One of the key aspects to mastering the MS-100 Microsoft 365 Identity and Services exam involves understanding how to configure organizational settings, including security, privacy, and profile settings. Being proficient in these areas will put you in a great position to handle your organization’s Microsoft 365 environment, manage core Microsoft 365 services, and perform crucial administrative functions necessary for your business.
Configuring Organizational Settings in Microsoft 365
Configuration of organizational settings is fundamental to the management and administration of any Microsoft 365 platform. This involves defining the settings that influence how the organization’s environment operates.
These settings can be managed from the Microsoft 365 admin center by following these steps:
- Log in to the admin center.
- Choose the “Settings” tab.
- Opt for “Organization Profile”.
In the “Organization Profile” tab, you can set your organization’s details such as organization’s name, address, phone number, and more.
Configuring Security Settings
Security is paramount for Microsoft 365 organizations. Therefore, understating how to configure and manage security settings can significantly enhance the security posture of the organization.
Security settings primarily revolve around the policies and settings that determine the security of your Microsoft 365 environment. Here, you can configure settings such as Conditional Access, Security Defaults, Multi-Factor Authentication (MFA), and more.
Below are the key security settings you can adjust within Microsoft 365:
- Conditional Access: This helps implement automated access control decisions for who can access your cloud apps, under what conditions, and when.
- Security Defaults: This feature provides pre-configured security settings that help protect the organization from prevalent identity-related attacks.
- Multi-Factor Authentication (MFA): MFA provides an extra layer of security by requiring more than one method of authentication from independent categories of credentials.
You can manage these settings from the Microsoft 365 admin center under the “Security” tab.
Configuring Privacy Settings
Data privacy is crucial for all organizations. It is important to configure privacy settings to protect your organization’s business data and maintain compliance with data protection laws and regulations.
In Microsoft 365, you can alter privacy settings to meet your data protection needs. This includes settings that define how Microsoft can use your data, setting up Customer Lockbox requests that limit data access, and more.
You can adjust these settings from the Microsoft 365 admin center by navigating to the Settings > Services & add-ins > Microsoft 365 Privacy.
User Profile Configuration
User profiles in Microsoft 365 are a collection of settings and information associated with each user. Managing user profiles involves creating, editing, activating, deactivating, and deleting user profiles.
To edit a user’s profile:
- Go to the Microsoft 365 admin center.
- Select “Active users” under “Users”.
- Choose the user you want to edit and select “Manage username and email”.
From there, you can alter the profile details, assign licenses, reset passwords, manage devices, and more.
In conclusion, mastering these areas will propel you towards efficiency in administering Microsoft 365. The goal is to provide a secure, privacy-compliant, and user-friendly environment in line with your organizational needs.
Practice Test
True or False: Role-Based Access Control (RBAC) in Microsoft 365 is used to manage who has access to specific resources.
- True
Answer: True
Explanation: RBAC is used in Microsoft 365 to manage who has access to resources in the organization, including administrator access rights.
Which of the following are Microsoft 365 user types you can create for your organization?
- A. Administrator
- B. Guest
- C. Member
- D. External
Answer: A, B, C
Explanation: In Microsoft 365, you can create user types such as Administrator for managing the organizational settings, Guest for someone outside your organization, and Member for internal employees.
There are how many types of administrative roles in Microsoft 365?
- A. 5
- B. 9
- C. 12
- D. 19
Answer: D. 19
Explanation: Microsoft 365 defines 19 types of administrative roles including “Global administrator”, “Exchange administrator”, “Teams Service Administrator” and so on.
True or False: The Privacy settings in Microsoft 365 include features for managing information compliance.
- True
Answer: True
Explanation: The Privacy settings in Microsoft 365 allow administrators to manage data privacy and compliance with data regulations.
Which of the following are included in organizational settings in Microsoft 365?
- A. Security & Compliance
- B. Teams & Channels
- C. Users & Groups
- D. Office Apps
Answer: A, B, C, D
Explanation: Organizational settings in Microsoft 365 encompass a range of aspects like Security & Compliance, Teams & Channels, Users & Groups, and Office Apps.
True or False: You cannot set up multi-factor authentication for the global administrator in Microsoft
- False
Answer: False
Explanation: For increasing the security, Microsoft recommends setting up multi-factor authentication for the global administrator and other roles in Microsoft
In Microsoft 365, which feature would allow management of the interaction between users in and outside of your organization?
