20347A Studentlabs Virsoft

20347A
Enabling and Managing Office 365
Version: Hyper-V hosted - by Virsoft Solutions

Date: 23-Jan-2017
Contact: info@virsoft.net / Ronald Beekelaar
L0-2 Introduction
Contents
Introduction
Lab 1: Provisioning Office 365
Lab 2-A: Managing Office 365 Users and Passwords
Lab 2-B: Managing Office 365 Groups and Administration
Lab 3: Configuring Client Connectivity to Office 365
Lab 4: Configuring Directory Synchronization
Lab 5: Managing Office 365 ProPlus Installations
Lab 6: Managing Exchange Online Recipients and Permissions
Lab 7-A: Configuring Message Transport in Exchange Online
Lab 7-B: Configuring Email Protection and Client Policies
Lab 8: Configuring Skype for Business Online
Lab 9: Configuring SharePoint Online
Lab 10: Planning and Configuring an Office 65 Collaboration Solution
Lab 11: Configuring Rights Management and Compliance
Lab 12: Monitoring and Troubleshooting Office 365
Lab 13: Planning and Configuring Identity Federation
L0-3 Introduction
Introduction to the 20347A Online Labs

Hosting environment
The 20347A course makes use of "hoster-only" hands-on labs.
This means that a hosting partner, such as Virsoft, provides updated lab instructions to keep up with
changes in Office 365, and to match the specific lab hosting infrastructure. This replaces the lab
instructions in the printed course book or Skillpipe application.
Virsoft is an official Authorized Lab Hoster (ALH) and hosts all available Microsoft Official Curriculum
(MOC) courses in their datacenters in Europe and US.
If you see any instructions in this document that are not accurate, please let Virsoft know at
support@virsoft.net, and an updated lab manual will be made available.
Lab environment
In the graphic below, you can see the lab setup for this course.
There are six different virtual machines for each student.

The virtual machines have outbound Internet access enabled. The hosting platform also allows the
required inbound Internet access from Office 365 to the student lab environment by using multiple
hoster-owned public IP addresses.
L0-4 Introduction
Getting started
For the labs in this course, each student requires the following three things:
o A new Microsoft Account (live id) email address.
The email address is used to create an Office 365 Enterprise E3 trial account.
You can already create the new Microsoft Account before the course starts.
o A mobile phone that can receive text messages (SMS).
Office 365 uses an SMS text message to provide a verification code to the user, when creating
the Office 365 Enterprise E3 trial account.
o A unique never-used tenant domain name, a unique custom domain name with matching
server authentication certificate, and routable public IP addresses.
These are all provided to each student by Virsoft, as described below.
The lab instructions in this document often refer to the following tenant domain name and custom
domain name:
o Adatumvsxxxx.onmicrosoft.com
o Adatumvsxxxx.virsoftlabs.com
In all instructions where these domain names are used, the student must replace the xxxx part by a
unique 4-digit student ID.
The Virsoft hosting platform provides each student with a unique never-used student ID by placing a text
file with this information on the LON-CL1 desktop of Adatum\Holly.
Here is an example of the contents of this text file:
Welcome to the 20347A Office 365 training

-----------------------------------------
Unique student ID: 3572
Tenant domain: Adatumvs3572.onmicrosoft.com
Custom domain: Adatumvs3572.virsoftlabs.com
Public IP address: (managed by the Virsoft hosting platform)
Tips for the Office 365 admin center

Since March 2016, Office 365 uses a new admin center portal.
Here are two tips to work with the new admin center:
o If it appears that the Save or Close buttons are not visible, then scroll up to see those buttons.
o On the Active Users page, when there are many user accounts listed, instead of scrolling
through the list, use the Search text box, type the user name (example: Holly), and then click
the Search icon.
L1-5 Planning and Provisioning Office 365
Module 1: Planning and Provisioning Office 365

