Mastering Microsoft 365 core services and identity administration

This is a five-day instructor-led training (ILT) course that targets the needs of IT professionals who require fundamental technical skills of Office 365 to evaluating, planning, deploy, and administer core Microsoft Office 365 services, including:

• Office 365 Technical Fundamentals – Architecture and Tools
• Entra ID - Managing Office 365 Users and Groups
• Identity Models and Directory Synchronization
• Microsoft 365 Apps
• Exchange Online
• Microsoft Teams
• Sharepoint Online
• Microsoft Purview (Compliance) and Security
• Office 365 Monitoring and Support

Audience profile

This course is intended for IT professionals who are responsible for planning, configuring, administering, and managing the core components of Office 365. Service Desk/Help Desk delegates would benefit from attending.

Students who attend this course are expected to have a fairly broad understanding of several on-premises technologies such as Domain Name System (DNS) and Active Directory Domain Services (AD DS).

Deploy and maintain the core features of the main product pillars of Office 365. This course will provide an excellent technical grounding for further technical courses specializing in Entra ID, Exchange Online, Sharepoint Online, Microsoft Teams, Microsoft Purview (Compliance)

Note – this course provides delegates with the essential technical knowledge and skills required for core Office 365 product deployments, but it does not cover all features of any given product. Extensive labs are provided to facilitate hands on learning. The number of labs mean some will be optional for students post event.

Before attending this course, students must have:

• An understanding of core technical concepts, DNS, Networking, Entra ID, Identities, User Accounts

Module 1 – Microsoft 365 Technical Fundamentals

Overview

What is Microsoft 365?

• Office 365 vs Microsoft 365
• Office 365 and Microsoft 365 Confusion

Microsoft 365 is Evergreen

Microsoft 365 Message Centre

Microsoft 365 Release Preferences

Benefits of Microsoft 365

Microsoft 365 requirements

Microsoft 365 Core Components

• Entra ID
• Microsoft 365 apps for Business/Apps for Enterprise
• Exchange Online
• Sharepoint Online
• Microsoft Teams
• Purview/Compliance/Security
• Microsoft Information Protection

Microsoft 365 additional Components

Microsoft 365 Subscriptions

Microsoft 365 license resources

Microsoft 365 add-on services

Microsoft 365 subscription features

Microsoft 365 Signup Process

Microsoft 365 Administration Tools

• Microsoft 365 Admin Center
• Other Microsoft 365 Admin Centers - Optional
• Entra ID
• Microsoft Compliance Center
• Endpoint Manager
• Exchange Online Admin Center
• Microsoft PowerApps and PowerAutomate Admin Center
• Office Configuration Admin Center
• Microsoft Stream Admin Center
• Microsoft Search & Intelligence Admin Center
• Microsoft 365 Defender Portal
• SharePoint Online Admin Center
• Teams Admin Center
• Viva Engage Admin Center

Microsoft 365 PowerShell

• Entra ID
• Exchange Online PowerShell V2
• SharePoint Online
• Microsoft Teams
• Microsoft Security and Compliance PowerShell

Overview of Microsoft 365 Administrator Roles

• Microsoft 365 Admin Roles
• Relationships between Entra ID Administrative Roles
• Custom Role Groups

Entra ID Privileged Identity Management (PIM)

Entra ID Access Reviews

Microsoft 365 Privileged access management

Configure and enable Microsoft 365 Privileged access management

Microsoft 365 Domains

• Adding a custom domain
• Custom Domain Considerations

Required Microsoft 365 DNS Records

Microsoft 365 Network Requirements

• Microsoft 365 URLs and IP address ranges
• Additional Network Considerations
• Microsoft 365 Network Connectivity Tools
• Microsoft 365 network connectivity test tool
• Microsoft Remote Connectivity Analyzer

Lab – Using Edge Profiles

Lab – Using Chrome Profiles

Lab – Sign up for an Office 365 trial

Lab – Microsoft 365 PowerShell

Lab – Adding a custom domain

Module 2 Managing Microsoft 365 Users and Groups

Entra ID and Zero Trust

Entra ID Editions

Entra ID Security Defaults

Microsoft Identity Models

• Cloud-only Identity Model
• Hybrid Identity Model

Creating cloud user accounts

• Creating User Accounts via the GUI
• Bulk Import Users using a CSV file
• Create an Entra ID User using PowerShell
• Create a user using Entra ID v1 PowerShell
• Create a user using Entra ID v2 PowerShell
• Create a user using Microsoft Graph Powershell

