm of azure rather than Microsoft 365, with our b2b accounts, inviting. Guest users in. And. Creating. Guest accounts, that you don't want as b2b. And how. We allow, people access, to. Our, services. And products from an external, domain. So. Some of this is done in Azure ad some, of this is done in the administration. Portal in the organization, for sharing where. Do we share do we allow users. To share with external users do we not what level of sharing do we allow. It's. Really just familiarization. And your familiarity, with the areas that are being used and questioned. So. Got the authentication, method in Azure ad, there's, only one, password, the equivalent, of an ad password, settings object in, Azure ad you. Can't have fine-grain, passwords you have a password, setup we've. Obviously already decided, that Microsoft wants us to go through MFA, and not change our passwords, every, authentication. Should be MF ade and if you think you don't need it go to my sign-in stop Microsoft comm when. I first did this is a demonstration, and I haven't got MFA enabled I had hundreds. Of Russian Brazilian, and Chinese, attempts.
It'll. Show you where it is it'll show you what product they were using what product they were trying to get into fantastic. Resource. Know. When you can use the custom band password, list as opposed to the built-in band password, list in, MFA. Excuse. Me hello, is there a my silence, okay, is, there a my silence, for the admin, side to view your users. For. The of you, can see if you go to the audit log you, can go into the portal and see everybody's, attempted, sign ins but that is just that's, the user level but obviously admins can see that but. If you go into your I come. In whether it's now audit log your activity log, in as your ad it'll, show you all users, sign ins thank, you and you can filter by user filter, by successful. Unsuccessful. Whatever you want. Mfa. Administer. The users it's, still going to be hitting in for enforce, and enable because that's. What's currently there. Know. That if you're setting up. Self-service. Password, Reset an. Administrator. Cannot, use. Security. Questions and they, have to use two factors, they, can't just use one a user, you can setup you can be quite devious you can setup I want five security questions, I want three, factors I want everything else or they can just have one as. An administrator, if you're doing self-service, Password Reset you have to have two factors. And you can't have one of them as security, part, or security questions. Know. What. You can use in terms of app app numbers, Apple thent ocation as well, I. Mentioned. Application, access register. Your applications, in Azure ad how do you do it what you setup whether. It's a pre created Apple one from, the gallery or one that you are creating, internally, whether it's a line of business app you need to know about those. B2b. Accounts, used. To be done very differently now, you create, a user they get an email when, they sign in they sign in with their own credentials and they get the access you give them to your applications. And services, you. Also get. If. You. Do this you, have five extra, licenses, for them to use if you've used them you, have to provide them with a license unless they have their own license, in which case they bring their own with them. Also. Be added and set up in, the main portal, the admin portal from, the organizational. Relationships, area. Practice. Question here. You. Manage a Microsoft, 365, tenant for your company you want users to be able to access an. On-premises, web application, using their Microsoft 365, credentials, so you've already got Windows server installed, with I is that, you allow people, to use internally, you, want them to be able to authenticate using, their. Cloud. Credentials. You. Need to configure your Azure Active Directory, to do this what, should you do. It's, not less clear, more. Tricky. So, we got some B's and some C's in there. Nope. There's no first there it just says what should you do. Application. Proxy the, application, proxy allows, you to authenticate to on-premises, solutions. Creating. An app registration, will not work on its own you, need the proxy to be able to do that. Final. Section of the objective. Domain. Plan. Your workloads, and applications, so this is the first time we're. Looking at services. And workloads within Microsoft. 365, the. Rest has all been tenant, based security based authentication, based, so you know where you need to be doing your. Revision. 10, to 15% so, if you've got let's. Say you've got 50 questions you're. Gonna have five, questions, to six questions or seven questions maximum, on this section if. You, have that level of percentage. But. It doesn't make it easy because we're looking at hybrid. And, exchange hybrid is one of the most complicated things to work out because. There are so many different options for how you do it, however. To use exchange hybrid you have to use AV connecting, you have to use it in the custom. Mode not the Express mode. Then. There's a whole section on office 365, ProPlus deployment. So we're going to be using the office deployment, tool, and. We're going to be using the, XML, file to generate. Requirements. You. Will get questions about the difference between office. Online and, Office, ProPlus. Which. Should be very easy to work out there should be not, necessarily but.
