YTread Logo
YTread Logo
×

MS-900 Microsoft 365 Fundamentals Study Cram

Apr 06, 2024
Hello everyone, welcome to this Microsoft 365 or MS-900

study

program. My goal here is to really go over some key content that you might want to look at, maybe right at the beginning of your studies, but certainly right before you take the exam. Just to refresh a few things to help put you in the best possible place for the exam. It takes a lot of work to create them, so a like and subscribe is definitely appreciated. Now remember that the Ms 900 is a foundation exam. I don't need to know deep details about administration or architecture. It's really a very broad thinking about what solution you would use to meet certain requirements and solve certain problems.
ms 900 microsoft 365 fundamentals study cram
It's a 60 minute exam, I think it had about 45 questions when I took it, and one of the best resources you can take advantage of is the master's degree. 900 website itself. If we go and look at this site, it has some key resources. So yeah, so I can go and schedule the exam. It tells you, hey, I need a score of 700 out of 1000. It has this skill outline, so you definitely want to download this document, walk through it, and be able to mark it up. Yes, I understand these concepts. Sometimes, if it was simply changed, there will be a version below where we have changes, so you can see exactly what changed from the previous version.
ms 900 microsoft 365 fundamentals study cram

More Interesting Facts About,

ms 900 microsoft 365 fundamentals study cram...

Also, there is this fantastic set of online learning modules that I would definitely recommend and will put you in a very good place. So what my goal is for this, again, it's going to be a review that I'm going to do very quickly. What are the key areas? Just to try to give you a little refresher and before I take the exam, this is my version 2.0, so it replaces the previous version I had because some of the content has changed due to some of the applications. and services have been modified. They have new names or just a completely new solution.
ms 900 microsoft 365 fundamentals study cram
Now, obviously, when we think about it. Microsoft 365, we often think of Office 365, so we certainly have the applications themselves, so we have the applications. And when we think about Microsoft 365 apps, they're Evergreen and we'll talk about this service lifecycle. They are constantly updated with new features. And when we have a license, it can be used on up to five PCs or Mac machines, in addition to five mobile devices. So these could be tablets, these could be your phone. So I get those rights. And then what makes up these applications is a series of keywords, Excel, and we're probably used to these ideas.
ms 900 microsoft 365 fundamentals study cram
Now, by default, all of these have many of them a connected experience. It is using some cloud-powered service or functionality and you can disable it. If you go and look at your file account privacy, you'll see that there are managed settings and I can control whether I want them to be connected. Experiences or not? Now when I think about applications. Obviously there's a word, so we thought of the word, hey, documents. We thought, hey, that integrated experience could be an editor, it could be a researcher, but it's really about the authorship of the documents. Then we have excel.
So when we think about Excel, well, Excel really encompasses all spreadsheets and visualizations. So I can say, hello spreadsheet. Then we have PowerPoint. And as we know, PowerPoint is all about the idea of ​​creating presentations that we can then help others learn and communicate information. There is a presenter and a coach who can really help you in your experiences and improve your presentation. There is PowerPoint designer. We have things like Outlook. Outlook is obviously our man, our calendar and those other functions, contacts, tasks. We have a note. And one note really has to do with that digital notebook.
We can ink there, and in fact, a lot of the other apps that I can write in, I can cut and paste. It's just this fantastic way to take notes interactively and then, of course, teams. We're not really going to talk about Skype these days. We talk about teams like that collaboration. Now collaboration could be 1 on 1 chats, 1 on 1 voice, video groups, meetings, many different aspects of that and when we think about all of these solutions. Well, us too. Yes, we have them running on the desktop. Yes, we have mobile, iOS, Android versions available, but there is also the idea of ​​online versions.
Besides those cell phones. IOS. Android. And we can quickly jump in and look at that. So if I were to jump into the web browser for a second, if I went and looked at the user experience, we would notice it in my user experience on this left side. I have Hey Look, Outlook, Teams, Word, Excel, PowerPoint and there are other apps available to me as well. Forms, OneNote, influence. So all these apps, yeah, cool. There was a desktop version of them. There are mobile versions of them, but I can also use many of them with fantastic experiences directly through the web.
Now there were also certain jobs. Management applications and for work management applications, obviously the project is big, so I can think about the project. Like that ability to project manage complex work efforts. Now, in addition to this, I consider the project as this desktop application. There is also this project idea. There was also an online version of the project on the website. I can create updated timelines, stripe style boards, Gantt timeline charts. It can integrate with teams for various collaboration pieces. So I also have a planner. Now the planner is primarily an online experience and there is a mobile app version.
But it really focuses on these task-based cards across all the Kanban boards. So the idea is to create this very visual experience. I can update the timelines, I get these visual cues of my progress. That's why we want a very visual experience for planning task-based initiatives. Hi, the planner is my go-to tool there. So we have reservations. So if I think about bookings, it's all about web-based appointments, scheduling and managing them. So we have reservations. So with reservations I can define certain types of appointments. I have a booking page for my clients, so it allows them to receive confirmations and reminders via email and SMS.
And again I can achieve integration with the teams. So maybe we have virtual dates and then we have to do it one more time to have that kind of online experience. But there are also versions of the application for mobile desktop. And this really has to do with task management. For me. I have tasks, I have a good focus on my day working and I bring particular tasks to that day. You can have smart suggestions, you can have overdue reminders, and if I have a planner that assigns tasks, what tasks that planner assigns. In fact, it can appear in my task, so I have a really great integration.
So there may be some desktop and online experiences, but then we thought, okay, with these apps. There are online experiences, so cool, it's those desktop apps, those mobile apps, etc. But I really get the idea. From online services, I can think of how they work in this world. Now, before we get into the details of what those services are, maybe one of the important things that we really need to think about is that when we think about the Internet, there's always this idea of ​​shared responsibility, things that I have to do, things that the service provider the service needs to do.
And this has different layers. Now I can think about things like, well, the physical data center. So on the physical DC, I can think, well, there's the physical network. I can think of the physical hosts. There is an operating system running on those hosts. There are several besides the network, the physical cabling and the routers and switches. There were controls. Protection. There is the app itself that provides some features. Exchange server, SharePoint server. And then we thought through this whole idea. There is this identity. And also directory infrastructure. Because we will see that as we go further and further into the cloud, our identity becomes this huge.
Barrier, is our security barrier for all our services. So something has to provide that identity and directory services infrastructure and then of course there are the accounts themselves that are powered. Because of that infrastructure. So I have accounts and identities, and then there were the devices, it could be a desktop, it could be a mobile device, it could be a tablet. And then what really matters to us is our information and our data. So when I think about those levels of things, there's a different set of responsibilities now in the Prem model. This is you. All of these things.
Are you? You are responsible for all that. If I move to different types of cloud services, there are things like infrastructure as a service. Really think about a virtual machine in the cloud. Now, in a cloud virtual machine, the provider cares about the physical host, fabric, and data centers. Basically, you get that VM in the cloud. And then what am I responsible for? Is everything above that virtual machine, meaning the operating system on it, the agents it might have, the applications, and obviously all the identity infrastructure that I'm still responsible for, and things like the platform as a service where I have the ability to really focus on my application.
Now, when I come to platform as a service, there are definitely some gray areas in all of these accounts and identities. This will be me, so this line will continue a little longer. This will always be me. Now, just because you are responsible doesn't mean you are alone. We'll see. There are several services in Microsoft 365 that help me in these areas, that help me protect my accounts, that help me protect my devices, that help me manage them, and that help me protect my data. But I have a responsibility to activate those services and do things with the recommendations now.