Create and use a template to add users

Managing User Accounts

Managing Entra ID Account Passwords

• Resetting Passwords
• Force Password Change for all users in Microsoft 365

Entra ID Self Service Password Reset (SSPR)

Deleting User Accounts

Steps to take when a user leaves the business

Restoring user accounts

Entra ID Password Protection

Multi-factor Authentication

Multi-factor Authentication in Microsoft 365

Software Requirements for MFA in Microsoft 365

Security Defaults

Setting up Multi-Factor Authentication in Microsoft 365

MFA with conditional access

• Signals (conditions)
• Decisions (actions)
• GPS Named Location MFA control
• Conditional Access Filters for devices
• Conditional Access Report Only mode
• Conditional Access What if
• Entra ID Sign-in Logs – conditional access policy
• Conditional Access enforced MFA

MFA Enrolment User Experience

MFA Authentication App

MFA Number Matching and Additional Context

Creating and Configuring Groups

• Microsoft 365 Group building blocks
• Guest access in Microsoft 365 Groups
• Controlling Microsoft 365 Group Guest access
• Controlling Microsoft 365 Group Guest Access
• Microsoft 365 Groups PowerShell management
• Controlling Microsoft 365 Group Creation
• Obsolete Microsoft 365 Group expiration and removal
• Microsoft 365 Group governance

Distribution groups

Mail enabled security groups

• Create a new mail-enabled security group using PowerShell

Creating Dynamic Groups – Entra ID Admin Center

Creating dynamic distribution groups in Exchange Online

Group naming policies

Lab - Creating and managing users

Lab – Admin roles

Lab – Self-service password reset

Lab – Conditional Access

Lab – Multifactor authentication

Lab - Creating and managing groups

Module 3 – Implementing Directory Synchronization

Hybrid Identity Overview

Hybrid Authentication Methods

• Password Hash Synchronization (PHS)
• Pass-through Authentication (PTA)
• Federated Authentication

Authentication Method Selection

Entra Connect

Installing Entra Connect

• Entra Connect Prerequisites
• Entra ID
• On-Premises Active Directory
• PowerShell execution policy
• SQL Server used by Entra Connect
• Accounts
• Network Connectivity

Entra Connect Supported Topologies

Entra Connect Express vs Custom installation

• Instructor Walkthrough Demo Express Installation
• Instructor Walkthrough Demo Custom Installation

Entra Connect sync: Scheduler

Monitoring and Troubleshooting Entra Connect

Real World Entra Connect Monitoring and Troubleshooting

• Microsoft 365 admin center notifications
• Entra ID Admin Center Status
• Windows Entra ID PowerShell
• Synchronization Service Manager
• Windows Server Event Logs

Entra Connect Health

Entra Connect synchronization errors

• Identity synchronization and duplicate attribute resiliency
• Troubleshooting Sync Errors Key Point
• Entra Connect Admin Agent

Entra Connect: Staging server and disaster recovery

Entra Connect cloud sync

• Installing Entra Connect Cloud Sync
• Entra Connect Cloud Sync Configuration
• Entra Connect Cloud Sync Single Sign-On
• Entra Connect Cloud Sync Troubleshooting

Lab – Entra Connect

Lab – Entra ID Connect

Module 4 – Microsoft 365 Apps

Microsoft 365 Apps

Available Office Applications for End Users

• Microsoft 365 for the Web (Microsoft 365 Online)
• Microsoft 365 Mobile Apps
• Microsoft 365 Apps for Mac
• Microsoft 365 Apps for Business/Enterprise

Overview of Microsoft 365 Apps

• Microsoft Apps Common Features with Office 2021
• Microsoft 365 Apps Differentiating Features
• Microsoft 365 Apps Licensing
• Microsoft 365 Apps Deployment
• Application Compatibility

User Self Service Deployment

• Administration of Self Service installations

Removing Microsoft 365 Apps License

Organization Office‎ installation options

Centralized Microsoft 365 Apps Deployments

• Installing the ODT
• ODT components
• ODT Modes
• ODT Configuration Files

Office Customization Tool

Managed Microsoft 365 Apps using Policies

• Microsoft 365 Apps Group Policies
• Office cloud policy service
• Policy Precedence

Microsoft 365 Apps Updates

• Administrator Control of Microsoft 365 App Updates
• Microsoft 365 Admin Center
• Group Policy
• ODT
• Apps Admin Center Servicing Profile

