RETIRED - REPLACED - MS-900 Microsoft 365 Fundamentals Exam Cram and Overview

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey everyone welcome to this ms 900 microsoft essentials overview video um i just took the ms900 a few people asked me to create kind of an exam review video after the az900 and the dp 900s so i took the exam um i got just over 900 it was actually a fairly nice exam it's very very broad but not deep at all i think i had 42 questions and you had 60 minutes to actually answer those questions it's a 90-minute exam you get 60 minutes to answer the questions they're all very simple format it's what would i use for x maybe select one option maybe multiple options maybe drag the type of service to the description but that's it there's no case studies no labs there's no negative points for getting something wrong so make sure even if you're not sure often there's a couple of answers that can't possibly be right to eliminate those and take an educated guess it's better to take an educated guess and get it wrong than to not even try at least you have a shot of maybe 50 50 getting some points again we're going to be taking these at home most likely so just a laptop with a single screen a clear room you take a photograph of yourself your driving license and then kind of the four directions of the room on your phone and that's part of the exam process and it's just proctored online you just need kind of a camera looking at you while you take the exam relax often people say hey i'm terrified of taking the exam i don't want to take it what do you lose if you take the exam and you fail you've gained experience you know what your weak points are it tells you when you take the exam it shows you afterwards in your school report this is where you were strong this is where he was weak at least it gives you an idea of where to go and focus and then you'll get it the next time so my goal for this is i want to be fairly brief just to go over the core areas you need to go and do there's some free online training you can take make sure you've got your hands actually in this stuff and trying it out look at the websites we're going to reference a few websites show a few websites look at them it'll help you understand kind of where the features are and what portals i might want to use now because it is so broad i'm going to take a fairly holistic kind of view at it i'm going to think about what are the key areas and expand on each of them so the core of everything there is an identity so i have the identity actually of kind of the company user so i have that identity there when we talk about identity what we really mean in the reality of kind of our microsoft space is we have azure a d and so i'm going to have accounts for me in there i'm going to have accounts for other people in my company in there if i'm collaborating potentially with other people well people outside my company they may be invited in as well as guests and that's saying we call b to b so we may have those kind of objects in there as well because what happens is i as kind of a user i want to collaborate with them so they're the people we would invite into our azure id because i want to collaborate with them but that's the first part we have the identity and then well i'm gonna have some device i'm gonna draw kind of a an old-style kind of desktop machine but it could also be kind of a mobile type device a tablet so we're going to have devices and obviously those devices require some kind of management if it's windows maybe that's kind of the system center configuration manager it could be intune if it's ios if it's android if it's mac os x that's going to be intune if it's a server in my data center then that's going to be configuration manager so we have different solutions around these those devices might need management i might need to be able to detect is it jailbroken i might want to set device level encryption options so we have to kind of understand there's a device management aspect then on all of these things no matter what it is there's going to be some kind of operating system there's an os on my mobile devices on my regular desktop on my laptop that's where we think about things like okay it's windows if it's windows how do i get the new version of windows windows as a service those semi-annual channels without constantly being delivered new functionality feature releases how do i get the os on it in the first place we hear things like autopilot so we have to think about the operating system we have these layers and then okay well i've got that piece well then what do we really do with that operating system well we do the operating system so i can get applications that's really what i care about again via desktop um be it a mobile device okay about the apps so again the applications have to be delivered they have to be maintained intune engine is going to do that delivery for me or again if it's windows i could use configuration manager we often will have options when we talk windows i can use configuration manager and intune intune is kind of the cloud managed service configuration manager is more the one that i'm managing configuration manager i'm installing updates to configuration manager but that can work for kind of server os's as well so i had to think about well those applications and then the really really the precious thing we often care the most about is the data i have data on my mobile devices i have data on my computer i have data up in the cloud as well and that data may need to be classified hey it needs a certain sensitivity it's pii highly confidential maybe i have to keep it legally for a certain amount of time retention or maybe i definitely don't want to keep it once it's past a certain age i don't want the hassles of having data that i don't need to keep so i want to make sure i delete it once it's past a certain age and then of course after all of that we have services out there in the cloud we have various types of cloud service we have things like infrastructure as a service that's really a vm in the cloud we have platform as a service and in the office world this is things like um we have power automate um that used to be called flow that's really logic caps i can graphically drag sets of actions to perform so in the office world typically the only path we're going to do things like power automate and then obviously there's software as a service that's the main kind of microsoft 365 when i think sharepoint online exchange online the onedrive for business hosting um all of those different capabilities that's sas solutions those are providing me that and across everything we're doing really probably super important that everyone's consideration is compliance at the end of everything i need to make sure i'm compliant of course my devices