Planning a O365 Implementation and Implementing Networking Security Flashcards

1
Q

What things should you take into consideration with proxy server?

A

• Most proxy servers have some form of authentication setup with them as default and often time this is usually enabled.
• You’ll need to do one of two thing to enable them to communicate with O365.
○ Disable all authentication
Disable O365 authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What tools can be used to measure bandwidth that will be consumed by clients as they access O365?

A
  • Microsoft Message Analyer
    • Microsoft Remote connectivity analyser
    • Microsoft Support and Recovery Assistant for O365
    • Skype for Business Synchronization Calculator
    • Exchange Client Network Bandwidth
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is RMS?

A

Windows Right managements services provide an extra level of security to documents.
Encryption to limit who can access a doc or web page and what can be done with it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Azure Right management services?

A

A policy- based enterprise solution used to protect your valuable information by controlling who you share it with and what access they get to it.
Two component:
• Information Rights Management (IRM) capabilities
○ Protects emails against unauthorized access
○ Enhances security in SharePoint libraries
○ Protects online and offline information
§ Even if you have a document in O365 and download it to your client machine, the restrictions will stay with it.
○ Integrates with office documents
○ Applied using templates
• Message Encryption
○ Safely share files in email or OneDrive
○ Contains company brand
○ Integrate with exchange transport rules
○ Provides clean user interface
○ Helps protect entire email conversation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How can azure rights management be activated?

A

• Can be activated using GUI (Graphical User Interface)
○ Azure admin center
• Activate using PowerShell (requires:)
○ 64 -bit Microsoft Online Services Sign-in Assistant
○ 64-bit Azure AD module
○ Install Azure Rights management admin tool
○ Run Connect-AadrmService
§ This will connect to the azure right management service.
○ Run command Enable-Aadrm (To disable it use the Disable-Aadrm command.)
§ This is what actually activates it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the super user roll on rights management?

A

Full control usage right.
○ Reads files of employees who have left the company
○ Modify current protection policy
○ Manage exchange mailboxes
○ Bulk decrypt files for auditing for legal reasons
○ Recover Documents and protect files
§ PowerShell
§ Download and install the RMS protection tool module
§ Unprotect-RMSFile
§ Protect-RMSFile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Is the superuser roll enable by default?

A

No.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How do you enable the superuser roll using powershell?

A
○ Enable-AadrmSuperUserFeature
			§ Enables the feature
		○ Add-AadrmSuperUser
			§ Add users to the roll
		○ Set-AadrmSuperUseGroup
			§ Allows you to add users to the new roll
		○ Add-AadrmRoleBasedAdministrator
			§ Adds users to the azure rights management administrator roll
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What 7 things should you take into consideration when planning O365 for On-premise infrastructure.

A
  • Networking
  • Identity
  • Windows 10 enterprise
  • Office 365 Pro Plus
  • Office 365 Workloads like EXO, SPO, OD4BO, Teams
  • Mobile Device Management
  • Information Protection.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How should you check the connectivity of each office before enabling O365 services?

A

Check the connectivity from each office, use Ping, TraceRT, PSPING & Telnet command to check the connectivity and network performance.
• Ensure users are connecting to Office 365 egress endpoints on their region. Ping command to respective service urls can help you identify it. For example – Ping Outlook.Office365.com for Exchange Online.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How should you prepare for Windows 10 Enterprise?

A

Microsoft recommends to add and verify the domain that your users are going to use to access Office 365 service, could be UPN or primary email address domain. User addition to Office 365 & assigning license is optional at this time and install Office 365 Pro Plus.
Do an in place upgrade for Windows 7 and 8.1 using SCCM and for the new devices use Windows Auto Pilot Deployment.
• Monitor the device health and ensure it is secure by having Windows Defender.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How can O365 Pro plus be deployed?

A

Office 365 Pro plus deployment can be done either via SCCM or Office Deployment Tool, we need to consider office updates channels and the frequency.
• Deployment can be through SCCM, ODT from Cloud, ODT from local Source or directly from Office Portal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Whats an important thing to consider when implementing O365 pro plus?

A

The update channel that will be used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Whats an important thing to consider if you deploy O365 using Office Deployment tools?

A

It has setup file and the configuration information xml to control what needs to be installed on machines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does Channel= “Monthly” mean?

A

Monthly Update Channel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does Channel= “Broad” mean?

A

Semi Annual (Jan & July)

17
Q

What does Channel= “Targeted” mean?

