Index
A
A1/A3/A5 subscriptions. See Microsoft 365 Education
Abnormal Behavior Machine Learning, 89
access control lists (ACLs), 116–117
Access from anywhere chart (Usage Analytics), 94
ACLs (access control lists), 116–117
activating applications, 178
Active Directory. See AD DS (Active Directory Domain Services);
AD FS (Active Directory Federation Services); Azure AD (Active Directory)
AD DS (Active Directory Domain Services)
Active Directory Users and Computers, 125
compared to on-premises services, 40–41
features and capabilities of, 114–116, 146–148
on-premises identities, 124–125
structure and hierarchy of, 146–148
user accounts, creating, 114–116
AD FS (Active Directory Federation Services), 52, 131
Add-on USL (user subscription license), 186
Admin Center
Exchange Online settings, 26–27
features and capabilities of, 46–47
Licenses page, 185
New Group interface, 71
Purchase Services page, 185–186
Try The New Admin Center option, 209
Admin Centers menu (Admin Center), 47
administration, 36
Adoption chart (Usage Analytics), 94
Advanced Threat Analytics (ATA), 33–34, 85, 88–91, 143
Advanced Threat Protection (ATP), 22, 35, 143, 182
advisories, 205
AIP (Azure Information Protection), 33, 85, 105–106, 117–118, 139–143, 182
alerts, 154
analytics
Microsoft 365 Usage Analytics, 92–94
Microsoft ATA (Advanced Threat Analytics), 33–34, 85, 88–91, 143
anomalous logins, 89
anticipation of threats, 111
Application Proxy, 129
Application Proxy Connector, 129
application scans, 112
Application Virtualization (App-V), 24, 64
applications, defined, 13. See also individual applications and services
App-V (Application Virtualization), 24, 64
architecture, cloud, 8
architecture, cloud services, 9–11
Assess phase (compliance), 184
ATA (Advanced Threat Analytics), 33–34, 85, 88–91, 143
ATP (Advanced Threat Protection), 22, 35, 143, 182
audit reports, 156
authentication
with Azure AD (Active Directory), 130–132
federated authentication, 131
pass-through authentication, 130
password authentication, 128
multifactor
biometric scans, 134
cell phone-based, 134
definition of, 134
overview of, 132
password
Azure AD (Active Directory), 128
password changes, 153
password hash synchronization, 129
SSPR (Self Service Password Reset), 52–53, 153
automatic feature updates, 61
Automatically Register New Windows 10 Domain Joined Devices With Azure Active Directory Client setting, 150
Autopilot, 24
availability
definition of, 105
high, 108
Azure. See also Azure AD (Active Directory); cloud services
AIP (Azure Information Protection), 33, 85, 105–106, 117–118, 139–143, 182
ATP (Advanced Threat Protection), 22, 35, 143, 182
management interface, 6
regions, 162
reliability mechanisms, 6
Rights Management (RMS), 33
RMS (Rights Management), 33
Update Management, 16
Azure AD (Active Directory)
Azure AD Connect, 142
Azure Information Protection, 145
features and capabilities of, 13, 32, 85, 143–145
features and services of, 144–145
hybrid identities
Application Proxy, 129
definition of, 127
first synchronization, 128
SSO (single sign-on), 129
Identity Protection, 136–139, 182
licenses, 143
MFA (multifactor authentication) in, 135–136
B
barriers to cloud adoption, overcoming
data security concerns, 161
data storage locations, 162
performance latency, 159
personnel requirements, 163
service provider selection, 159–160
transition process, 163
vendor lock-in, 160
vendor robustness, 160
big switch transitions, 43
Billing Accounts option (Billing menu), 194
billing and bill management, 194–196
Billing menu (Admin Center), 47, 185, 194–195
