Student Lab Manual

MS100.2x: Microsoft 365 Tenant and

Service Management

Lab Scenario
You are the system administrator for Adatum Corporation, and you have Microsoft 365 deployed in a
virtualized lab environment. In this lab, you will set up a Microsoft 365 trial tenant, manage Microsoft
365 users, groups, and administration, configure Rights Management and compliance, and monitor and
troubleshoot Microsoft 365.

There are four exercises in this lab, each of which contains several tasks. For a successful outcome to
the lab, the exercises and their corresponding tasks must be completed in order. The four exercises
include:

- Exercise 1: Set up a Microsoft 365 trial tenant

▪ Task 1 - Create the trial tenant account
▪ Task 2 - Add the custom domain
▪ Task 3 - Explore the Microsoft 365 admin interface

- Exercise 2: Managing Microsoft 365 users, groups, and

administration
▪ Task 1 - Creating Microsoft 365 users and security groups
▪ Task 2 - Manage security groups
▪ Task 3 - Assign delegated administrators in the Microsoft 365 admin center
▪ Task 4 - Verify delegated administration

- Exercise 3: Configuring Rights Management and compliance

▪ Task 1 - Activate Rights Management in Microsoft 365
▪ Task 2 - Configure Rights Management for Exchange Online
▪ Task 3 - Configure Rights Management for SharePoint Online
▪ Task 4 - Validate the Azure Rights Management functionality

- Exercise 4: Monitor and troubleshoot Microsoft 365

▪ Task 1 - Troubleshooting mail flow in Microsoft 365
▪ Task 2 - Monitoring service health and analyzing reports

Page 1
Lab Design
This lab manual provides two sets of instruction for each lab:

• High-level, summarized instructions

• Detailed, step-by-step instructions, also known as the Lab Solution

IMPORTANT: Start with the high-level, summarized instructions

You are encouraged to perform the labs using the high-level instructions. These summarized
instructions offer you guidance on what tasks need to be performed and what, if any, data needs to be
entered, but they do not provide detailed click-by-click instruction on how to complete each task.

The point of the labs is to apply what you’ve learned in the course by working your way through the
tasks without being guided through each mouse click. Using these high-level, summarized lab
instructions forces you to work your way through the problems, which provides a far better learning
experience for students as opposed to being told how to solve each task.

When to use the Lab Solution

Should you find yourself stuck or unsure on how to proceed with a certain task, or if you are unable to
complete a lab exercise successfully, then refer to the detailed, step-by-step lab solution at the back of
this manual. Please challenge yourself by following the high-level instructions first, and only refer to the
lab solution if you find yourself needing help.

Getting a lab for the lab exercises

The lab exercises in this course require you to log on to the Microsoft Labs Online environment to do
the lab steps in a virtual environment.

WARNING – Be prepared for UI changes

Given the dynamic nature of Microsoft cloud tools, you may experience user interface (UI) changes that
were made following the development of this training content that do not match up with lab
instructions presented in this lab manual.

The Microsoft Learning team will update this training course as soon as any such changes are brought to
our attention. However, given the dynamic nature of cloud updates, you may run into UI changes before
this training content is updated. If this occurs, you will have to adapt to the changes and work through
them in the labs as needed.

Page 2
 SUMMARIZED LAB INSTRUCTION

This section of the Student Lab Manual contains the summarized lab instructions for each lab exercise. It
is recommended that you perform the labs using these high-level instructions, which offer you
guidance on what tasks need to be performed and what, if any, data needs to be entered. However,
these summarized instructions typically do not provide detailed click-by-click instruction on how to
complete each task (that can be found in the Lab Solution).

Try to complete the labs using these summarized instructions, which will emulate more of a real-world
scenario than simply following the click-click-instruction in the Lab Solution. You should only refer to the
Lab Solution should you find yourself stuck or unable to successfully complete the labs using these
summarized, high-level instructions.

Exercise 1: Set up a Microsoft 365 trial tenant

In this lab, you will sign up for a new trial tenant in Microsoft 365 to set up the new services you will
provision.

Task 1 - Create the trial tenant account

1. Open a supported web browser.
2. Click on the button called Launch lab in the course to open a new tab for the lab system.

Note: This process may take a few seconds to create the DNS system for your lab. Make a note of
your allocated domain in the top left corner of web browser. This domain will be used throughout
this lab and you must replace the values of ADatumXXYYZZ.onmicrosoft.com and
XXYYZZ.xtremelabs.us with the value provided in the interface. As an example, if the DNS system
provisioned you AB1234, you would use ADatumAB1234.onmicrosoft.com and

Page 3
 AB1234.xtremelabs.us where appropriate for the rest of this lab.

3. Click Free trial.

4. Open a new tab in your browser and navigate to: https://products.office.com/en-
us/business/office-365-enterprise-e5-business-software
6. For Step 1, in the Welcome, let’s get to know you page, complete the following fields. Regardless of
your location, use the following information:
• Country: United Kingdom
• First name: Holly
• Last name: Dickson
• Business email address: (use your new Windows Live account that you created for this
course)
• Business phone number: Your mobile phone number, including international code for your
current country
• Company name: A. Datum • Organization size: 50-249 people
7. For Step 2, you will create a unique domain for the Company name to use in the course. Use the
Office 365 blob name provided in the lab interface. For the rest of the fields, use the following
information:
• User name: Holly
• Company name: AdatumXXYYZZ (where XXYYZZ is your unique Adatum O365 domain
provided in the Lab DNS system)
• Password: Pa$$w0rd
• Confirm password: Pa$$w0rd
• Uncheck the E-Mail and Phone under Microsoft Online Services may contact me....
• Click Create my account.
8. For Step 3, you will confirm your identity by using your mobile phone.
• Select the Text me radio button
• Select the code for the country that you are now in.
• In the Phone number box, enter your correct mobile phone number and click Text me.
9. When you receive the confirmation text on your mobile phone, on the Prove you’re not a robot
screen, enter the code provided in the Enter your verification code box and click Next.

