MS-102T00: Microsoft 365 Administrator Essentials Training

Configure your Microsoft 365 experience

• Maintain minimum subscription requirements for your company
• Manage your services and add-ins by assigning more licenses, purchasing more storage, and so on
• Create a checklist that enables you to confirm your Microsoft Entra tenant meets your business needs

Manage users, licenses, guests, and contacts in Microsoft 365

• Identify which user identity model best suited for your organization
• Create user accounts from both the Microsoft 365 admin center and Windows PowerShell
• Manage user accounts and licenses in Microsoft 365
• Recover deleted user accounts in Microsoft 365
• Perform bulk user maintenance in Microsoft Entra ID
• Create and manage guests and collaborate with them in SharePoint sites
• Create and manage contacts

Manage groups in Microsoft 365

• Describe the various types of groups available in Microsoft 365
• Create and manage groups using the Microsoft 365 admin center and Windows PowerShell
• Create and manage groups in Exchange Online and SharePoint Online

Add a custom domain in Microsoft 365

• Identify the factors that must be considered when adding a custom domain to Microsoft 365
• Plan the DNS zones used in a custom domain
• Plan the DNS record requirements for a custom domain
• Add a custom domain to your Microsoft 365 deployment

Configure client connectivity to Microsoft 365

• Describe how Outlook uses Autodiscover to connect an Outlook client to Exchange Online
• Identify the DNS records needed for Outlook and other Office-related clients to automatically locate the services in Microsoft 365 using the Autodiscover process
• Describe the connectivity protocols that enable Outlook to connect to Microsoft 365
• Identify the tools that can help you troubleshoot connectivity issues in Microsoft 365 deployments

Manage permissions, roles, and role groups in Microsoft 365

• Understand how roles are used in the Microsoft 365 ecosystem
• Describe the Azure role-based access control permission model used in Microsoft 365
• Identify the key tasks assigned to the common Microsoft 365 admin roles
• Identify best practices when configuring admin roles
• Delegate admin roles to partners
• Implement role groups in Microsoft 365
• Manage permissions using administrative units in Microsoft Entra ID
• Manage permissions in SharePoint to prevent oversharing of data
• Elevate privileges to access admin centers by using Microsoft Entra ID Privileged Identity Management

Manage tenant health and services in Microsoft 365

• Monitor your organization's Microsoft 365 service health in the Microsoft 365 admin center
• Implement Microsoft 365 network connectivity for assessments and insights
• Implement Microsoft 365 Backup (Preview) for fast content backup and restoration
• Develop an incident response plan to deal with incidents that can occur with your Microsoft 365 service
• Request assistance from Microsoft to address technical, presales, billing, and subscription support issues

Deploy Microsoft 365 Apps for enterprise

• Describe the Microsoft 365 Apps for enterprise functionality
• Plan a deployment strategy for Microsoft 365 Apps for enterprise
• Complete a user-driven installation of Microsoft 365 Apps for enterprise
• Deploy Microsoft 365 Apps for enterprise with Microsoft Endpoint Configuration Manager
• Identify the mechanisms for managing centralized deployments of Microsoft 365 Apps for enterprise
• Deploy Microsoft 365 Apps for enterprise with the Office Deployment Toolkit
• Describe how to manage Microsoft 365 Apps for enterprise updates
• Determine which update channel and application method applies for your organization

Analyze your Microsoft 365 workplace data using Microsoft Viva Insights

• Identify how Microsoft Viva Insights can help improve collaboration behaviors in your organization
• Describe how the Personal insights app analyzes how you work
• Describe how the Team insights app provides visibility into team work habits that might lead to stress and burnout
• Describe how the Organization insights app enables managers to see how their work culture affects employee wellbeing
• Describe how the Advanced insights app addresses critical questions about resiliency and work culture

Explore identity synchronization

• Describe the Microsoft 365 authentication and provisioning options
• Explain the two identity models in Microsoft 365 - cloud-only identity and hybrid identity
• Explain the three authentication methods in the hybrid identity model - Password hash synchronization, Pass-through authentication, and federated authentication
• Describe how Microsoft 365 commonly uses directory synchronization

Prepare for identity synchronization to Microsoft 365

• Identify the tasks necessary to configure your Azure Active Directory environment
• Plan directory synchronization to synchronize your on-premises Active Directory objects to Azure AD
• Identify the features of Microsoft Entra Connect Sync and Microsoft Entra Cloud Sync
• Choose which directory synchronization best fits your environment and business needs

Implement directory synchronization tools

• Configure Microsoft Entra Connect Sync and Microsoft Entra Cloud Sync prerequisites
• Set up Microsoft Entra Connect Sync and Microsoft Entra Cloud Sync
• Monitor synchronization services using Microsoft Entra Connect Health

