Managing Office 365 Identities and Requirements

Exam 70-346: Managing Office 365 Identities and Requirements
The Managing Office 365 Identities and Requirements exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area in the exam. The higher the percentage, the more questions you are likely to see on that content area in the exam.

Provision Office 365 (15–20%)

  • Provision tenants
    • Configure the tenant name, tenant region, initial global administrator; manage tenant subscriptions; manage the licensing model; configure tenant for new features and updates
  • Add and configure custom domains
    • Specify domain name, confirm ownership, specify domain purpose, set default domain, and move ownership of DNS to Office 365, update and verify domain settings
  • Plan a pilot
    • Designate pilot users; identify workloads that don’t require migration; run the Office 365 Health, Readiness, and Connectivity Checks; run IdFix; create a test plan or use case, and setup email accounts for pilot users; understand service descriptions and planning to onboard users to Office 365; engage with the FastTrack centre to onboard Office 365 services

Plan and implement networking and security in Office 365 (15–20%)

  • Configure DNS records for services
    • Create DNS records for Exchange Online, Skype for Business Online, and SharePoint Online, update and verify DNS records for Office 365 settings
  • Enable client connectivity to Office 365
    • Configure proxy to allow client access to Office 365 URLs, configure firewalls for outbound port access to Office 365, recommend bandwidth, configure Internet connectivity for clients, deploy desktop setup for previous versions of Office clients
  • Administer Microsoft Azure Rights Management (RM)
    • Activate rights management, configure Office integration with rights management, assign roles for rights management, enable recovery of protected documents, setup templates for rights management protected email
  • Manage administrator roles in Office 365
    • Implementing a permission model; create or revoke the assignment of administrative roles or the administrative model; determine and assign Global administrator, Billing administrator, Exchange administrator, Password administrator, Skype for Business administrator, Service administrator, SharePoint administrator, User management administrator, and delegated administrator.

Manage cloud identities (15–20%)

  • Configure password management
    • Set expiration policy, password complexity, password resets in Administration centre
  • Manage user and security groups
    • Import users using bulk import (CSV), soft delete, Administration centre, and multi-factor authentication
  • Manage cloud identities with Windows PowerShell
    • Configure passwords to never expire, bulk update of user properties, bulk user creation, Azure Active Directory cmdlets, bulk user licence management, hard delete users

Implement and manage identities by using Azure AD Connect (15–20%)

  • Prepare on-premises Active Directory for Azure AD Connect
    • Plan for non-routable domain names, clean up existing objects, plan for filtering Active Directory, implement support for multiple forests
  • Set up Azure AD Connect tool
    • Implement soft match filtering and identify synchronised attributes, password sync, and installation requirements, implement multi-forest Azure AD Connect scenarios
  • Manage Active Directory users and groups with Azure AD Connect in place
    • Delete (soft delete), create, modify users and groups with Azure AD Connect in place, schedule and force synchronisation

Implement and manage federated identities for single sign-on (SSO) (15–20%)

  • Plan requirements for Active Directory Federation Services (AD FS)
    • Plan namespaces and certificates, plan AD FS internal topologies and dependencies, plan WAP topologies, network requirements, multi-factor authentication, and access filtering using claims rules
  • Install and manage AD FS servers
    • Create AD FS service account, configure farm or stand-alone settings, add additional servers, convert from standard to federated domain, manage certificate lifecycle
  • Install and manage WAP servers
    • Set up perimeter network name resolution, install required Windows roles and features, set up certificates, configure WAP settings, set custom proxy forms login page, switch between federated authentication and password sync, implement password sync temporary fall back

Monitor and troubleshoot Office 365 availability and usage (15–20%)

  • Analyse reports
    • Analyse service reports, mail protection reports, analyse Office 365 audit log reports, analyse portal email hygiene reports
  • Monitor service health
    • Monitor health using RSS feed, use service health dashboard (including awareness of planned maintenance, service updates, and historical data), Office 365 Management Pack for System centre Operations Manager, and Windows PowerShell cmdlets
  • Isolate service interruption
    • Create a service request, Microsoft Remote Connectivity Analyser (RCA), Microsoft Lync Connectivity Analyser Tool, Microsoft Connectivity Analyser tool, hybrid free/busy troubleshooter, Microsoft Support and Recovery Assistant for Office 365

SHARE