Professional Documents
Culture Documents
Contents
Introduction
Lab 1: Provisioning Office 365
Lab 2-A: Managing Office 365 Users and Passwords
Lab 2-B: Managing Office 365 Groups and Administration
Lab 3: Configuring Client Connectivity to Office 365
Lab 4: Configuring Directory Synchronization
Lab 5: Managing Office 365 ProPlus Installations
Lab 6: Managing Exchange Online Recipients and Permissions
Lab 7-A: Configuring Message Transport in Exchange Online
Lab 7-B: Configuring Email Protection and Client Policies
Lab 8: Configuring Skype for Business Online
Lab 9: Configuring SharePoint Online
Lab 10: Planning and Configuring an Office 65 Collaboration Solution
Lab 11: Configuring Rights Management and Compliance
Lab 12: Monitoring and Troubleshooting Office 365
Lab 13: Planning and Configuring Identity Federation
L0-3 Introduction
Lab environment
In the graphic below, you can see the lab setup for this course.
Getting started
For the labs in this course, each student requires the following three things:
o A new Microsoft Account (live id) email address.
The email address is used to create an Office 365 Enterprise E3 trial account.
You can already create the new Microsoft Account before the course starts.
o A mobile phone that can receive text messages (SMS).
Office 365 uses an SMS text message to provide a verification code to the user, when creating
the Office 365 Enterprise E3 trial account.
o A unique never-used tenant domain name, a unique custom domain name with matching
server authentication certificate, and routable public IP addresses.
These are all provided to each student by Virsoft, as described below.
The lab instructions in this document often refer to the following tenant domain name and custom
domain name:
o Adatumvsxxxx.onmicrosoft.com
o Adatumvsxxxx.virsoftlabs.com
In all instructions where these domain names are used, the student must replace the xxxx part by a
unique 4-digit student ID.
The Virsoft hosting platform provides each student with a unique never-used student ID by placing a text
file with this information on the LON-CL1 desktop of Adatum\Holly.
Here is an example of the contents of this text file:
9. In the Phone number box, enter your correct mobile phone number.
10. Ensure that the Text me option is selected, and then click Text me.
11. When you receive the confirmation text on your mobile phone, enter the code provided in the Enter
your verification code box.
12. Click Create my account.
13. Wait until the Office 365 tenant is provisioned, and then click You're ready to go.
L1-6 Planning and Provisioning Office 365
14. Click the Admin tile to go to the Office 365 admin center.
If a confirm your current password page appears, click re-enter my password, and type Pa$$w0rd.
15. On the update your admin contact info page, beside Authentication Phone is set to, verify that
your phone number is listed, and then click Verify.
16. Select your country, verify that your phone number is listed, and then click text me.
17. After receiving the text, enter the verification string, and click verify. If verify is not available, press
Enter.
18. On the update your admin contact info page, beside Authentication Email is not configured,
click Set it up now.
19. Enter the Microsoft account email address that you configured for this course, and click email me.
20. Access your Microsoft account email to retrieve the verification code.
21. Enter the verification code, and then click verify. If verify is not available, press Enter, and then click
finish.
22. If a Manage Office 365 on the go page appears, close the page.
Note: If you are connected to the previous Office 365 admin center when you connect to
Office 365, click the banner at the top of the page to connect to the new admin center.
Note: During Microsoft testing, on rare occasions Office 365 did not create the trial tenant
properly; as a result, the tenant did not have all the services available to it. If this happens to
you, you should create a new trial tenant using a different business email (Microsoft account).
Results: After completing this exercise, you should have successfully provisioned the Office 365 tenant
account for A. Datum Corporation.
Note: For ease of testing and changing, a very short TTL of 2 minutes is used.
22. Click OK to close the Properties dialog box.
23. Right-click Adatumvsxxxx.virsoftlabs.com, and then click Other New Records.
24. Under Select a resource record type, scroll down to Text (TXT), and then click Create Record.
25. In the New Resource Record dialog box, provide the following information:
o Record name: (leave blank)
o Text: MS=msXXXXXXXX
o Time to live (TTL): 0:0:2:0
Note: Use the MS=msXXXXXXXX value that you recorded earlier.
Also, for ease of testing and changing, a very short TTL of 2 minutes is used.
26. Click OK to create the record.
L1-8 Planning and Provisioning Office 365
29. At the command prompt, type the following command, and then press Enter.
nslookup.exe
30. At the command prompt, type the following command, and then press Enter.
set type=TXT
31. At the command prompt, type the following command, and then press Enter.
Adatumvsxxxx.virsoftlabs.com
32. Verify that the DNS TXT-record request returns the MS=msXXXXXXXX value.
33. At the command prompt, type the following command, and then press Enter.
exit
Results: After completing this exercise, you should have provided a high-level overview of administrative
portals of Office 365.
L2-10 Managing Office 365 Users and Groups
16. On the User was added page, clear the Send password in email check box.
17. Click Close.
18. Repeat the previous steps to create the following users (for the User name, use the First name):
o Christie Thomas
o Amy Santiago
o Sallie McIntosh
o Francisco Chaves
3. On the Edit contact information page, expand Contact information, and in the Department text
box, type Accounts, click Save, and then click Close.
4. On the right side, in the Sign in status section, click Edit.
5. On the Sign-in status page, select Sign-in blocked, click Save, and then click Close.
6. Click Close to close the Francisco Chaves page.
7. In the Active Users list, click the Lindsey Gates user object.
8. On the right side, click Delete user.
9. On the Delete user page, click Delete, and then click Close.
10. In the left navigation pane, under Users, click Deleted Users.
11. Verify that Lindsey Gates is in this list.
12. In the Deleted Users list, click Lindsey Gates.
13. On the toolbar, click Restore.
14. On the Restore page, ensure that the Auto-generate password option, and the Make this user
change their password when they first sign in check box are selected.
15. Click Restore.
16. Make a note of the temporary password that is assigned to Lindsey Gates. In the next task, you use
this password to sign in.
17. Click Close.
18. On the left navigation pane, under Users, click Active Users.
19. Verify that Lindsey Gates is in this list.
20. Close Microsoft Edge.
16. On the right side, in the Sign-in status section, click Edit.
17. On the Sign in status page, select Sign-in allowed, click Save, and then click Close.
18. Close Microsoft Edge.
19. Open Microsoft Edge, and then browse to https://login.microsoftonline.com/.
20. Sign in as Francisco@Adatumvsxxxx.virsoftlabs.com with password Pa$$w0rd.
21. Verify that you can access the Office 365 portal.
22. Close Microsoft Edge.
Results: After completing this exercise, you should have created and managed user accounts according
to business needs.
Note: Using the same value does not correspond with a real-world scenario. Use it as a
sample scenario to verify the policy applied in the next exercise task.
8. Click Save.
9. Verify that the "Password policy has been updated" message appears, and then click Close.
Note: You have now verified that the password policy is applied.
Results: After completing this exercise, you should have configured and validated an Office 365
password policy.
L2-14 Managing Office 365 Users and Groups
14. In the Description text box, type Accounts department users, click Add, and then click Close.
15. In the Members section, click Edit.
16. In the search box, type Francisco, and then click Add.
17. In the search box, type Sallie, and then click Add.
18. Click Save, click Close, and then click Close.
5. Ensure that Amy Santiago is now listed as member in the Sales security group.
6. Click Delete group.
7. On the Delete group page, click Delete, and then click Close.
8. On the left side menu, click Users, and then click Active Users.
9. Confirm that the Amy Santiago user account still exists in the list of users.
L2-15 Managing Office 365 Users and Groups
Results: After completing this exercise, you should have created and managed security groups.
Task 2: Create new users and assign licenses by using Windows PowerShell
1. On LON-CL1, on the desktop, right-click the Windows Azure Active Directory Module for
Windows PowerShell shortcut, and then click Run as administrator.
Connect-MsolService
5. At the command prompt, type the following command, and then press Enter:
6. At the command prompt, type the following command, and then press Enter:
7. To determine which users are unlicensed, at the command prompt, type the following command,
and then press Enter:
Get-MsolUser -UnlicensedUsersOnly
8. To license Catherine Richard, at the command prompt, type the following command, and then
press Enter:
9. To license Tameka Reed, at the command prompt, type the following command, and then press
Enter:
10. To prevent a user from signing in, at the command prompt, type the following command, and then
press Enter:
11. To delete a user, at the command prompt, type the following command, and then press Enter:
12. To view the Deleted Users list, at the command prompt, type the following command, and then
press Enter:
Get-MsolUser ReturnDeletedUsers
13. Verify that Catherine Richard is in the Deleted Users list. Note that it specifies that she is still
licensed.
14. To restore a deleted user, at the command prompt, type the following command, and then press
Enter:
15. To view the Deleted Users list again, at the command prompt, type the following command, and
then press Enter:
Get-MsolUser ReturnDeletedUsers
16. Verify that Catherine Richard is no longer in the Deleted Users list.
L2-17 Managing Office 365 Users and Groups
17. To view the Active Users list, at the command prompt, type the following command, and then press
Enter:
Get-MsolUser
8. To view the Active Users list, at the command prompt, type the following command, and then press
Enter:
Get-MsolUser
15. Under recipients, click mailboxes and review the mailboxes and associated email addresses that
were created.
