Hi everyone, welcome to this Microsoft 365 or the MS-900 study cram. My goal here is to really just go through some key content that maybe you'd want to watch, maybe right at the start of your studying, but certainly just before taking the exam. Just to refresh some things to help put you in the best possible place for the exam. A lot of work goes into creating these, so a like and subscribe is definitely appreciated. Now remember the Ms 900 is a fundamentals exam. I don't need to know deep detail about administration or architecture. It's really very broad thinking about well, what solution would I use to meet certain requirements to solve certain problems. It's a 60 minute exam, I think I had about 45 questions when I took it and one of the best resources you can actually leverage is the MS. 900 website itself. If we go and look at this site, it has some key resources. So yeah, so I can go and schedule the exam. It tells you, hey, I need a score of 700 out of 1000. It has this skills outline, so definitely you want to go and download this document and really walk through and be able to check off. Yes, I understand these concepts. Sometimes if it's just changed, there'll be a version underneath we have changes on, so you can go and see exactly what changed since the previous version. Also, there's this fantastic online set of learning modules that I would definitely recommend you go through that's going to set you U in a really good place. So what my goal is for this, again, it's going to be a review I'm going to go through very quickly. What are the key areas just to try and give you that little bit of refresher and before you take the exam, this is my 2.0 version, so this is replacing the previous version I had because some of the content has changed because some of the applications and services have been modified. They've got new names or just a completely new solution. Now obviously when we think about. Microsoft 365, we often think of Office 365, so certainly we have the applications themselves, so we have the apps. And when we think about the Microsoft 365 applications, they're Evergreen and we're gonna talk about this servicing lifecycle. They're constantly being updated with new functionality. And when we have a license, it's usable for up to five PCs or Mac machines in addition to five mobile devices. So these could be tablets, these could be your phone. So I get those rights. And then what makes up these applications is a number of key word, Excel, and we're probably used to these ideas. Now by default these all have many of them have a connected experience. It's using some service or functionality that's powered by the cloud and you can turn this off. If you go and look at your file account account privacy, you'll see there are managed settings and I can control if I want those connected. Experiences or not? Now when I think about the applications. There's obviously word, so word we think about, hey, documents. We think about, hey, those integrated experience might be editor, it might be researcher, but it's really about authoring the documents. Then we have excel. So when we think about Excel, well, Excel is really all around the spreadsheets and visualizations. So I can say, hey spreadsheet. Then we have PowerPoint. And as we know, PowerPoint is all about the idea of creating those presentations that we can then help others learn, communicate information. There's presenter, coach that can actually help you in your experiences and get better at presenting. There's PowerPoint designer. We have things like Outlook. Outlook obviously is our male, our calendar and those other features, contacts, tasks. We have one note. And one note is really all about that digital notebook. We can do inking inside there, and in fact many of the other applications I can type, I can cut and paste. It's just that fantastic way to interactively take notes and then of course teams. We're not going to talk really about Skype these days. We talk about teams as that collaboration. Now collaboration could be 1 to 1 chats, 1 to 1 voice, video groups, meetings, many different aspects to that and when we think about all of these solutions. Well, we also. Yes, we have them running on desktop. Yes, we have mobile versions, iOS, Android available, but there's also these idea of online versions as well. In addition to those mobile. IOS. Android. And we can quickly jump over and look at that. So if I was to jump over to the web browser for a second, if I go and look at the user experience, we'll notice in my user experience down this left hand side. I have hey look, outlook, teams, word, Excel, PowerPoint, and there are other apps available to me as well. Forms, OneNote, sway. So all of these applications, yes, great. There was a desktop version of them. There are mobile versions of them, but additionally I can use many of them with fantastic experiences directly via the web as well. Now there were also certain work. Management applications and for the work management applications, obviously project is a big one, so I can think about project. As that ability for project management of complex work efforts. Now additionally to this, hey I think about project as this desktop application. There is also this idea of project. In the web, so there was an online version of project as well. I can create updated timelines, can band style boards, Gantt timeline charts. It can integrate with teams for various pieces of collaboration. Then I also have planner. Now planner is primarily an online experience and there is a mobile app version of it. But it's really focused around these task based cards all around Kanban boards. So it's the idea of create this very visual experience. I can update the timelines, I get these visual cues for my progress. So we want a very visual experience for planning out task based initiatives. Hey planner is my go to tool there. Then we have bookings. So if I think about bookings, it's all about web-based appointments, scheduling and management of those. So then we have bookings. So with bookings I can define certain types of appointment. I have a booking page for my customers, so it enables my customers to get confirmations and reminders via e-mail and SMS. And again I can get integration with teams. So maybe virtual appointments and then we have to do so once again to do has that kind of online experience. But there is also mobile desktop versions of the application. And this is all around task management really. For me. I have tasks, I have a nice my day focus working bring particular tasks into that day. It can have smart suggestions, it can have overdue reminders, and if I have planner assign tasks, what those planner assign tasks. Can actually show up in my todo so I have that really great integration. So there may be some of the the desktop and there are some online experiences there, but then we think about, OK, well with these applications. There are online experiences, so great, they're those desktop applications, those mobile applications, etc. But then I really do get the idea. Of the online services so I can think about how do these play in this world? Now before we go into the detail about what those services are, maybe one of the important things to really think about is whenever we think about online, there's always this idea about shared responsibility, things that I need to do, things that provider of the service needs to do. And there are different layers to this. Now I can think about aspects like, well, the physical data center. So the physical DC, I can think, well, there's the physical network. I can think about there's the physical hosts. There's an operating system running on those hosts. There are various in addition to the network, physical cabling and routers and switches. There were controls. Protection. There's the app itself that's providing some functionality. Exchange Server, SharePoint Server. And then we think about this whole idea well. There's this identity. And also directory infrastructure. Because we're going to see as we go more and more to the cloud, our identity becomes this huge. Barrier, it is our security barrier to all of our services. So something has to provide that identity and directory services infrastructure and then of course there's the accounts themselves that are powered. By that infrastructure. So I have accounts and identities, and then there were devices, could be a desktop, could be a mobile device, could be a tablet. And then what we actually really care about is our information and data. And so when I think about those levels of things, there's a different set of responsibilities now in the on Prem model. This is you. All of these things. Are you? You're responsible for all of that. If I shift to different types of cloud service, there's things like infrastructure as a service. Really think about a virtual machine in the cloud. Now in a virtual machine in the cloud, the provider worries about the physical host, the fabric, the data centers. You get essentially that VM in the cloud. And So what I'm responsible for? Is everything above that VM, so the OS inside it, the agents I might have, the applications and obviously that whole identity infrastructure I'm still responsible for, and things like platform as a service where I'm getting the ability to really just focus on my application. Now when I get to platform as a service, there are some Gray areas now definitely all of these accounts and identities. This is going to be me, so this line going to carry on a little bit. This is always going to be me. Now, just because I'm responsible doesn't mean I'm on my own. We'll see. There are various services in the Microsoft 365 to help me in these areas, to help me secure my accounts, to help me secure my devices, to help me manage them, help me protect my data. But I own the responsibility to go and turn those services on, to do things with the recommendations now. Additionally, in a PaaS world, I might also be. Responsible. For certain aspects, and it's only certain, it's a shared responsibility. Something like network controls the app because I'm writing the app. Depending on how I write the app will what identity directory infrastructure? And then we get to SaaS software as a service, and this is Microsoft 365, it's a. Solution provided for you. Now, even here, I'm still responsible. For the accounts and identities for the devices, that's my organizations intellectual property. I'm still responsible for my information and data, but again, there are things to help me, so don't worry. Help is at hand. Just because I'm