Page 4
10. On the Save this Info. You’ll need it later screen, wait until the Office 365 tenant is provisioned, and
then click Start Setup.
11. Click the Admin tile to go to the Office 365 admin center.
12. On the update your admin contact info page, provide your phone number and Microsoft account
email address to verify your account.
Note: If you are connected to the previous Office 365 admin center when you connect to Office 365,
click the banner at the top of the page to connect to the new admin center.

Task 2 - Add the custom domain

1. Open a browser and then browse to login.microsoftonline.com.
2. If necessary, sign in as [email protected].
3. On the Step 1 screen, with the Connect a domain you already own selected, enter in the text box
your domain name in the form of XXYYZZ.xtremelabs.us (where XXYYZZ is your unique Adatum
O365 domain provided in the Lab DNS system).
4. You will be prompted to verify the domain by using a TXT record to verify you own this domain.
Copy and write down the TXT record shown in the TXT value column. This entry will be similar to
MS=msXXXXXXXX. Record this value below:

MS=_______________________

5. Go to the DNS lab interface tab in your web browser.

6. Create a TXT Record with the following attributes (Note: The Record Type value will be set as Txt):
a. For the Name: value use @
b. For the TXT value: Paste the MS=msXXXXXX value you copied in step 9.
c. For the TTL, leave the value at 3600.
7. The Txt Records line should now have a 1 to right of it.
8. Switch back to the Office 365 admin center tab in your web browser, and then click Verify.
9. You’ll be prompted to Add new users. Click Exit and continue later at the bottom of the page.

Task 3 - Explore the Office 365 admin interface.

1. Go to the Home page in the Admin center.
2. On the navigation menu, scroll down to explore all available items. Expand items such as Users,
Groups, Settings, and so on.
3. Expand Users, and then click Active users.
4. Review the users list.
5. On the left navigation menu, expand Health, and then click Message center, and then in the right
pane, review the messages.
6. On the left navigation menu, expand Admin centers, and then click Exchange.
7. A new tab will open displaying Exchange admin center.
8. Switch back to the Microsoft 365 admin center tab.
9. Under Admin centers, click Teams & Skype.

Page 5
10. On the left navigation menu, click each of the items, and review the results displayed on the right.
11. Switch back to the Microsoft 365 admin center tab.
12. On the left navigation menu, click Admin centers, and then click SharePoint.
13. A new tab will open displaying SharePoint admin center.
14. On the left navigation menu, click each of the items, and review the results displayed on the right
pane.

Exercise 2: Managing Office 365 users, groups and

administration
In this lab, you will create some users and groups and assign some roles to manage Office 365 services.

Task 1 - Creating Office 365 users and security groups

1. Open your web browser, and then browse to https://login.microsoftonline.com/.
2. Sign in as [email protected].
3. In the Office 365 admin center, click Admin.
4. Navigate to the Active Users list.
5. Add a user with the following attributes::
• First name: Brad
• Last name: Sutton
• Username: brad, with the domain @Adatumyyxxxxx.onmicrosoft.com
• Location: United Kingdom
• Password: Pa$$w0rd (uncheck the Make this user change their password when they first
sign in option)
• Product Licenses: Verify Office 365 Enterprise E5 is set to On (enabled).
6. Click Add, and then click Send email and Close.
7. Repeat steps 5 through 6 to create another user called Maira Wenzel with username maira. All
other attributes will be the same as Brad’s.
8. Repeat steps 5 through 6 to create another user called Roman Miler with username roman. All
other attributes will be the same as Brad’s.
9. Repeat steps 5 through 8 to create another user called Roman Miler with username roman. All
other attributes will be the same as Brad’s.
10. Repeat steps 5 through 8 to create another user called Jessica Jennings with username Jessica. All
other attributes will be the same as Brad’s.
11. Add a new group where the Type is Security, the Name is Sales, and the Description is Sales
department users.
12. Add Maira Wenzel and Brad Sutton as members of this group.
13. Add a new group where the Type is Security, the Name is Accounts, and the Description is
Accounts Department users.
14. Add Roman Miler as a member of this group.

Page 6
Task 2 - Manage security groups
1. In the Microsoft 365 admin center, verify that you can see the following groups:
• Sales
• Accounts
2. Add Roman Miler to the Sales group.
3. After adding Roman to the group, you should delete the group.
Note: If you can’t delete the group, cancel the operation and close the group property page and
open it again. Try deleting the group again.
4. Display the list of Active Users and verify that Roman Miler’s account still exists in the list of
users.

