hey this is Andrew Brown your favorite Cloud instructor over here at exam Pro bringing you another free Cloud certification course and this time it's the Microsoft 365 fundamentals also known as the ms9900 made available to you here on free codam the way we're going to pass and Achieve uh certification is by doing lectures Hands-On labs in our own Microsoft accounts and as always we provide you a free practice exam so you can go Ace that exam get the certificate put on your LinkedIn or resume to get that job or that promotion you've been looking to get and if you like free courses specifically Cloud certifications like this one the best way to support the production of mors to buy the optional paid study materials over to exampro which is exampro doco ms9900 there you'll get things like flashcards quizlets the downloadable cheat sheets and lecture slides and more uh practice exams so you know doing that really does help the production of more of these courses and if you don't know me I me Brown and I've created so many Cloud certification chuses inabus Azure gcp Oracle terraform kubernetes uh you name it I have taught it um so you're in good hands but let's get to it okay ciao hey this is Andrew Brown from exam Pro and we're at the start of our journey asking the most important question first which is what is the ms9900 Microsoft 365 fundamentals so the Microsoft 365 fundamentals is an entry-level mic Microsoft certification it has absolutely no prerequisites so you don't need to have any prior cloud or SAS knowledge to learn this specific course the course teaches the cloud fundamentals such as Cloud Concepts types of cloud computing and the benefits of migrating to a cloud environment compared to an on- premises infrastructure the core Microsoft 365 services and Concepts we'll be going through the Microsoft 365 solutions that improve productivity facilitate collaboration and optimize Communications such as SharePoint online mic Microsoft Viva and Microsoft teams we'll cover topics related to the inpoint and deployment options in Microsoft 365 like Microsoft inpoint manager as your virtual desktop and windows is a service security compliance privacy and Trust in Microsoft 365 like multiactor authentication and we'll cover the Microsoft 365 pricing of subscriptions licenses and support offerings for services here's a simple definition of what Microsoft 365 is so Microsoft 365 formerly Office 365 is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line it's a superet of Office 365 with Windows 10 Enterprise licenses and other cloud-based security and device management products so who is this certification for well you should be considering the Microsoft 365 fundamental certification if you are new to cloud and want to learn the fundamentals and benefits of adopting cloud services in general and the software is a service Cloud Model specifically you are a business user administrator or IT professional you want to understand the capabilities of Microsoft 365 and how to build basic Solutions and deploy cloud services in your organization you are a senior Cloud engineer or Microsoft 365 administrator who needs to reset or refresh their knowledge after working for multiple years so now let's take a look at the Microsoft 365 certification road map to see where we would go after the Microsoft 365 fundamentals and what kind of role would be associated with those certifications so at the start you get your Microsoft 365 fundamentals which is at the fundamental level after that we have the associate level certifications such as the modern desktop administrator teams administrator developer or Security administrator it's really up to you to choose which field you're interested in a common route would be something like taking the modern desktop administrator at the associate level then moving to the Enterprise administrator at the expert level it's also common for people to take multiple of these associates level certifications it doesn't have to be just one this is to ensure they have a wide range of knowledge on all of these areas for possible career openings also if you find the cloud to be really cool and interesting you have options such as Azure administrator and Azure developer from there you could possibly take the Azure Solutions architect or devops engineer at the expert level so you see there are several options for you to choose from and these are not all the ones on the list once again it's up to you to decide what you want to specialize in and there is no perfect rep out but these are just a few suggestions for you to decide on your own so how long is it going to take to pass this certification well it's going to really depend on your background but if we had to generalize it we can look at it as kind of a scale and so if you are at the beginner level you're looking at roughly 15 hours and when we say beginner we're saying someone that has never used Microsoft 365 or Office Products like one drive teams SharePoint perview Etc someone that has never used Microsoft Azure or any cloud provider or someone that has no Tech background or experience and when we're looking at the other side of the Spectrum which is someone that is experienced we're looking at somebody who can watch this at 1.5 to two times speed and are able to absorb this information very quickly so they have practical working experience with Microsoft 365 and is very familiar with using them they have experience with Microsoft Azure or any cloud provider like a WS or gcp so they can easily translate that knowledge or they have a strong background in technology where they've worked worked in the industry for many years and so you know their study time is going to be a lot shorter at 5 hours or less and so on average most people are going to take about 10 hours to study for this course and when we talk about the kind of stuff you'll be doing it's going to be 50% lecture in labs and we call them follow alongs where the idea is you follow along in your own account and then 50% is the practice exams so if you look at the length of the content which is around 4 hours then you know you should spend as much time doing practice exams to pass and the recommended time to study is about 1 to 2 hours a day for roughly 8 days so what kind of effort are we going to have to put into pass the exam well you have the watch the lecture videos and memorize key information you'll need to do Hands-On labs and follow along with your own account although is a fundamental certification the certification is not very heavy on hands on material but it will still provide a much greater understanding of the topics you'll need to know for the exam and you will need paid online practice exams that simulate the real exam and the last two here were things that I used to never suggest because you could literally just watch the videos and pass however Microsoft has recently updated this exam so it's more difficult and so for these last two points you do have to do these two things for the paid online practice exams that can be hard for some people so I've made it easier for you by providing you with a full free practice exam on exampro doco ms-900 and so you just have to sign up with no credit card required and you'll get a full set of questions that simulate the real exam so for the contents of the exam it's composed of four domains and each domain has its own waiting which determines how many questions in a domain that will appear so for domain one which is cloud Concepts it's approximately 5 to 10% for domain 2 which is composed of Microsoft 365 apps and services we should expect 45 to 50% of the questions from there this is where the most amount of questions are from for domain three security compliance privacy and Trust in Microsoft 365 we're sitting at around 25 to 30% of the the questions and for domain for Microsoft 365 pricing licensing and support we have roughly 10 to 15% of the questions so just to emphasize for domain 2 you'll need to know a wide range of the core Microsoft 365 Services which one is best used in certain scenarios and the key features of the apps and services so where do you take the exam well at an in-person test center or online from the convenience of your own home Microsoft is partnered with the test center Network Pearson View and it offers person or online and these exams are proctored meaning there is somebody watching you to ensure that you are not cheating in order to pass the exam you have to score 700 points out of a th000 and so 700 generally equates to 70% but it's around 70% because Microsoft uses scaled soaring meaning that they could adjust it based on how many people are passing or failing so always aim to get higher than 70% the exam contains 43 to 50 questions so you can afford to get roughly 10 to 12 questions wrong there is no penalty for wrong questions like minus one so you should always choose an answer and the questions come in a few formats multiple choice multiple answer drag and drop and yes or no questions the duration of the exam is 1 hour or 60 minutes so you have a little more than 1 minute per question the exam time is 60 minutes but the seat time is 90 minutes seat time refers to the amount of time to review instructions Show online Proctor your workspace read and accept NDA and complete the exam and provide feedback and when you do you pass the exam the exam is valid forever Microsoft's fundamental level exams do not expire and you do not need to do a recertification so that covers the introduction of the [Music] course hey this is Andrew Brown from exam Pro and we'll be going through an exam guide breakdown of the Microsoft 365 fundamental certification so the first thing you want to do is to Google ms9900 study guide and you can find the guide usually on the first link you want to navigate to this link called the ms9900 study guide this will open a neatly organized study guide that Microsoft has prepared for us for the Microsoft 365 fundamentals exam we've already covered a general overview on what the exam is who the exam is for and a brief overview on the topics but we'll need to cover the exam breakdown in more detail this is the section we're looking for the objective domain skills the exam measures so we already covered the four main domains describ Cloud Concepts describe Microsoft 365 apps and services with the emphasis of 45 to 50% describ security compliance privacy and Trust in Microsoft 365 and Microsoft 365 pricing licensing and support I won't be going through the entire list because it's quite long but I'll point out the ones I know will be very important for the exam starting with Microsoft SAS iOS and pass offerings and the differences between Office 365 and Microsoft 365 you'll need to know public private and hybrid scenarios and compare advantage of cloud-based Services versus on premises services for the Microsoft 365 apps and services you'll definitely need to know all of these Services listed you'll need to know a brief description of what it is what it's used for and its key features how does it improve productivity or collaboration and so on I'll just point out the ones I saw mentioned on the exam so Microsoft Outlook in Microsoft Exchange Microsoft 365 apps in one drive Microsoft teams SharePoint Microsoft Viva there will definitely be some questions on inpoint management topics like Microsoft in tune co- management and so on you'll need to know the deployment and release models for Windows as a service including deployment rings you'll run into Microsoft 365 admin Center and Microsoft 365 user portal for the security compliance privacy and Trust section you'll definitely see principle of leas privileged access identity and access management capabilities including enter ID MFA and conditional access Microsoft Defender drr Defender for Ino and other threat protection Solutions and also Microsoft secure score zero trust model Microsoft perview and Microsoft priva and you'll see a bit of auditing and ecovery solutions for the Microsoft 365 pricing licensing and support domain you'll need to know the pricing model for Microsoft cloud services including Enterprise agreements Cloud solution providers and direct billing you'll encounter available base licensing and management options and differences between base licensing and add-on licensing you'll need to know how to create a support request for Microsoft 365 services and as well as the service level agreements once again there's a lot on the list so I couldn't name all of them so I named the ones I thought were the most important but throughout the course we'll definitely cover all of the material in great [Music] detail hey this is Andrew Brown from exam Pro and we're starting at the beginning of our journey asking the most fundamental question what is cloud computing so looking into the dictionary cloud computing is described as the practice of using a network of remote servers hosted on the internet to store manage and process data rather than a local server or a personal computer so when we're talking about local we describe this as being on premise so being your own office or your own Data Center and this is where you own the servers you hire the IT people you pay the rent or the real estate you take all the risk whereas with a cloud provider if you're utilizing them it's someone else who owes the servers someone else who hires the IT people someone else who pays to rents the real estate and you are only left with be responsible for configuring your cloud services and code and someone else takes care of the rest sounds great doesn't it so now what I want to do is just give you a quick overview of how servers have evolved what we describe is cloud computing from a technical perspective and we'll probably dive deeper into this later in the course but we're just going to get a good overview here to understand from a business perspective so way back in the day what we had was dedicated servers if you wanted a server to run your web app or your technology what you had to do is you had to go buy a sing single dedicated physical machine and that was for one specific business dedicated servers are still used today but there's some downsides with them they're very expensive they're high maintenance however you do get a great level of customization and you potentially can have better Security based on your use case then what came along was virtual private servers where we still had one physical machine but it was still dedicated to a single business so we figured out how to take that physical machine and virtualize it into submachines so now we could fully utilize or better utilize that physical server with running multiple apps we didn't have to buy four different servers for four different apps we could easily run four web apps into four virtual submachines then we had shared hosting and this made it a lot easier for anybody who was building websites or word presses but the idea here is that you had one physical machine and it was shared by hundreds of businesses so it wasn't a single business sharing the cost it was multiple businesses this relies on most tenants under utilizing the resources though so if you had 100 people on a server and one person used more of the server than the others then you could all potentially suffer from that case but at the very least you are getting very very cheap servers but there are definitely some limitations so now coming down to Cloud hosting Cloud hosting gives us the best of both worlds so we have multiple physical machines that act as one system which could be described as the cloud and that system is extracted away into multiple cloud services so you get flexibility and scalability it's very secure it's very cost effective and it's highly configurable so that is where we're currently at and that is generally what cloud computing and Cloud hosting is about [Music] hey this is Andrew Brown from exam Pro and we are looking at common cloud services so a cloud provider can have hundreds of cloud services that are grouped into various types of services and the four most common types of cloud services for infrastructure is a service which is a topic we will discuss about later would be compute so this is where you have a virtual computer that can run applications programs and code then you have storage so this is where you would have a virtual hard drive that you could store files then you would have virtual networking because you have these computers and storage so you need to put them in some kind of virtual Network to Define internet connections or network isolations and then you have databases so just imagine a database that is running in the cloud or if you're not familiar databases just imagine that it's excel in the cloud but it Powers your web apps one thing I want you to know about the term cloud computing is that even though it says Computing in the word at this point we just use it as a catchall term so it could refer to all of these categories so when I say cloud computing it could be referring to compute network storage and database but you can also say cloud storage Cloud compute Cloud databases Cloud networking and people will know what you [Music] mean hey this is Andrew Brown from exampro and we are looking at what is Microsoft so you've probably seen this logo before and Microsoft is an American multinational computer technology corporation headquartered in Redmond Washington Microsoft makes software phones tablets game consoles cloud services which is what we care about here today and they even have a search engine and we're not just limited to that list they have tons of stuff but Microsoft is best known for their operating system called the windows and they've been around since the 1970s so they've been around for quite a while in the tech sphere so now that leads us to the question what is azure so Azure is what Microsoft calls their cloud service provider and so it's called Microsoft Azure or we commonly refer to it as just Azure so here is the logo for it and if you're wondering what is the name behind the service Azure literally means bright blue color of the cloudless sky so that's great you'll hear me say cloud service provider frequently throughout the cloud Concepts portion of the course and it is abbreviated to CSP but that's what Azure is it is a cloud service provider so there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at the benefits of cloud computing so what are the benefits well we have a big list here for you starting with cost Effectiveness so you pay for what you consume there are no upfront costs you have pay as you go also abbreviated as poy and you're sharing the cost with thousands of customers so that's how you're getting that low cost another benefit is that you can go Global so you can launch workloads anywhere in the world just choose your own region and you are now in the global market another benefit is that the cloud is secure because the cloud providers take care of the physical security and cloud services can be secure by default or you have the ability to configure access down to the granular level say so you have a lot of security controls that you would have and you would normally not have or you'd have to build out on premises now the cloud is also known for being reliable so you can have data backups disaster recovery and data replication and fault tolerance the cloud is also scalable you can increase or decrease your resources and services based on the demand the cloud is also elastic so you can automate scaling during spikes and drops of the demand when there is no longer the demand for that stuff and finally it's also current so the underlying hardware and software is patched upgraded and replaced by the cloud provider without interruption to you and for the last point there are cases of interruption but generally fewer interruptions than you would have on premises so there you [Music] go hey this is Andrew Brown from exampro and we are looking at the different types of cloud computing and we have this nice pyramid on left hand side to help us understand how each type builds off the other starting at the top of our pyramid we have software as a service also known SASS and this is a product that is run and managed by the service provider you don't have to worry about how the service is maintained and it just works and remains available so you might not be aware of this but you probably already are using a SAS product so examples of that could be Salesforce or Gmail or Office 365 so those are things that would be considered SASS and these are really for customers so it's just you wanting to use General software on your computer but in the cloud the next category we have is platform as a service abbreviated as pass and so here we focus on on the development and management of your applications so you don't have to worry about provisioning configuring or understanding the hardware or operating system and this is really for people that are building apps but they don't think about any of the infrastructure services like this would be elastic beanock on a WS Heroku that is very popular amongst Junior developers which is a thirdparty service for launching web apps and then you have the Google app engine so those are three examples there and these are really for developers so platform is a service makes it easy for developers to build apps on the cloud without worrying about all the stuff underneath at the bottom finally we have infrastructure as a service abbreviated as as and this is the basic building blocks for cloud it so it provides access to networking features computers and data storage space you don't worry about the IT staff data centers and hardware and so examples of infrastructure as a service would be Microsoft Azure a WS or even Oracle cloud and so this is really intended for administrators the main focus of the course will be on Microsoft 36 5 which falls under the category of software as a service but you will definitely need to understand the differences of the cloud computing types for the exam so that is the three types of cloud computing [Music] okay hey this is Andrew Brown from exam Pro and we're looking at the types of cloud computing and responsibilities so we saw the three categories but we don't really understand what it is that we're responsible for and what is the cloud service provider responsible for so let's lay out our categories and we're going to include on- premises into this because technically on premises could be a private cloud and should be in the category here so we have on premises infrastructure is a service platform is a service and software is a service so when we're looking at applications it's going to be the customer's responsibility for on Prem infrastructure as a service and pass but when we have software as a service the cloud service provider is responsible for that when we are looking at the data level it's going to be the same for software as a service the cloud service provider is going to be responsible but for the rest it's going to be the customer and then on the next level for the runtime the cloud service provider will be responsible for the platform is a service and software as a service the customer will be responsible for on premises and infrastructure as a service for middleware it's going to be the same for the OS like the operating system that is running on the service it's going to be the same then we get to virtualization the cloud service provider is responsible for the virtualization for infrastructure is a service platform is a service and software is a service so everything except for on Prem then for servers it's the same for storage it's the same and for networking it's also the same so you can see that on premises you're responsible for everything and the farther we move up the types of cloud computing the less responsibility you [Music] have hey this is Andrew Brown from exam Pro and we are looking at azure's deployment models the first model we're going to talk about is public cloud and that's where everything is built on the cloud service provider you're not using anything on Prem or in your own data centers everything is running within Azure generally this is known as Cloud native but for some reason Azure calls it the public Cloud so that's what we're going to use in the terminology here so here I have an architectural diagram we have a network on Azure and within that Network we have a virtual machine running and a database running so that would be an example of public Cloud then we have private cloud and so this is where everything is built on the company's data also not as on premises because it's within the premises of the organization like their physical location and an organization could technically be operating their own cloud but it would be private cloud and it could be running an open source Cloud software that mimics what Azure would do such as open stack so it looks very similar but you just put an open stack and it's running a virtual machine or a server and it's also running a database and the last on our list here is hybrid so with hybrid you are using both on premises and the cloud service provider and they're connected together and so there's a lot of different networking services that you can use that will facilitate the connection between the two in this case we're using express route express route is a dedicated connection it's like having a fiber optic Line running from your on premises data center to the Azure Network so it's just one of the ways you can connect and if we wanted to understand the pros and cons I have this nice little table here and we'll just quickly go through it so if you're using public Cloud it's more coste effective for security it screen controls are stronger by default but some people might not find the cloud will meet all their security requirements because of government and Regulatory reasons not because the cloud is not secure but it's just those policies for the level of configuration it's going to be limited based on what the cloud service provider exposes to you so there's a lot of configuration there it's just that if you have your own servers you obviously can do anything and everything with them for technical knowledge you don't need to have as much in-depth knowledge of the underlying infrastructure because you're not physically setting up servers or networking and everything else now coming down to private Cloud private cloud is the most expensive option on our list so you're going to be paying a lot of money for security there is no guarantee that it is 100% secure because you just don't have the same kind of visibility that you would have with a cloud service provider with all those dashboards it's just so hard to build out all that software but you can meet your security compliance requirements depending on your situation but this is becoming less and less as more governments and larger organizations move over to the cloud you can configure infrastructure exactly how you like because you literally bought the hardware and can do anything you want with it and for the technical knowledge you'll require a serious amount of technical knowledge you might even have a really hard time finding the resources to maintain all that stuff down below we have the hybrid model so this could be more cost-effective based on what you offload to the cloud and also the cost of actually moving data back and forth for security you have more to secure but technically some things are easier to secure on the cloud than it is in private so you might have a boost in security you're going to get the best of both worlds in terms of configuration and for technical knowledge you're going to need to know both the cloud and how to set things up on premises and that's the most work there and just one more deployment model here I just wanted to briefly touch on Cross Cloud this isn't something that is listed on the actual exam but it's something that you should understand and know and so cross cloud is when you're using multiple Cloud providers some people refer this as multicloud or hybrid cloud and so I just have an example here so there's a service called Azure Arc and what Azure Arc does that extends your control plane so you can run containers kubernetes containers on a different platforms and so you could have a WS on the left hand side with eks and gcp kubernetes engine and so you can be running virtual machines and they're all treated like they're on the same network so cross cloud is becoming very popular with extremely large organizations where they have very unique requirements but I definitely want you to know what that is because it just gets left out and it's definitely something that is a part of the [Music] industry hey this is Andrew Brown from exam Pro and we're looking at the concept of total cost of ownership also known as TCO so what is the difference between on premises having your own data centers in comparison with using Azure so you'll notice above it it says capex and Opex we're going to talk about that in the next slide but for the time being we're going to focus on the total cost of ownership so to really make sense of TCO I always use this graphic here and if you're wondering what that is those are icebergs people sometimes think they look like teeth and so just to make this drawing a little bit more clear I've added some penguins in a whale so there's no mistaking it and the reason we're using this as a representation is because we have the top of the iceberg which are the costs that we're generally concerned about but then we have those hidden costs those costs that we're not really thinking about underneath the water and if you know icebergs they can be really big underneath so on the left hand side the cost that we generally think of is the software license fees and then for the cloud service provider we look at the subscription fees and so when you're comparing these two sometimes the subscription fees can cost more than the software license fee so You' think well we should really just use on premises because it's more cost effective but when we taken the total cost of ownership and all the costs involved we're going to see a very different picture so on the left hand side if you are on premises you have to deal with the implementation the configuration and the training but you also have to deal with the physical security of your building you have to pay for the hardware you have to pay for the IT personnel you also have to deal with maintenance now on the right hand side on the cloud you still have to do implementation configuration and training but that's about it so there's a big difference in terms of what you have to do in you might ask okay well what is the amount of savings well generally people find that when they move from on premises to the cloud they save about 75% that's a lot of money okay 75% of what you generally would spend and so now all this stuff on the left hand side is now