responsible for it doesn't mean I'm on my own, and depending on my architecture well, I may still have a little bit of responsibility. For this identity and directory infrastructure, I might have some on Prem DC components, some connect, so there might be things I'm handling there as well. When I think about this SaaS world, I'm never worried about the app, that's always the provider. I'm not patching exchange or SharePoint, that's just provided for me and that's really the key part and want to make sure was really understood about this. OK, So what are? These various online services that I'm actually going to use, and a lot of them really correspond to some of these applications that are going to consume these services. So when I think about the online services, obviously exchange is a huge one. So we have exchange. Some exchanges obviously all focused around the idea of, yes, e-mail sending, receiving e-mail and storing it, synchronizing it to that Outlook client, exposing it via web clients. We have idea of calendars. Maybe a personal, maybe a shared calendar? How I can share that it has native anti spam, anti malware and then things like defender for Office 365 that improves those capabilities. There are things like public folders now. As we have other enhancements around teams and SharePoint, some of these functions may get less and less, but certainly we have those capabilities. Then I can think about teams. Especially in this work from home world where there's more and more remote collaboration teams is a huge focus for this. So we think about what we create teams. Is that first unit we have a collection of content tools, people. These can be private. So only specific people in my organization. It could be public. Hey, anyone in my org can go and see these things. I can have up to 10,000 members in a team and then within a team I create channels. So a channel is a particular section within a team. And even here, even if the team is for example public or private or group of people or the channel itself, hey, it can be standard so everyone in the team can use it. I can have the idea of private so it's a subset of people can use it. I can have the idea about shared. So even people outside of the team. Can leverage that content and then we have tabs within those various channels with different types of content. I have a files tab, I could have a particular application. We have the concept of chat. Instant message. I have the ability to schedule and join meetings. We have the idea of those means could be audio, video, chat, screen sharing, webinars, live events. I can do that from teams as well, and then I can record all of these things and I can essentially then send it via Microsoft Stream. To then make available at a later time so I can record and make available via stream when I want to. And of course, one of the most important teams features is that ability to have a custom background. So join my meeting. I can be sitting in the Starship enterprise or wherever I might want to be. There's Microsoft Teams phone, so Microsoft Teams phone. It's all about, hey, I can have these Calling Plans, and there's different ones available, but from my PC, my tablet, my mobile device, my desk phone, I can sign up for these plans to communicate with regular phones, and there's huge amounts of collaboration with the various other tools that are part of this. And then of course. We have things like SharePoint. So SharePoint is maybe one of those really early tools. We have the idea of science, so I create sites. And those sites are of different types and SharePoint is really one of those cornerstones of collaboration. But I can have a team site. So A-Team site, it's all about file storage, sharing of the data, Co authoring, managing lists of information, workflow integration. I can have communication sites. So communication sites about broadcasting information to other teams, to the whole organization. Think of a company knows that would be a great use for these communication types. And then if I end up with lots of team sites and communication sites, well it make it difficult to understand and find things. So we have the idea of hub sites. Which, as the name suggests, can organize multiple team and communication sites into logical groupings. Then we have things like OneDrive. OneDrive actually behind the scenes, integrates with SharePoint very closely, but this is what powers that collaboration across Microsoft 365. It integrates with the OneDrive application. I can share inside my company, I can share externally, it helps me find content. And then there's Yammer. Yammer is think of it as like a social network. For inside my company I have communities, I have ideas sharing, so we have these core applications. But then we also have this whole new set of components here. Now we also have this idea of Microsoft. Viva. And there are four components to Microsoft Viva. The first one is connections. So again, VM is all about the employee experience, so it's an Exp employee experience. Platform, Insights, knowledge, learning resources, all of that. And we have these four key modules so I can think about connections. So Viva connections is about the idea of how we can stay connected to each other. It brings together elements of SharePoint and Yammer and teams and stream via a company branded app that shows up inside teams. So it's going to expose it through there. I can help get a dashboard to get insight to key tools and key resources. I can get a feed of information to the right people and helps me really navigate all up. Then there's Viva insights. And if you have this at your company, you probably get this daily e-mail. We used to have Microsoft Minor lyrics and workplace analytics. It really all rolls into this, but this is about net privacy protected. But it's all about insights and recommendations to help work smarter now work smarter for both the individual. So hey, giving me recommendations, personal insight in how I am working? Should I modify my work pattern? When? Take a break? When to add focus time? If I need to really make sure I'm disconnecting after hours? I get a daily briefing that e-mail at the start of the day, but also insights for managers. So for the managers, they can say, hey, what are the work patterns of the people in my team? Where do maybe I need to step in to avoid burnout to reduce stress? Maybe I need to, I can have these nudges to encourage connection to the team. Maybe you've not done A1 on one with this team member. Hey, why don't you go and set up a one to one? Help me set up no meeting days and then rolling all of that into an organizational view. So for the organization, for the company leadership to see that all up work culture where changes may be needed to really encourage results for the all up best practice for the company itself. So then we have the idea of topics. So Viva topics is all about focus on knowledge, providing it to people in the company. It uses AI to identify knowledge and experts in the company and then organizes it automatically into these shared topic areas so that it's going to create a topic page for each of those topic areas and surface it up through these cards in office, in SharePoint, in teams. And then if I open up that card it will link me to the content. And then Viva learning. And as the name suggests, it's essential hub for learning in the organization. It aggregates content from things like LinkedIn Learning, Microsoft learn, third parties, you're only internal training that you may want people to create. It allows the managers to assign and track the learning. And I get a home page, I get my learning page to really leverage these things. Now in terms of the experience, so OK, we have all these different components here. So we have these online services, we have applications, we have Microsoft, Viva, how do I administer this thing. So from administration perspective, we have the Microsoft. 365. Admin center. And in addition, there's also a user portal. So the user portal as I showed gives me kind of web-based version of the applications. It's also where I could go as a user, say, hey, I want to download those applications, those central applications for me. Now the admin center is focused around things like, well, hey. Manage my users. Groups. Now it's using Azure AD, it's just a different interface to interact with Azure Active Directory. I can help do licenses, assign licenses to users, assign them to groups. It helps me with my billing. It helps me run various types of reporting. It helps me access all the other portals that exist. So if we quickly jump over and have a look at this super quickly. So if I go and look at my admin.microsoft.com we can see. Gives me some basic cards about key areas. License users hey my Azure AD connect synchronizing it was all looking good. Any balances I have in billing. We can see these key areas of well. I could manage users, contacts, guests. I can manage my groups. I can manage my billing but then I have this show all option so there it expands out to roles support settings reports. So from the reporting, I get things like a productivity score. What's the work done in my organization versus other organizations? So I start to get some insight into exactly what's happening in my org. I get a usage. So what's my use all up of Microsoft 365? Not very much in my little lab environment, but you can see I get this fantastic amount of information. I get access to all of the other administration centers, so exchange online, SharePoint online teams, Azure AD endpoint manager. They have their own administration areas so I can link into this. Now. When I think about Evergreen, I said that word and I think about online services. Well, one of the big things we obviously have is a life cycle. So how are these Evergreen? What does this really look like? So I think about my services. So scroll over here. There's a certain life cycle, so I use orange change color so for my life cycle. There's not always the scenario. I want things to just pop into existence for the first time, and I've never seen it before. So what actually happens is very often there's a private preview. When I think about these. Online services. So this is where it's very limited number of users, organizations to help. Microsoft does its own testing first, but now I can start to get some feedback from specific organizations that have signed up for this. Then we have a public preview, so as the name suggests, this is available to everyone. Now they have to go and maybe again for a selection of machines, say hey, I want this