Plus, in a PaaS world, I could be one too. Responsible. In certain respects, and it is true, it is a shared responsibility. Kind of like the network controls the application because I'm writing the application. Depending on how I write the application, what identity directory infrastructure will it have? And then we come to SaaS software as a service, and this is Microsoft 365, it's a. Solution provided for you. Now, even here, I am still responsible. For device accounts and identities, that is my organization's intellectual property. I am still responsible for my information and data, but again, there are things that can help me, so don't worry.
Help is at hand. Just because I'm responsible for it doesn't mean I'm alone, and depending on my architecture, I may still have a little bit of responsibility. For this identity and directory infrastructure, you may have some Prem DC components, some connect, so there may be things you're handling there as well. When I think about this SaaS world, I'm never worried about the application, it's always the provider. I'm not patching Exchange or SharePoint, that was just provided to me and that's really the key part and I want to make sure this is really understood. Okay, so what are they?
These various online services that I'm actually going to use, and a lot of them actually correspond to some of these applications that are going to consume these services. So when I think about online services, obviously the sharing is huge. So we have exchange. Obviously, some exchanges centered around the idea of, yes, sending emails, receiving and storing them, syncing them with that Outlook client, and exposing them through web clients. We have an idea of ​​calendars. Maybe a personal calendar, maybe shared? How can I share that it has native antispam, antimalware, and then things like Defender for Office 365 that enhances those capabilities.
Now there are things like public folders. As we have other improvements around Teams and SharePoint, some of these features may be less and less, but we certainly have those capabilities. Then I can think about teams. Especially in this work-from-home world, where there are more and more remote collaboration teams, it's a great approach for this. So we think about what we create teams. It's in that first unit that we have a collection of content tools, people. These can be private. So just specific people in my organization. It could be public. Hey, anyone in my organization can go and see this stuff.
I can have up to 10,000 members on a team and then within a team I create channels. So a channel is a particular section within a team. And even here, even if the team is, for example, public or private, or a group of people or the channel itself, it can be standard so that all team members can use it. I may have the idea of ​​making it private so that a subset of people can use it. I can have the idea over shared. So even people outside the team. We can leverage that content and then we have tabs within those different channels with different types of content.
I have onefiles tab, you could have a particular application. We have the concept of chat. Instant message. I have the ability to schedule and join meetings. We envision those media could be audio, video, chat, screen sharing, webinars, and live events. I can also do it from Teams, and then I can record all this stuff and I can basically send it over Microsoft Stream. To then make it available later so you can record and make it available via streaming whenever you want. And of course, one of the most important features of the device is the ability to have a custom background.
So join my meeting. I can be sitting on the Starship Enterprise or wherever I want to be. There's a Microsoft Teams phone, then a Microsoft Teams phone. It's about, hey, I can have these calling plans, and there are different ones available, but from my PC, my tablet, my mobile device, my desk phone, I can sign up for these plans to communicate with regular phones, and there are huge amounts collaboration with the other tools that are part of this. And then of course. We have things like SharePoint. So SharePoint is perhaps one of those really early tools.
We have the idea of ​​science, that's why I create sites. And those sites are of different types and SharePoint is really one of those cornerstones of collaboration. But I can have a team site. So the A-Team site is all about file storage, data sharing, co-authoring, information list management, and workflow integration. I can have communication sites. So, communication sites about transmitting information to other teams, to the entire organization. Think of a company and know that it would be very useful for this type of communication. And then if I end up with a lot of team sites and communication sites, it will be difficult to understand and find things.
So we have the idea of ​​central sites. Which, as the name suggests, can organize multiple communication sites and equipment into logical groupings. Then we have things like OneDrive. OneDrive actually integrates very tightly behind the scenes with SharePoint, but this is what drives that collaboration in Microsoft 365. It integrates with the OneDrive app. I can share within my company, I can share externally, it helps me find content. And then there's Yammer. Think of Yammer as a social network. Within my company I have communities, I share ideas, so we have these main applications. But we also have this new set of components here.
Now we also have this idea from Microsoft. Live. And there are four components of Microsoft Viva. The first is connections. Again, VM is all about employee experience, so it's an employee experience Exp. Platform, Insights, knowledge, learning resources, all of that. And we have these four key modules so you can think about the connections. So Viva Connections is about the idea of ​​how we can stay connected to each other. It brings together elements from SharePoint and Yammer and Teams and delivers them through a company-branded app that appears within Teams. So it's going to lay it out through there.
I can help get you a dashboard for information on key tools and resources. I can send information to the right people and it really helps me navigate upwards. Then there are Viva's ideas. And if you have this in your company, you probably receive this email daily. We used to have Microsoft Minor lyrics and workplace analysis. It really comes down to this, but it's about protecting network privacy. But these are insights and recommendations to help work smarter now for the individual. Hey, give me recommendations, personal information on how I'm working? Should I change my work pattern? When?
Take a break? When to add focus time? Do I really need to make sure I disconnect after hours? I get a daily report emailed to me at the start of the day, but also information for managers. So managers can say, hey, what are the work patterns of the people on my team? Where perhaps you need to intervene to prevent burnout and reduce stress? Perhaps necessary, I can receive these nudges to foster connection with the team. Maybe you haven't done A1 on one with this team member. Hey, why don't you go and set up a one-on-one meeting?
Help me set up meeting-free days and then implement all of that in an organizational view. So for the organization, for the company leadership to see that work culture changes may be needed to really foster best practice outcomes for the company itself. Then we have the idea of ​​themes. Therefore, Viva Temas is about focusing on knowledge, providing it to the people in the company. It uses AI to identify knowledge and experts in the company and then automatically organizes them into these shared topic areas to create a topic page for each of those topic areas and display it through these cards in the office, in SharePoint, in teams.
And then if I open that card, it will link me to the content. And then live the learning. And as the name suggests, it is an essential hub for learning in the organization. You add content from things like LinkedIn Learning, Microsoft Learn, third parties, it's just internal training that you might want people to create. Allows managers to assign and track learning. And I have a home page, I have my learning page to really take advantage of these things. Now, in terms of the experience, okay, we have all these different components here. We have these online services, we have apps, we have Microsoft, Viva, how do I manage this?
So from a management perspective, we have Microsoft. 365. Administration Center. And in addition, there is also a user portal. So the user portal I showed gives me a sort of web version of the apps. It's also where you could go as a user and say, "Hey, I want to download those apps, those core apps for me." Now the management center is focused on things like, well, hey. Manage my users. Groups. You now use Azure AD, it's just a different interface for interacting with Azure Active Directory. I can help make licenses, assign licenses to users, assign them to groups.
Helps me with my billing. It helps me run various types of reports. It helps me access all the other portals out there. So if we quickly jump in and take a look at this super quick. So if I go and look at my admin.

microsoft

.com, we can see it. It gives me some basic cards on key areas. License users, hello, my Azure AD connection, syncing it, everything looked fine. Any balance you have on billing. We can see these key areas of the well. You could manage users, contacts, guests. I can manage my groups. I can manage my billing, but then I have this option to show all, so it expands to the role support configuration reports.
So from the reports I get things like a productivity score. What is the work done in my organization compared to other organizations? Then I start to get an idea of ​​what exactly is happening in my organization. I get a use. So what is Microsoft 365 for? Not much in my little lab environment, but you can see I'm getting this fantastic amount of information. I have access to all the other admin centers, so online sharing, SharePoint online teams, and Azure AD endpoint manager. They have their own admin areas so I can link to this. Now. When I think of Evergreen, I say that word and I think of online services.
Well, one of the most important things we obviously have is a life cycle. So what are these Evergreen like? What does this really look like? Then I think about my services. So scroll down here. There is a certain life cycle, so I use the color orange to change color for my life cycle. The stage does not always exist. I want things to appear for the first time that I have never seen before. So what really happens is that very often there is a private preview. When I think about these. Online services. This is where there are a very limited number of users and organizations that can help.