azure's responsibility you don't take care of those anymore Azure is going to take care of it for you so that's total cost of [Music] ownership hey this is Andrew Brown from exam Pro and we're looking at C Capital versus operational expenditure so on the left hand side we have capex so Capital expenditures on the right hand side we have operational expenditures Opex and so looking at the leftand side capital expenditure is spending money upfront on physical infrastructure so deducting the expenses from your tax bill over time a lot of companies especially larger companies are used to dealing with capital expenses and they know how to work their tax bill so that's why a lot of people are afraid to move over to the cloud because they're used to this way of operating but let's talk about some of the things that would be considered a capital expense so again it's anything that's physical and then you're buy it with money upfront so computers that would be your server cost if you were to buy hard drives it would be your storage cost if you bought routers cables or switches for your network if you're purchasing things for backup and archive costs if you had disaster recovery so like an uninterruptible power supply would be an example of that you have your data center costs so that's your rent cooling physical security you have technical Personnel so you're hiring people to do things for you and so with capital expenses you have to guess up for what you plan to spend now let's look at operational expenditure so operational expenditure is the cost Associated when an on-premises data has shifted that cost to the service provider so here in this case it's the cloud service provider and the customer only has to be concerned with non-physical costs so what are some examples of Opex costs well leasing software and customizing features training employees in cloud services paying for cloud support billing based on the cloud metrics so Compu usage and storage usage and the advantage here is that operational expenses you can try a product or service without investing equipment so we have flexibility of investment and also from the previous slide covering total cost of the ownership we saw that we have a huge reduction cost so those are two really good reasons to use the [Music] cloud hey this is Andrew Brown from exam Pro and we are looking at Cloud architecture terminologies and these are very important to help you conceptualize the advantages of the cloud so we're going to go through these terms and then we're going to go through them again in more detail in further slides so at the top of our list we have availability and this is your ability to ensure a service remains available this is generally known as being highly available or high availability abbreviated to ha that's a term you should know then we have scalability so your ability to grow rapidly or unimpeded then you have elasticity so this is your ability to shrink or grow to meet the demand you have fault tolerance this is your ability to prevent a failure then you have Disaster Recovery this is your ability to recover from a failure this is generally known as being highly durable or high durability so there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at the concept of high availability so high availability is the ability for your service to remain available by ensuring there is no single point of failure and or to ensure a certain level of performance so here I have a technical architectural diagram that is describing High availability so the idea behind this is that if you have a server which runs your web application if you were to run redundant versions of your server if anything happened to a single server traffic would always be routed to those other servers and that would allow your service to remain available now having multiple servers is great but what's even better is having multiple servers and multiple data centers because something could happen to a data center it could become unavailable because of the networking issue so by being able to Route traffic to those servers you're going to remain highly available running a workload across multiple availability zones and availability zones is what Azure calls their data centers ensures that if one or two data center becomes unavailable your service will remain available it's very very common to run at least three servers across three data centers now how would you distribute the traffic or manage the traffic to all three well that's where an Azure load balancer comes into play represented as a green diamond with the arrows that is the representation of a load balancer so a load balancer allows you to evenly distribute traffic to multiple servers in one or more data centers and if a data center or server becomes unavailable so un healthy the load balancer will rote the traffic to only available data centers with servers so there you go that is high [Music] availability hey this is Andrew Brown from exam Pro and we're looking at the concept of highs scalability and this is your ability to increase your capacity based on the increasing demand of traffic memory and computing power if you are a growing company you're going to have to scale up you're going to have to get bigger and better servers but there are different types of scaling so the first type of scaling is vertical scaling this is the most obvious one people are going to think of and it's called scaling up what we do is we just upgrade to bigger servers we need bigger stronger and faster computers for instance if your server requires more processing power vertical scaling would mean upgrading the CPUs you can also vertically scale the memory storage or network speed there's another kind of scaling called horizontal scaling and horizontal scaling is described as scaling out what you're doing is you're just adding additional servers because we saw with the high availability we have a load balancer we can distribute traffic to multiple servers and three servers can equal the same thing as one big server so horizontal scaling is when we add more servers of the same size for example if you are hosting an application on a server and find that it no longer has the capacity or capabilities to handle traffic adding a server may be your [Music] solution hey this is Andrew Brown from exam Pro and we're looking at the concept of high elasticity and this is your ability to automatically increase or decrease Your Capacity based on the current demand of traffic memory and computing power so this sounds a lot like high scalability but the key difference is that it's automatic and you can decrease the demand not just increase it so the way we would do that is that we would have a virtual machine or server and if we needed more servers we would add more servers and if we needed less servers we would remove servers or servers that are not being used and so this is going to be accomplished using horizontal scaling so when we say we're scaling out this means we're adding more servers of the same size when we're scaling in this means we're removing servers of the same size generally you're not going to use vertical scaling for a high elasticity this is because it's just extremely difficult to vertically scale for example if you have to increase your storage drive and then you decrease it you could potentially lose data so it's not a good idea or even feasible to do vertical scaling with high elasticity now how would you accomplish elasticity on Azure well you'd use azure VM scale set so scale sets automatically increase or decrease in the response to demand or based on a defined schedule and then we have SQL Server stretch database these dynamically stretch warm and cold transactional data from Microsoft SQL Server 2016 to a Microsoft Azure it's not something that we're going to cover but it's generally the same concept of what scale sets do so there you go that's high [Music] elasticity hey this is Andrew Brown from exam Pro and looking at the concept of being highly F tolerant and this is the ability for your service to ensure there is no single point of failure preventing the chance of failure so when we looked at high availability we also said that there was no point of failure but when we really talk about that we're really talking about being highly fault tolerant because there's the word failure in the word and that is what being fault tolerant is so how do we prevent failure well we use the concept of failovers so failovers is when you have a plan to shift traffic to a redundant system in case of primary system system fails and so I have a Graphic here that represents a primary database failing over to a secondary database so the idea is that we have a copy of our production database and we're going to call that a secondary system and every time something is written to our primary database it's going to be synced so it's going to be set over to our secondary database so it's up to date with the latest database and then if the primary database happens to fail for whatever reason whether it's Hardware or otherwise it's going to detect that there's something wrong with the primary database and it's going to fail over to the secondary database and the secondary database is going to be promoted to being the primary Database The key thing to understand is that the secondary databas is on standby it's not in actual use it's only in use when the failover occurs so what would you use in Azure to build out a highly fault tolerant system that's where Azure traffic manager comes into play so this works at the DNS level the idea here is that you can fail over from a primary system at the DNS level to a standby secondary system this is really great if you have Regional failures you could probably also use a load balancer but this is the case that I'm showing here so there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at the concept of high durability so this is your ability to recover from a disaster and to prevent the loss of data so solutions that recover from a disaster is known as Disaster Recovery Dr you can think of durability as a measurement of how healthy and resilient your data is you want your data to be as safe and secure when you retrieve it as it was on the day you stored it so I'm just going to ask you a few questions to help you think about how to be highly durable so one question would be do you have a backup in place how fast can you restore your backup does your backup still work how do you ensure a current live data is not corrupt data loss can happen through human accident natural or man-made disaster or even malicious action out of your control whether you store data in your home office or with a cloud provider that data needs to be protected as much as possible from any event that could damage or destroy it you need to ensure that you have the questions listed to be answered with an appropriate solution to ensure high durability there are a variety of services to implement high durability so it's not just a single service so that is the concept of high durability and that is the full list of cloud architecture [Music] terminology hey this is Andrew Brown from exam Pro and so before we talk about Microsoft 365 let's talk about the evolution from Office 365 to Microsoft 365 so office 365 was designed to bring together its existing online products to a continually upto-date cloud service it combined the core productivity apps such as word excel PowerPoint Outlook Etc and the collaboration and communication tools such as exchange SharePoint and Skype for business Microsoft's Cloud productivity Services have expanded much beyond what most people think of his office in recent years resulting in Microsoft 365 therefore renaming Office 365 to Microsoft 365 reflects the extension of features and benefits beyond the core Office 365 products and services Microsoft 365 includes everything in Office 365 and more such as Windows teams and other cloud-based security and device management products and services it's designed to help people and businesses achieve more with Innovative apps intelligent cloud services and world-class security Microsoft 365 is a subscription service that ensures you always have the most up-to-date modern productivity and collaboration tools you'll always have access to the most up-to-date features fixes and security upgrades as well as technical assistance if you already have an Office 365 subscription it automatically becomes a Microsoft 365 subscription and no action is needed from your end so that gives us a bit of background of how Microsoft 365 came to [Music] be hey this is Andrew Brown from exam Pro and we'll be talking about Windows 365 many of you are probably familiar with Windows Windows is a well-known operating system with the most recent versions being Windows 10 and 11 so what is Windows 365 Windows 365 isn't an operating system and it isn't installed on your computer in the same way that Windows is it's a subscription service for organizations that allows you to create and run PCS remotely Windows 365 is referred to as a cloud PC this is because it's securely streams your personalized Windows desktop apps settings and content from the cloud to any device a cloud PC is a virtualized computer environment that allows you to stream your Windows Experience from Microsoft's Cloud to any device with a cloud pc windows evolves from a device-based operating system to hybrid personalized Computing so Windows 365 has the following capabilities it's simple to deploy and manage from a single console it uses a local profile that is stored directly on the cloud PC you can easily set up and scale Cloud PCS to fit your needs and securely support changing Workforce needs and new business scenarios it provides provides native integration across Azure active directory Microsoft Defender Microsoft 365 applications and Microsoft Ino manager and it's also dedicated to a single user Windows 365 is available in two subscription offerings Windows 365 business which is made specifically for smaller organizations of up to 300 seats who want ready to use cloud PCS with simple management options Windows 365 Enterprises for larger organizations who want unlimited seats for creating cloud PCS so that's Windows [Music] 365 hey this is Andrew Brown from exam Pro and we're taking a look at the main part of the course Microsoft 365 so Microsoft 365 is a cloud-based subscription service that consists of an integrated portfolio of products like office apps teams Windows worldclass security and more it helps solve today's challenges to productivity and secure work from anywhere it helps you be more productive from anywhere with the right tools you can enable your team to perform at their best with Cloud technology to improve team collaboration from any location Microsoft teams helps you connect with colleagues through chat voice and video it lets you create content with built-in office apps and use the power of artificial intelligence to improve work you can use integrated tools to simplify work and automate manual processes with Microsoft Viva you can build a culture that allows your people to achieve their best from anywhere and you can easily transition from computer to mobile devices with Innovative mobile apps enabling you to stay productive on the go so with Microsoft 365 you can secure your organization with reliable technology it elevates and modernize your security manage risk and meet compliance standards on Microsoft's trusted Cloud it ensures only the right users have access with Azure active directory multiactor authentication and biometric access like Windows Alo with Microsoft and point manager you can deploy a seamless end to end management solution and gain Insight across all connected devices with Microsoft 365 Defender it protects your company against sophisticated cyber attacks and you can get realtime analysis of your current security posture with Microsoft secure score moving on to the cost Effectiveness and efficient factors so you get one coste effective solution with Microsoft 365 you consolidate into a single platform versus buy numerous platforms for multiple capabilities you save out Automation and process improvements through workflows dashboards and AI it reduces your total cost of Risk by enhancing your security and compliance posture M365 manages hardware and software more efficiently so it can focus on strategy it reduce hard costs like real estate and travel through flexible work from anywhere you can also access Microsoft 365 through portal. office.com so that's the general overview of Microsoft [Music] 365 hey this is Andrew Brown from exam Pro and we'll be talking about Microsoft 365 apps so Microsoft 3 65 apps as a suite of apps that help you stay connected and complete your tasks these apps consist of the office suite of applications such as word excel PowerPoint OneNote Outlook teams and more Microsoft 365 apps provides the benefits of the cloud giving you the flexibility to work from anywhere at any time on any device helping you be more productive so let's go over the three key features of Microsoft 365 apps Microsoft 365 apps allow you to work across multiple devices depending on your plan you can install Microsoft 365 apps on up to five PCS or Macs as well as five tablets iPad windows or Android the apps that you work with are always up to date you won't have to spend time installing updates or worrying about when new features will be introduced you and your co-workers will always be working with the latest up-to-date features Microsoft 365 apps lets you work intelligently through connected experiences it includes intelligent features also called connected experiences to help you get work done faster and create amazing content also in terms of subscriptions Microsoft 365 apps are available in both Microsoft 365 Apps for business and Microsoft 365 apps for Enterprise subscriptions so here we have a list of some of the applications included in Microsoft 365 apps we'll give a general overview of what they do and for some we'll cover in Greater detail later on in the course Microsoft teams can help you bring everyone together in one location to meet chat call and collaborate word can help you create impressive documents and improve your writing with built-in intelligent features like Microsoft editor and researcher Excel can help you simplify complex data and create easy to read spreadsheets and visualizations PowerPoint can help you easily produce polished presentations that stand out with intelligent features like presenter coach and PowerPoint designer Outlook allows you to keep track of your email calendar tasks and contacts all in one place one note can help you keep track of your notes by organizing them into tabs and subsections resulting in a single digital notebook so that's the overview of Microsoft 365 [Music] apps hey this is Andrew Brown from exampro and we'll be going over the Work Management capabilities and tools in Microsoft 365 the first one we'll be talking about is Microsoft Project so Microsoft Project is a powerful project management tool designed for larger more complex work tasks project for the web is Microsoft's most recent offering for cloud-based work and project management it provides simple and Powerful Work Management capabilities to meet most needs and roles project managers and team members can utilize project for the web to plan and manage work that requires Dynamic scheduling subtests and or dependent tasks regardless of Team size you can take on tasks of various sizes from little projects to large initiatives so now let's go over some of the features of project so you can start a project quickly and assign tasks and schedules while keeping team members and managers on the same page project provides the smart scheduling engine which will automatically update the timeline saving you time and effort you can utilize the easy to ous views such as grid views cambon style task boards and timeline Gant charts you can integrate with Microsoft teams to improve collaboration across the project in power bi you can create attractive interactive dashboards to see every aspect of the project at a glance finally it's extensible with other platform apps and data because project is built on the Power Platform so that's Microsoft Project hey this is Andrew Brown from exampro and the next Work Management tool in Microsoft 365 we'll be talking about is Microsoft planner so Microsoft planner is a userfriendly collaborative task management tool for planning managing and completing task-based initiatives it provides a simple and visual way for teams to organize their work planer is a web-based application that can be accessed from anywhere and it also has a mobile version for IOS and Android so now let's go over some of the features of Microsoft planner so you can create a plan to give task-based teamwork structure and to organize the activities in your project you can assign and manage tasks on a campin board using task cards and add those tasks to buckets task cards provide various information such as due dates status priority checklists labels and file attachments you can manage the notifications you receive to stay on top of deadlines Microsoft planner lets you keep track of your team's progress with colorful visual cues and built-in status reporting you you can utilize visuals like the task board charts page and schedule view summarize the status of your entire plan and individual tasks you can also integrate with teams by adding a tasks by planner tab so that lets you assign tasks with dimensions in Word Excel and PowerPoint and add your plans to your Outlook calendar so that's Microsoft [Music] planner hey this is Andrew Brown from exam Pro and we'll be talking about Microsoft bookings so Microsoft bookings is a web- based appointment appointment scheduling and management system with Microsoft bookings scheduling and managing appointments is made easier it includes a web-based booking calendar and integrates with Microsoft Outlook to optimize your staff's calendar and give your customers the flexibility to book a time that works best for them so now let's go over some of the features of Microsoft bookings so by using the web-based business facing page you can Define appointment types and details manage employee schedules set business hours services and pricing and customize how appointments are are scheduled you can also allow extra time between appointments for any pre-or post-appointment tasks you can create a booking page where your customers and clients can make their own appointments and reschedule them you can also share the booking page with a direct link on your Facebook page or by embedding the link into your website Microsoft bookings provides automatic appointment notifications via email and SMS to ensure that customers receive proper confirmations and reminders you can view your appointments access customer lists and contact information and make manual bookings on the go with the business this facing mobile app you can also integrate with Microsoft teams or Skype for business to support virtual appointments and bookings calendar management through the bookings app and teams so that's the list of features for Microsoft [Music] bookings hey this is Andrew Brown from exampro and we'll be talking about the last Work Management tool in Microsoft 365 on the list Microsoft too Microsoft too is an intelligent test management app that makes it easy to plan and manage your day it provides provides a smarter more personal and intuitive way for people to stay organized and make the most out of their day Tod do is powered by Office 365 exchange online and can be integrated with look and planner Microsoft to is available on a variety of platforms including iOS Android windows and the web to do empowers you to complete the most important tasks you need to get done every day whether they are for work school or at home so now let's look at some of the features of Microsoft to-do Microsoft Todo provides a daily to-do list call my day that will will help you focus and complete your most important tasks you can utilize Smart Suggestions to add tasks upcoming or overdue tasks you can get an overview of what you accomplished yesterday and tasks you didn't complete lists can be made for any occasion and Shar with others to do let you break down more complex tasks into subtasks you can separate lists of tasks generated from flagged Outlook emails you can also schedule reminders and repeatable tasks and finally you can view your assigned tasks from planner into Todo so that's the list of features for Microsoft to-do [Music] hey this is Andrew Brown from exam Pro and we'll be talking about business class email and calendary with Microsoft Exchange Microsoft Exchange online is a hosted messaging solution that delivers the capabilities of Microsoft Exchange Server is a cloud-based service it allows users to access email calendar contacts and tasks from PCS the web and mobile devices all in one place it integrates fully with all other Microsoft 365 workloads making Administration easy one thing you might be wondering is what's the difference between Microsoft Exchange online and Outlook well exchange is a mail server which means it's a dedicated Network Resource Management program where as Outlook is an email client which means it's a software program installed on your desktop that is designed to send and receive emails so let's go over some of the features of Microsoft Exchange online Microsoft 365 syns your emails Calenders and contacts across all of your devices ensuring that you are always up to date no matter where you are you you can create your own custom format add images and use your own domain name based on where you live you can create a public folder for shared access to provide an easy way to collect organize and share information with other people in your workg group or organization you can share your calendar and exchange online to allow businesses to collaborate with other businesses and to let users share their schedules with others you can set up new users restore deleted accounts and create custom scripts and more exchange also is secure it has built an anti-spam and antimalware protection customiz ible anti-spam and antimalware policies and many more security features so that's the list of features for Microsoft Exchange [Music] online hey this is Andrew Brown from exam Pro and in this section we'll be covering Microsoft forms Microsoft forms is a simple userfriendly tool that allows you to easily create surveys polls and quizzes Gathering valuable feedback and data in real time some of the key use cases include education create quizzes and surveys to assess student learning business collect employee feedback and conduct customer surveys event planning gather RSVPs and opinions for meetings or events Market Research collect data from Target audiences for insights and some of the key features include easy to use quickly create forms without technical skills instant feedback analyze responses as they come in with visual summaries collaborative share and edit forms with your team seamless integration works with Microsoft 365 apps like Excel and teams mobile ready accessible on any device for on the-go responses custom templates use pre-made templates or customize your own so that's an overview of Microsoft forms the next app within Microsoft 365 will'll be covering is Microsoft lists Microsoft lists is an app that helps you track information and organize work efficiently through customizable lists some of the use cases include project management track project tasks deadlines and progress event planning organize event details schedules and RSVPs issue tracking monitor issues or requests and their resolution status and inventory management manage and update inventory levels assets and resources some of the key features include collaborative workflows share lists assign tasks and track progress with your team in real time integration Works seamlessly with Microsoft 365 apps like teams SharePoint and out to boost productivity automations automate processes with rules and flows to minimize manual work views and formats manage and analyze information with flexible views including grid calendar and gallery and customizable lists create or use templates to quickly build lists tailored to your needs so that's an overview of Microsoft [Music] lists hey this is Andrew Brown from exampro and we're taking a look at how to create a Microsoft account so the first thing you want to do is to go to this link here called account. microsoft.com and this will take you to this page here and if you don't already have a Microsoft account you want to navigate to this button here and click on create account so this is the page where you create your Microsoft account here is where you'd enter in your email you want to register with let's go with this one exampro 001 Gmail come and it'll ask you to create a password so let's enter that in here very quickly you'll have to enter in the country you're from as well as your date of birth so the usual things for registrations you'll get a verification code for the email you registered with and you'll have to confirm it to complete the process I have the email account already open so I can get the code here 8802 copy and paste the code into the verification you can choose to receive information tips and offers about Microsoft products and services if you're interested looks like we have to go through this puzzle to prove we're not a bot so we'll go through this very quickly okay great you've now created your Microsoft account so once you have your account created you can try Microsoft 365 for free or you can buy a subscription some of you may already have Microsoft 365 it could be provided by your company or other sources you can go to this link here called microsoft.com andca Microsoft d365 SL Microsoft d365 d business-standard d one- month- trial to try Microsoft 365 for free for the purpose of the demonstration we'll sign up for the Microsoft 365 business standard trial for 1 month first we need to provide our email address so let's enter that in here exampro 001 Gmail come then we need to set up our account so we need to provide our name surname business phone number company name company size ET it should be fine if you don't have one or you may come up with something then we'll need to perform the verification code process again enter in the numbers you got from your phone number you can choose to create a new business email later or create a new business email with a Microsoft domain we'll need to create a new business email with the Microsoft domain let's go with Andrew Brown at exampro 001 onmicrosoft.com and enter in the password you want this is important because this will be how you'll sign in this is not your email like exampro