Lab: Provisioning Office 365
Exercise 1: Configuring an Office 365 tenant
Task 1: Create the tenant account
1. On LON-CL1, logged on as Adatum\Holly, on the taskbar, click Microsoft Edge.
2. In the Address bar, type
https://products.office.com/en-us/business/office-365-enterprise-e3-business-software
(or http://aka.ms/jsn2ec) and press Enter.
3. Click Free trial.
4. For Step 1, in the Welcome, let's get to know you page, complete the following fields. Regardless
of your location, use the following information:
o Country: United Kingdom
o First name: Holly
o Last name: Dickson
o Business email address: (use your new Microsoft account that you created for this course)
o Business phone number: Your mobile phone number, including international code for your
current country
o Company name: A. Datum
o Organization size: 50-249 people
5. Click Next.
6. For Step 2, on the Create your user ID page, you have to create a unique domain for the Company
name to use in the course. Use the Adatumvsxxxx name provided to you. For the rest of the fields,
use the following information:
o User name: Holly
o Company name: Adatumvsxxxx (where vsxxxx is your unique Adatum number)
Note that the resulting account is: Holly@Adatumvsxxxx.onmicrosoft.com

o Password: Pa$$w0rd
o Confirm password: Pa$$w0rd
7. Click Next.
8. For Step 3, you have to confirm your identity using your mobile phone. Under Text me from the
drop-down box, select the code for the country that you are now in.
9. In the Phone number box, enter your correct mobile phone number.
10. Ensure that the Text me option is selected, and then click Text me.
11. When you receive the confirmation text on your mobile phone, enter the code provided in the Enter
your verification code box.
12. Click Create my account.
13. Wait until the Office 365 tenant is provisioned, and then click You're ready to go.
14. Click the Admin tile to go to the Office 365 admin center.
If a confirm your current password page appears, click re-enter my password, and type Pa$$w0rd.
15. On the update your admin contact info page, beside Authentication Phone is set to, verify that
your phone number is listed, and then click Verify.
16. Select your country, verify that your phone number is listed, and then click text me.
17. After receiving the text, enter the verification string, and click verify. If verify is not available, press
Enter.
18. On the update your admin contact info page, beside Authentication Email is not configured,
click Set it up now.
19. Enter the Microsoft account email address that you configured for this course, and click email me.
20. Access your Microsoft account email to retrieve the verification code.
21. Enter the verification code, and then click verify. If verify is not available, press Enter, and then click
finish.
22. If a Manage Office 365 on the go page appears, close the page.
Note: If you are connected to the previous Office 365 admin center when you connect to
Office 365, click the banner at the top of the page to connect to the new admin center.
Task 2: Verify Office 365 service health

1. Click Health on the left-hand menu, then click Service health to display the Service health
dashboard.
2. In the left pane, view the status of the Office 365 services. If any services are showing a status other
than health, click the service.
3. Review any service interruption records or additional information in the status page.
Note: During Microsoft testing, on rare occasions Office 365 did not create the trial tenant
properly; as a result, the tenant did not have all the services available to it. If this happens to
you, you should create a new trial tenant using a different business email (Microsoft account).
4. Close Microsoft Edge.

5. If prompted, click Close all tabs.
Results: After completing this exercise, you should have successfully provisioned the Office 365 tenant
account for A. Datum Corporation.
Exercise 2: Configuring a custom domain

Task 1: Add the custom domain
1. On LON-CL1, start Microsoft Edge and then browse to https://login.microsoftonline.com.
2. Sign in as Holly@Adatumvsxxxx.onmicrosoft.com with password Pa$$w0rd.
3. Click Admin.
4. In the left-hand menu, point to Settings and then click Domains.

5. Click Add domain.
6. On the Add a domain page, in the text box, enter your domain name in the form of
Adatumvsxxxx.virsoftlabs.com.
7. Click Next.
Note: if you typed the domain name correctly, but a message "unexpected error" or "invalid domain
name" appears, then wait one minute, and click Next again.
8. On the Verify domain page, ensure that Verify by: TXT record is selected.
9. Write down the TXT record shown in the TXT value row.
This entry will be similar to MS=msXXXXXXXX.
10. On LON-DC1, on the toolbar, click Server Manager.
11. Click Tools, and then click DNS.
12. In DNS Manager, on the View menu, ensure that Advanced is enabled.
Note: The Advanced setting makes several additional options visible in DNS Manager. An example
is the Time to live (TTL) field, which you will use later in this exercise.
13. Expand LON-DC1, and click Forward Lookup Zones.
14. Right-click Forward Lookup Zones and click New Zone.
15. On the New Zone Wizard page, click Next.
16. On the Zone Type page, verify that Primary zone is selected. Clear the Store the zone in Active
Directory check box, and click Next.
17. On the Zone Name page, type Adatumvsxxxx.virsoftlabs.com, and then click Next.
18. On the Zone File page, click Next.