16. Close Microsoft Edge.
L2-18 Managing Office 365 Users and Groups
2. To configure a PowerShell variable for the group, at the command prompt, type the following
command, and then press Enter:
3. To configure a PowerShell variable for the first user account, at the command prompt, type the
following command, and then press Enter:
4. To configure a PowerShell variable for the second user account, at the command prompt, type the
following command, and then press Enter:
5. To add Catherine Richard to the Marketing group, at the command prompt, type the following
command, and then press Enter:
6. To add Tameka Reed to the Marketing group, at the command prompt, type the following
command, and then press Enter:
7. To verify the members of the Marketing group, at the command prompt, type the following
command, and then press Enter:
2. At the command prompt, type the following command, and then press Enter:
3. At the command prompt, type the following command, and then press Enter:
Results: After completing this exercise, you should have created new users, assigned licenses, modified
existing users, and configured groups and user passwords by using the Windows PowerShell command-
line interface.
6. Under Edit user role, select Customized administrator, and then select Billing administrator
from the list.
7. In the Alternate email address text box, type user@alt.none, click Save, and then click Close.
8. Close the Francisco Chaves page.
9. In the active users list, click Tameka Reed.
10. On the Tameka Reed page, in the Roles section, click Edit.
11. Under Edit user role, select Customized administrator, and then select Password administrator
from the list.
12. In the Alternative email address text box, type user@alt.none, click Save, and then click Close.
13. Close the Tameka Reed page.
14. In the active users list, click Christie Thomas.
15. On the Christie Thomas page, in the Roles section, click Edit.
16. Under Edit user role, click Customized administrator, and then select User management
administrator from the list.
17. In the Alternative email address text box, type user@alt.none, click Save, and then click Close.
18. Close the Christie Thomas page
19. Close Microsoft Edge.
2. At the command prompt, type the following command, and then press Enter:
3. At the command prompt, type the following command, and then press Enter:
L2-20 Managing Office 365 Users and Groups
4. At the command prompt, type the following command, and then press Enter:
5. Verify that Sallie McIntosh is in the list of users who have the Service Support Administrator role.
6. At the command prompt, type the following command, and then press Enter:
7. At the command prompt, type the following command, and then press Enter:
8. Verify that Francisco Chaves is in the list of users who have the billing administrator role.
9. At the command prompt, type the following command, and then press Enter:
10. At the command prompt, type the following command, and then press Enter:
11. Verify that Holly Dickson and Nona Snider and are in the list of users who have the Company
Administrator role.
12. At the command prompt, type the following command, and then press Enter:
Exit
16. On the update your admin contact info page, click cancel.
17. In the Office 365 admin center, on the Home page, click Users, and then click Jessica Jennings.
18. On the Jessica Jennings page, in the Display name Office phone section, click Edit.
19. In the Office Phone text box, type 555-1234.
20. Click Save, and then click Close.
21. In the Sign-in status section, click Edit.
22. Select Sign-in blocked.
23. Click Save, and then click Close.
24. Close the Jessica Jennings page.
25. On the Active users page, click Add a user.
26. In the First name text box, type Chris.
27. In the Last name text box, type Breland.
28. In the User name text box, type Chris.
29. Click Save.
30. On the User was added page, click Send email and close.
31. On the Active Users page, click Chris Breland.
32. Click Delete user.
33. On the Delete user page, click Delete, and then click Close.
34. Close Microsoft Edge.
Results: After completing this exercise, you should have assigned delegated administrators in the Office
365 admin center, managed delegated administration with Windows PowerShell, and verified delegated
administration.
L3-22 Configuring Client Connectivity to Office 365
Task 2: Review the recommended DNS records in the Office 365 admin center
1. On LON-CL1, open Microsoft Edge, and then browse to http://login.microsoftonline.com/.
2. Sign in as Holly@Adatumvsxxxx.onmicrosoft.com with password Pa$$w0rd.
3. In the Office 365 portal, click Admin.
4. In the Office 365 admin center, in the menu to the left, expand Settings, click Domains.
5. Review the domain names assigned to the tenant.
2. In the Alias name text box, type autodiscover as the alias name.
3. In the Fully qualified domain name (FQDN) for target host text box, type
autodiscover.outlook.com.
4. Click OK.
5. Right-click Adatumvsxxxx.virsoftlabs.com, and then click New Mail Exchanger (MX).
L3-23 Configuring Client Connectivity to Office 365
6. In the Mail Exchanger (MX) dialog box, in the Fully qualified domain name (FQDN) of mail
server text box, type Adatumvsxxxx-virsoftlabs-com.mail.protection.outlook.com.
7. Click OK.
o Weight: 1
o Port number: 5061
o Host offering this service: sipfed.online.lync.com
o Time to live: 1 hour (default)
13. In the Resource Record Type dialog box, scroll back up the list, click Alias (CNAME), and then
click Create Record.
14. On the Alias (CNAME) tab, enter the following information, and then click OK:
o Alias name: sip
o Fully qualified domain name (FQDN) for target host: sipdir.online.lync.com
o Time to live: 1 hour (default)
15. In the Resource Record Type dialog box, click Create Record.
16. On the Alias (CNAME) tab, enter the following information, and then click OK:
18. Switch back to LON-CL1, and then in the Office 365 admin console, click Check DNS.
Note: Due to DNS timeouts of missing DNS records, the DNS check may take a long time.
19. If you do not get any results from the DNS check, then in the DNS errors section, click View errors,
and then click Refresh.
20. You should now see that most missing DNS records are not listed anymore. The only remaining
missing DNS records are listed below. There are not used in this course.
o msoid.Adatumvsxxxx
o enterpriseregistration.Adatumvsxxxx
o enterpriseenrollment.Adatumvsxxxx
o TXT Adatumvsxxx (for SPF)
21. In the menu bar, click the App launcher icon (9 small squares), and then click Mail.
22. On the Outlook page, select your time zone and click Save.
23. On LON-CL2, verify that you are signed in as Francisco.
24. Open Microsoft Edge, and then connect to https://login.microsoftonline.com.
25. Sign in as Francisco@Adatumvsxxxx.virsoftlabs.com with password Pa$$w0rd.
26. In the Office 365 portal, click Mail.
27. On the Outlook page, select your time zone and click Save.
28. In the middle pane, click the New button.
29. In the To text box, type Holly Dickson, and then click Search Directory.
30. When the name resolves, note her instant message (IM) status. It might take a couple of minutes for
her status to update.
Results: After completing this exercise, you should have reviewed the recommended DNS records in
the Office 365 admin center, configured the DNS records for external clients, and configured the DNS
records for internal clients.
L3-25 Configuring Client Connectivity to Office 365
Note: If you receive a message about having performed too many tests in 60 seconds,
wait for a minute and then repeat the test.
7. When you see Connectivity Test Successful, under Test Details, expand Test Steps, and then
review the checks that were made against the Exchange Online domain.
8. Click Start Over.
9. On the Office 365 tab, select Office 365 Lync Domain Name Server (DNS) Connectivity Test,
and then click Next.
10. In the Sign-in address text box, type Francisco@Adatumvsxxxx.virsoftlabs.com, and then click
Perform Test.
11. When you see Connectivity Test Successful, under Test Details, expand Test Steps, and then
review the checks that were made against the Skype for Business Online domain.
12. Click Start Over.
13. Under Microsoft Office Outlook Connectivity Tests, click Outlook Connectivity, and then click
Next.
14. On the Outlook Connectivity page, in the Email Address and Microsoft Account text boxes, type
Francisco@Adatumvsxxxx.virsoftlabs.com.
15. In the Password and Confirm password text boxes, type Pa$$w0rd.
16. Select Use Autodiscover to detect server settings.
17. Select I understand that I must use the credentials of a working account from my Exchange
domain to be able to test connectivity to it remotely. I also acknowledge that I am responsible
for the management and security of this account.
7. In the First things first dialog box, select Ask me later, and then click Accept.
8. Close Outlook.
9. On LON-CL2, repeat the previous steps with the following information:
Task 2: Verify that Skype for Business can connect to Office 365
1. On LON-CL1, start Skype for Business.
2. Close the Welcome - Skype for Business dialog box.
3. On the Skype for Business sign in page, type Holly@Adatumvsxxxx.onmicrosoft.com as the
Sign-in address, and then click Sign in.
4. On the second Sign in page, type Pa$$w0rd as the password, select Save my password, and click
Sign In.
5. In the confirmation dialog box about saving your sign-in info, click Yes.
6. In the Help Make Skype for Business Better! dialog box, click No.
7. Verify that you are connected to Skype for Business Online.
8. Close the Skype for Business window.
9. On LON-CL2, repeat the previous steps with the following information:
o Sign-in address: Francisco@Adatumvsxxxx.virsoftlabs.com
o Password: Pa$$w0rd
Results: After completing this exercise, you should have verified that Outlook 2016 can connect to
Office 365, verified that Skype for Business can connect to Office 365, and verified OneDrive for
Business connectivity to Office 365.
L4-28 Planning and Configuring Directory Synchronization
CD C:\labfiles\
2. At the Windows PowerShell prompt, type the following command, and then press Enter:
Set-ExecutionPolicy Unrestricted
.\CreateProblemUsers.ps1
Note: Ignore possible topleveldomain errors, which cannot be fixed by the IdFix tool.
