Академический Документы
Профессиональный Документы
Культура Документы
Contents
Introduction
Lab 1: Provisioning Office 365
Lab 2-A: Managing Office 365 Users and Passwords
Lab 2-B: Managing Office 365 Groups and Administration
Lab 3: Configuring Client Connectivity to Office 365
Lab 4: Configuring Directory Synchronization
Lab 5: Managing Office 365 ProPlus Installations
Lab 6: Managing Exchange Online Recipients and Permissions
Lab 7-A: Configuring Message Transport in Exchange Online
Lab 7-B: Configuring Email Protection and Client Policies
Lab 8: Configuring Skype for Business Online
Lab 9: Configuring SharePoint Online
Lab 10: Planning and Configuring an Office 65 Collaboration Solution
Lab 11: Configuring Rights Management and Compliance
Lab 12: Monitoring and Troubleshooting Office 365
Lab 13: Planning and Configuring Identity Federation
L0-3 Introduction
This means that a hosting partner, such as Virsoft, provides updated lab instructions to keep up with
changes in Office 365, and to match the specific lab hosting infrastructure. This replaces the lab
instructions in the printed course book or Skillpipe application.
Virsoft is an official Authorized Lab Hoster (ALH) and hosts all available Microsoft Official Curriculum
(MOC) courses in their datacenters in Europe and US.
If you see any instructions in this document that are not accurate, please let Virsoft know at
support@virsoft.net, and an updated lab manual will be made available.
Lab environment
In the graphic below, you can see the lab setup for this course.
The virtual machines have outbound Internet access enabled. The hosting platform also allows the
required inbound Internet access from Office 365 to the student lab environment by using multiple
hoster-owned public IP addresses.
L0-4 Introduction
Getting started
For the labs in this course, each student requires the following three things:
o A unique never-used tenant domain name, a unique custom domain name with matching
server authentication certificate, and routable public IP addresses.
These are all provided to each student by Virsoft, as described below.
The lab instructions in this document often refer to the following tenant domain name and custom
domain name:
o Adatumvsxxxx.onmicrosoft.com
o Adatumvsxxxx.virsoftlabs.com
In all instructions where these domain names are used, the student must replace the xxxx part by a
unique 4-digit student ID.
The Virsoft hosting platform provides each student with a unique never-used student ID by placing a text
file with this information on the LON-CL1 desktop of Adatum\Holly.
Here are two tips to work with the new admin center:
o If it appears that the Save or Close buttons are not visible, then scroll up to see those buttons.
o On the Active Users page, when there are many user accounts listed, instead of scrolling
through the list, use the Search text box, type the user name (example: Holly), and then click
the Search icon.
L1-5 Planning and Provisioning Office 365
4. For Step 1, in the Welcome, let's get to know you page, complete the following fields. Regardless
of your location, use the following information:
o Country: United Kingdom
o Business phone number: Your mobile phone number, including international code for your
current country
o Company name: A. Datum
5. Click Next.
6. For Step 2, on the Create your user ID page, you have to create a unique domain for the Company
name to use in the course. Use the Adatumvsxxxx name provided to you. For the rest of the fields,
use the following information:
o User name: Holly
o Password: Pa$$w0rd
7. Click Next.
8. For Step 3, you have to confirm your identity using your mobile phone. Under Text me from the
drop-down box, select the code for the country that you are now in.
9. In the Phone number box, enter your correct mobile phone number.
10. Ensure that the Text me option is selected, and then click Text me.
11. When you receive the confirmation text on your mobile phone, enter the code provided in the Enter
your verification code box.
13. Wait until the Office 365 tenant is provisioned, and then click You're ready to go.
L1-6 Planning and Provisioning Office 365
14. Click the Admin tile to go to the Office 365 admin center.
If a confirm your current password page appears, click re-enter my password, and type Pa$$w0rd.
15. On the update your admin contact info page, beside Authentication Phone is set to, verify that
your phone number is listed, and then click Verify.
16. Select your country, verify that your phone number is listed, and then click text me.
17. After receiving the text, enter the verification string, and click verify. If verify is not available, press
Enter.
18. On the update your admin contact info page, beside Authentication Email is not configured,
click Set it up now.
19. Enter the Microsoft account email address that you configured for this course, and click email me.
20. Access your Microsoft account email to retrieve the verification code.
21. Enter the verification code, and then click verify. If verify is not available, press Enter, and then click
finish.
22. If a Manage Office 365 on the go page appears, close the page.
Note: If you are connected to the previous Office 365 admin center when you connect to
Office 365, click the banner at the top of the page to connect to the new admin center.
2. In the left pane, view the status of the Office 365 services. If any services are showing a status other
than health, click the service.
3. Review any service interruption records or additional information in the status page.
Note: During Microsoft testing, on rare occasions Office 365 did not create the trial tenant
properly; as a result, the tenant did not have all the services available to it. If this happens to
you, you should create a new trial tenant using a different business email (Microsoft account).
Results: After completing this exercise, you should have successfully provisioned the Office 365 tenant
account for A. Datum Corporation.
3. Click Admin.
L1-7 Planning and Provisioning Office 365
6. On the Add a domain page, in the text box, enter your domain name in the form of
Adatumvsxxxx.virsoftlabs.com.
7. Click Next.
Note: if you typed the domain name correctly, but a message "unexpected error" or "invalid domain
name" appears, then wait one minute, and click Next again.
8. On the Verify domain page, ensure that Verify by: TXT record is selected.
9. Write down the TXT record shown in the TXT value row.
12. In DNS Manager, on the View menu, ensure that Advanced is enabled.
Note: The Advanced setting makes several additional options visible in DNS Manager. An example
is the Time to live (TTL) field, which you will use later in this exercise.
13. Expand LON-DC1, and click Forward Lookup Zones.
14. Right-click Forward Lookup Zones and click New Zone.
17. On the Zone Name page, type Adatumvsxxxx.virsoftlabs.com, and then click Next.
20. Expand Forward Lookup Zones, select Adatumvsxxxx.virsoftlabs.com, and then right-click
Adatumvsxxxx.virsoftlabs.com, and then click Other New Records.
21. Under Select a resource record type, scroll down to Text (TXT), and then click Create Record.
22. In the New Resource Record dialog box, provide the following information:
o Text: MS=msXXXXXXXX
nslookup.exe
L1-8 Planning and Provisioning Office 365
27. At the command prompt, type the following command, and then press Enter.
set type=TXT
28. At the command prompt, type the following command, and then press Enter.
Adatumvsxxxx.virsoftlabs.com
29. Verify that the DNS TXT-record request returns the MS=msXXXXXXXX value.
30. At the command prompt, type the following command, and then press Enter.
exit
2. If the Set up your online services page appears, then accept the default setting of I'll manage my
own DNS records, and then click Next.
3. On the Update DNS settings page, review the DNS records that you should add to the domain,
select the Skip this step check box, and click Skip.
4. Click Finish.
2. On the left navigation menu, scroll down to explore all available items. Expand items such as Users,
Groups, Settings, and so on.
3. On the left navigation menu, expand Users, and then click Active users.
5. On the left navigation menu, expand Health, and then click Message center, and then in the right
pane, review the messages.
3. On the left navigation menu, click each of the items, and review the results displayed on the right
pane.
L1-9 Planning and Provisioning Office 365
3. A new tab will open displaying Skype for Business admin center.
4. On the left navigation menu, click each of the items, and review the results displayed on the right
pane.
2. On the left navigation menu, click Admin centers, and then click SharePoint.
3. A new tab will open displaying SharePoint admin center.
4. On the left navigation menu, click each of the items, and review the results displayed on the right
pane.
5. Close Microsoft Edge.
Results: After completing this exercise, you should have provided a high-level overview of administrative
portals of Office 365.
L2-10 Managing Office 365 Users and Groups
5. On the menu on the left side, expand Users, and then click Active Users.
6. Click Add a user.
7. On the New User page, in the First name text box, type Lindsey.
8. In the Last name text box, type Gates.
9. In the Display name text box, type the user's first and last names if the default name does not
appear; in this case, in the First name text box, type Lindsey, and then in the Last name text box,
type Gates.
10. In the User name text box, type Lindsey.
11. Verify that Adatumvsxxxx.virsoftlabs.com is listed in the text box after the at sign (@).
13. Select Let me create the password, and then in both text boxes, type Pa$$w0rd.
14. Clear the Make this user change their password when they first sign in check box.
16. On the User was added page, clear the Send password in email check box.
18. Repeat the previous steps to create the following users (for the User name, use the First name):
o Christie Thomas
o Amy Santiago
o Sallie McIntosh
o Francisco Chaves
2. On the right side, in the Display name Office phone section, click Edit.
L2-11 Managing Office 365 Users and Groups
3. On the Edit contact information page, expand Contact information, and in the Department text
box, type Accounts, click Save, and then click Close.
5. On the Sign-in status page, select Sign-in blocked, click Save, and then click Close.
6. Click Close to close the Francisco Chaves page.
7. In the Active Users list, click the Lindsey Gates user object.
10. In the left navigation pane, under Users, click Deleted Users.
3. If you are not prompted to change your password, then on the Office 365 portal home page, in the
top-right corner, click the Settings icon, and then click Password.
4. On the change password page, in the Old password text box, type Lindsey's temporary password.
5. In the Create new password and Confirm new password text boxes, type Pa$$w0rd.
6. Click submit.
7. Verify that you can access the Office 365 portal home page.
14. In the left menu, expand Users, and then click Active Users.
16. On the right side, in the Sign-in status section, click Edit.
17. On the Sign in status page, select Sign-in allowed, click Save, and then click Close.
21. Verify that you can access the Office 365 portal.
Results: After completing this exercise, you should have created and managed user accounts according
to business needs.
4. On the left side menu, click Settings, and then click Security & privacy.
7. In the Days before a user is notified about expiration box, leave the default value of 14.
Note: Using the same value does not correspond with a real-world scenario. Use it as a
sample scenario to verify the policy applied in the next exercise task.
8. Click Save.
9. Verify that the "Password policy has been updated" message appears, and then click Close.
Note: You have now verified that the password policy is applied.
5. On the left side menu, click Settings, and then click Security & privacy.
6. In the Password policy section, click Edit.
8. In the Days before a user is notified about expiration box, leave the default value of 14.
9. Click Save and then click Close.
Results: After completing this exercise, you should have configured and validated an Office 365
password policy.
L2-14 Managing Office 365 Users and Groups
4. On the left side menu, expand Groups, click Groups, and then click the Add a group icon.
5. On the New Group page, in the Type drop-down box, select Security group, and in the Name text
box, type Sales.
6. In the Description text box, type Sales department users, click Add and then click Close.
7. On the Groups page, click Sales.
8. On the Sales Security group page, in the Members section, click Edit.
9. On the Edit members page, in the search box, type Lindsey. When the Lindsey Gates user
account appears, click Add.
10. In the same search text box, type Christie, and then click Add.
13. On the New Group page, in the Type drop-down box, select Security group, and in the Name text
box, type Accounts.
14. In the Description text box, type Accounts department users, click Add, and then click Close.
15. In the Members section, click Edit.
16. In the search box, type Francisco, and then click Add.
17. In the search box, type Sallie, and then click Add.
5. Ensure that Amy Santiago is now listed as member in the Sales security group.
7. On the Delete group page, click Delete, and then click Close.
8. On the left side menu, click Users, and then click Active Users.
9. Confirm that the Amy Santiago user account still exists in the list of users.
L2-15 Managing Office 365 Users and Groups
Results: After completing this exercise, you should have created and managed security groups.
2. Under Microsoft Online Services Sign-In Assistant for IT Professionals RTW, click Download.
5. In the Microsoft Online Services Sign-in Assistant Setup wizard, on the License Terms page, click
I accept the terms in the License Agreement and Privacy Statement, and then click Install.
6. In the User Account Control dialog box, click Yes.
7. On the Completed the Microsoft Online Services Sign-in Assistant Setup Wizard page, click
Finish.
