Notes on MS-900 exam

 Office 365 like word and excel wanted to bring office applications
online as a cloud service by brining together all the different
applications.
 Office 365 is a cloud-based service that includes apps such as Word,
Excel, PowerPoint, and Outlook along with services such as Microsoft
Exchange, SharePoint, Teams and OneDrive. Microsoft 365 is a cloud-
based service that includes the same Office apps and services, plus
Windows, and Enterprise Mobility + Security.
 Microsoft Graph is a RESTful web API that enables you to access
Microsoft Cloud service resources
 Yammer allows you to connect with others across your company
 Viva: an integrated employee experience platform powered by
Microsoft 365 designed for everyone to connect, learn and grow.
 Deployment rings are a method used to manage and control the rollout
of updates or new features in a staged manner.
 We define a set of devices in a group and they receive updaytes and
minatancen on specific times.
 Microsoft Intune is a cloud-based unified endpoint management
solution that simplifies management across multiple operating
systems, cloud, on-premises, mobile, desktop, and virtualized
endpoints.

 Windows 365 and Azure Virtual Desktop are both virtual desktop
solutions, also known as Desktop-as-a-Service.
 Windows-as-a-Service is a new model for Windows. Instead of a major
release every three or four years, features are released more
frequently, such as semi-annually.
 Monthly Enterprise Channel receives feature updates once a month, on
the second Tuesday of the month.
 Microsoft Viva Insights is a part of the Microsoft Viva suite designed to
help individuals and organizations improve productivity and wellbeing
through data-driven, privacy-protected insights
 Viva Insights is a tool that helps people and businesses thrive with
data-driven, privacy-protected insights, and recommendations to
improve productivity and wellbeing.
 The two types of reports available to view in the Microsoft 365 admin
center are Adoption score and usage reports.
 View information about security trends and track the protection status
of your identities, data, devices, apps, and infrastructure in the
Security admin center through Microsoft 365 Defender.
 Viva Insights provides organization insights and team insights to help
managers foster productivity, wellbeing, and positive team culture.
These insights empower leaders and managers to create positive
change within their team and organization.
 Microsoft Entra ID, formerly known as Azure Active Directory (Azure
AD), is a cloud-based identity and access management service. It plays
a crucial role in managing user, group, and application access to
various resources
 A Microsoft 365 group is used for grouping users according to
collaboration needs. You can give members of the group access to a
shared mailbox, calendar, files SharePoint sites, and more. Because
Microsoft 365 groups are intended for collaboration, the default is to
allow users to create Microsoft 365 groups, so you don’t need an
administrator role.
 A Microsoft Entra joined device is a device joined to Microsoft Entra ID
through an organizational account, which is then used to sign in to the
device. Microsoft Entra joined devices are generally owned by the
organization.
 Managed identities are a type of service principal that are
automatically managed in Microsoft Entra ID and eliminate the need
for developers to manage credentials.
 Before Microsoft entra, which is a cloud based suite of apps for security
people used azure active directory.
 Conditional Access is implemented using policies that enforce
organizational rules.
 Sign-in risk is the real-time calculation that a given authentication
request isn't authorized by the identity owner.
 By following the least privilege security model and assigning specific
admin roles, such as billing administrator or user administrator, to
more users, instead of global admin roles, organizational security is
improved.
 The Global Secure Access app, also referred to as Per-app Access,
provides a more granular approach. The admin can create multiple
enterprise apps and for each of these aps, assign users and groups and
assign specific conditional access policies.
 Microsoft XDR is a defense system to prevent cyberattacks.
 Microsoft defender has specific parts such as defender for office 365.
There are different versions of the defender.
 Main capabilities of defender for office 365 are: Preventing and
detecting threats, investigating threats, Responding to threats.
 Each defender defends against a specific part, thus we have different
types and forms of it.
 When making the presentation on MS900, mention all of the different
defenders and what they are used for.
 Microsoft Defender for Office 365 safeguards against malicious threats
posed by email messages, links (URLs), and collaboration tools,
 including Microsoft Teams, SharePoint Online, OneDrive, and other
Office clients.
 Through the Data Security pillar, an admin can identify and control
sensitive information and respond to classification labels on content.
 Microsoft Defender for Identity is a cloud-based security solution that
identifies, detects, and helps you investigate advanced threats,
compromised identities, and malicious insider actions directed at your
organization.
 Secure Score, in the Microsoft Defender portal, will give a snapshot of
an organization’s security posture, and provide details on how to
improve it.
 With Defender Vulnerability Management, you can empower your
security and IT teams to prioritize and address critical vulnerabilities
and misconfigurations across your organization.
 eDiscovery (short for "electronic discovery") is the process of
identifying, preserving, collecting, reviewing, and producing
electronically stored information (ESI) in response to legal requests,
such as litigation, regulatory investigations, or Freedom of Information
Act (FOIA) requests.
 Audit (Premium) provides longer retention of audit records, high-value
intelligent insights, and higher bandwidth access to the Office 365
Management Activity API.
 'Place content locations on hold' allows preservation of content
relevant to an investigation by securing electronically stored
information.
 Microsoft Purview Communication Compliance is an insider risk
solution that helps detect, capture, and act on inappropriate messages
that can lead to potential data security or compliance incidents within
an organization.
 This approach allows for different retention periods for different
documents within the same SharePoint site.
 When content is labeled as a record, restrictions are put in place,
activities are logged, and proof of disposition is kept at the end of the
retention period.
 Customers with eligible subscriptions to Microsoft 365, Office
365, Azure, or Dynamics 365, and more can use FastTrack at
no additional cost for the life of their subscription.
 Microsoft product teams will see your ideas and discuss them
with you through the community feedback web portal.
 You can view the current health status of your Microsoft 365
services and tenant through the Microsoft 365 admin center.
 Access needs to be installed locally on your device.