- A. External Sharing
- B. Guest Access
- C. Both A and B
- D. None of the above
Answer: C. Both A and B
Explanation: Both External Sharing and Guest Access features help manage interactions with users outside your organization.
True or False: The Service Trust Portal in Microsoft 365 is used to access audit reports and compliance guides.
- True
Answer: True
Explanation: The Service Trust Portal provides access to audit reports, compliance guides, trust resources, and more, which is useful for organizations to comply with regional, national, and industry-specific requirements.
Which of the following is mandatory to create a user profile in Microsoft 365?
- A. A username and password
- B. A license for the user
- C. Both A and B
- D. None of the above
Answer: C. Both A and B
Explanation: You need both a username and password and a license for the user to create a user profile in Microsoft
True or False: You can customize the privacy settings for individual users in Microsoft
- False
Answer: False
Explanation: Privacy settings are configured at the organizational level, not at the individual user level.
Interview Questions
What is role-based access control (RBAC) in Microsoft 365?
Role-based access control (RBAC) is an approach to restricting system access to authorised users. In Microsoft 365, these roles can be assigned on a variety of levels, including the tenant level or the application level.
How can you restrict access to specific SharePoint sites in Microsoft 365?
You can restrict access by going to “Site permissions” under “Site settings”. Once there, you can modify the permissions for each user or group, or you can remove their permissions altogether.
What are Azure AD Connect Sync security groups used for?
Azure AD Connect sync security groups are used to control who has the permissions to manage Azure AD Connect Sync. This includes the Azure AD Connect Sync service account, and the account used to install and upgrade Azure AD Connect.
What are sensitivity labels in Microsoft 365?
Sensitivity labels in Microsoft 365 are used to classify and protect sensitive information. They can be applied to content such as emails and documents to control who can access the content and what can be done with it.
How do you enable multi-factor authentication in Microsoft 365?
Multi-factor authentication can be enabled in the Microsoft 365 admin center. Go to “Users” -> “Active users”. Then select “Multi-factor Authentication” under “More”.
What is Azure AD Privileged Identity Management used for?
Azure AD Privileged Identity Management is a service in Azure Active Directory that provides just-in-time privileged access to Azure AD and Azure resources. It reduces the risk of security breaches by making it harder for malicious actors to gain access.
How can you prevent data loss in Microsoft Teams?
You can create a data loss prevention (DLP) policy in the Microsoft 365 compliance center. This policy can prevent sensitive information from being shared or leaked in Microsoft Teams chats and channel messages.
What is the purpose of conditional access policies in Microsoft 365?
Conditional access policies are used to enforce certain conditions before a user can access your resources. The policies are only enforced after the first-factor authentication has been completed, and they are processed in real time.
What is a device compliance policy in Microsoft Intune?
A device compliance policy is a way to check for specific conditions on a device before it’s allowed to access company resources. This ensures only devices that comply with your organization’s security policies can access the resources.
How can you configure single sign-on for a new application in Azure AD?
In the Azure portal, select your Azure AD directory, then go to “Enterprise Applications” -> “New application”. After naming and configuring the application, go to “Single sign-on”. Choose the type of single sign-on you want to use, then follow the prompts to configure it.
What is the purpose of Windows Defender Advanced Threat Protection in Microsoft 365?
Windows Defender Advanced Threat Protection is a platform for preventive protection, post-breach detection, automated investigation, and response. It helps enterprises to detect, investigate, and respond to advanced attacks on their networks.
How do you configure guest access in Microsoft Teams?
You can configure guest access in the Microsoft 365 admin center. Go to “Settings” -> “Services & add-ins” -> “Teams”, then select “Guest access”. Set “Allow guest access in Teams” to “On” and configure the other settings as needed.
What is the function of Azure Information Protection in Microsoft 365?
Azure Information Protection is a cloud-based service that allows organizations to classify and protect its documents and emails through labels. These labels contain rules for encryption, rights protection, and visual markings such as watermarks.
How do you create a new user in Azure Active Directory?
In the Azure portal, select your Azure AD directory, go to “Users” -> “New user”. Fill in the required fields, assign a role, and click “Create”.
How do you enable Modern Authentication in Exchange Online?
Modern Authentication can be enabled using PowerShell. Connect to Exchange Online and run the following command: “Set-OrganizationConfig -OAuth2ClientProfileEnabled $true”. This will enable Modern Authentication.
extutorials.com