8. In Microsoft Edge, browse to
http://go.microsoft.com/fwlink/?LinkId=236297 (or http://aka.ms/siqtee).
11. On the License Terms page, select I accept the terms in the License Terms, and click Next.
12. On the Install Location page, click Next.
15. On the Completing the Microsoft Azure Active Directory Module for Windows PowerShell
Setup page, click Finish.
Task 2: Create new users and assign licenses by using Windows PowerShell
1. On LON-CL1, on the desktop, right-click the Windows Azure Active Directory Module for
Windows PowerShell shortcut, and then click Run as administrator.
3. At the command prompt, type the following command, and then press Enter:
Connect-MsolService
5. At the command prompt, type the following command, and then press Enter:
6. At the command prompt, type the following command, and then press Enter:
7. To determine which users are unlicensed, at the command prompt, type the following command,
and then press Enter:
Get-MsolUser -UnlicensedUsersOnly
8. To license Catherine Richard, at the command prompt, type the following command, and then
press Enter:
9. To license Tameka Reed, at the command prompt, type the following command, and then press
Enter:
10. To prevent a user from signing in, at the command prompt, type the following command, and then
press Enter:
11. To delete a user, at the command prompt, type the following command, and then press Enter:
12. To view the Deleted Users list, at the command prompt, type the following command, and then
press Enter:
Get-MsolUser ReturnDeletedUsers
13. Verify that Catherine Richard is in the Deleted Users list. Note that it specifies that she is still
licensed.
14. To restore a deleted user, at the command prompt, type the following command, and then press
Enter:
15. To view the Deleted Users list again, at the command prompt, type the following command, and
then press Enter:
Get-MsolUser ReturnDeletedUsers
16. Verify that Catherine Richard is no longer in the Deleted Users list.
L2-17 Managing Office 365 Users and Groups
17. To view the Active Users list, at the command prompt, type the following command, and then press
Enter:
Get-MsolUser
19. To allow a user to sign in, at the command prompt, type the following command, and then press
Enter:
2. Navigate to C:\Labfiles, right-click O365Users.csv, point to Open with, and then click Notepad.
6. Close O365users.csv, and then in the Notepad message box, click Save.
7. To bulk import several users from a comma-separated value (CSV) file, copy and paste this code
into the Windows Azure Active Directory Module for Windows PowerShell window, and then
press Enter:
8. To view the Active Users list, at the command prompt, type the following command, and then press
Enter:
Get-MsolUser
14. In the left menu, expand Admin centers, and then click Exchange.
15. Under recipients, click mailboxes and review the mailboxes and associated email addresses that
were created.
2. To configure a PowerShell variable for the group, at the command prompt, type the following
command, and then press Enter:
3. To configure a PowerShell variable for the first user account, at the command prompt, type the
following command, and then press Enter:
4. To configure a PowerShell variable for the second user account, at the command prompt, type the
following command, and then press Enter:
5. To add Catherine Richard to the Marketing group, at the command prompt, type the following
command, and then press Enter:
6. To add Tameka Reed to the Marketing group, at the command prompt, type the following
command, and then press Enter:
7. To verify the members of the Marketing group, at the command prompt, type the following
command, and then press Enter:
2. At the command prompt, type the following command, and then press Enter:
3. At the command prompt, type the following command, and then press Enter:
Results: After completing this exercise, you should have created new users, assigned licenses, modified
existing users, and configured groups and user passwords by using the Windows PowerShell command-
line interface.
4. On the left-hand side, expand Users, click Active users, and then click Francisco Chaves.
6. Under Edit user role, select Customized administrator, and then select Billing administrator
from the list.
7. In the Alternate email address text box, type user@alt.none, click Save, and then click Close.
8. Close the Francisco Chaves page.
9. In the active users list, click Tameka Reed.
10. On the Tameka Reed page, in the Roles section, click Edit.
11. Under Edit user role, select Customized administrator, and then select Password administrator
from the list.
12. In the Alternative email address text box, type user@alt.none, click Save, and then click Close.
15. On the Christie Thomas page, in the Roles section, click Edit.
16. Under Edit user role, click Customized administrator, and then select User management
administrator from the list.
17. In the Alternative email address text box, type user@alt.none, click Save, and then click Close.
2. At the command prompt, type the following command, and then press Enter:
3. At the command prompt, type the following command, and then press Enter:
L2-20 Managing Office 365 Users and Groups
4. At the command prompt, type the following command, and then press Enter:
5. Verify that Sallie McIntosh is in the list of users who have the Service Support Administrator role.
6. At the command prompt, type the following command, and then press Enter:
7. At the command prompt, type the following command, and then press Enter:
8. Verify that Francisco Chaves is in the list of users who have the billing administrator role.
9. At the command prompt, type the following command, and then press Enter:
10. At the command prompt, type the following command, and then press Enter:
11. Verify that Holly Dickson and Nona Snider and are in the list of users who have the Company
Administrator role.
12. At the command prompt, type the following command, and then press Enter:
Exit
4. In the New password and Confirm password text boxes, type Pa$$w0rd, and then click Update
password and sign in.
Note that Tameka Reed cannot perform many of the administrative tasks, because the user account
only has the Password administrator role.
16. On the update your admin contact info page, click cancel.
17. In the Office 365 admin center, on the Home page, click Users, and then click Jessica Jennings.
18. On the Jessica Jennings page, in the Display name Office phone section, click Edit.
30. On the User was added page, click Send email and close.
33. On the Delete user page, click Delete, and then click Close.
Results: After completing this exercise, you should have assigned delegated administrators in the Office
365 admin center, managed delegated administration with Windows PowerShell, and verified delegated
administration.
L3-22 Configuring Client Connectivity to Office 365
4. In the Office 365 admin center, in the menu to the left, expand Settings, click Domains.
5. Review the domain names assigned to the tenant.
3. In DNS Manager, expand LON-DC1, and then expand Forward Lookup Zones.
4. Click, and then right-click Adatumvsxxxx.virsoftlabs.com, and then click New Alias (CNAME).
5. In the Alias name text box, type autodiscover as the alias name.
6. In the Fully qualified domain name (FQDN) for target host text box, type
autodiscover.outlook.com.
7. Click OK.
9. In the Mail Exchanger (MX) dialog box, in the Fully qualified domain name (FQDN) of mail
server text box, type Adatumvsxxxx-virsoftlabs-com.mail.protection.outlook.com.
12. In the Resource Record Type dialog box, scroll down the list, click Service Location, and then
click Create Record.
13. On the Service Location (SRV) tab, enter the following information, and then click OK:
o Service: _sip
o Protocol: _tls
L3-23 Configuring Client Connectivity to Office 365
o Priority: 100
o Weight: 1
14. In the Resource Record Type dialog box, click Create Record.
15. On the Service Location (SRV) tab, enter the following information, and then click OK:
o Service: _sipfederationtls
o Protocol: _tcp
o Priority: 100
o Weight: 1
16. In the Resource Record Type dialog box, scroll back up the list, click Alias (CNAME), and then
click Create Record.
17. On the Alias (CNAME) tab, enter the following information, and then click OK:
18. In the Resource Record Type dialog box, click Create Record.
19. On the Alias (CNAME) tab, enter the following information, and then click OK:
o Alias name: lyncdiscover
21. Switch back to LON-CL1, and then in the Office 365 admin console, click Check DNS.
Note: Due to DNS timeouts of missing DNS records, the DNS check may take a long time.
22. If you do not get any results from the DNS check, then in the DNS errors section, click View errors,
and then click Refresh.
23. You should now see that most missing DNS records are not listed anymore. The only remaining
missing DNS records are listed below. There are not used in this course.
o msoid.Adatumvsxxxx
o enterpriseregistration.Adatumvsxxxx
o enterpriseenrollment.Adatumvsxxxx
24. In the menu bar, click the App launcher icon (9 small squares), and then click Mail.
L3-24 Configuring Client Connectivity to Office 365
25. On the Outlook page, select your time zone and click Save.
30. On the Outlook page, select your time zone and click Save.
33. When the name resolves, note her instant message (IM) status. It might take a couple of minutes for
her status to update.
35. In the pop-up dialog box, click the IM icon on the right.
36. In the IM pop-up window, type Hi Holly, do you know the time of the meeting?, and then press
Enter.
39. On LON-CL2, close the IM window, and then close Microsoft Edge.
40. On LON-CL1, close the IM window, and then close Microsoft Edge.
Results: After completing this exercise, you should have reviewed the recommended DNS records in
the Office 365 admin center, configured the DNS records for external clients, and configured the DNS
records for internal clients.
2. On the Microsoft Remote Connectivity Analyzer page, click the Office 365 tab.
3. On the Office 365 tab, select Office 365 Exchange Domain Name Server (DNS) Connectivity
Test, and then click Next.
5. Under Verification, type the characters that you can see in the verification field, and then click
Verify.
Note: If you receive a message about having performed too many tests in 60 seconds,
wait for a minute and then repeat the test.
L3-25 Configuring Client Connectivity to Office 365
7. When you see Connectivity Test Successful, under Test Details, expand Test Steps, and then
review the checks that were made against the Exchange Online domain.
9. On the Office 365 tab, select Office 365 Lync Domain Name Server (DNS) Connectivity Test,
and then click Next.
10. In the Sign-in address text box, type Francisco@Adatumvsxxxx.virsoftlabs.com, and then click
Perform Test.
11. When you see Connectivity Test Successful, under Test Details, expand Test Steps, and then
review the checks that were made against the Skype for Business Online domain.
14. On the Outlook Connectivity page, in the Email Address and Microsoft Account text boxes, type
Francisco@Adatumvsxxxx.virsoftlabs.com.
15. In the Password and Confirm password text boxes, type Pa$$w0rd.
16. Select Use Autodiscover to detect server settings.
17. Select I understand that I must use the credentials of a working account from my Exchange
domain to be able to test connectivity to it remotely. I also acknowledge that I am responsible
for the management and security of this account.
18. Click Perform Test.
19. When you see Connectivity Test Successful with Warnings, under Test Details, expand
Test Steps, and then review the checks that were made against Outlook Anywhere. Note in
particular the message that contains information about the Autodiscover steps that fail.
20. In the top-right corner of the window (under Run Test Again), note that you can copy this test to the
clipboard, or save it as an XML or HTML file.
21. Click Start Over.
2. In the Office 365 Client Performance Analyzer window, under Download and install OCPA, click
the here link.
3. Wait for the Ocpa.msi download to finish, and then click Run.
5. In the Microsoft Office 365 Client Performance Analyzer window, click Accept, and then click
Run Exchange Analyzer.
Note that for the online lab environment, it is expected that the analyzer tool reports that the DNS
Server is Out of Region for the user account.
o Password: Pa$$w0rd
5. In the Windows Security dialog box for Microsoft Outlook, type Pa$$w0rd as the password,
select Remember my credentials, and then click OK.
6. Verify that you are connected to Exchange Online, and then click Finish.
7. In the First things first dialog box, select Ask me later, and then click Accept.
8. Close Outlook.
o Password: Pa$$w0rd
Task 2: Verify that Skype for Business can connect to Office 365
1. On LON-CL1, start Skype for Business.
4. On the second Sign in page, type Pa$$w0rd as the password, select Save my password, and click
Sign In.
5. In the confirmation dialog box about saving your sign-in info, click Yes.
6. In the Help Make Skype for Business Better! dialog box, click No.
7. Verify that you are connected to Skype for Business Online.
o Password: Pa$$w0rd
Results: After completing this exercise, you should have verified that Outlook 2016 can connect to
Office 365, verified that Skype for Business can connect to Office 365, and verified OneDrive for
Business connectivity to Office 365.
L4-28 Planning and Configuring Directory Synchronization
2. In Server Manager, on the Tools menu, click Active Directory Domains and Trusts.
3. In the Active Directory Domains and Trusts window, right-click Active Directory Domains and
Trusts, and then click Properties.