A company uses Microsoft 365.

The company needs to evaluate the session risk before a user accesses Microsoft 365 resources.

You need to recommend which primary component of the Zero Trust model needs to be
configured.

Which component should you recommend?

Identities

A company implements Microsoft 365.

The company has concerns about the encryption and classification of

information and removal of Shadow IT in the organization.

You need to recommend a Zero Trust methodology pillar solution.

Which two pillars should you recommend? Each correct answer represents
part of a complete solution.

Data, applications

A company uses Microsoft 365.

The company needs real-time policy evaluation to involve access control

through segmentation.

You need to recommend the primary component of the Zero Trust model that
needs to be configured.

Which primary component do you recommend?

Network

entraID is needed for modern authentication

to ensure both username and password are correct, It is called authentication

main parts of entraID are modern authentication and conditional access

A company uses Microsoft 365.

The company needs security professionals to use the Microsoft 365 Defender
portal to proactively search for undetected threats across users' devices and
applications.

You need to recommend a solution.

Which solution should you recommend?

Hunting

Microsoft Defender for Endpoint provides the first line of defense in the stack,
automated investigation, and remediation of breaches and network
protection. Microsoft Defender for Office 365 protects organizations from
malicious emails, URLs, and collaborative tools.

Microsoft Defender offers several services to protect a company against

cyberattacks. Each of the services protects against a specific type of attack.
The service to use for email messages is Defender for Office 365. Defender
for Identity protects against compromised identities and malicious actions.
Defender for Endpoint protects network endpoints such as compute devices.
Defender for Cloud Apps is a cross– software as a service (SaaS) solution that
intermediates the cloud user and the cloud provider.

Secure Score shows the company’s security posture, with higher scores
indicating a better security posture. It can help to define KPIs (key
performance indicators) and compare benchmarks. The learning hub, Cloud
Discovery, and Threat Explorer do not provide improvement
recommendations. The learning hub is a section inside the Defender portal
that shows links to blogs and video streaming channels, in addition to
Microsoft Learn documentation. Cloud Discovery is part of Microsoft Defender
for Cloud Apps. It uses traffic logs to discover logs and apps being used.
Threat Explorer is a tool in Defender for Office, which companies can use to
identify and analyze recent threats.