Billing Notifications option (Billing menu), 194
Bills & Payments option (Billing menu), 194
biometric scans, 134
BranchCache, 45
Bring Your Own Device. See BYOD (Bring Your Own Device)
brute force attacks, 89
business subscriptions. See Microsoft 365 Business
C
calendars, Exchange Online, 25, 68, 69
CapEx (capital expenditures), 188–190
CASB (cloud access security broker), 34
CBA (cost-benefit analysis), 188–190, 212–213
cell phone-based authentication, 134
CJIS (Criminal Justice Information Services) Policy, 173
classification of users, 109–111
Classification tools, 155
client health monitoring, 150
Client Management Tools (CMTs), 140
cloud access security broker (CASB), 34
Cloud App Security, 34, 121–122, 143, 182
cloud services. See also Azure
adoption barriers, overcoming
Contoso Corp. case study, 165–166
data security concerns, 161
data storage locations, 162
performance latency, 159
personnel requirements, 163
service provider selection, 159–160
transition process, 163
vendor lock-in, 160
vendor robustness, 160
advantages of, 3
administration, 36
costs and monetary savings, 3–4, 35–36
deployment, 35
manageability, 6
sample scenario for, 19
scalability, 5
updates, 35
architecture of, 8
disadvantages of, 8
online resources, 15
service models
FaaS (Function as a Service), 17
IaaS (Infrastructure as a Service), 14–16
PaaS (Platform as a Service), 16–17
SaaS (Software as a Service), 18
transitioning to, 163
Wingtip Toys case study, 19
Cloud Solution Provider (CSP) program, 190–193, 204
cmdlets
Enable-App, 24
New-ADUser, 125
Set-MsolPasswordPolicy, 133
Set-MsolUser, 133
CMTs (Client Management Tools), 140
Collaboration chart (Usage Analytics), 94
Collaboration pane (MyAnalytics), 95
collaboration tools. See also EMS (Enterprise Mobility + Security)
analytics for
MyAnalytics, 95
Usage Analytics, 94
Workplace Analytics, 97
Exchange Online
compared to Exchange Server, 39–40
features and capabilities of, 67–68
subscription plans, 26
Microsoft Stream, 75
Microsoft Teams, 29–31, 77, 180
Microsoft Yammer, 72
Office 365 ProPlus, 62
OneDrive for Business, 62, 75, 180
Planner, 180
SharePoint Online
features and capabilities of, 27–29, 73–74, 180
SharePoint Server compared to, 40
Skype for Business Online, 31, 77
Co-management Configuration Wizard, 150–151
co-management model, 44, 148–152
Communication chart (Usage Analytics), 94
compliance
device compliance and configuration, 86–87
conditional access, 149
confidentiality, 105
consolidation, cloud-based services and, 4–5
Contact Support pane, 202
Contoso Corp. case study, 165–166
core services. See also EMS (Enterprise Mobility + Security)
advantages of
administration, 36
deployment, 35
security, 38
updates, 35
Exchange Online
compared to Exchange Server, 39–40
EOP (Exchange Online Protection), 25
features and capabilities of, 180
subscription plans, 26
Office 365 ProPlus
Microsoft Office suite compared to, 38–39, 61–63
on-premises services versus
hybrid service deployments, 40
SharePoint, 40
SharePoint Online
Admin Center, 72
collaboration with, 180
compared to SharePoint Server, 40
features and capabilities of, 27–29, 73–74, 180
SharePoint Server compared to, 40
Windows 10 Business, 25
Windows 10 Enterprise
features and capabilities of, 22
management, 24
security, 22
Core Services and Engineering Operations (CSEO) group, 103
cost models, 3–4, 35–36, 160–161
cost-benefit analysis (CBA), 188–190, 212–213
Create a Virtual Machine interface, 2
Criminal Justice Information Services (CJIS) Policy, 173
Critical (Sev A) severity level, 203
CSEO (Core Services and Engineering Operations) group, 103