Microsoft does its own testing first, but now I can start getting feedback from specific organizations that have signed up for this. We then have a public preview, so as the name suggests, it is available to everyone. Now they have to go and maybe again for a selection of machines, say hello, I want this or I want this particular service, but I'm selecting to get an idea of ​​what's coming, what the standard functionality will be in the future. . It has limited support. Then we get to the general. Availability. GEORGIA. And we often hear about GA, now it is the released version and has full support.
It's going to be widely adopted. Now as part of that general availability. There is this concept of modernity. Life cycle. Policy and what that modern lifecycle policy basically means: Anything that is not a free feature or preview, has a minimum of 12 months support. Now, eventually. Sometimes things get replaced or a certain version stops working. I no longer receive updates. It is no longer supported. So that's going to happen over time. There are several policies. I'm around that. We can go and look. In the modern lifecycle policy that goes through its requirements, customers must keep up to date with the service.
Um, they should too. Have a license. And currently it must be supported. There is notification information on how we are informed about the continuity migration. And if you're thinking, well, there's these end of life, so these features, how do I find out about these things? There is a Microsoft 365 roadmap, so I can go and look at this roadmap and notice that I can see the phases. Hello, current channel, semi-annual, there are many desktop applications. The cloud instance I might be leveraging and the particular products I might be interested in. But I can go and see what's coming.
Where is? And I can search about this, I can get a lot of great information. So this roadmap is the way I can go and discover, well, what's to come. What I have to wait? OK. So we have these applications, we have these services. Well, they have to run somewhere. So. If you think about it, okay, great, we had these apps. They have to run on some kind of endpoints. Now, that endpoint could be a PC or a tablet. It could be a phone, obviously it could be a browser of some kind while we're talking about other things.
It could be an Internet of Things device which is obviously less common in the office, but maybe it's interacting, maybe an email or something like that. Now when we think about devices, I need to manage them and maintain their health. I have to deploy applications to them, configure them and protect them. Many many other aspects. But just like the users. Devices usually have some type of identity and some membership. So how do I think about that end point? Global management of your identity? So the first real step. Do we have to have an identity provider? So I can think about when we use Microsoft 365, the identity provider, the IDP.
It's an azure. Active Directory instance, Azure AD. Now the Azure ID target is cloud based, that's why I make it in blue. So there's nothing I'm particularly organizing. There are no domain controllers that you have access to. Even if it has a D in the name. Actually, it's not particularly AD. But this talks about the cloud, so it provides services that integrate with it. Many different applications that want to use this identity provider. Now it speaks cloud protocols, so we have things like opening ID CONNECT. If I think about OAuth 2. If I think about SAML WS feed, they are all really designed for this type of Internet web-based interaction.
And the key point here is that you could have tons of apps, SaaS apps, Office, all these different apps. I'll configure it to trust a particular identity provider. Now what that means for me as a user, I will have an account here. But I have to log in. And what I get is that he says his name is single. Register. SSO. So when I authenticate to an application with my identity provider. Any other application that uses the same identity provider, I do not have to authenticate again. I get a very smooth experience by logging in once, I don't have to log in again.
There may be other identity providers here, a different identity provider, but we can actually create it. These federations. So, a federation is the place where there is a relationship between different IDPs. I create a trust. And now the users may be on a different IDP, but it will create a token, it will create claims. Within these tokens, because there is trust, the other IDP can consume them and allow them to be used. So this is it. Really a key part of IDP. Now when I think about Azure AD, it haslicense per user and different SKUs are available.
So if we quickly moved on to the versions. Of what we have here. This talks about things like MFA, it's like Azure AD premium P1, Azure AD premium P2 and then Microsoft 365 and three. There were different aspects of Azure AD, but they came with different sets of capabilities. So here we can see different features based on which ones I can have for free. I don't have to pay for Azure AD, it's just completely free, but I get limited sets of capabilities. When I use the free version. So I understand. Well, if I use Office 365, I get some additional rights for Office applications.
So it looks like Azure AD premium P1. That gives me full conditional access so I can put very granular controls when I access different services. I can have things like risk-based, identity protection, access reviews, rights management. So I get different sets of capabilities depending on the exact license I have, and different users can have different licenses. Everything doesn't have to be the same. Now, one of the key things we'll typically have is I drew this idea in Azure AD. And they simply appear when users are inside. But most of the time, as a business, what you really have is an Active Directory, an instance of Active Directory Domain Services that all your users, groups, and devices can join.
Now in Prem AD, well, it talks things like Kerberos. It has NTLM, it has LDAP. I can create an OU structure. We have group policy objects. All of this is fantastic from the facility where I have this very reliable network. It's not so good for the Internet, but what will happen most of the time is that we will have this concept. Of a synchronization. And it's really going this way. So AD is the point of truth, the source of truth, and it will replicate my Azure AD and this is called Azure AD Connect. Then it says I install it.
There is also an Azure AD Connect cloud sync option where the main sync engine actually runs in the cloud. I only have a few agents running on my domain controllers, but it does the same thing. It's mostly syncing from Prem. There are some things going backwards. I talked about a federation, well I can federate if I use Active Directory or third party federation services so Azure AD can actually federate. to AD to get this trust so that the authentication of my users is done in my Prem ad. Most of the time we want to authenticate to Azure AD, so we also send a hash of the hash of the passwords.
So all that authentication can happen directly against my Azure AD. Now I said an interesting word. I said authentication can be done on my Azure AD. So what is that? Then we have the concept of authentication. Authentication is all about proof. Who are you. Now, how can I prove who I am? Very often we think about. Well, it's something I know. Something I am or something I have? Something I know. A password, a pin. Something I'm biometric, my fingerprint, a 3D map of my face that says I have. It could be my PC, it could be my phone, it could be a special type of USB key or other token.
We don't like passwords alone. We consider them very weak which we like these days. Is MFA multi-factor authentication? That's when I have two or more of these, then it could be. Hey. Well, yes, I write a pin. But then I have to do a biometric to unlock something. Or maybe it's good, I have my phone and I have to write a pin. I have my phone and I have to biometrically unlock that app. It says combinations of things, but I get stronger when I have multiple authentication factors. Now we also have the concept of password lists.
There is no password. We get rid of this idea of ​​a network secret and a password. This could be a big boost for business. This is where my PC and its trusted platform module are a special chip inside my PC. It has a certain key, so it's something I have. I have to have the PC with that trusted platform module that has anti-hammering. I can't get this key out. Then I have to unlock it with a biometric or a pin. So there are still several things, but there are no longer any secrets on the Internet. It's not there.
There are also things like the Microsoft Authenticator app. Again I have to unlock the app but I have to have it on my phone. For example, say I have my phone and I have to unlock the application with a pin or a biometric. Other things like Fido 2 keys. Again I have a USB key that I can insert into the machine. But I have these different ways of showing who I am. So we have authentication. Proving that I am who I say I am honest. So we have the idea of ​​authorization. Once I've proven who I am.
What I can do? Well, you've proven your John, John can do this. John can access this data. John has these roles. So I need both of those things to show who I am. So once I've proven who I am, what am I allowed to do? It could be roles, it could be role-based access control. There are different aspects of this. And when I think about these identities, again, I don't think of them as just users. Yes, it's the users, it's also the applications. Maybe it's also the resources in Azure, your devices, internet things like a big focus on proving device identity.
So I won't get bad information, mutual authentication on my PC, I'll register it in Azure AD and use it as part of my checks or maybe even join it. There are different options around here. That is the 2A authentication authorization. There's all this attention around the idea of ​​the 4A's. Well, there are two. Obviously we also have an administration. So administration refers to the creation and management, governance, the life cycle of users, devices, services. And under what circumstances do I allow them to change? What is my change control process? What governance do I have to ensure granting of privileges, for example, and then auditing?
