MS-900 Flashcards
Microsoft Graph
gateway to data for m365
M365 is new term,
M365 is new term, since it’s more than just office. (security and online services). O365- came from Microsoft Business and Productivity Suite (BPOS)
M365 = O365 + Windows, and Enterprise Mobility + Security
Microsoft Planner
is a light weight PM/Kanban board
For simple projects. Before ms project
Microsoft Bookings
SAAS calendar management
Microsoft Viva
my.ge.com . Also includes Glint which is a feedback tool and priority setting. And a learning platform.
* Can get insights froM MS Teams and Email
Microsoft Yammer
Enterprise social network
Microsoft Intune -
cloud based endpoint management (can also deploy office)
Configuration Manager
on premise management of desktops; can deploy office suite
Co-management
connecting config manager to 365 to use conditional access
Tenant attached -
store your devise record in the cloud
Tenant attach makes the Microsoft Intune admin center your console in the cloud. The architecture allows the Configuration Manager site to synchronize data about the device and the user to your Intune tenant.
Windows Autopilot
- cloud native services that set up devices
Desktop as a Service
W365 Virtual Desktop verse Azure Virtual Desktop. W365 includes o365 and is fixed price. Azure more dev focused allowing for multi sessions.
Windows as a service
Instead of major Windows releases every few years, it updates semi annually
M365 Admin
add users, manager 365, adoption scores and usage, other reporting on endpoints/secuirty etc
Microsoft 365 Defender
View information about security trends and track the protection status of your identities, data, devices, apps, and infrastructure in the Security admin center through Microsoft 365 Defender.
Entra ID
FORMERLY AAD , AAD –> Azure ID –> ID Connect, Oauth 2, SAML WS fed
Tenant (or directory)-
a dedicated instance of Microsoft Entra ID that an organization or app developer receives at the beginning of a relationship with Microsoft.
B2b Colab
just login, guest on your aad
B2B Direct Connect
a trust with login ability to share
Managed Identities
Managed identities are a type of service principal that are automatically managed in Microsoft Entra ID and eliminate the need for developers to manage credentials.
Service Principal
Service principals are used by applications or services to access Azure resources but application developers must manage and protect the credentials.
Microsoft Entra RBAC
Microsoft Entra roles control access to Microsoft Entra resources such as users, groups, and applications.
Azure RBAC
Azure roles control access to Azure resources such as virtual machines or storage using Azure Resource Management.
Types of ‘SECURE Login’
- Oath provides one time passcodes
- Fido2 new standard for USB badges blue tooth ‘hello’ capabialbies
- SSPR - self service password reset
- Multifator
- Something you know – typically a password or PIN and
- Something you have – such as a trusted device that’s not easily duplicated, like a phone or hardware key or
Something you are – biometrics like a fingerprint or face scan.
PIM
Privilege Identity Management - just in time super user access, audits
Identity Protection
is a tool that allows organizations to utilize security signals to identify potential threats.
Permissions Management
Permissions Management allows multicloud discovery, remediation, and monitoring of privileged access across Azure, AWS, and GCP.
What is the difference between Network Security Groups (NSGs) and Azure Firewall?
Now that you’ve learned about both Network Security Groups and Azure Firewall, you may be wondering how they differ, as they both protect Virtual Network resources. The Azure Firewall service complements network security group functionality. Together, they provide better “defense-in-depth” network security. Network security groups provide distributed network layer traffic filtering to limit traffic to resources within virtual networks in each subscription. Azure Firewall is a fully stateful, centralized network firewall as-a-service, which provides network and application-level protection across different subscriptions and virtual networks.
Microsoft Purview
Microsoft Purview compliance portal is the portal for organizations to manage their compliance needs using integrated solutions for information protection, data lifecycle management, insider risk management, auditing, and more
What is the difference between Compliance Manager and compliance score?
Compliance Manager is an end-to-end solution in the Microsoft Purview compliance portal to enable admins to manage and track compliance activities. Compliance score is a calculation of the overall compliance posture across the organization. The compliance score is available through Compliance Manager.
Service Trust Portal (STP)
The Service Trust Portal (STP) is Microsoft’s public site for publishing audit reports and other compliance-related information associated with Microsoft’s cloud services.