CSP (Cloud Solution Provider) program, 190, 191–193, 204
Cybersecurity Reference Architecture, 155
D
Data Loss Prevention (DLP), 26, 59, 139–140, 182
data privacy standards, compliance with, 182–184
data storage locations, 162
database scans, 112
dedicated public cloud, 9
Defense Federal Acquisition Regulation Supplement (DFARS), 174
Delivery Optimization, 45
DEM (device enrollment manager), 58
deployment, 35
hybrid service, 40
documentation for, 50
MAM (Mobile Application Management), 57
MDM (Mobile Device Management), 56–58
networking, 51
modern management processes, 43
applications to install, selecting, 63–64
deployment, continued
Office 2016 and 2019 deployments, 66
self-deployment, 50
Desktop Analytics, 23
device enrollment manager (DEM), 58
Device Health (Desktop Analytics), 23
device protection, 178
BYOD (Bring Your Own Device), 57, 102, 120, 141
with Cloud App Security, 121–122
with MAM (Mobile Application Management), 121
with MDM (Mobile Device Management), 121
with Microsoft Intune, 119–120
security usage scenarios, 152–153
Devices menu (Admin Center), 46
DFARS (Defense Federal Acquisition Regulation Supplement), 174
digital estate, 102
directory services. See AD DS (Active Directory Domain Services); Azure AD (Active Directory)
disaster recovery, 108
distribution lists, 67
DLP (Data Loss Prevention), 26, 59, 117–118, 139–140
document protection
ACLs (access control lists)
AIP (Azure Information Protection), 117–118
DLP (Data Loss Prevention), 117–118
AIP (Azure Information Protection), 33, 105–106, 117–118, 139–140, 143
DLP (Data Loss Prevention), 26, 59, 117–118, 139–140
Documents & Resources (Service Trust Portal), 157
Domain Services. See AD DS (Active Directory Domain Services)
Driving Value phase of onboarding, 163
dynamic distribution lists, 67
E
E3/E5 subscriptions. See Microsoft 365 Enterprise
EA (Enterprise Agreement), 190
education subscriptions. See Microsoft 365 Education
email hosting, 62
EMM (enterprise mobility management), 141
EMS (Enterprise Mobility + Security). See also Azure AD (Active Directory)
AIP (Azure Information Protection), 33, 85, 105–106, 117–118, 139–143, 182
ATA (Advanced Threat Analytics), 33–34, 143
ATP (Advanced Threat Protection), 22, 35, 143, 182
Cloud App Security, 34, 121–122, 143, 182
features and capabilities of, 31, 84–85, 142–143
Microsoft Intune
co-management feature, 148–152
device compliance and configuration, 86–87
features and capabilities of, 32–33, 85, 107, 141–142, 182
obstacles to mobility and, 85
Enable-App cmdlet, 24
endpoints, UEM (unified endpoint management)
EMS (Enterprise Mobility + Security), 142–143
Enterprise Agreement (EA), 190
Enterprise Mobility + Security. See EMS (Enterprise Mobility + Security)
enterprise mobility management (EMM), 141
Enterprise Source Licensing Program, 191
enterprise subscriptions. See Microsoft 365 Enterprise
Envisioning phase of onboarding, 163
EOP (Exchange Online Protection), 25
Exchange Online
EOP (Exchange Online Protection), 25
Exchange Server compared to, 39–40
features and capabilities of, 180
subscription plans, 26
Exchange Server, Exchange Online compared to, 39–40
ExcludeApp, 64
expenditures, capital versus operational, 188–190
Express Updates, Windows 10, 45
Extended Recovery indicator (Service Health), 206
Extended Support, 209
External collaboration metrics (Workplace Analytics), 97
F
F1 subscriptions. See Microsoft 365 F1
FaaS (Function as a Service), 17
facial recognition, 134
Fail-Over Rights, 191
Family Educational Rights and Privacy Act (FERPA), 183
FastTrack program, 49, 163, 203