or I want this particular service, but I'm selecting to give me an insight of what's coming, what's going to be standard functionality in the future. It has limited support. Then we get to general. Availability. GA. And often hear about it's GA, it's now the released version, it has full support. It's going to be broadly adopted. Now as part of that general availability. There is this concept of a modern. Life cycle. Policy and what that modern life cycle policy basically means that anything that is not a free feature or preview, it has a minimum of 12 months support. Now, eventually. Sometimes things are replaced or certain version goes end of life. I don't get updates anymore. It's not supported anymore. So there is going to happen over time. There are various policies. I'm around that. We can go and look. At the modern life cycle policy that goes through the requirements of it, so customers must stay current on the servicing. Um, they must also. Be licensed. And it must currently be supported. There's notification information about how we get told continuity migration. And if you're thinking about, OK well there's these end of life, so these features, how do I find out about these things? There is a Microsoft 365 road map so I can go and look at this road map and notice I can see the phases. Hey, current channel, semiannual, these are a lot around the desktop applications. The cloud instance that I might be leveraging and particular products I might be caring about. But I can go and see what's coming up. Where is it? And I can search on this, I can get lots of great information. So this road map is how I can go and find out about, well, what's coming down the pipeline. What do I have to expect? OK. So we have these applications, we have these services. Well, they have to run somewhere. So. If we think about, OK, great, we had these applications. They have to run on some kind of endpoints. Now that end point could be a PC, it could be a tablet. It could be a phone, it could be obviously a browser of some kind as we talk about other things. It might be an Internet of Things device that's less common with office obviously, but maybe it is interacting, maybe an e-mail or something like that. Now when we think about devices, I need to manage them, maintain their health. I have to deploy application to them, configure them and protect them. Many many other aspects to it. But just like users. Devices will often have some kind of identity and some membership. So how do I think about that endpoint? Overall management of its identity? So the actual first step. Is we have to have an identity provider? So I can think when we use Microsoft 365, the identity provider the IDP. Is an Azure. Active Directory instance, Azure AD. Now the whole point of Azure ID is cloud based, that's why I'm doing it in blue. So there's nothing I'm particularly hosting. There's no domain controllers that I have access to. Even though it has a D in the name. It's not particularly AD really. But this speaks cloud, so this provides services that integrate with. Many different applications that want to use this identity provider. Now it does speak cloud protocols so as we have things like open ID CONNECT. If I think about OAuth 2 If I think about SAML WS fed, those are all really designed for this Internet type set of web-based interactions. And the key point here is I might have lots and lots of applications, SaaS applications, office, all of these different apps. I'll configured to trust a particular identity provider. Now what that means is for me as a user, so I'm going to have an account in here. But I have to log on. And what I get is saying called single. Sign on. SSO. So when I authenticate to one application to my identity provider. Any other application that uses the same identity provider, I don't have to reauthenticate again. I get very seamless experience that I log on once, I don't have to log on again. There might be other identity providers out here, a different identity provider, but we can actually create. These federations. So a federation is where there's a relationship between different Idps. I create a trust. And now users can be in a different IDP, but it will create a token, it will create claims. Inside these tokens that because there's a trust the other IDP can consume and allow it to be used. So this is. Really a key part of IDP. Now when I think about Azure AD, it is licensed per user and there are different SKU's available. So if we quickly was to jump over to the versions. Of what we have here. So this talks about things like MFA, so it's like Azure AD premium P1, Azure AD premium P2 and then Microsoft 365 and three. So there were these different aspects to Azure AD, but they come with different sets of capabilities. So here we can see different features based on I can have free. I don't have to pay for Azure AD, it's just completely free, but I get limited sets of capabilities. When I use the free version. Then I get. Well, if I'm using Office 365, I get a few additional rights for the office apps. Then it seems like Azure AD premium P1. That gives me full conditional access so I can put very granular controls when I'm accessing different services. I can have things like risk based, identity protection, access reviews, entitlement management. So I get different sets of capabilities depending on the exact license I have, and different users can have different licenses. It doesn't have to all be the same. Now, one of the key things we're typically going to have is I drew this idea over Azure AD. And they just out there when they users are inside it. But most of the time you as a company what you actually have is you already have an Active Directory, an Active Directory domain services instance with all your users and your groups and devices can join that. Now the on Prem AD, well it speaks things like Kerberos. It has NTLM, it has LDAP. I can create an organizational unit structure. We have group policy objects. Those are all great from on premises where I have this very trusted network. It's not so great for over the Internet, but what most of the time will actually happen is we'll have this concept. Of a synchronization. And it's really going this way. So AD is the point of truth, the source of truth, and it will replicate 2 my Azure AD and this is called Azure AD Connect. So it's saying I install. There is also an Azure AD Connect cloud sync option where the main synchronized engine actually runs in the cloud. I just have a little agents running on my domain controllers, but it's doing the same thing. It's synchronizing from on Prem mainly. There's a few things that go the other way into there. I talked about a federation, well I can federate if I use Active Directory Federation services or third parties so Azure AD can actually federate. to AD get this trust to have the authentication of my users happen against my on Prem ad. Most of the time we want to actually authenticate in Azure AD, so we also send a hash of the hash of the passwords. So all of that authentication can happen directly against my Azure AD. Now I said an interesting word. I said authentication can happen against my Azure AD, So what is that? So we have the concept of authentication. Authentication is all about proof. Who you are. Now, how can I prove who I am? Very often we think about. Well, it's something I know. Something I am or something I have? Something I know. A password, a pin. Something I am a biometric, my fingerprint, a 3D map of my face saying I have. It could be my PC, it could be my phone, it could be a certain special type of USB key or other token. We don't like passwords on their own. We consider them very weak what we like these days. Is MFA multifactor authentication? That's when I have two or more of these, so it could be. Hey. Well, yes, I type in a pin. But then I have to do a biometric to unlock something. Or maybe it's well, I've got my phone and I have to type in a pin. I've got my phone and I have to biometric unlock that app. It says combinations of things, but I get stronger when I have multiple factors of authentication. Now also we have the concept of password lists. There's no password at all. We get rid of this idea of a network secret and password. This could be hello for business. This is where my PC and it's trusted platform module are special chip inside my PC. It has a certain key so it's something I have. I have to have the PC with that trusted platform module that has anti hammering it. I can't get this key out of it. Then I have to unlock it with either a biometric or a pin. So it's still multiple things but there is no network secret anymore. It's not there. There's also things like the Microsoft Authenticator app. That again I have to unlock the app but I have to have the app on my phone. For example saying I have my phone and I have to unlock the app with a pin or a biometric. Other things like Fido 2 keys. Where again it's have a USB key that I can insert in the machine. But I have these different ways to prove who I am. So we have authentication. Proving I am who I say I am honest. Then we have the idea of authorization. Once I've proven who I am. What can I do? OK, you've proven your John, John is allowed to do this. John can access this data. John has these roles. So I need both of these things prove who I am. Then once I've proven who I am, what am I allowed to do? Could be roles, could be role based access control. There's different aspects to this. And when I think about these identities, again, don't think of it as just users. Yes, it's users, it's also applications. It's also maybe resources in Azure, it's devices, Internet things as a huge focus on proving the identity of the device. So I'm not getting bad information, mutual authentication my PC, I'm going to register it with Azure AD and I'm going to use that as part of my checks or maybe even join it. There's different options around here. So that's 2A's authentication authorization. There's this whole focus around the idea of 4A's. OK, that's two. We also obviously have an administration. So administration about the creation and management, the governance, the life cycle of the users, the devices, the services. And a what circumstances do I allow them to be changed? What is my change control process? What is the governance I have to ensure that the granting of privileges for example, and then auditing? We're going to see when we talk about things like zero trust, we talk about signals all the time. I need tracking of who does what, who gave this permission, when, where, how, what they did. So