19. On the Dynamic Update page, click Next, and then click Finish.
20. Expand Forward Lookup Zones, right-click Adatumvsxxxx.virsoftlabs.com, and then click
Properties.
21. In the Properties dialog, on the Start of Authority (SOA) tab, provide the following information:
o TTL for this record: 0:0:2:0
Note: For ease of testing and changing, a very short TTL of 2 minutes is used.
22. Click OK to close the Properties dialog box.
23. Right-click Adatumvsxxxx.virsoftlabs.com, and then click Other New Records.
24. Under Select a resource record type, scroll down to Text (TXT), and then click Create Record.
25. In the New Resource Record dialog box, provide the following information:
o Record name: (leave blank)
o Text: MS=msXXXXXXXX
o Time to live (TTL): 0:0:2:0
Note: Use the MS=msXXXXXXXX value that you recorded earlier.
Also, for ease of testing and changing, a very short TTL of 2 minutes is used.
26. Click OK to create the record.
27. In the Resource Record type dialog box, click Done.

28. On LON-CL1 (or on any Internet connected computer), right-click the Start button, and then click
Command Prompt.
29. At the command prompt, type the following command, and then press Enter.
nslookup.exe
set type=TXT
Adatumvsxxxx.virsoftlabs.com
32. Verify that the DNS TXT-record request returns the MS=msXXXXXXXX value.
exit
34. Close the Command Prompt window.
Task 2: Complete the custom domain setup

1. On LON-CL1 and in the Office 365 Admin center, click Verify.
2. If the Set up your online services page appears, then accept the default setting of I'll manage my
own DNS records, and then click Next.
3. On the Update DNS settings page, review the DNS records that you should add to the domain,
select the Skip this step check box, and click Skip.
4. Click Finish.
Results: After completing this exercise, you should have:
Added a custom domain.

Verified domain ownership.
Exercise 3: Exploring the Office 365 administrator interfaces

Task 1: Explore the Office 365 admin center
1. On LON-CL1, in the Admin center, click Home.
2. On the left navigation menu, scroll down to explore all available items. Expand items such as Users,
Groups, Settings, and so on.
3. On the left navigation menu, expand Users, and then click Active users.
4. Review the users list.

5. On the left navigation menu, expand Health, and then click Message center, and then in the right
pane, review the messages.
6. Do not close the browser window.
Task 2: Explore the Exchange admin center

1. On the left navigation menu, expand Admin centers, and then click Exchange.
2. A new tab will open displaying Exchange admin center.
3. On the left navigation menu, click each of the items, and review the results displayed on the right
pane.
Task 3: Explore the Skype for Business admin center

1. Click the portal.office.com tab.
2. On the left navigation menu, under Admin centers, click Skype for Business.
3. A new tab will open displaying Skype for Business admin center.
pane.
Task 4: Explore the SharePoint admin center

1. Click the portal.office.com tab.
2. On the left navigation menu, click Admin centers, and then click SharePoint.
3. A new tab will open displaying SharePoint admin center.
pane.
Results: After completing this exercise, you should have provided a high-level overview of administrative
portals of Office 365.
L2-10 Managing Office 365 Users and Groups
Module 2: Managing Office 365 Users and Groups

Lab A: Managing Office 365 users and
passwords
Exercise 1: Managing Office 365 users and licenses by using the Office 365
admin center
Task 1: Create Office 365 users
1. On LON-CL1, verify that you signed in as Adatum\Holly.
2. Open Microsoft Edge, and then browse to https://portal.office.com/.
3. Sign in as Holly@Adatumvsxxxx.onmicrosoft.com, with the password Pa$$w0rd.
4. In the Microsoft Office 365 portal, click Admin.
5. On the menu on the left side, expand Users, and then click Active Users.
6. Click Add a user.
7. On the New User page, in the First name text box, type Lindsey.
8. In the Last name text box, type Gates.
9. In the Display name text box, type the user's first and last names if the default name does not
appear; in this case, in the First name text box, type Lindsey, and then in the Last name text box,
type Gates.
10. In the User name text box, type Lindsey.
11. Verify that Adatumvsxxxx.virsoftlabs.com is listed in the text box after the at sign (@).
12. Expand Password.