FBI, Criminal Justice Information Services (CJIS) Policy, 173
Federal Information Security Modernization Act (FISMA), 182
Federal Risk and Authorization Management Program (FedRAMP), 156, 174
federated authentication, 131
FERPA (Family Educational Rights and Privacy Act), 183
fingerprint readers, 134
first line workers, 170
FISMA (Federal Information Security Modernization Act), 182
Fixed Lifecycle Policy, 209
Focus pane (MyAnalytics), 94
folders, public, 68
Forged PAC attacks, 88
From SA USL (user subscription license), 186
Full USL (user subscription license), 186
Function as a Service (FaaS), 17
G
GA (General Availability) releases, 210
Gateway (ATA), 90
GDPR (General Data Protection Regulation), 156, 183
Geography button (Microsoft Graph), 81
Golden Ticket attacks, 88
government subscriptions. See Microsoft 365 Government
Gramm-Leach-Bliley Act (GLBA), 183
groups
group-by-group transition, 43
Group-to-group queries (Workplace Analytics), 98
modification of, 89
Groups menu (Admin Center), 46
H
hardware requirements, 3
Health Insurance Portability and Accountability Act (HIPAA), 11–12, 183
Health menu (Admin Center), 47, 204–208
High (Sev B) severity level, 203
high availability, 108
HIPAA (Health Insurance Portability and Accountability Act), 11–12, 183
horizontal scaling, 5
host scans, 112
Hunting tools, 155
Hybrid Azure AD, 149
in Azure AD (Active Directory)
Application Proxy, 129
passwords, 128
SSO (single sign-on), 129
definition of, 127
first synchronization, 128–129
hybrid service deployments, 40
hypervisors, 14
I
IaaS (Infrastructure as a Service), 14–16
Identity phase (deployment), 51–53
identity protection
in AD DS (Active Directory Domain Services)
on-premises identities, 124–125
user accounts, creating, 114–116
authentication
overview of, 132
in Azure AD (Active Directory), 13, 114–116
Application Proxy, 129
Identity Protection, 136–139, 182
passwords, 128
SSO (single sign-on), 129
user accounts, creating, 114–116
modern management processes, 43
overview of, 113–116, 123, 170
password authentication
in Azure AD (Active Directory), 128
password changes, 153
password hash synchronization, 129
SSPR (Self Service Password Reset), 52–53, 153
on-premise identities, 124–125
Windows Hello for Business, 116
In Development release status, 210
incidents, 205
indirect providers, 193
indirect resellers, 193
Individual service usage chart (Usage Analytics), 94
Industries & Regions (Service Trust Portal), 157
infected devices, 153
information protection, 58–59, 170
infrastructure, cloud services, 7–8
Infrastructure as a Service (IaaS), 14–16
Insert Data button (Microsoft Graph), 82
Insert From File pane (Microsoft Graph), 81
installation. See deployment
integrity, data, 105
Internal networks metrics (Workplace Analytics), 97
International Organization for Standardization (ISO), 156
International Traffic in Arms Regulations (ITAR), 173–174
international users, 173
Internet of Things (IoT), 141–142
Intune. See Microsoft Intune
inventory
Investigating indicator (Service Health), 206
Investigation Suspended indicator (Service Health), 206
IoT (Internet of Things), 141–142
ISO (International Organization for Standardization), 156
J-K-L
KMS (Key Management Service), 66, 178
labels
retention, 58
lateral movement, 89
Launched release status, 210
Licenses option (Billing menu), 194
Licenses page, 185
licensing options
Azure AD (Active Directory), 143
best practices, 187
CBA (cost-benefit analysis) of, 188–190, 212–213
Microsoft 365 Business, 168–169, 171–173
Microsoft 365 Education, 174–177
Microsoft 365 Enterprise, 169–173
Microsoft 365 Government, 173–174