Priva Privacy Risk Management
Priva Privacy Risk Management, which provides visibility into your organization’s data and policy templates for reducing risks; and
Priva Subject Rights Requests
which provides automation and workflow tools for fulfilling data requests.
Microsoft’s approach to privacy is built on the following six principles:
- Control: Putting you, the customer, in control of your data and your privacy with easy-to-use tools and clear choices. Your data is your business, and you can access, modify, or delete it at any time. Microsoft will not use your data without your agreement, and when we have your agreement, we use your data to provide only the services you have chosen. Your control over your data is reinforced by Microsoft compliance with broadly applicable privacy laws and privacy standards.
- Transparency: Being transparent about data collection and use so that everyone can make informed decisions. We only process your data based on your agreement and in accordance with the strict policies and procedures that we’ve contractually agreed to. When we deploy subcontractors or subprocessors to perform work that requires access to your data, they can perform only the functions that Microsoft has hired them to provide, and they’re bound by the same contractual privacy commitments that Microsoft makes to you. The Microsoft Online Services Subprocessor List identifies authorized, subprocessors, who have been audited against a stringent set of security and privacy requirements in advance. This document is available as one of the data protection resources in the Service Trust Portal.
- Security: Protecting the data that’s entrusted to Microsoft by using strong security and encryption. With state-of-the-art encryption, Microsoft protects your data both at rest and in transit. Our encryption protocols erect barriers against unauthorized access to the data, including two or more independent encryption layers to protect against compromises of any one layer. All Microsoft-managed encryption keys are properly secured and offer the use of technologies such as Azure Key Vault to help you control access to passwords, encryption keys, and other secrets.
- Strong legal protections: Respecting local privacy laws and fighting for legal protection of privacy as a fundamental human right. Microsoft defends your data through clearly defined and well-established response policies and processes, strong contractual commitments, and if necessary, the courts. We believe all government requests for your data should be directed to you. We don’t give any government direct or unfettered access to customer data. We will not disclose data to a government or law enforcement agency, except as you direct or where required by law. Microsoft scrutinizes all government demands to ensure they’re legally valid and appropriate. If Microsoft receives a request for your data, we’ll promptly notify you and provide a copy of the request unless legally prohibited from doing so. Moreover, we’ll direct the requesting party to seek the data directly from you. Our contractual commitments to our enterprise and public sector customers include defending your data, which builds on our existing protections. We’ll challenge every government request for commercial and public sector customer data where we can lawfully do so.
- No content-based targeting: Not using email, chat, files, or other personal content to target advertising. We do not share your data with advertiser-supported services, nor do we mine it for any purposes like marketing research or advertising.
Sensitivity labels
Sensitivity labels enable you to apply to content like emails and documents, much like different stamps can be applied to physical documents. Instead, use sensitive information types to identify specific types of information such as credit card numbers. –>Microsoft provides built-in sensitive information types that you can use to identify data such as credit card numbers.
Microsoft Purview Communication Compliance
Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance (for example, SEC or FINRA) and business conduct violations such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.
eDiscovery (Premium)
The eDiscovery (Premium) solution allows you to collect and copy data into review sets, where you can filter, search, and tag content so you can identify and focus on content that’s most relevant.
Audit (Standard)
Audit (Standard) provides with you with the ability to log and search for audited activities and power your forensic, IT, compliance, and legal investigations.
Microsoft 365 Business
Microsoft 365 Business is designed for companies with under 300 employees
Symmetric
Symmetric is the same key encrypt and decrypt
Asymmetric
Asymmetric one can decrypt one to encrypt (a pair). If you send me a message, you encrypt with my public key and only I can decrypt with my private key.