[email protected] the next part is the payment process so we'll need to enter in the information required you won't be charged at all if you cancel before 1 month after this process you'll need to log in with the new business email we created earlier so Andrew Brown and exampro 001 onmicrosoft.com enter in the password so now we're currently at the Microsoft 365 admin Center you can install the latest office apps here such as word excel PowerPoint Outlook teams one drive and so much more Microsoft 365 has a ton of services and apps that will improve your productivity and collaboration within your organization it has many analytical capabilities and its security is world class we'll be covering all these services and features in Greater detail throughout the entire [Music] course hey this is Andrew Brown from exam Pro and we're taking a look at how to create a new Microsoft 365 user from within the Microsoft 365 admin Center the first thing you want to do is to open your web browser and navigate to admin. microsoft.com and log in by using your administrator credentials on the left hand navigation menu click on users then active users this will provide the list of available users on the main screen to add a single user click on the add a user button on the top of the page underneath the active users label on the set up the basics page fill in the first name last name display name username and domain for the new user also decide which checkboxes to check and more specifically choose the following the first one is automatically create a password check this option if you need the Microsoft 365 admin sender to automatically allocate a new temporary password to the new user the next one is require this user to change their password when they first sign in This is highly recommended as you would normally expect that the user change the temporary password which you initially send to a strong password only they will know the last one is send password and email upon completion combined with the previous checkbox this is the most secure option since you would not have to share the temporary password over any other non-secure means enter the email address to which the new password will be sent in the generated text box after having filled in all required information click on next to continue on the assigned product licenses page select the user location and choose whether a Microsoft 365 license will be assigned to the user by ticking the appropriate checkbox or if the user will be created without a product license we'll be providing the user with a Microsoft 365 business standard license there's also an app section where you can select specific applications that you want the user to have access to for the Microsoft 365 business standard license there's roughly 29 available once you're satisfied with the settings click on next to continue on the optional settings page you can choose whether the new user will have any additional Microsoft 365 roles such as exchange administrator Global administrator or Global reader for this example we won't Grant the user admin access click next to continue this will lead you to the review and finish page fill in any additional user profile information if you wish to review all user information and click finish adding your new user should now appear in the Microsoft 365 app Center active users [Music] homepage hey this is Andrew Brown from exam Pro and we're taking a look at how to access all the Microsoft 365 online apps we won't be providing an overview of the functionality offered by each app because the course will provide a detailed overview of all the important ones for the exam the easiest way to navigate to your Microsoft 365 online apps is to go to the URL called office.com and sign in with your credentials then on the top left corner click on on the dotted Square icon and click on all apps this should provide the list of Microsoft 365 apps you have available according to your license in this case these are the apps available for the Microsoft 365 business standard license alternatively you can view the apps in a larger perspective by clicking on the explore apps button or going to the URL called office.com apps you can see apps here such as bookings calendar Excel One Drive Outlook planner and many more that will meet your business needs addins can be accessed as well by clicking on the top right button here addins are Microsoft 365 certified apps which are listed in the Microsoft appsource portal available at appsource microsoft.com the add-ins integrate with Microsoft 365 apps to extend the native functionality with more granular and specialized features so that's how you can access all the M365 online [Music] apps hey this is Andrew Brown from exam Pro and we'll be talking about Microsoft teams and its core components and the value it provides when it comes to collaboration workloads so Microsoft teams is your organization's core Center for collaboration with a chat-based workplace to help everyone work more productively it's an app for people and teams to come together stay connected and get things done across work home school and on the go so the first component of Microsoft teams we are going to talk about are the teams and channels so teams are a collection of people content and Tool surrounding different projects and outcomes within an organization it's designed to bring together a group of people who work closely to get things done teams can be public and open to anyone within the organization also a team has a limit of up to 10,000 simultaneous members channels are dedicated sections within a team to keep conversations organized by specific topics projects disciplines or whatever works for your team it's a place where users can discuss and get hands on with work there are three types of channels the first type of channel are standard channels this can be open to all team members next we have private channels which are for selected team members the last type of Channel or shared channels this can select people both inside and outside the team so the next component of Microsoft teams we'll be talking about is the chat and instant messaging so chat and instant messaging lets you work together without cluttering up your email and keeping it clear for important messages some of the advantages of using chat and instant messaging include it keeps the people informed by chatting oneon-one or in groups it encourages open debate by asking questions and encouraging open discussion you can start a call or share screens to get things done faster the messages are sent in real time but it doesn't disturb your co-worker work you can use your mobile device to chat to stay in touch no matter where you are teams can be used to share useful files and store everything in one place you can host audio video and web conferences and chat with colleagues from within and outside your company so another component of Microsoft teams is called Microsoft teams phone Microsoft teams phone is a secure inte gred calling service that combines traditional and modern features it can be used on your computer tablet mobile device or desk phone to stay connected with voice and video calling team's phone has updated Cloud calling features like voicemail transcription and group call pickup to elevate your experience beyond that of traditional calls with teams phone you can seamlessly transition calls from your home Wi-Fi to your cellular service while on the go and then back to your office Wi-Fi once you arrive you can also start a call from chat contact card Outlook or the calls app to save time and reduce costs so that's Microsoft teams phone and that gives us an overview of the core components of Microsoft teams and the value it provides in collaboration [Music] workloads hey this is Andrew Brown from exam Pro and we'll be going over some of the collaborative apps we can use to extend teens so a collaborative app is a solution integrated or built into teams that enables employees to work better together using the tools they already know apps for teens can be simple or complex depending on your needs it could be as simple as sending notifications to channels or users or as complex as multi-service apps incorporating conversational Bots you could Implement natural language processing or even embedded web experiences some of the ways that you can extend teams using collaborative apps are powerbi and teams can help your organization to collaborate with data to achieve better outcomes power apps can help you build apps to add directly into teams by creating a tab power automate can help you automate tasks and processes all within teams Dynamics 360 5 and teams integration can provide highle details of your customers ensuring that you have useful contacts and are prepared for customer interactions power virtual agents allows you to create chat Bots that can be integrated into teams you can also integrate with third-party partners and services for more capabilities within teens like service now or Salesforce so those are some of the ways you can use collaborative apps to extend [Music] teens hey this is Andrew Brown from exam Pro and we'll be talking about Microsoft Power Platform so Microsoft Power Platform is a line of business intelligence app development and app connectivity software applications Microsoft Power Platform is composed of four key products power apps power automate powerbi which stands for business intelligence and power virtual agents and we'll be talking about these four products in a bit more detail in the next couple slides before we talk about the four key products of Power Platform we want to talk about the cross cutting features which enable Microsoft power platform to be leveraged to its full potential some of these are AI Builder which lets users and developers add AI capabilities to the workflows and power apps they create in use it adds intelligence to your workflows and apps and predict outcomes to help improve business performance without writing code Microsoft data verse is a scalable data service and app platform which lets users securely store and manage data from multiple sources and integrate that data in business applications using a common data model to ensure ease and consistency to users connectors enable you to connect apps data and devices in the cloud there are more than 600 connectors for Microsoft Power Platform enabling all your data and actions to connect cohesively so let's start talking about the key products of Power Platform starting with power apps power apps provides a rapid low code development environment for building custom apps for business needs it has Services connectors and a scalable data service and app platform to allow simple integration and interaction with existing data some of the features of power apps include enabling the creat of web and mobile applications that run on all devices it has an easy user experience for app development with a simple interface so that every business user or Pro developer can build custom apps it provides over 200 connectors to integrate data and systems it enhances productivity with pre-built AI scenarios power apps provides private and secure submission of information so that's power apps the next product we'll be talking about is power automate power automate lets users create automated workflows between applications and services it helps helps automate repetitive business processes such as communication data Collections and decision approvals the following is a list of power automate features Tower automate allows for the creation of Enterprise grade process automation it provides a simple interface allowing every level of user to automate work tasks from beginners to season developers it provides hundreds of prebuilt connectors power automate provides AI Builder it can predict outcomes to improve performance so that's power automate the next product is powerbi which is a business analytic service that delivers insights for analyzing data it can share those insights through data visualizations which make up reports and dashboards to enable fast informed decisions some of the powerbi features include it can scale across an organization and has built-in governance and security allowing businesses to focus on using data more than managing it it takes company data and lets you to display it in the most userfriendly way possible powerbi offers a wide range of detailed and attractive visualizations as you can see on the image on the right it can access vast volume of data from multiple sources it helps to gather analyze publish and share Excel business data powerbi also enables you to perform realtime stream analytics so that's powerbi finally the last product we'll be talking about is power virtual agents power virtual agents enables anyone to create powerful chat Bots using a guided no code graphical interface without the need for data scientists or developers it minimizes the it effort required to deploy and maintain a custom Solution by empowering subject matter experts to build and maintain their own conversational Solutions some of the power virtual agents features include users can enable chat Bots to perform in action by simply calling a power automate flow flows help users automate activities or call backend systems reduce costs by easily automating common inquiries and freeing human agent time to deal with more complex issues users can utilize existing flows that have been created in their power apps environment improve customer satisfaction by allowing customers to self-help and resolve issues quickly 24/7 using rich personalized B conversations so that's the overview of Power Platform and its Key [Music] Products hey this is Andrew Brown from exam Pro and we'll be talking about what Yammer is and how Yammer helps communities connect and grow yamber is a secure Enterprise social network internal to an organization yamber connects and engages leaders and co-workers from any location to share ideas co-create culture coordinate on strategy and innovate it was designed to help you connect with people across your organization who you might not work with directly Yammer helps facilitate Community collaboration and idea sharing for your organization you can access heab through your browser or install it on your desktop or mobile device yabra supports both internal and external networks to help users communicate and collaborate an internal network is restricted to users inside the organization whereas an external network is open to users outside the organization's domain users and external networks must be invited so now we'll be going over some of the details on how yam helps connect leaders and employees to build communities share knowledge and engage everyone ammer helps facilitate leader engagement it helps align people toward a shared vision and objectives to drive organizational change and it Fosters two-way dialogue between employees and Leaders with a leadership Community yamber modernizes employee communication it helps keep everyone informed and engaged across web and mobile and it shares news and announcements that reach users as interactive discussions in Microsoft teams and Outlook theber helps engage your employees to ensure that every voice within the organization is heard and it provides communities for employees to connect share and build relationships the Amber encourages knowledge sharing so you can share knowledge best practices ideas and feedback across the organization you can also use questions and answers to gain Solutions highlight the best answers and upill replies finally yamber Powers communities in Microsoft 365 you can engage in fully interactive discussions without leaving your outlook inbox and bring the power of communities to SharePoint with the Yammer conversations web part so that's the general overview of Yammer and how it can be used to help communities connect and [Music] grow hey this is Andrew Brown from exampro and we'll be talking about Microsoft Viva and its core employee experience capabilities so Microsoft Viva is an employee experience platform that empowers people and teams to be their best from anywhere the Eva brings together Communications insights Knowledge Learning and resources with within the flow of everyday work and collaboration it's experienced through Microsoft teams and other Microsoft 365 apps that people use every day there are four different modules for viva viva connections which is used to stay engaged and informed Viva insights which helps balance productivity and well-being Viva topics which is used to connect to knowledge and experts and finally Viva learning which helps make learning a natural part of your day [Music] so we'll now be exploring each module in Greater detail starting with Viva connections so Viva connections was created to keep everyone in the workforce connected to each other and you might be wondering well we have so many tools for employee Communications and engagement in Microsoft 3065 like SharePoint Yammer teams and stream why would we need another one well what makes Viva connections unique is that it combines all of these capabilities into a company branded app it's a hub for personalized news Communications tasks people and resources for employees leaders can communicate and engage their employees while employees can access all of the tools and resources they require in one location so Viva connections provides additional functionality through three main components which are listed below first we have the dashboard the dashboard is your employees digital tool set it brings together the tools and resources your employees need enabling quick and easy access whether they are in the office or in the field next is the feed the feed delivers updates to the right people at the right time with powerful targeting and scheduling capabilities and then we have resources the resources experience enables a way to navigate across platforms so that's Viva [Music] connections the next module we'll be talking about is Viva insights so Viva insights provides privacy protected insights and actionable recommendations that help everyone in the organization work smarter and Achieve balance it uses quantitative qualitative data to empower individuals managers and leaders to improve organizational productivity and well-being so Viva insights categorizes their analytical insights based on personal insights manager insights and organizational insights the first one we'll talk about is personal insights as we mentioned before individuals can gain valuable insights to improve work patterns through actionable recommendations from the personaliz Viva insights app and teams for example prepare for the day with a briefing email protect time for focus work and mindfully disconnect after hours so we'll go over some of the benefits it provides personal well-being through this experience you can access this homepage to tap into moments of self-reflection gratitude and breathing breaks stay connected this experience intelligently surfaces prior Communications that might require follow up AI based task suggestions and meeting assistants make it seamless to schedule one one second to catch up with important people in your network protect time this experience makes it easy to schedule Focus time to work on interrupted during the day before it fills up with meetings Daily Briefing the daily briefing email from viva automatically appears in your inbox near the start of the day the email provides recommendations of documents for you to review prior to the day's meetings effective meetings meeting organizers will be able to view personalized insights and suggestions to help improve their meeting habits and feedback for their meetings so the next analytical Insight or manager insights manager insights can help you build a healthy and effective team managers can easily understand current team norms and take action to achieve positive change with the Viva insights tool in teams let's look at the three key features under the my team tab for managers first we have nudges you can use intelligent nudges or reminders help you stay connected with your team it helps you keep up with managerial demands like scheduling one one second in responding to requests and emails and document mentions recognize strengths and accomplishments through S praise to increase engagement and morale next are the reflective insights these are insights that can help influence your team culture this can help ident identify personal work patterns and behaviors that may be impacting team stress and feelings of burnout and Outlook you can gain insights through the briefing and digest emails lastly we have action plans this is where we can create action plans to help develop positive team standards it prioritize team well-being by promoting healthy norms and boundaries like setting shared recurring no meeting days or quiet hours for focused and uninterrupted work next we have Viva insights organizational insights so Viva insights provide organizational views to see senior Business Leaders CEOs business unit leaders and other department heads these experiences show leaders an aggregated view of work and collaboration patterns across their organizations let's look at how the visual insights in the my organization tab can benefit your company organizational resilience it helps enable work life balance Provide one-o-one support connect across boundaries and cohesion within teams Employee Engagement it can promote coaching and development protect employee capacity Drive employee empowerment and cohesion with within teams improve agility it helps organize better meetings and connect across boundaries effective managers this lets us optimize manager meetings protect manager capacity promote coaching and development Empower employees and Foster connectivity operational effectiveness this can free up capacity improve meeting quality keep employees engaged and protect time to get work done transform meeting culture this helps us optimize Meeting hours examine recurring meetings and promote healthy meeting habits so that's the overview of we insights and its analytical capabilities the third module will be talking about is Viva topics Viva topics focuses on knowledge and expertise it uses artificial intelligence to identify knowledge and experts and then organizes them into Shar topics Viva topics helps many businesses in addressing a critical business issue which is providing information to users when they need it for example new employee hires need to learn much new information quickly and in counter terms they know nothing about when reading through company information theat toopics brings knowledge to your users in the Microsoft 365 apps they use every day so AI automatically creates a topic page for each topic the topic page gives you more details including definitions relevant people and resources from across Microsoft 365 and external sources like service now these topic Pages or surfac as topic cards write in apps like office SharePoint and Microsoft teams the topics are displayed to users through topics highlighted on SharePoint Pages topic answers and search results search and office applications topic Center homepage so that's the overview of Viva topics the last module we'll be talking about is Viva learning Viva learning is a centralized Learning Hub in Microsoft teams that allows you to easily integrate learning and building skills into your day in Viva learning your team can discover share recommend and learn from content libraries provided by both your compan and partners via learning Aggregates content from LinkedIn learning Microsoft learn thirdparty training content and internal content of your own all in one place so while providing AI aggregation and recommendations it also allows managers to assign track and report on training within and across multiple teens there are three main views in the Viva learning app home which lets you discover new content trending content and browse learning content libraries by learning which allows you to access your recommendations and assignments as as well as bookmarked recently viewed and completed courses and manage which helps you track the progress of recommendations that you made so that's Viva learning and I know that was quite a bit to take in but we've now covered all of Microsoft Vivas 4 [Music] modules hey this is Andrew Brown from exampro and we'll be talking about SharePoint and how it helps promote collaboration so SharePoint is a cloud-based service that allows companies to share and manage content knowledge and applications in order to improve teamwork you can find information quickly and seamlessly collaborate both inside and outside the company it's a rich collaboration tool for building websites publishing content and storing files some of the features that SharePoint include are building sites and Pages document libraries and lists sharing important visuals news and updates with a team are more broadly you can search and discover sites files people and news from across their organization SharePoint helps manage their business processes with flows forms and lists you can sync and store their files in the cloud so anyone can securely work with them you can catch up on News on the go with the SharePoint mobile app SharePoint also provides three main types of sites team sites or collaboration sites to connect you and your team to share content and resources communication sites are designed to broadcast information to other teams or to an entire organization Hub sites are used to organize families of Team sites and communication sites together so that's SharePoint and all the features it provides to help promote collabor [Music] ation hey this is Andrew Brown from exam Pro and we'll be talking about one drive and its collaboration features so one drive is a Microsoft 365 service that allows users to access share and collaborate files from anywhere one drive allows users to View files in a browser share and search content and sync that content so they can access it offline you can work with others inside or outside your organization and terminate sharing whenever you want one drive also empowers your organization to control secure and retain that content when necessary so let's go over some of the key features of one drive that help promote collaboration users can easily store access and discover individual and shared work files in Microsoft 365 including Microsoft teams from any device one drive provides seamless collaboration with files it helps users work faster and smarter with people inside or outside your organization users can create view edit and share files on the go with the one drive mobile app app one drive provides Enterprise grade security and protection for files enabling you to meet some of the strictest compliance requirements out there you can also easily recover files from accidental deletions or malicious attacks so that's one drive and the key features to promote [Music] collaboration hey this is Andrew Brown from exampro and we'll be talking about Microsoft stream on SharePoint so Microsoft stream is an Enterprise video service where people in your organization can upload View and share videos securely you can share recordings of classes meetings presentations training sessions or other videos that help your teams collaboration so the new version of stream Builds on sharepoint's Rich content management features and uses Microsoft graphs intelligence to enhance videos across Microsoft 365 the earlier version is known as Microsoft stream classic SharePoint Powers file experiences for Microsoft teams one drive Yammer and Outlook it provides intelligent video experiences powered by stream across the suite it also provides management of video that leverages the power of SharePoint content services for permissions sharing compliance governance and customizable portal experiences so that's the general overview of Microsoft stream and how it can be helpful to your team's collaboration next up is Microsoft Outlook a widely used email in calendar app especially popular in professional settings if you've managed emails or scheduled meetings you're like familiar with Outlook Outlook is an email and calendar application that helps you manage your emails schedule meetings and stay organized across all your devices some of the key use cases include business communication Central hub for managing professional emails and meetings personal organization keep track of personal emails events and tasks in one place and team collaboration share calendars and schedule meetings across your organization some of the key features include integrated calendar schedule meetings set reminders ERS and share your calendar easily email management organize your inbox with rules categories and advanced search task management track to do lists deadlines and prioritize tasks within Outlook seamless integration connects with Microsoft 365 apps like teams Word and Excel security protects your emails and data with built-in security features and access anywhere available on desktop web and mobile for connectivity on the go so that's an overview of Microsoft Outlook [Music] hey this is Andrew Brown from exam Pro and we'll be talking about Microsoft inpoint manager also known as me so your organization probably has Android and iOS mobile phones Windows and Mac OS PCS and custom devices that your employees or users bring to work but how can we configure or support all these types of devices especially with your organization well Microsoft 365 provides the tools and services you need to manage all of these devices through Microsoft endpoint manager Microsoft end point manager is a secure and intelligent management solution that improves productivity and collaboration with the familiar experiences users expect it provides it with the flexibility to support diverse scenarios for both bring your own device and corporate owned devices and point manager also helps you solve the challenge of device management in today's mobile and remote work environment so Microsoft and point manager includes the following service and capabilities Microsoft In Tune In Tune is a 100% cloud-based mobile device device management and mobile application management provider for your apps and devices configuration manager configuration manager is an on premises management solution to manage desktops servers and laptops that are on your network or internet based tow management tow management combines your existing on premises configuration manager investment with the cloud using in tune and other Microsoft 365 cloud services desktop analytics desktop analytics is a cloud-based service that integrates with configuration manager Windows autopilot Windows autopilot sets up and preconfigured new devices getting them ready for use Azure ad which stands for Azure active directory Azure a is used by Ino manager for identity of devices users groups and multiactor authentication in point manager admin Center this admin Center is a One-Stop website to create policies and manage your devices these