I want in-depth reporting on all of these different types of things. So identity is just a huge key aspect to everything we're going to do here. Now I was actually talking about endpoint management and I completely went off on this. Hey Azure AD and authentication authorization. But a key point on all of this is one of the first things we're going to do when I think about the endpoint and that management is I want my endpoints. When I think about that Azure AD, Scroll down just a second so I can get to this my endpoint. Well, I'm actually going. To either register them, I make it a known entity to my Azure AD, or maybe even join them. My Windows clients can actually join Azure AD and authenticate directly with a user defined in my Azure Active Directory. So that's something that I can do with these technologies. But as a starting point, most of the time before we do anything else, there's going to be this. Notion of making the endpoint known to my identity provider? That's really a grounding thing I have to have. But then we think about going into that deep idea of the management of those devices, keeping them healthier, applying policies. So how do we do that? So for the endpoints I think about Microsoft look wrong color. Microsoft. Endpoint. Manager, and this is really a sweet it's comprising of a number of different solutions. There's Microsoft Intune which is cloud based. Think of Microsoft Intune as an MDM solution. Mobile device management. Now even though it's got the word mobile in there, it still gives me complete manageability of things like Windows Client, not server. MacOS. I have things like mobile, Android, iOS I think even still Windows Phone but. I can link to things like the iOS store, the Android store. To make applications available I can apply things like policy. I can check the health, there's a whole set of things I can do in Microsoft Intune, but then also it uses configuration manager, and Configuration manager is really focused on my on Prem resources. Yes, Windows client, but also things like Windows Server and I have this idea of Co management. I can have both the solutions applying to maybe the same devices and some functionality. I'll use intune. Some functionality I want, I'll use configuration manager. Hey, the BitLocker configuration, I'm going to use Intune for that. This type of patching. Hey, I'm going to use configuration manager. So I get this ability to really mix those different solutions together. There's things like desktop analytics. When I think about my Windows clients, it would tell me what's their suitability for upgrade. Hey, I want to get to Windows 11. Which devices can have this for me? There's an endpoint manager, so there's a management solution. Separate portal. For that and when you go to that office portal that we saw earlier, you'll see it links to all of those different portals. When we have that idea of admin centers, we'll sure enough it has endpoint manager. So endpoint manages where I can then go and OK well I can see all my devices, my app so I can create reports so I can see information about users and we'll form my devices. Hey, I can go and create different types of policies. Compliance I can do configurations. Script. All of this capability is really just rolled in as part of that single portal, but it helps me manage both Intune and my configuration manager. So I have this broad idea of endpoints, mobile, tablet, Mac OS, Windows client. When I think about Windows client. Just kind of expand on that for a second. There are. Shifts. Now, we always said Windows 10 was the last version of Windows until Windows 11 came out. So there there was obviously a slight change in that mindset. But if I think about Windows client, obviously Windows 11 is the latest version. It's really all about this idea of windows as a service. The point is, again, it's constantly updating. Gone are the days of these huge updates to the OS. Maybe three or four years. It was a huge pain for companies. They want these smaller incremental additions of value. So there's really two types of release to keep this windows as a service Evergreen. There's the idea of a quality. Update and as the name suggests, a quality update is really focused on the idea of patches fixes. This is all about Patch Tuesday once a month. They roll out. The latest patches, I think it's the second Tuesday of the month. These are cumulative. They includes every other patch from all the previous months. Now what that means is this cumulative update gets bigger every month. For the versions that are supported, there's a certain point fixes roll off because that version is not supported anymore, so it gets very very big. So one of the features is they're sent called Express. Update. What express update does it allows you to only pull down the bits you need. So I can only pull down the bits from the cumulative update that my machine needs. Hey, I've been updating every month, I don't need the other. However many months you've got in that community update, it can just pull down the bits I need. So things like configuration manager, Windows Server update services, Windows Update all support this idea of Express update. Then there's also delivery optimization. This is the idea that in some way I'm sharing with my local peers. It could be branch cache where I have the ability to share with my peers. There's also other peer technologies I can leverage if we go and look at the portal. It talks about optimizing Windows Update delivery, and yes there's delivery optimization, there's peer-to-peer method and then there's branch cache. So I have these different technologies to really optimize how I can reduce the network traffic and going off to the Internet. So it's only the on premises solutions, WSUS and configuration manager, Windows Server update services as you pull down the updates and host them from your own server. Configuration manager. Again, it's a set of servers that I have. Only those can use branch cache, but all of them can use the idea of delivery optimization. So we have these different solutions, there's delivery optimization and there's the idea of branch cache. And again, that's only available for those on Prem type technologies. So this is not adding new functionality, it's just fixing things. Then there are the idea of feature updates. This is adding new functionality, so I'm actually adding. And today this has changed to annual. It was semi annual, so every six months this would roll out. Now it's being reduced to once a year. I think in many companies found it was still too frequent. Every six months was too frequent. But even annual it's a lot more frequent than the old three or four year major versions from XP to Vista to 7 to 8. Well these huge jobs to adopt those new versions of the operating system. It's incremental pieces of functionality to it and it's just easier to adopt. So that's really the huge it's easier to adopt as the company, it's easier to adopt as the user. So not seeing these huge stark changes to what things need. Now if we think about things like the feature updates and this new functionality, there obviously are still changes that come as part of that. And so there's also this concept. Of servicing. Channels and we saw that when I showed the road map site, we saw these servicing channels. And there's things like the windows and there's an office as well inside a program. So this is early access for testing of what's coming down the pipeline. Maybe I've got certain PCs, so I want to see what's coming. I'll sign that out for the Windows Insider and there's even within there there are some different frequencies. I get those builds, then I can think about all there's the general availability. Channel. And as the name suggests, it's the released version. It's the release version, that annual update. Each of them is supported for 18 months, so 18 months. And then Education Edition and Enterprise have an additional 12 months support. So we get 30 months in total for those. And then there's also a thing called the long term servicing channel and that gets a far longer lifecycle. It's only maybe updated every few years. And you think about the long term servicing channel as most of your population is going to be running that general availability. I want the latest features, I'm running office on it. I want the improvements to my end user experience. Long term servicing channel maybe. I have certain pieces of equipment, an ATM, a generator, a piece of medical equipment that is critical. I don't care about functionality improvements. It's running some app or service that just needs to be lot rock solid lock down. Well then long term servicing channel is a great option for that. Now if I think about using this in my company. What we're typically going to have is this idea of well. I'm going to deploying rings. I don't want everyone to get this huge update at the same time, even if it works flawlessly. Just think about users have questions, they call the help desk. You can quickly get swamped with that. So you'll have these different rings in your organization, so you might start off with just preview. I want to see what's coming. That would be a super limited number of users. That's probably going to link to that insider channel that's probably going to be that. I'm just going to hit F5 quickly because my board is starting to slow down South. Maybe if I refresh. It might get a bit healthier. Let's try it one more time. Just reload. Sometimes if you reload it, it's starting to slow down, so we'll see if that fixes things. So I have the idea of the rings. And so it would start off with this idea. Of a few people will run that preview to get an idea of what's coming down. Then I'll think about, well, a limited maybe a subset of users from each business group. When it hits GA. And I'll start rolling that to a few people and then I'll have a broader adoption. And my broad company adoption, I still may actually break into smaller waves again. So everyone's not happening on the same night. And what I can do is I can add delays. So yes, it's still that GA, but I can say, hey, wait 15 days, wait 20 days, wait 25 days to add that. Capability in there so I can definitely use that. So that's how I can think about rolling that out to my organization. How do I do these things? What is the best method for these various types of rollout? So one of the great technologies that we have today is Windows. Autopilot. And the whole idea of autopilot is it's leveraging Azure AD. And Intune can use configuration manager as well and basically I get my brand new