my data my applications be it hepa or gdpr no matter what that is i have to make sure i'm compliant so my goal is to fairly quickly try and touch on all of these aspects just to kind of bring them together a little bit but you need to make sure you go and study these look at hey what's in the exam what are they going to question me on what's the details so you can feel confident to again not super deep but broad talk about all these different aspects so let's look at the identity first and then we'll kind of go counter clockwise till we end up kind of on the data the compliance side so looking at their that identity so i can think about okay well i have my identity and my identity i have an object in azure ad now i always have an object in azure id if i'm an existing company well i probably already have an active directory and in that active directory i have my user objects that is not good enough i have to set up a replication so my objects get versions created in azure id that's something called azure ad connect so if i'm an existing company i've probably got an ad active directory domain services adds i have to get an azure ad if i was a brand new company and i was all in on the cloud going hey i don't have any legacy servers i have to worry about i might just set up an azure id go cloud accounts and just azure ad join my desktops join my devices i don't have to have an ad if i was a brand new fresh company but if i'm hybrid if i have on-prem and cloud i'm going to have an ad that replicates to azure ad now to think about the management of this if i'm managing my identities if we're thinking about a microsoft 365 then i obviously have the microsoft 365 portal and then there's actually the azure ad portal as well the benefit of kind of the microsoft 365 portal as i'm kind of showing it here i can see all the various services i can go and look at all of the other admin centers across exchange and sharepoint and teams from the microsoft 365 admin center i could go and look at my users for example if i go and look at a certain user let's say again look at bruce wayne well for bruce wayne i can actually go and see the licenses bruce wayne has assigned so i can go and add and remove licenses and then depending on what licenses they have i can see the various apps that correlate to those licenses so if i just wanted to see well what apps are associated with microsoft 365 basic well i can see hey i've got all of these different types of services available those power apps project sharepoint plans sway to do so go and look at this go and get an idea of what's available with the various licenses it's actually a good way to get that knowledge or i could use the azure ad portal so here i'm going to aad.portal.azure.com once again here i can go i can look at the users groups licenses and i get all of the same information it's just laid out differently but i can see again enabled services for those various licenses once again i could go and turn them on or off but it gives me that insight into what's available with them so i have different interfaces um to actually see that now for the licensing azure ad there's actually four types of license there's a free license which is the name suggests is free and then i get certain capabilities just for office 365 applications i can do company branding self server password reset for cloud users i get an sla i get some device right back and then there are p1 and p2 these are the premium skus this is where i get key features like conditional access um mfa i can actually do password right back for replicated accounts and then on the premium p2 like office as well is where i get the more security centric advanced features i get here things like identity risk protection it's going to go and detect hey there's risk to my sign in risk to my account that can be very important i can do privileged identity management i can elevate up my permissions i get access reviews so that more advanced license that p2 gives me that now if i'm buying things like an enterprise an e3 e3 gives me p1 if i do e5 it gets me p2 so these are often bundled together so it's important to kind of understand exactly what the capabilities are and what license gives me what kind of feature so my licensing is per user so i can have different licenses for different types of user in my organization some might be on free if you're obviously an office or they're all going to probably at least have office some might have the p1 some might have the p2 i can go and license and give these out when i think about capabilities the there's really two things i think they're going to focus on for this exam the big one is kind of conditional access and conditional access is all about saying hey for these sets of conditions maybe it's a group i'm in maybe it's an application i'm trying to access maybe it's the location i'm from maybe it's the health of my device maybe it's a certain risk i have all these different types of conditions and then based on those conditions what's required to let me in maybe it's just going to grant me access maybe it's going to block maybe it's going to require mfa and this is kind of a big important one if you see something like hey i want strong authentication mfa if you see mfa as an answer it's going to be mfa mfa is that multi-factor authentication it's something i know like a pin or a password it's something i have which could be my laptop it could be my phone it's something i am biometric fingerprint facial recognition it requires two of them multi-factor that is a strong authentication type now if i was using windows hello for business that is a strong authentication because the device has the tpm in it and it's a pin or biometric so those having the device and the pin or the biometric is two factors so that is a strong authentication that counts so if you see hello for business that's also a strong authentication so this mfa we like this because it is a strong auth and i can drive requiring that through conditional access again hello for business is also a strong authentication as well they're both kind of forms of strong off so remember kind of those key things about azure id i have different portals there's different skus if i want mfa from azure it's p1 or above i require that azure id p1 or p2 which is included in various um types of bundles for example the e3 e5 business bundles as well so if i actually go and look at the skews so if we jump over so the e3 and e5 it talks about kind of the different types of identities you want to kind of go through and i'll come back to these later on it was about identity and access management and i can see our p1 plan yep p1 is included for both e3 and e5 great and then it kind of talks about okay p2 well that's only for e5 so i can actually go and see what capabilities am i getting