Monitoring

• Apps Inventory
• Security Update Status
• Apps Health

Lab - Deploying Microsoft 365 Apps

Module 5 – Exchange Online

Introduction

Exchange Online service overview

Exchange Online limits

Exchange Online Admin Center

Exchange Online Permissions

Exchange Online PowerShell

Requirements for using PowerShell to manage Exchange Online

• Connecting to PowerShell Endpoints
• Connecting to Exchange Online using PowerShell
• Exchange Online PowerShell v2 Module

Administering Exchange Online Recipients

Recipient types

• Mailboxes
• Create a mailbox using Exchange Online Powershell
• Deleting and Restoring Mailboxes
• Soft deleting User Mailboxes
• Hard-deleted user mailboxes
• Microsoft 365 Inactive Mailboxes
• Restoring user mailboxes
• Configuring mailboxes
• Mailbox Settings

Mailbox e-mail addresses

Exchange Online Plus addressing/Subaddressing

Default message size restrictions

Creating and configuring resources

• Configuring Resources using Powershell
• Creating a room distribution group

Creating and configuring contacts

Creating and configuring shared mailboxes

Creating and configuring address lists and address book policies

• Address lists
• Offline address books
• Custom address lists
• Managing address lists
• Address book policies

Exchange Online mail flow

• Mail Flow Rules
• Creating Mail Flow Rules

Exchange Online Message tracing

Accepted domains

Remote domains

Connectors

Mail Flow Exchange Online Alert Policies

Mail Flow Reports and Insights

Controlling automatic external email forwarding

• Email forwarding rule alerts
• Exchange Online Auto Forwarded Message Reports

Preset Security Policies

Configuration analyzer

Lab – Exchange Online Powershell

Lab – Configuring mailboxes and email addresses

Lab – Creating other recipient objects

Lab – Exchange Online RBAC

Lab – Mail Flow rules and message trace

Module 6 – Microsoft Teams

Overview of Teams

• Microsoft Teams Features & Licensing
• Microsoft Teams limits
• Teams Components
• Microsoft Teams and Channels
• Where is Team content stored
• Teams Meeting Recordings
• Controlling Teams Creation and Expiration
• Clients for Microsoft Teams

Administering Teams

• Microsoft Teams Admin Roles
• Microsoft Teams Administrative tools
• Microsoft Teams Admin Center
• Microsoft Teams Powershell
• Microsoft Teams Settings and Policies
• Teams Settings
• Teams Policies
• Microsoft Team Policy Precedence
• Policy Packages
• Managing Microsoft Teams
• Microsoft Team Templates
• Managing Teams Meetings
• Teams Meeting Settings
• Meeting Policies
• Meeting Policies PowerShell
• Managing Microsoft Teams Messaging

Managing Access to Teams

• Teams Roles
• Dynamic Microsoft Team Membership

Microsoft Teams External Collaboration

• External Access vs Guest Access
• Microsoft Teams External Access
• Microsoft Teams Guest Access
• Additional Guests Considerations
• Microsoft Teams Guest access management
• Enabling Guest Access with Windows PowerShell
• Specific Team Guest Permissions
• Adding Guests to a Team
• Microsoft 365 Guest Management

Lab - Managing Microsoft Teams

Module 7 – Sharepoint Online Sites and Navigation

Introduction

Sharepoint Online service overview

SharePoint Online Features

Isn’t SharePoint just a part of Microsoft Teams?

SharePoint Six Pillars

Sharepoint Online Updates

• SharePoint “What's New” Site
• SharePoint Intrazone
• SharePoint Pitstop - Monthly 9

SharePoint Online Administration Tools

• SharePoint Online Admin Centre(s)
• SharePoint Online Management Shell
• SharePoint PnP

SharePoint Sites

Modern Team Sites

Modern Communication Sites

Sharepoint Online Subsites

Deleting and restoring Modern Sites

Hub Sites

• Hub Site Benefits
• Configuring Hub Sites
• Associating Sites to a Hub Site
• Hub Site Approval Flow (PowerAutomate)
• Parent Hub Association
• Hub Site Features
• Hub Site Permissions
• Hub Site Limitations

Comparison of Associated hub sites and Associated (non hub) sites

When to create a new site

Site Collection Administrators

Site Collection Quotas

Deciding between a Single Site Collection vs Multiple Site Collections

Site Architecture and Navigation Relationship

SharePoint Online Site Navigation

• Modern Team Site Navigation
• Team Site Navigation Switcher
• Modern Communication Site Navigation
• Cascading vs Mega Menu Navigation
• WebPart Navigation Options
• Highlighted Content Webpart
• SharePoint App Bar and Global Navigation

