Microsoft MS-100 Exam

Services – Planning and Implementing a Microsoft 365 Tenant-1

Posted on by Adriana Guarin

The Services tab displays settings available for workloads, services, and features available in the Microsoft 365 tenant. The following table lists the services that have configurable options in the tenant.


                                                                                 

Service


                                                                                 

Description


                                                                                 

Adoption Score


                                                                                 

Manage privacy levels for Adoption Score as well as setting the scope for users to be included or excluded.


                                                                                 

Azure Speech Services


                                                                                

Manage whether Azure Speech Services can work using content in your tenant to improve the accuracy of speech services. Disabled by default.


                                                                                 

Bookings


                                                                                 

Choose whether the Bookings service is available for use in the tenant. If Bookings is enabled, you also manage specific options, such as whether social sharing options are available or whether Bookings can be used by users outside the organization as well as restricting the collection of customer data.


                                                                                 

Briefing email from Microsoft Viva


                                                                                 

Choose whether to allow users to receive the Viva briefing email. By default, the briefing email is enabled. Users can unsubscribe themselves.


                                                                                 

Calendar


                                                                                 

Choose whether to enable users to share the calendar outside the organization. If sharing is enabled, choose what level of detail is supplied.


                                                                                 

Cortana


                                                                                 

Choose whether to allow Cortana on devices to connect to data in your Microsoft 365 tenant.


                                                                                 

Directory synchronization


                                                                                 

Provides a link to download the Azure AD Connect synchronization tool.


                                                                                 

Dynamics 365 Applications


                                                                                 

Choose whether to allow insights for each user, aggregated insights for other users (non-identifiable), and identifiable insights for other users.


                                                                                 

Dynamics 365 Customer Voice


                                                                                 

Configure email parameters for collecting survey data from Dynamics 365.


                                                                                 

Mail


                                                                                 

There are no org-wide settings to manage here; however, there are links to various tools in the Exchange admin center and the Microsoft Defender 365 portal for things such as transport rules and anti-malware policies.


                                                                                 

Microsoft Azure Information Protection


                                                                                 

There are no settings to manage for this feature; it is a link to documentation for configuring Azure Information Protection settings.


                                                                                 

Microsoft communication to users


                                                                                 

Choose whether to enable Microsoft-generated training and education content delivery to users.


                                                                                 

Microsoft Edge product messaging for users


                                                                                 

Provides information on configuring the Edge spotlight experience for end users.


                                                                                 

Microsoft Edge site lists


                                                                                 

Manage lists of sites and specify which browser experience (Edge or Internet Explorer) users should receive when navigating to those sites.


                                                                                 

Microsoft Forms


                                                                                 

Manage external sharing settings for Microsoft Forms as well capturing the names of internal organization users who fill out forms.


                                                                                 

Microsoft Graph Data Connect


                                                                                 

Choose to enable Microsoft Graph Data Connect for the bulk transfer of data to Azure.


                                                                                 

Microsoft Planner


                                                                                 

Choose whether Planner users can publish to Outlook or iCal.


                                                                                 

Microsoft Search on the Bing homepage


                                                                                 

Customize the Bing.com search page for organization users.


                                                                                 

Microsoft Teams


                                                                                 

Choose whether to enable Teams organization-wide (users who are licensed will be blocked from using Teams). Also, choose coarse control for whether guest access is allowed in Teams.


                                                                                 

Microsoft To Do


                                                                                 

Choose to allow internal users the ability to join and contribute to external task lists and receive push notifications.


                                                                                 

Microsoft Viva Insights (formerly MyAnalytics)


                                                                                

Manage which Viva Insights settings users have access to. By default, all options are selected (Viva Insights web experience, Digest email, Insights Outlook add-in and inline suggestions, and Schedule send suggestions).


                                                                                 

Microsoft 365 Groups


                                                                                 

Configure guest access and ownership settings for Microsoft 365 Groups.


                                                                                 

Modern authentication


                                                                                 

Provides links to information on configuring modern authentication and viewing basic authentication sign-in reports.


                                                                                 

Multi-factor authentication


                                                                                 

Provides links to information on configuring and learning about multi-factor authentication.


                                                                                 

News


                                                                                 

Choose organization and industry settings used to display relevant news information on the Bing home page as well as settings for delivering Microsoft-generated industry news to your organization users.


                                                                                 

Office installation options


                                                                                 

Choose the update channel for Microsoft 365 apps.