Viva Connections
Viva Connections - stay connecting with each other via SharePoint and Yammer
Viva Insights
Viva Insights - daily email of how to optimize you and your team
Viva Topics
Viva Topics - Knowledge Base/my.ge.com
Viva Learning
Viva Learning - my Learning
AD Connect
AD Connect –> Allow on prem items to use AAD (aka Entra)
Cloud Sync
Cloud Sync –> Sync local AD with AAD (aka Entra)
Configuration Manager
Configuration Manager - more focused on prem
Co-management
Co-management- use Intune and Config Manager
Windows Update for Biz
Windows Update for Biz Is really just Window Update
Office Deployment Tool (ODT)
Office Deployment Tool (ODT) - is a command-line tool that you can use to download and deploy Click-to-Run versions of Office, such as Microsoft 365 Apps for enterprise, to your client computers
Office Portal
where users can go and download apps
CIA
Confidentiality - protecting sensitive data
Integrity - don’t get compromised
Availability-
Data Residency
Data Residency - where is the data physically located
Data Sovereignty
Data Sovereignty - which countries law is the data subject two
Microsoft 365
Microsoft 365 -
Microsoft 365 is available as a subscription-based service and provides Microsoft apps for employees to use online and offline.
Zero Trust security principles for Microsoft 365.
Network-based protection relies on such components as internal segmentation and micro-segmentation. Granularity in apps-based protection is typically based on roles. Device-based protection relies on device risk and compliance state. Infrastructure-based protection relies on such components as just-in-time (JIT) and version control.
Defender for Identity
Defender for Identity is a solution that uses the Active Directory data as signals to identify suspicious activities.
Defender for Office 365
Defender for Office 365 protects against threats in email messages.
Defender for Cloud Apps
Defender for Cloud Apps operates as an intermediary between the cloud user and cloud provider, mediating the requests sent to the cloud providers.
Defender for Endpoint
Defender for Endpoint is used to protect devices (endpoints), integrating with Microsoft Intune, Defender for Cloud, and other services.
Hunting
Hunting is part of the Microsoft 365 Defender portal that allows the security professionals to proactively search for undetected threats across the users’ devices and applications.
Incidents and alerts in the Microsoft 365 Defende
Incidents and alerts in the Microsoft 365 Defender portal represent detected potential threats.
Secure score in the Microsoft 365 Defender portal
Secure score in the Microsoft 365 Defender portal represents the company’s security posture.
Threat analytics in the Microsoft 365 Defender portal
Shows your threats and what you could do about them for YOUR environment
Threat analytics in the Microsoft 365 Defender portal provides the interface to identify threat intelligence information analyzed by Microsoft security researchers.
Enclaves
Enclaves use cryptography to create a secure lockbox that protects non-persistent data. MEMORY
Encryption at rest protects data stored at persistent storage such as disks and databases. Hashing converts text to an exclusive value with a fixed length. It is used to verify authenticity of files and store passwords. Private key is a component of public key infrastructure (PKI), used together with a public key. It is often used for encryption in transit such as for HTTPS.
Federated authentication
Federated authentication is a recommended authentication for companies with complex requirements that cannot be met by Microsoft Entra ID. User authentication validation happens on the company’s Active Directory single sign-on (SSO) with smart cards or certificates, which is supported through federated authentication.
Limitations of Password hash and passthrough
Password hash synchronization, pass-through authentication, and password less authentication do not support SSO with smart cards or certificates.
Password hash
Password hash synchronization enables users to sign in to on-premises and cloud applications using the same password. This ensures that the user’s authentication takes place in Microsoft Entra ID rather than the company’s on-premises Active Directory.
Pass-through authentication
Pass-through authentication enables users to sign in to on-premises and cloud applications using the same password. This authentication type validates the user’s password against the company’s on-premises Active Directory, not Microsoft Entra ID. Passwordless authentication is a more convenient way to authenticate because passwords are completely removed and replaced by something you have, something you are, or something you own.
Defender for Office 365
The service to use for email messages
Defender for Identity
protects against compromised identities and malicious actions.
Defender for Endpoint
protects network endpoints such as compute devices.
Antivirus and more
Defender for Cloud Apps
is a cross– software as a service (SaaS) solution that intermediates the cloud user and the cloud provider.
Microsoft Priva
Microsoft Priva helps companies achieve their data privacy and GDPR goals. It provides two solutions that help to support this;
Priva Privacy Risk Management
Priva Privacy Risk Management provides visibility into the company’s data and policy templates to reduce risks and
Priva Subject Rights Requests
Priva Subject Rights Requests provides workflow tools for fulfilling data requests. S
Secure Score
Secure Score is a tool that tracks the company’s security posture. Service Trust Portal does not provide tools that support data privacy and regulations requirements.
