Home Cloud & Networking Microsoft 365 Administrator MS-102 Exam Guide

Microsoft 365 Administrator MS-102 Exam Guide

By Aaron Guilmette
cert-book-svg-icon Book + Practice Resources
*Includes free Practice Resources*
eBook $35.99 $24.99
Print $44.99
Subscription $15.99 $10 p/m for three months
$10 p/m for first 3 months. $15.99 p/m after that. Cancel Anytime!
What do you get with a Packt Subscription?
This book & its free web-based practice resources that perfectly complement each other
This book & 7000+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with a Packt Subscription?
This book & its free web-based practice resources that perfectly complement each other
This book & 6500+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with eBook + Subscription?
Download this book in EPUB and PDF formats, plus a monthly download credit
Web-based practice resources to apply what you learn in the book
This book & 6500+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with a Packt Subscription?
This book & its free web-based practice resources that perfectly complement each other
This book & 6500+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with eBook?
Web-based practice resources to apply what you learn in the book
Download this book in EPUB and PDF formats
Access this title in our online reader
DRM FREE - Read whenever, wherever and however you want
Online reader with customised display settings for better reading experience
What do you get with video?
Download this video in MP4 format
Access this title in our online reader
DRM FREE - Watch whenever, wherever and however you want
Online reader with customised display settings for better learning experience
What do you get with video?
Stream this video
Access this title in our online reader
DRM FREE - Watch whenever, wherever and however you want
Online reader with customised display settings for better learning experience
What do you get with Audiobook?
Download a zip folder consisting of audio files (in MP3 Format) along with supplementary PDF
What do you get with Exam Trainer?
Flashcards, Mock exams, Exam Tips, Practice Questions
Access these resources with our interactive certification platform
Mobile compatible-Practice whenever, wherever, however you want
BUY NOW $10 p/m for first 3 months. $15.99 p/m after that. Cancel Anytime!
eBook $35.99 $24.99
Print $44.99
Subscription $15.99 $10 p/m for three months
What do you get with a Packt Subscription?
This book & its free web-based practice resources that perfectly complement each other
This book & 7000+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with a Packt Subscription?
This book & its free web-based practice resources that perfectly complement each other
This book & 6500+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with eBook + Subscription?
Download this book in EPUB and PDF formats, plus a monthly download credit
Web-based practice resources to apply what you learn in the book
This book & 6500+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with a Packt Subscription?
This book & its free web-based practice resources that perfectly complement each other
This book & 6500+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with eBook?
Web-based practice resources to apply what you learn in the book
Download this book in EPUB and PDF formats
Access this title in our online reader
DRM FREE - Read whenever, wherever and however you want
Online reader with customised display settings for better reading experience
What do you get with video?
Download this video in MP4 format
Access this title in our online reader
DRM FREE - Watch whenever, wherever and however you want
Online reader with customised display settings for better learning experience
What do you get with video?
Stream this video
Access this title in our online reader
DRM FREE - Watch whenever, wherever and however you want
Online reader with customised display settings for better learning experience
What do you get with Audiobook?
Download a zip folder consisting of audio files (in MP3 Format) along with supplementary PDF
What do you get with Exam Trainer?
Flashcards, Mock exams, Exam Tips, Practice Questions
Access these resources with our interactive certification platform
Mobile compatible-Practice whenever, wherever, however you want
  1. Free Chapter
    Chapter 1: Implementing and Managing a Microsoft 365 Tenant
About this book
The MS-102: Microsoft 365 Administrator Exam Guide is meticulously crafted to empower readers with practical insights, starting with the essentials of provisioning a Microsoft 365 tenant, configuring identity synchronization and secure access, and deploying key Microsoft 365 Defender components. The book's purpose is clear—to guide professionals through the complexities of the MS-102 exam, ensuring not just exam success but mastery of the subject matter. This comprehensive exam guide comes with lifetime access to supplementary resources on an online platform, including flashcards, mock exams, and exam tips from experts. With unlimited access to the website, you'll have the flexibility to practice as many times as you desire, maximizing your exam readiness. As you progress through each chapter, the book unveils the layers of Microsoft 365 workloads, equipping you with the skills to manage role-based administration, deploy identity synchronization using Entra ID Connect, implement modern authentication methods, manage secure access through Conditional Access policies, and analyze security threats using Microsoft 365 Defender. By the end of this book, you'll have the proficiency to implement data loss prevention, configure information and data protection features, and approach the MS-102 exam with confidence.
Publication date:
December 2023
Publisher
Packt
Pages
534
ISBN
9781835083963

 

Making the Most out of This Book - Your Certification And Beyond

This book and its accompanying online resources are designed to be a complete preparation tool for your MS-102 exam.

The book is written in a way that you can apply everything you’ve learned here even after your certification. The online practice resources that come with this book (Figure 1.1) are designed to improve your test-taking skills. They are loaded with timed mock exams, interactive flashcards, and exam tips, to help you work on your exam readiness from now till your test day.

Before You Proceed

You need to unlock these resources before you start using them. Unlocking takes less than 10 minutes, can be done from any device, and needs to be done only once. Head over to the start of Chapter 7, Managing Security Reports and Alerts by Using the Microsoft 365 Defender Portal in this book for instructions on how to unlock them.

