M20346: Managing Office 365 Identities and Services
Credit toward certification:
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam.
Who should take this exam?
This exam is designed for IT professionals who take part in evaluating, planning, deploying, and operating the Office 365 services, including its dependencies, requirements, and supporting technologies. They should have experience with the Office 365 Admin Center and an understanding of Exchange Online, Lync Online, SharePoint Online, Office 365 ProPlus, and Azure Active Directory. This includes experience with service descriptions, configuration options, and integrating services with existing identity management and on-premises infrastructure to support the business requirements of an organization.
This exam includes:
- Provision Office 365 (15–20%)
- Provision tenants. Configure the tenant name, tenant region, global administrator; manage tenant subscriptions; and manage the licensing model;
- Add and configure custom domains. Specify domain name, confirm ownership, specify domain purpose, and move ownership of DNS to Office 365;
- Plan a pilot. Designate pilot users, identify workloads that don’t require migration, run the Office 365 onramp readiness tool, create a test plan or use case, and connect existing email accounts for pilot users, service descriptions.
- Plan and implement networking and security in Office 365 (15–20%)
- Configure DNS records for services. Creating DNS records for Exchange, Lync, and SharePoint;
- Enable client connectivity to Office 365. Configure proxy server to allow anonymous access to Office 365 URLs, configure firewalls for outbound port access to Office 365, recommend bandwidth, Internet connectivity for clients, and deploy desktop setup for previous versions of Office clients;
- Administer rights management (RM). Activate rights management, Office integration with rights management, assign roles for Microsoft Azure Active Directory RM, and enable recovery of protected document;
- Manage administrator roles in Office 365. Permission model, create or revoke assignment of administrative roles or the administrative model, determine and assign global administrator, billing administrator and user administrator, delegated administrator, and control password resets.
- Manage cloud identities (15–20%)
- Configure password management. Expiration policy, password complexity, password resets, and Administration Center;
- Manage user and security groups. Bulk import, Azure Active Directory Graph API, soft delete, Administration Center, and multi-factor authentication;
- Manage cloud identities with Windows PowerShell. Configure passwords to never expire, bulk update of user properties, bulk user creation, Azure Active Directory cmdlets, bulk user license management, and hard delete users.
- Implement and manage identities by using DirSync (15–20%)
- Prepare on-premises Active Directory for DirSync. Plan for non-routable domain names, clean up existing objects, plan for filtering Active Directory, and support for multiple forests;
- Set up DirSync [WAAD sync tool]. Soft match filtering and identify synchronized attributes, password sync, and installation requirements;
- Manage Active Directory users and groups with DirSync in place. Delete, create, modify, and schedule and force synchronization.
- Implement and manage federated identities (single sign-on [SSO]) (15–20%)
- Plan requirements for Active Directory Federation Services (AD FS). Namespaces and certificates, plan AD FS internal topologies and dependencies, plan AD FS proxy topologies, network requirements, multi-factor authentication, and access filtering using claims rules;
- Install and manage AD FS servers. Create AD FS service account, configure farm or stand-alone settings, add additional servers, convert from standard to federated domain, and manage certificate lifecycle;
- Install and manage AD FS proxy servers. Set up perimeter network name resolution, install required Windows roles and features, set up certificates, configure AD FS proxy settings, and set custom proxy forms login page.
- Monitor and troubleshoot Office 365 availability and usage (15–20%)
- Analyze reports. Service reports, mail protection reports, auditing log, and portal email hygiene reports;
- Monitor service health. RSS feed, service health dashboard (including awareness of planned maintenance, service updates, and historical data), Office 365 Management Pack for System Center Operations Manager, and Windows PowerShell cmdlets;
- Isolate service interruption. Create a service request, Microsoft Remote Connectivity Analyzer (RCA), Microsoft Online Services Diagnostics and Logging (MOSDAL) support toolkit, Transport Reliability IP Probe (TRIPP), Microsoft Connectivity Analyzer tool, and hybrid free/busy troubleshooter.