Uptime Credits -
- Below 99.9% grants 25% credit.
- Below 99% grants 50% credit.
Below 95% grants 100% credit.
FastTrack support service
FastTrack support service helps customers onboard to Microsoft 365 and supports the company to drive adoption of Microsoft 365 services in the company.
Pre-sales
Pre-sales is a support service provided to help the company with understanding more about Microsoft 365 services before the purchase is made.
Community-based
Community-based support is a free support service provided by members of the community.
Microsoft Unified
Microsoft Unified support is a 24/7 support service provided for your Microsoft 365 service for as-needed technical support.
The Health area in the admin center
The Health area in the admin center is the place where information about the current health of Microsoft services can be found.
The Support (admin center)
The Support (admin center) area can be useful for raising a support ticket with Microsoft if there is no indication of current service health issues.
The Settings (admin center
The Settings (admin center) area displays information about the company’s domain setup.
The Reports (admin center)
The Reports (admin center) area displays adoption score and usage reports. The Support area shows information about service requests created with Microsoft support.
From SA USLs
From SA USLs are used by customers that currently have Software Assurance (agreement which entitles them to always run the latest software versions) to transition to the cloud.
From SA USLs
From SA USLs are used by customers that currently have Software Assurance (agreement which entitles them to always run the latest software versions) to transition to the cloud.are used by companies without any contracts for Microsoft services.
Add-on USLs
Add-on USLs are used by companies that already have on-premises based licenses and are looking to add cloud services to the contracts they currently have.
Step up USLs
Step up USLs are used by customers wanting to change their service to a higher level.
Planner
Simple project
Planner provides the team lead and team members the ability to manage tasks in a structured manner by creating a plan and buckets, for organizing assigned tasks.
Tasks
Tasks can be displayed in different views such as Charts and Calendar.
Outlook based. Being replaced with todo
To Do
To Do manages your to do list on a day-to-day basis.
OneDrive
OneDrive is a cloud library for file storage and sharing. Bookings provides an easy way to manage the scheduling of appointments. To Do, OneDrive, and Bookings do not support task management.
Forms
Forms provides the ability to create surveys, quizzes, and polls. To Do, Planner, and Forms do not provide the ability to manage virtual scheduling and appointments.
Teams Live Event
Teams Live Event meets all the requirements as this supports an audience greater than 8,000, the moderation of questions and answers and the deactivation of video and audio calls for all attendees.
Teams Private Channel Meeting
Teams Private Channel Meeting Teams Private Channel supports a maximum of 250 users and moderation of questions and answers.
Viva connections
Team view of what is going on.
Viva connections provides a dashboard to access resources, view personalized tasks, communications, and news updates.
Bookings
Bookings gives the ability to manage appointment scheduling for customers.
Viva Topics
Reddit QA
Viva Topics provides employees access to knowledge and expertise from various Microsoft 365 resources.
Teams screen limitations
The screen sharing capability is supported for up to 1,000 participants of a meeting. While meetings can accommodate up to 20,000 participants, the remaining participants have view-only capabilities.
OneDrive
OneDrive is a tool for collaborating on files that allows offline access to files, offers desktop-based versions of the application
SharePoint
SharePoint teams sites allow collaboration on documents and sharing with internal and external users. It also offers a desktop-based application but does not offer offline access.
Microsoft Teams
Microsoft Teams is a collaboration tool intended for chatting, meetings, and calendar. Although you can store files on Teams sites, and there are desktop-based applications available, the files are not accessible while offline.
Yammer
Yammer is a corporate social network. Content can be shared to internal and external users. It is available as a desktop-based app, but it does not offer offline file access.
Types of Teams of Channels:
Standard channels are available to all team members in Teams. Most channels are standard channels. If you need a smaller, specific audience for a particular subject, you can use a private channel. Shared channels are for collaborating with people inside and outside your team or organization.
Azure Victual Desktop vs Windows 365
Azure Virtual Desktop provides enhanced capabilities for Surface devices that not only deliver dedicated desktop compute resources to each individual user, but also integrate natively with Surface biometric authentication and support the pen and ink experience. Windows 365 Business and Windows 365 Enterprise do not integrate natively with Surface biometric authentication, and it does not support the pen and ink experience. While Azure Virtual Machine does offer dedicated desktop compute resources to each individual user and it would be potentially possible to implement support for Surface biometric authentication and its pen and ink experience, this would require a significant amount of administrative effort.