Note: By default, a temporary auto-generated password is assigned to new users. However, in the
lab steps, we will assign all users the same password: Pa$$w0rd.
13. Select Let me create the password, and then in both text boxes, type Pa$$w0rd.
14. Clear the Make this user change their password when they first sign in check box.
15. Click Save.
16. On the User was added page, clear the Send password in email check box.
17. Click Close.
18. Repeat the previous steps to create the following users (for the User name, use the First name):
o Christie Thomas
o Amy Santiago
o Sallie McIntosh
o Francisco Chaves
Task 2: Edit Office 365 users

1. In the Office 365 admin center, in the Active Users list, click the Francisco Chaves user object.
2. On the right side, in the Display name Office phone section, click Edit.
3. On the Edit contact information page, expand Contact information, and in the Department text
box, type Accounts, click Save, and then click Close.
4. On the right side, in the Sign in status section, click Edit.
5. On the Sign-in status page, select Sign-in blocked, click Save, and then click Close.
6. Click Close to close the Francisco Chaves page.
7. In the Active Users list, click the Lindsey Gates user object.
8. On the right side, click Delete user.
9. On the Delete user page, click Delete, and then click Close.
10. In the left navigation pane, under Users, click Deleted Users.
11. Verify that Lindsey Gates is in this list.
12. In the Deleted Users list, click Lindsey Gates.
13. On the toolbar, click Restore.
14. On the Restore page, ensure that the Auto-generate password option, and the Make this user
change their password when they first sign in check box are selected.
15. Click Restore.
16. Make a note of the temporary password that is assigned to Lindsey Gates. In the next task, you use
this password to sign in.
17. Click Close.
18. On the left navigation pane, under Users, click Active Users.
19. Verify that Lindsey Gates is in this list.
Task 3: Verify user settings

1. On LON-CL1, open Microsoft Edge, and then browse to https://login.microsoftonline.com/.
2. Sign in as Lindsey@Adatumvsxxxx.virsoftlabs.com with the temporary password that you noted
in the previous task.
3. If you are not prompted to change your password, then on the Office 365 portal home page, in the
top-right corner, click the Settings icon, and then click Password.
4. On the change password page, in the Old password text box, type Lindsey's temporary password.
5. In the Create new password and Confirm new password text boxes, type Pa$$w0rd.
6. Click submit.
7. Verify that you can access the Office 365 portal home page.

9. Open Microsoft Edge, and then browse to https://login.microsoftonline.com/.
10. Attempt to sign in as Francisco@Adatumvsxxxx.virsoftlabs.com with password Pa$$w0rd.
Note that the account has been locked, and that you cannot sign in.
11. Click Back.
12. Sign in as Holly@Adatumvsxxxx.onmicrosoft.com with the password Pa$$w0rd.
13. In the Office 365 portal, click Admin.

14. In the left menu, expand Users, and then click Active Users.
15. In the Active Users list, click Francisco Chaves.
16. On the right side, in the Sign-in status section, click Edit.
17. On the Sign in status page, select Sign-in allowed, click Save, and then click Close.
20. Sign in as Francisco@Adatumvsxxxx.virsoftlabs.com with password Pa$$w0rd.
21. Verify that you can access the Office 365 portal.
Results: After completing this exercise, you should have created and managed user accounts according
to business needs.
Exercise 2: Managing Office 365 password policies

Task 1: Configure the Office 365 password policy
4. On the left side menu, click Settings, and then click Security & privacy.
5. In the Password policy section, click Edit.
6. In the Days before passwords expire text box, type 14, instead of the default value of 90.
7. In the Days before a user is notified about expiration box, leave the default value of 14.
Note: Using the same value does not correspond with a real-world scenario. Use it as a
sample scenario to verify the policy applied in the next exercise task.
8. Click Save.
9. Verify that the "Password policy has been updated" message appears, and then click Close.
Task 2: Validate the password policy

On the upper-right side of the window, verify that the notification appears with the following
information: "Time to change your password. Your password will expire in 13 days." If the
notification does not appear the first time, close Microsoft Edge, and sign in again.
Note: You have now verified that the password policy is applied.