18. In the Amr Zaki row, in the ACTION column, select EDIT.
19. In the Holly Dickson row, in the ACTION column, select EDIT.
20. In the Kelly Rollin row, in the ACTION column, select EDIT.
21. On the toolbar, click Apply.
22. In the Apply Pending dialog box, click Yes.
Notice the COMPLETE status in the ACTION column indicating successful writes.
23. In File Explorer, in the C:\Deployment Tools\IdFix folder, double-click Verbose <date> <time>.txt
to view the updated transactions in the transaction log.
24. Close Notepad.
25. In the IdFix application window, on the toolbar, click Query.
26. In the Don Funk row, click in the UPDATE column to replace the string with don@adatum.com,
and then in the ACTION column, select EDIT.
27. In the Kelly Rollin row, click in the UPDATE column to replace the string with kelly@adatum.com,
and then in the ACTION column, select EDIT.
28. On the toolbar, click Apply.
L4-30 Planning and Configuring Directory Synchronization
Note: Where there are format and duplicate errors for distinguished names, the UPDATE
column either contains the same string as the VALUE column, or the UPDATE column entry is
blank. In either case, this means that IdFix cannot suggest a remediation for the error. You can
either fix these errors outside IdFix, or manually remediate them within IdFix. You can also
export the results and use Windows PowerShell to remediate a large number of errors.
Connect-MsolService
Although you might have to wait up to 24 hours for activation to complete, you should be able to
continue.
5. At the Windows PowerShell prompt, type the following command, and then press Enter:
Get-MsolCompanyInformation
Note that in the output, DirectorySynchronizationEnable is True, indicating that sync is enabled.
Note: It might take a few minutes to return True. Rerun the command until you see True
showing.
Results: After completing this exercise, you will have resolved issues in AD DS identified by the IdFix
tool and you will have enabled Active Directory synchronization in Office 365.
L4-31 Planning and Configuring Directory Synchronization
Note: If you see the Active Directory synchronization is being activated warning, you can
ignore it at this time, but you will not be able to run directory synchronization later in this
exercise. You must wait until directory synchronization is activated. However, you can complete
the following steps, even if you do see the warning message.
Note: You will be redirected to the Microsoft Azure Active Directory Connect download
page at http://go.microsoft.com/fwlink/?LinkId=617037.
17. On the Microsoft Azure Active Directory Connect download page in Internet Explorer, click
Download.
18. When the AzureADConnect.msi download has completed, in the Internet Explorer notification bar,
click Run.
19. In the Microsoft Azure Active Directory Connect wizard, on the Welcome page, select I agree to
the license terms and privacy notice, and then click Continue.
10. Once the installation completes, on the Configuration complete page, click Exit.
11. Close Internet Explorer.
12. On the Start screen, click Administrator, and click Sign out.
13. Sign in as Adatum\Administrator again with password Pa$$w0rd.
o Password: Pa$$w0rd
o Domain: Adatum.com
Note: Although this account is not the one used for directory synchronization, you use the
account credentials to access AD DS to configure filtering.
7. In the Select Containers dialog box, select the Research check box, verify that the IT check box is
also selected, and then click OK.
8. Click OK to close the Properties dialog box.
9. Close Synchronization Service Manager.
Note: The Start-ADSyncSyncCyle PowerShell command returns immediately, but the initial
synchronization can still take a few moments to complete. Leave the Windows PowerShell window
open.
Connect-MsolService
Get-MsolCompanyInformation
16. Verify the LastDirSyncTime (expressed in UTC) aligns with the last time synchronization was
initiated in the previous task.
17. On LON-CL1, open Microsoft Edge, and then browse to https://login.microsoftonline.com.
Results: After completing this exercise, you will have installed Azure AD Connect with customized
settings. Upon completion of the installation, you will start directory synchronization to Office 365 and
have verified that synchronization was successful.
11. In the New Object Group dialog box, in the Group name text box, type Project Team, select
Universal, select Distribution, and then click OK.
12. In the Research OU, right-click the new Project Team group, and then click Properties.
13. In the Properties dialog box, on the General tab, in the E-mail text box, type
projectteam@Adatumvsxxxx.virsoftlabs.com.
14. On the Members tab, click Add.
15. In the Select Users, Contacts, Computers, Service Accounts, or Groups dialog box, in the Enter
the object names to select text box, type the following thee account names separated by a
semicolon, and then click Check Names:
o Chris Sells
o Lukas Keller
L4-36 Planning and Configuring Directory Synchronization
o Sabine Royant
16. Click OK, and click OK again.
Note: The Delta parameter is used here so that only the updates are synchronized.
2. At the Start screen, type sync, and then click Synchronization Service.
3. In the Synchronization Service Manager, on the Operations tab, wait until the Adatum.com
connector has completed the Export task.
4. Close Synchronization Service Manager.
5. On the Active users list, in the Search text box, type Perry, and then click the search icon.
6. Verify that the new Perry Brill user has synchronized with Office 365.
Note: You may have to wait a few minutes before the user account appears. Refresh the
list until you see the Perry Brill user.
Note: You cannot change the Project Team membership on this page. This is because
group membership is maintained by Active Directory.
Get-MsolGroup
18. Verify that you see the Research and Project Team groups.
19. At the Windows PowerShell prompt, type the following command, and then press Enter.
20. At the Windows PowerShell prompt, type the following command, and then press Enter.
21. Verify that the Project Team group in Office 365 contains the three user accounts that you added to
the group in Active Directory earlier:
o Chris Sells
o Lukas Keller
o Sabine Royant
22. At the Windows PowerShell prompt, type the following command, and then press Enter.
23. At the Windows PowerShell prompt, type the following command, and then press Enter.
L4-38 Planning and Configuring Directory Synchronization
24. Verify that the Research group in Office 365, does not contain the three user accounts that you
removed from the group in Active Directory earlier:
o Allie Bellew
o Anil Elison
o Aziz Hassouneh
25. At the Windows PowerShell prompt, type the following command, and then press Enter.
Note that the PowerShell command returns no user accounts. This confirms that the user
Josh Bailey has moved out of scope of synchronization.
26. At the Windows PowerShell prompt, type the following command, and then press Enter:
Get-MsolAccountSku
The PowerShell command indicates how may Office 365 licenses are assigned.
Results: After completing this exercise, you will have identified how managing user and group accounts
has changed with directory synchronization.
L5-39 Planning and Deploying Office 365 ProPlus
12. On the Software download settings page, click Manually deploy user software.
13. On the Manage user software through Office 365 page, scroll down, and then click Learn how to
download and deploy software.
14. On the How admins can download Office 365 user software to deploy to users page, click
Manage user software in Office 365.
15. On the next Manage user software in Office 365 page, scroll down, and then click the Office
Deployment Tool (Office 2016 version) link to open the Office Deployment Tool download page.
Note: You can also go directly to the Office 2016 Deployment Tool page, by using the URL:
http://go.microsoft.com/fwlink/?LinkId=626065.
16. On the download page, expand Details, System Requirements, and Install Instructions, and read
and familiarize yourself with each section.
17. Click Download.
22. In the Files extracted successfully confirmation dialog box, click OK.
23. In File Explorer, go to the C:\Office16 folder. You should see two files:
o configuration.xml
o setup.exe
24. Close Microsoft Edge
2. Right-click in the folder, and then click Paste. This creates a backup copy of the configuration.xml
file.
3. Right-click the configuration.xml file, click Open With, and then click Notepad.
4. In Notepad, edit the first Add line after <Configuration>. Replace:
with:
<Product ID="VisioProRetail">
<Language ID="en-us" />
</Product>
6. with
with
8. On the File menu, click Save As, and in the File name text box, type AdatumConfiguration.xml.
9. Close Notepad.
10. In File Explorer, press Shift, and then right-click in the Office16 folder, and click Open command
window here.
11. At the C:\Office16> command prompt, type the following command, and then press Enter:
.\setup.exe /?
13. At the command prompt, type the following command, and then press Enter:
Results: After completing this exercise, you will have downloaded a copy of Microsoft Office 365
ProPlus for managed deployment to a shared folder. You will also have downloaded and installed the
Office Deployment Tool.
19. On the Home page, in the Office software tile, click Software download settings.
20. In the Software for PC section, set the 2016 version switch to Off.
21. Set the 2013 version switch to Off.
22. Click Save, and then click Close.
L5-42 Planning and Deploying Office 365 ProPlus
23. On the Home page, in the top-right corner, click the User icon, and then click Sign out.
24. Sign in as Brad@Adatumvsxxxx.virsoftlabs.com, with password Pa$$w0rd.
25. In the Office 365 portal, in the top-right corner, click the Settings (gear) icon.
26. On the Settings menu, under My app settings, click Office 365.
27. On the Settings page, click Software.
Note: Because this user is not licensed for Office 365 ProPlus, Office 2016 is not available
for download.
31. In the Office 365 portal, in the top-right corner, click the Settings (gear) icon.
32. On the Settings menu, under My app settings, click Office 365.
33. On the Settings page, click Software.
Note: This user has a license, but Skype for Business and Office are not available for
download.