We'll see that when we talk about things like zero trust, we talk about signals all the time. I need a track of who does what, who gave this permission, when, where, how and what they did. That's why I want in-depth reports on all these different types of things. So identity is just a huge key aspect of everything we're going to do here. I was actually talking about endpoint management and I completely deviated from this. Hello, Azure AD and authentication authorization. But a key takeaway from all of this is one of the first things we're going to do when thinking about the endpoint and that management: I want my endpoints.
When I think about Azure AD, scroll down just for a second so I can get to my final point. Well, actually I'm leaving. To register them, I make it a known entity in my Azure AD, or maybe even join them. My Windows clients can join Azure AD and authenticate directly with a user defined in my Azure Active Directory. That's something I can do with these technologies. But as a starting point, most of the time, before doing anything else, there will be this. Notion of making the endpoint known to my identity provider? That's really a foundation I have to have.
But then we thought about getting into that deep idea of ​​managing those devices, keeping them healthier, applying policies. So how do we do that? So for the endpoints, I think Microsoft has the wrong color. Microsoft. Final point. Manager, and this is really good as it comprises several different solutions. There's Microsoft Intune, which is cloud-based. Think of Microsoft Intune as an MDM solution. Mobile device management. Now, even though it has the word mobile, it still gives me full management capability of things like the Windows Client, not the server. MacOS. I have things like mobile devices, Android, iOS, I think even Windows Phone, but.
I can link to things like the iOS store, the Android store. To make applications available, I can apply things like policies. I can check the status, there's a whole set of things I can do in Microsoft Intune, but it also uses the configuration manager, and the configuration manager is really focused on my resources in Prem. Yes, Windows client, but also things like Windows Server and I have this co-management idea. I can apply both solutions to perhaps the same devices and some functions. I will use intune. Some features I want, I will use the configuration manager. Hey, BitLocker settings, I'm going to use Intune for that.
This type of patches. Hey, I'm going to use the configuration manager. So I have the ability to really mix those different solutions. There are things like desktop analytics. When I think about my Windows customers, it tells me what their upgrade eligibility is. Hey, I want to get to Windows 11. What devices can have this for me? There is an endpoint manager, so there is a management solution. Independent portal. For that and when you go to the office portal that we looked at earlier, you'll see links to all of those different portals. When we get that idea of ​​management centers, we'll be sure that you have an endpoint manager.
So the endpoint manages where I can go and, well, I can see all my devices, my application, so I can create reports so I can see information about the users and we will form my devices. Hey, I can create different types of policies. Compliance I can make configurations. Script. All of this capability is actually included as part of that single portal, but it helps me manage both Intune and my configuration manager. I have a broad idea of ​​terminals, mobile devices, tablets, Mac OS and Windows clients. When I think of the Windows client. Just expand on that for a second.
There is. Shifts. Now, we always said that Windows 10 was the last version of Windows until Windows 11 came out. Obviously there was a slight change in that mentality. But if I think about the Windows client, obviously Windows 11 is the latest version. It's really about this idea of ​​Windows as a service. The point is, again, that it is constantly updated. Gone are the days of these big operating system updates. Maybe three or four years. It was a huge pain for companies. They want these smaller incremental value additions. So there are actually two types of release to maintain Windows as an Evergreen service.
There is the idea of ​​a quality. Update and as the name suggests, a quality update really focuses on the idea of ​​fixing patches. It's Patch Tuesday once a month. Unfold. The last patches, I think it's the second Tuesday of the month. These are cumulative. They include all other patches from all previous months. Now what that means is that this cumulative update increases every month. For versions that are supported, there is a certain point where the fixes disappear because that version is no longer supported, so it becomes very, very large. One of the characteristics is that they are sent called Express.
Update. What quick update allows you to download only the bits you need? So I can only extract the bits of the cumulative update that my machine needs. Hey, I've been updating every month, I don't need the other one. No matter how many months you are into that community update, it can extract the parts I need. So things like Configuration Manager, Windows Server Update Services, and Windows Update support this idea of ​​rapid updating. Then there is also delivery optimization. This is the idea that I am somehow sharing with my local peers. It could be a cache branch where I have the possibility to share with my colleagues.
There are also other peer technologies that I can take advantage of if we visit the portal. It talks about optimizing Windows Update delivery, and yes, there is delivery optimization, there is peer-to-peer, and then there is branch cache. So I have these different technologies to really optimize how I can reduce network traffic and Internet access. So it's just the on-premises solutions, WSUS and Configuration Manager, Windows Server Update Services as you pull the updates and host them from your own server. Configuration Manager. Again, it's a server farm that I have. Only those can use branch cache, but everyone can use the delivery optimization idea.
So we have these different solutions, there's delivery optimization and there's the idea of ​​branch cache. And again, this is only available to those with Prem type technologies. So this is not adding new features, just fixing things. Then there's the idea of ​​feature updates. This adds new functionality, so I'm actually adding. And today this has changed to annual. It was semi-annual, so it would be implemented every six months. It is now being reduced to once a year. I think in many companies we found that it was still too common. Every six months was too frequent. But even annually it is much more frequent than the old three or four year old major versions, from XP toVista, 7 to 8.
Well, it's a huge job to adopt those new versions of the operating system. These are incremental pieces of functionality and are easier to adopt. So that's really the easiest thing to adopt as a company, it's easiest to adopt as a user. So, you don't see these huge changes in what things need. Now, if we think about things like feature updates and this new functionality, obviously there are still changes that are part of that. And then there is also this concept. Of service. Channels and we saw that when I showed the roadmap site, we saw these service channels.
And there are things like windows and there is also an office within a program. So this is early access to get a taste of what's to come. Maybe I have certain PCs, so I want to see what's coming. I'll close it on Windows Insider and there are even a few different frequencies. I get those builds and then I can think about general availability. Channel. And as the name suggests, it is the released version. It's the release version, that annual update. Each of them is supported for 18 months, that is, 18 months. And then Education Edition and Enterprise have 12 months of additional support.
So we have 30 months in total for that. And then there is also something called a long-term service channel and that has a much longer life cycle. Maybe it's only updated every few years. And think about the long-term service channel, since the majority of your population will have that general availability. I want the latest features, I'm running Office on them. I want improvements to my end user experience. Maybe a long-term service channel. I have certain equipment, an ATM, a generator, medical equipment that is critical. I don't care about functionality improvements. You are running some application or service that just needs to be solidly blocked.
Well, then the long-term service channel is a great option for that. Now I'm thinking about using this in my company. What we will normally have is this idea of ​​good. I'm going to unfold rings. I don't want everyone to get this big update at the same time, even if it works perfectly. Just think about the users who have questions and call helpdesk. You can quickly become overwhelmed with that. You will have these different rings in your organization, so you can start with just a preview. I want to see what's coming. It would be a super limited number of users.
It will probably link to that internal channel which will probably be that. I'm going to press F5 quickly because my board is starting to decelerate towards the South. Maybe if I update. You might get a little healthier. Let's try it one more time. Just recharge. Sometimes if you recharge it it starts to slow down so we'll see if that fixes things. Then I have the idea of ​​the rings. And so I would start with this idea. Some people will run that preview to get an idea of ​​what's coming. Then I'll think about a limited subset, perhaps, of users in each business group.
When you arrive in GA. And I'll start passing it on to some people and then I'll have broader adoption. And because of my broad enterprise adoption, it's still possible for it to re-form smaller waves. So it won't all happen on the same night. And what I can do is add delays. So yeah, it's still that GA, but I can say, hey, wait 15 days, wait 20 days, wait 25 days to add that. Capacity there, so I can definitely use it. Here's how I can think about implementing it in my organization. How do I do these things? What is the best method for these different types of deployment?