A

Semi Annual Targeted (March & September)

18
Q

What does AllowCdnFallback do when set as True?

A

Will refer back to O365 instead of local share when the specified language pack is not available.

19
Q

What does MDM do (mobile device management)?

A

When users enrol their device, they are managed devices, and can receive any policies, rules and settings used by your organisation.

20
Q

What is MAM?

A

MAM policies will control the application from a non-managed device by forcing the user to enter a PIN to secure the application access by an authorised user.

21
Q

What are the steps of MDM deployment.

A
  1. Prerequisites – Intune Subscription, Office 365 Subscription, Azure AD Premium, MDM Push certificate for IOS are required.
  2. Setup Intune – Check whether the devices are Supported -> Ensure the domain verification completed -> Sign in to Intune -> enable Device Management -> Add Users.
  3. Enroll Devices -> Users have to enroll their devices to make it Intune Managed. Set up enrollment restrictions and policies for users and devices.
  4. Deploy the apps
  5. Create Compliance Policies and Conditional Access Policies like only managed devices can access the office 365 services.
22
Q

What does information protection include?

A
  • Information protection is a set of policies and technologies that define how you transmit, store, and process sensitive information.
  • Information Protection Includes Data Loss Prevention, Office 365 Labels and Azure Information Protection labelling and classification, Threat Management Policies, Sharing Policies in SharePoint, Office 365 Secure Score, Office 365 Cloud App Security and PAIM for just-in-time access for task-based activities.
23
Q

Why is it important to plan identity?

A

Required to provide secure access to O365 service this includes:
• Synchronising user accounts to O365
• Designating admin roles
• Protecting Global admin accounts
• Enabling MFA to users
• Monitoring identity synchronising health
• Licensing
• Monitoring tenant and sign in activity logs.

24
Q

What is Federation Authentication with ADFS?

A

Most Companies prefer to use federated authentication. When the federation sign in option enabled, the domain used for authentication will be configured as federated domain in Azure AD.

25
Q

What is Password Hash Synchronisation Authentication?

A

Not directly synchronizing the password from On-Premise to Azure AD. Only the Hash of the Password hash synchronized with Azure AD using Azure AD connect.

○ When Password Hash Synchronization authentication enabled for the tenant, Hash of the password hash is available in Azure AD after Synchronization. If a user access a Azure Integrated application, user redirected to authenticate with Azure AD, Azure AD prompt the user to enter the credential, both user name and the password will be entered in Azure AD authentication dialogue window and it will be validated against the hash Synced in Azure. If successful, user will be provided security token to the authenticate the service\application. Switching from one application to other, prompts the user to validate the credential when this sign-in option used.

26
Q

What is Pass-through Authentication?

A

If we use the Pass-through authentication, user name the password will be gathered in Azure AD but Passwords validated in On-Premise AD. AuthN Agent configured in AD Connect or any member server supports this Pass through Authentication.

○ When user access any office 365 application, it will redirect the user to Azure AD for authentication, Azure AD prompt the user to enter both the user and password and it will be sent to AuthN agent server in On-Premise using a securing tunnel established when configuring the AuthN agent. AuthN agent
component validate the user name and password with Active Directory using a Win32 API call to Active Directory and the successful authentication will be sent back to Azure AD. Azure AD authentication successful and send a security token to access the application, the user will gain access to Application.

27
Q

What is Azure AD seamless SSO?

A

Enabled when choosing PHS or PTA.
• Azure AD Seamless SSO allow users to sign in to services that use Azure AD user accounts without having to type in their passwords, and in many cases their usernames alone required.
Seamless SSO works with Password Hash Synchronization and Pass-through authentication. For the seamless SSO to work, the machine has to be domain joined and should have access to AD. Machine authenticates with Azure AD using Kerberos token.

28
Q

What should do before a migration?

A

Identify data to be migrated and the method.

29
Q

What is the monthly update channel for pro plus updates?

A

Updates monthly, provides newest features as soon as they are available.
Its the default update channel for Visio Online Plan 2
Project Online Desktop Client
Office 365 Business which is the version of office that comes with some O365 plans.

30
Q

What is the semi-annual channel?

A

Provides new features of office every 6 months in Jan and July for O365 Pro Plus.

31
Q

What is the Semi-annual channel (Targeted)?

A

Provide pilot users and application compatibility testers the opportunity to test next semi-annual channel.
Every 6 months in March and September.