34. Click Phone & tablet. Verify that Phone apps and Tablet apps are available.
35. Close Microsoft Edge.
36. Open Microsoft Edge, and browse to https://login.microsoftonline.com/
37. Sign in as Holly@Adatumvsxxxx.virsoftlabs.com with password Pa$$w0rd.
38. In the Office 365 portal, click Admin.
39. On the Home page, in the Office software tile, click Software download settings.
40. In the Software for PC section, set the 2016 version switch to On.
41. Verify that Office and Skype for Business are both set to on.
42. Click Save, and then click Close.
43. Close Microsoft Edge.
44. On LON-CL3, verify that you are logged in as Roman.
45. Open Microsoft Edge, and then browse to https://login.microsoftonline.com/.
46. Sign in as Roman@Adatumvsxxxx.virsoftlabs.com with password Pa$$w0rd.
47. In the Office 365 portal, in the top-right corner, click the Settings (gear) icon.
48. On the Settings menu, under My app settings, click Office 365.
49. On the Settings page, click Software.
Note: This user has a license, and Office 2016 (including Skype for Business) is available
for download.
L5-43 Planning and Deploying Office 365 ProPlus
Task 2: Install Office 365 ProPlus from the Office 365 portal
1. On LON-CL3, in Microsoft Edge, on the Software / Office page, in the Language drop-down list
box, ensure that English (United States) is selected.
2. Under version, ensure that 32-bit (Recommended) is selected.
Note: To see the 64-bit version option, you must click Advanced.
3. Click Install.
4. In the Microsoft Edge notification bar, after Setup.X86.en-us_O365ProPlusRetail_nnnn.exe has
finished downloading, click Run.
5. In the User Account Control dialog box, in the User name text box, type Adatum\Holly, and in the
Password text box, type Pa$$w0rd, and then click Yes.
6. On the taskbar, click the Office icon, and note the status of the download.
Note: It will take several minutes to complete, but applications are available now.
22. At the next line, type =Lorem(), and then press Enter.
Note: The option to quickly insert "random" text in a document, has been a fairly unknown feature
since Word 97 Standard Edition .
23. On the File menu, click Save.
24. Click Sites A. Datum (not OneDrive - A. Datum), and then click A. Datum in the right pane.
25. Double-click the Documents document library, ensure that the File name is
Meeting Agenda.docx, and then click Save.
26. Close Word.
L5-44 Planning and Deploying Office 365 ProPlus
27. In Microsoft Edge, on the Software / Office page, on the Edge menu bar, click the Refresh icon (or
press the F5 key).
Note that you now have a new Manage installs section at the top of the page where you can
manage Office 365 installs.
28. Close Microsoft Edge.
Note: Note that the Office installation is no longer listed, as Roman Miler no longer has an
active license. The Office 365 ProPlus applications will still be available to the user on any
machine on which he already installed them, but within 30 days, they will drop into
low-functionality mode. This means he will only be able to read and print documents.
Results: After completing this exercise, you should be able to activate Office 365 ProPlus for self-
service installations and set licensing options correctly for end users so that deployment and installation
is possible.
12. In the right pane, right-click Startup, and then click Properties.
13. In the Startup Properties dialog box, click Show Files.
14. Right-click in the Startup folder, click New, and then click Text Document.
15. Rename the new text file from New Text Document.txt to DeployOffice16.cmd.
16. Right-click DeployOffice16.cmd, and then click Edit.
17. In the Open File - Security Warning message box, click Run.
Note: The security warning appears, because Group Policy Management editor opened the Startup
folder as a network location through \\Adatum.com\Sysvol, and not as a local path through C:\. The
"Run" command in this case means "run the Edit command on this network file".
18. In Notepad, add the following line:
23. In the Browse dialog box, select DeployOffice16.cmd, and then click Open.
24. In the Add a Script dialog box, click OK.
25. In the Startup Properties dialog box, click OK.
gpupdate.exe /force
4. Wait for the Group Policy to update both the computer policy and the user policy.
5. Close the command prompt.
6. Restart the LON-CL4 computer.
7. After LON-CL4 has restarted, wait one minute before continuing. This is to allow the Group Policy
settings to take effect on LON-CL4.
8. Sign in as ADATUM\Maira with password Pa$$w0rd.
9. On the Start screen, notice that Office 2016 is installed. You might have to wait a few minutes before
you see any available Office applications.
10. Click Word 2016. If you do not see it on the Start screen, type Word to bring up the icon.
11. In the Activate Office dialog box, type Maira@Adatumvsxxxx.virsoftlabs.com, and then click
Next.
12. In the Office 365 dialog box, in the Password text box, type Pa$$w0rd, and then click Sign in.
13. In the Account Updated message box, click OK.
14. In the First things first message box, click Accept.
15. In the What's New in Word message box, click Close.
16. Click Blank document.
17. In the new Word document, type the text Meeting Report, and then press Enter.
18. At the next line, type =Rand.old(), and then press Enter.
19. On the File menu, click Save.
20. On the Save As page, click Browse.
21. Verify that the Save As dialog box, opens with the This PC > Documents folder.
22. Ensure that the File name is Meeting Report.docx, and then click Save.
23. Close Word 2016.
24. Right-click the taskbar, and then click Task Manager.
25. In Task Manager, on the Details tab, notice the OfficeClickToRun.exe process in the process list.
L5-47 Planning and Deploying Office 365 ProPlus
Note: Check Task Manager for your deployment. These items will all be present in a
successful install.
Results: After completing this exercise, you will have enabled centralized managed deployment of Office
365 ProPlus and implemented a standardized Microsoft Office configuration by using one version of
Office.
L6-48 Planning and Managing Exchange Online Recipients and Permissions
o Kendra Sexton
14. In the left navigation pane, expand Admin Centers, and then click Exchange.
15. In the Exchange admin center, in the left navigation pane, click recipients.
Note: It might take a few minutes for the mailboxes to appear. Click the refresh icon
periodically until they do.
3. In the New Distribution Group window, in the Display name text box, type IT.
4. In the Alias box, type IT.
5. Ensure that the Email address name is IT.
$cred = Get-Credential
7. In the Windows PowerShell window, type the following command, and then press Enter:
8. In the Windows PowerShell window, type the following command, and then press Enter:
9. In the Windows PowerShell window, type the following command, and then press Enter:
Get-AcceptedDomain
Note: This command returns the list of accepted domains and verifies that you can
connect to your Office 365 subscription.
2. In the Windows PowerShell window, type the following command, and then press Enter:
3. In the Windows PowerShell window, type the following command, and then press Enter:
4. In the Windows PowerShell window, type the following command, and then press Enter:
5. In the Windows PowerShell window, type the following command, and then press Enter:
Note: If you receive an error running the Set-CalendarProcessing cmdlet for either of
these objects, wait a few moments and repeat.
6. In Microsoft Edge, in the Exchange admin center, click the Refresh icon. You should see both new
resources.
7. In the Windows PowerShell window, type the following command, and then press Enter:
8. In Microsoft Edge, in the Exchange admin center, click the Refresh icon. You should see the
changes you made in the details pane on the right.
cd C:\Labfiles
4. In the Windows PowerShell window, type the following command, and then press Enter:
5. In the Windows PowerShell window, type the following command, and then press Enter:
6. In Microsoft Edge, in the Exchange admin center, in contacts, click the Refresh icon. You can see
the newly created objects.
L6-51 Planning and Managing Exchange Online Recipients and Permissions
Results: After completing this exercise, you will have created and configured Microsoft Exchange Online
recipients.
Enable-OrganizationCustomization
2. In the Windows PowerShell window, type the following command, and then press Enter:
3. In the Windows PowerShell window, type the following command, and then press Enter:
4. In the Windows PowerShell window, type the following command, and then press Enter:
Get-RoleGroupMember "BranchOfficeAdmins"
5. In Microsoft Edge, in the Exchange admin center, click the Refresh icon. You can see the new
BranchOfficeAdmins role group.
3. In the Windows PowerShell window, type the following command, and then press Enter:
5. In Microsoft Edge, in the Exchange admin center, click the Refresh icon. You can see the new role
assignment policy.
6. Close Microsoft Edge.
L6-52 Planning and Managing Exchange Online Recipients and Permissions
Results: After completing this exercise, you will have configured delegated administration of your
Exchange Online organization.
L7-53 Planning and Configuring Exchange Online Services
Note: You might have a Windows PowerShell connection to Office 365 open from a
previous lab. If so, you can use the existing connection and skip this step.
3. In Windows PowerShell, type the following command, and then press Enter.
$cred = Get-Credential
4. In the left navigation pane, expand Admin centers, and then click Exchange.
5. In the Exchange admin center, in the left pane, click mail flow, and then click connectors.
6. Click the + icon.
7. On the Select your mail flow scenario page, in the From list box, select Office 365.
8. In the To list box, select Partner organization, and then click Next.
9. On the New connector page, in the Name text box, type Humongous Insurance Outgoing, and
then click Next.
10. Ensure Only when email messages are sent to these domains is selected, and then click the +
icon.
L7-54 Planning and Configuring Exchange Online Services
11. On the add domain page, type humongousinsurance.com, click OK, and then click Next.
12. Ensure Use the MX record associated with the partner's domain is selected, and then click Next.
13. Ensure Always use Transport Layer Security (TLS) to secure the connection is selected, and
ensure Issued by a trusted certificate authority (CA) is selected, and then click Next.
14. On the Confirm your settings page, click Next.
15. On the Validate this connector page, click the + icon.
16. In the Send the test email to the address text box, type
postmaster@humongousinsurance.com, click OK, and then click Validate.
17. Wait while validation completes, and then click Close.
18. On the Validation Result page, click Save.
19. In the Warning window, click Yes.
Note: Validation of mail flow failed because the connector is to a fictitious organization.