4. On the UPN Suffixes tab, in the Alternative UPN suffixes text box, type
Adatumvsxxxx.virsoftlabs.com, and then click Add.
5. Click OK.
CD C:\labfiles\
2. At the Windows PowerShell prompt, type the following command, and then press Enter:
Set-ExecutionPolicy Unrestricted
4. At the Windows PowerShell prompt, type the following command, and then press Enter:
.\CreateProblemUsers.ps1
o Amr Zaki. Add the "@" character to the beginning of "adatum" for the UserPrincipalName
attribute.
o Brad Sutton. Replace the existing string with "brad@adatum.com" for the emailAddress
attribute.
o Don Funk. Replace the existing string with "brad@adatum.com" for the emailAddress attribute.
o Holly Dickson. Replace the existing string with "holly@adatum.com" for the emailAddress
attribute.
o Kelly Rollins. Replace the existing string with " " for the emailAddress attribute.
L4-29 Planning and Configuring Directory Synchronization
7. On the Directory Sync Status page, in the IdFix Tool section, click Download IdFix Tool.
8. In the new Edge tab, under Install IdFix, click the IdFix DirSync Error Remediation Tool link.
10. Wait for the IdFix.zip download to finish, and then click Open folder.
11. In the Downloads folder, right-click IdFix.zip, and then click Extract All....
12. In the Extract Compressed (Zipped) Folders dialog box, in the destination text box, type
C:\Deployment Tools\IdFix, and then click Extract.
13. In File Explorer, in the C:\Deployment Tools\IdFix folder, right-click IdFix.exe, and then click
Run as administrator.
14. In the User Account Control dialog box, click Yes.
15. In the IdFix Privacy Statement message box, click OK.
16. In the IdFix application window, on the toolbar, click Query. You should see a number of errors.
17. Click the ERROR column to sort the character errors to the top of the list.
Note: Ignore possible topleveldomain errors, which cannot be fixed by the IdFix tool.
18. In the Amr Zaki row, in the ACTION column, select EDIT.
19. In the Holly Dickson row, in the ACTION column, select EDIT.
20. In the Kelly Rollin row, in the ACTION column, select EDIT.
Notice the COMPLETE status in the ACTION column indicating successful writes.
23. In File Explorer, in the C:\Deployment Tools\IdFix folder, double-click Verbose <date> <time>.txt
to view the updated transactions in the transaction log.
26. In the Don Funk row, click in the UPDATE column to replace the string with don@adatum.com,
and then in the ACTION column, select EDIT.
27. In the Kelly Rollin row, click in the UPDATE column to replace the string with kelly@adatum.com,
and then in the ACTION column, select EDIT.
30. On the toolbar, click Query and verify that no more errors are reported.
Note: Where there are format and duplicate errors for distinguished names, the UPDATE
column either contains the same string as the VALUE column, or the UPDATE column entry is
blank. In either case, this means that IdFix cannot suggest a remediation for the error. You can
either fix these errors outside IdFix, or manually remediate them within IdFix. You can also
export the results and use Windows PowerShell to remediate a large number of errors.
Connect-MsolService
Although you might have to wait up to 24 hours for activation to complete, you should be able to
continue.
5. At the Windows PowerShell prompt, type the following command, and then press Enter:
Get-MsolCompanyInformation
Note that in the output, DirectorySynchronizationEnable is True, indicating that sync is enabled.
Note: It might take a few minutes to return True. Rerun the command until you see True
showing.
Results: After completing this exercise, you will have resolved issues in AD DS identified by the IdFix
tool and you will have enabled Active Directory synchronization in Office 365.
L4-31 Planning and Configuring Directory Synchronization
Note: If you see the Active Directory synchronization is being activated warning, you can
ignore it at this time, but you will not be able to run directory synchronization later in this
exercise. You must wait until directory synchronization is activated. However, you can complete
the following steps, even if you do see the warning message.
7. Under Email address, after the @-sign, in the drop-down list box, select
Adatumvsxxxx.virsoftlabs.com, and then click Save.
8. Click Sign Out.
15. On the Active Directory preparation page, click Go to the DirSync management.
16. In the Directory sync client version section, click Upgrade to the latest version of Azure AD
Connect.
Note: You will be redirected to the Microsoft Azure Active Directory Connect download
page at http://go.microsoft.com/fwlink/?LinkId=617037.
17. On the Microsoft Azure Active Directory Connect download page in Internet Explorer, click
Download.
18. When the AzureADConnect.msi download has completed, in the Internet Explorer notification bar,
click Run.
19. In the Microsoft Azure Active Directory Connect wizard, on the Welcome page, select I agree to
the license terms and privacy notice, and then click Continue.
20. On the Express Settings page, click Customize.
Note: The steps in the Microsoft Azure Active Directory Connect wizard continue in the next task.
L4-32 Planning and Configuring Directory Synchronization
3. On the Connect to Azure AD page, enter the following credentials, and then click Next:
o Username: Holly@Adatumvsxxxx.virsoftlabs.com
o Password: Pa$$w0rd
4. On the Connect your directories page, enter the following credentials, click Add Directory, and
then click Next:
o Username: ADATUM\Administrator
o Password: Pa$$w0rd
5. On the Domain and OU filtering page, select Sync selected domains and OUs, expand
Adatum.com, clear all check boxes for the child containers (also scroll down), except for the IT
check box, and then click Next.
6. On the Uniquely identifying your users page, click Next.
7. On the Filter users and devices page, verify that Synchronize all users and devices is selected,
and then click Next.
8. On the Optional Features page, leave the default options, and then click Next.
9. On the Ready to configure page, ensure that both check boxes are cleared, and then click Install.
10. Once the installation completes, on the Configuration complete page, click Exit.
6. In the Credentials dialog box, enter the following credentials, and then click OK:
o Password: Pa$$w0rd
o Domain: Adatum.com
Note: Although this account is not the one used for directory synchronization, you use the
account credentials to access AD DS to configure filtering.
7. In the Select Containers dialog box, select the Research check box, verify that the IT check box is
also selected, and then click OK.
2. In Synchronization Rules Editor, in Direction, select Inbound, and then click Add new rule.
3. In the Create inbound synchronization rule dialog box, in the Name box, type In from AD User
DoNotSyncFilter.
4. In the Connected System drop-down list box, select Adatum.com.
5. In the Connected System Object Type drop-down list box, type u, and then select user.
9. Click Next.
10. In the Create inbound synchronization rule dialog box, select Scoping filter, click Add group,
and then click Add clause.
18. In the Windows PowerShell window, type the following command, and then press Enter.
L4-34 Planning and Configuring Directory Synchronization
Note: The Start-ADSyncSyncCyle PowerShell command returns immediately, but the initial
synchronization can still take a few moments to complete. Leave the Windows PowerShell window
open.
3. Wait until the Adatum.com connector has completed the Export task. This indicates that the
synchronization has completed.
8. On the License Terms page, select I accept the terms in the License Terms, and click Next.
9. On the Install Location page, click Next.
10. On the Ready to Install page, click Install.
11. On the Completing the Windows Azure Active Directory Module for Windows PowerShell
Setup page, click Finish.
12. Close Internet Explorer.
13. At the Windows PowerShell prompt, type the following commands, and press Enter after each:
Connect-MsolService
15. At the Windows PowerShell prompt, type the following command, and then press Enter:
Get-MsolCompanyInformation
16. Verify the LastDirSyncTime (expressed in UTC) aligns with the last time synchronization was
initiated in the previous task.
20. Notice that a DirSync Status tile is displayed on the Home page dashboard.
21. Click DirSync Status.
Note: If the DirSync Status tile is not displayed, then on the Home page, click Users.
On the Active users page, click More, and then click Directory synchronization.
On the Active Directory preparation page, click Go to the DirSync management.
L4-35 Planning and Configuring Directory Synchronization
24. In the Active users list, notice that on-premises user accounts from the selected Active Directory
OUs are now included in the users list. Scroll to the right to see their Sync Type as Synced with
Active Directory.
Results: After completing this exercise, you will have installed Azure AD Connect with customized
settings. Upon completion of the installation, you will start directory synchronization to Office 365 and
have verified that synchronization was successful.
2. In the console tree, expand Adatum.com, right-click Research, click New, and then click User.
3. In the New Object - User dialog box, in the First name text box, type Perry, and in the Last name
text box, type Brill.
4. In the User logon name text box, type Perry, and in the UPN drop-down list box, select
@Adatumvsxxxx.virsoftlabs.com and then click Next.
6. Clear the User must change password at next logon check box, and select the Password never
expires check box.
7. Click Next, and then click Finish.
8. In the Research OU, right-click the new Perry Brill user, and then click Properties.
9. In the Properties dialog box, on the General tab, in the E-mail text box, type
Perry@Adatumvsxxxx.virsoftlabs.com, and then click OK.
10. In the console tree, right-click the Research OU, click New, and then click Group.
11. In the New Object Group dialog box, in the Group name text box, type Project Team, select
Universal, select Distribution, and then click OK.
12. In the Research OU, right-click the new Project Team group, and then click Properties.
13. In the Properties dialog box, on the General tab, in the E-mail text box, type
projectteam@Adatumvsxxxx.virsoftlabs.com.
15. In the Select Users, Contacts, Computers, Service Accounts, or Groups dialog box, in the Enter
the object names to select text box, type the following thee account names separated by a
semicolon, and then click Check Names:
o Chris Sells
o Lukas Keller
L4-36 Planning and Configuring Directory Synchronization
o Sabine Royant
3. In Active Directory Users and Computers, in the Research OU, right-click Josh Bailey, click
Move, select the Sales OU, and then click OK.
2. In the Research Properties dialog box, on the Members tab, select the following three user
accounts, and click Remove. In the confirmation dialog box, click Yes.
o Allie Bellew
o Anil Elison
o Aziz Hassouneh
3. Click OK.
Note: The Delta parameter is used here so that only the updates are synchronized.
2. At the Start screen, type sync, and then click Synchronization Service.
3. In the Synchronization Service Manager, on the Operations tab, wait until the Adatum.com
connector has completed the Export task.
5. On the Active users list, in the Search text box, type Perry, and then click the search icon.
6. Verify that the new Perry Brill user has synchronized with Office 365.
Note: You may have to wait a few minutes before the user account appears. Refresh the
list until you see the Perry Brill user.
9. On the Product licenses page, in the Location drop-down list box, select United States, and then
set the Office 365 Enterprise E3 switch to On.
13. In the left navigation, expand Groups and then click Groups.
14. On the Groups page, verify that the new Project Team group appears.
15. Click the Project Team group.
Note: You cannot change the Project Team membership on this page. This is because
group membership is maintained by Active Directory.
17. On LON-DC1, at the Windows PowerShell prompt, type the following command, and then press
Enter:
Get-MsolGroup
18. Verify that you see the Research and Project Team groups.
19. At the Windows PowerShell prompt, type the following command, and then press Enter.
20. At the Windows PowerShell prompt, type the following command, and then press Enter.
21. Verify that the Project Team group in Office 365 contains the three user accounts that you added to
the group in Active Directory earlier:
o Chris Sells
o Lukas Keller
o Sabine Royant
22. At the Windows PowerShell prompt, type the following command, and then press Enter.
23. At the Windows PowerShell prompt, type the following command, and then press Enter.
L4-38 Planning and Configuring Directory Synchronization
24. Verify that the Research group in Office 365, does not contain the three user accounts that you
removed from the group in Active Directory earlier:
o Allie Bellew
o Anil Elison
o Aziz Hassouneh
25. At the Windows PowerShell prompt, type the following command, and then press Enter.
Note that the PowerShell command returns no user accounts. This confirms that the user
Josh Bailey has moved out of scope of synchronization.
26. At the Windows PowerShell prompt, type the following command, and then press Enter:
Get-MsolAccountSku
The PowerShell command indicates how may Office 365 licenses are assigned.
Results: After completing this exercise, you will have identified how managing user and group accounts
has changed with directory synchronization.
