MS-100 Microsoft 365 Identity and Services Exam Resource Guide (August 2022 Update)

In August a major update for MS-100 was released, with changes in objective domain section naming and quite a few of the tested items. Let’s start off with a quick summary of what has been added and what has been removed from the exam, and then discuss some these changes.

What’s new?

• Privileged Identity Management
• Administrative Units
• Azure AD Password Protection
• IdFix
• AAD Connect multitenant, server requirements, troubleshooting
• OAuth apps and Microsoft Defender for Cloud Apps

The top takeaway here is that the exam has expanded the Azure AD Premium features from P1 and P2 plans, where previously only Conditional Access, Identity Protection and Access Reviews were included. I view this as the exam catching up with AAD functionality.

What’s been removed?

• Teams planning for communication, call quality and capacity
• Plan for Microsoft Teams hybrid connectivity and co-existence
• Exchange Migration
• Partner and FastTrack
• Office Online
• Federation services
• Security and compliance reports
• Power Platform section

The removal of more advanced Teams migration and voice topics makes a great deal of sense. Team’s voice capabilities aren’t necessarily features that Microsoft 365 admins might be exposed to (yet!), and the integration/migration from Skype for Business is something that I view as a more dated conversation due to the rapid adoption of Teams in many organizations. Federation removal makes sense, as this is something that has generally been deemphasized in favor of other Azure AD Connect authentication options. Security and compliance reports are better suited to other exams like MS-101 and MS-500. Power Platform’s inclusion was always an inclusion that I wasn’t fond of, and never really understood why it made an appearance in this exam. This exam is broad enough without bringing Power Platform capabilities in.

Deploy and manage a Microsoft 365 tenant (15—20%)

Plan and implement a Microsoft 365 tenant

• plan a tenant
  • Plan your setup
  • Microsoft 365 Network Connectivity Principles
  • Network planning and performance tuning for Office 365
  • Prepare your organization’s network for Teams
  • Office 365 URLs and IP address ranges
• create a tenant
  • Plan your setup
  • Try or buy Microsoft 365
• implement and manage domains
  • Add domain
  • Can I pilot Microsoft 365 with just a few email addresses from my custom domain?
  • Domains FAQ
  • DNS basics
  • Can I add custom subdomains or multiple domains to Microsoft 365?
  • How do I change the default domain in Microsoft 365?
• configure organizational settings, including security, privacy, and profile
  • Customize your organization theme
  • Customize Sign-in page
  • Change your organization’s address, technical contact, and more
  • About the Microsoft 365 admin center

Monitor Microsoft 365 tenant health

• create and manage service requests
  • Contact support for business products
• create an incident response plan
  • Service Health and Continuity
• monitor service health
  • Service health
• monitor application access
  • Activity reports and analytics
• configure and review reports, including Azure Monitor logs and Log Analytics workspaces
  • Plan an Azure Active Directory reporting and monitoring deployment
  • Connect Office 365 Logs to Microsoft Sentinel
• schedule and review usage metrics, including Workplace Analytics and productivity score
  • About usage analytics
  • Usage analytics

Plan and manage user identity and roles (30—35%)

Plan identity synchronization

• design synchronization solutions for multitenant and multiforest scenarios
  • Plan for directory synchronization
  • Azure AD Connect: Supported topologies
• evaluate whether objects should be synchronized, not synchronized, or created as cloud only
  • What is hybrid identity?
  • Hybrid identity documentation
• identify which Azure Active Directory (AD) Connect features to enable, such as writeback and device synchronization
  • Hybrid Identity Design Considerations Overview
  • What is password hash synchronization?
• identify synchronization pre-requisites, including connectivity method, permissions, and server requirements
  • Determine identity requirements
  • Prerequisites for Azure AD Connect
• choose between Azure AD Connect and Azure AD Connect cloud sync
  • What is Azure AD Connect cloud sync?
• plan user sign-in for Azure AD hybrid identities, including pass-through authentication, seamless, and SSO
  • Azure Active Directory deployment plans
  • Managing federation with Azure AD Connect

Implement and manage identity synchronization with Azure AD

• prepare for identity synchronization by using IdFix
  • Install and run the IdFix tool
• configure and manage directory synchronization by using Azure AD Connect cloud sync
  • Cloud sync configuration
• configure and manage directory synchronization by using Azure AD Connect
  • Set up directory synchronization for Microsoft 365
  • What is Azure AD Connect Sync?
• configure Azure AD Connect object filters
  • Configure filtering
• monitor synchronization by using Azure AD Connect Health
  • Azure AD Connect Health Operations
• troubleshoot Azure AD Connect synchronization
  • Errors during synchronization

Plan and manage Azure AD identities

• plan Azure AD identities
  • Determine identity requirements
  • Understanding Microsoft 365 identity and Azure Active Directory
• create and manage users
  • Add or delete a new user
  • Reset a user’s password
• create and manage guest users
  • Add guest users to your directory in the Azure portal
  • Add a guest user with PowerShell
  • Manage access to Azure resources for external guest users using RBAC
• create and manage groups, including Microsoft 365 groups
  • Overview of Microsoft 365 Groups for administrators
  • Groups and access management
• manage and monitor Microsoft 365 license allocations
  • Manage user accounts and licenses
  • Group-based licensing
• perform bulk user management, including PowerShell
  • Connect to all Microsoft 365 services in a single Windows PowerShell window
  • Overview