So one of the big technology we have today is Windows. Autopilot. And the idea of ​​autopilot is to leverage Azure AD. And Intune can also use the settings manager and I basically get my shiny new PC. From where I bought it, the only thing that needs to be pre-provisioned is a hardware ID that maybe the OEM sends to my IT department. I use a script to get it and when I turn it on it automatically connects to the internet. The Microsoft service checks that it is known here and simply does all the configuration. So that whole Corp setup just happens.
It just goes and automatically deploys to that machine just for me. And one of the things we can have here is that they could even change the version. So if I think about jumping here just for a second. If I think about the Windows client here, well, there are different versions. So all the concepts here of different versions of stock keeping units are biased. And a very common one is that the machine may come with pro, for example, but I want to upgrade it to Enterprise. And there are different ways to do it. I could do that part of activating a subscription.
You could do this if you don't join Azure AD. I can use a provisioning package. So there are a lot of different ways that even if that machine comes shipped as a pro, I can still change it and move it to something else. So this is great for being new. But then I also think, well, there's a new version of these channels. Do we do a wipe and load every year like we used to to get from 7 to 8? Not at all. So now the focus is really in place. Improvement. We do not clean or load. And there are different mechanisms to do this.
I can do this through Windows Update. I can do this through Windows Update for Business. Uh, Windows Update for Business is really Windows Update, but as a business I can add some additional controls on how they are adopted. You could use configuration manager. You could use Intune. You could use the Windows Server update services, Windows Update, again. Windows Server Update Services basically allows me to download updates. And make them available from my infrastructure. It gives you more control to release them and keep track of what's happening. And of course, there are third-party solutions. There were many options.
I am in favor of the use of this type of technology. So that's all great. I mean, this is it for. Windows. But realize. Those office applications, all these applications that we run here on desktop machines. They have exactly the same considerations. So, in exactly the same way I have the idea of ​​well, I have to implement the Office applications. On my machine now as a user, as a machine user I can go to the office portal. If I go to the Office portal, there is an option to install the apps so that users can install them themselves.
I can use the cloud, so obviously this is taking it out of the cloud. I can use the cloud, but also use ODT, the Office deployment tool. So the Office Deployment Tool allows me to customize the Office deployment experience. I can say what apps I want, what additional settings I want. I can also have a local deployment. We have the Office Deployment Tool, so I pulled the files, put them somewhere, and then made them available. I can also use things like configuration manager. And I can even use technologies like App V and App VI to create packages using the Office Deployment Tool.
So the Office Deployment Tool really is everywhere. Now, the same as with Windows. The office has updates. So we also have updates. Now Office does not divide it into quality and features in the same way. Again, they are cumulative. But it really focuses on safety. Against non-security. And the way the updates are automatically checked, they're automatically installed, they're not separate downloads for these things. Obviously, security is about protecting the office from bad things and malicious attacks, not about security, you can consider it as a quality upgrade. Basically, it provides more price stability and performance improvements. It's giving me an updated set of capabilities.
And then when I think about adopting these things and I think about those adoption rings that we had for Windows, well, I have the same concept here too. So for the office there were channels. Obviously, these are my productivity apps. If something strange happens, if there is a big change, it could affect the productivity of my users. So we thought about this concept of, well, there's a current channel. Then it could be on the current office channel. I'll get features at least once a month and non-security security features every two to three months. Maybe you have the idea of ​​a monthly publication.
Business channel. And this really fits into the idea of ​​my Tuesday patch. So patch on Tuesday 2nd Tuesday of the month. I will receive the updates. That's good for a predictable schedule. There is also the idea of ​​a semester. Business channel. Like this every six months, January and July. I receive this update package, I can get an early preview. So I can get for July, I can get exposure in March and for January I can get exposure in September. So that's the idea of ​​seeing them before. So those are also available to me. So these different ways of getting different features, different users, parts of my population.
Excellent. I have my final point. I have my windows client running on one machine. Maybe sometimes I don't have access to my machine. Maybe that's not what I want for my company. I want desktop as a service, so there is also the concept of managed desktops. And this is not a new concept. On premises we would have remote desktop farms, which could be remote desktop services, could be Citrix. There were many solutions, but basically it gives me the desktop as a service. So as a user, I will simply connect remotely to my desktop experience. He is staying somewhere else.
And there are actually two in Azure. Then Azure is the cloud solution. Offered by Microsoft, I can run virtual machines and PaaS services, so one of the options is called Azure. Virtual. I just realized that you have to click on the thing and stop that blue box. I am not. They keep changing the board and it confuses me. Azure Virtual Desktop now I do think about the remote desktop solution. There are many different components to that solution. For example, I, as a user, have to connect to some kind of gateway because I want to encapsulate the traffic in HTTPS.
There's probably some kind of connection broker that tells me what the server is for my current session or where I should go. There are licensing components, maybe there is a web component to get a source when Azure virtual desktop. All of that is managed by me. I don't even see those things, it's just part of the service. But what we have is I have host pools, so the host pools that are running my Azure subscription are basically virtual machines. So your virtual machines in my subscription and those host groups could be made up of server operating systems.
Or client operating system, Windows Server or Windows client. Even if it is one client, there is actually a multi-session client, so I can have multiple users connected to the same client instance to get better utilization of my underlying resources. So that's a Windows 11 that has that multi-session. And then I can publish the entire desktop. So I log in remotely and see a completely different desktop or I can publish individual applications. Hey, I have my local desktop. But in reality what is happening is. I see this other app that appears to be running locally, but that app is actually running in the cloud and it's just sending the pixels and sending the backend interactions, but it integrates seamlessly from my local desktop.
Totally great. Then I can expose them too. If I think about my users, and these are obviously running on servers, VMS in the cloud, I may have the idea to retire them. Or personal? Support is where the idea is. Thrown away is the idea of. It's only 100 virtual machines that sessions can be connected to and someone connects to them. Whatever is available next I get, but it's different every time. Now obviously for my profile to work my data needs to be pulled from any particular instance of the OS so I used a technology called fslogix. Separate the profile data.
So that's really something like that. Um profile? Data ID that you sent as OneDrive to separate it from the OS instance. Personal perhaps? I'm a developer, I'm actually going to heavily modify that environment, so I need to go to the same instance every time. So personal. Hey, there's a dedicated one. Instance that I am always connecting to the same checked out. There is a whole group of them available. I connect to whoever is available, so they still give me the same experience. My profile is abstracted using FS logic. But there is still some management I have to do here.
I'm still setting up Azure Virtual Desktop, but the benefit is as a business. I'm paying for the underlying VMs and some additional services. But in reality, the virtual machine that drives those things may not even want to do that. So the other option I can do. They are windows. 365. And this is really just the idea of ​​a desk in thecloud. It is very easy to implement. It is per user, so it is a dedicated desktop per user. I have different sizes available for me. There are different SKUs available. So there is a commercial SKU. So the enterprise bias is up to 300 people, not joining Azure AD.
And there is a business bias that has no limit, it can join AAD or be hybrid. Then we can integrate with a virtual network in Azure and join my existing domain. I need an additional license on this. There is a comparison of the versions, so if we compare business and company. Talk about domain join, hey dot business, it's just Azure AD business join with or without. And then how I bought them, licensing requirements, so the businesses, there are no other licensing requirements. Enterprise: Each licensed user must have Windows 10 or 11 Enterprise Endpoint Manager and Azure AD P1.
Hey, no maximum limit, limit 300. Different types of data restrictions. How can I do the administration? And again, the way this really works is that it integrates very tightly with Endpoint Manager. And an endpoint manager. If I go to my devices, I have my Windows 365 provisioning. I go and create policies for what I want to make available to my users and then the user just goes to their portal. Your Windows 365 portal, so it appears to have crashed. Let's try it again. Here we go. And you can just click ohh, there's my desktop. And I can open it in a browser.