same for business it's up here at the top but i can see security and compliance um support and deployment there's all these different areas you can go to but it kind of talks about those identity capabilities as well so i understand go and take a look at these again even education um there's education plans that show you hey what are we getting the various plans so understand the different plans it's going to kind of give you an idea as you advance threat protection that's normally kind of a p2 azure advanced threat protection is where there's monitoring on your domain controllers so if i wanted to say hey um i want to detect threats against my on-prem domain controllers or they could be in virtual machines but it's active directory domain services that solution is azure atp it sends signals up to the cloud and will detect kind of attacks on your domain controllers pass the hash golden ticket dns reconnaissance etcetera etcetera so that's a service again that that's kind of a p2 type capability the higher sku feature there i actually think atp is part of e5 but again go and check that's the whole point going to look at the website see what's included with the various skus okay so then let's kind of look at the device side and remember when we think about devices there's a whole set of types of device we have to think about so there's things like mac os there's ios there's android things we think traditionally about mobile devices and of course there's windows i'm not going to put windows phone um i don't think anyone if anyone's using that and when i think of these platforms again we think about device management at this point so for a cloud managed solution where i don't want to have to think about deploying management um servers or anything like that my solution is intune and once again this is kind of part of that the ems suite microsoft 365. and this can manage all of these now i'm just writing windows i should be this is really windows client when i think about intune management because what this can do is kind of goes both ways so i can get inventory data i can get kind of health state from this but i can do app deployments now it's going to obviously depend on the platform but i can do things like wind 32 apps i msis i can do deployments for example the msix msix is kind of the new app format it's containerized so it's very clean there's nothing kind of left behind if you uninstall it um it could be the uwp kind of the apex type formats there and it can be things from the app stores so the apple and the android app stores i have the ids it can even be kind of the windows store for business i can actually have my own line of business apps i can add those in here and deploy those as well so i can do all of this kind of app deployment now we still have kind of configuration manager so this was the old kind of i say old i mean it's still valid this was the original maybe that's a better word configuration manager that was designed originally for really the on-prem management so configuration manager it really focuses on kind of windows client but it can also manage windows server so if i see something about hey i have devices on prem their windows client their windows server i can use configuration manager for that but in tune it's kind of that that modern management we're moving from things like configuration manager to intune we're moving from active directory joint to azure adjoint or again there's a hybrid it can be ad and azure ad joined but we have these options for management but if you see saying hey i want to manage mobile devices it's going to be intro if i want a solution that's managed for me that's hosted in the cloud it's going to be in tune and what they have actually done is to avoid some of this confusion they're really bringing in tune and configuration manager together and they're doing this microsoft endpoint management so this is really a combination it's still separate products but now i can think about they're trying to unify some consoles and go to a console and i can manage these together so if you see microsoft endpoint management that's all about a unified view but we'll use the right tool depending on kind of where my devices are what's the best way to manage them so just remember from a device management in tune and i'm saying here sort of inventory but one of the huge things we really have is also policy so i can say hey i require this configuration i require this encryption if it's jailbroken i'm not going to accept it because this in tune health status we can use for things like that conditional access that conditional access can use things like the health state reported via intune to control will i wet actually let this device go and access this app or will i block it so these things actually work very very closely together but when i think about the device management setting device encryption whatever hey most likely it's going to be in tune but if it was on-prem might be a legacy deployment a hybrid deployment configuration manager definitely will play if it's server operating system and potentially for those on-prem clients as well so that's the device now i actually want to go and look at the operating system so we'll kind of move outwards a bit so we'll go back in so now let's think about actually the os so think about the operating system well what does the os entail well i can think about from an os perspective obviously you have to have the os updated so i think about windows as a service this was the move from major versions every three or four years like xp to vista to 7 to 10. so that's just this constant stream of innovation every six months it avoids those massive migration projects and i don't have to wait three or four years to get functionality which is really important when you think about some of the types of attacks now that are created it requires changes to the os that i can't do with a simple patch so now it actually helps keep up and protect against new types of threat type i have to actually get the os onto the device itself initially so that's things like autopilot i don't want to anymore do complete fresh builds of operating systems i want to be able to deliver a device to someone they unbox it they stick it on the internet they authenticate and i'm done that's autopilot and then of course the other option is well maybe a desktop in the cloud which is windows virtual desktop basically a hosted managed remote desktop services with either client or server based desktops or just app publishing so this runs in azure it gives me remote access to desktop applications so let's let's kind of dive into this windows as a service so when i think about windows as a service there's two things i care about i can think about quality updates patches and so these are delivered monthly we think