Lab – SharePoint Online PowerShell and PnP

Lab – Creating and managing sites

Lab – Creating and managing sites using PowerShell

Lab – Managing SharePoint navigation

Lab – SharePoint search driven navigation

Module 8 – Sharepoint Online Permissions and External Sharing

Lesson 1: Sharepoint Permissions

• Sharepoint Permissions vs M365 Group Security
• SharePoint Team Sites
• Access Requests
• Member Sharing options

Lesson 2: Sharepoint Sharing

• SharePoint Sharing
• Sharing a Site
• Sharing a Document Library/List
• Sharing a Folder or Items
• Item QR Codes

Lesson 3: Advanced Permissions (When things get messy)

• Permission levels
• Bespoke Permission Levels
• Granting Explicit Permissions
• Permission Inheritance
• Breaking Inheritance
• Broken inheritance visibility
• Enabling and Disabling Permission Inheritance

Lesson 4: SharePoint Groups

• Creating additional Sharepoint Groups
• Sharepoint Group Owners
• SharePoint Group Best Practice
• Recommended Sharepoint Group Model
• Special SharePoint Groups

Lesson 5: Granting and Managing Permissions

• Checking Permissions
• Modifying and Removing Permissions
• Sharepoint Permissions via PowerShell

Lesson 6: Sharepoint Permissions Best Practice

• SharePoint Site Security Key Summary

SharePoint External Sharing

• Authenticated External User sharing
• Authenticated External User Link Management
• Anonymous Access Links

SharePoint Online External sharing administration

• Tenant Level External Sharing Administration
• Azure B2B One Time Passcodes for Guest Users
• Pre-Creating Guest Users

Advanced settings for external sharing

File and Folder Links

Outlook External Sharing Link Features

Site Collection External Sharing Options

PowerShell for External Sharing

SharePoint Online External Sharing Alerts, Auditing and Reporting

Lab – SharePoint permissions

Lab – SharePoint external sharing

Module 9 – Microsoft 365 Purview (Compliance) and Security

Introduction

What is Microsoft 365 Purview?

The Microsoft Trust Center

The Microsoft Service Trust Portal

Microsoft’s Information Protection Model

Microsoft 365 Security and Compliance Administration Tools

Security and Compliance Administrative Roles

Security and Compliance PowerShell

Microsoft 365 Data Loss Prevention

• Components of DLP Policies
• Creating DLP Policies
• Sensitive Information Types
• Custom Sensitive Information Types
• Creating a Custom DLP Policy
• DLP Policy Locations
• Endpoint DLP
• Microsoft Compliance Extension for Google Chrome
• DLP Policy Rule Settings
• DLP Rule Conditions/Exceptions
• DLP Actions
• DLP User Notifications and User Overrides
• DLP Incident reports
• DLP Powershell
• DLP Mark Files as Sensitive by Default
• DLP Reports
• DLP Activity Explorer

Retention Policies

• Retention policy data behaviour
• Creating Retention Policies
• Adaptive vs Static Retention Policies
• Adaptive Scopes
• Retention Policy Locations
• Retention Policy Location Considerations
• Teams Retention Policy considerations
• Retention Options

Microsoft 365 Content Search

• Content Search Security
• Configure Security Filtering for Content Search
• Running a Content Search
• Search for Teams chat data for on-premises users
• Targeted Collection Search
• Condition Card Builder & KQL Editor
• Preview Sample Search Results
• Search Statistics
• Content Search PowerShell
• Export Content Search Results
• Unindexed Items in Content Searches
• Search for and Delete Email Messages in an Office 365 Organisation

Microsoft 365 Auditing

• Audit Log Permissions
• Running an Audit Log Search
• Viewing Audit Log Search Results
• Exporting Audit Log Search Results

Entra ID Logs

Microsoft 365 Alerts

Compliance Manager and Compliance Score

Compliance Manager Automated Testing

Microsoft Compliance Configuration Analyzer (MCCA)

Microsoft 365 Secure Score

Compliance/Secure Score “Old Skool”

Lab – Data Loss Prevention

Lab – Retention policies

Lab – Office 365 Auditing

Lab – Alerts

Lab – Secure Score

Module 10 – Microsoft 365 Monitoring and Support

Microsoft 365 Monitoring and Support

Microsoft 365 Troubleshooting Fundamentals

Microsoft Support and Recovery Assistant

Microsoft 365 Health Reports

Microsoft 365 Status Twitter Feed

Microsoft 365 Troubleshooting Guide

Microsoft 365 Community

Microsoft 365 Technical Support

Microsoft Support SLA’s