L5-39 Planning and Deploying Office 365 ProPlus
6. In the File Sharing dialog box, click the drop-down list box, select Everyone from the list, click Add,
and then click Share.
7. In the File Sharing dialog box, click Done.
11. On the Home page, in the Office software tile, click Software download settings.
Note: If the Office software tile is not displayed, then in the left navigation pane, expand Settings,
and then click Services & add-ins.
On the Services & add-ins page, scroll down, and then click Software download settings.
12. On the Software download settings page, click Manually deploy user software.
13. On the Manage user software through Office 365 page, scroll down, and then click Learn how to
download and deploy software.
14. On the How admins can download Office 365 user software to deploy to users page, click
Manage user software in Office 365.
15. On the next Manage user software in Office 365 page, scroll down, and then click the Office
Deployment Tool (Office 2016 version) link to open the Office Deployment Tool download page.
Note: You can also go directly to the Office 2016 Deployment Tool page, by using the URL:
http://go.microsoft.com/fwlink/?LinkId=626065.
16. On the download page, expand Details, System Requirements, and Install Instructions, and read
and familiarize yourself with each section.
20. On the Microsoft Office 2016 Click-to-Run Administrator Tool dialog box, select Click here to
accept the Microsoft Software License Terms , and then click Continue.
21. Browse to the new C:\Office16 folder, and then click OK.
L5-40 Planning and Deploying Office 365 ProPlus
22. In the Files extracted successfully confirmation dialog box, click OK.
23. In File Explorer, go to the C:\Office16 folder. You should see two files:
o configuration.xml
o setup.exe
24. Close Microsoft Edge
2. Right-click in the folder, and then click Paste. This creates a backup copy of the configuration.xml
file.
3. Right-click the configuration.xml file, click Open With, and then click Notepad.
with:
<Product ID="VisioProRetail">
<Language ID="en-us" />
</Product>
6. with
with
8. On the File menu, click Save As, and in the File name text box, type AdatumConfiguration.xml.
9. Close Notepad.
10. In File Explorer, press Shift, and then right-click in the Office16 folder, and click Open command
window here.
11. At the C:\Office16> command prompt, type the following command, and then press Enter:
.\setup.exe /?
13. At the command prompt, type the following command, and then press Enter:
16. In the C:\Office16 folder, notice that the download into the C:\Office16\Office folder has started. You
can continue with the next task and leave the download in the background.
Results: After completing this exercise, you will have downloaded a copy of Microsoft Office 365
ProPlus for managed deployment to a shared folder. You will also have downloaded and installed the
Office Deployment Tool.
7. In the Location drop-down list box, select United Kingdom, and then set the Office 365
Enterprise E3 switch to On.
12. On the Maira Wenzel page, in the Product licenses section, click Edit.
13. In the Location drop-down list box, select United Kingdom, and then set the Office 365
Enterprise E3 switch to On.
17. Repeat the previous Maira Wenzel steps for Roman Miler.
23. On the Home page, in the top-right corner, click the User icon, and then click Sign out.
25. In the Office 365 portal, in the top-right corner, click the Settings (gear) icon.
26. On the Settings menu, under My app settings, click Office 365.
27. On the Settings page, click Software.
Note: Because this user is not licensed for Office 365 ProPlus, Office 2016 is not available
for download.
32. On the Settings menu, under My app settings, click Office 365.
33. On the Settings page, click Software.
Note: This user has a license, but Skype for Business and Office are not available for
download.
34. Click Phone & tablet. Verify that Phone apps and Tablet apps are available.
39. On the Home page, in the Office software tile, click Software download settings.
40. In the Software for PC section, set the 2016 version switch to On.
41. Verify that Office and Skype for Business are both set to on.
42. Click Save, and then click Close.
47. In the Office 365 portal, in the top-right corner, click the Settings (gear) icon.
48. On the Settings menu, under My app settings, click Office 365.
Note: This user has a license, and Office 2016 (including Skype for Business) is available
for download.
L5-43 Planning and Deploying Office 365 ProPlus
Task 2: Install Office 365 ProPlus from the Office 365 portal
1. On LON-CL3, in Microsoft Edge, on the Software / Office page, in the Language drop-down list
box, ensure that English (United States) is selected.
Note: To see the 64-bit version option, you must click Advanced.
3. Click Install.
6. On the taskbar, click the Office icon, and note the status of the download.
Note: It will take several minutes to complete, but applications are available now.
12. In the Sign in dialog box, type Roman@Adatumvsxxxx.virsoftlabs.com, and then click Next.
13. In the Office 365 dialog box, in the Password text box, type Pa$$w0rd, and then click Sign in.
14. Once signed in, your subscription license is activated. At the top right, under Roman Miler, click
Switch account.
15. Click SIGN OUT, and then next to Roman Miler, click Sign out.
16. In the Remove Account message box, click Yes.
17. In the top-right corner, click Sign in to get the most out of Office.
18. In the Sign in dialog box, type Holly@Adatumvsxxxx.virsoftlabs.com, and then click Next.
19. In the Office 365 dialog box, in the Password text box, type Pa$$w0rd, and then click Sign in.
21. In the new Word document, type the text Meeting Agenda, and then press Enter.
22. At the next line, type =Lorem(), and then press Enter.
Note: The option to quickly insert "random" text in a document, has been a fairly unknown feature
since Word 97 Standard Edition .
24. Click Sites A. Datum (not OneDrive - A. Datum), and then click A. Datum in the right pane.
25. Double-click the Documents document library, ensure that the File name is
Meeting Agenda.docx, and then click Save.
27. In Microsoft Edge, on the Software / Office page, on the Edge menu bar, click the Refresh icon (or
press the F5 key).
Note that you now have a new Manage installs section at the top of the page where you can
manage Office 365 installs.
28. Close Microsoft Edge.
7. Set the Office 365 ProPlus switch to Off to remove the license from the Roman Miler account.
8. Click Assign, and then click Close.
9. Close the Roman Miler page.
10. At the top right corner, click the User icon, and then click Sign out.
11. Sign in as Roman@Adatumvsxxxx.virsoftlabs.com with password Pa$$w0rd.
12. In the Office 365 portal, in the top-right corner, click the Settings (gear) icon.
13. On the Settings menu, under My app settings, click Office 365.
Note: Note that the Office installation is no longer listed, as Roman Miler no longer has an
active license. The Office 365 ProPlus applications will still be available to the user on any
machine on which he already installed them, but within 30 days, they will drop into
low-functionality mode. This means he will only be able to read and print documents.
7. On the Roman Miler page, in the Product licenses section, click Edit.
Results: After completing this exercise, you should be able to activate Office 365 ProPlus for self-
service installations and set licensing options correctly for end users so that deployment and installation
is possible.
5. In the Computers container, right-click LON-CL4, click Move, select Adatum_Computers, and
then click OK.
6. In Server Manager, on the Tools menu, click Group Policy Management.
9. In the New GPO dialog box, in the Name box, type DeployOffice16, and then click OK.
10. In the right pane, right-click DeployOffice16, and then click Edit..
11. In Group Policy Management Editor, expand Computer Configuration, expand Policies, expand
Windows Settings, and then select Scripts (Startup/Shutdown).
12. In the right pane, right-click Startup, and then click Properties.
13. In the Startup Properties dialog box, click Show Files.
14. Right-click in the Startup folder, click New, and then click Text Document.
15. Rename the new text file from New Text Document.txt to DeployOffice16.cmd.
17. In the Open File - Security Warning message box, click Run.
Note: The security warning appears, because Group Policy Management editor opened the Startup
folder as a network location through \\Adatum.com\Sysvol, and not as a local path through C:\. The
"Run" command in this case means "run the Edit command on this network file".
23. In the Browse dialog box, select DeployOffice16.cmd, and then click Open.
3. At the command prompt, type the following command, and then press Enter.
gpupdate.exe /force
4. Wait for the Group Policy to update both the computer policy and the user policy.
10. Click Word 2016. If you do not see it on the Start screen, type Word to bring up the icon.
11. In the Activate Office dialog box, type Maira@Adatumvsxxxx.virsoftlabs.com, and then click
Next.
12. In the Office 365 dialog box, in the Password text box, type Pa$$w0rd, and then click Sign in.
13. In the Account Updated message box, click OK.
17. In the new Word document, type the text Meeting Report, and then press Enter.
18. At the next line, type =Rand.old(), and then press Enter.
21. Verify that the Save As dialog box, opens with the This PC > Documents folder.
22. Ensure that the File name is Meeting Report.docx, and then click Save.
25. In Task Manager, on the Details tab, notice the OfficeClickToRun.exe process in the process list.
L5-47 Planning and Deploying Office 365 ProPlus
Note: Check Task Manager for your deployment. These items will all be present in a
successful install.
Results: After completing this exercise, you will have enabled centralized managed deployment of Office
365 ProPlus and implemented a standardized Microsoft Office configuration by using one version of
Office.
L6-48 Planning and Managing Exchange Online Recipients and Permissions
8. In the Password text box, and the Retype password text box, type Pa$$w0rd.
9. Clear the Make this user change their password when they first sign in check box.
10. Click Product licenses, and ensure that the switch for Office 365 Enterprise E3 is On.
13. Repeat the previous steps to add the following additional users:
o Olivia Emerson
o Kendra Sexton
14. In the left navigation pane, expand Admin Centers, and then click Exchange.
15. In the Exchange admin center, in the left navigation pane, click recipients.
Note: It might take a few minutes for the mailboxes to appear. Click the refresh icon
periodically until they do.
3. In the New Distribution Group window, in the Display name text box, type IT.
9. Repeat the previous steps to add the following additional distribution groups and members:
o Managers - and member Martina Blair
2. On the desktop, right-click Windows Azure Active Directory Module for Windows PowerShell,
and then click Run as administrator.
3. At the User Account Control prompt, click Yes.
4. In the Windows PowerShell window, type the following command, and then press Enter:
$cred = Get-Credential
6. In the Windows PowerShell window, type the following command, and then press Enter:
7. In the Windows PowerShell window, type the following command, and then press Enter:
8. In the Windows PowerShell window, type the following command, and then press Enter:
9. In the Windows PowerShell window, type the following command, and then press Enter:
Get-AcceptedDomain
Note: This command returns the list of accepted domains and verifies that you can
connect to your Office 365 subscription.
2. In the Windows PowerShell window, type the following command, and then press Enter:
3. In the Windows PowerShell window, type the following command, and then press Enter:
4. In the Windows PowerShell window, type the following command, and then press Enter:
5. In the Windows PowerShell window, type the following command, and then press Enter:
Note: If you receive an error running the Set-CalendarProcessing cmdlet for either of
these objects, wait a few moments and repeat.
6. In Microsoft Edge, in the Exchange admin center, click the Refresh icon. You should see both new
resources.
7. In the Windows PowerShell window, type the following command, and then press Enter:
8. In Microsoft Edge, in the Exchange admin center, click the Refresh icon. You should see the
changes you made in the details pane on the right.
3. In the Windows PowerShell window, type the following command, and then press Enter:
cd C:\Labfiles
4. In the Windows PowerShell window, type the following command, and then press Enter:
5. In the Windows PowerShell window, type the following command, and then press Enter:
6. In Microsoft Edge, in the Exchange admin center, in contacts, click the Refresh icon. You can see
the newly created objects.
L6-51 Planning and Managing Exchange Online Recipients and Permissions
Results: After completing this exercise, you will have created and configured Microsoft Exchange Online
recipients.
3. In the Organization Management window, under Members (not under Roles), click the + icon.
4. In the Select Members window, select Olivia Emerson, click add, and then click OK.
Enable-OrganizationCustomization
2. In the Windows PowerShell window, type the following command, and then press Enter:
3. In the Windows PowerShell window, type the following command, and then press Enter:
4. In the Windows PowerShell window, type the following command, and then press Enter:
Get-RoleGroupMember "BranchOfficeAdmins"
5. In Microsoft Edge, in the Exchange admin center, click the Refresh icon. You can see the new
BranchOfficeAdmins role group.