Semi-Annual Enterprise Channe
Semi-Annual Enterprise Channel makes security and quality updates available as soon as they are released. Feature updates are available in July and January in the staggered manner, later than Semi-Annual Enterprise Channel (Preview), which makes them available in March and September.
Current Channel
Current Channel makes security, quality, and feature updates available as soon as they are released.
Monthly Enterprise Channel
Monthly Enterprise Channel makes security and quality updates available as soon as they are released.
Feature updates are staggered and made available once per month, but this is much more frequent than Semi-Annual Enterprise Channel.
Semi-Annual Enterprise Channel (Preview)
Semi-Annual Enterprise Channel (Preview) makes security and quality updates available as soon as they are released. Feature updates are available in the staggered manner in March and September, which is earlier than Semi-Annual Enterprise Channel, which makes them available in July and January.
Azure Virtual Desktop
Azure Virtual Desktop allows virtualization of apps and desktops, allowing them to be accessible by single or multiple users.
Windows 365
Windows 365 is a Cloud PC solution, accessible by a single user.
Microsoft 365
Microsoft 365 is the evolution of Office 365, including the Office apps and Windows licenses.
Azure Bastion
Azure Bastion is a broker service for accessing VMs hosted in Azure.
Viva Organizational Insights is available as an app in Team
Viva Organizational Insights is available as an app in Teams. Viva Organizational Insights does not include integration with To Do, Planner, or Yammer.
Endpoint Manager admin center
Endpoint Manager admin center shows Intune reports about device compliance, health, and trends.
The Microsoft Entra ID Report
The Microsoft Entra ID reports show sign-in activity and audit logs.
Viva Insights
Get recommendations on how to work better as an IC or a manager.
Viva Insights supports the well-being and productivity of employees. It provides the feature to help employees protect
their time, stay connected with colleagues, give praise, and take breathing breaks.
Microsoft Enterprise Agreement (EA)
Microsoft Enterprise Agreement (EA) is designed for organizations that want to license software and cloud services for a minimum three-year period. The Enterprise Agreement offers the best value to organizations with 500.
. Additionally, through Software Assurance, your organization can receive 24x7 technical support, planning services, end-user and technical training.
Microsoft 365 for home
Microsoft 365 for home exists to bring the same great productivity benefits into your personal and family life. Microsoft 365 Home comes in two plans, Microsoft 365 Personal and Microsoft 365 Family. Personal is for a single person with multiple devices and family is for up to six people
Microsoft 365 Education
Microsoft 365 Education is available for educational institutions to help empower educators to unlock creativity and promote teamwork while providing a safe experience in a single, affordable solution. Academic licenses can be tailored to fit any institution’s needs, including productivity and security solutions for faculty, staff, and students. Microsoft 365 Education has three subscription plans for faculty and students that include different features: A1, A3, and A5. For more information,
Microsoft 365 Government
Microsoft 365 Government is available for government institutions to help empower US public sector employees to work together in a secure way. Microsoft 365 Government has two subscription plans that include different features: G3, and G5. Your organization can also choose from two Office 365 subscription tiers: Office 365 Government G3 and Office 365 Government G5
Microsoft 365 for business
Microsoft 365 for business is designed for small to medium-sized organizations that have up to 300 employees. It offers the full set of Office 365 productivity tools and includes security and device management features. There are four subscription tiers that include different features: Microsoft 365 Business Basic, Microsoft 365 Business Standard, Microsoft 365 Business Premium, and Microsoft 365 Apps for business.
Microsoft 365 Enterprise
Microsoft 365 Enterprise is designed for enterprise-sized organizations. It provides enterprise-class services to organizations that want a productivity solution that includes robust threat protection, security, compliance, and analytics features. Microsoft 365 Enterprise has three subscription tiers that include different features: Microsoft 365 E3, Microsoft 365 E5, and Microsoft 365 F3. For more information, see Compare Microsoft 365 Enterprise plans. Your organization can also choose from four Office 365 subscription tiers: Microsoft 365 Apps for enterprise, Office 365 E1, Office 365 E3, and Office 365 E5
user subscription licenses (USLs)
Full USLs
- Full USLs are for new customers who haven’t previously purchased Microsoft products and services.