They Should be. So. So. Plan my deployment. Here. We go through the rigmarole of update, channels, what's. Available to you. Have. They changed the names again but what's available to you. Is. It gonna be semi-annual, is it gonna be semiannual targeted, is it gonna be monthly is it gonna be monthly targeted, know what they mean know how they work how. We're, going to distribute this stuff. Do. We use config manager or microsoft, endpoint. Manager. Or in tune, we're. Using the office deployment tool. It's. All about planning. So. If I was going to deploy. Pro. Plus and the. Question said with. The least, administrative. Effort, which. Is yet another one of those let's, guide you down where we're telling you to do something I would. Suggest to you that it's not going to be config manager or what's us. Just. A hint I would. Say it's going to be using, the. Deployment tool or the. Office. 365 content. Delivery. Where. You can do it for into. Group. Policy. Something. Just. See. There. You're trusting users sir. So. The, user might decide he only wants these apps whereas. You want him to have the right apps or. You might have upgraded from. Business, to, enterprise which, means his apps are wrong anyway and you need to uninstall them and reinstall, them because, they don't give him the features he wants and that you want that you bought with enterprise it's, not okay it's not like Windows 10 we can just go I've now got an enterprise license. Which. Will obviously license itself through your license key you have to uninstall the apps and reinstall them because they're different they have different features and different applications. So. Again I. Couldn't. Possibly comment about users ignoring if that's. You. Want control is effectively what it's asking you you are deploying it it's not usually diploma but usually the problem it could easily be an option in the answers but. If the question says you want to enforce them to do anything, that's, not the answer. So. You have an on-premises Active Directory domain. Your. Company, uses no it doesn't use Gmail it uses Gmail. My. Proofreader, is in a lot of trouble. Yooper. That, wasn't that wasn't an intentional pun that really wasn't you, purchased Microsoft 365, and configure, as your ad connect for hybrid identity using pass-through, authentication. Which. May or may not be relevant at all you will find the question, things that are designed, to distract. You into an area and it has no relevance to the question you. Plan to migrate all email, to exchange online good idea you decide to use IMAP, migration. Which, is the only one you can use with Gmail or genome, you, need to identify what, you can migrate to, exchange online using, IMAP migration, what. Can you migrate in, boxes and folders in boxes, folders and contacts in boxes folders contacts and calendars in boxes folders contacts, tasks and calendars. Now. Unless you know that you're not going to guess that right are you. If. You. Know I'm at you're. Fine but. If it's not something you do and it's not something you've ever done you, may not know but yes you're entirely right. It's. Like somebody says is it a difficult exam no exams difficult if you just know. Reading. The questions is sometimes difficult. Okay. So. MS. 115%. Deploy, Windows, 35. To 40%. That's. Entirely wrong. Let. Me hope it's still in there no. It's not somebody. Has changed that to m/s 100 from 101 my apologies so I should take you to the original one which was, the. Security. In deployment. They. Go. Back I. Can't. Believe that's on that deck so. When you said is this the most current Dexter and I said yes no I didn't look at that slide it's not the most current deck. Apologies. For that folks. So. 2025, % on access and authentication. And. Yeah. Bear with me two seconds. Something. Has to go wrong every time you get on stage otherwise you're not on stage so. That's. More like it design and implement Microsoft 365 services court review exam manage. User identity, enrolls 35, to 40 percent. Access. And authentication 20, to 25 and plan office workloads 10 to 15.
You. Can't afford to ignore any of them, the. Exam. Which when we go, into the next set which is down here about. The exam itself. And. About how to prepare. Microsoft. Have produced, a whole bunch of new learning resources. So. We've got the, Microsoft, comm, / learn platform, which I'll show you before. We finish. You. Can obviously come to training event so you can go to classroom training, and then, to validate you would do certifications, but the learn platform, is not designed to give you everything you need it's designed to help you along so you won't find a learning. Path that will give you everything for ms 100, or everything for ms 101, the. Learning path will be something about security. And Azure Active Directory or, it'll be something about authentication. You just need to know the bits in the learn path, you want to pull out more. Things are being added all the time. The. Very first thing I would suggest everybody, does create, a OneNote. Go. And download the, objective, domain put it in OneNote and start writing what. You're doing and follow it part, of that is that as you, know things change regularly, so, when you learn it take, screenshots, drop it into OneNote show what you've done so. That when you go back you know what it was you're unlikely to get many screenshots but. If you take two to three months to study for the exam and things have changed you, might want to know where it was when you were studying it, Microsoft. Learn I've mentioned as classroom, training there are two courses for this the, courses have just been. Re-released. As at, the 25th, of October, so they're brand new content in the courses they. Were only released last year they've just been re-released. Then I've already mentioned practice. Tests, now I use practice tests as a learning tool not a certification tool, I answer. The