2. In the Windows PowerShell window, type the following command, and then press Enter:
3. In the Windows PowerShell window, type the following command, and then press Enter:
Results: After completing this exercise, you will have configured delegated administration of your
Exchange Online organization.
L7-53 Planning and Configuring Exchange Online Services
Note: You might have a Windows PowerShell connection to Office 365 open from a
previous lab. If so, you can use the existing connection and skip this step.
3. In Windows PowerShell, type the following command, and then press Enter.
$cred = Get-Credential
4. In the left navigation pane, expand Admin centers, and then click Exchange.
5. In the Exchange admin center, in the left pane, click mail flow, and then click connectors.
8. In the To list box, select Partner organization, and then click Next.
9. On the New connector page, in the Name text box, type Humongous Insurance Outgoing, and
then click Next.
10. Ensure Only when email messages are sent to these domains is selected, and then click the +
icon.
L7-54 Planning and Configuring Exchange Online Services
11. On the add domain page, type humongousinsurance.com, click OK, and then click Next.
12. Ensure Use the MX record associated with the partner's domain is selected, and then click Next.
13. Ensure Always use Transport Layer Security (TLS) to secure the connection is selected, and
ensure Issued by a trusted certificate authority (CA) is selected, and then click Next.
14. On the Confirm your settings page, click Next.
16. In the Send the test email to the address text box, type
postmaster@humongousinsurance.com, click OK, and then click Validate.
Note: Validation of mail flow failed because the connector is to a fictitious organization.
This is expected behavior for this lab.
20. In the Exchange admin center, on the connectors tab, click the + icon.
21. On the Select your mail flow scenario page, in the From list box, select Partner organization.
22. In the To list box, select Office 365, and then click Next.
23. On the New connector page, in the Name box, type Humongous Insurance Incoming, and then
click Next.
24. Ensure Use the sender's domain is selected, and then click Next.
25. Click the + icon, type humongousinsurance.com, click OK, and then click Next.
26. Ensure Reject email messages if they aren't sent over TLS is selected, and then click Next.
27. On the Confirm your settings page, click Save.
3. In the new rule window, in the Name box, type A. Datum Disclaimer.
4. In the Apply this rule if list box, select The recipient is located..., select Outside the
organization, and then click OK.
<HR> If you are not the intended recipient of this message, you must delete it.
11. In Exchange admin center, click the + icon, and then click Send messages to a moderator.
L7-55 Planning and Configuring Exchange Online Services
12. In the new rule window, in the Name box, type Moderate Managers.
13. In the Apply the rule if list box, select The recipient is a member of...
14. In the Select Members window, select Managers, click add, and then click OK.
15. In the Do the following list box, select Forward the message for approval to...
16. In the Select Members window, select Holly Dickson, click add, and then click OK.
22. In the To field, type the email address of the new Microsoft account that you created for this course.
31. In the message body, type This message requires approval by Holly, and then click Send.
32. On LON-CL1, click Start, type Outlook, and then click Outlook 2016.
34. In Outlook, read the approval request, and then click Approve.
2. In the non-delivery reports window, click Browse, select Holly Dickson, click OK, and then click
Save.
7. In the If the message is sent to or received from list box, select A specific user or group...,
select Development, click add, and then click OK.
8. In the Journal the following messages list box, select All messages, and then click Save.
3. In the Message Trace results window, double-click the message sent to your Microsoft account.
4. Review the information in the message, including the message events that show that the disclaimer
was applied.
5. Click Close.
8. Click Close.
9. In the Message Trace Results window, click Close.
Results: After completing the exercise, you will have configured message-transport settings.
L7-57 Planning and Configuring Exchange Online Services
5. Select Notify administrator about undelivered messages from internal senders, and then in the
Administrator email address text box, type Holly@Adatumvsxxxx.virsoftlabs.com.
6. Select Notify administrator about undelivered messages from external senders, and then in the
Administrator email address text box, type Holly@Adatumvsxxxx.virsoftlabs.com.
7. Click Save.
5. In the add blocked IP address window, type 192.168.0.0/24, and then click OK.
6. Select Enable safe list, and then click Save.
4. In the High confidence spam list box, select Quarantine message, and then click Save.
6. In the new spam filter policy window, in the Name box, type Sales spam policy.
7. In the Spam list box, select Prepend subject line with text.
8. In the High confidence spam list box, select Move message to Junk Email folder.
9. In the Prepend subject line with this text text box, type Junk:.
10. Scroll to the bottom of the window, and under Applied To, in the If list box, select The recipient is a
member of, select Sales, click add, and then click OK.
11. Click Save.
L7-58 Planning and Configuring Exchange Online Services
5. In the body of the message, include the following text, and then click Send.
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
9. In the body of the message, include the following text, and then click Send.
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
10. On LON-CL1, in the Exchange admin center, click protection, and then click quarantine.
11. Verify that the message sent to Francisco is in quarantine, but the message sent to Kendra is not.
12. Click the message sent to Francisco, click Release Message, and then click Release selected
message(s) to All recipients.
Results: After completing this exercise, you should have configured anti-spam and antivirus settings.
3. In the new Outlook Web App mailbox policy window, in the Policy name text box, type
Limited features.
o Instant messaging
o Text messaging
o Unified messaging
o Journaling
5. Under Private computer or OWA for devices, clear the Direct file access check box, and then
click Save.
6. Click recipients, select Kendra Sexton, and then click Edit (pencil icon).
7. In the Kendra Sexton window, click mailbox features.
9. In the Outlook Web App mailbox policy window, click Browse, select Limited features, click OK,
and then click Save.
11. On LON-CL1, click Start, type Outlook and then click Outlook 2016.
17. In the Insert File window, browse to C:\Windows\Logs\DISM, select dism.log, and then click
Insert.
18. Click Send.
2. Click edit.
3. In the Exchange ActiveSync access settings window, select Quarantine Let me decide to block
or allow later.
4. Under Quarantine Notification Email Messages, click Add (+ icon), select Holly Dickson, click
add, and then click OK.
3. In the Default window, click security, and then select Require a password.
5. Select Minimum password length, enter a value of 4, and then click Save.
3. Your device will be placed into quarantine, and you must approve the device before you can send
and receive messages.
4. After you configure the Exchange ActiveSync account, the security settings from the mobile-device
mailbox policy will apply, and you may be prompted to create a password on your device.
5. When you finish your testing, you can delete the account from your mobile device.
Results: After completing this exercise, you should have configured client access policies.
L8-61 Planning and Deploying Skype for Business Online
2. On the Skype for Business Online, Windows PowerShell Module page, click Download.
4. In the license dialog box, select I agree to the license terms and conditions, and then click
Install.
5. In the User Account Control dialog box, click Yes.
6. After the installation completes, click Close.
4. At the Windows PowerShell prompt,, type the following command, and then press Enter:
$cred = Get-Credential
8. At the Windows PowerShell prompt, type the following command, and then press Enter:
Import-PSSession $SfbSession
9. At the Windows PowerShell prompt, type the following command, and then press Enter:
10. At the Windows PowerShell prompt, type the following command, and then press Enter:
Get-CsBroadcastMeetingConfiguration
Task 3: Configure the organization settings for Skype for Business Online
1. On LON-CL1, at the Windows PowerShell prompt, type the following command, and then press
Enter:
Notice the warning that you receive about enabling client version checking.
2. At the Windows PowerShell prompt, type the following command, and then press Enter:
3. To verify the privacy notification settings, type the following command, and then press Enter:
Get-CSPrivacyConfiguration
4. To verify the push notification settings, type the following command, and then press Enter:
Get-CSPushNotificationConfiguration
5. To allow users to communicate with public Skype users, type the following command, and then
press Enter:
6. To allow users to communicate with federated partners, type the following command, and then press
Enter:
7. To enable communication with all federated partners except for litware.com, type the following three
commands, and then press Enter after each command:
$AllDomains = New-CsEdgeAllowAllKnownDomains
8. To verify the tenant federation configuration, type the following command, and then press Enter:
Get-CsTenantFederationConfiguration
12. On the Home page, in the left pane, expand Admin centers, and then click Skype for Business.
13. On the Skype for Business admin center, on the left side, click organization.
14. On the general page, under presence privacy mode, verify that the setting is configured as
Display presence information only to a user's contacts.
15. Under mobile phone notifications, verify that Apple Push Notification Service is not enabled.
17. Under external access, verify that On except for blocked domains is selected.
18. Under blocked or allowed domains, verify that litware.com is listed as Blocked.
4. Click save.
5. At the Windows PowerShell command prompt, type the following command, and then press Enter:
Get-CsMeetingConfiguration
6. Verify that the HelpURL and CustomFooterText display the configured information.
12. In the Start time text box and End time text box, change the date to tomorrow's date.
16. Double-click the meeting and verify that the meeting contains the custom footer text and that the
help link reference to http://help.adatum.com.
Results: After completing this exercise, you should have configured Skype for Business Online service
settings.
L8-64 Planning and Deploying Skype for Business Online
7. In the Skype for Business admin center, on the left side, click users.
8. Verify that Christie Thomas is not listed as a Skype for Business user.
9. In the use list, select Maira Wenzel, and then in the right pane, click Edit (pencil icon).
10. On the general tab, under Audio and video, clear Record conversations and meetings.
11. On the left, click external communications, and clear External Skype users.
12. Click save.
13. In the user list, select Francisco Chaves, and then in the right pane, click Edit (pencil icon).
14. On the general tab, in the Audio and video list box, select Audio only.
15. Click save.
3. On the Add an Email Account page, click Next. If the Office installation wizard launches, wait for
the installation to finish, and then continue.
4. On the Auto Account Setup page, fill in the following information, and then click Next:
o Password: Pa$$w0rd
5. In the Windows Security dialog box, in the Password text box, type Pa$$w0rd.
7. Click Finish.
9. On the Start screen, type Skype, and then click Skype for Business 2016.
10. On the Welcome - Skype for Business dialog box, in the top right corner, click Skip for now.
11. In the Skype for Business window, sign in as Maira@Adatumvsxxxx.virsoftlabs.com with
password Pa$$w0rd. Leave Save my password enabled.
L8-65 Planning and Deploying Skype for Business Online
13. In the Help Make Skype for Business Better dialog box, click No.
14. On LON-CL1, verify that Outlook 2016 and Skype for Business 2016 are open.
15. In Outlook 2016, on the ribbon, click New Items, and then click Meeting.
16. In the Meeting window, click Skype Meeting.
21. In Skype for Business, in the Find someone text box, type Maira.
23. In the Maira Wenzel IM window, type Are you coming to the meeting?, and then press Enter.
24. On LON-CL4, verify that the IM from Holly is received
25. In the Holly Dickson IM window, type Yes, I was planning to, and press Enter.
26. In Outlook 2016, accept the meeting request from Holly Dickson.
27. Open the meeting, and then click Join Skype Meeting.
28. In the Join Meeting Audio dialog box, select Don't join audio, and then click OK.
30. On LON-CL1, open the meeting request, click Join Skype Meeting.
31. In the Join Meeting Audio dialog box, select Don't join audio, and then click OK.
33. In the meeting window, click the Present icon, and then click Present Desktop.
34. In the Present Desktop window, click Present.
36. On LON-CL4, verify that Holly Dickson's desktop is visible in the meeting window.
40. In the meeting request from Holly Dickson, click Accept, and then click Send the response now.
41. Click the App launcher icon (9 small squares) at the top of the window, and then click Calendar.
44. In the Skype for Business Web App window, click Sign in if you are an Office 365 user.
45. Close the Join Meeting Audio dialog box.
46. In the View presentation section, click Install to download and install the Skype for Business Web
App plug-in.
