Security services in Microsoft 365

Question 1

What security features does microsoft provide?

Answer 1

1. Help protect users’ identities and control access to resources.
2. Help protect against advanced threats.
3. Recover quickly from security attacks.
4. Control access to data by ensuring documents and emails are seen only by authorized people.
5. Have control over security tools to enable visibility of your organization’s security infrastructure.

Question 2

What main category can company security fall under?

Answer 2

1. Identity. You manage this through Azure AD.
2. Devices. These are managed by Windows Defender Security Center and Intune.
3. Apps and data. You manage these using Office 365 Security & Compliance Center and Microsoft
   Cloud App Security.
4. Infrastructure. You managed this with Azure Security Center

Question 3

What can you use the Security and Compliance center for?

Answer 3

1. View security alerts and configure security alert policies.
2. Define and manage security roles (known as Permissions) for your users.
3. Configure labels and label policies that allow you to identify and classify documents, email messages,
   and so on.
4. Create and manage data loss prevention (DLP) policies.
5. Manage data governance.
6. Manage threats.
7. Manage mail flow.
8. Manage data privacy.

Question 4

What is Cloud App Security?

Answer 4

is an add-on that you can combine with your Microsoft 365 subscription. Cloud App Security provides you with visibility of your cloud apps and services. It also provides sophisticated
analytics to help to identify and combat security threats, and enables you to control data flow in and out of your organization.

Question 5

What features does Cloud App Security provide?

Answer 5

1. Identify cloud apps used in your organization.
2. Protect your sensitive information.
3. Identify and mitigate threats in your cloud apps.
4. Ensure compliance.

Question 6

What can you use Azure Security Center for?

Answer 6

1. Monitor security across on-premises and cloud workloads.
2. Apply the policy to ensure compliance with security standards.
3. Find and fix vulnerabilities before they can be exploited.
4. Use access and application controls to block malicious activity.
5. Leverage advanced analytics and threat intelligence to detect attacks.
6. Simplify investigation for rapid threat response.

Question 7

What is Microsoft MyAnalytics?

Answer 7

MyAnalytics lets you see how you spend your time at work. MyAnalytics accesses data from your Office 365 use to help you determine how you can become more efficient during your work day:

Question 8

How does MyAnalytics work?

Answer 8

MyAnalytics uses data from your Office 365 mailbox; specifically, data about emails, meetings, and Skype calls and chats. MyAnalytics does not require an agent or tracking software on your device to capture this data

Question 9

What is Microsoft Workplace Analytics?

Answer 9

Workplace Analytics helps you understand how your organization spends its time by providing you with information on how groups collaborate across your organization. This insight enables business decision-makers to push for cultural transformation within the organization.

Question 10

What are the differences between Exchange Online and on-premises Exchange Server?

Answer 10

1. Unlimited storage. Many on-premises deployments of Exchange Server place relatively low limits on mailbox sizes, such as one or two gigabytes (GB). Exchange Online supports larger mailboxes of 50 GB
   or larger depending on the plan you have purchased.
2. High availability. For an on-premises Exchange Server, you need to purchase and configure hardware to store multiple mailbox copies and configure load balancing to achieve high availability. For true high availability, you also need an alternate data center. Whereas Exchange Online is automatically highly available with your data replicated to multiple data centers.
3. Backups. Exchange Online does not have any built-in methods for configuring backups. Instead, you configure retention through single-item recovery and litigation hold.
4. Automatic integration with other Office 365 features. Exchange Online offers additional features such as Office 365 groups, which integrate multiple Office 365 features. Another example is the online viewing and editing of email attachments.
5. New features. Exchange Online has many features that do not exist in an on-premises Exchange server. Some of these features may be integrated into the on-premises Exchange servers in the future, but they will always appear first in Exchange Online because development happens there first.
6. No access to Exchange Online databases or servers. Unlike an on-premises Exchange server where
   you administer and manage Exchange servers and databases, Microsoft manages these items in
   Exchange Online.

Question 11

What are the differences between SharePoint Online and an on-premises SharePoint Server?

Answer 11

1. Anti-malware protection is not included in SharePoint Server.
2. Claims-based authentication is only provided with the SharePoint Server.
3. Data loss prevention policies are available in SharePoint Online as part of Microsoft 365 E3 or Microsoft 365 E5 subscriptions.
4. Encryption at rest is not available in SharePoint Server.