Figure 1.1 – Dashboard Interface Of MS-900 Practice Resources

Figure 1.1 – Dashboard Interface Of MS-102 Practice Resources

Here are some tips on how to make the most out of this book so that you can clear your certification and retain your knowledge beyond your exam:

  1. Read each section thoroughly.
  2. Make ample notes: You can use your favorite online note-taking tool or use a physical notebook. The free online resources also give you access to an online version of this book. Click the BACK TO THE BOOK link from the Dashboard to access the book in Packt Reader. You can highlight specific sections of the book there.
  3. Chapter Review Questions: At the end of this chapter, you’ll find a link to review questions for this chapter. These are designed to test your knowledge of the chapter. Aim to score at least 75% before moving on to the next chapter. You’ll find detailed instructions on how to make the most of these questions at the end of this chapter in the Exam Readiness Drill - Chapter Review Questions section. That way, you’re improving your exam-taking skills after each chapter, rather than doing it at the end.
  4. Flashcards: After you’ve gone through the book and scored 75% more in each of the chapter review questions, start reviewing the online flashcards. They will help you memorize key concepts.
  5. Mock Exams: Solve the mock exams that come with the book till your exam day. If you get some answers wrong, go back to the book and revisit the concepts you’re weak in.
  6. Exam Tips: Review these from time to time to improve your exam readiness even further.
 

Microsoft 365 Tenant

The Microsoft 365 tenant is the security and content boundary for your organization. While deploying a tenant is a simple task of entering contact and payment details, there are many considerations that go into designing and implementing a tenant. These considerations will be used to securely provide access to an organization’s data.

In this chapter, you’ll explore the core components of planning your Microsoft 365 experience as it pertains to the MS-102 exam. The objectives and skills covered in this chapter include the following:

  • Creating a tenant
  • Implementing and managing domains
  • Configuring organizational settings
  • Identifying and responding to service health issues
  • Configuring notifications for service health
  • Monitoring adoption and usage

By the end of this chapter, you should be able to articulate the core concepts around planning and implementing a Microsoft 365 tenant successfully.

 

Creating a Tenant

A tenant, from a Microsoft 365 perspective, is the top-level structure that identifies your organization. It’s a boundary that separates your users and data from those of other organizations that use the Microsoft 365 service. Creating the tenant is the primary prerequisite step to working with Microsoft 365. The first step in creating a tenant is to plan a tenant, followed by provisioning a tenant.

Planning a Tenant

There are a number of early planning stages for creating a Microsoft 365 tenant, but the one you’ll carry out first will be deciding which kind of tenant to acquire. Tenants are available for organizations of different sizes as well as different industry verticals. Many of these early planning choices can’t be changed later, so you want to make sure you have a thorough understanding of all of the options before hastily clicking through selection screens.

Selecting a Tenant Type

Microsoft has made a variety of packages available, targeting different types of organizations, as shown in Figure 1.2:

Figure 1.2 – Types of tenants

Figure 1.2 – Types of tenants

Table 1.1 below lists the types of tenants available for customers to choose from:

Tenant type

Target customer

Microsoft 365 Personal

Single person or home user

Microsoft 365 Family

Single person, up to 6 users

Microsoft 365 Business

Up to 300 users

Microsoft 365 Enterprise

Unlimited users

Microsoft 365 for US Government

Unlimited users

Microsoft 365 for Education

Unlimited users

Table 1.1 – Tenant types and target customers

For the purposes of the MS-102 exam, you’ll focus on the Microsoft 365 Enterprise service plans.

Tenant Type Deep Dive

The MS-102 exam focuses on the feature set and product, or service bundles, available in Microsoft 365 Enterprise plans, though the technologies available are largely the same across all plans. Microsoft 365 for US Government is available only for local, state, and federal government customers (and their partners or suppliers) and has a subset of the currently commercially available features, trailing by anywhere from 6 months to 2 years, depending on the certification level of the environment. Microsoft 365 for Education has the same feature set as the commercial enterprise set, with a few added features targeted to educational institutions. Microsoft 365 for Education is only available to schools and universities.

Selecting a Managed Domain

After choosing what type of tenant you’ll acquire, one of the next steps you’ll be faced with is naming your tenant. When you sign up for a Microsoft 365 subscription, you are prompted to choose a name from Microsoft’s onmicrosoft.com managed namespace. The name you select will need to be unique across all other Microsoft 365 customers.

Tenant Name Considerations

The tenant name (or managed domain name) cannot be changed after it has been selected. As such, it’s important to select one that is appropriate for your organization. The tenant name is visible in a handful of locations, so be sure to select a name that doesn’t reveal any privacy information and looks professionally appropriate for the type of organization you’re representing.

Provisioning a Tenant

The act of provisioning a tenant is a relatively simple affair, requiring you to fill out a basic contact form and choose a tenant name. Microsoft periodically changes what plans are available for new trial subscriptions. As of the time of writing, Office 365 E3 is available for a trial subscription. Currently, the available public trial subscriptions require the addition of payment information, which will cause a trial to roll over into a fully paid subscription after the trial period ends. See Figure 1.3:

Figure 1.3 – Starting a trial subscription

Figure 1.3 – Starting a trial subscription

The signup process may prompt for a phone number to be used during verification (either a text/SMS or call) to help ensure that you’re a valid potential customer and not an automated system.

After verifying your status as a human, you’ll be prompted to select your managed domain, as shown in Figure 1.4:

Figure 1.4 – Choosing a managed domain

Figure 1.4 – Choosing a managed domain

In the Domain name field, you’ll be prompted to enter a domain name. If the domain name value you select is already taken, you’ll receive an error and be prompted to select a new name.

Region Selection

Microsoft automatically provisions your tenant based on a combination of your source IP address and what type of tenant (enterprise, government, or personal) you’re selecting. You need to ensure that you’re not using any external VPN services that mask your location. Region selection determines not only where your tenant data is located physically but also, in some cases, what services are available. Once your tenant is provisioned into a region, it can’t be changed.

After you’ve finished, you can enter payment information for a trial subscription. Note the end date of the trial; if you fail to cancel by that time, you’ll be automatically billed for the number of licenses you have configured during your trial!