question I then look at all the answers and I pay as much attention to, the wrong answers as, I do the right answers because you'll get explanations as to why they're wrong so, if I've got that question wrong and I've clicked it it'll tell me why I was wrong on what it is so. I use it as a learning tool I don't use it as a certification tool. You. May already be aware that. There. Are free exams here, you. Can take one free exam on site it's, only walk-ups now because everything's full but every, single, attendee. Gets. One. Exam to take anywhere in the next six months you just. Go to that address sign in with the email address you used to register. If. That's. Not your certification. Email address. Then. You link them in, the tool and it, will allow and it will know you were an attendee and it will not charge you for the exam yes sir, there, are some courses available on EDX. Open, EDX they're, going to be integrating, those into learn. And. The courses on EDX will not be eventually so, learn, is the place to go okay. What. One of Microsoft's not problems one of Microsoft's historic. Traits is - so there's Channel nine they use YouTube there's EDX. There's open EDX there's all sorts of different platforms EDX. Was designed the open EDX was designed for learning partners to put courses on and give people support through, massive online learning, yes sir. Yes. Yes. How. Good's that. No. You don't have to register here and now you, you can schedule it whenever you like you just go and you must take the exam where you can't register and take it in nine months the exam must be taken in six months okay. Yes. It. Is. In. Addition take. A free one here if you can get space and you. Can take that free one at any time at home in six months yes to, free exams, I couldn't. Comment because I'm on the microphone but yes I would I would. Agree with you yes. They, also offer often. When there's a brand new exam they'll, publish, short. Term beta codes which give you a reduced cost exam, because. When a brand new exam comes out they want a certain number to have taken it so they can evaluate with the exam works would and you don't get the results straight away in beta so.
We've Got a few minutes left, I, wanted. To give you a couple of demonstrations before, we go so I will do that but, there. Are other exam, prep this week if you go to the learn stand you'll get a better slide which has got who's doing it where it is and what time it is and what day it is, they, remind some do move and. I'm going to come out of here and I'm going to hope that. This. Hasn't all gone bad and, wrong, number. Six right. So. I mentioned custom. Domains I wanted. To demonstrate here this is the new experience, of, setting. Up when you first open your tenant you'll get finished setting up office if, you go to go to setup. It'll. Take me through a wizard I can, go through add my domain or I can say actually I want to go to advanced, setup. Notice. In advanced setup I. Can. Go back to guided, setup but. Also you've. Already got the password set, to never expire I, can. Change that at the time I set it up Microsoft, don't recommend you do but, if I do enable, that. And. I manage it. And. Switch it off. It'll. Give me 14 days. Notification. About a user expiry, but. They want me to have it as. Manage. Passwords always. Not. Expiring. So. I go back one. And. Back one and then. I can also set up am. I going to allow users to do self-service, password reset in the customers, that they're guiding, you through setting up your whole tenon this, is all fairly, new. Do. I want to give admins only the access they need so that's going to be something like PIM, privileged. Identity Management. I've. Also got all the other options so in tune if, you get any questions upon about tenant. Level the, Intune portal, in Azure is, different. To. The device management, portal. The. Device management portal is a it's, not cut down it's a guided, scenario, it's only got those things in there and, if I go to my Intune tenant and I look at device enrollment notice. That the new tenant. Which. I span up yesterday. Is. Already. Because. It's an M 365, tenant. And. Finally. If. I go to learn, this. Is the new learn screen you're, able to. Browse. All your learning options and you. Can go through any of the learn solutions. You want to go through so. Office365. Advanced. Threat protection that's. Probably, more of that 101, but. Some, of that would be useful in here. So. It's not specifically. Aimed at this, role and this exam but, it's content that will be covered in this role on this exam. Okay. While I switch back I. Move. On one if. I leave the evaluate, please evaluate. There's. No point doing this stuff if people don't evaluate and tell them tell us what they think, any. Questions, we got six. Minutes which. Is normally what I leave five six minutes any other questions, I know, you ask questions as you go through but. No. Questions at all. Excellent. You, say. Hello. Thank you for your presentation, that's okay if. We, are going to schedule our second exam yes so I tried to do this I saw for exam I click to the millions and. It, denied me but it wasn't because I chose this location or. Was yes I chose it was probably because you chose this location okay, because it, doesn't want you to take it on site we want you to take it at home probably if not go.
To The certification area and speak to one of the Pearson VUE people there and he should be able to help you I'll probably thinking okay yeah. So is. There going to be anything on GPO, settings related, to. Enrollment. Or. Aad. Connect or highly. Unlikely but I can't rule it out because that's more of a nitty-gritty. Level for the devices and the and the users rather than the tenant level services that's more likely to be 101 okay, okay, thank. You very much for coming please do a valuate and if you've got no further questions, thank, you very much.