shiny PC. Out the box from wherever I bought it, the only thing that has to get pre provisioned is a hardware ID which maybe the OEM ships to my IT department maybe. I use a script to get it and when I turn this thing on it automatically goes out to the Internet. The Microsoft service goes and checks it's known here and it just goes and does all the configuration. So all of that Corp config. Just happens. It just goes and gets deployed to that machine just for me automatically. And one of the things we can have here is they could even change the version. So if I think about just leaping over here just for a quick second. If I think about the Windows client here, well, there are different versions. So that all the concepts here of different skews stock keeping units versions. And a very common one is the machine might ship with pro for example, but I want to upgrade it to enterprise. And there's different ways to do that. I could do that part of a subscription activation. I could do it if it doesn't Azure AD join. I can use a provisioning package. So there are many different ways that hey, even if that machine comes shipped we've pro, I can still go and shift that and move it into something else. So this is great for brand new. But then I also think about, well hey, there's a new version these channels. Every year do we do a wipe and load like we used to to go from 7 to 8? No, not at all. So now the focus really is in place. Upgrade. We do not wipe and load. And there's different mechanisms to do this. I can do this via Windows Update. I can do this via Windows Update for business. Uh, Windows Update for business is really it's Windows Update, but as the company I can add some extra controls on how those are adopted. I could use configuration manager. I could use Intune. I could use Windows Server update services again, Windows Update. Windows Server Update Services lets me basically pull down the updates. And make them available from my infrastructure. It gives you more control to release them to track what's happening. And of course there are third party solutions. There were many options. I'm for the usage of these types of technology. So that's all great. I mean, this is all for. Windows. But realize. Those office applications, all of these apps that we have running on desktop machines here. They have exactly the same considerations. So in exactly the same way I have the idea of well hey, I have to deploy the office applications. On my machine now as the user, so as the user of a machine I can go to the office portal. If I go to the office portal, there's an option to install the apps so your users can self install. I can use the cloud, so this is obviously pulling from the cloud. I can use the cloud, but also use the ODT, the Office deployment tool. So the office deployment tool lets me customise the office deployment experience. I can say which apps I want, what extra configurations do I want. I can also have a local deployment. We have the office deployment tool, so I pulled down the files, I put them somewhere and then I make those available out. I can also use things like configuration manager. And I can even use technologies like App V and App VI can create the packages using the Office deployment tool. So office deployment tool really is everywhere. Now, just like with Windows. Office has updates. So we have updates as well. Now office doesn't split it into the quality and feature in the same way. Once again, they are cumulative. But it's really focused around security. Versus non security. And the way the updates, these are checked automatically, they're installed automatically, they're not separate downloads for these things. Obviously security is about protecting office from bad things and malicious attacks, non security, they you can think of that as a quality update. Essentially it provides more stability in price, performance improvements. It's giving me some updated set of capabilities. And then when I think about adopting these things and think about those rings of adoption we had for Windows, well I have that same concept here as well. So for the office there were channels. Obviously, these are my productivity applications. If something strange happens, if there's a big change, it might impact the productivity of my users. So we think about this concept of, well, there's a current channel. So I could be on the current channel of office. I'm going to get features at least once a month with security non security every two or three months. I might have the idea of a monthly. Enterprise channel. And so this really falls into the idea of my patch Tuesday. So patch Tuesday 2nd Tuesday of the month. I'm going to get the updates. That's good for a predictable schedule. There's also the idea of a semi annual. Enterprise channel. So every six months, January and July. I get these package of updates, I can get an early preview. So I can get for the July, I can get exposed in March and for the January I can get exposed in September. So those are concept of seeing these earlier on. So those are available to me as well. So these different ways to get the different features, different users, parts of my population. Great. I have my endpoint. I have my Windows client running on a machine. Maybe sometimes I don't have access to my machine. Maybe that's not what I want for my company. I want desktop as a service, so there's also the concept of managed desktops. And this is not a new concept. On premises we would have remote desktop farms, which could be remote desktop services, it could be Citrix. There were many solutions out there, but basically it's giving me desktop as a service. So I as a user will just be remotely connecting to my desktop experience. It's hosted somewhere else. And there are two really provided in Azure. So Azure is the cloud solution. Offered by Microsoft, I can run VMs and PaaS services, so one of the options is thing called Azure. Virtual. I've just worked out you have to click the thing and to stop that blue box. I'm not. They keep changing the whiteboard and it's confusing me. Azure Virtual Desktop now if I think about remote desktop solution all up. There are many different components to that solution. For example, I as a user, well, I have to go and connect to some kind of gateway because I want to encapsulate the traffic in HTTPS. There's probably some kind of connection broker to tell me which host my existing session or where I should go to. There's licensing components to it, there's maybe a web component to get a feed when Azure virtual desktop. Those are all just managed for me. I don't even see those things, it's just part of the service. But then what we have is I have host pools, so the host pools running my Azure subscription and they're basically virtual machines. So their virtual machines in my subscription and those host pools, they could be made-up of server OS. Or client OS, Windows Server or Windows client. Even if it's client, there's actually a multi session client so I can have multiple users connecting to the same client instance so I get a better utilization of my underlying resources. So that's a Windows 11 has that multi session. And then I can publish the entire desktop. So I would remote in and I'd see a completely different desktop or and I can publish individual applications. So hey, I've got my local desktop. But actually what's happening is. I see this other app that looks like it's running locally, but that app is actually running in the cloud and it's just sending the pixels and sending the interactions back up, but it seamlessly integrated from my local desktop. Totally cool. So I can expose those as well. If I think about my users, and these are obviously running on servers, VMS in the cloud, I can have the idea of pulled. Or personal? Support is where there's the idea. Pulled is the idea of. It's just 100 VM's that sessions could be connected to and someone connects to it. Whichever one is available next, I get, but it's different each time. Now obviously for that to work my profile my data has to be abstracted away from any particular OS instance, so use a technology called fslogix. To separate the profile the data. So that's really kind of the. Um profile? Data ID that you sent like OneDrive to separate away from the OS instance. Personal maybe? I'm a developer, I'm actually going to heavily modify that environment so I need to go to the same instance every single time. So personal. Hey, there's a dedicated. Instance I'm always connecting to the same one pulled. There's a whole group of them available. I connect to whichever one is available, so there's still give me the same experience. My profile is abstracted away using FS logic. But there's still some management I have to do here. I'm still configuring Azure Virtual desktop, but the benefit is as a company. I'm paying for those underlying VM's and some additional services. But really, the VM that's powering those things, maybe I don't even want to do that. So the other option I can do. Is windows. 