 

Implementing and Managing Domains

The managed domain is a part of the Microsoft 365 tenant for its entire life cycle. While it is a fully functioning domain namespace (complete with its own Microsoft-managed publicly available domain namespace), most organizations will want to use their organization’s domain name—especially when it comes to sending and receiving email or communicating via Microsoft Teams. You cannot add custom DNS records to the managed namespace.

Organizations can use any public domain name with Microsoft 365. Microsoft supports configuring up to 900 domains in a tenant; you can configure both top-level domains (such as contoso.com) as well as subdomains (such as businessunit.contoso.com) with your Microsoft 365 tenant.

Acquiring a Domain Name

Many organizations begin their Microsoft 365 journey with an existing domain name. In addition, you can purchase new domain names to be associated with your tenant.

Third-party Registrar

Most large organizations have existing relationships with third-party domain registrars, such as Network Solutions or GoDaddy. You can use any ICANN-accredited registrar in your region to purchase domain names.

About ICANN

The Internet Corporation for Assigned Names and Numbers (ICANN) is a non-profit organization tasked with providing guidance and policy around the internet’s unique identifiers (domains). It was chartered in 1998. Prior to 1998, Network Solutions operated the global Domain Name System (DNS) registry under a subcontract from the United States Defense Information Systems Agency.

You can search a list of domain registrars here: https://www.icann.org/en/accredited-registrars.

Microsoft

In addition to choosing a third-party registrar, organizations may also wish to use Microsoft as the registrar. Depending on your subscription, you may be able to directly purchase domain names from within the Microsoft 365 admin center, as shown in Figure 1.5:

Figure 1.5 – Purchasing a domain through the Microsoft 365 admin center

Figure 1.5 – Purchasing a domain through the Microsoft 365 admin center

When purchasing a domain through Microsoft, you can select from the following top-level domains:

  • .biz
  • .com
  • .info
  • .me
  • .mobi
  • .net
  • .org
  • .tv
  • .co.uk
  • .org.uk

Domain purchases will be billed separately from your Microsoft 365 subscription services. When purchasing a domain from Microsoft, you’ll have limited ability to manage the DNS records. If you require custom configuration (such as configuring an MX record to point to a non-Microsoft 365 server), you’ll want to purchase a domain separately.

Configuring a Domain Name

Configuring a domain for your tenant is a simple procedure and requires access to your organization’s public DNS service provider. Many large organizations may host DNS themselves, while other organizations choose to pay service providers (such as the domain registrar) to host the services.

In order to be compatible with Microsoft 365, a DNS service must support configuring the following types of records:

  • Canonical Name (CNAME): CNAME records are alias records for a domain, allowing a name to point to another name as a reference. For example, let’s say you have a website named www.contoso.com that resolves to an IP address of 1.2.3.4. Later, you want to start building websites for na.contoso.com and eu.contoso.com on the same web server. You might implement a CNAME record for na.contoso.com to point to www.contoso.com.
  • Text (TXT): A TXT record is a DNS record used to store unstructured information. Request for Comments (RFC) 1035 (https://tools.ietf.org/html/rfc1035) specifies that the value must be text strings and gives no specific format for the value data. Over the years, Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and other authentication and verification data have been published as TXT records. In addition to SPF and DKIM, the Microsoft 365 domain addition process requires the administrator to place a certain value in a TXT record to confirm ownership of the domain.
  • Service Locator (SRV): An SRV record is used to specify a combination of a host in addition to a port for a particular internet protocol or service.
  • Mail Exchanger (MX): The MX record is used to identify which hosts (servers or other devices) are responsible for handling mail for a domain.

In order to use a custom domain (sometimes referred to as a vanity domain) with Microsoft 365, you’ll need to add it to your tenant.

To add a custom domain, follow these steps:

  1. Navigate to the Microsoft 365 admin center (https://admin.microsoft.com) and log in.
  2. Expand Settings and select Domains.
Figure 1.6 – Domains page of the Microsoft 365 admin center

Figure 1.6 – Domains page of the Microsoft 365 admin center

  1. Click Add domain.
  2. On the Add domain page, enter the custom domain name you wish to add to your Microsoft 365 tenant. Select Use this domain to continue.
Figure 1.7 – Add domain page

Figure 1.7 – Add domain page

  1. If your domain is registered at a host that supports Domain Connect, you can provide your credentials to the Microsoft 365 Add domain wizard and click Verify. Microsoft will automatically configure the necessary domain records and complete the entire DNS setup for you. You can also select More options to see all of the potential verification methods available, as shown in Figure 1.8:
Figure 1.8 – Verify domain ownership

Figure 1.8 – Verify domain ownership

If you choose any of the additional verification options (such as Add a TXT record to the domain’s DNS records), you’ll need to manually add DNS records at your DNS service provider. Microsoft provides the value configuration parameters necessary for you to configure with your own service provider. After entering the values in your service provider’s DNS console, you can come back to the wizard and select Verify, as shown in Figure 1.9:

Figure 1.9 – Completing verification records manually

Figure 1.9 – Completing verification records manually

  1. If using a registrar that supports Domain Connect, enter the credentials for your registrar. When ready, click Connect. See Figure 1.10:
Figure 1.10 – Authorizing Domain Connect with GoDaddy to update DNS records

Figure 1.10 – Authorizing Domain Connect with GoDaddy to update DNS records

  1. Select Let Microsoft add your DNS records (recommended) to have the Microsoft 365 wizard update your organization’s DNS records at the registrar; however, if you are going to be configuring advanced scenarios such as Exchange Hybrid for mail coexistence and migration or have other complex requirements, you may want to consider managing the DNS records manually or opting out of select services. Click Continue.
Figure 1.11 – Connecting domain to Microsoft 365