This is expected behavior for this lab.
20. In the Exchange admin center, on the connectors tab, click the + icon.
21. On the Select your mail flow scenario page, in the From list box, select Partner organization.
22. In the To list box, select Office 365, and then click Next.
23. On the New connector page, in the Name box, type Humongous Insurance Incoming, and then
click Next.
24. Ensure Use the sender's domain is selected, and then click Next.
25. Click the + icon, type humongousinsurance.com, click OK, and then click Next.
26. Ensure Reject email messages if they aren't sent over TLS is selected, and then click Next.
27. On the Confirm your settings page, click Save.
4. In the Apply this rule if list box, select The recipient is located..., select Outside the
organization, and then click OK.
5. Click Enter text.
6. In the specify disclaimer text window, type the following text, and then click OK.
<HR> If you are not the intended recipient of this message, you must delete it.
12. In the new rule window, in the Name box, type Moderate Managers.
13. In the Apply the rule if list box, select The recipient is a member of...
14. In the Select Members window, select Managers, click add, and then click OK.
15. In the Do the following list box, select Forward the message for approval to...
16. In the Select Members window, select Holly Dickson, click add, and then click OK.
17. In the new rule window, click Save.
18. On LON-CL2, open Microsoft Edge, and browse to https://login.microsoftonline.com/.
19. Sign in as Francisco@Adatumvsxxxx.virsoftlabs.com with password Pa$$w0rd.
20. In the Office 365 portal, click Mail.
21. In the Mail window, click New.
22. In the To field, type the email address of the new Microsoft account that you created for this course.
23. In the Subject field, type Disclaimer Test.
24. In the message body, type This message will have a disclaimer, and then click Send.
25. In Microsoft Edge, open a new tab, and browse to https://outlook.com.
26. Sign in with your Microsoft account
27. Verify that the received message has the disclaimer text If you are not the intended recipient of
this message, you must delete it added at the end of the message body. If the message is not in
the Inbox, check the Junk Email folder.
28. In the Mail window in which you are signed is as Francisco, click New.
29. In the To field, type Martina.
30. In the Subject field, type Moderation Test.
31. In the message body, type This message requires approval by Holly, and then click Send.
32. On LON-CL1, click Start, type Outlook, and then click Outlook 2016.
33. In the Windows Security dialog box, sign in as Holly@Adatumvsxxxx.virsoftlabs.com with
password Pa$$w0rd. If needed, complete the account setup wizard by clicking Next four times.
34. In Outlook, read the approval request, and then click Approve.
35. Close Outlook 2016.
7. In the If the message is sent to or received from list box, select A specific user or group...,
select Development, click add, and then click OK.
8. In the Journal the following messages list box, select All messages, and then click Save.
4. Review the information in the message, including the message events that show that the disclaimer
was applied.
5. Click Close.
6. Double-click the message sent from Francisco to Martina.
7. Review the information in the message, including that the message was sent for moderation.
8. Click Close.
9. In the Message Trace Results window, click Close.
Results: After completing the exercise, you will have configured message-transport settings.
L7-57 Planning and Configuring Exchange Online Services
8. In the High confidence spam list box, select Move message to Junk Email folder.
9. In the Prepend subject line with this text text box, type Junk:.
10. Scroll to the bottom of the window, and under Applied To, in the If list box, select The recipient is a
member of, select Sales, click add, and then click OK.
11. Click Save.
L7-58 Planning and Configuring Exchange Online Services
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
10. On LON-CL1, in the Exchange admin center, click protection, and then click quarantine.
11. Verify that the message sent to Francisco is in quarantine, but the message sent to Kendra is not.
12. Click the message sent to Francisco, click Release Message, and then click Release selected
message(s) to All recipients.
13. In the Warning window, click Yes.
14. When processing is complete, click Close.
15. On LON-CL2, in the Outlook mailbox of Francisco, verify that the message was delivered.
Results: After completing this exercise, you should have configured anti-spam and antivirus settings.
o Text messaging
o Unified messaging
o LinkedIn contact sync
L7-59 Planning and Configuring Exchange Online Services
o Journaling
5. Under Private computer or OWA for devices, clear the Direct file access check box, and then
click Save.
6. Click recipients, select Kendra Sexton, and then click Edit (pencil icon).
7. In the Kendra Sexton window, click mailbox features.
8. Under Email Connectivity, click View Details.
9. In the Outlook Web App mailbox policy window, click Browse, select Limited features, click OK,
and then click Save.
10. In the Kendra Sexton window, click Save.
11. On LON-CL1, click Start, type Outlook and then click Outlook 2016.
12. In the Windows Security dialog box, sign in as Holly@Adatumvsxxxx.virsoftlabs.com with
password Pa$$w0rd.
13. Click New Email.
14. In the new email window, in the To box, type Kendra@Adatumvsxxxx.virsoftlabs.com, and then
click Check Names.
15. In the Subject box, type Attachment Test.
16. In the ribbon, click Attach File, and then click Browse This PC.
17. In the Insert File window, browse to C:\Windows\Logs\DISM, select dism.log, and then click
Insert.
18. Click Send.
19. On LON-CL2, in Outlook on the web, sign out.
20. Sign in again as Kendra@Adatumvsxxxx.virsoftlabs.com with password Pa$$w0rd.
21. On the Outlook page, select your time zone and click Save.
22. Read the new Attachment Test message.
23. Click the message attachment.
24. Click OK to close the message, indicating that you do not have permission to download files.
4. Under Quarantine Notification Email Messages, click Add (+ icon), select Holly Dickson, click
add, and then click OK.
5. In the Exchange ActiveSync access settings window, click Save.
3. In the Default window, click security, and then select Require a password.
4. Select Allow simple passwords.
5. Select Minimum password length, enter a value of 4, and then click Save.
3. Your device will be placed into quarantine, and you must approve the device before you can send
and receive messages.
4. After you configure the Exchange ActiveSync account, the security settings from the mobile-device
mailbox policy will apply, and you may be prompted to create a password on your device.
5. When you finish your testing, you can delete the account from your mobile device.
6. Leave the virtual machines running for the next lab.
Results: After completing this exercise, you should have configured client access policies.
L8-61 Planning and Deploying Skype for Business Online
$cred = Get-Credential
Import-PSSession $SfbSession
9. At the Windows PowerShell prompt, type the following command, and then press Enter:
10. At the Windows PowerShell prompt, type the following command, and then press Enter:
Get-CsBroadcastMeetingConfiguration
Task 3: Configure the organization settings for Skype for Business Online
1. On LON-CL1, at the Windows PowerShell prompt, type the following command, and then press
Enter:
Notice the warning that you receive about enabling client version checking.
2. At the Windows PowerShell prompt, type the following command, and then press Enter:
3. To verify the privacy notification settings, type the following command, and then press Enter:
Get-CSPrivacyConfiguration
4. To verify the push notification settings, type the following command, and then press Enter:
Get-CSPushNotificationConfiguration
5. To allow users to communicate with public Skype users, type the following command, and then
press Enter:
6. To allow users to communicate with federated partners, type the following command, and then press
Enter:
7. To enable communication with all federated partners except for litware.com, type the following three
commands, and then press Enter after each command:
$AllDomains = New-CsEdgeAllowAllKnownDomains
8. To verify the tenant federation configuration, type the following command, and then press Enter:
Get-CsTenantFederationConfiguration
17. Under external access, verify that On except for blocked domains is selected.
18. Under blocked or allowed domains, verify that litware.com is listed as Blocked.
5. At the Windows PowerShell command prompt, type the following command, and then press Enter:
Get-CsMeetingConfiguration
6. Verify that the HelpURL and CustomFooterText display the configured information.
Results: After completing this exercise, you should have configured Skype for Business Online service
settings.
L8-64 Planning and Deploying Skype for Business Online
5. In the Windows Security dialog box, in the Password text box, type Pa$$w0rd.
6. Select Remember my credentials, and then click OK.
7. Click Finish.
8. If the What's New in Outlook dialog box appears, click Close.
9. On the Start screen, type Skype, and then click Skype for Business 2016.
10. On the Welcome - Skype for Business dialog box, in the top right corner, click Skip for now.
11. In the Skype for Business window, sign in as Maira@Adatumvsxxxx.virsoftlabs.com with
password Pa$$w0rd. Leave Save my password enabled.