about kind of the whole patch tuesday it's the second tuesday of the month so patch tuesday patch day and if we if we've been in the industry long enough we remember our patch tuesday has 50 new patches i'll pick that one that one that one that one which was a disaster because it means every customer would have their own particular combination of patches it doesn't do that anymore this is now a cumulative hatch you don't pick anymore you get all of them and it grows every month and includes the previous months now you might say well over time this thing's going to get ridiculously large and it would except as we're going to see with the feature updates a build is only supported for so long but yes after a year there's 12 months of patches in that cumulative update so it is bigger so that's why we have to kind of refresh and we support only so many builds but to help combat this there are things to help there's something called an express update so what express update does is this massive cumulative update let's say it's the end of a cycle it's a gigabyte per size but i have all the previous months it already pulls down the bits that i actually need then there's other things there's also things like delivery optimization delivery optimization says well maybe there's other peers on the network i can use there might be things like branch cache so there are various solutions to help optimize pulling those bits down but this is a update monthly gets me fixes there's also some core critical security updates that may come out as well but that's not delivering new features that's making sure things are quality fixing problems that are found then we do this in a we have feature updates feature updates as the name suggests this is delivering new value and there are various channels um available for this there is when i think about the channels there is the semi annual channel this is where most people will be so we'll call that sac so every six months we get a new semi-annual channel there is also something called a long term servicing channel this there'd be a version released every few years this is aimed at i have some device that i don't care about the new features maybe it's some kind of generator or an atm i want to get an os on it test test test the test and not touch it that's what the long term servicing channel is for now there are many things missing a lot of the uwp i don't have the uwp apps i don't have cortana office 365 pro plus will not be supported on long-term servicing channel this is not designed for regular use now there's also insider now the insider builds are obviously released earlier and it gives me an indication of kind of what's coming this is what i want the majority so this is what i want to focus on for my company that semi-annual channel that's going to get the new capabilities rolled out to my company i want them to be able to leverage that now these are released this semiannual channel in kind of spring and fall so we can kind of think march and september there used to be something called targeted they used to be saying called current branch for business which was just the same build just released a bit earlier it was designed to try and help people to encourage some piloting but people i think got confused so that nomenclature has really been dropped the key part is these are supported for a certain amount of time it's already supported for 18 months this one is 18 plus 12 for enterprise and edu because this really gives rise to the idea that as a company i can pick do i wanna every six months get the new version or maybe i don't want that because there's still app testing involved there's still user testing involved maybe i just want to update once a year so this extra 12 months gives me a little bit of leeway to say hey i'm just going to deploy the full update i'm not going to worry about the spring so that extra 12 months for the enterprise and education additions gives me that capability now long-term servicing channel that's the standard five years plus five years extended support so 10 years in total this is only available for enterprise edition so if i'm anything other than that and again even if i have this don't think about this for my regular desktops we really want to be doing that winners as a service it is an ongoing motion so if i think about how i use this if i think kind of builds on the left these are the various builds and then this is kind of time and we have kind of our six month gaps okay so we have a build remember it's out and it's good for 18 months fine so remember maybe that's h1 20 and that's h2 and that's h121 h2 etc so the new build is available and then that's good for six months as well then there's another new build and that's good for six months as well but hey maybe this is the full build so remember the full build also has an extra six months extended support for that enterprise and kind of education then the spring one so it's this constant kind of motion there's all these new builds now how i use this to remember there's also the insider builds so the insider build well is probably available here for this build there's an insider available here for that build and there was an insider available for here so i'm going to have rings of deployment this is kind of how i use these different builds because i can for different populations in my company i can delay the build for a certain amount of time it's fairly long amount of time i can actually delay these for so what i'm going to think about for this is actually rings so i want rings of deployment the ring the ring so that insider build i'm going to deploy that maybe for some test machines for my it department because i want them to get exposed to kind of what's coming and then once the actual semi-annual channel is released i'll have a pilot group so that that's kind of more people now this pilot group should be people from the business so i want business users from each department i want all departments and all apps represented not deploying it to everyone maybe one or two people from each department each app the point is to test to make sure how this new semi-annual channel isn't breaking some app breaking some process so i want a good selection of people from my company to get the semiannual channel in a pilot capacity to go and test through and they need to know they're part of that pilot so they know to go and do good testing to go and test the processes to find if there were any problems and then well then i i kind of have the rollout so it's still the same build it's still the semi-annual channel now i'm going to do the rollout this is everyone and so obviously you can see that the population is getting bigger now i've got kind of everyone involved my whole company so we have a very small number of people initially on kind of