services are part of the Microsoft 365 stack to help secure access protect data and manage risk so that's the overview of Microsoft Ino [Music] manager hey this is Andrew Brown from exam Pro and in the next topic we'll be covering is co- management Co management allows you to manage Windows 10 or later devices using both configuration manager and Microsoft in tune simultaneously enabling you to extend your existing on- premises set up with Cloud powered capabilities like conditional access there are two main paths to reach to co- management existing devices for Windows 10 or later devices already managed by configuration manager set up hybrid Microsoft enter ID and then enroll them into in tune for co- management new devices for new Windows 10 or later devices join them to Microsoft enter ID and automatically enroll them in in tune afterward install the configuration manager client to achieve co-management enrolling configuration manager clients and co-management provides the following immediate benefits in tune based remote actions for example restart remote control or factory reset conditional access with Device compliance centralized visib ility of device health link users devices and apps with Microsoft enter ID modern provisioning with Windows autopilot and remote actions taking a look at the licensing requirements for co-management you'll need Microsoft entri ID P1 or P2 which is included with Enterprise Mobility Plus security subscriptions in addition you will also need an in tune license note that you will need at least one InTune license needed for administrator access to the InTune admin Center so to use co-management you need both the Microsoft enter ID P1 or P2 and an in tune license and that's an overview of co-management the next topic we'll be covering is inpoint analytics endpoint analytics is a Microsoft tool that provides insights into device performance and user experience helping it teams proactively address issues before they impact productivity some of the key benefits include improve user productivity by identifying and fixing device issues reduce it support cost by resolving problems early and gain visibility into end user experience on the impact of changes the prerequisites include devices must be enrolled via InTune or configuration manager requires Windows 10 version 1903 or later and devices must be Microsoft entry joined or hybrid joined for the licensing a valid Microsoft InTune license is required and the InTune service administrator role is needed to start data collection so that's a quick overview of inpoint Analytics [Music] let's dive into endpoint analytics scores endpoint analytics score gives you a clear view of your organization's device health and performance on a scale from 0 to 100 where higher scores indicate better efficiency and fewer issues some of the key components include scores measure device performance lower scores indicate areas needing Improvement baselines compare your scores against the median Baseline of all enrolled organizations insights and recommendations provide actionable steps to improve scores for device and model scores identify underperforming devices or models and filters use filters to focus on specific data uncovering Trends or issues and with these insights you can proactively address potential issues before they impact your users's productivity so that's a brief overview of inpoint analytics scores the next topic we'll be covering is Windows autopilot Windows autopilot is a cloud based technology that simplifies the deployment and configuration of new devices making them ready for productive use with minimal it involvement some of the key features easy deployment preconfigured devices like Windows PCS and Hol lens 2 without reimaging life cycle management streamlines from setup to end of life automation automates setup policies and app installation flexible management works with in tune Windows update for business or configuration manager custom OB tailor out of box exper experience to fit needs Auto enrollment enrolls devices into enter ID and MDM services like in tune and quick reset rapidly reset and repurpose devices and with these capabilities Windows autopilot transforms the device setup process allowing your team to work more efficiently from the start so that's an overview of Windows [Music] autopilot hey this is Andrew Brown from exam Pro and we'll be talking about Azure virtual desktop also known as avd so Azure virtual desktop on Microsoft Azure is a modern and secure desktop and app virtualization service that runs on the cloud Azure virtual desktop works across devices like Windows Mac iOS Android and Linux with apps that you can use to access remote desktops and apps you can use most modern browsers to access Azure virtual desktop hosted experiences Azure virtual desktop is optimized for flexibility with flexible consumption based pricing an example of when Azure virtual desktop might be used as when security is is a concern because all the data is saved on the server and cannot be left on the device of a user so as your virtual desktop has the following capabilities you can set up a multi-session Windows client deployment that delivers a full windows experience with scalability there's seamless integration with Microsoft 365 apps for Enterprise and Microsoft teens it provides reduced costs by using eligible windows or Microsoft 365 licenses to access Windows Virtual desktop and pay only for what you use aure Virtual desktop helps keep your team running during outages by leveraging built-in Azure site recovery and Azure backup Technologies it manages the virtual desktop infrastructure for you so you can focus on users apps and Os images instead of hardware and maintenance it also uses FS logic's profile container technology so that's Azure virtual desktop and the key capabilities it [Music] provides hey this is Andrew Brown from exam Pro and we'll be talking about the deployment and release models for Windows as a service also known as Ys so Windows client is a comprehensive desktop operating system that allows you to work efficiently and securely whereas Windows as a service's Microsoft strategy of deploying updating and servicing the Windows operating system the windows as a service model is designed to make life simpler for both users and it professionals Microsoft Now updates windows on a regular basis rather than launching a new version every 3 to 5 years as it has done with previous versions of the operating system with Windows client there are two release types feature updates and quality updates feature updates are scheduled typically twice a year in March and September they include new functionalities for the operating system quality updates are monthly cumulative updates they contain security patches and other changes to make the operating system more reliable next we'll be talking about servicing channels so servicing channels are the first way to separate users into deployment groups for feature and quality updates there are three servicing channels each Channel each provides different levels of flexibility for when these updates are delivered to client computers the first servicing channel is the windows Insider program which allows businesses to test and provide feedback on features that will be released in the next feuture update these features will be delivered as soon as possible during the development cycle through a process called flighting the general availability Channel provides new functionality with feature update releases annually this model is ideal for pilot deployments testing of feature updates and users such as developers who need to work with the latest features the last servicing channel is the long-term servicing Channel which is designed for specialist devices that don't run office apps like medical equipment or ATMs this channel receives new features every 2 or 3 years so that's the servicing channels now we'll be talking about the deployment rings so deployment rings are a deployment method used to separate devices into a deployment timeline they are changes that are rolled out in phases to specific groups of users or computers Penny risks or development difficulties associated with Windows updates are reduced by this gradual controlled and and tested deployment each ring represents a group of users or devices that receive a particular update together so a common ring structure uses three deployment groups preview is for Planning and Development the purpose of the preview ring is to evaluate the new features of the update limited is for pilot and validation the purpose of the limited ring is to validate the update on representative devices across the network broad is for wide deployment once the devices in The Limited ring have had a sufficient stabilization period it's time for broad deployment across the network so that's Windows as a service and all the deployment and release models that it [Music] hasad and deploy Microsoft 365 apps to your client computers so this method uses the ODT to manage your deployment and the office customization tool to create a cloud-based configuration file that specifies the Microsoft 365 apps that are installed the next method is to deploy from a local source with the office deployment tool with this method you manage your deployment with the ODT and download and deploy office from a local Source on your network the last method is to self-install from the cloud which is probably the easiest one to perform you manage your deployment from the office portal and have your users install office on their client devices directly from the portal so those are the four different methods to deploy Microsoft 365 apps one of the benefits of Microsoft 365 apps is that Microsoft provides new and updated features for office apps regularly Microsoft provides you with something called update channels these allow you to manage how frequently new feature updates are sent to your company here are the three primary update channels for Microsoft 365 apps the first one is current Channel which receives feature updates at least once a month but there's no exact set schedule update this channel also receives security and non-security updates around two or three times a month Microsoft recommends this channel because it provides users with the newest office features as soon as they're ready the next update channel is monthly Enterprise Channel which receives feature updates once a month this monthly update can include feature security and non-security Updates this provides users with new office features once a month on a predictable release schedule and then we have semiannual Enterprise Channel which receives feature updates every 6 months this update can include feature security and non-security Updates this is only for select devices in your company that need extensive testing before rolling out new office features Microsoft also provides each update Channel with two other types of updates that are released on the second Tuesday of every month there are security updates such as updates that help keep office protected from potential malicious attacks and non-security updates also known as quality updates are updates that provide stability or performance improvements for office so that's the Microsoft 365 apps update channels [Music] types hey this is Andrew Brown from exam Pro and we're taking a look at how to deploy Office 365 using the office customization tool the first thing you want to do is to go to Google and search for office deployment tool and you want to go to the link where it says office deployment tool Microsoft 365 It's usually the first one that shows up and click on it once you click on it it'll take you to the Microsoft 365 office deployment tool page where you can download the office deployment tool so you want to click on download and you can save this to any folder you prefer but for this demonstration I'll place it on the desktop okay the next thing you want to do is to go to the URL called config.cfg alternatively you can also access this through your Microsoft 365 admin Center in your all admin Center Page and by navigating to office configuration once you are at the office configuration page you'll want to click on go to office customization tool the next step is to click on create this is where you can customize how you want to deploy your Office 365 for architecture you can choose 32-bit or 64-bit depending on your system settings for this example we'll select 64-bit for the type of office sweet we have a lot of options such as Microsoft 365 apps for Enterprise Microsoft 365 apps for Business Office ltsc Professional Plus 2021 and many more for this example we'll select the Microsoft 365 Apps for business we're not interested in viso so we'll select none for this we're not interested in Project products we'll select none for this and we don't need any additional products for the type of update Channel we'll go with current Channel because it's recommended and it provides users with the newest office features as soon as they are ready we'll select latest for the type of version for the app sections you can select which apps you want to include or exclude we can leave this as the default selections for the languages we'll select English for the primary language we won't be needed any additional language tools or packages for the installation options we can choose from Office content delivery Network local Source or Microsoft and point configuration manger we can leave this as office content delivery Network in the default settings for the update and upgrade options we can also leave these as the default settings for the licensing and activation section we won't need to make any changes here in the general section it's okay to leave this blank it's not mandatory to provide your organization name and description unless your company requests it for the application preferences we don't really need to select anything here either so you can scroll down and click on finish we'll give this configuration file a simple name called configuration after reviewing all of the configuration settings you can click on download you'll need to specify the format you want as the user's default you can keep the current settings choose office open xnl formats or open document format for this example we'll select keep current settings click okay then click on download again save the XML document on the folder you prefer or the same folder where you downloaded the office deployment tool earlier so now on our desktop we have two files the office deployment tool and the configuration xnl file we will need to create a new folder called Microsoft apps for business or you can name it office for short but you'll need to remember this name for the next steps we'll cut and paste the office deployment tool and the office configuration file in the Microsoft apps for business folder we created double click on the office configuration tool file and select the box and click continue select the folder Microsoft apps for business and click okay this will extract all the files to install Microsoft apps for business into the folder the next step is to move the Microsoft apps for business folder into the local C drive then you'll need to open up command prompt as administrator you'll need to run a few simple demands to complete this process some of you should be familiar with these enter in C DC colon back/ Microsoft apps for business or the name of the folder you created this changes directory to the Microsoft apps for business folder then you run setup.exe configur configuration.xml and this should install office or Microsoft app for business based on your configuration file you created this can take a while so you'll need to wait for it to complete downloading and installing after this is done you have successfully installed office on your [Music] computer hey this is Andrew Brown from exam Pro and we'll be talking about the capabilities of the Microsoft 300 65 admin Center and Microsoft 365 user portal so the definition of Microsoft 365 admin Center is very clear it's designed for it professionals and administrators to manage the organization's Microsoft 365 subscription the admin Center allows you to perform a variety of tasks including managing users checking reports and much more the following list describ some of the main tasks that are done in the admin Center manage users by adding deleting or restoring users manage licenses by adding and removing license manage a Microsoft 365 Group by creating a group deleting a group and editing the name or description manage billing view or create service requests manage global settings for apps view activity reports and view service health so that's the general overview of the Microsoft 365 admin [Music] Center next let's talk about the microsof moft 365 user portal so the Microsoft 365 user portal is designed for users to access their email calendar and documents through Microsoft 365 apps like office teams Outlook and more users can sign in with their email account and password through www.office.com only the apps for which the user has a license will be shown the portal allows you to quickly and easily View and edit files that are saved in one drive now let's talk about the reports in the Microsoft 365 admin Center so the Microsoft 365 admin Center has reports that can help gather Insight security and how employees are utilizing Microsoft 365 products and services to access these types of reports you must have administrator permissions to access the admin Center go to admin. microsoft.com and sign in with your admin account the following list describes the two types of reports available in the admin Center first we have the productivity score this typee of report measures the work done in your company to the work done in similar companies it provides metrics insights and recommended actions you can take to help your organization use Microsoft 365 products and services efficiently then we have usage you can view these reports to understand how people in your organization are using the products and services you can go further into each product report to get more detailed insights about the activities within each product so here we have an image of the Microsoft 300 65 admin Center at the report section displaying the productivity score here we can see the organization score which is currently at 1% or three out of 400 points it provides a summary for section of the people's experiences and categories such as communication and meetings it will also provide suggestions to improve in these areas and so on next we'll be talking about reports and other admin [Music] centers so the Microsoft 365 admin Center also gives you access to other admin centers for specific products and services such as exchange teams and more the following list describes some of the other admin centers and the reports available first we have Azure active directory the reports available here provide a comprehensive view of activity in your environment then we have inpoint manager Microsoft in tune reporting allows you to proactively monitor the health and activity of in points across your organization next we have exchange view reports of email flow within your organization and mailbox migration batches created for your organization there's security and compliance view reports about security Trends and track the protection of your identities data devices apps and infrastructure then we have SharePoint the reports available are about data access governance and help you maintain the security and compliance of your data in SharePoint and we also have teams user activity and device usage reports are available so you can gain insights into the Microsoft teams activity in your organization so here we have an image of the Microsoft 365 admin Center at the all admin centers section as we mentioned before we can see that there's a variety of admin centers listed such as Azure active directory Azure ATP compliance end point manager exchange and so on they also provide a brief description on what you can configure and manage so that's Microsoft 365 admin Center and the different types of reports it [Music] provides hey this is Andrew Brown from exam Pro and we'll begin covering the security concepts of micros oft 365 starting with the zero trust methodologies or the zero trust model in particular this is super important because it really lays the foundation of the way we should be thinking about all of the security that we're going to be doing within Microsoft 365 Azure or in any cloud service provider because the zero trust model is really what is being adopted today and we'll talk about why that is so the zero trust model operates on the principles of trust no one and verify everything so nowadays you can potentially encounter malicious actors and they're able to bypass conventional access controls this demonstrates that traditional security measures are no longer sufficient we need to come up with a new way to protect ourselves and so that's where Microsoft has come up with their version of a zero trust model called the Microsoft zero trust model and this is based on three principles and six foundational pillars so in the three principles we have verify explicitly leas privileged access and assume breach for the six foundational pillars we have identities and end points an easier way of thinking about end points is just thinking of them as devices then we have apps data infrastructure and networks and I would say that if you wanted to put an emphasis on anything it's going to be identities because when an identity attempts to access a resource it must be verified with strong authentication and follow least privilege access principles the zero trust model is not unique to Microsoft gcp has its own zero trust model AWS has its own zero trust model but the one here is just going to really work for Microsoft so let's go in more detail on the three principles that in the Microsoft zero trust model the first principle is verify explicitly and so this always authenticates and authorizes based on all the available data points including user identity location device service or workload data classification and anomalies the next principle is least privileged access so you limit user access with just in time and just enough access risk-based adaptive policies and data protection to protect both data and productivity then we have assume breach so we need to minimize blast radius and access should be segmented by Network user device and application we must also verify end to-end encryption and use analytics to gain visibility Drive threat detection and improve security so that's Microsoft's version of the zero trust model and the three guiding [Music] principles hey this is Andrew Brown from exam Pro and we'll be talking about the six foundational pillars for the Microsoft zero trust model in Greater detail starting with the most important one so identity is verified and secures each identity with strong authentication across your entire digital estate for each of these pillars we're going to talk about some of the related Services I'm not going to describe too much of what they do because we're definitely going to be covering the important ones in this course in great detail but I want you to get some exposure so you see all these names over and over again so the first one is identity access and management or I am the next one is azure active directory and this one gets a lot of attention due to all its identity and access management capabilities we have single on multiactor authentication or MFA passwordless authentication which is a subset of MFA risk-based policies and we have identity secure score and you'll see a few different types of secure score like Microsoft secure score and compliance score in this course so it's something that's very useful throughout Microsoft 365 and Azure next we have endpoints and it's easy to think of these as devices because their endpoints are used to gain visibility into devices accessing the network ensuring compliance and health status before GR anting access the endp point is what grants access for this for this we have Azure a d device manager to register our devices with our identity provider generally the controls underneath which is the mobile device management and mobile application management is managed by Microsoft and tune and this service is now actually a part of Microsoft endpoint manager and if we want to get protection around our endpoints then we have Microsoft Defender for endpoint but we have Defender for a lot of features in Microsoft and you'll see that soon enough then you have dlps data loss prevention policies so that we do not lose our data so that it does not get disclosed and we can keep our sensitive data protected so for apps we have discovered Shadow it so ensure appropriate an app permissions gate access based on realtime analytics and monitor control user actions so for this we have policy based access controls we can use the Microsoft Cloud app security Azure ad application proxy ecovery and we have just in time virtual machine access so on to the last three pillars we have data so using intelligence to classify and label data encrypt and restrict access based on organizational policies so we move from perimeter-based data protection to datadriven protection so here we can use sensitivity labels Microsoft information protection data classification Azure information protection scanner so AIP scanner does decision-based policies and data loss prevention policies all of this stuff listed in the data pillar is in the Microsoft 365 compliance Center this is where all this stuff comes into play which we'll see later on next we have infrastructure so use Telemetry to detect attacks and anomalies automatically block and flag risk behaviors and employ at least privilege access principles so here we can use the Azure security Center Azure ad Dem managed identities user and resource segmentation v-ets caring rules privileged identity management network security groups application security groups Azure firewall Microsoft Defender for endpoint Microsoft Defender for identity and Azure Sentinel these last three will will be talking about in Greater detail the last pillar here is Network so Ure devices and users are not trusted just because they're on an internal Network encrypt all internal Communications limit access by policy and employee micr segmentation and real-time threat detection so here we can do Network segmentation Azure DDOS Protection Service Azure firewall Azure web application firewall also known as WF Azure VPN Azure ad proxy Azure Bastion and SSL TLS so that's the zero trust model six foundational pillars and some of the related services that are associated with each [Music] pillar hey this is Andrew Brown from exam Pro and we're taking a look at defense and depth so defense and depth uses a layered approach to security rather than rely on a single perimeter a defense and depth strategy uses a series of mechanisms to slow the advance of an attack there are seven layers of security that Microsoft wants you to know it's kind of similar to the shared responsibility Model A lot of times we see these things when organizations or providers are talking about their security centers like the actual data centers and how they're secured but this is more General it doesn't necessarily have to apply to a data center but let's go and work our way through inside out at the core we have data so access to business and customer data and encryption to protect data then we have application so applications are secure and free of security vulnerabilities then you have compute so access to VMS ports on premises and cl cloud and then Network so limit communication between resources using segmentation and access controls then you have perimeter so distributed denial of service protection to filter large scale attacks before they can cause a denial of service for users identity and access so controlling access to infrastructure and change controls and then you have physical security so limiting access to a data center to only authorized Personnel so the idea is that if you really want to get to the data you've got to go through all the steps here these are all the layers of defense and so I just want to give extra emphasis to Identity and access because this one's the most outer one besides the physical security so they would say something like the modern perimeter is defined based on your identity another thing I want to mention is that even though the perimeter layer says it provides distributed denial of service protection to filter large scale attacks and so on this is actually a bit misleading the DDOS protection standard provides multi-layered protection when deployed with a web application firewall it should protect both at the network layer and at the application layer m emphasizing especially on the network layer so here's an architecture of DDOS protection standard being used you can see that it will always be placed in the network layer so it's applied to the virtual network subnets network security groups and so on a lot of people get it confused with perimeter layer when it should be the network layer so that's defense and [Music] depth hey this is Andrew Brown and we are taking a a look at entra idid formally known as Azure ad you will still see the term Azure ad all over the place and it really describes the product better because it's azure's active directory but for whatever reason they named it to Entre ID and this is Microsoft's cloud-based identity and access management service which helps manage users sign-ins and access to active directory related resources this thing is critical to the Microsoft ecosystem because it's used to log into so many things um so if we're talking about external resources it's used to log into Microsoft Office 365 the Azure portal SAS applications um we have internal resources like apps that you've built for your internal network access to workstations uh on premise so some companies will have a suite of computers and they want to make it so you can sign on in a single click and yeah Entre ID implements single sign on inside the um uh Microsoft portal there is Entre ID it appears both in the Microsoft portal and also the uh Azure portal so it can get a little bit confusing but it is in both places that screenshot is specifically in Azure um let's talk about the additions for Entre ID as it has recently changed so Microsoft Entre ID comes in three editions some people may say four but I look at that fourth one as an add-on and so we have free premium 1 and premium 2 initialized as P1 and P2 uh so each additions include all the features from the previous ones because I'm going to list all the features and I want you to know about those ones that Arrow coming in late there for those versions let's talk about the free one so in the free one you get multiactor authentication single