There are also on-premises clients available, but now I can comfortably use my desktop in the cloud, so there's a full set of capabilities there. Only available for me to take advantage of. Really super powerful stuff I have. So we have the options. We have them all at our disposal. Of course I can run it locally on my machine, but hey, moving my machine from my house isn't enough. Maybe I'm traveling so I have ways to do. The client operating system and applications are actually available from anywhere you can get an Internet connection. That's really all I need for all these different things.
OK. So this all has to do with the idea of ​​different types of devices, different protections, different things that I'm actually doing. But there's still this whole concept of compliance security. So if we take a look at security, we go red for this security. There are two keys. In the languages ​​we use today around security, there is this idea of ​​defense. Thoroughly. We think of an onion. And on that onion, we like as many different layers of protection as possible and we think about all those layers to give us complete protection for the environment. Excuse me, you're thirsty.
So I think my security and my defense in depth, there were many layers. We talk about responsibility. Why use the same type of layers that I think about the security of my environment? I can think about the physical. So when I think about the physical layer, this is the first line of defense. The data center itself, restricting access to my data center, proper protections, protection against power outages, protection against other types of natural disasters. So it's not just a malicious actor. I want to guarantee the availability of my services, so I want to think about protecting all that infrastructure.
Like we were talking about identity. And access is the new security perimeter. So to make sure you have good change control, make sure you use strong authentication, password list, multi-factor authentication, auditing, login requests, and auditing any changes that occur. Yes, I think about the perimeter. From a perimeter, I mean the edge of my network. Can someone perform a distributed denial of service attack on me, removing my services by limiting people's ability to reach me? Azure and Microsoft 365 have distributed denial of service protection built in and there are also additional layers I can potentially use. I want to use Edge Firewall devices for my input.
And then the network components restrict movement within the network and only have the connectivity I need to get the job done. Hmm. Don't trust the network. This will come back saying zero trust. I'm just saying online. I'm not going to trust it. I want to explicitly validate every request that occurs. I want to block all types of connectivity. This is absolutely necessary. I think about the calculation. So when the servers are kept patched and monitored, they also have antivirus protection and firewalls. Defense in depth layers of protection. If one layer fails, another layer can take over.
The application that keeps them up to date, keeps them healthy, and puts them behind web application firewalls that can block certain types of attacks has good practices in my coding. I'm not logging secrets to GitHub. Use keystores and then obviously my data itself. Making sure we have data protections, data encryption, data labeling, classification protection. I want all those things. From my defense in depth. It is very important to have all of these elements as part of this. Now, the other thing you will commonly hear about. Is this the CIA? Isn't it the CIA you might be thinking about internationally that you have this idea about?
Confidentiality. So, confidentiality has to do with the idea that. Preserve sensitive data, be it IT customer data, passwords, financial data, intellectual property. Keep it confidential, make sure you have proper protections in place. We think about integrity and basically keeping it correct. Making sure that when I receive some communication, when I receive some data from an Internet of Things device, is it really valid? Because even if it is a bad IoT that gives me false data, it makes me perform false analysis and perform false actions. That's why I want to make sure of any message, any data that I receive.
It is valid. Integrity is not compromised in any way. And then we think about the A for availability. If I can't go to my services. When they need it, it's useless. So we think about those three key constructs. And one of the most important things that we have when I think about allowing that confidentiality is to ensure the integrity well. I need encryption. Now, there are fundamentally two types of encryption. There are symmetrical and asymmetrical ones. You don't need to be an expert at this at all. But at a super high symmetrical level. It's about the idea.
Hey, I have a message. Let's say it's Fox. What's going to happen is I have a key. And this key will do it. Encrypt the data to be that key. So now my message. It's. Back. Symmetric means the same key that I use for encryption. You can figure it out. Now there is a key, symmetric encryption is very efficient. But do you realize that you have the problem of how to share the key securely? I can't send it over the network, just unencrypted, so if the bad guy gets the key, he'll be able to decrypt my message.
And so the other type. It is asymmetrical. So here we have the same message. It's okay, fox. And I have the idea that yes, there is a key. That can work. Equipped for graphic operation. So let's say it generated that. But the same key cannot decrypt it. You can only perform one form of cryptographic operation. There has to be another key. So there is. A paired key. So these two keys. There were a pair of keys. And only the other key can reverse the cryptographic operation. For example, if I wanted someone to send me an encrypted message, you will always hear this term about a private key.
Only I have that. It's just on my machine and on a public key certificate. The key is in a certificate that everyone can see and is signed by a certain certification authority. Let's say we trust that person. So if anyone would like to send me a message. They secretly encrypt it with my public key. And you say, do you remember the public key? There is only one way for everyone to have my public key if they encrypt a message with my public key that everyone has. No one else can decrypt it because you need to have the private key.
Ah, useful. There is also a concept, so this is cool. This model here. This is super powerful. When I Want. Basically, data privacy. I want to encrypt it so no one can see it, that's how I like them to use my audience. The other option I could do is to encrypt it with my private key. Because we get this hash value. Now you might say what's the point in that? Because then anyone can decipher it. Well, that's super powerful to sign. For integrity. Think about it, I write a message and maybe I'm not so worried that no one can read the message, but I want them to know that I was the one who wrote it.
So you can take my message. I can run it through a digest which creates a fixed length hash. From the message. And then encrypt it with my private key. The person receiving the message sees the signature, that hash at the bottom. They can decipher it and see that it has a certain value. They run the message through the same hash algorithm and it matches the version I encrypted. Only I could have signed encrypted that hash I sent with it. Oh, it came from John. So I can use them in different ways, both for privacy. But also ensuring the integrity of the data there.
When we think about encryption, protection, we think about data at rest, hey, I just need to encrypt it when it's on disk, when it's in the database. You could think about encryption in transit as it is sent over the network. We often talk about things like TLS, HTTPS. There are ways that are quite standard. This is IP SEC. There are other ways to do it, but it is encrypted as it goes over the cable. You may also have heard of the use of confidential computing where there are secure areas that even include areas of the memory and CPU.
They are encrypted, so they are always protected. These are really key focus points for this. Now the other area was huge, so there were two big ones. So defense in depth? Yes, a huge, huge focus point. You're going to hear the other one a lot today. Today and in the industry everywhere. Is this concept zero trust? And I already talked about this. We had this idea. If I said even if you are on the network, that doesn't mean anything. I still want to verify explicitly, so zero trust is about the idea that we never implicitly trust anything.
And so there were three guiding rules that drive this. We always think about. Check explicitly. I constantly. Revalidate device identity user service principles. I'm always looking at what the limitations are, looking for anomalies, looking for changes in behavior. I'm going to use least privilege. I don't want people to have more privileges than they need, so that they get enough permission to do the work they need to do. If there is a gap that can help reduce lateral movement, I don't have a bunch of principles with more permissions than they really need. I have micro-segmentation, so it's not just about permissions and identity, but network communications are just what's really required.
Each request I look at its context, what it really needs and. Let's assume non-compliance. I guess the bad guy is on the internet. That's why I need to do these things constantly at all times. We constantly check the health, risk, if the user, the location of the device. I am constantly validating everything. There are signals coming from all different areas. Now, there were key actors in this panorama that we have already talked about. I can think of key players. Well, obviously there is the identity itself. I can say yes, that identity. Remember, it could be a user, it could be a service, a principle and an application.
I think about the final point, the device. The PC, the IoT device, whatever. I need to monitor the device, monitor its compliance. Has the jail been broken? I want to understand those things. There is the underlying infrastructure. Am I patching my boxes? Do I have the firewall back? It's about that defense in depth. I want to have as many protections, as many signals coming from the environment as possible, and even though we don't trust the network, it's still one of the actors. I still want to understand, hey, the request is coming, maybe I have certain networks and there are certain ways I can detect the network.