5. On the left side menu, click Settings, and then click Security & privacy.
6. In the Password policy section, click Edit.
7. In the Days before passwords expire text box, type 90.
8. In the Days before a user is notified about expiration box, leave the default value of 14.
9. Click Save and then click Close.
Results: After completing this exercise, you should have configured and validated an Office 365
password policy.
Lab B: Managing Office 365 groups and

administration
Exercise 1: Managing Office 365 groups
Task 1: Create Office 365 security groups
2. Sign in as Holly@Adatumvsxxxx.onmicrosoft.com, with password Pa$$w0rd.
3. In the Office 365 admin center, click Admin.
4. On the left side menu, expand Groups, click Groups, and then click the Add a group icon.
5. On the New Group page, in the Type drop-down box, select Security group, and in the Name text
box, type Sales.
6. In the Description text box, type Sales department users, click Add and then click Close.
7. On the Groups page, click Sales.
8. On the Sales Security group page, in the Members section, click Edit.
9. On the Edit members page, in the search box, type Lindsey. When the Lindsey Gates user
account appears, click Add.
10. In the same search text box, type Christie, and then click Add.
11. Click Save, click Close, and click Close.
12. On the Groups page, click Add a group.
13. On the New Group page, in the Type drop-down box, select Security group, and in the Name text
box, type Accounts.
14. In the Description text box, type Accounts department users, click Add, and then click Close.
15. In the Members section, click Edit.
16. In the search box, type Francisco, and then click Add.
17. In the search box, type Sallie, and then click Add.
18. Click Save, click Close, and then click Close.
Task 2: Manage security groups

1. On the Groups page, click the Sales group.
2. In the Members section, click Edit.
3. In the search box, type Amy, and then click Add.
4. Click Save, and then click Close.
5. Ensure that Amy Santiago is now listed as member in the Sales security group.
6. Click Delete group.
7. On the Delete group page, click Delete, and then click Close.
8. On the left side menu, click Users, and then click Active Users.
9. Confirm that the Amy Santiago user account still exists in the list of users.
Results: After completing this exercise, you should have created and managed security groups.
Exercise 2: Managing Office 365 users and groups by using Windows

PowerShell
Task 1: Install Microsoft Azure Active Directory module for Windows PowerShell
1. On LON-CL1, open Microsoft Edge, and browse to
http://go.microsoft.com/fwlink/?LinkId=286152 (or http://aka.ms/t01i1o).
2. Under Microsoft Online Services Sign-In Assistant for IT Professionals RTW, click Download.
3. Select the en\msoidcl_64.msi check box, and then click Next.
4. When the download finishes, click Run.
5. In the Microsoft Online Services Sign-in Assistant Setup wizard, on the License Terms page, click
I accept the terms in the License Agreement and Privacy Statement, and then click Install.
6. In the User Account Control dialog box, click Yes.
7. On the Completed the Microsoft Online Services Sign-in Assistant Setup Wizard page, click
Finish.
8. In Microsoft Edge, browse to
http://go.microsoft.com/fwlink/?LinkId=236297 (or http://aka.ms/siqtee).
9. After AdministrationConfig-en.msi finishes downloading, click Run.
10. In the Windows Azure Active Directory Module for Windows PowerShell Setup wizard, on the
Welcome page, click Next.
11. On the License Terms page, select I accept the terms in the License Terms, and click Next.
12. On the Install Location page, click Next.
13. On the Ready to Install page, click Install.
15. On the Completing the Microsoft Azure Active Directory Module for Windows PowerShell
Setup page, click Finish.
Task 2: Create new users and assign licenses by using Windows PowerShell
1. On LON-CL1, on the desktop, right-click the Windows Azure Active Directory Module for
Windows PowerShell shortcut, and then click Run as administrator.
2. If a User Account Control dialog box appears, click Yes.