sign on basic security and usage reports user management directory synchronization for P1 you get everything that we just mentioned but now we get hybrid architecture Advanced group access conditional access and includes uh this is included if you have the Microsoft 365 E3 and business premium so you know getting ENT your ID or is very confusing because depending on where you come in in into uh into the Microsoft ecosystem as a customer you might already have some version of H ID or you might have functionality that's already bundled in this conditional access is something that you get for free in other Cloud providers like um uh adabs or or gcp but here you got to pay if you want to use something that is not the standard roles um that uh um Microsoft Is providing or Azure is providing with P2 you get identity protection identity governance um and this is available if you are paying for uh 365 E5 Edition I don't know much at least not in this video uh the difference between E3 and E5 I know we have a course on it so in that one I sound a lot more intelligible but right now I could not tell you the difference U and then there's the quote unquote fourth edition which we call the Entre suite and this adds Advanced security governance and identity verification Solutions and requires a P1 subscription again I don't consider this an addition and more of a bundle of add-ons because there are very specific things that you can add on um uh that uh you can uh uh utilize I'm just trying to think of the product name so things like entra ID governance or entra private access or entra verified ID these became so common that people wanted all of them at a at a a bundled cost and so that's what it is we'll look at that here in a bit but for now we'll move on and let's take a look at use cases for entra ID okay so entra ID can authorize and authenticate to multiple sources um it can authorize and authenticate to your on premise active directory to your web apps it allows users to log in with IDP so identity provider than Facebook or Google uh it can log in to Office 365 Microsoft Azure other micro Microsoft services like Dynamics 365 team SharePoint InTune and thousands of thirdparty sass apps in the Azure Marketplace so just here down the grouping you get you get a much clearer picture and I just want to make call out to the way that you're connecting to them so if you're using ENT ID and uh you have Cloud applications like Office 365 or Azure that's just built in you don't have to do anything additional if you want to connect via Facebook or Google you're using external identities if you if you have your own apps you've built you're using App registrations if you're connecting to your on premise active directory uh um uh database or data store you're going to be using entra connect so remember those three terms we're going to see them more coming up here shortly but just remember those and it'll make life a lot easier okay [Music] ciao hey this is Andrew Brown from exampro and we're taking a look at Cloud identity models so Microsoft 365 uses Azure active directory a cloud-based user identity and authentication Service that's included with your Microsoft 365 subscription to manage identities and authentication for Microsoft 365 it's very important to set up your identity infrastructure properly if you want to manage Microsoft 365 user access and permissions for your company so there are two identity models available in Microsoft 365 the first one is cloudon identity this is where you maintain your organization's identities only in the cloud and the Azure a det tenant for your Microsoft 365 subscription performs the authentication with the cloud identi account the second one is hybrid identity this is where you maintain your on premises active directory domain Services identities and use them for authentication when users access Microsoft 365 cloud services and the Azure a det tenant for your Microsoft 365 subscription handles the authentication process or redirects the user to another identity provider we'll talk more about the two identity models in Greater detail [Music] later hey this is Andrew Brown from exam Pro and we're taking a closer look at the cloudon identity model so a cloudon identity uses user accounts that exist only in azuread it's typically used by small organizations that do not have on premises servers or do not use a DDS to manage local identities both on premises and remote users use their Azure ad user accounts and passwords to access Microsoft 365 cloud services Azure ad authenticates user credentials based on its stored user accounts and passwords in terms of administration you manage Cloud identities with tools such as the Microsoft 365 admin Center and windows Powershell because user accounts are only stored in Azure a and so this is best for organizations that do not have or needed on premises of DDS and their greatest benefit would be that it's simple to use and it requires no extra directory tools or servers so looking at the visual here within your organization you have your on premises users and your remote users and both of them can access Microsoft 365 with azuread using their user accounts all on the cloud so that's the cloud only ident [Music] model hey this is Andrew Brown from exam Pro and we're taking a more in-depth look at the Hybrid identity model so hybrid identity uses accounts that originate in an on- premises of DDS and have a copy in the Azure a dant of a Microsoft 365 subscription any changes that you make to a DDS user accounts are synchronized to their copy in azod except for specific account attributes Azure adconnect provides the ongoing account synchronization so this runs on an on premises server checks for changes in the adds and forwards those changes to azuread Azure adconnect provides the ability to filter which accounts are synchronized and whether to synchronize a hash version of user passwords know as password hash synchronization Azure a d password hash synchronization is the simplest way to enable authentication for on premises directory objects in Azure A continuing up with hybrid identity your on premises a DDS is the authoritative source for account information when you implement hybrid identity the Azure a d tenant has a Cy of the adds accounts both on premises and remote users accessing Microsoft 365 cloud services authenticate against Azure ad so hybrid identity is best for organizations using a DDS or another identity provider and its greatest benefit is that users can use the same credentials when accessing on premises or cloud-based resources so it's very convenient to use looking at the visual here you have your active directory domain Services accounts and you have servers running azurea DC connect to synchronize and copy the accounts to azuread D through through this both on premises and remote users can access Microsoft 365 to utilize all its apps and cloud services so that's the hybrid identity [Music] model hey this is Andrew Brown from exam Pro and we'll be taking a look at multiactor authentication also known as MFA and that's how we'll refer to it throughout the entire course so MFA is a security control that provides an extra level of security where after you fill in your email and password you have to use a second device device such as a phone to confirm that you are the owner of the account to log in MFA protects against people who have stolen your password when you're dealing with the verification method it must be based on something you have with you that isn't easily duplicated such as a phone like we mentioned before it could also be something you uniquely and biologically have such as your fingerprints face or other biometric attribute by default both Microsoft 365 in Office 365 support MFA for user accounts using a text message sent to a phone that requires is the user to type of verification code a phone call and the Microsoft authenticator smartphone app so there are multiple ways you can enable MFA for Microsoft 365 and Office 365 the first one is with security defaults then we have with conditional access policies and for each individual user account which is not recommended MFA is available in all Microsoft 365 plans however if you want to gain features such as security defaults or conditional access policies you'll need to get mic Microsoft 365 business premium or Microsoft 365 E3 there's even Microsoft 365 E5 if you want Azure a identity protection so here is an example where you see my email my password and that is called one factor so I've confirmed my identity like in this one case and then you have the second Factor also known as multifactor that's usually what we call it and in this case we are set a verification code to our phone to confirm and that's going to let us get into the system so that's MFA [Music] hey this is Andrew Brown from exam Pro and we'll be taking a look at conditional access which provides an extra layer of security before allowing authenticated users to access data or other assets so conditional access is implemented through conditional access policies which are a set of rules that specify the conditions under which signin are evaluated and allowed for example you can create a conditional access policy that states if the user account name is a member of a group for users that are The Exchange user password security SharePoint or Global administrator roles require MFA before allowing access this policy allows you to require MFA based on group membership rather than trying to configure individual user accounts for MFA when they're assigned or un assigned from these administrator roles so a conditional access policy analyzes signals signal could be user and location device application realtime risk and we'll go more into detail with all the types of signals in the next slide and the idea is you need to verify re access attempt through Access Control you might have required MFA blocker access and allow access so here is a visual I got from the Microsoft documentation the idea here is you have your signal and you have your user in location application realtime risk and device and here we have to verify every access attempt to meet the conditional access policies that were set to gain access to our apps and data so let's take a closer look at signals signals is metadata associated with an identity attempting to gain access and we'll be going over the full list of signals that are possible conditional access starting with users or group membership so policies Target specific users and groups including admin roles giving admins fine grain control over access then you can have signals that are named location or IP location information so that's a range of ips used when making policy decisions so admins can opt to block or allow traffic from an entire country's IP ranges for devices users with devices of specific platforms or marked with a specific State can be used for applications users attempting to access specific applications can trigger different conditional access policies real time signed risk detection so signals integration with Azure ID identity protection allows conditional access policies to identify sign and behavior and policies can then Force users to perform password changes or multiactor authentication to reduce the risk level or be blocked from access until administrator takes manual action then you have your Cloud apps or Cloud actions so Cloud apps or actions can include or exclude Cloud applications or user actions that will be subject to policy then there's user risks so from customers with access to Identity protection user risks can be evaluated as part of the conditional access policy user risk represents the probability that a given Identity or account is compromised let's talk about common decisions so these Define the access control that Define what level of access based on the signal information and so this is when we were talking about that verifying steps these are those common decisions so we have block access which is the most restrictive decision then you have Grant access and this is the least restrictive decision but still requires one or more of the following options so there's require MFA require device to be marked as compliant require hybrid Azure a djin device require approved Client app and require app protection policy another important thing to know is that you can use conditional access policies with Microsoft 365 business premium Microsoft 365 E3 and E5 and Azure a d premium P1 and Azure a d premium P2 licenses so that's the value of conditional access and how you can use conditional access policies to increase your level of [Music] security hey this is Andrew Brown from exam Pro and we're taking a look at how to enable multiactor authentication for Microsoft 365 users in the Microsoft 365 admin Center there are a couple ways to do this but the easiest way is from the Microsoft 365 admin Center so the first thing you want to do is to go to your app store on your smartphone Android iOS you want to search for Microsoft authenticator and once you found it you just download it and install it onto your phone ready to enable the MFA the next section requires you to go to the Microsoft 365 admin page if you work for a business you may not have access to this so you'll need to get it from your it department or get your it support company to do this for you once you're in the Microsoft 365 admin page you need to navigate to the users and then active users along the top right pane along the top here you'll see a button called multiactor Authentication so you click on that and it will populate the list of users so for this demonstration we'll use the demo user samdu we created earlier so you see here it says the multiactor authentication status is disabled so we select Sam do and we click on enable and click on enable multiactor authentication now the user Sam do is enabled for multiactor authentication but we need to validate this change so you'll need to go to Microsoft 365 login page or Office 365 login page first we'll need to sign in with another account which is samdu I will sign in as the user samdu with the username and password I'm just going to copy and paste these in here let's just see what happens here once we enter the password now because we've enabled it in the back end of Microsoft 365 it's asking us to enable multiactor authentication so it's saying your organization needs more information to keep your account secure so let's click on next so now it's telling us to install Microsoft authentic Ator is the type of MFA there are a few other ways to set this up such as authentication phone or office phone but we're going to use mobile app for this demonstration is we've downloaded Microsoft authentication earlier so we want to receive notifications for verification so we'll click on next the next thing you want to do is go to your phone and open the Microsoft authentication app and the first thing you want to do is to click on the three dots on the top right and click on add account so we click on add account we should select worker school account and then you'll get a little prop saying saying scan QR code so we click on there and all we simply do now is point your phone at the computer screen and it'll scan the QR code just wait a couple of seconds and then it'll list it in your authenticator app so you click on the email address so back onto your screen click on next to proceed so now we'll be able to test this out so on your device it's saying please respond to the notification and it will tell your device to approve this side on so you click on approve and it should be successful the notification has been approved and so you click on next the Microsoft authenticator app has been successfully registered so we click done since it's our first time signing on the user Sam do we'll need to create a new password for the user after that's complete the user should be able to successfully log in and the next time the user attempts to sign in you'll need to approve using the Microsoft authenticator app multiactor authentication method again so that's how you enable multiactor authentication on your Microsoft 365 [Music] user hey this is Andrew Brown from exam Pro and in this section we'll be diving into Microsoft Defender xdr Microsoft Defender xdr is a unified pre and post breach Enterprise defense Suite that natively coordinates responses detection prevention investigation across and points identities email and applications to provide integrated protection against sophisticated attacks Microsoft Defender xdr allows admins to assess threat signals from in points applications email and identities to determine an attack scope and impact it provides detailed Insight on how the threat occurred and what systems were affected which can then take automated action to prevent or stop the attack Microsoft Defender is composed of the following Services Microsoft Defender for identity Microsoft Defender for in point Microsoft Defender for cloud apps Microsoft Defender for Office 365 Microsoft Defender portal and Microsoft secure score by unifying these Services Microsoft Defender xdr enhances your security posture and streamlines threat management across your organization helping you stay ahead of sophisticated cyber threats so that's a brief overview of Microsoft xdr before we begin exploring Microsoft Defender for inpoint we'll need to understand what Microsoft 365 endpoints are so Microsoft 365 in points are a set of destination IP addresses DNS domain names and URLs necessary for Microsoft 365 traffic on the internet to ensure Optimal Performance of Microsoft 365 cloud-based Services these endpoints require specific handling by your client browsers and Edge network devices such as firewalls SSL Brak and inspect tools packet inspection devices and data loss prevention systems and points are grouped into four main service areas exchange online SharePoint online and one drive for business Skype for business online and Microsoft teams and Microsoft 365 Comm and office online now that we understand the importance of Microsoft 365 endpoints in maintaining the performance and security of your cloud services let's explore how Microsoft Defender for inp Point protects these critical assets Microsoft Defender for inpo is an Enterprise in Point Security platform designed to help Enterprise networks prevent detect investigate and respond to Advanced threat Defender for inpoint uses the following combination of Technology built into Windows 10 and Microsoft cloud service endpoint behavioral sensors built into Windows 10 these sensors Gather in process behavioral data from the OS sending it to your secure Cloud instance of Microsoft Defender for inpo cloud security analytics utilizes Big Data machine learning and Microsoft's extensive ecosystem to transform behavioral signals into actionable insights and threat detections threat intelligence powered by Microsoft security teams and Partners this intelligence identifies attacker methods and generates alerts based on observed behaviors so that's an overview of Microsoft Defender for in [Music] point hey this is Andrew Brown from exam Pro and we'll be taking a look at Microsoft Defender for Office 365 so Microsoft Defender for Office 365 protects against Advanced threats by email messages links URLs Microsoft teams SharePoint online one drive for business and other clients and protection is provided via reports threat investigations threat responses and threat protection policies and there's three available subscriptions we have exchang online protection the defender for Office 365 plan 1 and plan two and Office 365 security bills on the core protections offered by EOP so EOP is present in any subscription where exchange online mailboxes can be found so going into more detail here for EOP it's a cloud-based filtering service that protects your organizations against spam malware and other email threats the defender for office P1 provides safe attachment which checks email attachments for malicious content safe links where the links are scanned for each click A Safe Link remains accessible but malicious links are blocked it provides protection for SharePoint one drive and Microsoft teams it identifies and blocks malicious files in team sites and document libraries anti- fishing protection so this detects attempts to impersonate your users and internal or custom the mains realtime detection it's a real-time report that allows you to identify and analyze recent threats the defender for office P2 this includes all of the defender office P1 features so we have threat trackers the latest Intelligence on cyber security issues takes counter measurements before an actual threat we have threat Explorer so realtime reports that allows you to identify and analyze recent threats automated investigation and response also know as air is a set of security playbooks that can be launched automatically start and automatic investigation provide detailed reports recommend actions security teams can approve there's a tax simulator you can run realistic attack scenarios in your organization to identify for vulnerabilities so you can see that P2 is very very good it provides a lot of great features here's a bit more detail on the EOP so once again it's a cloud-based filtering service that protects your organization from spam malware and other email threats here is a graphic displaying how it works in all the processes it undergoes and so the Ops features for anti-malware inbounded anti-spam outbow anti-spam connection filtering anti- fishing anti-spoofing protection zero hour auto Purge for delivered malware spam and fishing messages preset security policies tent allow and block list allow block list for message senders directory based Edge blocking mail flow rules accepted domains message training and more another important thing to know is that Microsoft Defender for Office 365 is included in the Microsoft 365 E5 Office 365 E5 and A5 and Microsoft 365 business premium subscriptions so you can see there's a lot of features and I just couldn't fit them all on the screen but I just wanted to show you how valuable exchange online protection is and this is one of the many advantages it has over Gmail the next component of Microsoft Defender xdr will'll be covering is Microsoft Defender for identity Microsoft Defender for identity is a cloud-based security solution that uses data from your on premises active directory to identify detect and investigate Advanced threats compromise identities and Insider actions targeting your organization with Defender for identity you can detect Advanced attacks in hybrid environments to monitor users entity behavior and activities with learning based analytics protect user identities and credentials stored in active directory identify and investigate suspicious user activities and advanced attacks throughout the kill chain provide clear incident information on a simple timeline for fast triage some key features include monitor user Behavior analyzes user activities across your network to create behavioral baselines and detect anomalies focus on critical threats uses smart analytics and a detailed attack timeline to help you quickly investigate and respond to threats identify Advanced threats detect suspicious activities across the Cyber attack kill chain reconnaissance compromise credentials lateral movements domain dominance reduce attack surface offers insights and best practices to secure identities making it harder for attackers to compromise credentials Microsoft Defender for identity monitors your domain controllers by capturing and parsing Network traffic and leveraging windows events directly from your domain controllers then analyzes the data for attacks and threats utilizing profiling deterministic detection machine learning and behavioral algorithms Defender for identity learns about your network enables detection of anomalies and warns you of suspicious activities so that's an overview of Microsoft Defender for [Music] identity hey this is Andrew Brown from exam Pro and in this section we'll be covering Microsoft Defender portal the Microsoft Defender portal is a unified security platform that centralizes and simplifies threat protection detection investigation and response across your entire organization you can view the security health of your organization via the Microsoft Defender portal some of the key features include incidents and alerts hunting actions and submissions threat analytics secure score and reports going into a bit more detail with the key features unified experience the Microsoft Defender portal centralizes signals from various workloads into a cohesive interface for incidents and alerts investigate security incidents across hybrid identities and points Cloud apps and more hunting create custom detection rules and proactively HUD for threats threat Analytics access Intelligence on emerging threats like active threat actors vulnerabilities and attack techniques integrated reports View and manage reports for your Microsoft 365 environment and role-based access access and permissions are managed based on Microsoft enter Global rules or custom rules so that's an overview of Microsoft Defender portal the next topic we'll be covering is Microsoft Defender for cloud apps Microsoft Defender for cloud apps is a security tool that functions as a cloud access security broker offering comprehensive protection for your Cloud applications by monitoring controlling and securing your organization s app usage and data some of the key features include fundamental CB functionality Shadow at Discovery visibility into Cloud app usage protection against app-based threats and information protection and compliance assessments this diagram illustrates the process of securing your organization SAS applications it starts with discovering all SAS applications in use from there the focus shifts to protecting these applications by SAS security posture management automatically surface misconfigurations and provide recommendations to improve the security posture of connected apps information protection Safeguard sensitive data and prevent governance file violations by ensuring proper data handling and compliance continuous threat protection detect investigate and respond to potential attacks using Microsoft 365 Defender to maintain security continuity and app to app protection discover and remediate risks from thirdparty Integrations to secure inter application communication some other key features that are important to know are Advanced threat protection integrated with Microsoft xdr for comprehensive defense across Advanced attack vectors compliance assessments ensure Cloud app usage meets Regulatory and internal compliance standards policy management create and enforce policies to control appp usage and reduce risks and Cloud app catalog assess and manage the risk of sanctioned and unsanctioned Cloud apps so that's an overview of Microsoft Defender for cloud apps the next topic we'll be covering is Microsoft secure score Microsoft secure score is a representation of your organization's security posture and your opportunity to improve it via Improvement actions Improvement actions are specific actionable steps you can take to enhance your security posture and increase your secure score the higher the score the better your protection organizations can manage and enhance the security of their Microsoft 365 identities apps and devices from a centralized dashboard in the Microsoft Defender portal secure score helps organizations report on the current state of their security posture improve security through discoverability visibility guidance and control compare benchmarks and establish key performance indicators role-based access tailor security data access to specific roles integration Works seamlessly with Microsoft products for full spectrum protection prioritized recommendations focuses on the most critical risks with actionable advice so that's a quick overview of Microsoft secure [Music] score hey this is Andrew Brown from exam Pro and we'll be talking about common threats before we talk about the common threats we need to know what are vulnerabilities so a vulnerability as a whole or a potential weakness in the application which can be a design flaw or an implementation bug that allows an attacker to infiltrate an organization or cause harm to the stakeholders of an application now that leads us to threats a threat in Cloud security is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application attackers will create threats across multiple domains like email identity and points and applications to find a point of leas resistance today's defense Solutions have been designed to protect detect and block threats for domain separately allowing attackers to exploit the seams and threshold differences between Solutions leaving the business vulnerable to attack so now we'll be talking about the most common threats Microsoft wants to focus on credential theft is a type of cyber crime that involves stealing a victim's proof of identity examples of credential theft or mimic cats password spray or breach harvesting malware also known as malicious software is a file or code typically delivered over a network that infects explores steals or condex virtually any Behavior an attacker wants examples of malware are viruses ransomware and edwar fishing attacks use tricks or lures to get a user to reveal credentials or pay money typically by getting them to click a link to a fake website in an email that appears genuine examples of fishing attacks or email fishing and spear fishing infrastructure attacks include in properly secured virtual machines and resources in Azure examples of infrastructure attacks include dos and DDOS attacks so these are the common threats that Microsoft wants you to be familiar with there's definitely more than just four types but these are the main ones that Microsoft wants to focus [Music] on hey this is Andrew Brown from exampro and we'll be taking a look at how Microsoft addresses the most common threats so we'll be talking about Microsoft 365 Defender and how it protects us from potential threats and vulnerabilities this may seem like a review for you but it's great to know nonetheless Microsoft 365 Defender is an integrated cross-domain threat detection and response solution that provides organizations with the ability to prevent detect investigate and remediate sophisticated cross domain attacks within their Microsoft 365 environments it leverages raw signal data from Individual service domains like user identity and points applications email and collaboration tools normalizing the data at the ingestion Point Microsoft 365 Defender requires no specific expertise or customization so Defenders can immediately use the integrated console and combine incident views with Microsoft 3 365 Defender security teams can automatically block attacks and eliminate their persistence to keep them