Plan and manage roles in Microsoft 365

• plan for role assignments
  • About admin roles
  • Protect your Microsoft 365 global administrator accounts
  • Secure access for Azure AD admin roles
  • Role security planning
  • Least-privileged roles by task
• manage roles in Microsoft 365 admin center
  • View and assign roles
  • Assign users to admin roles
  • Assign Azure roles using the Azure portal
  • Assign Azure roles using Azure PowerShell
  • Assign admin roles
• manage administrative units
  • Administrative units
• plan and implement privileged identity management for Azure AD roles
  • Deploy PIM
  • Assign Azure AD roles in Privileged Identity Management
  • Management capabilities for Azure AD roles in Privileged Identity Management

Manage access and authentication (20—25%)

Plan and implement authentication

• choose an authentication method, including Windows Hello for Business, passwordless, and tokens
  • Authentication methods
  • Windows Hello for Business Deployment Overview
• implement and manage authentication methods
  • Authentication methods
• implement and manage self-service password reset (SSPR)
  • How it works: Azure AD self-service password reset
  • Deploy self-service password reset
• implement and manage Azure AD password protection
  • Eliminate bad passwords using Azure Active Directory Password Protection
  • Prevent attacks using smart lockout
• configure and manage multi-factor authentication (MFA)
  • Determine multi-factor auth requirements
  • How it works: Azure Multi-Factor Authentication
• investigate and resolve authentication issues
  • Sign-in logs
  • What are Azure AD reports?
  • What is Azure AD monitoring?

Plan and implement secure access

• plan and implement access reviews in Azure AD identity governance
  • Manage user access with access reviews
  • Manage guest access with access reviews
• plan and implement entitlement packages in Azure AD identity governance
  • What is Azure AD entitlement management?
• plan for identity protection
  • What is Identity Protection?
• implement and manage Azure AD Identity Protection
  • Configure the user risk policy
  • Configure the sign-in risk policy
  • Simulate risk events
• plan conditional access policies
  • Common ways to use conditional access
• implement and manage conditional access policies
  • Create and assign conditional access policy
  • Create a device compliance policy
  • Monitor conditional access

Plan and implement application access

• plan access and authentication to application registrations and Azure AD enterprise applications
  • Integrated Apps and Azure AD
• configure application registration in Azure AD
  • Register an app
• manage user permissions for application registrations
  • Integrated apps
• manage OAuth application requests in Azure AD, Microsoft Defender for Cloud Apps, and Microsoft 365 Defender
  • Manage OAuth apps
• configure Azure AD Application Proxy
  • Enable Application Proxy
• publish enterprise applications in Azure AD
  • Add a non-gallery app

Plan Microsoft 365 workloads and applications (20—25%)

Plan and implement Microsoft 365 Apps deployment

• plan for client connectivity to Microsoft 365 workloads
  • Assess your environment and requirements
• plan Microsoft 365 App compatibility by using the Readiness Toolkit
  • App compatability & readiness assessment tools
  • Plan a deployment of Office Telemetry Dashboard
• plan for Microsoft 365 Apps updates
  • Overview of update channels
  • Overview of the security update status report in the Microsoft 365 Apps admin center
• specify initial configuration for Microsoft 365 Apps by using the Microsoft 365 Apps admin center
  • Overview of the Office cloud policy service for Microsoft 365 Apps for enterprise
• implement Microsoft 365 Apps deployment and software downloads
  • Deployment guide
  • Deploy Microsoft 365 Apps from the cloud
  • Deploy Microsoft 365 Apps from a local source
  • Overview of the Office Deployment Tool

Plan and implement Exchange Online deployments

• plan for DNS records required by Exchange Online
  • External DNS records required for email in Office 365 (Exchange Online)
• plan and implement an Exchange hybrid organization
  • Exchange Hybrid deployment prerequisites
  • How to configure Exchange Server on-premises to use Hybrid Modern Authentication
• plan and implement mail routing, including connectors, mail flow rules, and remote domains
  • Mail flow best practices
  • Transport routing in Exchange hybrid deployments
• plan and implement organizational settings
  • Manage accepted domains

Plan and implement Microsoft SharePoint Online, OneDrive, and Microsoft Teams

• specify SharePoint site types, site collections, and lists
  • Information architecture and hub sites
  • Create sites
  • What is a list in SharePoint Online
  • Migrate your content to Microsoft 365
  • Migrate your content to SharePoint, OneDrive, and Teams
  • Migrate to Microsoft Teams
• plan a migration strategy for SharePoint Online and OneDrive
• identify hybrid requirements for SharePoint Online
  • Plan SharePoint Server hybrid
• manage access configurations for SharePoint Online and Microsoft Teams
  • Permissions and sharing
• manage SharePoint Online tenant and site settings
  • Manage sites in the new SharePoint admin center
• map Phone System features to requirements
  • Understand calling in Microsoft Teams
  • What is Phone System?
• plan and implement organizational settings
  • Manage Microsoft Teams settings for your organization
• plan, implement, and manage guest and external access
  • Manage External Access in Microsoft Teams
  • Add guest users in the portal
  • Add guest users with PowerShell
  • Admins adding B2B users
  • Information workers adding B2B users
  • Configure external collaboration settings