L8-65 Planning and Deploying Skype for Business Online
15. In Outlook 2016, on the ribbon, click New Items, and then click Meeting.
16. In the Meeting window, click Skype Meeting.
17. In the To text box, type Francisco Chaves; Maira Wenzel.
18. In the Subject text box, type Next meeting.
19. In the Start time section, change the time to today and 15 minutes from now.
20. Click Send.
21. In Skype for Business, in the Find someone text box, type Maira.
22. Double-click Maira Wenzel to open an IM window.
23. In the Maira Wenzel IM window, type Are you coming to the meeting?, and then press Enter.
24. On LON-CL4, verify that the IM from Holly is received
25. In the Holly Dickson IM window, type Yes, I was planning to, and press Enter.
26. In Outlook 2016, accept the meeting request from Holly Dickson.
27. Open the meeting, and then click Join Skype Meeting.
28. In the Join Meeting Audio dialog box, select Don't join audio, and then click OK.
29. Verify that Maira Wenzel is connected to the meeting.
30. On LON-CL1, open the meeting request, click Join Skype Meeting.
31. In the Join Meeting Audio dialog box, select Don't join audio, and then click OK.
32. Verify that Holly Dickson is connected to the meeting.
33. In the meeting window, click the Present icon, and then click Present Desktop.
34. In the Present Desktop window, click Present.
35. In the Skype for Business dialog box, click OK.
36. On LON-CL4, verify that Holly Dickson's desktop is visible in the meeting window.
37. On LON-DC1, open Internet Explorer, and then browse to https://login.microsoftonline.com.
38. Sign in as Francisco@Adatumvsxxxx.virsoftlabs.com with password Pa$$w0rd.
Results: After completing this exercise, you should have configured Skype for Business Online user
settings and validated Skype for Business Online functionality.
o Password: Pa$$w0rd
o Retype Password: Pa$$w0rd
L8-67 Planning and Deploying Skype for Business Online
5. In the Windows Security dialog box, in the Password text box, type Pa$$w0rd. Select Remember
my credentials, and then click OK.
6. Click Finish.
7. On the Start screen, type Skype, and then click Skype for Business 2016.
8. In the Welcome - Skype for Business window, in the top right corner, click Skip for now.
9. In Skype for Business, sign in as Roman@Adatumvsxxxx.virsoftlabs.com with password
Pa$$w0rd. Leave Save my password enabled.
10. Click Yes to save your sign-in info.
11. In the Help Make Skype for Business Better dialog box, click No.
12. On the Start screen, type PowerPoint, and then click PowerPoint 2016.
13. In PowerPoint 2016, click Blank Presentation.
14. As title for the presentation, type Presentation Skills.
15. On the File menu, click Save.
16. On the Save As page, click Browse.
17. In the Save As dialog box, ensure that the Documents folder is opened, and that the file name is
Presentation Skills.pptx, and then click Save.
18. Close PowerPoint 2016.
19. In Outlook, click the broadcast meeting request from Holly Dickson, and then click Accept.
20. In the Reminders pop-up window, double-click the Test broadcast meeting request.
21. Click Join the meeting.
22. On the Skype Meetings page, sign in as Roman@Adatumvsxxxx.virsoftlabs.com with password
Pa$$w0rd.
23. On the Skype Meeting Broadcast page, Join the event.
24. In the Join Meeting Audio dialog box, select Don't join audio, and then click OK.
25. In the meeting window, click Present (monitor icon), and then click Present PowerPoint Files.
26. Browse to the Documents folder, select Presentation Skills.pptx, and then click Open.
27. In the right side of the meeting window, click Content only, and then click Start Broadcast.
35. On LON-CL3, in the broadcast window, click Stop Broadcast, and then click Stop Broadcast
again.
36. Close the Test broadcast meeting window.
Results: After completing this exercise, you should have configured a broadcast meeting and verified
that users can join the meeting.
L9-69 Planning for and Configuring SharePoint Online
4. Click OK.
L9-70 Planning for and Configuring SharePoint Online
Results: After completing this exercise, you should have configured SharePoint Online service settings.
Note: SharePoint Online provisions the new marketing site. This process can take a few
minutes.
7. After the new marketing site is created, move the mouse in front of the
https://adatumvsxxxx.sharepoint.com/sites/marketing URL, and then select the appearing check
box.
8. After the marketing site is selected, on the ribbon, click Sharing.
Note: It can take a few minutes until the Sharing icon on the ribbon is active. You can
speed this up by pressing the Refresh icon on the Microsoft Edge menu bar.
9. In the Sharing dialog box, select Allow sharing with all external users, and by using
anonymous access links.
10. Scroll down, and click Save.
Note: The site settings changes to allow external user sharing. This process is usually
done within one minute. Now, external user sharing is enabled and you can use it for this
marketing site.
12. In the Sign in to your account dialog box, sign in as Holly@Adatumvsxxxx.virsoftlabs.com with
password Pa$$w0rd.
13. At the PowerShell prompt, type the following command, and then press Enter:
Note: The Maira Wenzel account does not have permission to access this site.
4. In the You need permission to access this site text box, type Please enable access for the new
marketing project. Thanks. and then click Request Access.
5. Close the current Microsoft Edge window.
6. In the other Microsoft Edge window, where Holly Dickson is signed in, open another tab, and browse
to https://Adatumvsxxxx.sharepoint.com/sites/marketing.
7. On the Marketing page, in the top right corner, click Settings (gear icon), and then near the bottom
of the menu, click Site settings.
8. On the Site Setting page, under User and Permissions, click Site permissions.
9. Click the Show access requests and invitations link.
L9-72 Planning for and Configuring SharePoint Online
10. Under Pending Requests, for Maira Wenzel, right-click the user icon, and then click View Item.
11. Note the message from Maira Wenzel, and then click Close.
12. Under Pending Requests, for Maira Wenzel, click Approve.
13. In the top right corner, click Settings (gear icon), and then click Site Settings.
14. On the Site Settings page, under User and Permissions, click Site permissions.
15. Click Marketing Members.
16. Verify that Maira Wenzel is added to the Marketing Members group.
17. Click New, and then click Add Users.
18. In the Share 'Marketing' dialog box, in the top text box, type Perry, and then click Perry Brill.
19. Click Share.
20. Close the current Microsoft Edge tab.
21. On the Microsoft Edge menu bar, on the right, click More (three dots icon), and then click
New InPrivate window.
22. In the InPrivate window, browse to https://adatumvsxxxx.sharepoint.com/sites/marketing.
23. Sign in as Maira@Adatumvsxxxx.virsoftlabs.com, with password Pa$$w0rd.
24. Verify that you can now access the site.
25. Close the current Microsoft Edge window.
26. Repeat the previous five steps to verify site access for:
o Perry@Adatumvsxxxx.virsoftlabs.com
o Brad@Adatumvsxxxx.virsoftlabs.com
Results: After completing this exercise, you should have created and configured SharePoint Online site
collections.
4. In the Sharing dialog box, select Allow sharing with all external users, and by using
anonymous access links.
5. Scroll down, and click Save.
Note: In the steps below, the lab steps specify the Microsoft account that you used to set
up Office 365, as the external user to invite to the site. However, that Microsoft account email
address is currently also configured as alternate email address for global administrator Holly
Dickson. To avoid that SharePoint recognizes the alternate email address, and sends the invite
to Holly Dickson instead, you must temporarily change the alternate email address for Holly
Dickson.
Alternatively, you can also use another Microsoft account email address in the lab steps below.
7. In the Office 365 admin center, on the Home page, click Users.
8. On the Active users page, click Holly Dickson.
9. On the Holly Dickson page, in the Roles section, click Edit.
10. On the Edit user roles page, in the Alternative email address text box, type "x" (without quotes) in
front of the email address to specify a different (non-existing) email address.
11. Click Save, and then click Close.
12. Do not close the Holly Dickson page yet.
13. Open a new Microsoft Edge tab, and browse to
https://Adatumvsxxxx.sharepoint.com/sites/AcctsProj.
14. On the Accounts Project site, in the top right corner, click SHARE.
15. In the Share 'Accounts Project' dialog box, in the top text box, type the email address of the
Microsoft account that you used to set up Office 365, and then in the drop-down list box, click your
email address.
Note that Holly Dickson may appear in the drop-down list box as well.
16. in the bottom text box, type You can now access this shared site on Adatum Publishing.
17. Click Share.
23. On the Document page, next to the document that you just created, click the ellipsis button (...), and
then click SHARE.
24. In the Share 'Document' dialog box, click Get a link, and then in the drop-down list box, select
Edit link - no sign-in required.
25. In the text box, right-click the link text, and click Select All. Right-click the selected text, and then
click Copy.
L9-74 Planning for and Configuring SharePoint Online
28. If prompted, select your language and time zone, and then click Save.
29. In Outlook, click New.
30. In the To box, type the email address for your Microsoft account, and then in the Subject box, type
Shared Document.
31. Right-click in the message box, and then click Paste to paste the copied link text.
32. Click Send.
Note: The Inbox should show two emails from Holly Dickson (or Microsoft Online Services
Team).
4. In the Inbox, open the email message with subject Holly Dickson wants to share Accounts
Project.
5. In the email message, click the Accounts Project link.
6. In the Welcome to SharePoint Online window, click Microsoft Account.
Results: After completing this exercise, you should have configured a new site collection for external
user sharing, and you should have shared a site and a document with external users.
L10-76 Planning and Configuring an Office 365 Collaboration Solution
Task 2: Configure Yammer service settings, and enforce Office 365 identity
1. In Yammer, in the left pane, next to Holly Dickson, click the Settings icon, and then click
NETWORK ADMIN.
2. In the Yammer admin center, in the Content and security section, click Security Settings.
3. On the Security Settings page, scroll down to the Enforce Office 365 identity in Yammer section,
and then select the Enforce Office 365 identity in Yammer check box.
4. In the pop-up dialog box, click Yes, I'm ready.
5. Click Save.
13. On LON-CL1, in Microsoft Edge tab, in the Yammer window, click the Office 365 Apps icon (9 small
squares), and click Mail.
14. Verify that you received a message from Yammer with a report about monitored keyword
appearance in the Roman post.
15. Close Microsoft Edge.
Results: After completing this exercise, you should have enabled Yammer Enterprise for A. Datum.