Question 12

What is the difference between Skype for Business Online and an on-premises Skype for Business Server?

Answer 12

1. Clients. The Skype for Business Online E3 and E5 subscriptions include the full Skype for Business
   client, which is not provided with Skype for Business Server 2015.
2. Persistent chat. This feature is available in Skype for Business Server, but not for Skype for Business
   Online.
3. Network Quality of Service (QoS) Differentiated Services Code Point (DSCP). This feature is
   unavailable in Skype for Business Online.
4. AOL and Yahoo! Federation. This feature is unavailable in Skype for Business Online.
5. Skype for Business meeting dial-in via Audio Conferencing (first-party). This feature is only available in Skype for Business Online with an Office 365 E5 subscription.
   Skype for Business meeting dial-in via Certified Audio 6. Conferencing Provider (ACP). This feature is only available with Skype for Business Online.
6. Skype Meeting Broadcast. This feature is only available with Skype for Business Online.
7. Voice calling auto attendants. This feature is only available in Skype for Business Online with an Office 365 E5 subscription.
8. Unified Messaging interoperability with Exchange Server. This feature is only available with Skype
   for Business Server.

Question 13

What is Windows as a service model?

Answer 13

Windows as a service are the approach Microsoft introduced with Windows 10 to deploy, update and service the operating system. Instead of releasing a new version of Windows every three to five years, as the company did with past iterations of the operating system, Microsoft will continually update Windows 10. The updates are categorized in two ways: feature updates and quality updates.

Question 14

How are revisions and updates propagated?

Answer 14

Feature updates, Quality updates, Servicing channels, Deployment rings,

Question 15

What are Feature updates?

Answer 15

hese add new functionality and are released twice a year. Microsoft aims to package new features into biannual updates that can be readily deployed using existing management tools.

Question 16

What are quality updates?

Answer 16

These provide greater reliability through security updates and fixes and are usually
issued at least once a month. On the second Tuesday of each month, a cumulative update is released
which supersedes all previous updates. This helps to ensure that organizations’ devices more closely
align to those used for testing in Microsoft.

Question 17

What are servicing channels?

Answer 17

Windows as a service offer three servicing channels: the Windows Insider
Program, semi-annual, and long-term servicing.

Question 18

What are deployment rings?

Answer 18

These updates are within tools such as Windows Server Update Services (WSUS). With deployment rings, you can group devices to receive updates via each of the servicing channels.

Question 19

What are servicing channels?

Answer 19

Allow enterprises to decide when to deploy features:
The Semi-Annual channel receives feature updates twice per year.
The Long-Term Servicing Channel is used for specialized devices that have new feature releases every 2-3 years, such as ATMs.

Question 20

What is Windows Insider Program?

Answer 20

Users become familiar with feature updates before they are released to
the wider public. This enables organizations to use these feature updates before the wider public
deployment. In addition, users can provide feedback to Microsoft to help resolve any issues with
updates.

Question 21

What is semi- annual channels?

Answer 21

Computers configured in the Semi-Annual Channel receive updates as soon
as Microsoft publishes them. There are two Semi-Annual Channels: semi-annual (targeted) is aimed at
a subset of your users, while semi-annual is aimed at all other users.

Question 22

What are long-term servicing channels?

Answer 22

For computers and other devices that perform a single task or several specialized tasks, the long-term servicing channel prevents configured devices from receiving feature updates. However, quality updates delivery is not affected. Note that the Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSB edition.

Question 23

What are deployment rings?

Answer 23

In Windows 10, you can use deployment rings to further control how and when updates are applied to
your devices.

Question 24

What are windows as a service?

Answer 24

Windows as a service help streamline this process by helping to avoid these major shifts in the organizational
infrastructure. Instead, it provides continual updates for devices.

Question 25

What methods are used to aid with deployment?

Answer 25

Cloud-based methods and On-premises methods.

Question 26

What are Cloud-based methods?

Answer 26

Cloud-based methods include Windows Autopilot, Subscription Activation,
and either Azure AD or MDM. These three methods enable you to join a device running Windows 10 to Azure AD, and to configure the device according to organizational standards.

Question 27

What are On-premises methods?

Answer 27

You can use tools such as Microsoft Deployment Toolkit (MDT) and SCCM to support on-premises methods. These tools support bare metal computer, refresh, and replace scenarios. In addition, you can use In-place upgrades to upgrade a device from a supported operating system to Windows 10.