the insider i have a subset of my population on the release semiannual channel to pilot it and now when i do the bulk rollout i don't just do it on the same day within here i would still have separate rings because maybe something got missed even if nothing's missed even if it works perfectly people will still get a little bit confused and icons change their menus changed they're going to call the help desk i need to be able to manage that population calling my help desk so i still deploy in rings i'd be over a period of a month or whatever to support that but realize if i overlay that process so hey i've got the pilot going on here um then i'm doing kind of the bulk roll out here they overlay at any one time i'm doing maybe multiple phases i've got some people on the insider some people piloting some people in the rollout it's an ongoing process now we use tooling we have tooling for things like intune windows update for business there's different ways to solve and automate this it's not like i'm manually doing things it's all in place upgrades i don't do the old kind of style where i would capture the user state capture the data wipe the disk put down the os try and work out the drivers put the data in the profile back we don't do that it's an in-place upgrade for windows 10 that is the preferred approach just like what we would do at home so i can automate all of these things but i get the right tooling in place i get the processes in place i use kind of the optimization techniques because these feature updates can be delivered the same way as kind of those um quality updates so i use things like hey branch cache delivery optimization i might pre-populate data i optimize how the data's pulled down to make sure i'm not kind of conflicting and again i pick am i going to do every six months or maybe i'll just do it once a year so i'll just use the full i i'm going to use the full if i'm going to do it once a year because i want that extra bit of room in case there was a problem because realize if i use the 18 month by the time you've done the piloting and you're rolling it out if you found a problem there's a very small window now if i skip to generation if i skip a channel so we would use that to understand the idea of hey insider i'm testing i'm getting things in advance then i'm going to roll it out in rings to the rest of my user population now as we kind of did talk about at a high level remember also we do have kind of the autopilot so autopilot is that idea of hey i've got a new device how do i get it corporate ready so the point of autopilot is there's a number of phases to this i has to kind of harvest the hardware idea of the machine also called a hash if it's a brand new machine maybe the oem can actually provide me those and i kind of bring them into azure id if it's an existing machine i can run scripts to gather those so i bring those into my infrastructure and then what we actually leverage is azure ad they're gonna be azure adjoined and intune so kind of azure id does a little bit initially remember the device just gets essentially unboxed it's connected to the internet and then the user does an authentication that's it that's all they do and then azure ad takes over uh does some issue as ready join gets it ready then in tune really does most of the work inching goes and pushes the policy to do configuration encryption certificates vpn set up these applications deployed it creates the device for me um and then how do you know if you're ready maybe i'm not on windows 7 yet windows 10 yet maybe i'm on windows 7 probably not on vista hope not um so readiness there are various tools available for you the biggest one you're going to use is something called desktop analytics what this does is this telemetry when i use windows update there's telemetry sent about my drivers my hardware my applications i can associate that telemetry with my organization either administrator can deploy a key to my machines it will now associate with my org i can then use all that telemetry and this vast database of information that microsoft have built up to see hey based on all my machines so i don't have to deploy any agent it's just that telemetry i can see this percentage are ready for windows 10. and this percentage have got these drivers may be an issue and these applications and there's a fantastic compatibility um for windows 10 apps but i think it's something like is it point two it's like two apps um i think for every thousand have a compatibility challenge there's a whole team at microsoft that will help you with that but this desktop analytics will help you as the organization go and see hey for my population who's ready for windows 10 and then once you have that well are there any issues that go to the new semi-annual channels and again when you're on windows 10 azure 80 joined is kind of the new preferred don't forget about hello for business that's kind of that hero motion if i can enable hello for business that's that strong authentication so if i can get this turned on that's where it's that stronghold it's the device it's using the tpm the trusted platform module so it's something i have the device and then something i know a pin will think i am a biometric so if i can um i really want to kind of get that on as much as possible so that's that's thinking about the operating system okay so now so what layers have we done okay great so we have the device the operating system now it's the application and obviously when i'm thinking about application for microsoft 365 what i'm really thinking about here is office 365 pro plus there is the and obviously there's many other applications kind of in the world but for right now that's our focus that office 365 pro plus now the big deal with this this is click to run this is not an old style kind of msi it's using some of the app v technology it's vertiz it's containerized it's very efficient once again with it as a delta binary compression to just pull down the bits that have changed it's activated by the internet so what that does mean is i have to connect every 30 days so it's going to re-activate so if i'm off life on the 30 days it's going to activate it's going to go into a limited functionality mode so i need to make sure i'm on the internet every kind of 30 days it's a fairly big install i think it's like 1.6 gigabytes in size but that may obviously vary and then i think for each language there's another 200 250 megabytes obviously it sports multiple languages once again i have different channels available to me now unlike the winners as a service there's actually a more frequent than a semi-annual channel there's actually a monthly and that's the minimum it may actually be more frequent and this is the one i want i really want to be on that kind of monthly again it's very efficient with