Figure 1.11 – Connecting domain to Microsoft 365

  1. Choose whether to allow Microsoft to add DNS records. Expand the Advanced options dropdown:
    1. The first checkbox, Exchange and Exchange Online Protection, manages DNS settings for Outlook and email delivery. If you have an existing Exchange Server deployment on-premises (or another mail service solution), you should clear this checkbox before continuing. You’ll need to come back to configure DNS settings to establish hybrid connectivity correctly. The default selected option means that Microsoft will make the following updates to your organization’s DNS:
      1. Your organization’s MX record will be updated to point to Exchange Online Protection.
      2. The Exchange Autodiscover record will be updated to point to autodiscover.outlook.com.
      3. Microsoft will update your organization’s SPF record with v=spf1 include:spf.protection.outlook.com -all.
Figure 1.12 – Adding DNS records

Figure 1.12 – Adding DNS records

  1. The second setting, Skype for Business, will configure DNS settings for Skype for Business. If you have an existing Skype for Business Online deployment or you’re using Skype for Business on-premises, you may need to clear this box until you verify your configuration:
    1. Microsoft will add two SRV records: _sip._tls.@<domain> and _sipfederationtls._tcp@<domain>.
    2. Microsoft will also add two CNAMEs for Lync: sip.<domain> to point to sipdir.online.lync.com and lyncdiscover.<domain> to point to webdir.online.lync.com.
  2. The third checkbox, Intune and Mobile Device Management for Microsoft 365, configures applicable DNS settings for device registration. It is recommended to leave this enabled:
    1. Microsoft will add the following CNAME entries to support mobile device registration and management: enterpriseenrollment.<domain> to enterpriseenrollment.manage.microsoft.com and enterpriseregistration.<domain> to enterpriseregistration.windows.net.
  1. Click Add DNS records.
  2. If prompted, click Connect to authorize Microsoft to update your registrar’s DNS settings.
  3. Click Done to exit the wizard or View all domains to go back to the Domains page if you need to add more domains.

You can continue adding as many domains as you need (up to the tenant maximum of 900 domains).

Adding a Domain Deep Dive

To review alternative steps and more information about the domain addition process, see https://learn.microsoft.com/en-us/microsoft-365/admin/setup/add-domain.

Managing DNS Records Manually

If you’ve opted to manage DNS records manually, you may need to go back to the Microsoft 365 admin center and view the settings. To do this, you can navigate to the Domains page, select your domain, and then select Manage DNS, as shown in Figure 1.13:

Figure 1.13 – Managing DNS settings for a domain

Figure 1.13 – Managing DNS settings for a domain

On the Connect domain page, click More options to expand the options, and then select Add your own DNS records. From here, you can view the specific DNS settings necessary per service by record type. You can also download a CSV file or a zone file that can be uploaded to your own DNS server. See Figure 1.14:

Figure 1.14 – Viewing DNS settings

Figure 1.14 – Viewing DNS settings

The CSV output is formatted as columns, while the zone file output is formatted for use with standard DNS services and can be imported or appended to BIND or Microsoft DNS server zone files.

Configuring a Default Domain

After adding a domain, Microsoft 365 automatically sets the first custom domain as the default domain that will be used when creating new users. However, if you have additional domains, you may choose to select a different domain to be used as the default domain when creating objects.

To manage which domain will be set as your primary domain, select the domain from the Domains page and then click Set as default to update the setting, as shown in Figure 1.15:

Figure 1.15 – Setting the default domain

Figure 1.15 – Setting the default domain

The default domain will be selected automatically when creating cloud-based users and groups, though it can be changed.

Custom Domains and Synchronization

When creating new cloud-based objects, you can select from any of the domains available in your tenant. However, when synchronizing from an on-premises directory, objects will be configured with the same domain configured with the on-premises object. If the corresponding domain hasn’t been verified in the tenant, synchronized objects will be set to use the tenant-managed domain.

Next, you’ll look at the core organizational settings in a tenant.

 

Configuring Organizational Settings

Organizational settings, as the name implies, are configuration options that apply to the entire tenant. They are used to enable or disable features at the service or tenant level. In many instances, organizational settings are coarse controls that can be further refined by the configuration settings inside each individual service.

To access the organizational settings, follow these steps:

  1. Navigate to the Microsoft 365 admin center (https://admin.microsoft.com).
  2. In the navigation pane, expand Settings and select Org settings.
Figure 1.16 – Org settings in the Microsoft 365 admin center

Figure 1.16 – Org settings in the Microsoft 365 admin center

The Org settings page has three tabs, as shown in Figure 1.16:

  • Services
  • Security & privacy
  • Organizational profile

In the next section, each of these settings will be explained in detail.

Services

The Services tab displays settings available for workloads, services, and features available in the Microsoft 365 tenant. Table 1.2 lists the services that have configurable options in the tenant:

Service

Description

Adoption Score

Manage privacy levels for Adoption Score as well as setting the scope for users to be included or excluded.

Azure Speech Services

Manage whether Azure Speech Services can work using content in your tenant to improve the accuracy of speech services. Disabled by default.

Bookings

Choose whether the Bookings service is available for use in the tenant. If Bookings is enabled, you can also configure specific options, such as whether social sharing options are available or whether Bookings can be used by users outside the organization, as well as restricting the collection of customer data.

Briefing email from Microsoft Viva

Choose whether to allow users to receive the Viva briefing email. By default, the briefing email is enabled. Users can unsubscribe themselves.

Calendar

Choose whether to enable users to share their calendars outside the organization. If sharing is enabled, choose what level of detail is supplied.

Cortana

Choose whether to allow Cortana on devices to connect to data in your Microsoft 365 tenant.

Directory synchronization

Provides a link to download the Azure AD Connect synchronization tool.