Question 28

What are the Different methods that you can use to deploy, configure, and maintain Windows?

Answer 28

Windows Autopilot, In-place upgrade, Subscription activation, Azure AD or MDM, Provisioning packages, Bare metal computer, Refresh and Replace.

Question 29

What is windows autopilot?

Answer 29

Use this method to customize an out-of-box-experience to deploy apps and
settings already configured for your organization’s devices. You use this method for devices already
running Windows 10.

Question 30

What is inplace upgrade?

Answer 30

Use this method to update your devices’ operating system and to migrate apps,
and user data and settings. You launch in-place upgrade by using Windows setup.exe. Use this
method for devices running earlier Windows operating systems.

Question 31

What is subscription activation?

Answer 31

Using subscription activation, subscribed users can switch to Windows 10
Enterprise (from Windows 10 Pro) during sign in.

Question 32

What is Azure AD or MDM?

Answer 32

Join devices to Azure AD and enable device configuration with MDM automati-
cally.

Question 33

What are provisioning packages?

Answer 33

Create provisioning packages with Windows Configuration Designer (part of
the Windows Assessment and Deployment Kit (ADK)), and then apply those packages to devices
within your organization.

Question 34

What are bare metal computer?

Answer 34

Use this method to deploy new devices, or to wipe existing devices and
deploy fresh images to them.

Question 35

What is Refresh?

Answer 35

You use this method to redeploy devices by saving the user state, wiping the disk, and then
restoring user state. This is also known as wipe and load.

Question 36

What is Replace?

Answer 36

Use this method to replace existing devices with new devices by saving the user state on the
old device, then restoring the user state to a new device.

Question 37

What are the Cloud-based deployment scenarios?

Answer 37

Windows Autopilot and Dynamic provisioning scenarios,

Question 38

What is Windows Autopilot?

Answer 38

With Windows Autopilot you can customize the out-of-box experience (OOBE) for your organization’s
Windows 10 computers. Windows Autopilot offers the following advantages over on-premises deployment methods:
You do not need to use images.
You do not need to customize the deployments by injecting drivers.
You do not need to deploy and maintain a deployment infrastructure.
Windows Autopilot is cloud-driven and based around Azure AD Premium, the Microsoft Store for Business, and/or Microsoft Intune. Using Windows Autopilot, you can:
Join devices to Azure AD automatically.
Auto-enroll your users’ devices into MDM services.
Restrict Administrator account creation.
Customize the OOBE content specifically for your organization.

Question 39

What are Dynamic provisioning scenarios?

Answer 39

Most organizations do not purchase a new device, unbox it and use it as is. Instead, IT pros usually
replace the preinstalled operating system with a standard image customized for the organization’s needs.
With Windows 10 pre-installed on new devices, dynamic provisioning aims to avoid the need for
this initial replacement.
Dynamic provisioning uses a number of several ms to achieve this objective:
Subscription activation
Azure AD / MDM
Provisioning packages

Question 40

What is Enterprise Mobility and Unified Endpoint Management?

Answer 40

is an industry term that describes the notion of a platform that can provide overall device and app management from a single console. Microsoft’s Enterprise Mobility +
Security (EM+S) provides enterprise mobility and unified endpoint management. EM+S is provided as
part of Microsoft 365 E3 and E5 plaNS.

Question 41

What is Azure AD Premium?

Answer 41

is the central identity store that you use for all the applications in EM+S and Microsoft 365

Question 42

What are Some of the additional features included with the P1 and P2 plans for AZURE AD Premium?

Answer 42

Self-service password reset.
Write-back from Azure AD to on-premises AD DS.
Microsoft Azure Multi-Factor Authentication (MFA) for cloud and on-premises apps.
Conditional access is based on the group, location, and device state.
Conditional access based on sign-in or user risk (P2 plan only).

Question 43

What are the differences between Azure AD Premium 1 and Azure AD Premium 2?

Answer 43

Azure AD Premium P1 Plan Description: For enterprise environments, Azure AD Premium P1 provides
additional features that make it easier to manage users and applications and Azure AD Premium 2 Plan Description: Includes all the features of P1, plus you can use additional features
in Azure AD to further enhance Azure AD security:

Question 44

What are the additional features in Azure AD Premium P1?