how it pulls that down there's also because that can be more frequent there's actually an enterprise monthly and really that's just making sure that only gets delivered once a month on patch tuesday so if i care more about hey i want to make sure i control when these things are coming out when i'm getting them i can do an enterprise monthly then there is a semi-annual channel version if i just want it every six months and then there is kind of a monthly kind of preview version of this and then there is a semi-annual channel preview now the monthly preview i think is at least one week in advance this is four months in advance so you get a lot of notice for the semi-annual channel version potentially you may see the word targeted that's been deprecated um don't do that anymore um we don't do that anymore that's kind of the old terminology but i don't know how often they update the exam so if you saw targeted target is really equivalent kind of the preview it was like for windows the the branch for business just an early thing for deployment because once again for all of these things no matter how i deploy what i want to deploy using well i'm going to use rings again we don't just deploy it to everyone straight away we're going to use rings so when i think about how i did windows as a service the rings i'm really going to do the same thing here as well i'm going to have those rings of deployment so there's office 365 pro pass but what exactly is office 365 so if i have my office 365 pro plus what is it well it's kind of the things we're used to i have the whole kind of word excel powerpoint um i can think about things like onenote access there's all kind of um those various apps that are just part of that i'm going to forget some i'm sure obviously we have things like outlook i want to be able to get to my email um teams our kind of collaboration is all clients and there's one drive and i'll draw some different color there's also kind of there's project and vizio they are separately licensed they are not just part of office 365 pro plus so they're kind of the apps and again the point of these is they're internet activated they're constantly kind of being refreshed you may also hear kind of office and then a version like 2019 so that's kind of a static it's not going to get new functionality throughout the year it's going to use a key or a kms for the activation so it's not good it's not connected to the internet and again it is that static uh it's a single purchase so it's not a subscription so maybe if i had some machines that couldn't under any circumstances connect to the internet i could use that but essentially this is a point in time snapshot a subset of the functionality we get in the pro plus but it's not going to get anything new for years until the next major version comes out so really if we can i want to think about this pro plus once again there are various technologies to kind of optimize there's that um delta compression there are things i can do integrations like configuration manager to deploy these out so i have lots of different ways to actually get this deployed to the organization so now let's go back to where we are on our picture um i'll cover data in a second then we kind of think about the cloud services now if you look at what's covered in the exam it does actually mention is so it does kind of bring that up so just super quickly when i think about the services that are available in the cloud you have i as i as is essentially that there's layers so i can think about there's the operating system there's runtimes there's middleware is includes all of those things then there's paz platform as a service there i'm really just thinking about my app and my data i'm responsible for that with paz and then sas it's just kind of delivered for me all of those things are managed so with ios i'm responsible for everything so an example of an is might be hey i'm installing sharepoint um on windows server that would be an is use case if you see the words virtual machine that's is in the office world again kind of this was flow power automate that's really the only kind of pass you're doing in office most of what you're going to do is kind of the microsoft 365. these are sas they exchange online sharepoint online i'm not installing exchange servers i'm not installing sharepoint servers or patching them it's just delivered that's sas that's the focus of really what we're doing now if i extend these out remember i showed you those urls before go and look at what's in kind of the business the education and the enterprise skus there's different levels of sku different types available so know what those are remember really the big difference if i just focus on kind of business and the enterprise business is kind of less than or equal to 300 people if i'm more than that then i'm going to go to enterprise that's going to kind of be that delineation between them now once i have this if i kind of think about microsoft 365 what exactly is microsoft 365 is a whole bunch of services so the big one we think about exchange online and that's one we're probably all very very familiar with and that's giving me my mailbox i can send and receive email there's other functionalities as well but that's that's mail and then i can think about well there's sharepoint online so this is our ability to create for example sharepoint online i can create team sites maybe we'll say intranet sites to not get it confusing so i can create intranet i can create kind of document repositories so i want to make these things available i can create custom apps and flows um it's a place for me to really have these various materials and sites available for people in my organization then we have teams so teams gives me things like that will chat capabilities i can do voice depending on the skus i have i can do voice and video i can create these various capabilities to actually do collaboration so i can create channels um that i can have various tabs i can have applications in there i can store data and it all brings back the kind of sharepoint it uses sharepoint behind the scenes at sharepoint online we have things like yammer i think if yammer might be more of a a social think of teams you'll hear the term inner circle out of the circle since it's from my inner circle people i'm working with all the time and then i think about yammer is more out who's a broader type um i have these like social interactions i can tag things it's a good way to collaborate on a much broader scale we have things like stream stream is great for kind of video it's going to create captions for those it has some great ai kind of capabilities to say well this person's talking at this point and it will actually separate those out there's things like delve to discover hey what's actually available and