from starting again prioritize incidents for investigation and response Auto heal assets Focus unique expertise on Cross domain hunting Microsoft 365 Defender sweep protects in points with Microsoft Defender for inpoint a unified in point platform for preventative protection post breach detection automated investigation and response email and collaboration with Microsoft Defender for Office 360 5 safeguards your organization against malicious threats posed by email messages links and collaboration tools identities with Microsoft Defender for identity and Azure active directory identity protection uses active directory signals to identify detect and investigate Advanced threats compromised identities and malicious Insider actions directed at your organization applications with Microsoft Defender for cloud apps a comprehensive crosss solution bringing deep visibility strong data controls and enhanced protection to your Cloud apps so these are the main tools and services that Microsoft uses to detect and eliminate any potential threats to your Microsoft 365 [Music] environment hey this is Andrew Brown from exam Pro and we're taking a look at Microsoft Sentinel also known as Azure Sentinel so Microsoft Sentinel is a scalable Cloud native security information and event management so s and security orchestration Automation and response solution s Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the Enterprise providing a single solution for alert and attack detection threat visibility proactive hunting and threat response so here's a big wheel that Microsoft Sentinel likes to use to describe it and what's cool about this offering is it's both a s and aort so you don't have to have two separate Services starting off with collect so collect data at Cloud scale across all users devices applications and infrastructure both on premise and in multiple clouds detect previously undetected threats and minimize false positives using Microsoft's analytics and unparalleled threat intelligence investigate threats with artificial intelligence and hunt for suspicious activities at scale tapping into years of cyber security work at Microsoft respond to incidents rapidly with built-in orchestration and automation of common tasks let's take a look at what Microsoft Sentinel can ingest from other data set sources so we have a number of connectors here such as Microsoft 365 Defender Microsoft 365 sources including Office 365 azuread d Microsoft Defender for identity and Microsoft Defender for cloud apps you can also use common event formats such as CIS log rest API Windows event logs common event format and trusted automated exchange of indicator information also known as taxi so let's take a look at workbooks and so this is a feature of azure monitor but Microsoft Sentinel allows you to create workbooks really easily after you connected your data sources to Microsoft Sentinel you can monitor the data using the Microsoft Sentinel integration with Azure monitor workbooks workbooks provide a flexible canvas for data analysis and the creation of Rich visual reports they allow you to tap into multiple data sources and combine them into unified interactive experiences it tells a story about the performance and availability about your applications and services so here's a graph showing the performance analysis and here's another one showing the application failure analysis but the idea is that these are kind of like living documents where you can visualize and monitor specific metrics and other things about your applications and services Microsoft Sentinel allows you to create custom workbooks across your data and also comes with built-in workbook templates to allow you to quickly gain insights across your data as soon as you connect a data source a couple more points here on workbooks is that they are intended for sock engineers and analysts of all tiers to visualize data sock stands for security operations center if you didn't know while workbooks are best used for highle views of Microsoft Sentinel data and require no coding you cannot integrate workbooks with external data now let's look at the core features of Microsoft Sentinel starting with analytics so Microsoft Sentinel uses analytics to correlate alerts into incidents so over here we can see that we have listed them in incidents or groups of related alerts that together create an actionable possible threat that you can investigate and resolve Microsoft Sentinel also provides machine learning rules to map your network behavior and then look for anomalies across your resources then there's Automation and orchestration so with Sentinel you have Solutions that provide a highly extensible architecture that enables scalable automation as new technologies and threats emerge Sentinel is built on the foundation of azure logic apps so it's a great way of not having to use any code but you can chain things over different services and they have over 200 connectors for services such as Azure functions the connectors allow you to apply any custom logic en code service now jir zenis HTTP requests Microsoft teams slack Windows Defender ATP and Defender for cloud apps so there's a lot to do there for investigations the investigation tools help you to understand the scope and find the root cause of a potential security threat you can choose an entity on the interactive graph to ask interesting questions for a specific entity and drill down into that entity and its connections to get to the root cause of the threat moving on to hunting so Microsoft Sentinels powerful hunting search in query tools is based on the miter framework which is a curated knowledge base that tracks cyber adversary tactics and techniques so this enables you to proactively hunt for security threats across your organiz A's data sources before an alert is triggered after you discover which hunting query provides high value insights into possible attacks you can also create custom detection rules based on your query and surface those insights as alerts to your security incident responders while hunting you can create bookmarks for interesting events enabling you to return to them later share them with others and group them with other correlating events to create a compelling incident for investigation and onto our final section we'll go over the pricing models of Microsoft Sentinel so the first tide is capacity reservations where you are build a fixed fee base on the selected tier enabling a predictable total cost for Microsoft Sentinel and we have pay as you go so you are build per gigabyte for the volume of data ingested for analysis in Microsoft Sentinel and stored in the Azure monitor log analytics workspace so that's Microsoft [Music] Sentinel hey this is Andrew Brown from exam Pro and we'll be talking about Microsoft 365 security reports So within Microsoft 365 you have security reports and these are General Security dashboards about security trends for Microsoft 365 identities device and apps information is organized into cards on the dashboard so you have identities where we'll have users at risk in global admins then you have devices so devices at risk device compliance devices with active malware types of malware on devices malware on devices devices with malware detection and users with malware detections then you have apps which have risk levels and so all of this information can be reorganized or grouped into category or topic so right now we have identities devices and apps for the topics we could have risk detection threads and configuration and health so just to kind of tell you a little bit more here imagine you have a bunch of these cards and they're broken down by all these categories here so you can have a bird's eye view of what's going on one particular report that is interesting to show you is the Office 365 exchange which is a male server so this provides email collaboration reports it gives you Statistics over time if you were to drill down into a particular type of report here you can kind of see things like spoof detections spam detections over time and things like that so that's security [Music] reports hey this is Andrew Brown from exam Pro and we're going through an overview of the Microsoft 365 Defender we'll be taking a look at only the key features here so in general Microsoft 365 Defender helps respond to threats and manage security across your identities data devices apps and infrastructure so starting with the incidents and alert section there is currently no data because this is a new account and no alerts have been recorded typically there would be a list of incidents and alerts it would include the incident name a unique ID number the severity of the threat status and displays a summary of the incident and provides access to tabs with additional information one of the key features of the Microsoft 365 Defender is the secure score so the Microsoft secure score is a representation of your organization's security posture and your opportunity to improve it it's similar to how the Microsoft compliance score is designed here it displays the secure score of 28.7% for the organization and right next to it shows a list of actions to review it also provides a comparison of your organization's secure score to other organizations that is similarly set up or designed to other organizations with their secure score the next thing we want to do is to click on recommended actions this will populate the list of actions to review so on the list of actions to review we can sort them however we want such as according to their rank score impact points achieved status and so on and once you complete the recommended action it will increase your security score based on the score impact of the action as an example we'll select a simple one such as only invited users should be automatically admitted to teams meetings then we'll click on implementation which are the instructions or guide where to go and how to complete the action so this tells us to go to the Microsoft team admin Center and in the meeting policies under the participants and guest section toggle automatically admit people to invited users only so we'll click on Microsoft teams admin Center first thing you'll want to do is to navigate to the on meetings pane then click on meeting policies and then on manage policies click on the add button we'll need to give this policy a name so we'll name it invite users only then we'll need to look for the policy mentioned in the implementation after finding the correct section of participants and guests under the automatically admit people we'll need to toggle and change it to invited users only then click save you can now see that the new policy has been added to the list so that should be completed and you should see the secure score update within 24 hours coming back to the Microsoft secure section there's a tab that displays the history of your Microsoft secure score to see the performance over a period of time if it increases or decreases you can also view metrics and Trends such as comparison Trend regression Trend and risk acceptance Trend that you may be interested in for the report section there is the general section where you can view information about security Trends and track the protection status of your identities data devices apps and infrastructure there's also the email and collaboration reports where you review Microsoft recommended actions to help improve email and collaboration security and many more but we're not going to go through all of them the audit section should be similar to the one in the the Microsoft purview compliance portal so we won't go over too much the last section we'll talk about is the health section and the main thing we want to look at here is service health so here you can view the issues and health status of all services that are available with your current subscriptions you can view info about the history of incidents and advisories that have been resolved and you can track the status of issues reported by people in your organization over the last 30 days so that's a quick overview of the Microsoft 365 Defender [Music] hey this is Andrew Brown from exampro and we're taking a look at Regulatory Compliance so what is compliance it's conforming to a rule such as a specification policy standard or law and Regulatory Compliance is an organization that takes effort to comply with relevant laws policies and regulations so Regulatory Compliance can vary at the following levels so there's Federal such as Canada there state or provincial like Ontario political and economic Union like European union and International Organization so why do we have Regulatory Compliance well governments want a protected citizens data that is collected by companies and organizations we don't want the companies or orgs to mishandle our data or sell our data what are compliance controls well those are internal control mechanisms that need to be in place to detect prevent andc correct compliance issues for example we have public standards and policies documented procedures training monitoring and internal audits so what are some of the measures that regulat compliance can enforce well it allows citizens the right to access their data at any time citizens have the right to correct or delete data if needed it gives us control over the retention periods for the minimum or maximum time data should be stored enabling governments and Regulatory Agencies the right to access and examine data when necessary and defining rules for what data can be processed and how that should be done so that's Regulatory [Music] Compliance hey this is Andrew Brown from Ampro and we're taking a look at compliance Solutions in Microsoft 365 which are collections of integrated capabilities you can use to help you manage end to end compliance scenarios a solution's capabilities and tools might include a combination of policies alerts reports and more the solution catalog is organized into sections that contain information cards for each compliance solution available in your Microsoft 365 subscription each section contains cards for Solutions grouped by compliance area so you can see on the image here there's the information and protection area Insider risk management Discovery response and so on and within them you have the solution cards like communication compliance when you select view for a solution card you'll see detailed information about the compliance solution and how to get started so we're looking at the communication compliance section and this information includes an overview preconfiguration requirements learning resources controls that allow you to pin the C to the navigation Pane and an option to share the solution is a link email or Microsoft teams message to view the Microsoft purview solution catalog go to compliance. microsoft.com and sign in as a global administrator compliance administrator or compliance data administrator select catalog in the navigation paint on the left side of the screen to open the catalog homepage so that's the compliance Solutions in Microsoft [Music] 365 hey this is Andrew Brown from exampro and we'll be talking about the service trust portal so the Microsoft service trust portal provides a variety of content tools and other resources about Microsoft security privacy and compliance practices from the main menu you can access the service trust portal compliance manager trust documents Industries and regions trust Center resources my library and more and we'll briefly go over what each section has to offer in the next slide so the service trust portal provides a quick way to get back to the homepage for the service trust portal compliance manager directs users to compli manager in the Microsoft purview compliance portal to access to compliance manager and other compliance management capabilities in Microsoft 365 we'll talk a bit more about this later on trust documents provides a wealth of security implementation and design information with the goal of making it easier for organizations to meet Regulatory Compliance objectives So within trust documents there are audit reports which provide a list of independent audit and assessment reports on Microsoft's cloud services is displayed data protection contains a wealth of resources such as audit controls white papers FAQs penetration tests risk assessment tools and compliance guides Azure stack contains documents that provide security and compliance Solutions and support tailored to the needs of azure stack customers Industries and regions provides access to compliance information about Microsoft cloud services organized by industry and region you can access the industry Solutions which directs users to the landing page for the financial services industry containing information such as compliance offerings FAQs and success stories and there's Regional Solutions which provide documents on Microsoft cloud services compliance with the laws of various countries regions including Australia Canada Czech Republic Denmark Germany Poland Romania Spain and the United Kingdom trust Center links you to the Microsoft trust Center which provides more information about privacy security and compliance in the Microsoft cloud resources provides links to security and compliance for Office 365 the Microsoft global data centers and FAQs and my library is a feature that lets you save documents so that you can quickly access them on your my library page taking a closer look in audit reports and so audit reports are independent audit reports for Microsoft's cloud services which provide information about compliance with data protection standards and regulatory requirements so you'll get audit reports for International Organization for standardization service organization controls National Institute of Standards and Technology Federal risk and authorization Management program and general data protection regulation so you'll get a list of documents and PDFs that you can download you can open them up and see how Microsoft and Azure are being compliant and just taking a closer look at Regional Solutions in the industries and region section so as we mentioned before Regional Solutions provide documents on Microsoft's compliance policies and regulations for Regions such as Australia Germany UK and many more and so here you can select the regions that are available and in this example it's United Kingdom and here you can look at the GRC assessment reports their description and you can download them for a closer inspection so that's the service trust [Music] portal hey this is Andrew Brown from exampro and we're taking a look at compliance Concepts focusing on data residency and how it helps ensure Regulatory Compliance so as organizations and institutions move their data to service provider clouds with data centers all over the world government agencies and Industry groups have issued regulations to help protect govern the use of data organizations can be accountable for meeting dozens of regulations ranging from personal and financial information to data protection and privacy so when it comes to compliance data residency regulations govern the physical locations where data can be stored as well as how and when it can be transferred processed or accessed internationally these regulations can differ significantly depending on jurisdiction it ensures customers can access diagnostic service generated and support data and can manage access to their own data Microsoft protects customer data from unauthorized access and handles challenges from government requests and other thirdparty orders it provides tools customers can use to restrict protect and encrypt data at rest in transit and in some cases in use it enforces strict policies and practices that Microsoft follows for the retention and deletion of customer data Microsoft also ensures compliance with privacy regulations and standards to help protect the privacy of customer data so here are some important Concepts and terms that relate to data compliance that you may need to know data sovereignty is the concept that data particularly personal data is subject to the laws and regulations of the country region in which it's physically collected held or processed this can complicate compliance because the same piece of data can be collected in one location stored in another and processed in another making it subject to laws from different countries and regions and data privacy is providing notice and being transparent about the collection processing use and sharing of personal data are fundamental principles of privacy laws and regulations personal data means any information relating to an identified or identifiable natural person privacy laws previously referenced Pi or personally identifiable information but the laws have expanded the definition to any data that is directly linked or indirectly linkable back to a person organizations are subject to and must operate consistent with a multitude of laws regulations codes of conduct industry specific standards and compliance standards governing data privacy so those are the compliance [Music] Concepts hey this is Andrew Brown from exam Pro and we're talking about Microsoft pview information protection also known as Microsoft information protection and this is a collection of features within Microsoft purview formerly Microsoft 365 compliance to help you discover classify and protect sensitive information wherever it lives or travels so the idea here is that we have this diagram and we have four specific domains that are information protection capab abilities around our data and so the first is know your data the second is protect your data the third is prevent data loss and the fourth is govern your data so we'll be going over all these sections in the next few slides taking a look at the four domains here for the Microsoft purview information protection these are features found within Microsoft perview so the first is know your data understand your data landscape and identify important data across your hybrid environment so one feature would be sensitive information types this identifies sensitive data by using built or custom regular expressions or a function it provides corroborative evidence includes keywords confidence levels and proximity we have built in sensitive labels and you have custom ones as well so then there's trainable classifiers this identifies sensitive data by using examples of the data you're interested in rather than identifying elements in the item so pattern matching and you can use built-in classifiers or train a classifier with your own content so you have trainable classifiers here for data classification this is a graphical identific ification of items in your organization that have a sensitive label a retention label or have been classified you can also use this information to gain insights into the actions that your users are taking on these items so that's the context Explorer and the activity Explorer the second part is protect your data so apply flexible protection actions that include encryption access restrictions and visual markings say you have sensitivity labels Azure information protection unified labeling client double key encryption Office 365 message encryption service encryption with customer key SharePoint information Rights Management Rights Management connector Azure information protection unified labeling scanner Microsoft Defender for cloud apps and Microsoft information protection SDK most of these you won't need to know but will definitely cover sensitivity labels then we have prevent data loss so this prevents accidental oversharing of sensitive information here you have Microsoft perview data loss prevention and point data loss prevention Microsoft compliance extension there's Chrome extension that does compliance for you so it's built in your browser there's the Microsoft purview data loss prevention on premises scanner and protect sensitive information in Microsoft teams chat and channel messages we'll definitely take a closer look at Microsoft perview data loss prevention later next we have Microsoft perview data life cycle management formerly Microsoft information governance which is a collection of features to govern your data for compliance or regulatory so for Microsoft perview data life cycle management it keeps what you need and deletes what you don't we have retention policies and retention labels inactive mailboxes archive mailboxes import service for pstd files and for Microsoft perview records management it manages high value items for business legal or regulatory recordkeeping requirements you have file plan retention labels for individual items retention policies if needed for Baseline retention and disposition review and proof of disposition so those are the four domains in Microsoft purview information protection govern your data is not technically part of it as it's in the data life cycle and record section but I included It [Music] Anyways hey this is Andrew Brown from exampro and we're taking a look at the data classification capabilities so sensitive information types or classifications or categories of data by sensitivity they are pattern-based classifiers and they have set patterns that can be used to identify them so within the Microsoft perview data classification feature you can get a breakdown of the distribution of sensitive info types so here imagine you have a bunch of documents and you said hey tell me what you found in these documents and there it gives it kind of a breakdown by type these types are identified based on regular expression or a function there are hundreds of built-in information types for example credit card numbers passport or identification numbers bank account numbers Health Service numbers IP addresses Azure storage account keys and driver's license numbers so it's a huge list and so here's a list of some sensitive info types these sens sensitive information types are used in data loss prevention policies sensitivity labels retention labels Insider risk management communication compliance and auto labeling policies generally the first thing you're going to do with your data classification is to get your sensitive information types and you can create your own info types too so if there's something that doesn't meet your needs you'll have to write your own regular expression but you can have whatever you want another feature found in data classification within Microsoft pview or trainable classifiers let's talk talk about what training is and classifiers are so a classifier is a machine learning model that can take records of data and classifier or categorized by applying a label from a predetermined list of categories then you have training and this is the act of teaching a machine learning model how to learn by providing it large amounts of data that is already labeled it uses the labeled data to tell if its predictions are similar to the ones provided So within Microsoft purview it has two kinds of trainable classifiers pre-trained classifiers are ready to use classifiers with five PRT trained classifiers we'll talk about those five in a moment you don't need to provide any data used for training and it meets many General use cases then you have custom tradable classifiers this is when you have your own kind of documents when you have specific business documents but you'll have to provide training data so the five pre-trained classifiers are resumes source code harassment profanity and threat another feature in the data classification within Microsoft perview is content Explorer so this enables administrators to gain visibility into the content that has been summarized in the overview pain hit drills down to find emails or documents that have been labeled based on sensitive information types sensitivity labels or retention labels there are two roles that Grant access to content Explorer you have content Explorer list viewer and content Explorer content viewer so the idea here is you have broad categories on left hand side so you see the three categories sensitive info types sensitivity labels and retention labels and then what you'll do is Click into one and then they'll have specific actual items underneath and you click into one of those and then from there you can go on the right hand pane over here you can go and explore different documents and files to identify that kind of information the other Explorer here is the activity Explorer and this helps discover which file labels were changed and which files were modified so it monitors label activity across exchange SharePoint one drive and endpoint devices a few activity types that can be analyzed are file copy to removable media file copy to network share label applied and label changed and admins can use more than 30 filters for data and including location user sensitivity label and retention label so here is a great visual to help you get the idea so here you have filters so activity location user and the type of sensitivity label and then you can see it says label changed here in light blue and you can see these labels were applied in a darker tone of blue and files copied to the cloud in dark orange so it represents the amount of files or labels according to the visual so it helps you get an idea of what this does hey this is Andrew Brown from exam Pro and we're taking a look at sensitivity labels so sensitivity labels allow you to apply a label to your documents or emails and the most common way is through built- and drop down within Office 365 products so labels are customizable admins can create different categories specific to the organization such as personal public confidential and highly confidential they are clear text because each label is stored in clear text in the contents metadata thirdparty apps and services can read it and then apply their own protective actions if necessary and they're persistent when you apply a sensitivity label to content the label is stored in the email or documents metadata the label follows the content including the protection settings and this data is used to apply and enforce policies so here we have an example for Microsoft Word one for Excel and here's one from Outlook the idea is that you do your business as per usual but you'd have to go ahead and classify that information into a particular sensitivity so sens AC it labeling makes it easy to apply content marketing or encryption content markings would be like watermarks warnings that are applied to the header and footer of a document so notice here you can turn it on and you can say add this watermark with this customized text add this header add this footer I think you can even customize some of the colors but are very limited but it does the job the other one is encryption so apply encryption and specify which users and groups May decrypt and other fine tune permissions so the idea is you would turn the encryption on then you would select the users groups Etc who could do it then they have these