Manage synchronized identities

• Ensure users synchronize efficiently
• Manage groups with directory synchronization
• Use Microsoft Entra Connect Sync Security Groups to help maintain directory synchronization
• Configure object filters for directory synchronization
• Explain how Microsoft Identity Manager helps organizations manage and synchronize user identities across their organizations and hybrid environments
• Troubleshoot directory synchronization using various troubleshooting tasks and tools

Examine threat vectors and data breaches

• Describe techniques hackers use to compromise user accounts through email
• Describe techniques hackers use to gain control over resources
• Describe techniques hackers use to compromise data
• Mitigate an account breach
• Prevent an elevation of privilege attack
• Prevent data exfiltration, data deletion, and data spillage

Explore the Zero Trust security model

• Describe the Zero Trust approach to security in Microsoft 365
• Describe the principles and components of the Zero Trust security model
• Describe the five steps to implementing a Zero Trust security model in your organization
• Explain Microsoft's story and strategy around Zero Trust networking

Manage secure user access in Microsoft 365

• Manage user passwords
• Create Conditional Access policies
• Enable security defaults
• Describe pass-through authentication
• Enable multifactor authentication
• Describe self-service password management
• Implement Microsoft Entra Smart Lockout

Explore security solutions in Microsoft Defender XDR

• Identify the features of Microsoft Defender for Office 365 that enhance email security in a Microsoft 365 deployment
• Explain how Microsoft Defender for Identity identifies, detects, and investigates advanced threats, compromised identities, and malicious insider actions directed at your organization
• Explain how Microsoft Defender for Endpoint helps enterprise networks prevent, detect, investigate, and respond to advanced threats
• Describe how Microsoft Cloud App Security enhances visibility and control over your Microsoft 365 tenant through three core areas

Examine Microsoft Secure Score

• Describe the benefits of Secure Score and what kind of services can be analyzed
• Describe how to collect data using the Secure Score API
• Describe how to use the tool to identify gaps between your current state and where you would like to be regarding security
• Identify actions that increase your security by mitigating risks
• Explain where to look to determine the threats each action mitigates and the impact it has on users

Examine Privileged Identity Management in Microsoft Entra ID

• Describe how PIM enables you to manage, control, and monitor access to important resources in your organization
• Configure the PIM role assignment process for use in your organization
• Understand how PIM audit history enables you to see all the user assignments and activations within a given time period for all privileged roles

Examine Microsoft Entra ID Protection

• Describe Azure Identity Protection (AIP) and what kind of identities can be protected
• Enable the three default protection policies in AIP
• Identify the vulnerabilities and risk events detected by AIP
• Plan your investigation in protecting cloud-based identities
• Plan how to protect your Azure Active Directory environment from security breaches

Examine email protection in Microsoft 365

• Describe how Exchange Online Protection analyzes email to provide anti-malware and anti-spam protection
• List several mechanisms used by Exchange Online Protection to filter spam and malware
• Describe other solutions administrators might implement to provide extra protection against phishing and spoofing
• Understand how EOP provides protection against outbound spam

Enhance your email protection using Microsoft Defender for Office 365

• Describe how the Safe Attachments feature in Microsoft Defender for Office 365 blocks zero-day malware in email attachments and documents
• Describe how the Safe Links feature in Microsoft Defender for Office 365 protects users from malicious URLs embedded in email and documents that point to malicious websites
• Create outbound spam filtering policies
• Manage email access with the Restrict Access list and the Tenant Allow/Block list
• Submit messages, URLs, files, and attachments to Microsoft for analysis

Manage Safe Attachments

• Create and modify a Safe Attachments policy using Microsoft Defender XDR
• Create a Safe Attachments policy by using PowerShell
• Configure a Safe Attachments policy
• Describe how a transport rule can disable a Safe Attachments policy
• Describe the end-user experience when an email attachment is scanned and found to be malicious

Manage Safe Links

• Create and modify a Safe Links policy using Microsoft Defender XDR
• Create a Safe Links policy using PowerShell
• Configure a Safe Links policy
• Describe how a transport rule can disable a Safe Links policy
• Describe the end-user experience when Safe Links identifies a link to a malicious website embedded in email, and a link to a malicious file hosted on a website

Explore threat intelligence in Microsoft Defender XDR

• Describe how threat intelligence in Microsoft 365 is powered by the Microsoft Intelligent Security Graph
• Create alerts that can identify malicious or suspicious events
• Understand how the automated investigation and response process works in Microsoft Defender XDR
• Describe how threat hunting enables security operators to identify cybersecurity threats
• Describe how Advanced hunting in Microsoft Defender XDR proactively inspects events in your network to locate threat indicators and entities

Implement app protection by using Microsoft Defender for Cloud Apps

• Describe how Microsoft Defender for Cloud Apps provides improved visibility into network cloud activity and increases the protection of critical data across cloud applications
• Explain how to deploy Microsoft Defender for Cloud Apps
• Control your cloud apps with file policies
• Manage and respond to alerts generated by those policies
• Configure and troubleshoot Cloud Discovery