3. At the command prompt, type the following command, and then press Enter:
Connect-MsolService
4. In the Enter Credentials dialog box, sign in as Holly@Adatumvsxxxx.onmicrosoft.com with

password Pa$$w0rd.
New-MsolUser UserPrincipalName Catherine@Adatumvsxxxx.virsoftlabs.com DisplayName

"Catherine Richard" FirstName "Catherine" LastName "Richard" Password 'Pa$$w0rd'
ForceChangePassword $false UsageLocation "CH"
New-MsolUser UserPrincipalName Tameka@Adatumvsxxxx.virsoftlabs.com DisplayName "Tameka

Reed" FirstName "Tameka" LastName "Reed" Password 'Pa$$w0rd' ForceChangePassword $false
UsageLocation "CH"
7. To determine which users are unlicensed, at the command prompt, type the following command,
and then press Enter:
Get-MsolUser -UnlicensedUsersOnly
8. To license Catherine Richard, at the command prompt, type the following command, and then
press Enter:
Set-MsolUserLicense -UserPrincipalName Catherine@Adatumvsxxxx.virsoftlabs.com AddLicenses

"Adatumvsxxxx:ENTERPRISEPACK"
9. To license Tameka Reed, at the command prompt, type the following command, and then press
Enter:
Set-MsolUserLicense -UserPrincipalName Tameka@Adatumvsxxxx.virsoftlabs.com AddLicenses

"Adatumvsxxxx:ENTERPRISEPACK"
10. To prevent a user from signing in, at the command prompt, type the following command, and then
press Enter:
Set-MsolUser -UserPrincipalName Catherine@Adatumvsxxxx.virsoftlabs.com -BlockCredential $true
11. To delete a user, at the command prompt, type the following command, and then press Enter:
Remove-MsolUser UserPrincipalName Catherine@Adatumvsxxxx.virsoftlabs.com Force
12. To view the Deleted Users list, at the command prompt, type the following command, and then
press Enter:
Get-MsolUser ReturnDeletedUsers
13. Verify that Catherine Richard is in the Deleted Users list. Note that it specifies that she is still
licensed.
14. To restore a deleted user, at the command prompt, type the following command, and then press
Enter:
Restore-MsolUser UserPrincipalName Catherine@Adatumvsxxxx.virsoftlabs.com
15. To view the Deleted Users list again, at the command prompt, type the following command, and
then press Enter:
Get-MsolUser ReturnDeletedUsers
16. Verify that Catherine Richard is no longer in the Deleted Users list.
17. To view the Active Users list, at the command prompt, type the following command, and then press
Enter:
Get-MsolUser
18. Verify that Catherine Richard is in the Active Users list.

19. To allow a user to sign in, at the command prompt, type the following command, and then press
Enter:
Set-MsolUser -UserPrincipalName Catherine@Adatumvsxxxx.virsoftlabs.com -BlockCredential

$false
Task 3: Modify existing users by using Windows PowerShell

1. On LON-CL1, on the taskbar, click File Explorer.
2. Navigate to C:\Labfiles, right-click O365Users.csv, point to Open with, and then click Notepad.
3. In Notepad, click Edit, and then click Replace.
4. In the Find what text box, type xxxx.

5. In the Replace with text box, type your unique subdomain number, click Replace All.
6. Close O365users.csv, and then in the Notepad message box, click Save.
7. To bulk import several users from a comma-separated value (CSV) file, copy and paste this code
into the Windows Azure Active Directory Module for Windows PowerShell window, and then
press Enter:
Import-Csv -Path C:\Labfiles\O365Users.csv | ForEach-Object { New-MsolUser -UserPrincipalName