broad categories and so this particular one is for email but here you choose which permissions are allowed so are you allowed to view the content can you save the email are you allowed to reply to the email are you allowed to forward the email so it's very fine tune it's not just encryption even though that's what it is so within Microsoft purview under classification you can see the distribution of sensitive labels applied to documents and emails or based on location so this gives you a visual to help you understand where these labels are located on the left hand side shows what sensitivity labels have been applied to the content and then on the right here it shows the location of where sensitivity labels are applied so sensitivity labels can be used to provide protection settings that include encryption and content markings protect content in office apps across different platforms and devices protect content in thirdparty apps and services protect containers extend sensitivity labels to powerbi extend sensitivity labels to assets and Azure extend sensitivity labels to the third party apps and services and classify content without using any protection settings so that's sensitivity [Music] labels hey this is Andrew Brown from exam Pro and we're taking a look at label policies so in order to use sensitivity labels they need to be published alongside a label policy a label policy determin who can use the label and other conditions so the idea here is you can specify which users or groups can use these labels and then here are some of the settings here so notice below users must provide justification to remove a label or lower classification requires users to apply a label to their email or document provides user with a link to a custom help page so label policies enable admins to choose the users and groups that can see labels so labels can be published of specific users distribution groups Microsoft 365 groups and azuread and more apply a default label to all new emails and documents that the specified users and groups create users can always change the default label if they believe the document or email has been mislabeled require justifications for label changes so if a user wants to remove a label or replace it admins can require the user to provide a valid justification to complete the action the user will be prompted to provide an explanation for why the label should be changed require users to apply a label so mandatory labeling ensures a label is applied before users can save their documents send emails or create new sites or groups and we have link users to custom help Pages it helps users to understand what the labels mean and how they should be used so those are the sensitivity label [Music] policies hey this is Andrew Brown from exampro and we're taking a look at retention policies and labels so retention labels and policies help organizations to manage and govern information by ensuring content is kept only for a required time and then permanently deleted applying retention labels and assigning retention policies helps organizations comply proactively with industry regulations and internal policies that require content to be kept for a minimum time reduce risk when there's litigation or a security breach by permanently deleting old content that the organization is no longer required to keep and it ensures users work only with content that's current and relevant to them when content has retention settings assigned to it that content remains in its original location so retention settings work with the following different workloads SharePoint in one drive Microsoft teams yber and exchange so retention labels ensures data is held for a specific duration to meet a Regulatory Compliance or industry best practices they are used to assign retention settings at an item level such as a folder document or email an email or document can have only a single retention label assigned to it at a time so here you see the retention labels applied to the witch content retention policies are used to assign the same retention settings to content at a site level or mailbox level a single policy can be applied to multiple locations or to specific locations or users items inherit the retention settings from their container specif if IED in the retention policy and here you can see the locations where the retention labels are applied so this is similar to how the sensitivity labels [Music] work hey this is Andrew Brown from exam Pro and we're talking about records management so what is records management it's an organization's process of managing an organization's information throughout its life cycle record management helps organization meeting Regulatory Compliance or legal requirements so a life cycle of a record would look something like this it begins with identifying then classifying storing securing retrieving tracking destroying and ends with preserving a record represents labeled information or content and its life cycle will be managed so Microsoft perview records management includes many features including labeling content as a record migrating and managing retention plans with file plan manager establishing retention and deletion policies within the record label triggering event-based retention reviewing and valid Val ating disposition proof of Records deletion exporting information about disposed items and setting specific permissions for record manager functions in the organization label content applies the following controls restrictions are put in place to block certain activities activities are logged and proof of disposition is kept at the end of the retention period so that's records [Music] management hey this is Andrew Brown from exam Pro and we're taking a look at data loss preven mention so organizations need to prevent data loss by detecting risky behavior and preventing the improper sharing of sensitive information Microsoft purview data loss prevention so DLP is a way to protect sensitive information and prevent its unintentional disclosure with DLP policies admins can identify Monitor and automatically protect sensitive information across Microsoft 365 including one drive for business SharePoint online Microsoft teams and exchange online help users learn how compliance Works without interrupting their workflow admins can also view DLP reports showing content that matches the organization's DLP policies so DP policies are composed of conditions that the content must match before the rule is enforced actions that the admin wants the rule to take automatically when content that matches the conditions has been found and locations where the policy will be applied so a policy can contain what or more rules and each rule consists of conditions and actions at a minimum for each rule when the conditions are met the actions are taken automatically rules can be grouped into one policy to help simplify management and Reporting so here's a diagram that shows how multiple rules each with their own conditions and actions are grouped into a single policy so we have multiple rules here rule one rule two Rule n Etc and each of them have their own conditions and actions and it's all grouped into a single policy moving on to in point data loss prevention so this extends the activity monitoring and protection capabilities of DLP to sensitive items that are physically stored on window Windows 10 Windows 11 and Mac OS devices and point DLP enables admins to audit and manage activities that users complete on sensitive content so DLP capabilities have been extended to Microsoft teams chat and channel messages including messages in private channels and with DLP administrators can now Define policies that prevent users from sharing sensitive information in a team's chat session or Channel whether it's in a message or a file so that's DLP [Music] hey this is Andrew Brown from exampro and we're taking a look at Microsoft purview compliance portal also known as Microsoft 365 compliance Center so this provides easy access to the data and tools you need to manage to your organization's compliance needs to access the compliance portal you will need to have the following roles Global administrator compliance administrator or compliance data administrator some of the key features of compliance portal include compliance score audits activity alerts solution catalog data classification ecovery Insider risk management and Records management you can access the compliance portal at compliance. microsoft.com so the default compliance portal homepage contains several cards including the compliance manager card so this card leads you to the Microsoft perview compliance manager solution the solution catalog cards include information protection and governance these Solutions help organizations classify protect and retain your data where it lives and wherever it goes examples include data life cycle management and data loss prevention then we have privacy this helps you build a more privacy resilient workplace we have Insider risk management these Solutions help organizations identify analyze and remediate internal risks before they cause harm examples include communication compliance and Insider risk management and we have Discovery and respond so these Solutions help organizations quickly find investigate and respond with relevant data some examples are audit and ecovery we briefly mentioned the Solutions catalog before but it's great to reinforce that knowledge and we have the active alerts card which includes a summary of the most active alerts and a link where atmin can view more detailed information such as alert severity status category and more so that's the Microsoft purview compliance [Music] portal hey this is Andrew Brown from exam Pro and we're taking a look at Microsoft perview compliance manager which is a feature in the Microsoft perview compliance portal that helps admins to manage an organization's compliance requirements compliance manager helps simplify compliance and reduce Risk by providing prebuilt assessments based on common Regional and Industry regulations and standards including custom assessments to meet compliance needs unique to specific organizations workflow capabilities that enable admins to efficiently complete risk assessments for the organization it provides step-by-step Improvement actions that admins can take to help meet regulations and standards relevant to the organization and it provides a compliance score which is a calculation that helps an organization understand its overall compliance posture by measuring how it's progressing with Improvement actions so here you can see the important sections like Improvement actions Solutions assessments assessment templates and your compliance score which is currently at 69% and we'll talk more about the compliance score later so the compliance manager has four key elements that you should have a basic understanding of controls assessments templates and Improvement actions the first is control so a control is a require requirement of a regulation standard or policy it defines how to access and manage system configuration organizational process and people responsible for meeting a specific requirement of Regulation standard or policy so compliance manager tracks the following types of controls Microsoft managed controls these are controls for Microsoft cloud services which Microsoft is responsible for implementing there are your controls also know as customer managed controls these are implemented and managed by the organization and share controls so this is the responsibility for implementing these controls as shared by the organization and Microsoft so the next key element are templates and templates help admins to quickly create assessments they can modify these templates to create an assessment optimized for their needs and the next one is Improvement actions this helps centralize compliance activities each Improvement action provides recommended guidance that's intended to help organizations to align with data protection regulations and standards the last key element are assessments so an assessment is a grouping of controls from a specific regulation standard or policy completing the actions within an assessment helps to meet the requirements of a standard regulation or law clicking into an assessment will give you a detailed list of actionable controls as you can see in this image so compliance manager provides many benefits including translating complicated regulations standards company policies or other control Frameworks into a simple language providing access to a large variety of out-of-the-box Assessments and custom assessments to help organizations with their unique compliance needs mapping regulatory controls against recommended Improvement actions providing step-by-step guidance on how to implement the solutions to meet regulatory requirements and helping admins and users to prioritize actions that will have the highest impact on their organizational compliance by associating a score with each action so that's compliance [Music] manager hey this is Andrew Brown from exam Pro and we're taking a look at compliance score so compliance score measures progress in completing recommended Improvement actions within controls the score helps organization to understand its current compliance posture it also helps organizations to prioritize actions based on their potential to reduce risk admins can get a breakdown of the compliance score in the compliance manager overview pain so here's a visual showing the compliance score breakdown and these are divided into categories such as protect information control access govern information and manage devices so the overall compliance score is calculated using scores that are assigned to actions actions come in two types the first is your improved actions which are actions that the organization is expected to manage and the second are Microsoft actions and these are actions that Microsoft manages for the organization so actions are categorized as mandatory discretionary preventative detective or corrective the first is mandatory so these are actions that shouldn't be bypassed and we have discretionary these actions depend on the user's understanding and adhering to a policy we'll talk about the other three actions in the next slide since they're in a subcategory so organizations accumulate points for every action completed and the compliance score is shown as a percentage representing all the actions completed the visual here shows us the list of improvement actions and for each one that's completed you can gain points which would increase your overall compliance score so for this example you're seeing plus 27 points for all the Improvement actions you've completed so back to the type of actions the following are subcategories of actions that can be classified as mandator or discretionary so preventative actions are designed to handle specific risks like using encryption to protect data at rest if there were breaches or attacks we have detective actions and these actively monitor systems to identify irregularities that could represent risks or that can be used to detect breaches or intrusions and there's corrective actions so these help admins to minimize the adverse effects of security incidents by undertaking corrective measures to reduce their immediate effect or possibly even reverse damage so that's compliance score and its benefits towards an [Music] organization hey this is Andrew Brown from exam Pro and we're taking a look at the Microsoft purview Insider risk management which is a solution that helps minimize internal risks by enabling an organization to detect investigate and act on risky and malicious activities So within an organization a broad range of internal risks could occur from unethical behavior and actions by employees and managers some of these examples include leaks of sensitive data and data spillage confid dentiality violations intellectual property theft fraud insider trading and Regulatory Compliance violations so The Insider risk management is centered around four principles the first one is transparency so balance user privacy versus organization risk with privacy by Design architecture the second one is configurable so configurable policies based on industry geographical and business groups the third one is integrated so there's integrated workflow across Microsoft perview Solutions and actionable so it provides insights to enable user notifications data investigations and user investigations so Insider risk management in Microsoft purview uses the following workflow to identify and resolve internal risk activities and compliance issues the first is policies so these are created using predefined templates and policy conditions that Define what risk indicators are examined in Microsoft 365 feature areas next we have alerts so alerts are automatically generated by risk indicators that match policy conditions and are displayed in the alerts dashboard this dashboard enables a quick view of all alerts needing review open alerts over time and alert statistics for the organization then we have triage which are new activities that need investigation automatically generate alerts that are assigned a needs review status we have investigat so cases are created for alerts that require deeper review and investigation of the details and circumstances around the policy match and the last one is action so reviewers can immediately act to resolve issues after they've been investigated or they can collaborate with other risk stakeholders in the organization actions can be as simple as sending a notification when employees accidentally violate policy conditions in more serious cases reviewers may need to share The Insider riskmanagement case information with other reviewers in the organization so that's The Insider riskmanagement solutions to protect against internal [Music] threats hey this is Andrew Brown from exam Pro and we're taking a look at ecovery which is a service found within Microsoft purview so e Discovery stands for electronic Discovery and this is the process of identifying and delivering electronic information that can be used as evidence in legal cases so you can use ecovery tools in Microsoft 365 to search for content and exchange online mailboxes Microsoft 365 groups Microsoft teams SharePoint online one drive for business sites Skype for business conversations and yber teams so Microsoft perview provides us with three Discovery Solutions the first one is content search which lets you run a search across content the second one is ecovery standard also known as core Discovery is a workflow to search and Export content and the last one is ecovery premium also known as advanced ecovery is an endtoend workflow to preserve collect review analyze and Export content for internal or external investigation and we'll talk more about these three solutions in the next slides so eisc Discovery standard in Microsoft 365 provides a basic ecovery tool that organizations can use to search and export content in Microsoft 365 and Office 365 you can use eisc Discovery standard to place an eisc Discovery hold on content locations such as exchange mailboxes SharePoint sites one drive accounts and Microsoft teams nothing is needed to deploy ecovery standard but there are some prerequisite tasks that an IT admin and ecovery manager have to complete before your organization can start using ecovery standard to search export and preserve content so those requirements would be things like the initial setup you'll need to verify and asside appropriate licenses assign ecovery permissions and create a Core ecovery case and from there you can use the create an Eis Discovery hold feature search for content and Export and download search results so let's take a closer look here at content search to perform a Content search you can create a new search specify the locations and provide the keywords and conditions keep in mind that if you leave the keywords blank it will return all items with the conditions so I just want you to notice a few things here in the visuals here you can create a new search and you can search by ID list here we have our location that we can turn on or off so we have exchange Point SharePoint and exchange you could also search within a hold so you have your keywords here you can leave that blank and they have a long list of conditions that you can choose from here moving on to ecovery holds so a hold preserves content that might be relevant to a specific ecovery case you can place a hold in basically the same locations we've mentioned before so exchange mailboxes one drive for business micro Microsoft teams Office 365 groups and yamber groups the content is preserved until you remove the content location from the holder until you delete the hold and after you create an ecovery hold it may take up to 24 hours for the hold to take effect taking a look at ecovery premium formally Advanced ecovery so ecovery premium workflow Builds on the existing ecovery standard workflow it is an end-to-end workflow to preserve collect review analyze and Export content that's relevant to your organization's internal and external invest tigations it also lets legal teams manage the entire legal hold notification workflow to communicate with custodians involved in a case so the built-in workflow of ecovery Premium aligns with the electronic Discovery reference model edrm which is a framework that outlines standards for recovery and discovery of Digital Data so the workflow would essentially look something like this add custodians to a case search custodial data sources for data relevant to the case add data to a review set review and analyze data in a review set and Export and download case data so that's e Discovery and its types of solutions and [Music] capabilities hey this is Andrew Brown from exampro and we're taking a look at Microsoft purview auditing Solutions so what is an audit it's the investigating of a security events forensic investigations internal investigations and compliance obligations and audit would involve capturing recording and retaining a unified audit log so Microsoft 365 has two auditing Solutions the first one is audit standard formerly known as basic audit and this is enabled by default it provides thousands of searchable audit events it has a 90-day audit record retention you can export audit records to a CSV file you can use the audit Search tool in the Microsoft compliance portal it provides access to audit logs via Office 365 management activity API you can also use it in Powershell with the search Unified audit log commandlet the second auditing solution is audit premium Formerly Known is Advanced audit so this includes all of the audit standard features but it provides audit log retention policies it has longer retention of audit records it has high value and crucial events and has higher bandwidth to The Office 365 management activity API so those are the Microsoft purview auditing Solutions you'll need to [Music] know hey this is Andrew Brown from exampro and we're taking a look at Microsoft priva and privacy risk management so organ G ations must adopt a privacy by default policy to meet regulatory requirements and build customer trust Microsoft priva helps you achieve your privacy goals by addressing issues like helping employees adopt sound data handling practices and training them to spot and fix issues understanding the potential risks in the amount and type of personal data they store and share and fulfilling data subject requests or subject rights requests efficiently and on time priva capabilities are available through two solutions first we have priva privacy risk management which provides provides visibility into your organization's data and policy templates for reducing risks we'll talk more about this in the next slide and there's previous subject wrs requests which provides Automation and workflow tools for fulfilling data requests so Microsoft priva helps you understand the data your organization stores by automating discovery of personal data assets and providing visualizations of essential information the overview dashboard provides an overall view into your organization's data in Microsoft 365 privacy administrators can monitor Trends and activ ities identify and investigate potential risks involving personal data and springboard into Key activities like policy management or subject rights request actions the data profile page in pra provides a snapshot view of the personal data your organization stores in Microsoft 365 and where it lives it also gives insight into the types of data you store pre evaluates your organization's data stored in the following Microsoft 365 Services exchange online SharePoint online one drive for business and Microsoft teams privacy risk management policies are meant to be internal guides and can help you detect overexpose personal data so that users can secure it spot and limit transfers of personal data across departments or Regional borders and help users identify and reduce the amount of unused personal data that you store so that's Microsoft priva and the Privacy risk management [Music] Concepts hey this is Andrew Brown from exampro and we're taking a look at Microsoft's privacy principles so Microsoft's approach to privacy is built on the following six principles the first one is control so Microsoft States we will put you in control of your privacy with easy to use tools and Clear Choices the second is transparency so we will be transparent about data collection and use so you can make informed decisions the third is security we will protect the data you entrust to us through strong security and encryption the next one is strong legal protections we will respect your local privacy laws and fight for legal protection of your privacy as a fundamental human right the fifth principle is no content-based targeting we will not use your email chat files or other personal content that Target adds to you and the last principle is benefits to you Microsoft States when we do collect data we will use it to benefit you and to make your experiences better so those are Microsoft six privacy principles briefly [Music] summarized hey this is Andrew Brown from exam Pro and we're going to take a look at an overview of Microsoft purview we'll be going through the main components of the Microsoft purview that you'll see on the exam you can reach the Microsoft purview compliance portal at compliance. microsoft.com or alternatively you can find it at the all admin Center Page in the Microsoft 365 admin Center under the name compliance so in general the Microsoft purview compliance portal is for managing compliance needs using Integrated Solutions to help protect sensitive info manage data life cycles reduce Insider risks Safeguard personal data and more one of the key components of the Microsoft purview is the a compliance manager the compliance manager has a feature called compliance score which measures your progress in completing recommended actions that help reduce risks Sur around data protection and Regulatory standards Microsoft pview calculates your compliance score based on your organization decide the compliance score the system tells you the key Improvement actions you can complete to improve the compliance score let's click into it so here we see a list of improvement actions that grant us points that improve our compliance score you can filter out the regulations solution groups categories and more to find the Improvement action you're interested in for example we can click on enable self-service password reset so here Microsoft recommends that your organization enable self-service password reset to allow users who have either forgotten their password or whose account has been locked out as a result of malicious attempts so we'll click on assign action we'll select a user and assign the action to that user next you'll need to click on launch now now we're at the Azure active directory admin Center password reset page so we'll click on all to enable self-service password reset and save the changes to take effect the process of calculating and updating the points and compliance score may take up to 24 hours so in the data classification section the key things here would be sensitivity labels these let you classify and protect your organization's data while making sure that user productivity and their ability to collaborate is in hindered the next thing we'll look at are reports and here you can view status and trends for the compliance of your Microsoft 365 devices data identities apps and infrastructure the next thing we'll look at is the solution catalog so here you can discover learn about and start using the intelligent compliance and Risk Management Solutions available to your organization the solution catalog is categorized into cards and further divided into subcategories based on your needs for example we have information protection and governance then there are four other subcategories such as data life cycle management data loss prevention information protection and Records management there are a few more listed below like privacy Insider risk management and Discovery and response another important component of Microsoft purview is audit and audit can be used when you need to find out if a user deleted a document or if an admin resets someone's password you can search The Office 365 audit log to find out what the users and admins in your organization have been doing you'll be able to find activity related to email groups documents permissions directory services and much more now next we have Microsoft purview ediscovery and Microsoft purview provides a basic ecovery tool that organizations can use to search and Export content in Microsoft 365 and Office 365 you can also use eisc Discovery to place an ecovery hold on content locations such as exchange mailboxes SharePoint sites one drive accounts and Microsoft teams there are three types of ecovery standard premium and user data search next we have information protection you can Implement capabilities from Microsoft pview information protection to help you discover classify and protect sensitive information wherever it lives or travels then we have Insider risk management so this helps address risks in the modern workplace you can detect risky activity like sensitive data leaks and theft security policy violations and health record access get insights into potential Insider risks Insider risk analytics helps quickly identify potential risks in your org and recommends policies to address them collaborate on investigations seamless workflows allow teams across your or to work together on reviewing and taking action on potential risks built with privacy in mind protect users privacy by pseudonymizing their names across all Insider risk features so those are some of the key important components of Microsoft [Music] purview hey this is Andrew Brown from exampro