L8-66 Planning and Deploying Skype for Business Online
48. Verify that you can join the meeting and that Holly Dickson's desktop is visible.
49. Close Internet Explorer, and when prompted, click Leave this page.
Results: After completing this exercise, you should have configured Skype for Business Online user
settings and validated Skype for Business Online functionality.
o Duration: 1 hour
o Access: Secure
o Attendees: Maira, and then click Check names
5. Scroll back to the top of the window, and then click Create.
6. In the Skype Meeting Broadcast window, click Create Outlook invitation, and then click Open.
4. On the Auto Account Setup page, fill in the following information, and then click Next:
5. In the Windows Security dialog box, in the Password text box, type Pa$$w0rd. Select Remember
my credentials, and then click OK.
6. Click Finish.
7. On the Start screen, type Skype, and then click Skype for Business 2016.
8. In the Welcome - Skype for Business window, in the top right corner, click Skip for now.
11. In the Help Make Skype for Business Better dialog box, click No.
12. On the Start screen, type PowerPoint, and then click PowerPoint 2016.
17. In the Save As dialog box, ensure that the Documents folder is opened, and that the file name is
Presentation Skills.pptx, and then click Save.
18. Close PowerPoint 2016.
19. In Outlook, click the broadcast meeting request from Holly Dickson, and then click Accept.
20. In the Reminders pop-up window, double-click the Test broadcast meeting request.
24. In the Join Meeting Audio dialog box, select Don't join audio, and then click OK.
25. In the meeting window, click Present (monitor icon), and then click Present PowerPoint Files.
26. Browse to the Documents folder, select Presentation Skills.pptx, and then click Open.
27. In the right side of the meeting window, click Content only, and then click Start Broadcast.
30. On LON-CL4, signed in as Maira Wenzel, in Outlook 2016, accept the broadcast meeting request
from Holly Dickson.
31. Open the Test broadcast meeting request, and then click Join the Meeting.
35. On LON-CL3, in the broadcast window, click Stop Broadcast, and then click Stop Broadcast
again.
Results: After completing this exercise, you should have configured a broadcast meeting and verified
that users can join the meeting.
L9-69 Planning for and Configuring SharePoint Online
4. On the Home page, in the left navigation pane, expand Admin centers, and then click SharePoint.
7. Scroll down to the Enterprise Social Collaboration section, and then select Use Yammer.com
service.
8. Scroll down to the External sharing section, and ensure Allow both external users who accept
sharing invitations and anonymous access links is selected.
9. Scroll down, and click OK.
4. In the results, in the Account name column, right-click the account name for Brad Sutton, and then
on the menu click Edit My Profile.
5. In the Manager text box, type Holly, and then click the Check Names icon.
10. In the Secondary Owner text box, type Holly, and then click the Check Names icon.
3. In the Apps for Office from the Store section, select No to disable apps from starting when
documents are opened in the browser.
4. Click OK.
L9-70 Planning for and Configuring SharePoint Online
Results: After completing this exercise, you should have configured SharePoint Online service settings.
3. In the new site collection dialog box, in the Title section, type Marketing.
4. In the Web Site Address section, in the empty text box, type marketing.
5. In the Administrator section, type Holly, and then click the Check Names icon.
6. Click OK.
Note: SharePoint Online provisions the new marketing site. This process can take a few
minutes.
7. After the new marketing site is created, move the mouse in front of the
https://adatumvsxxxx.sharepoint.com/sites/marketing URL, and then select the appearing check
box.
Note: It can take a few minutes until the Sharing icon on the ribbon is active. You can
speed this up by pressing the Refresh icon on the Microsoft Edge menu bar.
9. In the Sharing dialog box, select Allow sharing with all external users, and by using
anonymous access links.
10. Scroll down, and click Save.
Note: The site settings changes to allow external user sharing. This process is usually
done within one minute. Now, external user sharing is enabled and you can use it for this
marketing site.
3. On the Choose the download you want page, select the check box for the 64-bit version with the
highest version number. Click Next.
9. On the Start screen, type SharePoint, and then right-click SharePoint Online Management Shell,
and click Run as administrator.
10. In the User Account Control dialog box, click Yes.
11. At the PowerShell prompt, type the following command, and then press Enter:
12. In the Sign in to your account dialog box, sign in as Holly@Adatumvsxxxx.virsoftlabs.com with
password Pa$$w0rd.
13. At the PowerShell prompt, type the following command, and then press Enter:
4. In the manage administrators dialog box, in the Site Collection Administrators section, after
Holly Dickson, type Brad, click the Check Names icon, and then click OK.
Note: The Maira Wenzel account does not have permission to access this site.
4. In the You need permission to access this site text box, type Please enable access for the new
marketing project. Thanks. and then click Request Access.
7. On the Marketing page, in the top right corner, click Settings (gear icon), and then near the bottom
of the menu, click Site settings.
8. On the Site Setting page, under User and Permissions, click Site permissions.
10. Under Pending Requests, for Maira Wenzel, right-click the user icon, and then click View Item.
11. Note the message from Maira Wenzel, and then click Close.
13. In the top right corner, click Settings (gear icon), and then click Site Settings.
14. On the Site Settings page, under User and Permissions, click Site permissions.
16. Verify that Maira Wenzel is added to the Marketing Members group.
17. Click New, and then click Add Users.
18. In the Share 'Marketing' dialog box, in the top text box, type Perry, and then click Perry Brill.
21. On the Microsoft Edge menu bar, on the right, click More (three dots icon), and then click
New InPrivate window.
22. In the InPrivate window, browse to https://adatumvsxxxx.sharepoint.com/sites/marketing.
26. Repeat the previous five steps to verify site access for:
o Perry@Adatumvsxxxx.virsoftlabs.com
o Brad@Adatumvsxxxx.virsoftlabs.com
Results: After completing this exercise, you should have created and configured SharePoint Online site
collections.
3. Verify that Allow both external users who accept sharing invitations and anonymous access
links is selected.
4. In the Sharing dialog box, select Allow sharing with all external users, and by using
anonymous access links.
Note: In the steps below, the lab steps specify the Microsoft account that you used to set
up Office 365, as the external user to invite to the site. However, that Microsoft account email
address is currently also configured as alternate email address for global administrator Holly
Dickson. To avoid that SharePoint recognizes the alternate email address, and sends the invite
to Holly Dickson instead, you must temporarily change the alternate email address for Holly
Dickson.
Alternatively, you can also use another Microsoft account email address in the lab steps below.
7. In the Office 365 admin center, on the Home page, click Users.
8. On the Active users page, click Holly Dickson.
14. On the Accounts Project site, in the top right corner, click SHARE.
15. In the Share 'Accounts Project' dialog box, in the top text box, type the email address of the
Microsoft account that you used to set up Office 365, and then in the drop-down list box, click your
email address.
Note that Holly Dickson may appear in the drop-down list box as well.
16. in the bottom text box, type You can now access this shared site on Adatum Publishing.
20. On the Documents page, click New, and then click Word document.
21. In the Word Online window, type (sample text) Marketing Plan for Next Year, and then press Enter.
Wait for Saved to appear in the document title bar.
24. In the Share 'Document' dialog box, click Get a link, and then in the drop-down list box, select
Edit link - no sign-in required.
25. In the text box, right-click the link text, and click Select All. Right-click the selected text, and then
click Copy.
L9-74 Planning for and Configuring SharePoint Online
27. In the SharePoint window, on the SharePoint menu bar, click the Apps icon (9 small squares), and
then click Mail.
28. If prompted, select your language and time zone, and then click Save.
29. In Outlook, click New.
30. In the To box, type the email address for your Microsoft account, and then in the Subject box, type
Shared Document.
31. Right-click in the message box, and then click Paste to paste the copied link text.
Note: The Inbox should show two emails from Holly Dickson (or Microsoft Online Services
Team).
4. In the Inbox, open the email message with subject Holly Dickson wants to share Accounts
Project.
11. Verify that you can access the Word document in Word Online, and then click Edit in Browser.
12. In the document, at the second line, type (sample text) - Increase social media presence, and then
press Enter. The updated document is saved to SharePoint.
14. In the Office 365 admin center, on the Holly Dickson page, in the Roles section, click Edit.
15. On the Edit user roles page, in the Alternative email address text box, remove "x" (without
quotes) in front of the email address.
Results: After completing this exercise, you should have configured a new site collection for external
user sharing, and you should have shared a site and a document with external users.
L10-76 Planning and Configuring an Office 365 Collaboration Solution
6. In the Yammer admin center, in the Network section, click Usage Policy.
7. On the Usage Policy page, select Require users to accept policy during sign up and after any
changes are made to the policy.
10. In the Enter your policy in the textbox below text box, type
Welcome to <b>Yammer</b><br>Please be nice!
13. In the left pane, next to Holly Dickson, click the Settings icon, and then click NETWORK ADMIN.
14. In the Yammer admin center, in the Network section, click Configuration.
15. In the Email Settings section, select A weekly digest of your group messages.
18. In the Yammer admin center, in the Content and security section, click Data Retention.
21. In the Yammer admin center, in the Content and security section, click Monitor Keywords.
22. On the Monitor Keywords page, in the Email address text box, type
Holly@Adatumvsxxxx.virsoftlabs.com.
23. In the next text box, type the following words, one per line: gambling, erotic, warez.
25. In the Yammer admin center, in the Network section, click Success.
L10-77 Planning and Configuring an Office 365 Collaboration Solution
27. In the middle pane, in the What are you working on? text box, type
Welcome to all Adatum users!
Task 2: Configure Yammer service settings, and enforce Office 365 identity
1. In Yammer, in the left pane, next to Holly Dickson, click the Settings icon, and then click
NETWORK ADMIN.
2. In the Yammer admin center, in the Content and security section, click Security Settings.
3. On the Security Settings page, scroll down to the Enforce Office 365 identity in Yammer section,
and then select the Enforce Office 365 identity in Yammer check box.
5. Click Save.
4. In the WHO DO YOU WORK WITH? dialog box, in the first text box, type Christie, and then click
DONE.
5. If needed, in the top right corner of the window, click X to close the dialog box.
7. Find the Welcome post from Holly Dickson in the post list.
9. In the Share This Conversation dialog box, on the Post in a Group tab, in the drop-down text box,
type All, and then select All Company. In the text box below, type Welcome from me too.
10. Click Share.
11. Scroll up, and in the What are you working on? text box, type free gambling here, and then click
Post.
12. Close Microsoft Edge.
L10-78 Planning and Configuring an Office 365 Collaboration Solution
13. On LON-CL1, in Microsoft Edge tab, in the Yammer window, click the Office 365 Apps icon (9 small
squares), and click Mail.
14. Verify that you received a message from Yammer with a report about monitored keyword
appearance in the Roman post.
15. Close Microsoft Edge.
Results: After completing this exercise, you should have enabled Yammer Enterprise for A. Datum.
2. In the Word window, in the top right corner, verify that Word is licensed to Roman Miler.
3. If Word is licensed to another account, click Switch account.
4. In the Accounts dialog box, click SIGN OUT, and then next to the account, click Sign out.
5. In the Remove Account notice, click Yes.
6. At the top right, click Sign in to get the most out of Office.
7. On the Sign in page, in the text box, type Roman@Adatumvsxxxx.virsoftlabs.com, and then click
Next.
8. On the Sign in page, in the Password box, type Pa$$w0rd, and then click Sign in.
15. In the OneDrive window, click New, and then click Word document.
16. In the Word Online window, type (sample text) Travel Journal, and then press Enter.
18. In the OneDrive window, click Sync, and then click Sync now.
19. In the Did you mean to switch apps? dialog box, click Yes.
20. In the Sync the library 'Documents' for Roman Miler? dialog box, click Sync Now.
24. Note that File Explorer opens and displays the location where the synchronized files will be stored.
Verify that the Word document has been synchronized to the local computer.
L10-79 Planning and Configuring an Office 365 Collaboration Solution
3. On the ribbon, click Home, click New folder, and then create a second new folder named Project
A.
4. Double-click the folder Private. Right-click in this folder, and on the context menu, click New, and
then click Microsoft Word Document. Name the document Holidays.docx.