Task 3 - Assign delegated administrators in the Office 365 admin

center
1. Open your web browser, and then browse to https://login.microsoftonline.com/.
2. Sign in as [email protected].
3. In the Office 365 admin center, click Admin.
4. Navigate to the Active Users list, and then select Roman Miler.
5. Assign Roman to the Customized administrator and Billing administrator roles.
6. Enter [email protected] as an Alternate email address, then save your changes.
7. Repeat steps 4 through 6 for Brad Sutton. Assign Brad to the Customized administrator and
Password administrator roles and enter the same Alternate email address for Brad.
8. Repeat steps 4 through 6 for Maira Wenzel. Assign Maira to the Customized administrator and
User management administrator roles and enter the same Alternate email address for Maira.

Task 4 - Verify delegated administration

1. On the Office 365 page, sign out if needed and then sign in as
[email protected].
2. On the Office 365 portal, click Admin.

3. If prompted, sign in again as [email protected]. using the password

Pa$$w0rd123.
Note: If the On the don’t lose access to your account! prompt appears, click cancel.
4. On the Microsoft 365 admin center navigate to the Active Users list.
5. Select Jessica Jennings. Note that you cannot perform any administrative tasks.
6. Reset Jessica’s password. Ensure the Auto-generate password is selected, and uncheck the Make
this user change their password when the first sign in option.
7. Write down the temporary password here for future reference, and then click Send email and close:
______________________________

Page 7
8. On the top-right menu, click the Brad Sutton User Profile icon in the top right, then click Sign out.
9. On the Office 365 page, sign in as [email protected].
10. In the Office 365 portal, click Admin.
11. In the Microsoft 365 admin center, navigate to the Active Users and select Jessica Jennings.
12. Edit Jessica’s Contact information section, click Edit.
13. On the Edit contact information as follows:
• Enter 555-1234 as the Office phone.
• Select the Block the user from signing in option in the Sign-in status section.
14. After saving your changes, add a new user account with the following attributes:
• First name: Chris
• Last name: Breland
• Username: chris, with the domain @Adatumyyxxxxx.onmicrosoft.com
• Location: United Kingdom
• Password: Pa$$w0rd (uncheck the Make this user change their password when they first
sign in option)
• Product Licenses: select the option to create a user without a product license
15. After saving the record, select Chris Breland from the Active Users list and then delete the account
record.
16. Click on the Maira Wenzel User Icon at the top right and click Sign out.
17. Close your browser.

Exercise 3: Configuring Rights Management and compliance

In this lab, you will set up and use Azure Right Management for your trial tenant.

Task 1 - Configure Rights Management for Exchange Online

1. On the Desktop, right-click on Start and select Windows PowerShell (Admin).
2. Type the following commands, and then press Enter after each command to connect to remote
Exchange Online with remote PowerShell. Use Holly’s credentials to connect.
Note: If you get a warning about security risks, answer Yes to All by pressing A, and then Enter.
• Set-ExecutionPolicy unrestricted
• $Cred = Get-Credential
• $Session = New-PSSession -ConfigurationName Microsoft.Exchange -
ConnectionUri
https://outlook.office365.com/powershell-liveid/ -Credential $Cred -
Authentication Basic -AllowRedirection
• Import-PSSession $Session
3. Type the following command, and then press Enter to set the IRM sharing location to the region
you are in:

Set-IRMConfiguration -RMSOnlineKeySharingLocation "https://sp-

Page 8
 rms.na.aadrm.com/TenantManagement/ServicePartner.svc"

Note: Depending on the location of your tenant, replace the link in the preceding command with one of
the following:

•
For Europe: https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc
•
For Asia: https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc
•
For South America: https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc
4. Type the following command, and then press Enter to configure Azure RMS as a trusted publishing
domain.
Import-RMSTrustedPublishingDomain -RMSOnline -name "RMS Online"
5. Type the following command, and then press Enter to set the IRM configuration for licensed users
only:
Set-IRMConfiguration -InternalLicensingEnabled

6. Type the following command, and then press Enter to test the configuration.
Test-IRMConfiguration -Sender [email protected]
7. Type the following command, press Enter, and then close Windows PowerShell.
Remove-PSSession $Session

Task 2 - Configure Rights Management for SharePoint Online

1. In the web browser, navigate to https://portal.office.com.
2. On the Office 365 page, click Admin.
3. In the left navigation pane, under Admin centers, click SharePoint.
4. In the SharePoint admin center, in the left pane, click settings.
5. On the settings page, in the Information Rights Management (IRM) section, click Use the IRM
service specified in your configuration, and then click Refresh IRM Settings.
6. Click on Site collections on the left.
7. Add a new Private Site Collection with the following attributes:
• Title: Marketing
• Web Site Address (in the field to the right of the drop-down with /sites/ selected):
marketing
• Administrator: [email protected]
8. Wait for the new SharePoint site to be created.

Task 3 - Validate the Azure Rights Management functionality

1. Go to Holly’s mailbox by clicking on the top left App launcher icon ( ) and selecting Outlook.
Note: If you are prompted to select a timezone, choose one, and click Save.
2. Click New to create a new email and in the To: field, add Brad Sutton as the recipient.