Implement endpoint protection by using Microsoft Defender for Endpoint

• Describe how Microsoft Defender for Endpoint helps enterprise networks prevent, detect, investigate, and respond to advanced threats
• Onboard supported devices to Microsoft Defender for Endpoint
• Implement the Threat and Vulnerability Management module to effectively identify, assess, and remediate endpoint weaknesses
• Configure device discovery to help find unmanaged devices connected to your corporate network
• Lower your organization's threat and vulnerability exposure by remediating issues based on prioritized security recommendations

Implement threat protection by using Microsoft Defender for Office 365

• Describe the protection stack provided by Microsoft Defender for Office 365
• Understand how Threat Explorer can be used to investigate threats and help to protect your tenant
• Describe the Threat Tracker widgets and views that provide you with intelligence on different cybersecurity issues that might affect your company
• Run realistic attack scenarios using Attack Simulator to help identify vulnerable users before a real attack impacts your organization

Examine data governance solutions in Microsoft Purview

• Protect sensitive data with Microsoft Purview Information Protection
• Govern organizational data using Microsoft Purview Data Lifecycle Management
• Minimize internal risks with Microsoft Purview Insider Risk Management
• Explain the Microsoft Purview eDiscovery solutions

Explore data management practices in Microsoft 365

• Enable and disable an archive mailbox in the Microsoft Purview compliance portal and through Windows PowerShell
• Run diagnostic tests on an archive mailbox
• Restore deleted data in Exchange Online and SharePoint Online

Explore retention in Microsoft 365

• Explain how a retention policies and retention labels work
• Identify the capabilities of both retention policies and retention labels
• Select the appropriate scope for a policy depending on business requirements
• Explain the principles of retention
• Identify the differences between retention settings and eDiscovery holds
• Restrict retention changes by using preservation lock

Explore compliance in Microsoft 365

• Describe how Microsoft 365 helps organizations manage risks, protect data, and remain compliant with regulations and standards
• Plan your beginning compliance tasks in Microsoft Purview
• Manage your compliance requirements with Compliance Manager
• Manage compliance posture and improvement actions using the Compliance Manager dashboard
• Explain how an organization's compliance score is determined

Implement Microsoft Purview Insider Risk Management

• Describe insider risk management functionality in Microsoft 365
• Develop a plan to implement the Microsoft Purview Insider Risk Management solution
• Create insider risk management policies
• Manage insider risk management alerts and cases

Implement Microsoft Purview Information Barriers

• Describe how information barriers can restrict or allow communication and collaboration among specific groups of users
• Describe the components of an information barrier and how to enable information barriers
• Understand how information barriers help organizations determine which users to add or remove from a Microsoft Team, OneDrive account, and SharePoint site
• Describe how information barriers prevent users or groups from communicating and collaborating in Microsoft Teams, OneDrive, and SharePoint

Explore Microsoft Purview Data Loss Prevention

• Describe how Data Loss Prevention (DLP) is managed in Microsoft 365
• Understand how DLP in Microsoft 365 uses sensitive information types and search patterns
• Describe how Microsoft Endpoint DLP extends the DLP activity monitoring and protection capabilities to devices
• Describe what a DLP policy is and what it contains
• Understand how adaptive protection integrates Insider Risk Management with DLP
• View DLP policy results using both queries and reports

Implement Microsoft Purview Data Loss Prevention

• Create a data loss prevention implementation plan. Implement Microsoft 365's default DLP policy
• Create a custom DLP policy from a DLP template and from scratch
• Create email notifications and policy tips for users when a DLP rule applies
• Create policy tips for users when a DLP rule applies
• Configure email notifications for DLP policies

Implement data classification of sensitive information

• Explain the benefits and pain points of creating a data classification framework
• Identify how data classification of sensitive items is handled in Microsoft 365
• Understand how Microsoft 365 uses trainable classifiers to protect sensitive data
• Create and then retrain custom trainable classifiers
• Analyze the results of your data classification efforts in Content explorer and Activity explorer
• Implement Document Fingerprinting to protect sensitive information being sent through Exchange Online

Explore sensitivity labels

• Describe how sensitivity labels let you classify and protect your organization's data
• Identify the common reasons why organizations use sensitivity labels
• Explain what a sensitivity label is and what they can do for an organization
• Configure a sensitivity label's scope
• Explain why the order of sensitivity labels in your admin center is important
• Describe what label policies can do

Implement sensitivity labels

• Create a deployment strategy for implementing sensitivity labels that satisfies your organization's requirements
• Enable sensitivity labels in SharePoint Online and OneDrive so they can use encrypted files
• Create and configure sensitivity labels
• Publish sensitivity labels by creating a label policy
• Identify the differences between removing and deleting sensitivity labels