365. And this really is just this idea of a desktop in the cloud. It's very easy to deploy. It's per user, so it is a dedicated desktop per user. I have different sizes available to me. There are different SKU's available. So there is a business SKU. So the business skew is up to 300 people, it doesn't Azure AD join. And there is an enterprise skew which has no cap, it can do AAD join or hybrid. So we can integrate with a virtual network in Azure and join my existing domain. There's additional licensing I require around that. There is a comparison of the versions, so if we compare business and enterprise. It talks about that domain join hey dot business it's just Azure AD join enterprise with or without. And then how I purchased them, licensing requirements, so business, there's no other licensing requirements. Enterprise hey, each licensed user must have Windows 10 or 11 enterprise endpoint manager and Azure AD P1. Hey, no cap limit, 300 cap limit. Different types of data restrictions. How I can do administration? And once again the way this really works is it integrates very tightly with endpoint manager. And an endpoint manager. If I go to my devices I have my provisioning of Windows 365. I go and create policies for what I want to make available to my users and then the user just goes to their portal. Their Windows 365 portal, so that seems to have hung. Let's try again. There we go. And they can just click ohh there's my desktop. And I can open it in a browser. There are local clients available as well, but I can now just go and use my desktop all nicely in the cloud for me, so there's a whole set of capabilities there. Just available for me to leverage. So really super powerful things that I have. So we have the options. We have all of those available to us. Of course I can run it locally on my machine, but hey, moving my home machine is not good enough. Maybe I'm traveling so I have ways to make. The client OS and the applications available really from anywhere I can get an Internet connection. That's really all I need for all of these different things. OK. So this is all about the idea of, OK, different types of devices, different protections, different things that I'm actually doing. But there's still this whole concept of security of compliance. So if we take a look at security, go red for this one security. There are two key. Languages we use today around security, there's this idea of defense. In depth. We think of an onion. And on that onion, we like as many different layers of protection as possible and we think about all those layers to give us the complete all up protection for the environment. Excuse me, it's thirsty. So I think my security and I think about my defense in depth, there were many layers. We talked about the responsibility. Why get the same kind of layers that I think about the security of my environment? I can think about the physical. So when I think about the physical layer, this is the first line of defense. The data center itself, restricting access to my data center, the right protections, protection from power failure, protection from other types of natural disasters. So it's not just some malicious actor. I want to ensure the availability of my services, so I want to think about protecting that all up infrastructure. As we talked about identity. And the access is the new security perimeter. So making sure I have good change control, make sure I'm using strong authentication, password list, multifactor authentication, auditing, sign in requests, auditing any changes that occur. Yes, I think about the perimeter. From a perimeter, I mean well on the edge of my network. Can someone do a distributed denial of service attack on me, take my services out by limiting the ability for people to get to me? Azure and Microsoft 365 have built-in distributed denial of service protection and then there's also additional layers I can potentially use. I want to use Edge Firewall devices for my entry. And then the network components restricting movement inside the network, only having the connectivity I need for the job to be done. Um. Don't trust the network. This is going to come back saying zero trust. Just saying on the network. I'm not going to trust it. I want to explicitly validate every request that happens. I want to block all types of connectivity. This is absolutely required. I think about the compute. So when the servers keep them patched and keep them monitored, antivirus protection, firewalls on them as well. Defense in depth layers of protection. If one layer fails, another layer can pick up the slack. The application keeping those current, keeping those healthy, putting them behind web application firewalls that can block certain types of attacks have good practices in my coding. I'm not checking in secrets into GitHub. Use key vaults and then obviously my data itself. Making sure I've got protections on the data, encryption of the data, labeling of the data, classification protection. I want all of those things. Of part of my defence in depth. It's super critical to have all of these elements as part of this. Now, the other thing you're gonna commonly hear about. Is this CIA? Not the CIA you might be thinking of internationally you have this idea of? Confidentiality. So confidentiality is all about the idea that. Keep sensitive data, be IT customer data, passwords, financial data, intellectual property. Keep it confidential, make sure I got the right protections in place. We think about integrity and basically keeping it correct. Making sure that when I receive some communication, when I receive some data from an Internet of Things device, is it really valid? Because even if it's a bad IoT feeding me false data, it makes me get false analysis and do false actions. So I want to make sure any message, any data I receive. Is valid. The integrity is not being compromised in some way. And then we think about the A for the availability. If I can't get to my services. When they need it, it's useless. So we think about those three key constructs. And one of the biggest things we have when I think about enabling that confidentiality, ensuring the integrity well. I need encryption. Now, there's a fundamentally two types of encryption. There's symmetric and asymmetric. You don't need to be an expert in this at all. But at a super high level symmetric. Is all about the idea. That hey, I have some message. Let's just say it's Fox. What's going to happen is I have some key. And this key is going to. Encrypt the data so it's that key. So now my message. Is. Back. Symmetric means the same key that I use to encrypt. Can decrypt it. There's one key now, symmetric encryption is very efficient. But realize you have the problem of how do I share the key securely? I can't send it over the network, just unencrypted, so if the bad guy gets the key, they can decrypt my message. And so the other type. Is asymmetric. So here we have the same message. OK, fox. And I have the idea that yes, there's a key. That can perform. Equipped to graphic operation. So let's say sure it generated that. But the same key can't decrypt it. It can only do one way of the cryptographic operation. There has to be another key. So there's. A paired key. So these two keys. There were a pair of keys. And only the other key can reverse the cryptographic operation. For example, if I wanted someone to send a message to me an encrypted, you'll always hear this term of about a private key. That only I have. It's only on my machine and a public key certificate. The key is in a certificate that everyone can see and it's signed by certain certificate authority. Say we trust that person. So if someone wanted to send me a message. Secretly they encrypt it with my public key. And you're like, huh, remember public key? There's only one way everyone has my public key if they encrypt a message to me with my public key that everyone has. No one else can decrypt it because you have to have the private key. Ah, useful. There's also a concept, so this is great. This model here. This is super powerful. When I want. Essentially, data privacy. I want to encrypt it so no one can see it, so I like they'll use my public. The other option I could do is actually will encrypt it with my private key. Because we get this hash value. Now you might say what is the point in that? Because then anyone can decrypt it. Well, that's superpowerful for signing. For integrity. Think about it, I write a message and maybe not so worried about no one can read the message, but I want them to know it was me that wrote it. So I can take my message. I can run it through a digest that creates a fixed length hash. Of the message. And then encrypt it with my private key. The person who receives the message sees the signature, that hash at the bottom. They can decrypt it and see it's a certain value. They run the message through the same hashing algorithm and it matches the version I encrypted. Only I could have signed encrypted that hash that I sent with it. Oh, it came from John. So I can use these in different ways, both for privacy. But also ensuring the integrity of the data there. When we think about that encryption, the protection we think about the data at rest, hey, I just need to encrypt it when it's sitting on the disk, when it's sitting in the database. I might think about encryption in transit as it is sent over the network. Often we'll talk about things like TLS, HTTPS. There are ways that are fairly standard. This is IP SEC. There's other ways I can do it, but it's encrypted as it goes over the wire. You may also hear about in use confidential computing where there are secure on plays where even areas of the memory and the CPU. They're encrypted, so it's always protected. So these are these are really key focus points for this. Now the other huge area, so there were two big ones. So defense in depth? Yes, huge, huge focus point. The other one you're going to hear a huge amount today. Today and in the industry all around. Is this concept of zero trust? And I already talked about this. We had this idea. If I said even if you're on the network, that doesn't mean anything. I'm still want to verify explicitly, so zero trust is all about the idea that we never implicitly trust anything. And so there were three guiding rules that drive this. We think always about. Verify explicitly. I constantly. Revalidate the identity users service principles devices. I'm always looking at what the constraints are, looking for anomalies, looking for changes in behavior. I'm going to use least privilege. I don't want people having more privilege than they need, so they get just enough permission to do the job they have to do. If there is a breach that can help reduce lateral movement that I don't have a whole bunch of principles out there with more permissions than they really need. I have microsegmentation so it's not just permissions and identity has it's network communications is only what's actually required. Every request I look at the context of it, what does it actually need and. Assume breach. I assume the bad guy is on the network. Which is why I need to constantly be doing these things through everything. We constantly verify the health, the risk, if it's the user, the device location. I'm constantly validating everything. There's these signals coming from all the different areas. Now, there were key players in this picture that we've already talked about. I can think key players. Well, obviously there's the identity itself. I can say yes, that identity. Remember, it could be a user, it could be a service, principle and application. I think about the endpoint, the device. The PC, the IoT device, whatever that is. I need to monitor the device, monitor their compliance. Has it been jail broken? I want to understand those things. There's the underlying infrastructure. Am I patching my boxes? Do I have the firewall again? It comes back to that defense in depth. I want to have as many protections, many signals coming in as possible from the environment, and although we don't trust the network, it's still one of the players. I still want to understand, hey, the request is coming maybe