Office 365 ProPlus, 61
USL (user subscription license), 185–186
volume licensing
CSP (Cloud Solution Provider) program, 191–193
licensing agreement types, 190
support, 203
lists, distribution, 67
loss of devices, 152
LTSB (Long Term Servicing Branch), 24
LTSC (Long Term Servicing Channel), 24
M
mailboxes, Exchange Online, 25, 68–69
mail-enabled security groups, 68
Mainstream Support, 209
MAKs (Multiple Activation Keys), 66, 178
malicious replications, 88
MAM (Mobile Application Management), 57, 121, 152
manageability, cloud-based services, 6
management
modern. See also Admin Center
configuration, 43
deployment, 43
identity, 43
Microsoft deployment and release model, 49–59
traditional management compared to, 42
updates, 43
WaaS (Windows as a Service), 44–45
workloads and scenarios, 59
traditional approach to, 42
Windows 10 Enterprise, 24
Management and coaching metrics (Workplace Analytics), 97
MDM (Mobile Device Management), 56–58, 121, 140, 152
MDOP (Microsoft Desktop Optimization Pack), 191
Meeting queries (Workplace Analytics), 98
Meetings overview metrics (Workplace Analytics), 97
@mentions, 81
messaging
Exchange Online
subscription plans, 26
MFA (multifactor authentication)
Azure AD (Active Directory) and, 135–136
biometric scans, 134
cell phone-based, 134
definition of, 134
overview of, 52
Microsoft 365 Business, 168–169, 171–173
Microsoft 365 DoD, 174
Microsoft 365 Education, 174–177
Microsoft 365 Enterprise, 169–173
Microsoft 365 Government, 173–174
Microsoft 365 Roadmap, 210–211
Microsoft 365 U.S. Government Community (GCC), 174
Microsoft 365 U.S. Government Community (GCC) High, 174
Microsoft 365 Usage Analytics, 92–94
Microsoft Application Virtualization (App-V), 24, 64
Microsoft ATA (Advanced Threat Analytics). See ATA (Advanced Threat Analytics)
Microsoft Azure. See Azure
Microsoft CSEO (Core Services and Engineering Operations) group, 103
Microsoft Cybersecurity Reference Architecture, 155
Microsoft Defender Advanced Threat Protection (ATP), 22
Microsoft Desktop Optimization Pack (MDOP), 191
Microsoft FastTrack. See FastTrack program
Microsoft Global Network, 108
Microsoft Intelligent Security Graph, 155
Microsoft Intune
co-management feature, 148–152
device compliance and configuration, 86–87
features and capabilities of, 32–33, 85, 107, 141–142, 182
Intune for Education, 176
Microsoft Office 365. See Office 365 ProPlus
Microsoft Office suite, 38–39, 61–63
Microsoft Planner, 72, 76, 180
Microsoft Products and Services Agreement (MPSA), 190
Microsoft Professional Support, 204
Microsoft Services Hub, 204–205
Microsoft Teams, 29–31, 77, 180
Microsoft Threat Protection, 153–155
Microsoft Unified Support, 204
Microsoft User Experience Virtualization (UE-V), 24
Microsoft Volume Licensing Service Level Agreement for Microsoft Online Services, 198–200
Microsoft Yammer. See Yammer
middleware, 13
Minecraft Education Edition with Code Builder, 175
Mobile Application Management (MAM), 57, 121, 152
mobile apps, 178
Mobile Device Management (MDM), 56–58, 121, 140, 152
mobile devices. See device protection
mobility. See EMS (Enterprise Mobility + Security)
Modern Lifecycle Policy, 209
modern management. See also Admin Center
configuration, 43
deployment, 43
identity, 43
Microsoft deployment and release model, 49–59
documentation for, 50
MAM (Mobile Application Management), 57, 121, 152
MDM (Mobile Device Management), 56–58, 121, 140, 152
networking, 51
traditional management compared to, 42
updates, 43
WaaS (Windows as a Service), 44–45
workloads and scenarios, 59
monitoring
client health, 150