5. Double-click Holidays.docx to open it, and then type some text. Save the changes, and then close
Microsoft Word.
6. See how the document icon in the taskbar changes from two blue arrows to a small green
checkmark icon after the synchronization process is complete. The document has been transferred
to the cloud storage automatically.
7. In the File Explorer window, navigate to OneDrive for Business in the navigation address line to
move one level up.
8. Double-click the folder Project A. Right-click in this folder, and on the context menu, click New, and
then click Microsoft Word Document. Name the document Project targets.docx.
9. Double-click Project targets.docx to open it, and then type some text. Save the changes, and then
close Microsoft Word.
10. Verify that the document synchronizes.
11. To view the files online, switch to the Microsoft Edge window. Refresh the view.
12. In the Files list, you should see your two folders, Private and Project A.
13. Navigate to the Private folder. Click the synchronized document Holidays.docx to open it in Word
Online.
14. Click Edit document, and then click Edit with Word Online. Add some text. The document is
saved automatically when Saved is displayed in the title bar.
15. In the menu bar right beside Word Online, click Roman Miler to return to OneDrive for Business.
16. The content of the Private folder changes, and you will see that you changed the document online.
The changed column shows that the document changed some seconds (or minutes) ago.
17. Switch back to File Explorer. Navigate to the folder Private, and then open Holidays.docx. You will
see that the changes you made in Word Online are synchronized back automatically.
2. Microsoft Edge opens. Open the Project A folder, right-click Project Targets.docx, and then click
Share.
SharePoint Online automatically opens a dialog box named Share Project targets.
3. The left navigation pane displays the link Invite people. In the text box, type Holly Dickson.
4. Ensure that the drop-down list on the right has Can edit selected, add a short message in the
message text box, and then click Share.
8. Click the message with the subject Roman Miler wants to share Project Targets.
12. In the Microsoft Edge window, right-click Project Targets, and then click Share on the menu bar.
13. Click Shared with, and then click Stop sharing to stop sharing this document. Click Stop sharing
again, and then click Close.
Results: After completing this exercise, you should have configured OneDrive for A. Datum.
6. In the New Group window, in the Type drop-down list box, verify that Office 365 group is selected.
7. In the New Group window, configure the following settings:
o Name: AdatumMarketing
2. At the PowerShell prompt, type the following command, and then press Enter:
$cred = Get-Credential
4. At the PowerShell prompt, type the following command, and then press Enter:
5. At the PowerShell prompt, type the following command, and then press Enter:
6. To create a new public Office 365 group named Planning Group, at the PowerShell prompt, type
the following command, and then press Enter:
7. To add user Holly Dickson as owner to group Planning Group, at the PowerShell prompt, type the
following command, and then press Enter:
8. To add user Francisco Chaves as member to group Planning Group, at the PowerShell prompt,
type the following command, and then press Enter:
2. In the left pane, click Planning Group, and then click Start a group conversation.
3. In the text area, type When is the next planning meeting?, and then click Send.
4. On the Planning Group menu bar, click Calendar, and then view the group calendar.
5. Click New.
7. Click Save.
8. click the Apps icon (9 small squares), and then click Mail.
L10-82 Planning and Configuring an Office 365 Collaboration Solution
10. On the Planning Group menu bar, click Files, and then wait for the files store to be created.
11. When you see Ready to go, click Take me to Planning Group files.
12. On the OneDrive page, click New, and then click Word document.
13. In the Word Online document, type Planning meeting topics, and then press Enter.
14. When you see Saved in the title bar, close the Microsoft Edge tab.
15. On the Planning Group menu bar, click Files, and verify that the document has been added to the
group.
26. On the Planning Group menu bar, click Files, and verify that you see the document in the files store.
Results: After completing this exercise, you should have configured Office 365 groups at A. Datum.
L11-83 Planning and Configuring Rights Managements and Compliance
5. On the Services & add-ins page, click Microsoft Azure Rights Management.
6. On the Microsoft Azure Rights Management page, click Manage Microsoft Azure Rights
Management settings.
$cred = Get-Credential
4. At the PowerShell prompt, type the following command, and then press Enter:
5. At the PowerShell prompt, type the following command, and then press Enter:
Import-PSSession $session
6. To set the IRM sharing location to the region of the tenant, at the PowerShell prompt, type the
following command, and then press Enter.
Note: In the first lab, you created a new Office 365 tenant and specified as country
United Kingdom. That is why the preceding command uses the IRM sharing location for
Europe, containing "eu" in the link.
7. To configure Azure RMS as a trusted publishing domain, at the PowerShell prompt, type the
following command, and then press Enter:
8. To enable IRM features for messages sent to internal recipients, at the PowerShell prompt, type the
following command, and then press Enter:
9. To test the confirmation, at the PowerShell prompt, type the following command, and then press
Enter:
10. At the PowerShell prompt, type the following command, press Enter:
Remove-PSSession $session
2. In the Word window, at the top right corner, click Switch account.
3. In the Accounts dialog box, click Add Account.
4. In the Sign in dialog box, type Holly@Adatumvsxxxx.virsoftlabs.com, and then click Next.
7. On the Start screen, type Outlook, and then click Outlook 2016.
9. In the new message, in the To text box, type Brad Sutton, and then click Check Names.
11. In the message body, type Did you hear about our merger with Contoso?.
12. On the Options tab, click Permission, and then click Connect to the Rights Management
Servers and get templates.
L11-85 Planning and Configuring Rights Managements and Compliance
18. On the Settings page, under Permissions and Management, click Information Rights
Management.
19. On the Information Rights Management Settings page, select Restrict permissions on this
library on download.
20. In the Create a permission policy title text box, type Marketing Policy.
21. In the Add a permission policy description text box, type Marketing policy for downloads.
23. Under Configure document access rights, select Allow viewers to write on a copy of the
downloaded document.
29. On the Outlook page, select your time zone, and then click Save.
30. Verify that you received an email from Holly Dickson that is IRM protected.
35. On the Documents page, click Document to open the document in Word Online.
36. In Word Online in the opened document, attempt to add text at the end of the document. Verify that
you get a message that the document is read-only.
Results: After completing this exercise, you will have configured Rights Management for Exchange
Online and SharePoint Online.
4. In the Office 365 admin center, in the left pane, expand Admin centers and then click
Security & Compliance.
5. In the Security & Compliance admin center, click Permissions.
6. On the Permissions page, select Compliance Administrator, and then click Edit (pencil icon).
9. Click Save.
11. On the Role Groups page, select Compliance Management, and then click Edit (pencil icon).
12. On the Compliance Management page, under Members, click Add (+ icon).
13. In the Select Members window, select Brad Sutton, click add, and then click OK.
14. Click Save.
20. On the left side, expand Reports, and then click View reports.
21. On the View reports page, click Office 365 audit log report.
22. On the Audit log search page, click Start recording user and admin activities, and then click
Turn on
23. Close Microsoft Edge.
Brad is a member of the Compliance Administrator role, so he can connect to the protection website.
3. In the Security & Compliance admin center, in the left pane, expand Data management, and then
click Archive.
4. In the Archive window, select Christie Thomas, and then press Ctrl and select Jessica Jennings.
7. Click Close.
8. On the Archive page, click Refresh (recycle icon), and then in the Archive mailbox column, verify
that Christie Thomas and Jessica Jennings have been enabled for an archive mailbox.
L11-87 Planning and Configuring Rights Managements and Compliance
3. On the Retention Tags page, click New tag (+ icon), and then select applied automatically to
entire mailbox (default).
4. In the new tag window, in the Name text box, type Research User 1 year move to archive.
7. Click Save.
8. On Retention Tags page, click New tag (+ icon), and then select applied automatically to entire
mailbox (default).
9. In the new tag window, in the Name text box, type Default 2 years move to Deleted Items.
10. Under Retention action, select Delete and Allow Recovery.
11. Under Retention period, in the text box, type 730.
14. In the new tag window, in the Name text box, type Purge Deleted Items 30 days.
15. In the Apply this tag to the following default folder drop-down list box, select Deleted Items.
24. On Retention Tags page, click New tag (+ icon), and then select applied by users to items and
folders (personal).
25. In the new tag window, in the Name text box, type Never archive.
30. On the Retention page, click Manage retention policies for mailboxes.
32. On the new retention policy page, in the Name text box, type Research MRM Policy.
34. In the select retention tags window, press Ctrl and click the following retention tags:
o 1 Year Delete
o 2 Year Delete
o 6 Month Delete
o Never Delete
2. If the creation of the default policy takes a long time, then on the Microsoft Edge tool bar, click
Refresh, and then click Manage document deletion policies for SharePoint Online and
OneDrive for Business again.
3. On the SharePoint Compliance Policy Center page, click Sample Document Policy.
4. On the Sample Document Policy page, in the Policy name text box, change the name to
Marketing Document Policy.
6. In the New deletion rule dialog box, in the Name text box, type Delete Messages at 7 Years.
9. Configure Time period after which the document will be deleted as 7 Years.
13. On the Compliance Policy Center page, on the left side, click Policy Assignments for Site
Collections.
14. On the Policy Assignments for Site Collections page, click new item.
15. On the New: Site Collection Assignment page, click First choose a site collection.
16. In the Choose a site collection dialog box, in the search box, type Marketing, and then click the
Search icon.
17. Select the Marketing check box, and then click Save.
18. On the New: Site Collection Assignment page, click Manage Assigned Policies.
19. In the Add and manage policies dialog box, select the Marketing Document Policy check box,
and then click Save.
20. On the New: Site Collection Assignment page, select Mark Policy as Mandatory, and then click
Save.
25. On the Which mailboxes do you want to include? page, click Add (+ icon).
26. On the Select Mailbox page, select Francisco Chaves, click add, and then click OK.
27. Click Next.
28. On the Which SharePoint Online or OneDrive for Business sites do you want to include?
page, click Add (+ icon).
29. On the Choose sites page, in the site's URL text box, type
https://adatumvsxxxx.sharepoint.com/sites/AcctsProj/, click add, and then click OK.
Note: if validating the site URL takes a long time, then click Cancel, and try to add the site again.
31. On the What do you want to look for? page, in the text box, type Contract.\
32. Select the Start date check box, and then pick a date that is two days ago.
33. Leave the End date check box cleared, and then click Next.
34. On the How long do you want to preserve the content? page, in the Time frame to preserve
content drop-down list box, select 7 years, and then click Next.
35. On the Do you want to turn on Preservation Lock? page, ensure that No is selected, and then
click Next.
36. On the Do you want to turn on this policy after it is created? page, ensure that Turn it on is
selected, and then click Next.
2. On the Data loss prevention page, click New DLP policy from template (+ icon).
3. On the What information do you want to protect? page, ensure that Custom is selected, and
then click Next.
4. On the Which services do you want to protect? page, ensure that All SharePoint Online sites
and All OneDrive for Business sites are selected, and then click Next.
5. On the Customize rules page, click New DLP rule (+ icon).
7. In the condition drop-down list box, select Content contains sensitive information.
9. In the Sensitive information types window, select IP address, click add, and then
click OK.
10. On the New DLP Rule page, on the left side, click Actions, and then click Add actions.
14. Select Send an incident report to these people when this rule is matched, and then click
Add people.
15. In the Select Members dialog box, select Christie Thomas, click add, and then click OK.
16. On the New DLP Rule page, on the left side, click General.
17. In the Name text box, type IP address check, and then click OK.
18. On the Customize rules page, click Next.
19. On the New DLP policy page, in the Name text box, type Test DLP policy.
20. Select Send notifications and Policy Tips to end users.
2. On the Policy Mode page, click New (+ icon), and then select New custom DLP policy.
3. On the new custom DLP policy page, in the Name text box, type Test DLP policy for email.
4. Under Choose a mode for the requirements in this DLP policy, select Enforce.
5. Click Save.
6. On the Policy Mode page, ensure that Test DLP policy for email is selected, and then click Edit
(pencil icon).