                                                                                 

Office on the web


                                                                                 

Choose whether to allow users to connect to third-party cloud storage products using Office on the web products.


                                                                                 

Office Scripts


                                                                                 

Configure Office Scripts settings for Excel on the web.


                                                                                 

Reports


                                                                                 

Choose how to display users’ personally identifiable information in internal reports and whether to make data available to Microsoft 365 usage analytics.


                                                                                 

Search and intelligence usage analytics


                                                                                 

Choose whether to allow usage analytics data to be filtered by country, occupation, department, or division.


                                                                                 

SharePoint


                                                                                 

Choose whether to enable external sharing.


                                                                                 

Sway


                                                                                 

Choose whether to allow the sharing of Sways outside the organization as well as what content sources are available (Flickr, Pickit, Wikipedia, and YouTube).


                                                                                 

User consent to apps


                                                                                 

Choose whether users can provide consent to OAuth 2 apps that access organization data.


                                                                                 

User-owned apps and services


                                                                                 

Choose whether to allow users to auto-claim licenses as well as start trials and access the Office Store.


                                                                                 

Viva Learning


                                                                                 

Choose which content provider data sources to use for Viva Learning. By default, LinkedIn Learning, Microsoft Learn, Microsoft 365 Training, and Custom Uploads are enabled. You can also manage the level of diagnostic data sent to Microsoft.


                                                                                 

What’s new in Office


                                                                                 

Choose whether to display messages to users about new features that are available. This does not change the availability of the feature—only the display of the notification message.


                                                                                 

Whiteboard


                                                                                 

Choose whether to allow the Whiteboard app to be used. Additionally, manage the amount of diagnostic data collected.

Table 1.2 – Organizational service settings

Managing DNS records manually – Planning and Implementing a Microsoft 365 Tenant

Posted on by Adriana Guarin

If you’ve opted to manage DNS records manually, you may need to go back to the Microsoft 365 admin center and view the settings. To do this, you can navigate to the Domains page in the Microsoft 365 admin center, select your domain, and then select Manage DNS:

Figure 1.12 – Managing DNS settings for a domain

On the Connect domain page, click More options to expand the options, and then select Add your own DNS records. From here, you can view the specific DNS settings necessary per service by record type. You can also download a CSV file or a zone file that can be uploaded to your own DNS server.

Figure 1.13 – Viewing DNS settings

The CSV output is formatted as columns, while the zone file output is formatted for use with standard DNS services and can be imported or appended to BIND or Microsoft DNS server zone files.

Configuring a default domain

After adding a domain, Microsoft 365 automatically sets that first custom domain as the default domain, which will get used when creating new users. However, if you have additional domains, you may choose to select a different domain to be used as the default domain when creating objects.

To manage which domain will be set as your primary domain, select the domain from the Domains page and then click Set as default to update the setting:

Figure 1.14 – Setting the default domain

The default domain will be selected automatically when creating cloud-based users and groups.

Custom domains and synchronization

When creating new cloud-based objects, you can select from any of the domains available in your tenant. However, when synchronizing from an on-premises directory, objects will be configured with the same domain configured with the on-premises object. If the corresponding domain hasn’t been verified in the tenant, synchronized objects will be set to use the tenant-managed domain.

Next, we’ll look at core organizational settings in a tenant.

Configuring organizational settings

Organizational settings, as the name implies, are configuration options that apply to the entire tenant. They are used to enable or disable features at the service or tenant level. In many instances, organizational settings are coarse controls that can be further refined by configuration settings inside each individual service.

To access the organizational settings, follow these steps:

  1. Navigate to the Microsoft 365 admin center (https://admin.microsoft.com).
  2. In the navigation pane, expand Settings and select Org settings.

Figure 1.15 – Org settings in the Microsoft 365 admin center

The Org settings page has three tabs:

  • Services
  • Security & privacy
  • Organizational profile

In the next section, we’ll look at the settings available in each of them.