Add-on USLs
- Add-on USLs are for on-premises software customers who want to add Microsoft 365 cloud products and services.
From SA USLs
- From SA USLs are for on-premises Software Assurance customers that want to transition to the cloud.
Step Up USLs
- Step Up USLs are for customers who want to upgrade the level of their service.
Secure Score
Secure Score is one of the tools in the Microsoft Defender portal. It shows the company’s current security posture. The higher the Secure Score, the better the company’s security posture. IS for SECURITY POSTURE NOT COMPLIANCE
Microsoft Entra ID includes an identity secure score
Microsoft Entra ID includes an identity secure score, which is a percentage that functions as an indicator for how aligned you are with Microsoft’s best practice recommendations for security. Each improvement action in identity secure score is tailored to your specific configuration.>
A workload identity
FUNCTIONAL ID. A workload identity is an identity you assign to a software workload. This enables the software workload to authenticate to and access other services and resources. This helps secure your workload. In Microsoft Entra, workload identities are applications, service principals, and managed identities.
A service principal
A service principal is essentially, an identity for an application. For an application to delegate its identity and access functions to Microsoft Entra ID,
Managed identities
Managed identities are a type of service principal that are automatically managed in Microsoft Entra ID and eliminate the need for developers to manage credentials.
Microsoft 365: Group/Distrubtution List
Microsoft 365: A Microsoft 365 group, which is also often referred to as a distribution group, is used for grouping users according to collaboration need
Security: A security group
Security: A security group is the most common type of group and it’s used to manage user and device access to shared resources. For example, you may create a security group for a specific security policy such as Self-service password reset or for use with a conditional access policy to require MFA. Members of a security group can include users (including external users), devices, other groups, and service principals. Creating security groups requires a Microsoft Entra administrator role.
Microsoft Entra Cloud Sync
Microsoft Entra Cloud Sync-sync from on premise to AAD/Entra
B2B direct connect
B2B direct connect is a new way to collaborate with other Microsoft Entra organizations using Microsoft Teams shared channels. With B2B direct connect, you create two-way trust relationships with other Microsoft Entra organizations to allow users to seamlessly sign in to your shared resources and vice versa. B2B direct connect users aren’t represented in your Microsoft Entra directory (they aren’t added as guests), but they’re visible from within the Teams shared channel and can be monitored in Teams admin center reports. When two organizations mutually enable B2B direct connect, users authenticate in their home organization and receive a token from the resource organization for access.
B2B collaboration
B2B collaboration enables employees of an organization to collaborate with external users by letting them use their preferred identity to sign in to your Microsoft applications or other enterprise applications. B2B collaboration users are represented in your directory, typically as guest users.
A Microsoft Entra joined device
A Microsoft Entra joined device is a device joined to Microsoft Entra ID through an organizational account, which is then used to sign in to the device. Microsoft Entra joined devices are generally owned by the organization.
Conditional Access Conditions
- Conditions define where and when the policy will apply. Multiple conditions can be combined to create fine-grained and specific Conditional Access policies. Some of the conditions include:
- Sign-in risk and user risk. Integration with Microsoft Entra ID Protection allows Conditional Access policies to identify suspicious actions related to user accounts in the directory and trigger a policy. Sign-in risk is the probability that a given sign-in, or authentication request, isn’t authorized by the identity owner. User risk is the probability that a given identity or account is compromised.
- Devices platform. Device platform, which is characterized by the operating system that runs on a device can be used when enforcing Conditional Access policies.
- IP location information. Organizations can define trusted IP address ranges that can be used when making policy decisions. Also, administrators can opt to block or allow traffic from an entire country/region’s IP range.
- Client apps. Clients apps, the software the user is employing to access the cloud app, including browsers, mobile apps, desktop clients, can also be used in access policy decision.
Filters for devices. Organizations can enforce policies based on device properties, by using the filters for devices option. As an example, this option may be used to target policies to specific devices like privileged access workstations.
Types of Admins
- Global administrator: users with this role have access to all administrative features in Microsoft Entra. The person who signs up for the Microsoft Entra tenant automatically becomes a global administrator.