Monthly Channel, 56
Monthly Channel (Targeted), 56
MPSA (Microsoft Products and Services Agreement), 190
multifactor authentication. See MFA (multifactor authentication)
Multiple Activation Keys (MAKs), 66, 178
multiple master replication, 124–125
My Library (Service Trust Portal), 157
N
National Institute of Standards and Technology (NIST), 156
Network pane (MyAnalytics), 95
Networking phase (deployment), 51
networks
scans of, 112
VPNs (virtual private networks), authentication over, 115
New Object - User dialog box, 125
New Version Rights, 191
New-ADUser cmdlet, 125
NIST (National Institute of Standards and Technology), 156
Non-critical (Sev C) severity level, 203
NT LAN Manager (NTLM), 41
O
OAuth (Open Authorization), 41, 127
ODT (Office Deployment Tool), 55, 63–65
Office 365 ProPlus
applications to install, selecting, 63–64
Office 2016 and 2019 deployments, 66
Microsoft Office suite compared to, 38–39, 61–63
Office activation chart (Usage Analytics), 94
Office Deployment Tool (ODT), 55, 63–65
Office Lens, 176
Onboarding phase of onboarding, 163
OneDrive for Business, 62, 75, 180
one-time passwords (OTPs), 135–136
Open Authorization (OAuth), 41, 127
Operating System Upgrade Package option, 53
operating systems
defined, 14
OpEx (operational expenditures), 188–190
OTPs (one-time passwords), 135–136
Overpass-the-Hash attacks, 88
P
PaaS (Platform as a Service), 16–17
PAC (Privileged Attribute Certificate), 88
Pass-the-Hash (PtH) attacks, 88
Pass-the-Ticket (PtT) attacks, 88
pass-through authentication, 130
password authentication
Azure AD (Active Directory), 128
OTPs (one-time passwords), 135–136
password changes, 153
password hash synchronization, 129
password sharing, 89
SSPR (Self Service Password Reset), 52–53, 153
Payment Methods option (Billing menu), 194
PBX (private branch exchange), 30
performance latency, 159
persistence (attacks), 89
Person queries (Workplace Analytics), 98
Personal Information Protection and Electronic Documents Act (PIPEDA), 183
personnel requirements, 4, 163
Person-to-group queries (Workplace Analytics), 98
physical networks, 14
physical security, 108
PIPEDA (Personal Information Protection and Electronic Documents Act), 183
Planning Services, 190
Platform as a Service (PaaS), 16–17
policies
Microsoft 365 security center, 155
threat management, 59
Post-Incident Report Published indicator (Service Health), 206
Power BI. See Usage Analytics
PowerShell cmdlets. See cmdlets
pricing and support. See also subscriptions
billing and bill management, 194–196
Office 365 ProPlus, 62
service health, monitoring, 204–208
service lifecycle policies, 208–211
SLAs (service level agreements), 195–200
limitations of, 197
Microsoft Volume Licensing Service Level Agreement for Microsoft Online Services, 198–200
support requests, creating, 200–205
administrator and support team responsibilities, 200–201
alternative support methods, 203–205
Contact Support pane, 202
support severity levels, 203
support tickets, viewing, 203
USL (user subscription license), 185–186
volume licensing
CSP (Cloud Solution Provider) program, 191–193
licensing agreement types, 190
support, 203
private branch exchange (PBX), 30
Private preview, 209
Privileged Attribute Certificate (PAC), 88
Product usage chart (Usage Analytics), 94
productivity services, 178–179
Products & Services option (Billing menu), 194
Protect phase (compliance), 184
PSTN (Public Switched Telephone Network), 30
PtH (Pass-the-Hash) attacks, 88
PtT (Pass-the-Ticket) attacks, 88
public folders, 68
Public preview, 209
Public Switched Telephone Network (PSTN), 30