ABOUT ICANN – Planning and Implementing a Microsoft 365 Tenant-2

Posted on by Adriana Guarin
  1. If your domain is registered at a host that supports Domain Connect, you can provide your credentials to the Microsoft 365 Add domain wizard and click Verify. Microsoft will automatically configure the necessary domain records and complete the entire DNS setup for you. You can also select More options to see all of the potential verification methods available, as shown in Figure 1.7:

Figure 1.7 – Verify domain ownership

  1. If you choose any of the additional verification options (such as Add a TXT record to the domain’s DNS records), you’ll need to manually add DNS records with your DNS service provider. Microsoft provides the value configuration parameters necessary for you to configure DNS with your own service provider. After entering the values with your service provider, you can come back to the wizard and select Verify, as shown in Figure 1.8:

Figure 1.8 – Completing verification records manually

  1. If you’re using Domain Connect, enter the credentials for your registrar. When ready, click Connect.

Figure 1.9 – Authorizing Domain Connect to update DNS records

  1. Select Let Microsoft Add your DNS records (recommended) to have the Microsoft 365 wizard update your organization’s DNS records at the registrar. However, if you are going to be configuring advanced scenarios such as Exchange Hybrid for mail coexistence and migration or have other complex requirements, you may want to consider managing the DNS records manually or opting out of select services. Click Continue.

Figure 1.10 – Connecting domain to Microsoft 365

  1. Choose whether to allow Microsoft to add DNS records. Expand the Advanced options drop-down:
  2. The first checkbox, Exchange and Exchange Online Protection, manages DNS settings for Outlook and email delivery. If you have an existing Exchange Server deployment on-premises (or another mail service solution), you should clear this checkbox before continuing. You’ll need to come back to configure DNS settings to establish hybrid connectivity correctly. The default selected option means that Microsoft will make the following updates to your organization’s DNS:
  3. Your organization’s MX record will be updated to point to Exchange Online Protection.
  4. The Exchange Autodiscover record will be updated to point to autodiscover.outlook.com.
  5. Microsoft will update your organization’s SPF record with v=spf1 include:spf.protection.outlook.com -all.

Figure 1.11 – Adding DNS records

  1. The second setting, Skype for Business, will configure DNS settings for Skype for Business. If you have an existing Skype for Business Online deployment or you’re using Skype for Business on-premises, you may need to clear this box until you verify your configuration:
  2. Microsoft will add two SRV records: _sip._tls.@ and _sipfederationtls._tcp@.
  3. Microsoft will also add two CNAMEs for Lync: sip. to point to sipdir.online.lync.com and lyncdiscover. to point to webdir.online.lync.com.
  4. The third checkbox, Intune and Mobile Device Management for Microsoft 365, configures applicable DNS settings for device registration. It is recommended to leave this enabled:
  5. Microsoft will add the following CNAME entries to support mobile device registration and management: enterpriseenrollment. to enterpriseenrollment.manage.microsoft.com and enterpriseregistration. to enterpriseregistration.windows.net.
  6. Click Add DNS records.
  7. If prompted, click Connect to authorize Microsoft to update your registrar’s DNS settings.
  8. Click Done to exit the wizard or View all domains to go back to the Domains page if you need to add more domains.

You can continue adding as many domains as you need (up to the tenant maximum of 900 domains).
ADDING A DOMAIN DEEP DIVE
To review alternative steps and more information about the domain addition process, see https://learn.microsoft.com/en-us/microsoft-365/admin/setup/add-domain.

ABOUT ICANN – Planning and Implementing a Microsoft 365 Tenant-1

Posted on by Adriana Guarin

ICANN (short for Internet Corporation for Assigned Names and Numbers) is a non-profit organization tasked with providing guidance and policy around the internet’s unique identifiers (domains). It was chartered in 1998. Prior to 1998, Network Solutions operated the global domain name system registry under a subcontract from the United States Defense Information Systems Agency.

You can search the list of domain registrars here: https://www.icann.org/en/accredited-registrars.

Microsoft

In addition to choosing a third-party registrar, organizations may also wish to use Microsoft as the registrar. Depending on your subscription, you may have direct access to purchasing domain names from within the Microsoft 365 admin center, as shown in Figure 1.4:

Figure 1.4 – Purchasing a domain through the Microsoft 365 admin center

When purchasing a domain through Microsoft, you can select from the following top-level domains:

  • .biz
  • .com
  • .info
  • .me
  • .mobi
  • .net
  • .org
  • .tv
  • .co.uk
  • .org.uk

Domain purchases will be billed separately from your Microsoft 365 subscription services. When purchasing a domain from Microsoft, you’ll have limited ability to manage Domain Name System (DNS) records. If you require custom configuration (such as configuring an MX record to point to a non-Microsoft 365 server), you’ll need to purchase a domain separately.

Configuring a domain name

Configuring a domain for your tenant is a simple procedure and requires access to your organization’s public DNS service provider. Many large organizations may host DNS themselves, while other organizations choose to pay service providers (such as the domain registrar) to host the services.