7. On the Test DLP policy for email page, on the left side, click rules.
8. Click New (+ icon), and then click Block messages with sensitive information unless the sender
overrides.
L11-91 Planning and Configuring Rights Managements and Compliance
9. On the new rule page, on the right side, click Select sensitive information types.
10. On the Contains any of these sensitive information types page, click Add (+ icon), select
IP address, click add, and then click OK.
13. On the Select Members page, select Christie Thomas, and then click OK.
16. In the select RMS template dialog box, ensure that A. Datum - Confidential View Only is
selected, and then click OK.
17. On the new rule page, select Activate this rule on the following date, and leave the current date
and time configured, and then click Save.
18. In the Warning dialog box, click OK.
6. Click Send.
7. Note that Microsoft Outlook sends back a non-delivered message.
8. Click the message from Microsoft Outlook, and then review the message content.
3. Click the message from Brad Sutton with the subject Server IP address.
4. Verify that the message is protected with Microsoft Information Protection and that you cannot open
the attachment in Microsoft Edge.
5. Close Microsoft Edge.
11. Verify that a folder named In-Place Archive Christie Thomas has been created.
12. Click the newest message in the mailbox, and then verify that it is a report on the message sent with
the Server IP address subject.
Results: After completing this exercise, you will have implemented the Office 365 compliance features.
L12-93 Monitoring and Troubleshooting Office 365
3. Right-click in the body text of the message, and then click Select All.
8. Under Message Header Analyzer, right-click in the text area, and then click Paste.
Note the diagnostic information and the time taken for the message to be rejected.
6. Click Send.
L12-94 Monitoring and Troubleshooting Office 365
2. Right-click in the body text of the message, and then click Select All.
3. Right-click the blue selected text, and the click Copy.
8. Note the diagnostic information and the time taken for the message to be rejected.
2. If the Are you sure you want to leave this page? dialog box appears, click Leave this page.
3. On the Office 365 Home page, in the left pane, expand Admin centers, and then click Exchange.
4. In the Exchange admin center, in the left pane, click mail flow.
9. In the Select Members dialog box, select Holly Dickson, click add, and then click OK.
10. Click Search.
11. In the Message Trace Results window, notice the two found messages.
12. Select the failed message to user@alt.none, and then click Details (pencil icon).
Notice the Message Events (Receive, Submit, Journal, etc.), and the Additional Properties (Message
ID, Message size, IP address information)
13. Double-click each message to view the sender, recipient, message size, ID, and IP address
information.
Results: After completing this exercise, you should have used the Message Header Analyzer to identify
why email failed to deliver.
4. Click any entry in the calendar that is colored yellow to see further details about an incident. Details
appear below the calendar.
Note: There might be little or no data shown because there is not much mailbox usage in
the lab environment.
3. On the Email activity page, scroll down to see the User details table.
4. In the left pane, expand Reports, and then click Security & compliance.
5. On the Security & compliance page, in the Protection section, click Malware detections.
Results: After completing this exercise, you should have monitored the health of Office 365 services and
viewed reports in the Office 365 admin center.
L13-96 Planning and Configuring Identity Federation
2. At the Windows PowerShell prompt, type the following command, and then press Enter:
Get-ADForest
3. Verify that the domain Adatumvsxxxx.virsoftlabs.com is listed as one of the UPN Suffixes for the
local Active Directory Forest. That is the domain that will be federated with Office 365.
4. At the Windows PowerShell prompt, type the following command, and then press Enter:
certlm.msc
5. In the Certificates console for the local computer, in the left pane, expand Personal, and then select
Certificates.
Notice that in the lab environment, a publicly issued wildcard certificate (*.virsoftlabs.com) for the
virsoftlabs.com domain is already loaded on LON-DC1. Office 365 trusts this certificate when
connecting to the AD FS public endpoint in the lab environment.
7. At the Windows PowerShell prompt, type the following command, and then press Enter:
ping publicip.virsoftlabs.com
The command returns the public IP address provided by the lab hosting platform, which you should
use for this lab. External clients connect to this IP address to access the AD FS server through the
AD FS Proxy. Note that the DNS name publicip.virsoftlabs.com is only used in this lab exercise,
the DNS name is not used by the AD FS software.
L13-97 Planning and Configuring Identity Federation
8. At the Windows PowerShell prompt, type the following command, and then press Enter:
ipconfig
The command returns the private IP address (172.16.0.10) of LON-DC1 where AD FS will be
installed. Later in this exercise, you will configure the AD FS Proxy (on LON-WAP1) to forward
AD FS network traffic to this IP address.
9. Open Server Manager, and then on the Tools menu, click DNS.
10. In DNS Manager, expand LON-DC1, expand Forward Lookup Zones, and then select
Adatumvsxxxx.virsoftlabs.com.
11. Right-click Adatumvsxxxx.virsoftlabs.com, and then click New Host (A or AAAA).
12. In the New Host dialog box, provide the following information, click Add Host, and then click OK.
2. At the Windows PowerShell prompt, type the following command, and then press Enter:
Get-KdsRootKey
The Add-KdsRootKey command creates a root key that is needed by the Key Distribution Service
(KDS) to generate and maintain the password for a Group Managed Service Account (gMSA),
instead of manually creating and maintaining a new service account to run the AD FS service. To
allow for replication between multiple domain controllers, a new KDS root key is not available until
10 hours after creation. In a single DC environment, you can safely set the "effective time" 10 hours
in the past, so that the root key is available immediately.
3. In Server Manager, on the Dashboard page, click Add Roles and Features.
4. In the Add Roles and Features Wizard, on the Before you begin page, click Next.
5. On the Select installation type page, select Role-based or feature-based installation, and then
click Next.
6. On the Select destination server page, ensure that LON-DC1.Adatum.com is selected, and then
click Next.
7. On the Select server roles page, select Active Directory Federation Services, and then click
Next.
9. On the Active Directory Federation Services (AD FS) page, click Next.
11. When the installation is completed, on the Installation progress page, click Close.
12. In Server Manager, click the Notifications icon (flag and exclamation mark icon), and then click
Configure the federation service on this server.
13. In the Active Directory Federation Services Configuration Wizard, on the Welcome page, ensure
that Create the first federation server in a federation server farm is selected, and then click
Next.
14. On the Connect to Active Directory Domain Services page, click Next.
15. On the Specify Service Properties page, use the following settings, and then click Next:
20. When the configuration completes, on the Results page, click Close.
2. At the Windows PowerShell prompt, type the following command, and then press Enter:
certlm.msc
3. In the Certificates console for the local computer, in the left pane, expand Personal, and then select
Certificates.
In the lab environment, the publicly issues wildcard certificate *.virsoftlabs.com is already loaded
on LON-WAP1.
4. Close the Certificates console.
5. At the Windows PowerShell prompt, type the following command, and then press Enter:
L13-99 Planning and Configuring Identity Federation
ipconfig /all
Notice that the LON-WAP1 server represents a Web Application Proxy (WAP) server in a corporate
DMZ area. It is not configured with the DNS address of the internal domain. You must edit the local
hosts file, so that the AD FS service name (Adatumvsxxxx.virsoftlabs.com, or
fs.Adatumvsxxxx.virsoftlabs.com, etc.) can resolve to the AD FS server on the internal network.
6. At the Windows PowerShell prompt, type the following command, and then press Enter:
notepad.exe C:\Windows\System32\drivers\etc\hosts
7. At the end of the hosts file, on a separate line, add the following text:
172.16.0.10 Adatumvsxxxx.virsoftlabs.com
8. Close Notepad, and click Save to save the changes to the hosts file.
The result confirms that the LON-WAP1 server can now correctly resolve the
Adatumvsxxxx.virsoftlabs.com name, and connect to the AD FS server on the internal network.
11. Close Internet Explorer.
12. Open Server Manager, and then on the Dashboard page, click Add Roles and Features.
13. In the Add Roles and Features Wizard, on the Before you begin page, click Next.
14. On the Select installation type page, select Role-based or Feature-based installation, and then
click Next.
15. On the Select destination server page, ensure that LON-WAP1 is selected, and then click Next.
16. On the Select server roles page, select Remote Access, and then click Next.
19. On the Select role services page, select Web Application Proxy.
20. In the Add features that are required for Web Application Proxy? dialog box, click
Add Features, and then click Next.
22. When the installation is complete, on the Installation progress page, click Close.
2. In the Web Application Proxy Configuration Wizard, on the Welcome page, click Next.
3. On the Federation Server page, use the following settings and then click Next:
o Password: Pa$$w0rd
4. On the AD FS Proxy Certificate page, select the *.virsoftlabs.com certificate, and then click Next.
7. In the Remote Access Management Console, in the left pane, select Operations Status.
8. In the middle pane, for AD FS Proxy, confirm that the Status is Working.
9. Close the Remote Access Management Console.
Results: After completing this exercise, you should have deployed the AD FS server in a federation
server farm, and deployed the Web Application Proxy server to support AD FS.
6. On the Holly Dickson page, in the Email address section, click Edit.
7. On the Edit email addresses page, under User name, change the user name suffix to
Adatumvsxxxx.onmicrosoft.com.
Note: Holly Dickson cannot change the Adatumvsxxxx.virsoftlabs.com to a federated domain if she
is logged in using an account from this domain.
L13-101 Planning and Configuring Identity Federation
10. At the Windows PowerShell prompt, type the following command, and then press Enter:
Connect-MsolService
12. At the Windows PowerShell prompt, type the following command, and then press Enter:
Get-MsolDomain
13. Verify that your lab domain Adatumvsxxxx.virsoftlabs.com is listed as Verified and Managed.
14. At the Windows PowerShell prompt, type the following command, and then press Enter:
Note: The Set-MsolAdfsContext command sets up a remote connection to the AD FS server. The
command is not really needed when the AD FS server is the local computer.
15. At the Windows PowerShell prompt, type the following command, and then press Enter:
16. Verify that you get a Successfully updated 'Adatumvsxxxx.virsoftlabs.com' domain message.
17. At the Windows PowerShell prompt, type the following command, and then press Enter:
Get-MsolDomain
18. Verify that your lab domain Adatumvsxxxx.virsoftlabs.com is now listed as Verified and
Federated.
19. At the Windows PowerShell prompt, type the following command, and then press Enter:
Results: After completing this exercise, you should have enabled a federation trust between your on-
premises Active Directory domain and Office 365 through your AD FS federation server, and you should
have converted your domain for federated authentication in Office 365.
3. In the Email or phone text box, type Brad@Adatumvsxxxx.virsoftlabs.com, and then press the
Tab key.
4. Verify that you are redirected to the Adatum Corporation sign in page.
Note: If you are not redirected to the Adatum Corporation page, sign in and sign out, or wait a few
minutes for Office 365 to be updated, and try again.
L13-102 Planning and Configuring Identity Federation
5. In the password text box, type Pa$$w0rd, and then click Sign in.
7. In the Office 365 portal, in the top left corner, click the user icon, and then click Sign out.
Results: After completing this exercise, you should have verified SSO authentication to Office 365 for a
user on your corporate network and for a user on your host computer that is connected to the Internet.
Connect-MsolService
Get-MsolDomain
4. Verify that your lab domain Adatumvsxxxx.virsoftlabs.com is now listed as Verified and
Federated.
5. At the Windows PowerShell prompt, type the following command, and then press Enter:
6. At the Windows PowerShell prompt, type the following command, and then press Enter:
Note: If you enable user conversion, then a text file will be created containing the new temporary
passwords of the Office 365 users. But even when you skip user conversion, you must specify the
password file parameter in this PowerShell command.
8. At the Windows PowerShell prompt, type the following command, and then press Enter:
Get-MsolDomain
9. Verify that your lab domain Adatumvsxxxx.virsoftlabs.com is listed as Verified and Managed.
Note: when logging on to Office 365 again, it may take a few minutes before users are not redirected
to the Adatum Corporation sign in page anymore.