Purchase Services option (Billing menu), 194
Q-R
quarterly uptime percentages, 199–200
Quick Analysis button (Microsoft Graph), 82
reconnaissance, 89
reduced functionality mode (Office 365 ProPlus), 62
redundancy, 4
regions, Microsoft Azure, 162
reliability of cloud-based services, 5–6
remote actions, 149
remote execution, 89
reports
audit, 156
Microsoft 365 security center, 155
Reports menu (Admin Center), 47
Resources
Admin Center, 47
Service Trust Portal, 157
Respond phase (compliance), 184
Restoring Service indicator (Service Health), 206
retention labels, 58
Rights Management (RMS), 33
risk management
anticipation of threats, 111
definition of, 103
identity protection risk levels, 136–139
ongoing nature of, 112
overview of, 103
vulnerability assessments, 112
RMS (Rights Management), 33
Rolling Out release status, 210
runtime, 13
S
SaaS (Software as a Service), 18
SAML (Security Assertion Markup Language), 41
scalability of cloud-based services, 5
scans
application, 112
biometric, 134
database, 112
host, 112
network, 112
SCCM (System Center Configuration Manager)
co-management feature, 148–152
features and capabilities of, 23, 140, 142
in-place upgrade to Windows 10 Enterprise, 53–54
Office 365 ProPlus deployment, 63
Office 365 ProPlus installation, 54
SDS (School Data Sync), 175
seamless single sign-on, 129
secure score, 155
security, 22. See also identity protection
ATA (Advanced Threat Analytics), 33–34, 85, 88–91, 143
ATP (Advanced Threat Protection), 22, 35, 143, 182
device protection, 178
BYOD (Bring Your Own Device), 57, 102, 120, 141
with Cloud App Security, 121–122
with MAM (Mobile Application Management), 121
with MDM (Mobile Device Management), 121
with Microsoft Intune, 119–120
security usage scenarios, 152–153
document protection
ACEs (access control entries), 116–117
ACLs (access control lists), 116–117
AIP (Azure Information Protection), 33, 105–106, 117–118, 139–140, 143
DLP (Data Loss Prevention), 117–118, 139–140
Microsoft 365 Business, 168–169
network security model, 118–119
physical, 108
risk management
anticipation of threats, 111
definition of, 103
ongoing nature of, 112
overview of, 103
vulnerability assessments, 112
SCCM (System Center Configuration Manager), 140, 142, 148–152
security principals, 113
STP (Service Trust Portal), 156–157
UEM (unified endpoint management), 140–143
Security Assertion Markup Language (SAML), 41
Self Service Password Reset (SSPR), 52–53, 153
self-deployment, 50
Semi-annual Channel
Office 365 ProPlus, 56
Semi-annual Channel (Targeted), 56
Send button (Microsoft Graph), 81
Server Disaster Recovery Rights, 191
serverless computing, 17
service credits, 199
Service Degradation indicator (Service Health), 206
Service Interruption indicator (Service Health), 206
service level agreements. See SLAs (service level agreements)
service lifecycle policies, 208–211
service models (cloud services)
FaaS (Function as a Service), 17
IaaS (Infrastructure as a Service), 14–16
PaaS (Platform as a Service), 16–17
SaaS (Software as a Service), 18
Service Organization Controls (SOC), 156
service providers
robustness of, 160
vendor lock-in, 160
Service Restored indicator (Service Health), 206
Service Trust Portal (STP), 156–157
Set Up School PCs app, 175
Set-MsolPasswordPolicy cmdlet, 133
Set-MsolUser cmdlet, 133
Settings menu (Admin Center), 47
Setup menu (Admin Center), 47
severity levels support, 203
Shadow IT, 34
shared public cloud, 9
SharePoint Online
Admin Center, 72
features and capabilities of, 27–29, 73–74, 180
SharePoint Server compared to, 40
sign-in risk, 137