Dynamics 365 Applications

Choose whether to allow insights for each user, aggregated insights for other users (non-identifiable), or identifiable insights for other users.

Dynamics 365 Customer Voice

Configure email parameters for collecting survey data from Dynamics 365.

Mail

There are no org-wide settings to manage here; however, there are links to various tools in the Exchange admin center and Microsoft Defender 365 portal for things such as transport rules and anti-malware policies.

Microsoft Azure Information Protection

There are no settings to manage for this feature; it is a link to documentation for configuring Azure Information Protection settings.

Microsoft communication to users

Choose whether to enable Microsoft-generated training and education content delivery to users.

Microsoft Edge product messaging for users

Provides information on configuring the Edge Spotlight experience for end users.

Microsoft Edge site lists

Manage lists of sites and specify which browser experience (Edge or Internet Explorer) users should receive when navigating to those sites.

Microsoft Forms

Manage external sharing settings for Microsoft Forms as well as capturing the names of internal organization users who fill out forms.

Microsoft Graph Data Connect

Choose this to enable Microsoft Graph Data Connect for bulk transfer of data to Azure.

Microsoft Planner

Choose whether Planner users can publish to Outlook or iCal.

Microsoft Search in Bing homepage

Customize the Bing.com search page for organization users.

Microsoft Teams

Choose whether to enable Teams organization-wide. Disabling Teams from this interface will make it unavailable for all users, including users who are already licensed. Also, choose the coarse control for whether guest access is allowed in Teams.

Microsoft To Do

Choose to provide internal users the ability to join and contribute to external task lists and receive push notifications.

Microsoft Viva Insights (formerly MyAnalytics)

Manage which Viva Insights settings users have access to. By default, all options are selected (Viva Insights web experience, Digest email, Insights Outlook add-in and inline suggestions, and Schedule send suggestions).

Microsoft 365 Groups

Configure guest access and ownership settings for Microsoft 365 Groups.

Modern authentication

Provides links to information on configuring modern authentication and viewing basic authentication sign-in reports.

Multi-factor authentication

Provides links to information on configuring and learning about multi-factor authentication.

News

Choose organization and industry settings used to display relevant news information on the Bing home page as well as settings for delivering Microsoft-generated industry news to your organization users.

Office installation options

Choose an update channel for Microsoft 365 apps.

Office on the web

Choose whether to allow users to connect to third-party cloud storage products using Office on the web products.

Office Scripts

Configure Office Scripts settings for Excel on the web.

Reports

Choose how to display users’ personally identifiable information in internal reports and whether to make data available to Microsoft 365 usage analytics.

Search & intelligence usage analytics

Choose whether to allow usage analytics data to be filtered by country, occupation, department, or division.

SharePoint

Choose whether to enable external sharing.

Sway

Choose whether to allow sharing of sways outside the organization as well as what content sources are available (Flickr, Pickit, Wikipedia, and YouTube).

User consent to apps

Choose whether users can provide consent to OAuth 2.0 apps that access organization data.

User owned apps and services

Choose whether to allow users to auto-claim licenses as well as start trials and access the Office Store.

Viva Learning

Choose which content provider data sources to use for Viva Learning. By default, LinkedIn Learning, Microsoft Learn, Microsoft 365 Training, and Custom Uploads are enabled. You can also manage the level of diagnostic data sent to Microsoft.

What’s new in Office

Choose whether to display messages to users about new features available. This does not change the availability of the feature—only the display of the notification message.

Whiteboard

Choose whether to allow the Whiteboard app to be used. Additionally, manage the amount of diagnostic data collected.

Table 1.2 – Organizational service settings

You should spend time exploring the options for the services in the Microsoft 365 admin center.

Security & Privacy

The Security & privacy tab houses settings that govern various security controls for the organization. On this page, you’ll find access to the settings listed in Table 1.3:

Setting

Description

Bing data collection

Choose whether to allow Bing to collect organization query data.

Idle session timeout

Configure the idle session timeout period for Office web apps.

Password expiration policy

Choose whether to enable password expiration. Password expiration is disabled by default (and the password policy is governed by the on-premises Active Directory if password hash sync has been configured).

Privacy profile

Configure a URL for the organization’s privacy policy and the organization’s privacy contact. The privacy URL is displayed on the Privacy tab of the Settings & Privacy page in the user account profile and when a sharing request is sent to an external user.

Self-service password reset

Provides a link to the Azure portal to configure self-service password reset.

Sharing

Choose whether to allow users to add guests to the organization.

Table 1.3 – Security & privacy settings

These options can be used to broadly configure security and privacy settings for your organization. As with the settings on the Services tab, these are coarse controls. Fine-grained control is available for some of these items inside their respective admin centers.

Organization Profile

Settings on the Organization profile tab are largely informational or used to manage certain aspects of the user experience. On this tab, you’ll find the settings listed in Table 1.4:

Setting

Description

Custom app launcher tiles

Configure additional tiles to show up on the Microsoft 365 app launcher.

Custom themes

Create and apply themes to the Microsoft 365 portal for end users, including mandating the theme as well as specific organization logos and colors.

Data location

View the regional information where your tenants’ data is stored.

Help desk information

Choose whether to add custom help desk support information for end users to the Office 365 help pane.

Keyboard shortcuts

View the shortcuts available for use in the Microsoft 365 admin center.

Organization information

Update your organization’s name and other contact information.

Release preferences

Choose the release settings for Office 365 features (excluding Microsoft 365 apps). The available options are Standard release for everyone, Targeted release for everyone, and Targeted release for select users. The default setting is Standard release for everyone.

Support integration

Use the settings on this page to configure integration with third-party support tools such as ServiceNow.