Does it come from a Tor node like? I want to know if those various things and make sure that I'm segmenting the network and. Have real-time threat protections and end-to-end encryption even within a known network. Encrypt because we assume there is a bad person listening on the network. All of these things. They are generating. Signs. So I'm getting signs. Through all of these. I get those signals and what do they let me do? They let me control. I can examine each request and make a decision on it. Because what I want then to control access is to the application, and the application itself will have the behavior within the application.
Well, that also generates signals that can feed back and perhaps modify different controls. But I'm going to constantly watch all of these signs and look for signs of malicious behavior or anomalous behavior that is out of the ordinary. So maybe I want to apply controls as they go and use theapplication. And then, obviously, I have the data. That's really the most important part. So for data it's important to know what I have. That's why I always want to think about classifying. I want to be able to discover my data and classify it. It's super important. I know what I have and where it is once we sort it, and that can be an automatic sort.
They could be users who go and select. I could tell users that I want to label that data. There can now be tags based on sensitivity. There may be labels based on retention. I have to start writing slower. The board crashes at a certain point and then based on the labels I can perform actions. Maybe it's encrypted? Through additional protection, you may be restricting access. There were different things I can do depending on all of them, and then I'll get access. But within those various controls. Now, we talked before about how some of this might be your responsibility, but you're not alone, so it's one of the big areas that's really available to you.
He is a defender. Now Defender is a whole set of different solutions. There is a defender. For identity. Defender for Identity now has Azure AD identity protection for Azure AD. This is a cloud-based service that analyzes Azure AD and Azure AD behaviors. Defending Identity is all about your Active Directory in Prem. This is like protecting Active Directory Domain Services. It involves analyzing information from domain controllers. They have agents that send certain signals to the cloud so you can look for behaviors like the golden ticket beyond the hash and DNS downloading all that stuff to identify malicious behavior in your Active Directory.
There is a defender for the final point. And obviously there are things like antivirus protection. This integrates with that. It's about protecting the endpoints. Helps reduce attack surface. There are surface attack reduction rules you could apply. There is threat and vulnerability management. You can track an incident. So we can say, hey, this happened because this user clicked on this email from here, then this process was generated, then it went and talked to this and which one talked to that. I can trace his entire lineage. There are automated investigations and responses like Microsoft threat experts available to me.
I can think about, well, remember that the entire Office 365 service exists in the cloud. Well guess what? There is a defender for Office 365. Protection against threats. From email, from links, from collaboration tools. There are threat protection policies. I can even simulate attacks to help me train my users. There are actually two plans around this. And we can see the differences between them. It goes through all the different things you can do, but as we can see if we look at Plan 2, it obviously plans for advanced attack protection, phishing, malware, spam protection, beyond email teams, SharePoint, OneDrive, email internal electronic, detailed reports.
But if you go to P2, it even talks about things like advanced threat hunting, automated investigation, response attack, simulation and training. Um, XDR expanded discovery response capabilities across domain search. So, I can get even more capabilities depending on which plan I'm actually taking advantage of. And then I can think about it too. There are cloud apps for Defender 4 as well as Ava. Apps that exist. Software as a service offers, so there is also a proponent for cloud applications. So it is a cloud access security agent. It can receive signals from network devices, it can connect via API to those applications, but it has a huge database of applications in the cloud.
There are security levels where I can approve or apply unauthorized applications. I can discover. Maybe you can find out what apps my company uses by using your own. It doesn't mean that we have established ourselves as a company, but users who have a credit card can buy things. Then I can go and detect those things. There's a full Defender 365 portal, so I can jump in and look at the portal. Which brings a lot of these things together. As you can see from this portal, all the different detection, prevention, investigation, identity and email activities will be coordinated.
I mean everything you have. I have key information on the home page. Active malware devices, device compliance, secure scores, devices at risk, simulations, active incidents. So this great information only from here. And I could dive into finding instances and alerts, which are obviously specific queries to look for things, actions and shipments, secure scoring. A representation of companies of all security postures. The higher the score, the better my protection. It's actually not very good, but it gives me things I can do and recommended actions to help me get to a stronger security point of view. That's why I would like to go through these things to improve the level of my company.
And actually my asset identities, but they're bringing together all the different areas. Together. In this single portal. So we have these things to help us with this whole set of capabilities. Okay, so security, another important aspect is that some reasons we sometimes do security is that we actually have compliance needs. So we got into this idea. Compliance. Now, compliance could be a set of company regulations. It could be that I am operating a certain business that has recommendations. It could be saying about the country I am in. There are different levels of responsibility. Remember, if it's SAS, there are some things the vendor is responsible for.
There are some things I am responsible for. You will often hear about the idea. It's usually around data. We care about everything related to data and we have this idea of ​​data residency. Today it is a residence. What are your allowed physical locations to store my data? Then we have the idea of ​​data. Sovereignty. Data sovereignty okay, what country laws is this data subject to? If it was PII about someone in the European Union, for example, well, data sovereignty then lies with Europe, so I have to comply with European laws like GDPR, for example. So I have to think about what data sovereignty is.
And then, of course, there is increasingly data privacy. Now we have the idea of ​​the cloud. We have the data floating around somewhere. It is no longer on our Prem servers. That is why it is very important that we trust the provider. Well, what are they doing? What are they collecting? What are they processing? What are they using? What are they sharing? And again, that PII, that personally identifiable information is just a big part of that. Now, when we think particularly about that privacy, Microsoft has this idea of ​​6. And privacy. And principles. It doesn't say Microsoft.
So this really guides everything that Microsoft is doing. Protection of the privacy of your data, so the first is control. You control your data. You should have options about what data you shared and what you want to make available. There is the idea of. Transparency. What data is being collected? How is this data used? Security. When storing data for you, we need to protect that data that has been entrusted to Microsoft services. That's one of those key principles around that. But often, if the data may be in different countries, suddenly you get these requests, perhaps from entities that we want to access for whatever reason.
There is a lot of focus on this strong. Legal protection, maybe you have seen it on the news, there will be a certain government asking for data about a customer and Microsoft will go to court to protect the data. That's a key part of this, fighting for the protection of customer data. No content. Based. Orientation. Hey, they have your data. They don't check your email or chat to target you with ads and that should be beneficial for you. When data is collected, it is for some benefit to the customer. That's the point around this. Now, as a client, there are many different resources available to you and taking advantage of one of the most important is the whole idea of ​​a trust service.
Portal. Then I can go to the service trust portal and take a quick look at this. So, if we jump to the trusted portal of the service. So this will give me information right away. You will be able to see well, trust documents, audit reports, data protection. I can see information about certain industrial solutions, regional solutions. There's the Trust Center, Privacy Security Compliance. There are resources, security and compliance center, global data centers, and FAQs. If there are key documents that I can store in my library, I can go and add them there. If I go to the security and compliance center.
I can see different offers of data, security and information about them. And just go to compliance. I can see detailed resources, regional compliance, accessibility reports, and due diligence. Information about Microsoft 365 Azure. I can see all fulfillment offers. All audit reports say well, all compliance offers. They were not. I can see a list of all of them. Only through this list. And one of the other things that we really have here when we start thinking about compliance is. There is this idea of ​​sort of compliance offers. Hey, I can see these different types of information around it and then you'll see the Microsoft scope.
So one of the things that we also have as part of our competency is the compliance manager. So the scope is this complete data governance and compliance protection solution. Analyze classifiers no matter where the data is. But through this compliance manager, you'll see that I can look up information about the different areas of compliance. And I can actually use this to keep track of things that I'm responsible for. I can assign them so I can use them to help manage the overall compliance of my organization. So this is a super, super powerful tool. You have that here, so this compliance manager.