Page 9
3. Type a subject, and then type some text in the message body.
4. On the top tool bar select Protect. An indicator will show the message is now set with the
permission of Do Not Forward.
5. Send the email.
6. In your web browser, connect to https://adatumyyxxxxx.sharepoint.com/sites/marketing.
7. On the left rail, click Documents.
8. At the top right, click on the Settings Icon, then click Library settings.
9. On the Settings page, under Permissions and Management, click Information Rights Management.
10. On the Information Rights Management Settings page, select the Restrict permissions on this
library on download checkbox.
11. In the Create a permission policy title box, type Marketing Policy.
12. In the Add a permission policy description box, type Marketing policy for downloads.
13. Click SHOW OPTIONS.
14. Under Configure document access rights, select the Allow viewers to write on a copy of the
downloaded document checkbox and click OK.
15. Share the document with Brad Sutton.
16. Sign out Holly and close your web browser.
17. Open your web browser, and then connect to https://portal.office.com.
18. Sign in as [email protected].
19. In the Office 365 portal, in the App launcher, click Outlook.
20. On the Outlook page, select your time zone and click Save.
21. Verify that you received an email from Holly that is IRM protected. Click the view the message.
22. Click the down arrow beside Reply all, and then verify that you do not have the option to forward
or print the message.
23. Click Start, type WordPad and launch WordPad on your machine to create a new test document.
24. Click File and Save the document on the desktop as Document with filetype Office Open XML
Document.
25. Connect to https://adatumyyxxxxx.sharepoint.com/sites/marketing.
26. Click Documents on the left rail. Then click Upload, and in the drop-down select Files. Select
Desktop under the Quick access section and then select Document.
27. Right click on Document.docx and choose Open then choose Open in Word Online.
28. This document cannot be edited in Word Online because it is protected.
29. Sign out and close your web browser.

Page 10
Exercise 4: Monitor and troubleshoot Office 365
In this lab, you will play with some troubleshooting tools in Office 365 and look at the Office 365 service
health.

Task 1 - Troubleshooting mail flow in Office 365

1. Open your web browser, connect to https://portal.office.com and then sign in as
[email protected].

1. Click Outlook, and then create a new email.

2. In the To text box, type [email protected].
3. Enter a subject and some body text and then send the email.
4. Wait for the delivery failure message to appear.
5. Select the body text of the message, including the phrase “Generating server” down to “X-
OriginatorOrg: adatumyyxxxxx.onmicrosoft.com” and then press Ctrl+C to copy it to the Clipboard.
6. Open a new tab in your web browser and browse to testconnectivity.microsoft.com.
7. On the Microsoft Remote Connectivity Analyzer page, click the Message Analyzer tab.
8. Under Message Header Analyzer, paste the message, and then click Analyze headers.
9. Click Clear to reset the Message Header Analyzer.
10. Return to Holly’s Mail tab.
11. Click New, and then in the To text box, type [email protected].
12. Enter a subject and some body text, and then click Send.
13. Wait for the delivery failure message to appear.
Note the reason for the “Requested action not taken: mailbox unavailable” failure.
14. Select the body text of the message including the phrase “Generating server” down to “X-
OriginatorOrg: adatumyyxxxxx.onmicrosoft.com” and then press Ctrl+C to copy it to the Clipboard.
15. Switch to the Microsoft Remote Connectivity Analyzer tab.
16. On the Microsoft Remote Connectivity Analyzer page, ensure that you are on the Message
Analyzer tab.
17. Under Message Header Analyzer, paste the message, and then click Analyze headers.
Note the diagnostic information and the time taken for the message to be rejected.
18. Close the Microsoft Remote Connectivity Analyzer page.
19. On the tab with the Office 365 portal, click the Apps launcher in the top task bar, and click Admin.
20. On the Microsoft 365 admin center page, click Admin centers to expand, and click Exchange.
21. On the Exchange admin center page, in the left rail, click mail flow.
22. In mail flow, click message trace.
23. In message trace, next to the Sender field at the bottom, click add sender.
24. In the Select Members dialog box, click Holly, click add->, and then click OK.
25. Under Date range, select Past 24 hours.
26. Under Delivery status, select Failed, and then click Search. Note the two messages.
Note: it may take several minutes before the trace results to show the failed message deliveries.
27. Double-click each message to view the sender, recipient, message size, ID, and IP address
information.

Page 11
28. Close.

Task 2 - Monitoring service health and analyzing reports

1. Open your web browser, connect to https://portal.office.com and then sign in as
[email protected].
2. In the Office 365 Home page, click Admin.
3. On the Microsoft 365 admin center, in the left menu, select Health, and then click Service Health.
4. On the right side of the page, click View history.
5. Click any entry in the calendar that is colored yellow to see further details about incident. Details
appear below the calendar.
6. Click the Home icon on the menu to the left.
7. In the Office 365 admin center, on the left rail, click Reports, and select Usage.
8. On the Reports page, click Email activity.
Note: There might be little or no data shown because there is not much mailbox usage in the lab
environment.

9. In top left of the report, click on the drop down (currently showing Email activity) and choose
Exchange to further expand the drop-down, then click Mailbox usage.
10. Look at all the different date views: 7 days, 30 days, 90 days and 180 days.
11. In top left of the report, click on the drop down (currently showing Mailbox usage) and choose
SharePoint to further expand the dropdown, and click Site usage.
12. Look at all the different date views: 7 days, 30 days, 90 days and 180 days.
13. In the Office 365 admin center, on the left rail, click Reports, and select Security & Compliance.
14. Click on Malware detections.
15. Close the open window.
16. Click on Spam detections.
17. Close the open window.
18. Sign out and close your web browser window.

End of lab

Page 12
 LAB SOLUTION

This section of the Student Lab Manual contains the detailed, step-by-step lab instructions for each lab
exercise. It is recommended that you only refer to these instructions should you find yourself stuck or
unable to successfully complete the labs using the summarized, high-level instructions.