2. In the Word window, in the top right corner, verify that Word is licensed to Roman Miler.
3. If Word is licensed to another account, click Switch account.
4. In the Accounts dialog box, click SIGN OUT, and then next to the account, click Sign out.
5. In the Remove Account notice, click Yes.
6. At the top right, click Sign in to get the most out of Office.
7. On the Sign in page, in the text box, type Roman@Adatumvsxxxx.virsoftlabs.com, and then click
Next.
8. On the Sign in page, in the Password box, type Pa$$w0rd, and then click Sign in.
9. Verify that Word is now licensed to Roman Miler.
10. Close Word.
11. Open Microsoft Edge, and browse to https://login.microsoftonline.com.
12. Sign in as Roman@adatumvsxxxx.virsoftlabs.com with password Pa$$w0rd.
13. In the Office 365 portal, click OneDrive.
14. On the Welcome to OneDrive for Business page, click Next.
15. In the OneDrive window, click New, and then click Word document.
16. In the Word Online window, type (sample text) Travel Journal, and then press Enter.
17. In the black title bar, click Roman Miler.
18. In the OneDrive window, click Sync, and then click Sync now.
19. In the Did you mean to switch apps? dialog box, click Yes.
20. In the Sync the library 'Documents' for Roman Miler? dialog box, click Sync Now.
21. If prompted to sign in, type Holly@adatumvsxxxx.virsoftlabs.com, and click Next.
22. Type Pa$$w0rd and click Sign In.
23. In the Microsoft OneDrive for Business dialog box, click Show my files.
24. Note that File Explorer opens and displays the location where the synchronized files will be stored.
Verify that the Word document has been synchronized to the local computer.
L10-79 Planning and Configuring an Office 365 Collaboration Solution
4. Ensure that the drop-down list on the right has Can edit selected, add a short message in the
message text box, and then click Share.
5. Open a new InPrivate Microsoft Edge window, and connect to https://portal.office.com.
L10-80 Planning and Configuring an Office 365 Collaboration Solution
Results: After completing this exercise, you should have configured OneDrive for A. Datum.
$cred = Get-Credential
5. At the PowerShell prompt, type the following command, and then press Enter:
6. To create a new public Office 365 group named Planning Group, at the PowerShell prompt, type
the following command, and then press Enter:
7. To add user Holly Dickson as owner to group Planning Group, at the PowerShell prompt, type the
following command, and then press Enter:
8. To add user Francisco Chaves as member to group Planning Group, at the PowerShell prompt,
type the following command, and then press Enter:
3. In the text area, type When is the next planning meeting?, and then click Send.
4. On the Planning Group menu bar, click Calendar, and then view the group calendar.
5. Click New.
6. On the Details page, fill out the following information:
o Title: Planning meeting
o Location: Conference room B
12. On the OneDrive page, click New, and then click Word document.
13. In the Word Online document, type Planning meeting topics, and then press Enter.
14. When you see Saved in the title bar, close the Microsoft Edge tab.
15. On the Planning Group menu bar, click Files, and verify that the document has been added to the
group.
16. Close Microsoft Edge.
17. On LON-CL3, open Microsoft Edge, and then browse to https://login.microsoftonline.com.
18. Sign in as Roman@Adatumvsxxxx.virsoftlabs.com, with password Pa$$w0rd.
19. In the Office 365 portal, click Mail.
20. If requested, specify your Time zone, and then click Save.
21. Verify that in the Groups list, the AdatumMarketing group appears.
22. Under Groups, click Discover.
23. On the right side, click Planning Group, and then click Join.
Because this is a public group, you can join the group.
24. In the left pane, click Planning Group.
25. On the Planning Group page, verify that you see the message that Holly Dickson sent to the
group.
26. On the Planning Group menu bar, click Files, and verify that you see the document in the files store.
Results: After completing this exercise, you should have configured Office 365 groups at A. Datum.
L11-83 Planning and Configuring Rights Managements and Compliance
$cred = Get-Credential
5. At the PowerShell prompt, type the following command, and then press Enter:
Import-PSSession $session
6. To set the IRM sharing location to the region of the tenant, at the PowerShell prompt, type the
following command, and then press Enter.
Note: In the first lab, you created a new Office 365 tenant and specified as country
United Kingdom. That is why the preceding command uses the IRM sharing location for
Europe, containing "eu" in the link.
7. To configure Azure RMS as a trusted publishing domain, at the PowerShell prompt, type the
following command, and then press Enter:
8. To enable IRM features for messages sent to internal recipients, at the PowerShell prompt, type the
following command, and then press Enter:
9. To test the confirmation, at the PowerShell prompt, type the following command, and then press
Enter:
10. At the PowerShell prompt, type the following command, press Enter:
Remove-PSSession $session
12. On the Options tab, click Permission, and then click Connect to the Rights Management
Servers and get templates.
L11-85 Planning and Configuring Rights Managements and Compliance
36. In Word Online in the opened document, attempt to add text at the end of the document. Verify that
you get a message that the document is read-only.
37. Close Microsoft Edge.
Results: After completing this exercise, you will have configured Rights Management for Exchange
Online and SharePoint Online.
21. On the View reports page, click Office 365 audit log report.
22. On the Audit log search page, click Start recording user and admin activities, and then click
Turn on
23. Close Microsoft Edge.
32. On the new retention policy page, in the Name text box, type Research MRM Policy.
33. Under Retention tags, click Add (+ icon).
34. In the select retention tags window, press Ctrl and click the following retention tags:
o 1 Year Delete
o 2 Year Delete
o 6 Month Delete
o Default 2 year move to Deleted Items
o Never archive
o Never Delete
o Personal 1 year move to archive
o Purge Deleted Items 30 days
o Research user 1 year move to archive
35. Click add, and then click OK.
36. Click Save.
37. Close the Retention Policies window.
38. On the Retention page, click Assign retention policies to mailboxes.
39. On the Assign Retention Policies to Mailboxes page, select Christie Thomas, and then click
Edit (pencil icon).
40. On the Assign Retention Policy to Christie Thomas page, in the Retention policy drop-down list
box, select Research MRM Policy, and then click Save.
41. In the Warning message box, click Yes.
2. If the creation of the default policy takes a long time, then on the Microsoft Edge tool bar, click
Refresh, and then click Manage document deletion policies for SharePoint Online and
OneDrive for Business again.
3. On the SharePoint Compliance Policy Center page, click Sample Document Policy.
4. On the Sample Document Policy page, in the Policy name text box, change the name to
Marketing Document Policy.
Note: if validating the site URL takes a long time, then click Cancel, and try to add the site again.
30. Click Next.
31. On the What do you want to look for? page, in the text box, type Contract.\
32. Select the Start date check box, and then pick a date that is two days ago.
33. Leave the End date check box cleared, and then click Next.
34. On the How long do you want to preserve the content? page, in the Time frame to preserve
content drop-down list box, select 7 years, and then click Next.
35. On the Do you want to turn on Preservation Lock? page, ensure that No is selected, and then
click Next.
36. On the Do you want to turn on this policy after it is created? page, ensure that Turn it on is
selected, and then click Next.
37. On the Review your settings page, click Create.
L11-90 Planning and Configuring Rights Managements and Compliance
17. In the Name text box, type IP address check, and then click OK.
18. On the Customize rules page, click Next.
19. On the New DLP policy page, in the Name text box, type Test DLP policy.
20. Select Send notifications and Policy Tips to end users.
21. Click Create.
5. Click Save.
6. On the Policy Mode page, ensure that Test DLP policy for email is selected, and then click Edit
(pencil icon).
7. On the Test DLP policy for email page, on the left side, click rules.
8. Click New (+ icon), and then click Block messages with sensitive information unless the sender
overrides.
L11-91 Planning and Configuring Rights Managements and Compliance
9. On the new rule page, on the right side, click Select sensitive information types.
10. On the Contains any of these sensitive information types page, click Add (+ icon), select
IP address, click add, and then click OK.
Results: After completing this exercise, you will have implemented the Office 365 compliance features.
L12-93 Monitoring and Troubleshooting Office 365
Note the diagnostic information and the time taken for the message to be rejected.
10. Click Clear to reset the Message Header Analyzer.
12. Select the failed message to user@alt.none, and then click Details (pencil icon).
Notice the Message Events (Receive, Submit, Journal, etc.), and the Additional Properties (Message
ID, Message size, IP address information)
13. Double-click each message to view the sender, recipient, message size, ID, and IP address
information.
14. Click Close.
Results: After completing this exercise, you should have used the Message Header Analyzer to identify
why email failed to deliver.
Note: There might be little or no data shown because there is not much mailbox usage in
the lab environment.
3. On the Email activity page, scroll down to see the User details table.
4. In the left pane, expand Reports, and then click Security & compliance.
5. On the Security & compliance page, in the Protection section, click Malware detections.
6. Close the Malware detections window.
7. On the Security & compliance page, in the Protection section, click Spam detections.
Results: After completing this exercise, you should have monitored the health of Office 365 services and
viewed reports in the Office 365 admin center.
L13-96 Planning and Configuring Identity Federation
Get-ADForest
3. Verify that the domain Adatumvsxxxx.virsoftlabs.com is listed as one of the UPN Suffixes for the
local Active Directory Forest. That is the domain that will be federated with Office 365.