In order to be compatible with Microsoft 365, a DNS service must support configuring the following types of records:

  • CNAME: Canonical Name records are alias records for a domain, allowing a name to point to another name as a reference. For example, let’s say you have a website named www.contoso.com that resolves to an IP address of 1.2.3.4. Later, you want to start building websites for na.contoso.com and eu.contoso.com on the same web server. You might implement a CNAME record for na.contoso.com to point to www.contoso.com.
  • TXT: A Text Record is a DNS record used to store somewhat unstructured information. Request for Comments (RFC) 1035 (https://tools.ietf.org/html/rfc1035) specifies that the value must be a text string and gives no specific format for the value data. Over the years, Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and other authentication and verification data have been published as TXT records. In addition to SPF and DKIM, the Microsoft 365 domain addition process requires the administrator to place a certain value in a TXT record to confirm ownership of the domain.
  • SRV: A Service Locator record is used to specify a combination of a host in addition to a port for a particular internet protocol or service.
  • MX: The Mail Exchanger record is used to identify which hosts (servers or other devices) are responsible for handling mail for a domain.

In order to use a custom domain (sometimes referred to as a vanity domain) with Microsoft 365, you’ll need to add it to your tenant.

To add a custom domain, follow these steps:

  1. Navigate to the Microsoft 365 admin center (https://admin.microsoft.com) and log in.
  2. Expand Settings and select Domains.

Figure 1.5 – Domains page of the Microsoft 365 admin center

3. Click Add domain.

4. On the Add a domain page, enter the custom domain name you wish to add to your Microsoft 365 tenant. Select Use this domain to continue.

Figure 1.6 – Add a domain page

Teamwork habits– Monitoring Microsoft 365 Tenant Health

Posted on by Adriana Guarin

Viva Insights Teamwork habits, part of the premium Viva Insights experience, allows managers to gain additional recommendations for managing people. Teamwork habits helps managers identify regular after-hours work, meeting overload conditions, and a lack of dedicated focus time.

Managers can set up their teams by manually adding users, though they can use the suggested list if the manager property has been configured in Active Directory or Azure Active Directory:

Figure 2.25 – Confirming team members

Three additional core features of Teamwork habits are as follows:

  • Scheduling recurring 1:1 time with managed employees
  • Gathering quiet hours impact to determine how work habits impact employees outside of their configured working hours
  • Shared plans for no-meeting days and shared focus times

Organizations that have the Teamwork habits tools available can improve their employees’ well-being and work-life balance. The Teamwork habits feature requires a separate Microsoft Viva Insights license.

Organization trends

The Organization trends tab shows business leader and manager insights to help understand how to effectively manage your teams, such as identifying work patterns:

Figure 2.26 – Organization trends

Organization trend data is privacy-oriented, requiring a minimum of 10 people (including the manager) to be in the management chain, either directly or indirectly. In addition, access to organization trends requires granting access to manager insights through the Viva setup.

Advanced insights

Microsoft Viva Advanced Insights is a reporting tool that provides research-based behavioral insights into organizational work patterns, such as hybrid work, work-life balance, and employee well-being.

The Advanced Insights reporting tool comes with several built-in templates and analysis tools to help organizations understand everything, from meeting effectiveness to employee performance trends correlated to manager 1:1 meetings:

Figure 2.27 – Viva Insights manager coaching report

With large organizational changes such as hybrid and remote work scenarios, it can be important to understand how those work patterns affect performance, including interesting data points such as how much time is spent during meetings multitasking, or how much work is getting done outside normal business hours:

Figure 2.28 – Advanced insights working hours details

The Advanced Insights Power BI report templates provide an analysis of employee engagement and work patterns. Here are the reports:

  • Business resilience: Overall business report highlighting performance and employee well-being
  • Hybrid workforce experience: This report highlights how different work modes (onsite, hybrid, and remote) affect workers
  • Manager effectiveness: This report provides insight into patterns for people managers
  • Meeting effectiveness: This report captures and displays information on meeting statistics such as how many meetings happen at short notice or how much multitasking occurs during meetings
  • Ways of working: This data helps answer questions such as, “Are employees receiving enough 1:1 coaching time?” and “Who generates the most work by organizing meetings?”
  • Wellbeing – balance and flexibility: This reporting data is used to identify whether employees have enough time to focus on core priorities and balance that with breaks and time away from work

For more information on the advanced insights templates and their reporting capabilities, see https://learn.microsoft.com/en-us/viva/insights/advanced/analyst/templates/introduction-to-templates.