Exercise 1: Set up an Office 365 trial tenant

In this lab, you will sign up for a new trial tenant in Office 365 to set up the new services you will
provision.

Task 1 - Create the trial tenant account

1. Open a supported web browser.
2. Click on the button called Launch lab in the course to open a new tab for the lab system.

Note: This process may take a few seconds to create the DNS system for your lab. Make a note of
your allocated domain in the top left corner of web browser. This domain will be used throughout
this lab and you must replace the values of ADatumXXYYZZ.onmicrosoft.com and
XXYYZZ.xtremelabs.us with the value provided in the interface. As an example, if the DNS system
provisioned you AB1234, you would use ADatumAB1234.onmicrosoft.com and
AB1234.xtremelabs.us where appropriate for the rest of this lab.

3. Click Free trial.

Page 13
4. Open a new tab in your browser and navigate to https://products.office.com/en-
us/business/office-365-enterprise-e5-business-software
13. For Step 1, in the Welcome, let’s get to know you page, complete the following fields. Regardless of
your location, use the following information:
• Country: United Kingdom
• First name: Holly
• Last name: Dickson
• Business email address: (use your new Windows Live account that you created for this
course)
• Business phone number: Your mobile phone number, including international code for your
current country
• Company name: A. Datum • Organization size: 50-249 people
14. Click on Next to continue.
15. For Step 2, you will create a unique domain for the Company name to use in the course. Use the
Office 365 blob name provided in the lab interface. For the rest of the fields, use the following
information:
• User name: Holly
• Company name: AdatumXXYYZZ (where XXYYZZ is your unique Adatum O365 domain
provided in the Lab DNS system)
• Password: Pa$$w0rd
• Confirm password: Pa$$w0rd
• Uncheck the E-Mail and Phone under Microsoft Online Services may contact me....
• Click Create my account.
11. For Step 3, you will confirm your identity by using your mobile phone.
• Select the Text me radio button
• Select the code for the country that you are now in.
• In the Phone number box, enter your correct mobile phone number and click Text me.
12. When you receive the confirmation text on your mobile phone. On the Prove you’re not a robot
screen, enter the code provided in the Enter your verification code box and click Next.
13. On the Save this Info. You’ll need it later screen, wait until the Office 365 tenant is provisioned, and
then click Start Setup.
14. Click the Admin tile to go to the Office 365 admin center.
15. On the update your admin contact info page, provide your phone number and Microsoft account
email address to verify your account.
Note: If you are connected to the previous Office 365 admin center when you connect to Office 365,
click the banner at the top of the page to connect to the new admin center.

Task 2 - Add the custom domain

1. Open a supported web browser and then browse to login.microsoftonline.com.
2. If necessary, sign in as [email protected] with the password Pa$$w0rd
(where XXYYZZ is your unique Adatum O365 domain provided in the Lab DNS system).
3. On the Step 1 Screen:

Page 14
 • With the Connect a domain you already own selected, enter in the text box your domain
name in the form of XXYYZZ.xtremelabs.us (where XXYYZZ is your unique Adatum O365
domain provided in the Lab DNS system).
• Click Next

4. You will be prompted to verify the domain by using a TXT record to verify you own this domain.
Copy and write down the TXT record shown in the TXT value column. This entry will be similar to
MS=msXXXXXXXX. Record this value below:

MS=_______________________

5. Go to the DNS lab interface tab in your web browser.

6. Click on Create Record button on the TXT Records line.
7. A dialog will appear with the Record Type value set as Txt.
• For the Name: value use @
• For the TXT value: Paste the MS=msXXXXXX value you copied in step 9.
• For the TTL, leave the value at 3600.
• Click Save.
8. The Txt Records line should now have a 1 to right of it.
9. Switch back to the Office 365 admin center tab in your web browser, click Verify.
10. You’ll be prompted to Add new users. Click Exit and continue later at the bottom of the page.

Task 3 - Explore the Office 365 admin interface.

1. In the Admin center, click Home.
2. On the left navigation menu, scroll down to explore all available items. Expand items such as Users,
Groups, Settings, etc.
3. On the left navigation menu, expand Users, and then click Active users.
4. Review the users list.
5. On the left navigation menu, expand Health, and then click Message center, and then in the right
pane, review the messages.
6. On the left navigation menu, expand Admin centers, and then click Exchange.
7. A new tab will open displaying Exchange admin center.
Note: If you are prompted to sign-in, be sure to select [email protected]
8. On the left navigation menu, click each of the items, and review the results displayed on the right
9. Switch back to the Microsoft 365 admin center tab.
10. On the left navigation menu, under Admin centers, click Teams & Skype.
11. A new tab will open displaying Microsoft Teams & Skype for Business Admin Center.
12. On the left navigation menu, click each of the items, and review the results displayed on the right.
13. Switch back to the Microsoft 365 admin center tab.
14. On the left navigation menu, click Admin centers, and then click SharePoint.
15. A new tab will open displaying SharePoint admin center.
16. On the left navigation menu, click each of the items, and review the results displayed on the right
pane.

Page 15
Exercise 2: Managing Office 365 users, groups and administration
In this lab, you will create some users and groups and assign some roles to manage Office 365 services.