4. At the Windows PowerShell prompt, type the following command, and then press Enter:
certlm.msc
5. In the Certificates console for the local computer, in the left pane, expand Personal, and then select
Certificates.
Notice that in the lab environment, a publicly issued wildcard certificate (*.virsoftlabs.com) for the
virsoftlabs.com domain is already loaded on LON-DC1. Office 365 trusts this certificate when
connecting to the AD FS public endpoint in the lab environment.
6. Close the Certificates console.
7. At the Windows PowerShell prompt, type the following command, and then press Enter:
ping publicip.virsoftlabs.com
The command returns the public IP address provided by the lab hosting platform, which you should
use for this lab. External clients connect to this IP address to access the AD FS server through the
AD FS Proxy. Note that the DNS name publicip.virsoftlabs.com is only used in this lab exercise,
the DNS name is not used by the AD FS software.
L13-97 Planning and Configuring Identity Federation
8. At the Windows PowerShell prompt, type the following command, and then press Enter:
ipconfig
The command returns the private IP address (172.16.0.10) of LON-DC1 where AD FS will be
installed. Later in this exercise, you will configure the AD FS Proxy (on LON-WAP1) to forward
AD FS network traffic to this IP address.
9. Open Server Manager, and then on the Tools menu, click DNS.
10. In DNS Manager, expand LON-DC1, expand Forward Lookup Zones, and then select
Adatumvsxxxx.virsoftlabs.com.
11. Right-click Adatumvsxxxx.virsoftlabs.com, and then click New Host (A or AAAA).
12. In the New Host dialog box, provide the following information, click Add Host, and then click OK.
o Name: (leave blank)
o IP address: (type the public IP address provided earlier in this task)
o Time to live (TTL): 0:0:2:0
Note: To configure AD FS, you would normally not leave the host name blank, but instead use
fs.Adatumvsxxxx.virsoftlabs.com or adfs.Adatumvsxxxx.virsoftlabs.com. However, in the lab
environment a single wildcard certificate *.virsoftlabs.com is used, which only matches one
subname level in front of virsoftlabs.com, not two subname levels.
Also, for ease of testing and changing, a very short TTL of 2 minutes is used.
13. Click Done.
2. At the Windows PowerShell prompt, type the following command, and then press Enter:
Get-KdsRootKey
The Add-KdsRootKey command creates a root key that is needed by the Key Distribution Service
(KDS) to generate and maintain the password for a Group Managed Service Account (gMSA),
instead of manually creating and maintaining a new service account to run the AD FS service. To
allow for replication between multiple domain controllers, a new KDS root key is not available until
10 hours after creation. In a single DC environment, you can safely set the "effective time" 10 hours
in the past, so that the root key is available immediately.
3. In Server Manager, on the Dashboard page, click Add Roles and Features.
4. In the Add Roles and Features Wizard, on the Before you begin page, click Next.
5. On the Select installation type page, select Role-based or feature-based installation, and then
click Next.
6. On the Select destination server page, ensure that LON-DC1.Adatum.com is selected, and then
click Next.
7. On the Select server roles page, select Active Directory Federation Services, and then click
Next.
8. On the Select features page, click Next.
L13-98 Planning and Configuring Identity Federation
9. On the Active Directory Federation Services (AD FS) page, click Next.
10. On the Confirm installation selections page, click Install.
11. When the installation is completed, on the Installation progress page, click Close.
12. In Server Manager, click the Notifications icon (flag and exclamation mark icon), and then click
Configure the federation service on this server.
13. In the Active Directory Federation Services Configuration Wizard, on the Welcome page, ensure
that Create the first federation server in a federation server farm is selected, and then click
Next.
14. On the Connect to Active Directory Domain Services page, click Next.
15. On the Specify Service Properties page, use the following settings, and then click Next:
o SSL Certificate: select the *.virsoftlabs.com certificate.
o Federation Service Name: type Adatumvsxxxx.virsoftlabs.com (replacing *.virsoftlabs.com).
o Federation Service Display Name, type Adatum Corporation.
16. On the Specify Service Account page, ensure that Create a Group Managed Service Account is
selected, and then in the Account Name text box, type svc-adfs, and then click Next.
17. On the Specify Configuration Database, ensure Create a database on this server using
Windows Internal Database is selected, and then click Next.
18. On the Review Options page, click Next.
Note: You can ignore the warning about the root key replication.
19. Once the prerequisites check is complete, on the Pre-requisite Checks page, click Configure.
20. When the configuration completes, on the Results page, click Close.
certlm.msc
3. In the Certificates console for the local computer, in the left pane, expand Personal, and then select
Certificates.
In the lab environment, the publicly issues wildcard certificate *.virsoftlabs.com is already loaded
on LON-WAP1.
4. Close the Certificates console.
5. At the Windows PowerShell prompt, type the following command, and then press Enter:
L13-99 Planning and Configuring Identity Federation
ipconfig /all
Notice that the LON-WAP1 server represents a Web Application Proxy (WAP) server in a corporate
DMZ area. It is not configured with the DNS address of the internal domain. You must edit the local
hosts file, so that the AD FS service name (Adatumvsxxxx.virsoftlabs.com, or
fs.Adatumvsxxxx.virsoftlabs.com, etc.) can resolve to the AD FS server on the internal network.
6. At the Windows PowerShell prompt, type the following command, and then press Enter:
notepad.exe C:\Windows\System32\drivers\etc\hosts
7. At the end of the hosts file, on a separate line, add the following text:
172.16.0.10 Adatumvsxxxx.virsoftlabs.com
8. Close Notepad, and click Save to save the changes to the hosts file.
9. Open Internet Explorer and browse to
https://Adatumvsxxxx.virsoftlabs.com/adfs/services/trust/mex.
10. Verify that Internet Explorer displays federation meta data in xml-format, and that Internet Explorer
does not give a warning message about the security certificate.
The result confirms that the LON-WAP1 server can now correctly resolve the
Adatumvsxxxx.virsoftlabs.com name, and connect to the AD FS server on the internal network.
11. Close Internet Explorer.
12. Open Server Manager, and then on the Dashboard page, click Add Roles and Features.
13. In the Add Roles and Features Wizard, on the Before you begin page, click Next.
14. On the Select installation type page, select Role-based or Feature-based installation, and then
click Next.
15. On the Select destination server page, ensure that LON-WAP1 is selected, and then click Next.
16. On the Select server roles page, select Remote Access, and then click Next.
17. On the Select features page, click Next.
18. On the Remote Access page, click Next.
19. On the Select role services page, select Web Application Proxy.
20. In the Add features that are required for Web Application Proxy? dialog box, click
Add Features, and then click Next.
21. On the Confirm installation selections page, click Install.
22. When the installation is complete, on the Installation progress page, click Close.
o Password: Pa$$w0rd
4. On the AD FS Proxy Certificate page, select the *.virsoftlabs.com certificate, and then click Next.
5. On the Confirmation page, click Configure.
Results: After completing this exercise, you should have deployed the AD FS server in a federation
server farm, and deployed the Web Application Proxy server to support AD FS.
10. At the Windows PowerShell prompt, type the following command, and then press Enter:
Connect-MsolService
Get-MsolDomain
13. Verify that your lab domain Adatumvsxxxx.virsoftlabs.com is listed as Verified and Managed.
14. At the Windows PowerShell prompt, type the following command, and then press Enter:
Note: The Set-MsolAdfsContext command sets up a remote connection to the AD FS server. The
command is not really needed when the AD FS server is the local computer.
15. At the Windows PowerShell prompt, type the following command, and then press Enter:
16. Verify that you get a Successfully updated 'Adatumvsxxxx.virsoftlabs.com' domain message.
17. At the Windows PowerShell prompt, type the following command, and then press Enter:
Get-MsolDomain
18. Verify that your lab domain Adatumvsxxxx.virsoftlabs.com is now listed as Verified and
Federated.
19. At the Windows PowerShell prompt, type the following command, and then press Enter:
Results: After completing this exercise, you should have enabled a federation trust between your on-
premises Active Directory domain and Office 365 through your AD FS federation server, and you should
have converted your domain for federated authentication in Office 365.
5. In the password text box, type Pa$$w0rd, and then click Sign in.
6. Verify that you are connected to Office 365.
7. In the Office 365 portal, in the top left corner, click the user icon, and then click Sign out.
Results: After completing this exercise, you should have verified SSO authentication to Office 365 for a
user on your corporate network and for a user on your host computer that is connected to the Internet.
Connect-MsolService
Get-MsolDomain
4. Verify that your lab domain Adatumvsxxxx.virsoftlabs.com is now listed as Verified and
Federated.
5. At the Windows PowerShell prompt, type the following command, and then press Enter:
6. At the Windows PowerShell prompt, type the following command, and then press Enter:
Note: If you enable user conversion, then a text file will be created containing the new temporary
passwords of the Office 365 users. But even when you skip user conversion, you must specify the
password file parameter in this PowerShell command.
7. Verify that you get a Successfully updated 'Adatumvsxxxx.virsoftlabs.com' domain message.
8. At the Windows PowerShell prompt, type the following command, and then press Enter:
Get-MsolDomain
9. Verify that your lab domain Adatumvsxxxx.virsoftlabs.com is listed as Verified and Managed.
Note: when logging on to Office 365 again, it may take a few minutes before users are not redirected
to the Adatum Corporation sign in page anymore.
10. Close Windows PowerShell.