I do have a certain networks and there's certain ways that I can detect the network. Is it coming from a Tor node like? I want to know if those various things and make sure I'm segmenting the network and. Have real time threat protections and end to end encryption even within a known network. Encrypt because we assume breach there's a bad person listening on the network. All of these things. Are generating. Signals. So I'm getting signals. Across all of these. Those signals come in and what do they let me do? They let me control. I can look at every request and I can make a decision on it. Because what I want to then control access to is to the app, and the app itself will the behavior inside the app. Well, that makes signals as well that can feed back and maybe modify different controls. But I'm going to constantly look at all of these signals and I'm looking for signs of malicious behaviour or anomalous behaviour out of the ordinary. So I wanna then maybe apply controls as they go through and actually use the application. And then obviously I have the data. That's really the most important part. So for the data it's important to know what I have. So I want to think always about classifying. I want to be able to discover my data and classify the data. It's super important. I know what I have and where it is once we classify it, and that can be automatic classification. It might be users going and selecting. I might prompt the users I want to label that data. Now there might be labels based around the sensitivity. There might be labels based around retention. I have to start writing slower. The board fails at a certain point and then based on labels I might perform actions. Maybe it's encrypting? Through the extra protection, maybe it's restricting access. There were different things I can do depending on all of these things, and then I'm going to gain access. But within those various controls. Now, we talked before about some of this might be your responsibility, but you're not on your own, so one of the huge areas that's actually available to you. Is defender. Now defender is a whole set of different solutions. There is defender. For identity. Defender for identity now Azure AD has Azure AD identity protection. That's a cloud based service looking at Azure AD and behaviors against Azure AD. Defender for identity is all about your on Prem Active Directory. So this is like your Active Directory domain services protection. So it's looking at information from the domain controllers. They have agents that send certain signals to the cloud so it can look for behavior like golden ticket past the hash and DNS dumping all of those things to identify malicious behavior on your Active Directory. There is defender for endpoint. And there's obviously things like antivirus protection. This integrates with that. This is about protecting the endpoints. It helps reduce the attack surface. There are surface attack reduction rules that I could do. There's threat and vulnerability management. It can track an incident. So we can say, hey, this bad thing happened because this user clicked on this e-mail from here, then this process was spawned, then it went and spoke to this and which spoke to that. I can track the entire lineage of it. There's automated investigations and responses as Microsoft threat experts available to me. I can think about, well, remember there's that whole Office 365 service in the cloud. Well, guess what? There's a defender for Office 365. Protection against threats. From e-mail, from links, from collaboration tools. There's threat protection policies. I can even simulate attacks to help me train my users. There are really two plans around this. And we can see the differences between them. It goes through all the different things it can do, but as we can see if we look at the Plan 2, so obviously plan one protection against advanced attacks, phishing, malware, spam protection, beyond e-mail teams, SharePoint, OneDrive, internal e-mail, detailed reporting. But then if you go to the P2 it talks about even things like advanced threat hunting, automated investigation, response attack, simulation, training. Um, XDR extended detection response capabilities across domain hunting. So there's even more capabilities I can get depending on the plan that I'm actually leveraging. And then I can also think about. There's defender 4 cloud apps, so there are Ava. Apps out there. Software as a service offerings, so there's also defender for cloud apps. So this is all about cloud access security broker. It might get signals from network devices, it might hook in via API so those applications, but it has a huge database of cloud applications. There's security levels I can sanction or unsanctioned applications based on. I can discover. I can discover maybe what apps my company is using using a bring your own. It it's not saying we have set up as a company, but users have got credit card can buy stuff. So I can go and detect those things. There's a whole Defender 365 portal, so I can actually jump over and look at the portal. Which brings a lot of these things together. So you can see from this portal it's going to coordinate all of the different detection, prevention, investigation, identities, e-mail. I mean everything you have. I have key pieces of information on the home page. Devices of active malware, device compliance, secure scores, devices at risk, simulations, active incidents. So this great information just from here. And I could dive into instance and alerts hunting, which is obviously the specific queries to go and find things, actions and submissions, secure score. A representation of the companies all up security posture. The higher the score the better my protection minus really not very good, but it gives me things that I can do, recommended actions to help me get to a stronger security standpoint. So I'd want to go through these things to improve my companies level. And actually my assets identities, but it's bringing all the different areas. Together. In this single portal. So we we have these things to help us with this all up set of capabilities. OK, so that security, another big aspect is in some reasons sometimes why we do security is we'll actually I have compliance needs. So then we go into this idea. Of compliance. Now, compliance could be a company set of regulations. It might be I operating a certain business that has recommendations. It could be saying about the country I'm within. There's different responsibility levels. Remember, if it's SAS, there are some things might provider is responsible for. There are some things I'm responsible for. You'll often hear about the idea. It's generally around the data. We care everything around the data and we have this idea of data residency. Today a residency is. What are their physical locations allowed for my data to be stored at? Then we have the idea of data. Sovereignty. The data sovereignty is well, which country laws is this data subject to? If it was personally identifiable information PII about someone from the European Union for example, well, the data sovereignty then falls under Europe, so I need to adhere to the European laws like GDPR for example. So I have to think about what is the data sovereignty. And then of course there's the data privacy more and more. Now we have the idea of the cloud. We have the data is out there floating somewhere. It's not in our on Prem servers anymore. So it's super important we trust the provider. Well, what are they doing? What are they collecting? What are they processing? What are they using? What are they sharing? And again, that PII, that personally identifiable information is just a huge, huge part of that. Now, when we think particularly about that privacy, Microsoft has this idea of 6. And privacy. And principles. Doesn't say Microsoft. So this guides really everything Microsoft is doing around. Privacy protection for your data, so the first one is around control. You control your data. You should have choices around what data you shared, what you want to be available. There's the idea of. Transparency. What data is being collected? How is that data being used? Security. With storing data for you, what we need to protect that data that's been entrusted to the Microsoft services. So that's one of those key principles around that. But often if data may be is in different countries, you suddenly get these requests maybe from entities that hey we want access to that because of whatever reason there might be. There's a big focus on this strong. Legal protection, you may have seen it in the news, there'll be a certain government asking for data around a customer and Microsoft will go to court to protect the data. So that's a key part of this, fighting for protection of the customers data. No content. Based. Targeting. Hey, they've got your data. They're not going through your e-mail or your chat to target adverts to you and it should have a benefit to you. When data it's collected, it's for some benefit to the customer. That's the whole point around this. Now as the customer, there are many different resources available to you and to leverage one of the huge one is this whole idea of a service trust. Portal. So I can go to the service trust portal and have a quick look at this. So if we jump over to the service trust portal. So this is going to give me information straight away. You can see well look, trust documents, audit reports, data protection. I can see information about certain industry solutions, regional solutions. There's the trust Center, privacy security compliance. There's resources, security and compliance center, global data centers, frequently asked questions. If there's key documents well I can store in my library, I can go and add them to there. If I go to the security and compliance center. I can see different data offerings and security and informations around these. And just go to compliance. I can see detailed resources, regional compliance, accessibility reports, due diligence. Information about Microsoft 365 Azure. I can see all of the compliance offerings. All of the audit reports say hey, all of the compliance offerings. We're not. I can see a list of all of them. Just through this list. And one of the other things that really we have here when we start thinking about compliance is. There's this idea of sort of compliance offerings. So hey, I can see these different types of pieces of information around it and then you'll see Microsoft purview. So one of the things we also have as part of the purview is compliance manager. So purview is