Task 1 - Creating Office 365 users and security groups

1. Open your web browser, and then browse to https://login.microsoftonline.com/.
2. Sign in as [email protected], where yyxxxxx is your unique Adatum number,
with the password Pa$$w0rd. If the welcome dialog appears, click Skip.
3. In the Office 365 admin center, click Admin.
4. In the Office 365 admin center, on the left rail, click Users, then click Active Users.
5. Click the Add a user to open the New user panel and enter in the following:
• First name: Brad
• Last name: Sutton
• Username: brad, with the domain @Adatumyyxxxxx.onmicrosoft.com
• Location: United Kingdom
6. Click Password and select Let me create the password. Enter the password Pa$$w0rd. Uncheck the
Make this user change their password when the first sign in option.
7. Click Product Licenses and verify Office 365 Enterprise E5 is set to On.
8. Click Add, and then click Send email and Close.
9. In the Office 365 admin center, under Active users, repeat steps 5 through 8 to create another user
called Maira Wenzel with username maira and the location set to United Kingdom. Set the
password set to Pa$$w0rd and uncheck the Make this user change their password when the first
sign in. Set Office 365 Enterprise E5 to enabled.
10. In the Office 365 admin center, under Active users, repeat steps 5 through 8 to create another user
called Roman Miler with username roman, and the location set to United Kingdom. Set the
password set to Pa$$w0rd and uncheck the Make this user change their password when the first
sign in. Set Office 365 Enterprise E5 to enabled.
11. In the Office 365 admin center, under Active users, repeat steps 5 through 8 to create another user
called Jessica Jennings with username jessica, and the location set to United Kingdom. Set the
password set to Pa$$w0rd and uncheck the Make this user change their password when the first
sign in. Set Office 365 Enterprise E5 to enabled.

12. On the left side menu, expand Groups, click Groups, and then click the Add a group button.
13. On the New Group page, in the Type drop-down box, click Security, and in the Name text box, type
Sales.
14. In the Description text box, type Sales department users, click Add and then click Close.
15. Select the Sales check box. On the Sales panel, next to Members (0), click Edit.
16. Click on Add members.
17. On the Add members page, under All (5), select Maira Wenzel and Brad Sutton user objects.
18. Click Save, and then click Close.
19. Click Close twice.
20. On the Groups page, click Add a group.

Page 16
21. On the New Group page, in the Type drop-down box, click Security group, and in the Name text
box, type Accounts.
22. In the Description text box, type Accounts Department users, click Add, and then click Close.
23. Select the Accounts check box, on the toolbar and then click Edit the Members (0).
24. Click on Add members.
25. On the Add members page, under All (6), select Roman Miler user object.
26. Click Save, and then click Close.
27. Click Close twice.

Task 2 - Manage security groups

1. In the Microsoft 365 admin center, verify that you can see the following groups:
• Sales
• Accounts
2. In the groups list, click the Sales group.
3. Select the Sales check box and then click Edit the Members (2).
4. Click on Add members.
5. On the Add members page, under All (6), select Roman Miler user object.
6. Click Save, and then click Close twice.
7. Ensure that Roman Miler now lists under the Members list.
8. Click Delete group.
Note: If you can’t delete the group, cancel the operation and close the group property page and
open it again. Click Delete group again.
9. On the Delete page, click Delete, and then click Close.
10. On the left side menu, click Users, and then click Active Users.
11. Confirm that Roman Miler’s account still exists in the list of users.

Task 3 - Assign delegated administrators in the Office 365 admin

center
1. Open your web browser, and then browse to https://login.microsoftonline.com/.
2. Sign in as [email protected], where yyxxxxx is your unique Adatum number,
with the password Pa$$w0rd.
3. In the Office 365 admin center, click Admin.
4. In the Microsoft 365 admin center, on the left-hand side, click Users, click Active Users, and then
click Roman Miler.
5. On the Roman Miler page, in the Roles section, click Edit
6. Under Edit user role, click Customized administrator, select Billing administrator from the list.
7. In the Alternate email address text box, click Edit and type [email protected], click Save, and then click
Close.
8. In the list view, double-click Brad Sutton.
9. On the Brad Sutton page, in the Roles section, click Edit.

Page 17
10. Under Edit user role, click Customized administrator, and then select Password administrator from
the list.
11. In the Alternate email address text box, click Edit and type [email protected], click Save, and then click
Close.
12. Click the X to close the Roman Miler page. In the list view, click Maira Wenzel.
13. On the Maira Wenzel page, in the Roles section, click Edit.
14. Under Assign role, click Customized administrator, and then select User management
administrator from the list.
15. In the Alternate email address text box, click Edit and type [email protected], click Save, and then click
Close. Click X to close the Maira Wenzel page.

Task 4 - Verify delegated administration

1. On the Office 365 page, sign out if needed and then sign in as
2. [email protected], where yyxxxxx is your unique Adatum number, with the
password Pa$$w0rd.

