Setup (38%) - Configuring Business Units, User and Permissions, Security and Passwords 1/4 Flashcards
What Tenant types are available in Marketing Cloud?
Enterprise 2.0
Enterprise 1.0
Core
Agency
What is the tenant in an Enterprise 2.0 account?
A tenant is the top-level account and includes all associated business units
What is the tenant in an Enterprise 1.0 account?
A tenant is the top-level account and includes all associated On-Your-Behalf and Lock & Publish business units
What is the tenant in a Core account?
A tenant is a single account
What is the tenant in an Agency account?
Each top-level account and each associated client account is a separate tenant.
What is a MID?
A unique member identification code assigned to every account and any associated child accounts.
Depending on your MC edition, tenants can include single or multiple MIDs.
How many MIDs does an Enterprise 2.0 tenant include?
Multiple MIDs for Enterprise-edition accounts.
The Top-Level Account and all Child Accounts each have their own MID
How many MIDs does an Enterprise tenant include?
Multiple MIDs.
The Top-Level Account and all Child Accounts each have their own MID
How many MIDs does an Core tenant include?
A single top-level account with one MID
How many MIDs does an Agency tenant include?
Only the top-level account. Each associated client account unit is a separate tenant.
How can you locate the Account Name and MID?
Account name is left of username. Hover over account name to see MID
Under username, navigate to Setup
Use Quick Find to navigate to Account Settings to find the Account Name and MID.
NOTE: The MID is listed as ‘Account ID’
What is the best practise recommendation for Security Settings: Session Timeout?
20 minutes
Controls how long the application remains open in a browser before the system automatically logs out and makes it hard for unauthorised users to access your account.
What is the best practise recommendation for Security Settings: Login Expires After Inactivity?
90 days or fewer
This helps prevent unauthorised users from exploiting old accounts.
What is the best practise recommendation for Security Settings: Invalid Logins Before Lockout?
3
Determines how many chances to enter the correct password for a username. Too many incorrect attempts require user to reset the password.
Helps prevent unauthorised users from repeatedly guessing a password.
What is the best practise recommendation for Security Settings: Count Invalid Logins Across Sessions?
Yes
What is the best practise recommendation for Security Settings: Minimum Username Length?
8 characters
A longer username makes guessing the value more difficult.
What is the best practise recommendation for Security Settings: Minimum Password Length?
8 characters or more
A longer password makes guessing the value more difficult due to an increased number of possibilities.
Tip: Ask users to create a passphrase with multiple words - easy to remember and longer password created.
What is the best practise recommendation for Security Settings: Enforce Password History?
8 passwords remembered
Determines how frequently a user can reuse a password. Enforcing a longer history reduces authorised access to the account. But frequent password changes can cause users to compromise passwords by simply adding a number.
What is the best practise recommendation for Security Settings: User Password Expires In?
90 days
Setting a shorter password expiration period can encourage problematic behaviour (adding numbers / writing down password) and setting too long a period can increase risk of compromise.
What is the best practise recommendation for Security Settings: Send Password Change Confirmation Email?
Enable
This email helps alert a user to suspicious activity on their account.
What is the best practise recommendation for Security Settings: Enable Audit Logging Data Collection?
Enable
What is the best practise recommendation for Security Settings: Enable Audit Logging Data Collection?
Enable
What is the best practise recommendation for Security Settings: Login Expires After Inactivity for API users?
API users aren’t exempt from login inactivity expiration. To avoid login expiration for API users, we don’t recommend this setting for API users. Otherwise, API users are required log in via the UI to avoid login expiration
What happens when the Invalid Logins Before Lockout threshold is reached?
The application locks a users account - the users can’t access their account or request an activation code until the administrator unlocks that account.
Something about Multi Factor Authentication. (tbc)
How can you increase password security?
Make sure that the password includes a mix of uppercase and lowercase letters, special characters, and numbers. (as well as Enforce Password History and Minimum Password Length!)
What does the Security Settings: Exclude API Users from Password Expiration field do?
Allows you to set users with the API User checkbox selected to avoid changing their password.
NOTE Unless necessary, don’t select the ‘Exclude API Users from Password Expiration’ option. Instead schedule a time with your API users to change the API password when necessary.
What does the Security Settings: Exclude FTP Users from Password Expiration field do?
Allows you to exempt FTP users from regular password changes.
NOTE: Unless necessary, don’t select the ‘Exclude FTP Users from Password Expiration’ option. Instead ask FTP users to schedule a time to change the FTP user password when necessary.
What does the Security Settings: Enforce Export Email Allowlist control?
Ensure that your data remain with trusted users as a best practise.
The setting forces the application to export data only to those email addresses on the export email allowlist.
Precisely determine email addresses eligible to receive export data and notifications from your account.
Which tenant types can access Business Units?
An Enterprise 2.0 tenant can organise Marketing Cloud by business units.
Business units are NOT available in Enterprise 1.0, Agency, or Core tenants.
How can Business Units control access to information and sharing of information throughout Marketing Cloud?
A company with multiple divisions or brands can create a business unit for each brand, so that users within that business unit can access only their brand-specific content.
Who can access items created in a Business Unit?
Users working in a business unit can access all items in that business unit.
How can a user share items with other business units?
Items can be shared with users in other business units by placing them in a shared items folder in the Content and Subscribers sections of the application.
What needs to be done before creating business units?
Map out your organisational structure for business units.
Mirror hierarchal company structure
Geographical regios
Workflow processes
Operational structure
Where can an Admin create a Business Unit?
