MS-100: Microsoft 365 Identity and Services – Preparation Notes

During my preparation to MS-100 exam I generated/gathered bunch of notes, summarizing some specific topics and emphasizing important things. They are in completely random order.

P.S. I did pass MS-100 on December 2019. Here is the link to my Credly account.

Used Resources

My Preparation Notes

When you create a Microsoft 365 subscription, the subscription tenancy is automatically assigned a custom onmicrosoft.com domain.

No two organizations can share the same tenant name.

The tenant name chosen at setup remains with the subscription over the course of the subscription’s existence.

You can assign a domain name that you own to the tenant so that you don’t have to use the onmicrosoft.com tenant name.

To use a domain with Microsoft 365, the DNS servers used as name servers for the domain need to support CNAME, SPF/TXT, SRV and MX Records.

You can confirm ownership of a domain by configuring special TXT or MX records.

Setting the default domain configures which domain suffix will automatically be used with Microsoft 365 user accounts.

Changing the primary email address also changes the user name.

You can perform a bulk email address update using PowerShell.

Additional email addresses allow mailboxes to receive messages from more than a single address and can use any domain name associated with the organization’s Microsoft 365 tenancy.

A Microsoft 365 endpoint is an URL or IP address that hosts a specific Microsoft 365 or Office 365 service.

Microsoft places each M365 and O365 endpoint into one of three categories: Optimize, Allow, and Default. Optimize requires minimum disruptions caused by latency and availability. Allow endpoints are less problematic, and Default endpoints do not require optimization.

Privileged access management allows you to configure policies that apply just-in-time administrative principles to sensitive administrative roles.

Cloud authentication occurs against Azure Active Directory. Use it with a password hash with a single sign-on and pass-through authentication with single sign-on.

Federated authentication can occur using AD FS or a third party authentication provider.

Mail reports allow you to view how Office 365 mailboxes are used.

Usage reports allow you to view information about browsers, operating systems, and license consumption.

SharePoint reports allow you to see how SharePoint is being used with the Office 365 subscription.

Auditing reports allow you to view information about auditing of mailboxes, and mailbox litigation holds.

Users assigned the global administrator role have access to all administrative features.

Users assigned the billing administrator role are able to make purchases, manage subscriptions, manage support tickets, and monitor service health.

Users assigned the service administrator role are able to manage service requests and monitor service health.

Deleting a user removes all licenses assigned to that user.

You can use the SharePoint Migration Tool to migrate on-premises SharePoint document libraries, lists and regular file shares to SharePoint Online.

The OneDrive client you to drag and drop files on a client computer and have those files sync either with OneDrive for Business or SharePoint Online.

You can use the bulk import method to import a CSV file of user identities into Azure AD.

Azure AD Connect can be installed on a local member server and will allow synchronization of identities and password hashes to Azure AD.

Prior to deploying Azure AD Connect, the on-premises directory should be cleaned up to remove any current settings that may block successful synchronization. Tools such as the IdFix tool and ADModify.NET can be used to perform this task.

Active Directory Federation is appropriate for environments with more sophisticated identity requirements than those catered to by Azure AD Connect password synchronization or pass-through authentication.

Azure AD identities can be managed through the Azure Active Directory admin center, the Microsoft 365 Admin Center, or Azure PowerShell.

Modern authentication supports technologies such as multi-factor authentication, smart card authentication, certificate based authentication, and SAML-based third party identity providers.

Microsoft 365 supports a variety of authentication methods for SSPR and MFA including password, security questions, email address, Microsoft Authenticator App, OATH hardware token, SMS, voice call, and App Passwords.

Smart-Lockout is a technology that allows you to lock out attackers who are trying to brute force user passwords.

Any password that is on the Azure custom banned list cannot be used by a user in your organization.

Certificate based authentication is supported for federated environments where an organizational CA is trusted by Azure AD and the CRL is published in an Internet accessible location.

Multi-factor authentication methods include call to phone, text message to phone, notification through mobile app, or verification code from mobile app or hardware token.

Applications must be registered with Azure AD before users can access them through Azure AD single sign-on.

Azure AD Application Proxy allows users on the Internet to access web applications that are hosted on your organization’s secure internal network, as well as in the cloud through an external URL or internal application portal.

The Azure AD Application Proxy service runs in the cloud with the Azure AD Application Proxy connector running on an on-premises server.

Computers that host the Azure AD Application Proxy Connectors must be able to send outbound requests to the internet on TCP ports 80 and 443 and also need to be able to communicate with the on-premises servers hosting the application that will be accessed by remote clients.

Business 2 Business (B2B) accounts are a special type of guest user account that resides within Azure Active Directory and to which you can assign privileges.

Authentication for guest accounts occurs through a trusted provider, after which the user gains access to resources they have been assigned permissions to within Azure AD.

The version of Exchange that you have deployed determines the type of hybrid deployment that is available. When selecting a hybrid deployment option, you should choose the most modern version available to your organization.

You use a remote move (also known as a batch) migration when you have an existing Exchange hybrid deployment.

In a staged migration, you migrate mailboxes from your on-premises Exchange organization to Office 365 in groups, termed batches.

In a cutover migration, all mailboxes in an on-premises Exchange deployment are migrated to Office 365 in a single migration batch.

Network upload allows you to import PST files into Office 365.

An activated copy of Office 365 ProPlus must be able to communicate with Microsoft servers on the Internet every 30 days. If this communication does not occur, Office 365 ProPlus will enter reduced functionality mode.

Thanks a lot for reading.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.