Note: If the Get your work done with Office 365 dialog appears, close it.
3. On the Office 365 portal, click Admin.
4. If prompted, sign in again as [email protected] using the password
Pa$$w0rd123.
Note: If the On the don’t lose access to your account! prompt appears, click cancel.
5. If you are connected to the previous admin center, click the banner at the top of the page to
connect to the new admin center.
6. On the Microsoft 365 admin center Home page, click Users, then Active Users.
7. Click Jessica Jennings. Note that you cannot perform any administrative tasks.
8. Click Reset passwords.
9. On the Reset passwords page, ensure the Auto-generate password is selected, Uncheck the Make
this user change their password when the first sign in. Click Reset.
10. Write down the temporary password here for future reference, and then click Send email and close:
______________________________
11. Click X to close the Jessica Jennings user page. On the top-right menu, click the Brad Sutton User
Profile icon in the top right, then click Sign out.
12. On the Office 365 page, sign in as [email protected], where yyxxxxx is your
unique Adatum number
Note: If the Get your work done with Office 365 dialog appears, close it.
13. In the Office 365 portal, click Admin.
Note: If you see the Welcome to the Office 365 Admin Center, click Skip.
14. In the Microsoft 365 admin center, on the Home page, click Users, then click Active Users, and then
click Jessica Jennings.
15. On the Jessica Jennings page, in the Contact information section, click Edit.
16. On the Edit contact information, click on Contact Information to expand it.
17. In the Office phone text box, type 555-1234, click Save, and then click Close.

Page 18
18. In the Sign-in status section, click Edit. Click Block the user from signing in, click Save, and then click
Close twice.
19. In the Microsoft 365 admin center, click Add a user.
20. In the First name text box, type Chris.
21. In the Last name text box, type Breland.
22. In the User name text box, type chris. Expand Product licenses and enable Create user without a
product license. Click Add, and then click Send email and close.
23. In the Active Users list, click Chris Breland.
24. On the right side, click the Delete user.
25. On the Delete user page, click Delete and then click Close.
26. Click on the Maira Wenzel User Icon at the top right and click Sign out.
27. Close your browser.

Exercise 3: Configuring Rights Management and compliance

In this lab, you will setup and use Azure Right Management for your trial tenant.

Task 1 - Configure Rights Management for Exchange Online

1. On the Desktop, right-click on Start and select Windows PowerShell (Admin).
2. Type the following commands, and then press Enter after each command to connect to remote
Exchange Online with remote PowerShell. Use Holly’s credentials to connect.
Note: If you get a warning about security risks, answer Yes to All by pressing A. then Enter.
• Set-ExecutionPolicy unrestricted
• $Cred = Get-Credential
• $Session = New-PSSession -ConfigurationName Microsoft.Exchange -
ConnectionUri
https://outlook.office365.com/powershell-liveid/ -Credential $Cred -
Authentication Basic -AllowRedirection
• Import-PSSession $Session
3. Type the following command, and then press Enter to set the IRM sharing location to the region you
are in.
Set-IRMConfiguration -RMSOnlineKeySharingLocation "https://sp-
rms.na.aadrm.com/TenantManagement/ServicePartner.svc"

Note: Depending on the location of your tenant, replace the link in the preceding command with
one of the following:

• For Europe: https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc

• For Asia: https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc
• For South America: https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc
8. Type the following command, and then press Enter to configure Azure RMS as a trusted publishing
domain.

Page 19
 Import-RMSTrustedPublishingDomain -RMSOnline -name "RMS Online"
9. Type the following command, and then press Enter to set the IRM configuration for licensed users
only.
Set-IRMConfiguration -InternalLicensingEnabled $true
10. Type the following command, and then press Enter to test the configuration.
Test-IRMConfiguration -Sender [email protected]
11. Type the following command, press Enter, and then close Windows PowerShell.
Remove-PSSession $Session

Task 2 - Configure Rights Management for SharePoint Online

1. In the web browser, navigate to https://portal.office.com. On the Office 365 page, click Admin.
2. In the left navigation pane, under Admin centers, click SharePoint.
3. In the SharePoint admin center, in the left pane, click settings.
4. On the settings page, in the Information Rights Management (IRM) section, click Use the IRM
service specified in your configuration, and then click Refresh IRM Settings.
5. Click on Site collections on the left.
6. In the Site Collections toolbar on the page, click on New and choose Private Site Collection.
7. In the new site collection dialog use the following values for the new SharePoint site:
• Title: Marketing
• Web Site Address (in the field to the right of the drop-down with /sites/ selected):
marketing
• Administrator: [email protected]
8. Click on OK.
9. Wait for the new SharePoint site to be created.

Task 3- Validate the Azure Rights Management functionality

1. Go to Holly’s mailbox by clicking on the top left App launcher icon ( ) and selecting Outlook.
Note: If you are prompted to select a timezone, choose one, and click Save.
2. Click New to create a new email and in the To: field, add Brad Sutton as the recipient.
3. Type a subject, and then type some text in the message body.
4. On the top tool bar select Protect. An indicator will show the message is now set with the
permission of Do Not Forward.
5. Click Send.
6. With your web browser, connect to https://adatumyyxxxxx.sharepoint.com/sites/marketing.
7. On the left rail, click Documents.
Note: If the welcome dialog appears, click X to close.
8. At the top right, click on the Settings Icon, then click Library settings.
9. On the Settings page, under Permissions and Management, click Information Rights Management.