Table 1.4 – Organization profile settings

Like the other Org settings tabs, the settings on this page will be used infrequently—typically when just setting up your tenant and customizing the experience. As with the other Organization profile setting areas, you should spend some time in a test environment navigating the tenant to view these settings and updating them to see their effects.

 

Identifying and Responding to Service Health Issues

Service health information is available from the Microsoft 365 admin center (https://admin.microsoft.com). Microsoft provides health information for a variety of services and features, including SaaS services such as Exchange Online and SharePoint Online, the health of the directory synchronization environment, as well as Windows operating system feature issues and service health.

You can check the overall service health by navigating to the health dashboard (Health | Dashboard), as shown in Figure 1.17:

Figure 1.17 – Service health dashboard

Figure 1.17 – Service health dashboard

The health dashboard contains the current health status of all Microsoft 365 services. Normally, services will appear as healthy, though this status will be updated when a service is experiencing an issue.

The Service health page (Health | Service health or https://aka.ms/servicehealth) will display the most detailed and comprehensive information on any ongoing or resolved issues. See Figure 1.18.

Figure 1.18 – Service health page

Figure 1.18 – Service health page

If a service has an advisory or incident, you can expand the issue item under Active issues to display relevant events, as shown in Figure 1.19:

Figure 1.19 – Service health active issues

Figure 1.19 – Service health active issues

Selecting an individual item reveals expanded information about the particular issue. See Figure 1.20 for an example:

Figure 1.20 – Expanded active issue

Figure 1.20 – Expanded active issue

Each service incident will display a status. Possible statuses include the following:

  • Normal service: This status indicates that the service is available and has no current incidents or incidents during the reporting period.
  • Extended recovery: This status indicates that while steps have been completed to resolve the incident, it may take a period of time for operations to return to normal. During an extended recovery period, some service operations might be deleted or take longer to complete.
  • Investigating: This status indicates that a potential service incident is being reviewed.
  • Service restored: This status indicates that an incident was active earlier in the day, but service was restored.
  • Service interruption: This status indicates the service isn’t functioning and that affected users are unable to access the service.
  • Additional information: This status indicates the presence of information regarding a recent incident from a previous day.
  • Service degradation: This status indicates the service is slow or is occasionally appearing unresponsive for brief periods.
  • PIR published: This status indicates that a post-incident report of the service incident has been published.
  • Restoring service: This status indicates the service incident is being resolved.

As an administrator, it’s important to frequently check the service health dashboard to stay informed of alerts or incidents. If a service issue is affecting the Microsoft 365 admin center, you can also try the Office 365 status page (https://status.office.com) and the Azure status page (https://status.azure.com).

 

Configuring Notifications for Service Health

In addition to viewing service health information in the Microsoft 365 admin center, you can also configure email-based notifications for services.

To configure email notifications for service health, follow these steps.

  1. Navigate to the Service health page (https://aka.ms/servicehealth) and click Customize. See Figure 1.21:
Figure 1.21 – Service health page with Customize highlighted

Figure 1.21 – Service health page with Customize highlighted

  1. On the Customize flyout, select the Email tab.
  2. Select the Send me email notifications about service health checkbox.
  3. Enter up to two email addresses to be notified of issues.
  4. Scroll the flyout to enable or disable email notifications for issue types and Microsoft 365 services, as shown in Figure 1.22.
Figure 1.22 – Enabling notifications

Figure 1.22 – Enabling notifications

  1. Click Save to update commit changes.

You will be notified of future service issues for the selected services. You can update the selections at any time.

Next, you’ll look at tracking Microsoft 365 service adoption across the enterprise.

 

Monitoring Adoption and Usage

In order for your organization to get the most benefit from a Microsoft 365 investment, it’s important that users adopt the services and features. You can monitor end user adoption and consumption metrics through a variety of tools, including Microsoft 365 usage metrics, Viva Insights (formerly known as Workplace Analytics), and the Adoption Score (formerly known as the Productivity Score).

Microsoft 365 Usage Reports

The Microsoft 365 usage reports are available inside the Microsoft 365 admin center. They are broad reports that can be used to get a high-level snapshot of how your organization is using the Microsoft 365 platform. Report data includes statistics such as how many files are stored in SharePoint, how many Exchange mailboxes were active during the reporting period, and engagement with other products such as Viva Engage (formerly Yammer) or Forms.

Figure 1.23 – Microsoft 365 usage reports

Figure 1.23 – Microsoft 365 usage reports

Usage reports can be accessed by navigating to the Microsoft 365 admin center (https://admin.microsoft.com), expanding Reports, and selecting Usage.

Viva Insights

Formerly known as Workplace Analytics, Viva Insights provides recommendations about personal and teamwork habits. Viva Insights has four core areas:

  • Personal insights
  • Teamwork habits
  • Organization trends
  • Advanced insights

Each of these areas has unique features that are part of the Viva story.

Personal Insights

As the name suggests, personal insights are tailored to an individual. Personal insights are private and are only visible to the individual for whom they are intended. Personal insights are best viewed using the Viva Insights app in Microsoft Teams, as shown in Figure 1.24:

Figure 1.24 – Viva Insights app in Microsoft Teams

Figure 1.24 – Viva Insights app in Microsoft Teams

The Viva Insights app has functions to allow you to make a focus plan (sometimes referred to as the protect time feature), send praise to your colleagues either publicly or privately, and stay connected through AI-based task suggestions and meeting assistance.

The Viva Insights app also features Headspace guided meditation and mindfulness exercises as well as prompts to take a break and reflect on your personal feelings. Using the reflection activity card, you can even set daily reminders to check in with yourself. See Figure 1.25:

Figure 1.25 – Reflection activity card

Figure 1.25 – Reflection activity card

Viva Insights also has a daily ramp-up and wind-down micro-app called Virtual Commute, which lets users review upcoming meetings and tasks, block focus time, and initiate a variety of mini-break, meditative, and reflective activities. See Figure 1.26:

Figure 1.26 – Virtual commute activity card

Figure 1.26 – Virtual commute activity card

Together, these insight features can help users manage both their productivity and personal well-being.