single master replication, 126–127
single sign-on (SSO), 129
six nines contract, 4
Sizing Tool (ATA), 90
Skype for Business Online, 31, 77
SLAs (service level agreements), 159, 195–200
limitations of, 197
Microsoft Volume Licensing Service Level Agreement for Microsoft Online Services, 198–200
SOC (Service Organization Controls), 156
Software as a Service (SaaS), 18
software licenses, 3
spread payments, 191
SSPR (Self Service Password Reset), 52–53, 153
Status indicators (Service Health), 206
Step-up USL (user subscription license), 186
Storage use chart (Usage Analytics), 94
STP (Service Trust Portal), 156–157
subscriptions, 168
Azure AD (Active Directory), 145
best practices for, 187
CBA (cost-benefit analysis) of, 188–190, 212–213
subscriptions, continued
Exchange Online, 26
Microsoft 365 Business, 168–169, 171–173
Microsoft 365 Education, 174–177
Microsoft 365 Enterprise, 169–173
Microsoft 365 Government, 173–174
volume licensing
CSP (Cloud Solution Provider) program, 191–193
licensing agreement types, 190
support, 203
support. See pricing and support
Support menu (Admin Center), 47, 200–205
synchronization
Azure AD (Active Directory), 128–129
device data, 153
System Center Configuration Manager. See SCCM (System Center Configuration Manager)
Systems Management Server, 148
T
Take a Test app, 175
TAMs (technical account managers), 204
TCO (total cost of ownership)
cost models, comparison of, 160–161
sample software licensing scenario, 212–213
Teams (Microsoft), 29–31, 77, 180
Teams collaboration metrics (Workplace Analytics), 97
technical account managers (TAMs), 204
threats. See security
three nines contract, 4
tiered cloud service model, 16–17
total cost of ownership. See TCO (total cost of ownership)
training vouchers, 191
transitioning to cloud, 163
Trust Center (Service Trust Portal), 157
Try The New Admin Center option, 209
two nines contract, 4
U
UEM (unified endpoint management), 140–143
UE-V (Microsoft User Experience Virtualization), 24
UM (Unified Messaging), 25
Unified Messaging (UM), 25
Update Management (Azure), 16
updates/upgrades, 3, 22–24, 35, 43, 178
Upgrade Readiness (Desktop Analytics), 23
U.S. Government regions, 162
usage scenarios, security, 152–153
user risk, 137
user subscription license (USL), 185–186
Users menu (Admin Center), 46
V
VDA (Windows Virtual Desktop Access Rights), 191
vendors
robustness of, 160
vendor lock-in, 160
vertical scaling, 5
View Service Requests option (Support menu), 203
VoIP (Voice over IP), 30
volume licensing
CSP (Cloud Solution Provider) program, 191–193
licensing agreement types, 190
support, 203
VPNs (virtual private networks), authentication over, 115
vulnerability assessments, 112
W-X-Y-Z
WaaS (Windows as a Service), 44–45
WDAC (Windows Defender Application Control), 22
Week in the life metrics (Workplace Analytics), 96
Wellbeing pane (MyAnalytics), 95
Windows 10 Business, 25
Windows 10 Enterprise
features and capabilities of, 22
management, 24
security, 22
Windows as a Service (WaaS), 44–45
Windows Autopilot, 24, 150, 168
Windows Defender
Application Guard, 22
ATP (Advanced Threat Protection), 22
WDAC (Windows Defender Application Control), 22
Windows Hello for Business, 116, 134
Windows Information Protection (WIP), 59
Windows Insider Channel, 44
Windows Server Update Service (WSUS), 23
Windows Thin PC, 191
Windows to Go Use Rights, 191
Windows Update for Business, 23
Windows Virtual Desktop Access Rights (VDA), 191
WIP (Windows Information Protection), 59
wireless network scans, 112
wizards, Co-management Configuration, 150–151
WSUS (Windows Server Update Service), 23