and we're taking a look at the pricing models for Microsoft cloud services starting with Cloud solution provider abbreviated as CSP so the CSP Program help you be more involved in your customers businesses Beyond reselling licenses and may include the following benefits deeper customer engagements so you can meet with customers on a regular basis to gain a better understanding of their business and demands you can get increased profits so increasing your support in Building Services whether directly or through a third party source and opens up new revenue streams the CSP program adds value you'll be able to offer customers industry specific Solutions bundled with Microsoft products and it provides managed services so so you'll be well positioned to meet customer demand for managed Services the CSP program provides a pay as you go subscription model with per user per month pricing that enables your business to scale up or down from month to month as your needs change so there are two models in the CSP program there's the indirect model and the direct Bill model for the indirect model you may consider this model if you want to provide more services to your customers but need some infrastructure support for services like billing the indirect model is a two-tier selling approach through indirect providers and indirect resellers indirect providers offer billing customer service and technical support during the sales cycle and post deal closing they handle a lot of the beend processes enabling the indirect reseller to focus on finding and closing deals indirect providers typically are large well-vetted companies in the indirect model your organization would likely be an indirect reseller so indirect resellers are responsible for finding customers and selling and due to the support from indirect providers you can focus on selling and growing your customer base looking at the direct model so you may consider the CSP direct model if your business already has or is intending to develop appropriate sales billing and support infrastructure in the direct model Partners buy Microsoft products and subscriptions directly from Microsoft and sell them to their clients through their own sales staff you should meet the following prerequisites you'll require an active Microsoft partner network ID for the location you're enrolling in you should have an existing customer support infrastructure you'll require an existing customer billing infrastructure and you'll need fun funds to invest in technical integration and support Readiness so that's the Cloud solution provider program and the two models offered indirect model and direct Bill [Music] model hey this is Andrew Brown from exampro and we're taking a look at another pricing model for Microsoft cloud services called Enterprise agreement so the Microsoft Enterprise agreement is designed for businesses looking to license software and cloud services for at least 3 years it provides built-in savings ranging from 15% to 45% and the Enterprise agreement offers the best value to organizations with 500 or more users or devices so it's really cost-effective for more larger sized organizations some of the benefits of Enterprise agreement include it's manageable so it gives you the flexibility to buy cloud services and software licenses under a single organization-wide agreement you can choose from Microsoft cloud services on premises software or a mix of both and migrate on your own terms the software Assurance provides your company with 24 4 by7 technical support planning services and user and Technical Training and Innovative Technologies and you can manage licensing throughout the life of your agreement with the help of a Microsoft certified partner or a Microsoft representative so that's the Microsoft Enterprise [Music] agreement hey this is Andrew Brown from exam Pro and we're taking a look at the billing and billing management options in Microsoft 365 so a billing account is created when you sign up to try by Microsoft products account settings invoices payment methods and purchases are all managed through your billing account so these are the current types of billing accounts available in the Microsoft 365 admin Center the first one is the Microsoft online services program so this billing account is created when you sign up for a Microsoft 365 subscription directly the second one is the Microsoft products and services agreement program and this Billy account is created when your organization signs an npsa volume licensing agreement to purchase softare Ware and online services and the third one is the Microsoft customer agreement so this billing account is created when your organization works with a Microsoft representative and authorized partner or purchases independently moving on to the Bill management section so Microsoft 365 billing is managed from the Microsoft 365 admin Center you can manage subscriptions view billing statements update payment methods change your billing frequency and more in the admin Center the following describes what can be reviewed and modified in the Microsoft 365 admin Center so you can upgrade renew reactivate or cancel subscriptions view the number of purchase licenses and how many of those licenses are assigned to individual users for each service view a bill invoice and P billing statements you can modify payment methods like updating deleting replacing and adding other types of payment modify your billing frequency to monthly or annual billing you can buy and manage other services or features So based on your Microsoft 365 subscription you you can add on things like Microsoft Defender for Office 365 Microsoft teams calling plan and more you can also manage your billing notification emails and invoice attachments like the list of email accounts of who should receive automated billing notifications so that's the billing and Bill management options for Microsoft [Music] 365 hey this is Andrew Brown from exam Pro and we're taking a look at billing profiles in Microsoft 365 so a billing profile contains a payment method built to information and other invoice settings such as purchase order number and email invoice preference you use a billing profile to pay for the products that you buy from Microsoft a billing profile is automatically created when a user makes a self-service purchase and each billing profile is invoiced separately so here's a table listing all of the billing profile roles and describing what they do roles on billing profiles have permissions to control purchases and you can view and manage invoices so you would assign these roles to users who track organize and pay invoices for example you can assign certain members of your Finance team the role of a billing profile contributor the first role we have is billing profile owner so you can manage everything for a billing profile the second role is billing profile contributor so you can manage everything except permissions in a billing profile the third role is billing profile reader with this role you can read only view of everything in a billing profile and the last role is invoice manager this role lets you view and pay bills and has a readon view of everything in a billing profile so those are the billing profiles in Microsoft 365 hey this is Andrew Brown from exampro and we're taking a look at the Microsoft 365 subscription plans Microsoft 365 has a lot of different subscription plans to Target the right people or organization of any size and within the subscription plans there may be different tier levels so it can be a lot to take in but we'll provide a brief overview of them so the following list describes the subscription Plans offered we have Microsoft 365 for home and this consists of Microsoft 365 personal and Microsoft 365 family personal is for a single person with multiple devices and family is for up to six people we have Microsoft 365 education and this is for educational institutions it has two subscription plans for faculty and students that include different features A1 A3 and A5 Microsoft 365 government is for government institutions and it has two subscription PL that include different features G1 G3 and G5 Microsoft 365 business is for small to mediumsized organizations that have up to 300 employees it has four subscription tiers that include different features Apps for business business basic business standard and business premium Microsoft 365 for Frontline workers is designed to empower Frontline workers and optimize Frontline impact it has three subscription tiers that include different features F1 F3 and F5 and we have have Microsoft 365 Enterprise so this is for Enterprise sized organizations and has four subscription tiers that include different features apps for Enterprise E3 E5 and F3 your organization can also choose from three Office 365 subscription tiers E1 E3 and E5 so those are the Microsoft 365 subscription plans currently available and we'll go over some of the important ones in Greater detail in the next sections hey this is Andrew Brown from exampro and we're taking a closer look at Microsoft 365 for business which is designed for small and mediumsized organizations it offers the full set of Office 365 productivity tools and includes security and device management features however it doesn't include some of the more advanced information protection compliance or analytics tools available to Enterprise subscribers it's typically designed for organizations that need up to 300 licenses and as we mentioned before there's four available for Microsoft 365 for business so we have apps for business business basic business standard and business premium so looking at a general overview of what each plan has to offer starting off with the lowest cost plan we have Microsoft 365 business basic Microsoft 365 business basic provides essential tools like identity management custom business email 1 tab cloud storage and web mobile versions of office apps includes core Services word excel PowerPoint te Outlook Exchange one drive and SharePoint Microsoft 365 business standard includes everything in business basic plus desktop office apps webinar hosting and collaborative tools he apps word excel PowerPoint Outlook teams exchange one drive SharePoint clipchamp and Microsoft Loop Microsoft 365 business premium comprehensive plan with all features of business standard plus Advanced security and management tools additional Services Microsoft Defender Microsoft enter ID in tune and Microsoft perview Microsoft 365 Apps for business offers desktop versions of office apps with premium features and one tbte cloud storage but lacks custom business email includes key apps word excel PowerPoint Outlook and one drive so that's all the Microsoft 365 for business subscriptions available and the key features each of them [Music] include hey this is Andrew Brown from exam Pro and we're taking a closer look at Microsoft 365 Enterprise subscription plans and these plans provide Enterprise class services to organizations that want a productivity solution that includes robust threat Protection security compliance and analytics features like we briefly mentioned before there are three available plans for Microsoft 365 Enterprise there's E3 E5 and F3 which is forly F1 so E3 includes core productivity tools with essential security and compliance it's ideal for most organizations the E5 plan is the most expensive plan and it includes all the same features as E3 but it also includes the latest Advanced threat Protection security and collaboration tools and the F3 is designed for firstline workers through purpose-built tools and resources that allow them to do their best work and here you can see the prices of each subscription planned in a brief summary of what they offer so here's a table listing all of the features included in each plan E3 includes core productivity apps essential service like email calendar scheduling social internet and storage it offers partial insights in analytics project management tools and basic information protection E5 Builds on E3 by fully including insights and analytics comprehensive threat protection and advanced Cloud access security broker features it also adds additional layers of identity access management and Insider risk management and F3 offers partially included Microsoft 365 apps basic email calendar and scheduling service and limited access to project management tools and automation features it's designed for Frontline workers with essential tools so that's the Microsoft 365 Enterprise [Music] plans hey this is Andrew Brown from exampro and we're taking a look at Microsoft 365 licenses so what is a license well a license allows your users to use the features and services included in the subscription plan Microsoft 365 products and services are available as user subscription licenses abbreviated as usls and are licensed on a per user basis so the following list describes the options that are available the first option are full usls and these are for new customers who haven't previously purchased Microsoft products and services the second option are at on usls and these are for on premises software customers who want to add Microsoft 365 Cloud products and services the third option are from usls and these are for on premises software Assurance customers that want to transition to the cloud the last option we have are stepup usls and these are for customers who want to upgrade the level of their service and so each user accessing Microsoft 365 products and services is required to be assigned to USL administrators manage licenses in the Microsoft 365 admin Center they can assign the licenses to individual user or guest accounts now taking a look at the Microsoft 365 ad on licensing options so Microsoft 365 business plans have add-ons that you can purchase for your subscription and these add-ons provide more capabilities to enhance your subscription there are currently two types of add-ons available the first type of add-ons are traditional add-ons and these are linked to a specific subscription and if you cancel the subscription the linked add-on is also cancelled the second type or Standalone add-ons and these appear as a separate subscription on the your products page within the Microsoft 365 admin Center they have their own expiration date and are managed the same way you with any other subscription so those are the Microsoft 365 licenses and add-on [Music] options hey this is Andrew Brown from exam Pro and we're taking a look at the Support options for Microsoft 365 services so administrators and users in your organization may have difficulty resolving issues on their own it's reassuring to know that they can get help with Microsoft 365 Services anytime they need it through a variety of Support options the support option chosen to deal with a particular issue depends on the tool or service where the issue has arisen the type of subscription your organization uses and the kind of support your organization needs so here's a list of ways your organization can get access to support the first is through Community Based support this is where the Microsoft 365 Tech Community provides Community Based support for your organization allowing you to collaborate with others and solve challenges then we have proactive support so your organization can install the Microsoft support and recovery assistant to help identify Problems by running tests and offer the best solution for those problems then we have web chat email and phone support So your organization can submit issues to Microsoft support for technical billing and subscription support via email online web chat or phone we have pre-sale support your organization is provided with assistance on subscription features benefits and your purchasing decision for Microsoft 365 Services then there's FasTrack this is where your organization can connect with expert Microsoft Engineers project managers and resources to help deploy Microsoft 365 services and resolve issues then we have Premier support for Microsoft 365 so your Enterprise organization can receive on-site support a dedicated technical account manager and access to advisory Services the last support option is you can get support through a Microsoft partner this is where your organization can get support directly through a certified Microsoft 365 partner so that's the Support options for Microsoft 365 [Music] Services hey this is and Brown from exam Pro and we're taking a look at how to create a support request so if you need help with using Microsoft 365 you can create a support request through the Microsoft 365 admin Center here is a visual showing the Microsoft 365 admin Center and here you would navigate to the support section and click on new service request to create one the second visual here simply shows the service request history so you would click on view service requests and you can see the history of what service requests you submitted before and you can check on the status of the service requests for any replies so the following steps describe how to create a support request as an administrator the first step is to sign into the Microsoft 365 admin center with your Microsoft 365 admin account in the left navigation menu select show all to expand the rest of the options select support to expand the Support options select new service request so you've seen these steps so far from the visuals on the previous slide now on the right a support window will open where you can enter your support question and view the results that's the visual on the right here showing it and if the recommended instructions or articles don't answer your questions select on the headset iCloud at the top or select contact support at the bottom to contact technical support still in the required information like title description preferred contact method ET and select contact me and a support agent will contact you so those are the instructions on how to create a support [Music] request hey this is Andrew Brown from exam Pro and we're taking a look at the service level agreement Concepts abbreviated as SLA in Microsoft 365 so Microsoft 365 Services guarantees level of service for your organization in a detailed legal agreement referred to as a service level agreement Microsoft details its commitment to provide and maintain agreed service levels for M365 Services through its Microsoft online services agreement your organization can also take advantage of the service level agreement with your cloud service provider note that the guarantees of service provided for microsof 365 services will vary between cloud service providers so Microsoft's online service level agreement introduces several Concepts the first one is incident and this is a set of events or single event that results in downtime the second one is uptime this is the total time your services are functional the next one is downtime and the definition of downtime depends on the relevant service for example with Microsoft teams any period of time where users are unable to initiate online meetings see present statuses or unable to in message is considered downtime your downtime reduces the total time your services are functional then we have claim so a claim raises information about an incident and your organization is responsible for submitting a claim on an incident the next concept is an important one called service credit and so service credits are submitted by the organization's admin if the claim is successfully approved by Microsoft your organization will receive service credits the service credit will be the percentage of the total monthly fees your organization paid for the month where you experience downtime then we have service level and this is the performance metric set forth in the SLA that Microsoft agrees to meet in the delivery of the services and the last concept is uptime agreement and the uptime agreement is defined by the monthly uptime percentage which we'll explain a bit more in the next slide so downtime is any period of time when office applications are put into reduced functionality mode due to an issue with Office 365 activation and the monthly uptime percentage is typically calculated using the following formula but this may not apply to every service so user minutes minus downtime divided by user minutes time 100 where downtime is measured in user minutes that is for each month downtime is the sum of the length of each incident that occurs during that month multiply by the number of users impacted by that incident the percentage of service credit your organization can receive is linked to your monthly uptime percentage for example if downtime has resulted in a monthly uptime percentage lower than 95% your organization could receive a 100% per service credit and the table here describes the monthly uptime percentage in corresponding service credit so if the monthly uptime percentage is less than 99.9% you could get 25% service credit if the monthly uptime percentage is less than 99% you could get 50% service credit and if it's less than 95% you could get 100% service credit so your organization should always review all service level agreements and ask questions including the following list if you're using a cloud service provider how does it determine service levels and whether they're achieved or not who is responsible for reports how can your organization access reports are there any exceptions in the agreement what does the agreement say about both unexpected and scheduled maintenance what does the agreement say about what happens if your infrastructure goes down because of an attack what about natural disasters and other situations outside of your control does the agreement cover non-microsoft service or system failures what are the limits to the cloud service providers liability in the agreement so that's the overview of SLA hey this is Andrew Brown from exampro and we're taking a look at the health status of Microsoft 365 services so the Microsoft 365 admin Center allows your organization's administrators to see the current health status of each of your Microsoft 365 services and tenants they can view the history of services that have been affected in the last 30 days and information about current outages or disruptions to Services viewing the health can help you figure out whether you're dealing with a known issue that has a solution in progress you can go to SCT Health under the left navigation pain then service Health to access it so if your organization is experiencing a service issue your administrators can report it by going to reported issues select report and issue and complete a short form administrators can view specific details about service issues selecting incidents or advisories your organization can set up notifications for any new incidents or for updates to any active incidents that might affect your organization Microsoft provides two different types of notifications the first what is unplanned downtime this is where an incident has caused a service to become unresponsive or unavailable and the second one is plan maintenance where Microsoft regularly carries out service updates to the software and infrastructure that run Services Microsoft also analyzes unplanned service incidents for you through po incident reviews you'll receive a preliminary review within the first two days of incident resolution and a final review within five business days the final post incident reviews will detail the following information how you might have been impacted and how the user experience was impacted a date and time breakdown detailing when an incident started and when it was resolved and an analysis of the root cause and what actions are to be carried out to prevent the incident in the future so your organization can keep track of the health status of services in different ways first we have admin app this lets you view and stay up to dat with the health status of the services on the go then we have Microsoft System enter which allows you to view all service Communications from within system center if your organization has the Office 365 management pack and API you can use the office 3 65 service Communications API to create or use tools that can connect and monitor the service status for you in real time to protect and keep your organization's data available Microsoft is the following data storage redundancy so Microsoft stores your data through multiple levels of redundancy using data replication and secure data protection capabilities monitoring data so your databases are monitored for you and your data is monitored packet loss latencies and queries and more preventative measures so Microsoft regularly carries out check for database consistency reviews of error logs and more so that's an overview of the health status of Microsoft 365 [Music] Services hey this is Andrew Brown from exampro and we're taking a look at how organizations can communicate with Microsoft about product and service improvements so Microsoft has various channels for you to submit feedback about Microsoft 365 products and services for example if you're using feedback which is the Community Feed Fe back web portal you can submit new feedback directly within the web portal you can participate in existing feedback by voting or commenting on existing topics and you can review feedback you've submitted its impact and Status by viewing official responses from the Microsoft product teams so the following list describes the ways you can communicate directly with Microsoft feedback in product experiences Windows feedback Hub Microsoft Tech Community Microsoft store and uservoice forums use these sites to share your ideas and contribute to the Improvement of Microsoft products and services for your company and other users around the world taking a look at feedback in Greater detail so the community feedback portal lets you tell Microsoft about any problems you run into while using Microsoft 365 Community feedback allows you to browse or vote on feedback from the community community feedback is publicly displayed within different forums and your username will be displayed by feedback you submit publicly or comments you provide looking at the visual here you can select which service you're interested in or have feedback for and click into it in this case it's Microsoft teams and so you'll see lots of posts from the community about improvements and feedback and you can send your own feedback as well navigate to feedback portal. microsoft.com to access it taking a closer look on submitting feedback selecting a forum allows you to see all feedback related to that product and you can upvote or comment on feedback that matches yours if you don't see feedback that is similar to your own you can submit new feedback through the portal itself here are some guidelines for good feedback make your title concise and descriptive this will help others find and upvote your feedback send one thought per feedback information about your device operating system and applications are automatically included in each reported feedback taking a look at the Microsoft Tech Community which is a place to interact with it Pros developers and end users along with Microsoft the focus of the site was initially on Office 365 but now encompasses Azure Enterprise Mobility Plus security and many other Microsoft Technologies communities are for different Microsoft products and solutions members can join communities that interest them navigate to Tech community. microsoft.com to access it here are some of the benefits of participating in the Microsoft Tech Community influence Microsoft with feedback constructive comments and ideas help other members with Solutions or insights on problems learn about best practices new features and get the latest information from Microsoft ask questions and get help from peers access content from special events like Microsoft ignite and the Microsoft tech Summit take part in online events such as ask Microsoft anything and get recognition for overall contributions to the community with member of the week or ranks like super contributor so that's how you can share feedback on Microsoft 365 services for improvements and [Music] more hey this is Andrew Brown from exam Pro and we're taking a look at how to create and manage technical support cases in the Microsoft 365 admin Center so on the left pane of the Microsoft 365 admin sender portal click on support then click on new service request on the how can we help page provide a description of your problem and the system will provide a list of Articles which could potentially apply to your issue or help solve them the autocomplete function of the search box will pop up the most relevant articles for your case or in some cases a Diagnostics wizard May pop up to further guide you through issue resolution in this example we are requesting support because we are having issues and can't install office this pops up a run diagnostic section and provides an article on how to resolve this issue pit provides an explanation on the topic and a step-by-step guide on how to resolve the issue it also provides recommended articles at the end of The Help window if the article suggested does not meet your needs if the automated help is not sufficient you can click on the headset icon on the top to request assistance from a support agent and open a support case in this case you must provide a title and description of your case you must also provide a telephone number and contact email address and consent to the recording of calls or not afterwards you should choose your preferred method of communication there are four options available chat with a support agent phone with a response time of within 5 hours email with a response time of within 1 hour or schedule a call back for a specific date and time we'll go with the option email since it's the most convenient for us you can optionally add attachments to further assist the support agents in troubleshooting your case you have region settings where you can provide a time zone and optionally an alternative language of communication other than English after you have provided all information for your new technical case click on the contact me button this will create a new unique support case ID and you should receive confirmation through email to view service requests to view the status of the service requests you have already created browse to support view service requests from this page it provides a list of all your existing service requests as well as your previous service requests you can export all service requests and manage existing service requests by reviewing existing notes or by adding new notes as a response to an action item which has been identified by the support agents this page is the best way to track the progress of your support cases and see the full history of changes carried out while troubleshooting your issue so that's how you can create and manage technical support cases in the Microsoft 365 admin Center