kind of help me visualize what those things actually are it seems like obviously one drive for business there's project and planner project is kind of that deeper project management planner is a lot simpler kind of capability there one of the other things you're going to kind of see is this analytics and you'll kind of see this broken up into workplace and my so my analytics that's telling me how i'm spending my time this amount of focus time this is my personal work-life balance it's just about me workplace analytics will aggregate that out for the organization so i can see for my company hey i have a terrible work-life balance everyone's working 20 hours a day they're never not responding to emails so that can give me an idea of hey as an organization how am i doing so this feeds information from all of these things so i can get an idea of how am i doing for my company i'm analyzing the the overall capability and you might kind of have on premises versions of these and there are some differentiations so exchange online obviously i have kind of this idea of an unlimited storage um it has kind of native ha and backup just included with it says features that i'm getting in there it and all of these the whole point of kind of sass is i'm just going to draw it it's evergreen that applies to kind of all of them i'm constantly getting new functionality i could not on premises have a new delivery of exchange server or sharepoint server every week they can so they're constantly updating i'm constantly getting new innovations you'll see emails around these things and for sharepoint online i think it's like claims based off that i can't do on-prem i can do things like encryption at rest just um native to that and this is that anti-malware so there's a whole sets of things you can look these up it goes through but have some idea and all of these there are things that i can do in the cloud that maybe i can't do on-prem so have an idea of those capabilities so evergreen all those capabilities so we have the concept of a road map so i can think about hey there's this long road ahead what what actually is there something about there are things that are in development there are things that are kind of rolling out and then i can actually just think about those things that have landed there they're out there and i can go and look at these so if i jump over to the web there is a microsoft 365 roadmap site and on there it's showing me things that are in development things that are rolling out things that are launched so i can go get all of the information about that and what's really nice is if there's a feature that you don't see there that you want well i can go to 365 user voice so user voice is where i can go so i have an idea and it's not there so if i think about hey i have seen some suggestion i'm gonna go to uservoice that's my place to go say hey we should have this feature or if someone's got that feature already i'm gonna upvote it yes that's important and that's a good thing to do because microsoft look at that and depending on how many people are thumbs up and saying yes you want that feature that's kind of gonna get the priority now if i think about the features while it's in development obviously there's no support while it's in preview there's no support i kind of think about i get support over here and there are different levels of support there's different types of impact i can think well there's critical i can think about there's high and then i can just kind of think about well there's it's non-critical if it's a critical problem um there's a one hour if i think about response it's one hour 24 7. that's across the board i'm talking about if you have a support plan like business or enterprise but then it does actually different color it does vary between business and enterprise so critical is the same but then it varies between high so for business um basically what i'm gonna get is from a response perspective let's just do that yeah let's check my numbers here okay so for the response there's not actually there's no commitment in a timeline and it's going to be business hours is when i can contact them that's kind of when i can go and log get support for that if it's high and i'm an enterprise well then the response is next day but it is available 24 7. if it's non-critical then the response is no time commitment but it is 24 7. so that's kind of the difference in kind of these support options for me so just again go and look at documentation go and look at the sites get an idea around those um they're saying that it took a spring again if you're gonna look at the exam objectives support is one of those things that understand what's supported and some of the different responses for the different levels of kind of criticality we might see okay we're nearly at the end this has gone way longer than i thought it would they always do i talk a lot so look at our picture where are we in the scheme of things so i want to talk about the data that that top level part so we'll jump over here to the left side give us a bit of space so when i think about data data is really often what we care about the most we don't really care about the app or the os we care about the data i have to find the data so i have to be able to discover the data then often i want to be able to classify it and then i want to protect and monitor actually how it's used there's various phases there's different discovery tools if you go and look at the microsoft portal there's a whole set tools to help go and find the data but i'm going to focus on kind of this classify and protect because what we can have is we can have labels now the first one i'm going to talk about is retention so retention i can apply a label and it's really i can do a label and i can do a policy label is kind of at an item level this is more at a collection uh maybe it's an entire mailbox for example and maybe it's a sharepoint site some sort of container and i care about this because maybe i have to keep it for x time likewise i may want to make sure i delete it i do not want to keep it or maybe i need to keep for x time and then delete and delete is as important as keep again i want to make sure to keep things that i don't need to keep there could be maybe legal ramifications with that and then we think about sensitivity with sensitivity labels i want to keep it simple so we have this whole thing about kiss keep it simple stupid i might have highly confidential confidential general public that's it if you make them too complex people get confused they won't bother classifying it so i'm really gonna try and keep it so again maybe it's that highly confidential confidential general and public that's it you may have some others but i want it as simple as possible and i can think about these maybe it's user