this complete data governance, compliance protection solution. It analyzes classifiers no matter where the data is. But through this compliance manager, you'll see I can actually go and look at information about all the different compliance areas. And I can actually use this to track things that I am responsible for. I can assign them so I can use this to help manage my all up compliance for my organization. So this is a super, super powerful tool. That you have here, so this compliance manager. Yes, we have the idea of the service trust portal, but what's really huge here is this compliance manager. To help you go and track. Various different things. And again, that's part of purview. There's another component here that spins off of compliance manager. And it's. Microsoft priva. Now Microsoft Priva has two different solutions. It has risk management. So risk management is all about the idea of understanding the data my organization is storing. Automatic discovery of personal data assets gives me visualizations into the key information and it's going to go and grab that data, be in exchange or SharePoint or OneDrive or teams. So it's going to help me know what is that personal data asset I have in my company and then it has a subject. Writes. Request. You hear about this idea of certain data privacy regulations around the world, or individuals or data subjects can make a review to see their data, maybe to have it deleted. You have this data subject access, request data subject requests. Well, that's actually a huge painful thing to enable an organization. So this tool lets you do that. Now both of these are separately purchased components. They sit on top of compliance manager, but I can buy one or both of them. So I go and purchase these things. It's not just a free part of compliance manager, it's very much a dedicated solution that I go and purchase. Talking to purchasing, I guess the one thing that we we haven't talked about. So we have all these different things, all these services, applications, online services, the admin centers. How do I get it? So how do I license these things? I guess we'll do green for money. So. How do I buy this? So for the license. I can buy direct, I can just buy it direct from Microsoft and remember for all of these things that really license, that are per user level. Now I can grant the user to groups so then all the users get it, but it's essentially a per user per month for most of these things. I can purchase it from a cloud solution provider. I can purchase as part of an enterprise agreement now. Cloud solution provider. That's a Microsoft partner. They'll generally help manage the subscription service for you. An enterprise agreement is generally a larger company, 500 users or more for a three-year minimum term. But again, I'm buying this services from that. There's different ways to manage it via the Microsoft 365 Admin Center. There's different billing programs, there's the Microsoft Online services program, there's Microsoft product and services agreement program, there's Microsoft customer agreement. So these different ways to do this. And they're all just. A ton of different licenses. Huge, huge number. So I can think about and what we'll quickly look at these because they're even within these. There are different groups of them, but there's home. I have the idea of education. So if you think about it, they have different requirements. If I'm sitting at home and this is from my home and my family, this for education, will they have certain requirements? If it's for Gov, will they have certain requirements and regulatory things they have to adhere to? If I'm a business, but maybe I'm a smaller business, I don't qualify for enterprise, maybe I have frontline workers that need very particular. Applications, but they don't need maybe the full set of solutions. And then of course there's enterprise. So there are different license types available, different SKU's. Depending on what I need. So if I'm home, hey, up to I think is it. Six people in my family can use the applications. This is really all around the devices, those people using the applications. Education is for educational institutions. There's A1A3A5 Gov government institutions, business. We're all for business and we'll just see this quickly. There are different plans depending on what I need. So sure, you may get the office apps included and then you get different cloud services included. So depending on what you need, I might buy different licenses and it goes through what all of those are for frontline workers. Well, again, they have different SKU's as well with different apps and maybe some of them need calendar, some of them don't. They just need the apps. Some of them maybe just need teams. So there's different options there. Enterprise. Well, hey, they have different offerings as well. I'm going to kill some of these tabs off so many now. So the enterprise, hey, what do I need here? So E3E5F3, what's included, OK, apps and calendaring and meeting, oh, device management, social, so we can go through and these are all LinkedIn, the description below, so you can go and look at these and again it's that per user per month here. It's kind of this annual commitment. And for some of these, these are full licenses. Some of them have addons, some of them have step up, some of them have an update from an on premises software agreement. There are many different types of things that I can do with these. There's different ways to license. And then finally, we really just come to the idea of well. This orange, how do I get support? How do I get help for these different options now? Obviously there's things like the community. From a community perspective, there's the Microsoft 365 tech community. I can get help there. There's the Microsoft support and recovery assistant tool MSRP, and that's really cool. It's a tool I can go and download and what it will actually do is go and look and identify problems. So I go and download this Microsoft support and Recovery assistant. And then it will go and look and troubleshoot problems that it finds in your environment. I can also actually while I'm here. I can see. Within my environment, if my admin center I have support. So from being support itself I can go and create a new service request. So I have that ability, ability to go and create that from there as well. So hey yes the MSRA I can also create a new support request. Right there in the tool. There's pre sale support. I also have fast track, so that's the ability to connect with Microsoft experts and partners to really accelerate that onboarding. And of Microsoft 365, there's things like premier support. And of course, there's partners. So there were many options around all of this. For all of these different services you have, one of the key parts is obviously there's an SLA. There's some service level agreement. Around the availability and potential credit, if there is an incident, you'll often hear about incidents. An incident hey is some event resulting in a downtime? Uptime is the amount of time my service is available. I make a claim because there's been some impact if I go and look at the SLA documents. This is the SLA for all of the online services. They are available in lots of different languages. But I can go and look at the Slas. And it'll have it for all of the different services. So exchange online, what all those different things mean. But really the the key part you can see is based on the monthly percentage uptime, there's a certain service credit if it falls below that uptime. And it gives you the idea of how user minutes minus downtime and kind of what those things mean. Over here and actually you can go and see if all the different services right at the start of the document. It does talk through what's those kind of key terms, downtime, service credits. All of those different things you can go and review and make sure you have an idea around that. Basically I would go and make a claim. If I'm curious about the all up service health again in that admin portal. There's health. And I can do service health. So this was showing me the health of all the different services. All available in my organization. Often there is also in here you can see product feedback. So this is feedback. People in my organization have submitted through the applications, so I can go and see that as the company. So obviously there's a big part of it as well. So then we do have the idea of how do you give feedback. For your experiences for maybe requests and changes you think you should see, obviously there are is the idea of an app. I can give feedback. I can also just go directly and I could use the feedback website, so there's actually a feedback.microsoft.com. There's the idea of the Windows Feedback hub. There is the tech community. And there's also a user voice. I'm trying to remember if that one kind of getting deemphasized, but I'll put it in. Some of the things are shifting around, but then there's different ways that I can give feedback as well. And that's it. So everything I wanted to cover, I say that's it. Obviously I can't even really fit it all on the board very well. But that that's. Nothing deep knowledge I need. It's about understanding the features available, how I can maintain them, how they might get administered. So I want to have gone through that. Microsoft training, sure. Review this just before to refresh some things, understand the key areas. OK, well, there's the applications. How do I deploy them? How do I keep them current? OK then there's the endpoint. All OK windows options around deployment and as a service. And then? Or the identity side of that defense in depth zero trust had defender can help with those different solutions. Licensing, support, feedback options, types of service and responsibilities. Understand all the different areas. And uh, just give it your best shot with these things. Try not to panic. Be prepared. Put yourself in the best place as possible. Know the environment you're walking into. Make sure you know where I've taken it. Testing center. Know where it is, you're taking it at home. Make sure you've got your area nice and clean. We've just the PC there. If you don't pass, it's not the end of the world. Look at the report to see where you're weak. Double down and focus on that and you'll get the next time. So I hope that was useful. As always, there's a huge amount of work. Goes into preparing these types of things, so like and subscribe really is appreciated. But apart from that, really really good luck and see you at the next video.