Teamwork Habits

Viva Insights Teamwork habits, which is part of the premium Viva Insights experience, allows managers to gain additional recommendations for managing people. Teamwork habits helps managers identify regular after-hours work, meeting overload conditions, and lack of dedicated focus time.

Managers can set up teams by manually adding users, or can use the suggested list if the manager property has been populated in Azure Active Directory. See Figure 1.27:

Figure 1.27 – Confirming team members

Figure 1.27 – Confirming team members

Three additional core features of Teamwork habits are the following:

  • Scheduling recurring 1:1 times with managed employees
  • Analyzing quiet hours impact to determine how work habits impact employees outside of their configured working hours
  • Configuring shared plans for no-meeting days and shared focus times

Organizations that utilize the Teamwork habits tools can improve their employees’ well-being and work-life balance. The Teamwork habits feature requires a premium Microsoft Viva Insights license.

Organization Trends

The My organization tab shows organization trends as well as business leader and manager insights to help understand how to effectively manage your teams. Insights include such as identifying work patterns and suggestions for boosting employee engagement. See Figure 1.28:

Figure 1.28 – Organization trends

Figure 1.28 – Organization trends

Organization trends data is privacy-oriented, requiring a minimum of 10 people (including the manager) to be in the management chain, either directly or indirectly. In addition, access to Organization trends requires granting access to manager insights through the Viva setup.

Advanced Insights

Microsoft Viva advanced insights is a reporting tool that provides research-based behavioral insights into organizational work patterns, such as hybrid work, work-life balance, and employee well-being.

The advanced insights reporting tools come with a number of built-in templates and analysis tools to really help organizations understand everything from meeting effectiveness to employee performance trends correlated to 1:1 manager meetings. The Manager coaching report, which is part of Viva Insights, is shown in Figure 1.29:

Figure 1.29 – Viva Insights Manager coaching report

Figure 1.29 – Viva Insights Manager coaching report

With large organizational changes such as hybrid and remote work scenarios, it can be important to understand how those work patterns affect performance, including interesting data points such as how much time is spent during meetings multitasking or how much work is getting done outside normal business hours.

Information about working hours is available in the Work-life balance and flex work report (part of the Hybrid workforce experience reporting section), shown in Figure 1.30:

Figure 1.30 – Advanced insights working hour details

Figure 1.30 – Advanced insights working hour details

The advanced insights Power BI report templates provide an analysis of employee engagement and work patterns. The reports include the following:

  • Business resilience: Overall business report highlighting performance and employee well-being.
  • Hybrid workforce experience: This report highlights how different work modes (onsite, hybrid, and remote) affect workers.
  • Manager effectiveness: Provides insight into patterns exhibited by people managers.
  • Meeting effectiveness: These reports capture and display information on meeting statistics such as how many meetings happen on short notice or how much multitasking occurs during meetings.
  • Ways of working: This data helps answer questions such as are employees receiving enough 1:1 coaching time? and who generates the most work by organizing meetings?
  • Wellbeing – balance and flexibility: Reporting data used to identify whether employees have enough time to focus on core priorities and can balance that with breaks and time away from work.
  • For more information on the advanced insights templates and their reporting capabilities, see https://learn.microsoft.com/en-us/viva/insights/advanced/analyst/templates/introduction-to-templates.

Adoption Score

Formerly known as Productivity Score, Adoption Score is a metric that is used to help measure the success of an organization’s use of the Microsoft 365 platform. Before Adoption Score can be used, it must be enabled in the Microsoft 365 admin center under Reports, as shown in Figure 1.31:

Figure 1.31 – Enabling Adoption Score

Figure 1.31 – Enabling Adoption Score

Adoption Score provides insights that are broken up into three categories: people experiences, technology experiences, and special reports. When enabling the score, you can select how to calculate insights into people experiences:

  • Include all users
  • Exclude specific users by group
  • Don’t calculate for any users

Insights into technology experiences are shown automatically when you enable Adoption Score. If you don’t want to collect that data, you can disable Endpoint analytics scope in the Intune data collection policy,

If you are performing a staged rollout of services using a pilot program, it may be beneficial to limit the reporting scope to groups of users that are part of the pilot.

People Experiences

The insights into people experiences focus on five categories that show how your users and organization are using the tools in the Microsoft 365 platform. These insight areas are as follows:

  • Communication: This area measures how people are communicating with each other, such as sending emails or instant messages or posting on communities in Viva Engage (or Yammer). This area highlights important practices such as using @mentions in emails and marking responses as answers in Yammer. Users need to be licensed for Yammer, Exchange Online, or Teams to be counted in this metric.
  • Content collaboration: This area measures how people use files in your organization, such as creating or sharing files in OneDrive for Business and SharePoint Online or how email attachments are being used (attached files versus a cloud attachment—a link to a file shared in OneDrive or SharePoint). It also captures data about the number of files shared and whether the collaborators are internal or external to the organization. Users need to be licensed for OneDrive for Business, SharePoint, or Exchange Online to be counted in this metric.
  • Mobility: This measures what devices and interfaces people are using to accomplish their work. For example, a user sending an email from the Outlook desktop app and the Outlook mobile app would be regarded as an individual using the Microsoft 365 apps across multiple platforms. This measurement area also reports on what locations people are working from—whether they are onsite in one of your organization’s offices or remotely. In order to be counted in this metric, users need to be licensed for Teams, Exchange Online, or Microsoft 365 apps.
  • Meetings: This area measures how effectively meetings are used across your organization. Meetings are evaluated against practices such as scheduling meetings at least 24 hours in advance, sharing agendas, and the percentage of invitees that actually show up to the meetings. Other features include measuring interactivity (hand-raising, chat, reactions, or sharing content) during the meeting as well as whether or not attendees are participating via audio or video. Users must be licensed for Microsoft Teams to be included in this metric.
  • Teamwork: This area is used to measure how people are collaborating in Teams and using shared workspaces (such as teams, channels, Microsoft 365 groups, and SharePoint sites). In order to be counted for this metric, users must be licensed for Exchange Online, SharePoint, or Microsoft Teams.