assigned maybe i give a tall tip so what's great is i can create policies and rules if it detects a social security number a credit card pii and again highly confidential is often going to be things like pii it's got some social security numbers data about them that's going to be highly confidential i can automatically apply again those same rules they could give a tall tip or they could actually say hey i'm going to apply it and if it is automatic maybe we let the user override it if they do a justification so they can say hey no no because of x and that will get audited i'm changing that uh because it actually doesn't apply i'm doing this with it i've got these different things once i have these though once the data is classified as a sensitivity label or the whole point is i can then drive a set of actions now that actions might be hey i'm going to control sharing and that can even be things like the anonymous sharing i can do with sharepoint just said if you have the link you can access it i can stop that so i can control the sharing um i could make it be encrypted i could do things like a watermark so it's going to have hey heidi confidential don't do stuff i can control the actions i can perform so maybe i can't print it i can't copy and paste from it i can't reply all and these apply across a whole different set of solutions like in teams i could be chatting and i type in a credit card it can stop me i'm saving a document to my onedrive for business it can actually say hey it's a tooltip we think it should be this level i can override it i'm sending an email so it really applies across the entire suite and when i think about actually the way things apply and where they apply something i kind of forgot to mention now i'm thinking about it talk about so many different things over here when i think about all these different kind of tools here when i think about capabilities one of the really cool things sharepoint and teams lets me do and apologize for jumping around it's important is it lets me do co-authoring i'm just thinking about that so if i'm in word um excel or powerpoint i can co-author if the documents come into sharepoint or teams i actually see a little icon say hey john's editing over here so word excel powerpoint on those platforms actually let me do that co-authoring quick jump in my brain but all of these capabilities i can trigger off the sensitivity label which can be set manually through guide them or even just automatically set it so data's super important and then last and it's not last in terms of important just the last thing i'm going to cover so i had this kind of compliance thing and really compliance does sit above everything it applies to every aspect of what we do so absolutely at the top covers everything is that compliance now there are many types of compliance things i have to think about there might be regulatory so that could be things like hipaa uh i mean there's huge numbers of these there's things like fisma there's gdpr massive numbers of these and the way i think about managing this there is the service trust portal now from that portal i can see a lot of different things there is actually a compliance manager now that compliance manager actually does things that microsoft are responsible for and it shows me that and it shows me things that the customer is responsible for and i can actually then tag i can assign those things to people and actually track how i'm doing say have i done that so it will then feed into my overall compliance so compliance manager helps me do that i can actually assign hey this action goes to bob i can see things like my trust documents so these are things that microsoft maintain i can go and see to see what how am i doing so if i think about things like audits that we've had done um other types of maybe operational processes we have would be available in there i can see things like my regional compliance so there are things maybe in certain europe asia australia what they will be in there i can see things around privacy so again that might be gdpr is a big one around privacy and also there's a whole m365 compliance center and also there's kind of this secure score so secure score shows me an overall score for my company and things i can do to improve it like mfa is a big one it will show me how many points are going to look at secure score for your company look at this recommendations look at it things that hey you need to remediate look at how many points you get the more points the more important it is to do but super quickly if i jump over this is the service trust portal and here you can go and see hey audit reports for various types of actual compliance and i can view all of them and then it's got different documents and resources so industry compliance risk assessments regional scores then the actual compliance center and from the top over here i can actually go to compliance manager sign in and here i can actually add different types of compliance things that i care about for my company you can see right now i've got data protection baseline but i can go and add an assessment and i can see all of these different ones will actually be available for me it's just thinking but these are all types of various iso ones available nist etc so i could add those but then i can go and look at the baseline and it will show me um scores i have scores that microsoft responsible and it will break those down so right now it's still kind of thinking it's a bit like me on a sunday but hey look i can see all these different things owner customer all of those different things that i might need to do so i could go and select one of those i could review it i could assign it to a user i could say well here's where we are in the plan so this isn't just telling me stuff to do it's actually a tool i can use to track my overall compliance so go and look at all of these resources so this was this was what we covered and i totally get it there's a lot of stuff here go through the online trainings go and look at the exam objectives this is kind of an all up review there's things in here i talked about that may be confusing again i'm doing a lot of this from memory so if i talk about certain facts and what things are in look at the website see what's in the different skus relax go and take the exams if you don't pass the only the only real failure is to not try again we all fail at things that are totally cool we learn from that and we go and do better next time so good luck i do great and i'll see you in the next video you

Info

Channel: John Savill's Technical Training

Views: 173,590

Rating: undefined out of 5

Keywords: MS-900, Microsoft 365, M365, Microsoft 365 Fundamentals, certification

Id: ZtOo7prP4_M

Channel Id: undefined

Length: 73min 7sec (4387 seconds)

Published: Tue Aug 18 2020