In Marketing Cloud Setup
> Business Units
> Create
What needs to be defined for a new Business Unit?
Name (required) / Description (optional)
Time Zone
Date Format
(based on business unit’s users)
Business Unit Parent
Default name and address for email
Physical
Physical mailing address
Unsubscribe Settings
How would an Admin add a User to a Business Unit?
Setup
Users - select user
Manage Business Units - select default
Assign user to business units
Save
TIP: You can import a file that creates multiple users in a business unit.
How can an Admin view all users in a business unit?
Setup
Business Units
Select checkbox next to business unit
Click ‘View Users’
What are the standard Marketing Cloud roles?
Marketing Cloud Administrator
Marketing Cloud Viewer
Marketing Cloud Channel Manager
Marketing Cloud Security Administrator
Marketing Cloud Content Editor / Publisher
What permissions does a Marketing Cloud Administrator role have?
This role assigns Marketing Cloud roles to users and manages channels, apps, and tools.
This role applies primarily to all Marketing Cloud functionality except Email Studio.
What permissions does a Marketing Cloud Viewer role have?
This role views cross-channel marketing activity results in Marketing Cloud.
This role is generally the most restrictive role and doesn’t allow access to creation, sending, or reporting activities
What permissions does a Marketing Cloud Channel Manager role have?
This role creates and executes cross-channel interactive marketing campaigns and administers specific channels like Email Studio.
The role permits a user to create, send, and monitor Marketing Cloud journeys and messages. Those permissions include reports.
What permissions does a Marketing Cloud Security Administrator have?
This role maintains security settings and manages user activity and alerts.
Assign this role to someone who determines user access and work with Marketing Cloud security.
What permissions does a Marketing Cloud Content Editor / Publisher have?
This role creates and delivers messages through applicable channel apps.
The role permits a user to create and send Marketing Cloud journeys and messages. This role doesn’t include access to many reports.
How can you customise roles or create additional roles in Marketing Cloud?
Setup
Quick Find: Roles
Select existing role to edit
OR ‘Create’ new one
Name
Select Allow or Deny permissions
Save
How do Allow, Deny permissions work in Marketing Cloud?
An explicitly denied permission always overrides all other permissions. When a permission is not explicitly granted or denies, MC defaults to deny permission unless another role grants that permission.
How can you create a user in Marketing Cloud?
Setup
Quick Find: Users
Create
What preferences can Marketing Cloud users adjust to manage their own user experience?
Username > Cloud Preferences
User Settings > Edit
Change
display name,
reply email address,
time zone,
culture code (language)
Default login preference (select which MC app opens when you login)
What does ‘Default Login Preference’ control under a users Cloud Preferences?
The Default Login Preference setting determines which app first displays to a Marketing Cloud user after that user logs in.
How do standard roles and permissions work in Marketing Cloud?
You can assign one of 5 standard roles and more specific permissions. Permissions for these roles can’t be modified.
Each role includes a set of permissions that enable users to perform different tasks.
How do standard roles and permissions work in Marketing Cloud?
You can assign one of 5 standard roles and more specific permissions. Permissions for these roles can’t be modified.
Each role includes a set of permissions that enable users to perform different tasks.
How do standard roles and permissions work in Marketing Cloud?
You can assign one of 5 standard roles and more specific permissions. Permissions for these roles can’t be modified.
Each role includes a set of permissions that enable users to perform different tasks.
How many characters can a password include?
No more than 30 characters.
What does User Permissions in Marketing Cloud control?
A permission is a tool to control a user’s access to screens in Marketing Cloud. By checking the box next to a permission, you can enable or disable that permission.
Can you log in as a user to offer troubleshooting and support in Marketing Cloud?
Yes, In Enterprise (1.0) accounts.
No, In Enterprise 2.0 accounts you are always logged in as self. Can’t login as another user.
How do roles and permissions differ between Enterprise (1.0) and Enterprise 2.0 accounts?
Enterprise - uses Permissions
Enterprise 2.0 0 uses Roles to control the actions a user can perform in the application. A role represents a group of permissions.
How does sharing differ between Enterprise (1.0) and Enterprise 2.0 accounts?
Enterprise - uses Global Folders
Enterprise 2.0 - uses Shared Folders
How do ‘Business Units’ differ between Enterprise (1.0) and Enterprise 2.0 accounts?
Enterprise 2.0 business unit features are similar to Enterprise Lock and Publish functionality in Email Studio.
How do ‘Business Units’ differ between Enterprise (1.0) and Enterprise 2.0 accounts?
Enterprise 2.0 business unit features are similar to Enterprise Lock and Publish functionality in Email Studio.
Use cases for Business Units
Separate brands / divisions / regions
Separate branding for each division / marketing teams
Set of common assets that require sharing between marketing teams.
Separate space for testing / UAT
Marketing Cloud has two main role types:
Classic - legacy roles. Can be modified and focused on Email Studio permissions.
Marketing Cloud - standard roles cannot be modified (and generally do not include Email Studio permissions). They govern the MC suite of apps.
What are Permissions in Marketing Cloud?
Permissions are micro-level security. They are very granular.
Example: The ability to Create, Edit in Journey Builder.
What are Roles in Marketing Cloud?
Roles are macro-level security.
They are a collection of ‘Permissions’.
These are divided into Marketing Cloud and Email Studio Roles.
To assign your users a role and specific permissions from the users screen in MC, what conditions must you meet?
One of:
Marketing Cloud Administrator
Manage Roles permission enabled in Email permissions
Core, Advanced, or Enterprise 1.0 user with the Add Users to Account permission