$_."UPN" -AlternateEmailAddresses $_."AltEmail" -FirstName $_."FirstName" -LastName
$_."LastName" -DisplayName $_."DisplayName" -BlockCredential $false -ForceChangePassword
$false -LicenseAssignment $_."LicenseAssignment" -Password $_."Password" -
PasswordNeverExpires $true -Title $_."Title" -Department $_."Department" -Office $_."Office"
-PhoneNumber $_."PhoneNumber" -MobilePhone $_."MobilePhone" -Fax $_."Fax" -StreetAddress
$_."StreetAddress" -City $_."City" -State $_."State" -PostalCode $_."PostalCode" -Country
$_."Country" -UsageLocation $_."UsageLocation" }
8. To view the Active Users list, at the command prompt, type the following command, and then press
Enter:
Get-MsolUser

12. On the Home page, click Users.
13. Review the active users that you just imported.
14. In the left menu, expand Admin centers, and then click Exchange.
15. Under recipients, click mailboxes and review the mailboxes and associated email addresses that
were created.
Task 4: Configure groups and group membership by using Windows PowerShell

1. To create a Marketing group, at the command prompt, type the following command, and then press
Enter:
New-MsolGroup DisplayName "Marketing" Description "Marketing department users"
2. To configure a PowerShell variable for the group, at the command prompt, type the following
command, and then press Enter:
$MktGrp = Get-MsolGroup | Where-Object {$_.DisplayName -eq "Marketing"}
3. To configure a PowerShell variable for the first user account, at the command prompt, type the
following command, and then press Enter:
$Catherine = Get-MsolUser | Where-Object {$_.DisplayName -eq "Catherine Richard"}
4. To configure a PowerShell variable for the second user account, at the command prompt, type the
$Tameka = Get-MsolUser | Where-Object {$_.DisplayName -eq "Tameka Reed"}
5. To add Catherine Richard to the Marketing group, at the command prompt, type the following
Add-MsolGroupMember -GroupObjectId $MktGrp.ObjectId -GroupMemberType "User" -

GroupMemberObjectId $Catherine.ObjectId
6. To add Tameka Reed to the Marketing group, at the command prompt, type the following
Add-MsolGroupMember -GroupObjectId $MktGrp.ObjectId -GroupMemberType "User" -

GroupMemberObjectId $Tameka.ObjectId
7. To verify the members of the Marketing group, at the command prompt, type the following
Get-MsolGroupMember -GroupObjectId $MktGrp.ObjectId
Task 5: Configure user passwords by using Windows PowerShell

Set-MsolPasswordPolicy -DomainName Adatumvsxxxx.onmicrosoft.com ValidityPeriod 90 -

NotificationDays 14
Set-MsolUserPassword UserPrincipalName Tameka@Adatumvsxxxx.virsoftlabs.com NewPassword

'Pa$$w0rd123'
Get-MsolUser | Set-MsolUser PasswordNeverExpires $false

Results: After completing this exercise, you should have created new users, assigned licenses, modified
existing users, and configured groups and user passwords by using the Windows PowerShell command-
line interface.
Exercise 3: Configuring delegated administrators

Task 1: Assign delegated administrators in the Office 365 admin center
4. On the left-hand side, expand Users, click Active users, and then click Francisco Chaves.
5. On the Francisco Chaves page, in the Roles section, click Edit.
6. Under Edit user role, select Customized administrator, and then select Billing administrator
from the list.
7. In the Alternate email address text box, type user@alt.none, click Save, and then click Close.
8. Close the Francisco Chaves page.
9. In the active users list, click Tameka Reed.
10. On the Tameka Reed page, in the Roles section, click Edit.
11. Under Edit user role, select Customized administrator, and then select Password administrator
from the list.
12. In the Alternative email address text box, type user@alt.none, click Save, and then click Close.
13. Close the Tameka Reed page.
14. In the active users list, click Christie Thomas.
15. On the Christie Thomas page, in the Roles section, click Edit.
16. Under Edit user role, click Customized administrator, and then select User management
administrator from the list.
17. In the Alternative email address text box, type user@alt.none, click Save, and then click Close.
18. Close the Christie Thomas page
Task 2: Manage delegated administration with Windows PowerShell

1. In the Windows PowerShell window, at the command prompt, type the following command, and then
press Enter:
Add-MsolRoleMember RoleName "Service Support Administrator" RoleMemberEmailAddress

Sallie@Adatumvsxxxx.virsoftlabs.com
Add-MsolRoleMember RoleName "Company Administrator" RoleMemberEmailAddress