Answer 44

Self-service group and app management.
Self-service password reset (writeback to on-premises).
Two-way synchronization of device objects.
Azure MFA.
Conditional access based on group, location, and device state
Unlimited SSO apps.
Cloud app discovery.
Microsoft Identity Manager client access license for complex identity synchronization.
Advanced security and usage reports.
Azure AD Join features, such as:
MDM autoenrollment.
Self-service BitLocker recovery.
Add local administrators.
Enterprise State Roaming.

Question 45

What is Azure AD Premium 2 Plan?

Answer 45

Azure AD Premium 2 Plan Description: Includes all the features of P1, plus you can use additional features
in Azure AD to further enhance Azure AD security: Azure AD Privileged Identity Management. and Azure AD Identity Protection.

Question 46

What is Azure AD Privileged Identity Management?

Answer 46

This feature enables you to assign administrators as an
eligible admin. When administrators need to perform administrative tasks, they activate administrative
privileges for a predetermined amount of time.

Question 47

What is Azure AD Identity Protection?

Answer 47

This service monitors authentication to Azure AD and identifies risks based on anomalies and suspicious events. Notifications are sent for risk events. You can also create risk-based conditional policies that can block sign-ins or require MFA. Intune enables you to manage mobile devices and apps. Using Intune, you can enforce security policies, wipe devices remotely, and deploy apps.

Question 48

What is Azure Information Protection?

Answer 48

Azure Information Protection encrypts documents and enforces policies on their use. Document data is more protected because only authorized users can access the contents.

Question 49

What features does Azure Information Protection P1 include?

Answer 49

1. Manual document classification and consumption of classified documents
2. Protection for Exchange Online, SharePoint Online, and OneDrive for Business content
3. Bring Your Own Key (BYOK) for customer-managed key provisioning life-cycle
4. Regards Custom templates
5. Protection for on-premises Exchange and SharePoint content via Microsoft Rights Management services (RMS) connector
6. RMS software developer kit (RMS SDK) for all platforms: Windows, Windows Mobile, iOS, Mac OS X,
   and Android
7. RMS connector with on-premises Windows Server file shares by using the File Classification Infrastructure (FCI) connector
8. Document tracking and revocation
9. Protection for non-Microsoft Office file formats, including PTXT, PJPG, and PFILE (generic protection)
10. RMS content consumption by using work or school accounts from RMS policy-aware apps and
    services
11. RMS content creation by using work or school accounts Azure Information Protection P2 includes the following additional features:
    Automated data classification and administrative support for automated rule sets
    Azure Information Protection Hold Your Own Key (HYOK) for highly regulated scenarios

Question 50

What is Advanced Threat Analytics?

Answer 50

Advanced Threat Analytics enables you to see what’s happening within your network. by identifying
suspicious user and device activity. It then provides you with clear, unambiguous threat information.

Question 51

What features does Advanced Threat Analytics have?

Answer 51

Detect suspicious activities and malicious attacks.

1. Adapt to the changing nature of cyber-security threats.
2. Provide focus and clarity around what is important with a simple attack timeline.
3. Reduce false positives.

Question 52

What is Cloud App Security?

Answer 52

Cloud App Security uses data collected from your firewalls and proxy servers to identify cloud application usage. This can help identify unauthorized applications that might be a threat to your data. Additionally, it can identify unusual usage patterns that might indicate a problem. The tools in EM+S help enhance management and security for mobile users.

Question 53

What is the usage of Enhanced authentication security have?

Answer 53

Azure AD monitors user authentication for
suspicious patterns, for credentials that are
available on the black market, and for devices
potentially infected by malware. You receive
notifications for any of these detected scenarios,
which enables you to potentially avoid problems
caused by compromised credentials. For example,
a suspicious pattern might be a user who signs in
from two different geographic locations in rapid
succession. If you implement MFA, you can
mitigate the risk of stolen credentials. MFA
requires the user to provide additional information
beyond user name and password for authentication.
The additional information might be a code
sent to a phone via a text message, or acknowledging a prompt in an app. With MFA enabled, stolen credentials alone cannot be used to sign in.

Question 54

What usages does Information protection have?