- User administrator: users with this role can create and manage all aspects of users and groups. This role also includes the ability to manage support tickets and monitor service health.
Billing administrator: users with this role make purchases, manage subscriptions and support tickets, and monitor service health.
Microsoft Entra RBAC
Microsoft Entra RBAC - Microsoft Entra roles control access to Microsoft Entra resources such as users, groups, and applications.
Azure RBAC -
Azure RBAC - Azure roles control access to Azure resources such as virtual machines or storage using Azure Resource Management.
Endpoints with Microsoft Defender for Endpoint
Endpoints with Microsoft Defender for Endpoint - Microsoft Defender for Endpoint is a unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response.
Assets with Defender Vulnerability Management
Assets with Defender Vulnerability Management - Microsoft Defender Vulnerability Management delivers continuous asset visibility, intelligent risk-based assessments, and built-in remediation tools to help your security and IT teams prioritize and address critical vulnerabilities and misconfigurations across your organization.
Email and collaboration with Microsoft Defender for Office 365
Email and collaboration with Microsoft Defender for Office 365 - Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools.
Identities with Microsoft Defender for Identity
Identities with Microsoft Defender for Identity - Microsoft Defender for Identity uses Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
Applications with Microsoft Defender for Cloud Apps
Applications with Microsoft Defender for Cloud Apps - Microsoft Defender for Cloud Apps is a comprehensive cross-SaaS solution that brings deep visibility, strong data controls, and enhanced threat protection to your cloud apps.
Applications with Microsoft Defender for Cloud Apps
Applications with Microsoft Defender for Cloud Apps - Microsoft Defender for Cloud Apps is a comprehensive cross-SaaS solution that brings deep visibility, strong data controls, and enhanced threat protection to your cloud apps.
Microsoft Defender Threat Intelligence (Defender TI
Microsoft Defender Threat Intelligence (Defender TI) can now access threat intelligence from inside the Microsoft Defender portal.
Microsoft Defender TI helps streamline security analyst triage, incident response, threat hunting, and vulnerability management workflows. Defender TI aggregates and enriches critical threat information in an easy-to-use interface.
Differences between secure score in Microsoft Defender XDR and Microsoft Defender for Cloud
XDR just Azure. There’s a secure score for both Microsoft Defender XDR and Microsoft Defender for Cloud, but they’re subtly different. Secure score in Microsoft Defender for Cloud is a measure of the security posture of your Azure subscriptions. Secure score in the Microsoft Defender portal is a measure of the security posture of the organization across your apps, devices, and identities.
The Microsoft Purview compliance portal i
The Microsoft Purview compliance portal is the portal for organizations to manage their compliance needs using integrated solutions for information protection, data lifecycle management, insider risk management, auditing, and more.
What is the difference between Compliance Manager and compliance score?
Compliance Manager is an end-to-end solution in the Microsoft Purview compliance portal to enable admins to manage and track compliance activities. Compliance score is a calculation of the overall compliance posture across the organization. The compliance score is available through Compliance Manager.
Microsoft Service Trust Portal -
Microsoft Service Trust Portal - portal to see MS certification and white papers . provides a variety of content, tools, and other resources about how Microsoft cloud services protect your data, and how you can manage cloud data security and compliance for your organization.
The Service Trust Portal (STP) is Microsoft’s public site for publishing audit reports and other compliance-related information associated with Microsoft’s cloud services. STP users can download audit reports produced by external auditors and gain insight from Microsoft-authored whitepapers that provide details on how Microsoft cloud services protect your data, and how you can manage cloud data security and compliance for your organization.
Office Frontline Worker Plans
Office 365 F3 (O365 F3 license plan), also known as the “frontline worker plan,” is a subscription-based productivity platform designed specifically for employees who don’t have a desk or office and need access to a range of collaboration and communication tools including a 2GB Exchange Kiosk Plan mailbox.
Microsoft Teams is Cloud Only
Microsoft Credential Guard
Protects passwords in memory during login
Exploit Guard
Reduces attack surface by controleld folder access, network filtering, attack surface reduction rules
Application Guard
Isolates browser session from local device
Application Cotnrol
Control which applications a user can run