Yes, we have the idea of ​​the service trust portal, but what's really important here is this compliance manager. To help you go and track. Several different things. And again, that's part of our scope. Here is another component that is derived from the compliance manager. Forks. Private Microsoft. Now Microsoft Priva has two different solutions. It has risk management. So risk management is about the idea of ​​understanding the data that my organization stores. Automatic personal data asset discovery gives me views of key information and is going to capture that data, whether it's in SharePoint, OneDrive, or Teams. So it's going to help me know what that personal data asset is that I have in my company and then it has a theme.
Writes. Order. You hear about this idea of ​​certain data privacy regulations around the world, or people or data subjects can do a review to see their data, perhaps to delete it. You have this access from the interested party, request requests from the interested party. Well, that is actually a very painful thing for an organization. So this tool allows you to do that. Now, both are components that are purchased separately. They sit on top of the compliance manager, but I can purchase one or both. So I go and buy these things. It's not just a free part of the compliance manager, it's very much a dedicated solution that I purchase.
Speaking of shopping, I guess that's the only thing we haven't talked about. We have all these different things, all these services, applications, online services, the administration centers. How do I get it? So how do I license these things? I guess we'll do something green for money. So. How do I buy this? So for the license. I can buy it directly, I can buy it directly from Microsoft and remember all these things that are actually licensed, that are per user level. Now I can assign the user to groups so all users get it, but it's essentially per user per month for most of these things.
I can buy it from a cloud solution provider. I can buy as part of a business agreement now. Cloud solutions provider. That's a Microsoft partner. They will usually help you manage the subscription service. An enterprise agreement is generally a larger company, 500 users or more for a minimum period of three years. But again, I'm buying these services off of that. There are different ways to manage it through the Microsoft 365 Admin Center. There are different billing programs, there is the Microsoft Online Services Program, there is the Microsoft Products and Services Agreement Program, there is the Microsoft Customer Agreement .
So these different ways to do this. and they are allfair. Lots of different licenses. A huge, huge number. So I can think of what we're going to see quickly because they're even within these. There are different groups of them, but that's where home is. I have the idea of ​​education. So if you think about it, they have different requirements. If I'm sitting at home and this is from my house and my family, this for education, will they have certain requirements? If it is for the government, will they have certain requirements and standards that they must meet?
If I'm a company, but maybe it's a smaller company, I don't qualify to be a company, maybe I have frontline workers who need something very particular. Applications, but they may not need the full set of solutions. And then, of course, there is the company. There are different types of licenses available, different SKUs. Depending on what I need. So if I'm at home, hey, I even think that's it. Six people in my family can use the apps. This really affects all devices, the people who use the applications. Education is for educational institutions. There are A1A3A5 Gov government institutions, companies.
We are all pro-business and we will see that quickly. There are different plans depending on what I need. So sure, you can include the Office apps and then include different cloud services. So depending on what you need, you could purchase different licenses and detail which ones they all are for frontline workers. Well again, they also have different SKUs with different apps and maybe some need calendar, some don't. They just need the applications. Some of them may just need equipment. So there are different options there. Company. Well hey, they have different offers too. I'm going to delete some of these so many tabs now.
So the company, hey, what do I need here? So, E3E5F3, what's included, OK, apps, calendar and meetings, oh, device management, social media, so we can review and all of these are LinkedIn, the description below, so you can go and look at them and again it's for user. per month here. It's kind of an annual commitment. And for some of them, it's full licenses. Some of them have add-ons, some have improved, some have an update to a local software agreement. There are many different types of things I can do with these. There are different ways to obtain a license.
And finally we come to the idea of ​​good. This orange, how do I get support? How do I get help for these different options now? Obviously there are things like community. From a community perspective, there is the Microsoft 365 technology community. I can get help there. There is the MSRP of the Microsoft Support and Recovery Tool, and that's really cool. It's a tool that I can download and what it will actually do is look for and identify problems. So I download this Microsoft Support and Recovery Wizard. And then it will look for and fix any problems it finds in its environment.
In fact, I may as well do it while I'm here. I can see. Within my environment, if my administration center I have support. So since I am the support itself, I can create a new service request. So I have that ability, the ability to go and create that from there as well. Hey, yeah, MSRA. I can also create a new support request. Right there on the tool. There is pre-sales support. I also have fast track, meaning the ability to connect with Microsoft experts and partners to really accelerate that onboarding. And in Microsoft 365, there are things like top-level support.
And, of course, there are partners. So there were a lot of options around all of this. For all of these different services that you have, one of the key parts is obviously that there is an SLA. There is some service level agreement. Regarding availability and potential credit, if there is an incident, you will often hear about incidents. An incident. Are there any events that result in downtime? Uptime is the amount of time my service is available. I am making a claim because there has been some impact if I look at the SLA documents. This is the SLA for all online services.
They are available in many different languages. But I can go see the Slas. And you will have it for all the different services. So exchange online what all those different things mean. But really, the key part you can see is based on the monthly uptime percentage; There is some service credit if you fall below that uptime. And it gives you an idea of ​​how user minutes minus downtime and what those things mean. Here you can actually go and see all the different services right at the beginning of the document. Talk about those types of key terms, downtime and service credits.
You can go through all those different things and make sure you have an idea about it. Basically I would go and make a claim. If I'm curious about the status of the full service again on that admin portal. There is health. And I can do health service. This was showing me the health of all the different services. All available in my organization. Reviews about the product can often be seen here as well. So this is feedback. People in my organization have submitted requests, so I can go and see them as a company. Obviously there is a big part of this too.
Then we have the idea of ​​how to give feedback. For your experiences, maybe requests and changes that you think you should see, there is obviously the idea of ​​an application. I can give comments. I can also go directly and use the feedback website, so there's actually feedback.

microsoft

.com. There is the idea of ​​the Windows feedback center. There is the technology community. And there is also a user voice. I'm trying to remember if that's downplayed, but I'll include it. Some things are changing, but there are also different ways I can give feedback. And that is. So, everything I wanted to cover, I mean, that's it.
Obviously I can't even fit everything very well on the board. But that's it. I don't need any deep knowledge. It's about understanding the features available, how I can maintain them, and how to manage them. So I want to have gone through that. Microsoft training, of course. Review this just before to refresh a few things and understand the key areas. Okay, well, there are the applications. How do I implement them? How do I keep them updated? Okay, so there's the bottom line. All Windows options are fine in terms of implementation and as a service. And then? Or the identity side of that defense in depth, zero trust, you had an advocate that can help with those different solutions.
Licenses, support, feedback options, service types and responsibilities. Understand all the different areas. And uh, do your best with these things. Try not to panic. To be prepared. Put yourself in the best place possible. Know the environment you are in. Make sure you know where I took it. Detection laboratory. Know where it is, you take it home. Make sure you have your area nice and clean. We only have the PC there. If you don't approve, it's not the end of the world. Look at the report to see where it is weak. Duplicate and focus on that and you'll get it next time.
So I hope it was helpful. As always, there is an enormous amount of work. It's all about preparing these kinds of things, so liking and subscribing is really appreciated. But other than that, good luck and see you in the next video.
Watch Video & Subscribe

If you have any copyright issue, please Contact

Related Videos

SC-900 Microsoft Security, Compliance, and Identity Fundamentals Study Cram
Microsoft Intune From Zero to Hero
Microsoft 365 Fundamentals Certification (MS-900) — Full Course Pass the Exam!
AZ-104 Administrator Associate Study Cram v2
Microsoft 365 The Absolute Beginner's Guide for Admins
AZ-900 Azure Fundamentals Study Cram - 2022 Edition! - OVER ONE MILLION VIEWS!
MS-900 Exam Practice Questions | Microsoft 365 Fundamentals | Q \u0026 A with Explanations