DECK 1 Flashcards
Ensure future mailboxes in a tenant use a certain email address. Use ….-EmailAddressPolicy
Update-OfflineAddress Book command does as it says.
-Set
Have a hybrid enviro. SSPR fails. Users told to contact admin. Why happening? Reason is Password write-back needs…
Wanna change account lockout time? change what?
-to be configured to allow on premise AD acct to utilize SSPR
-Reset account lockout counter after
Defender’s Alert classification tool allows defining what?
What DNS record must be created when adding a domain name for a project?
How to ensure users can authenticate to cloud if AD unavailable?
-rule that trigger true or false matches
-TXT to verify an entity has control over whatever DNS records
-password hash sync and sso
pass through auth is simple and doesn’t store passwords in cloud
pass through access goes from cloud to AD, password hash sync goes from?
PHS is true SSO because auth takes place in Azure AD without?
-AD to cloud
-communicating back to on premises
Security Readers can ONLY view things in Microsoft Purview. What can they view?
Role manages spam, notifications, false positive reporting etc
Role manages retention of records
-Compliance reports (DLP, Audits, Threat protection)
-Hygiene Management
Records Management
import on prem LDAP directory users into 365 with a .csv file. Required properties are?
User can view advisories in message center service health issues with what role?
-username and display name
-service support admin
difference between eligible assignments and active?
Microsoft recommends approval process for eligible members because?
-eligible= must activate to use role, active= can use role right away
-assignments active w/out approval= security risk
if in Tenant properties, no global privacy contact listed, who MS contact if there’s a data breach?
Only this role can add domains into tenants?
365 Business Premium licenses can be singly assigned.
-Global admin
-Global admin
Pass hash auth is set to never expire meaning users can continue to access cloid with expired creds. But…
Dont want to enforce AD pword policies AND have sign in type not native to Entra? Use what auth?
When a password changes with password hash sync on premises, the changes happens ALSO in the cloud.
-must change password when back on corpnet.
-Password Hash sync
Password hash sync has sign in recovery and leaked…
Pass thru auth enforces what during sign in?
-credential reports
User level AD security policies
remove user’s from restricted entities list in Microsoft…
what action can be performed to limit what departments can/can’t click on links?
-Defender
-safe links policy
Security Admins have less privilege than Organization management role.
Correct policy type to send admins email when a user receives email w/malware?
-alert
What does the configuration analyzer do?
modern authentication changes exchange auth settings via MFA and…
Microsoft recommends turning off basic auth
-compare exchange online protection policies to MS recommendations
-conditional access
Azure Premium P1 is used to set up what kind of access?
-conditional
Pass through authentication has agents that connect outbound to
Microsoft 365 Defender has a service call’d Microsoft Defender for…
Microsoft Entra
-Identity
CONNECT ON PREMISES w/ENTRA TENANT via AZURE AD CONNECT
-Contoso.local is a default name and needs to be changed to a custom domain name on MS Entra portal
-Create local UPN suffix where?
-user logon names (also known as….) need to change to match Entra tenant domain name.
-on local Active Directory
-UPN
By default, Azure AD Connect syncs…
-The…dashboard shows recommendations and advisories to keep apps safe and working
-ALL OBJECTS
-Health
SERVICE HEALTH (found in “HEALTH” tab in 365 Admin Center)
- can untick what you don’t want to see notifications about
-can also see history of…
WINDOWS REALEASE ISSUES
-is found where?
-issues
-health tab in 365 admin center
Tool that identifies and remedies object errors in prep for AZURE AD/ENTRA migration
-Users using said tool can be as lowly as domain users. Won’t be able to edit anything, due to…
-IdFix
-POLP
Support and Recovery Assistant checks what?
….labels can be applied to any user/email, security, 365 or distribution group within Entra.
-DNS and mail flow ensuring mail polices work fine.
-Sensitivity
MICROSOFT PURVIEW
-need to enable co-authoring of files w/sensitivity labels in Entra. go where in purview?
-Need to auto encrypt files in Sharepoint and OneDrive. Go where in Purview?
create DLP policy that applies to all available locations. Use what policy?
-Settings
-Information protection
-Sensitive info types
Microsoft….require TWO retention policies (private and public channel chats)
OneDrive, Exchange, and Sharepoint can all have a single retention policy covering them all
-Teams
Defines sensitive data based on existing data samples
With DLP, owners can see ALL files, regardless of rule. Also, ….file types are not supported by DLP
(important to know what files types are supported by DLP)
-trainable classifier
-bmp
IdFix tells you about sync problems when syncing on premise with Entra but it doesn’t…
Password admins can reset the passwords of who only?
-remediate. It tells YOU how to remediate
-non admins and other Password admins