Page 20
10. On the Information Rights Management Settings page, select the Restrict permissions on this
library on download checkbox.
11. In the Create a permission policy title box, type Marketing Policy.
12. In the Add a permission policy description box, type Marketing policy for downloads.
13. Click SHOW OPTIONS.
14. Under Configure document access rights, select the Allow viewers to write on a copy of the
downloaded document checkbox.
15. Click OK.
16. On the top right select Share.
17. Type in Brad Sutton and select his name from the drop down list.
18. Click on the Share button.
19. Sign out Holly and close your web browser.
20. Open your web browser, and then connect to https://portal.office.com. Sign in as
[email protected] with the password Pa$$w0rd.
21. In the Office 365 portal, in the App launcher, click Outlook.
22. On the Outlook page, select your time zone and click Save.
23. Verify that you received an email from Holly that is IRM protected. Click the view the message.
24. Click the down arrow beside Reply all, and then verify that you do not have the option to forward
or print the message.
25. Click Start, type WordPad and launch WordPad on your machine to create a new test document.
26. Click File and Save the document on the desktop as Document with filetype Office Open XML
Document.
27. Connect to https://adatumyyxxxxx.sharepoint.com/sites/marketing.
28. Click Documents on the left rail. Then click Upload, and in the drop-down select Files. Select
Desktop under the Quick access section and then select Document.
29. Right click on Document.docx and choose Open then choose Open in Word Online.
30. This document cannot be edited in Word Online, because it is protected.
31. Sign out and close your web browser.

Page 21
Exercise 4: Monitor and troubleshoot Office 365
In this lab, you will play with some troubleshooting tools in Office 365 and look at the Office 365 service
health.

Task 1 - Troubleshooting mail flow in Office 365

1. Open your web browser and then connect to https://portal.office.com and then sign in as
[email protected] by using the password Pa$$w0rd.

2. Click Outlook, and then click New.

3. In the To text box, type [email protected].
4. Enter a subject and some body text, and then click Send.
5. Wait for the delivery failure message to appear.
Note: the reason for the failure (“The Domain Name System (DNS) reported that the recipient's
domain does not exist.”).
6. Select the body text of the message, including the phrase “Generating server” down to “X-
OriginatorOrg: adatumyyxxxxx.onmicrosoft.com” and then press Ctrl+C to copy it to the Clipboard.
7. Open a new tab in your web browser and browse to testconnectivity.microsoft.com.
8. On the Microsoft Remote Connectivity Analyzer page, click the Message Analyzer tab.
9. Under Message Header Analyzer, paste the message, and then click Analyze headers.
Note the diagnostic information and the time taken for the message to be rejected.

10. Click Clear to reset the Message Header Analyzer.

11. Return to Holly’s Mail tab.
12. Click New, and then in the To text box, type [email protected].
13. Enter a subject and some body text, and then click Send.
14. Wait for the delivery failure message to appear.
Note the reason for the “Requested action not taken: mailbox unavailable” failure.
15. Select the body text of the message including the phrase “Generating server” down to “X-
OriginatorOrg: adatumyyxxxxx.onmicrosoft.com” and then press Ctrl+C to copy it to the Clipboard.
16. Switch to the Microsoft Remote Connectivity Analyzer tab.
17. On the Microsoft Remote Connectivity Analyzer page, ensure that you are on the Message
Analyzer tab.
18. Under Message Header Analyzer, paste the message, and then click Analyze headers.
19. Note the diagnostic information and the time taken for the message to be rejected.
20. Close the Microsoft Remote Connectivity Analyzer page.
21. On the tab with the Office 365 portal, click the Apps launcher in the top task bar, and click Admin.
22. On the Microsoft 365 admin center page, click Admin centers to expand, and click Exchange.
23. On the Exchange admin center page, in the left rail, click mail flow.
24. In mail flow, click message trace.
25. In message trace, next to the Sender field at the bottom, click add sender.
26. In the Select Members dialog box, click Holly, click add->, and then click OK.
27. Under Date range, select Past 24 hours.

Page 22
28. Under Delivery status, select Failed, and then click Search. Note the two messages.
Note: it may take several minutes before the trace results to show the failed message deliveries.
29. Double-click each message to view the sender, recipient, message size, ID, and IP address
information.
30. Note the differences between the message processing events: Receive, Submit, Spam Diagnostics,
and Fail for the nonexistent domain, and Submit, Receive, Spam Diagnostics, and Fail for the
nonexistent user.
31. Close the Message Trace and both Message Trace details windows.

Task 2 - Monitoring service health and analyzing reports

1. Open your web browser and then connect to https://portal.office.com and then sign in as
[email protected] by using the password Pa$$w0rd.
2. In the Office 365 Home page, click Admin.
3. On the Microsoft 365 admin center, in the left menu, select Health, and then click Service Health.
4. On the right side of the page, click View history.
5. Click any entry in the calendar that is colored yellow to see further details about incident. Details
appear below the calendar.
6. Click the Home icon on the menu to the left.
7. In the Office 365 admin center, on the left rail, click Reports, and select Usage.
8. On the Reports page, click Email activity.
Note: There might be little or no data shown because there is not much mailbox usage in the lab
environment.

9. In top left of the report, click on the drop down (currently showing Email activity) and choose
Exchange to further expand the drop-down, then click Mailbox usage.
10. Look at all the different date views: 7 days, 30 days, 90 days and 180 days.
11. In top left of the report, click on the drop down (currently showing Mailbox usage) and choose
SharePoint to further expand the dropdown, and click Site usage.
12. Look at all the different date views: 7 days, 30 days, 90 days and 180 days.
13. In the Office 365 admin center, on the left rail, click Reports, and select Security & Compliance.
14. Click on Malware detections.
15. Close the open window.
16. Click on Spam detections.
17. Close the open window.
18. Sign out and close your web browser window.

End of lab

Page 23