Answer 54

Intune helps protect information on mobile
devices in multiple ways. First, if the entire device
is protected, then Intune can wipe a lost or stolen
device to ensure that data on the device is not
accessed by unauthorized users. If your organization
allows BYOD, Intune can separate personal
and organizational data. Even managed apps are
isolated from personally installed apps to prevent
data from being copied between them. Furthermore,
if a user leaves the organization, you can
wipe the organizational data and apps without
affecting personal data. You can implement Azure
Information Protection to prevent data from leaking outside of your organization to unauthorized
users. Conditions set in documents control
which users can access or modify the contents of
the documents. Because the documents’ contents
are encrypted, if they are forwarded to an unauthorized user, that user cannot view the contents.

Question 55

What is MDM?

Answer 55

MDM enables you to manage your users’ devices, which helps you secure your organization’s resources and data. For example, you can use MDM to configure device security settings on enrolled devices and require a user to enter a PIN to unlock their device.

Question 56

What is MAM?

Answer 56

MAM enables an administrator to manage apps installed on devices, but not necessarily the devices themselves. So, for example, you could create an Intune MAM policy that controls whether a user can
save corporate date to their OneDrive.

Question 57

How is MDM implementated?

Answer 57

MDM is implemented by using MDM authority and MDM clients. Microsoft offers two MDM authority solutions: Intune, and MDM for Office 365. MDM client functionality is included as part of the Windows 10 operating system. MDM authority can manage various devices that include MDM client functionality, such as Android, iOS and Windows 10. Some device settings can be managed on all MDM-enrolled devices, while other settings are device-specific and can only be configured using device-specific MDM
policies.

Question 58

What is the function of MDM?

Answer 58

MDM functionality includes distribution of applications, data, and configuration settings to devices that are enrolled to MDM. Windows 10 devices can be enrolled in MDM manually by using the Settings app, by provisioning a package, or by Group Policy in a hybrid environment. Alternatively, devices can be
enrolled in Azure AD providing integration between Azure AD and MDM is configured. You can use MDM to manage a device regardless of its domain membership.

Question 59

What capabilities does MDM provide?

Answer 59

Device enrollment, Configuring devices, Monitoring and reporting, Application Management, and Selective delete data.

Question 60

How Microsoft 365 provides MDM and MAM?

Answer 60

Windows 10 devices have built-in mobile device management features in the operating system. Therefore, the preferred method for managing these devices is to enroll it as a mobile device with Intune. You
must use device enrollment for devices running any operating system other than Windows, such as those running iOS, MacOS, or Android.

Question 61

Which devices does intune support?

Answer 61

Apple iOS 9.0 and later
Mac OS X 10.9 and later
Android 4.4 and later, including Android for Work and Samsung Knox
Windows Phone 8.1, Windows RT 8.1, and Windows 8.1 (sustaining mode)
Windows 10 and Windows 10 Mobile
Windows 10 IoT Enterprise and Windows 10 IoT Mobile Enterprise

Question 62

What is DLP?

Answer 62

DLP is the capability built into Microsoft 365 that helps your organization ensure data loss or misappropriate doesn’t occur.

Question 63

What is DLP?

Answer 63

DLP is the capability built into Microsoft 365 that helps your organization ensure data loss or misappropriate doesn’t occur.

Question 64

How can you use DLP with Microsoft 365?

Answer 64

●Exchange Online
●SharePoint Online
●OneDrive for Business
Desktop versions of Excel, PowerPoint, and Word
Microsoft 365 DLP protection allows you to:
● Identify and continuously monitor and report on sensitive information.
● Prevent accidental sharing of sensitive information.

Question 65

What are Information Rights Management?

Answer 65

Organizations also need to protect data after it leaves the company. To meet this need, systems based on Information Rights Management (IRM) are used to make protection an inherent part of documents.

Question 66

What does IRM system require?

Answer 66

IRM systems require setting up both client and server environments. The client app that opens a document is responsible for processing protection rules after checking for authorization updates with the
the server component of the system

Question 67

What is Azure Rights Management?

Answer 67

Azure Rights Management (Azure RMS) is the protection technology used by Azure Information Protection (AIP) to provide for IRM in Office 365. AIP is cloud-based and enables you to classify and protect
documents and emails by using labeling.

Question 68

What is Windows Information Protection?

Answer 68

Windows Information Protection (WIP) is a set of technologies that protect your organization from accidental or malicious data leaks, without significant changes to your enterprise environment or apps. It
provides this protection to both enterprise-owned devices and BYOD devices, and it does so without interfering with employees’ regular workflows.