In addition to users requiring licenses to be assigned, they also need to be active in a service at least once every 28 days to get counted for that service. You can use Adoption Score to review how people are using the Microsoft 365 service and provide coaching on best practices to get the most out of the platform.

Technology Experiences

The technology experiences category focuses on areas relating to the devices that people are using to access Microsoft 365 services:

  • Endpoint analytics: This area provides insights into the overall performance data of devices that are enrolled in Intune or Configuration Manager with tenant attach. The performance metrics include things such as boot time, how long it takes to sign in and get to a responsive desktop, how much time is spent processing Group Policy, how often applications hang or crash, and the number of active devices that have launched a particular app during the past 14 days. The endpoint analytics reporting has special requirements, such as particular versions of endpoints and being either Azure AD joined or hybrid Azure AD joined, as well as licensed for Intune or Microsoft Endpoint Configuration Manager.
  • Network connectivity: These metrics provide insights into factors involving network communication between your endpoints and the Microsoft 365 platform. Specific network requirements must be met, such as configuring networks in the Microsoft 365 admin center and enabling location data collection features. For more information on the prerequisites for enabling network connectivity reporting, see https://learn.microsoft.com/en-us/microsoft-365/enterprise/office-365-network-mac-perf-overview?view=o365-worldwide.
  • Microsoft 365 Apps: View insights on how many devices across your organization are up to date with their Microsoft 365 app deployments.

The technology experiences score reports can be helpful in gaining insight into how devices may be affecting the overall adoption and user satisfaction with Microsoft 365 services.

Special Reports

Finally, there is a lightweight version of the Business Resilience report (from Viva Insights) that is available to organizations that have at least 100 active Exchange and Viva Insights licenses. This report helps organizational leaders understand how to utilize remote work and maintain a work-life balance, the effectiveness of virtual meetings, and participation in Yammer communities.

 

Summary

In this chapter, you learned about the fundamental aspects and terminology of configuring a Microsoft 365 tenant, such as selecting a tenant type, adding domains, and configuring the basic organization settings. In Chapter 2, Managing Users and Groups, you will begin to learn how to manage the life cycle of an identity.

 

Exam Readiness Drill - Chapter Review Questions

Benchmark Score: 75%

Apart from a solid understanding of key concepts, being able to think quickly under time pressure is a skill that will help you ace your certification exam. That’s why, working on these skills early on in your learning journey is key.

Chapter review questions are designed to improve your test-taking skills progressively with each chapter you learn and review your understanding of key concepts in the chapter at the same time. You’ll find these at the end of each chapter.

Before You Proceed

You need to unlock these resources before you start using them. Unlocking takes less than 10 minutes, can be done from any device, and needs to be done only once. Head over to the start of Chapter 7, Managing Security Reports and Alerts by Using the Microsoft 365 Defender Portal in this book for instructions on how to unlock them.

To open the Chapter Review Questions for this chapter, click the following link: https://packt.link/MS102E1_CH01. Or, you can scan the following QR code:

Figure 1.32 – QR code that opens Chapter Review Questions for logged-in users

Figure 1.32 – QR code that opens Chapter Review Questions for logged-in users

Once you login, you’ll see a page similar to what is shown in Figure 1.33:

Figure 1.33 – Chapter Review Questions for Chapter 1

Figure 1.33 – Chapter Review Questions for Chapter 1

Once ready, start the following practice drills, re-attempting the quiz multiple times:

Exam Readiness Drill

For the first 3 attempts, don’t worry about the time limit.

ATTEMPT 1

The first time, aim for at least 40%. Look at the answers you got wrong and read the relevant sections in the chapter again to fix your learning gaps.

ATTEMPT 2

The second time, aim for at least 60%. Look at the answers you got wrong and read the relevant sections in the chapter again to fix any remaining learning gaps.

ATTEMPT 3

The third time, aim for at least 75%. Once you score 75% or more, you start working on your timing.

Tip

You may take more than 3 attempts to reach 75%. That’s okay. Just review the relevant sections in the chapter till you get there.

Working On Timing

Target: Your aim is to keep the score the same while trying to answer these questions as quickly as possible. Here’s an example of how your next attempts should look like:

Attempt

Score

Time Taken

Attempt 5

77%

21 mins 30 seconds

Attempt 6

78%

18 mins 34 seconds

Attempt 7

76%

14 mins 44 seconds

Table 1.5 – Sample timing practice drills on the online platform

Note

The time limits shown in the above table are just examples. Set your own time limits with each attempt based on the time limit of the quiz on the website.

With each new attempt, your score should stay above 75% while your time taken to complete should decrease. Repeat as many attempts as you want till you feel confident dealing with the time pressure.

About the Author
  • Aaron Guilmette

    Aaron Guilmette is a Senior Program Manager with the Microsoft 365 Customer Experience, helping customers adopt and deploy the Microsoft 365 platform. He primarily focuses on collaborative technologies, including Microsoft Teams, Exchange Online, and Azure Active Directory.

    Browse publications by this author
Latest Reviews (1 reviews total)
Microsoft 365 Administrator MS-102 Exam Guide
Unlock this book and the full library FREE for 7 days
Start now