Nona@Adatumvsxxxx.virsoftlabs.com
$role = Get-MsolRole RoleName "Service Support Administrator"
Get-MsolRoleMember RoleObjectId $role.ObjectId
5. Verify that Sallie McIntosh is in the list of users who have the Service Support Administrator role.
$role = Get-MsolRole RoleName "Billing Administrator"
8. Verify that Francisco Chaves is in the list of users who have the billing administrator role.
$role = Get-MsolRole RoleName "Company Administrator"
11. Verify that Holly Dickson and Nona Snider and are in the list of users who have the Company
Administrator role.
Exit
Task 3: Verify delegated administration

2. Sign in as Tameka@Adatumvsxxxx.virsoftlabs.com, with password Pa$$w0rd123.
3. On the Update your password page, in the Old password text box, type Pa$$w0rd123.
4. In the New password and Confirm password text boxes, type Pa$$w0rd, and then click Update
password and sign in.

6. On the update your admin contact info page, click cancel.
8. Click Jessica Jennings.
Note that Tameka Reed cannot perform many of the administrative tasks, because the user account
only has the Password administrator role.
9. Click Reset password.

Tameka Reed can reset passwords.
10. Click Cancel.
11. Close the Jessica Jennings page.

14. Sign in as Christie@Adatumvsxxxx.virsoftlabs.com with password Pa$$w0rd.
16. On the update your admin contact info page, click cancel.
17. In the Office 365 admin center, on the Home page, click Users, and then click Jessica Jennings.
18. On the Jessica Jennings page, in the Display name Office phone section, click Edit.
19. In the Office Phone text box, type 555-1234.
21. In the Sign-in status section, click Edit.
22. Select Sign-in blocked.
24. Close the Jessica Jennings page.
25. On the Active users page, click Add a user.
26. In the First name text box, type Chris.
27. In the Last name text box, type Breland.
28. In the User name text box, type Chris.
29. Click Save.
30. On the User was added page, click Send email and close.
31. On the Active Users page, click Chris Breland.
32. Click Delete user.
33. On the Delete user page, click Delete, and then click Close.
Results: After completing this exercise, you should have assigned delegated administrators in the Office
365 admin center, managed delegated administration with Windows PowerShell, and verified delegated
administration.
L3-22 Configuring Client Connectivity to Office 365
Module 3: Configuring Client Connectivity to Office 365

Lab: Configuring client connectivity to
Office 365
Exercise 1: Configuring DNS records for Office 365 clients
Task 1: Configure SOA-record for DNS domain name
1. On LON-DC1, open Server Manager.
2. In Server Manager, on the Tools menu, click DNS.
3. In DNS Manager, expand LON-DC1, and then expand Forward Lookup Zones.
4. Right-click Adatumvsxxxx.virsoftlabs.com, and then click Properties.
5. In the Properties dialog box, on the Start of Authority (SOA) tab, provide the following information:
o Primary server: ns1.virsoftlabs.com
o TTL for this record: 0:0:2:0
Note: For security reasons, the Office 365 portal requires that the Primary server in the SOA-record
for the domain resolves to the public IP address of the DNS server. You can use
ns1.virsoftlabs.com for that.
For ease of testing and changing, you already configured the TTL to 2 minutes in an earlier lab
exercise.
Task 2: Review the recommended DNS records in the Office 365 admin center
1. On LON-CL1, open Microsoft Edge, and then browse to http://login.microsoftonline.com/.
4. In the Office 365 admin center, in the menu to the left, expand Settings, click Domains.
5. Review the domain names assigned to the tenant.
6. On the Domains page, click Adatumvsxxxx.virsoftlabs.com.

7. Under DNS errors, review the records that need to be configured for your domain.
8. Leave the Microsoft Edge window open.
Task 3: Configure the DNS records for external clients
Configure DNS settings for Exchange Online

1. On LON-DC1, in DNS Manager, right-click Adatumvsxxxx.virsoftlabs.com, and then click
New Alias (CNAME).
2. In the Alias name text box, type autodiscover as the alias name.
3. In the Fully qualified domain name (FQDN) for target host text box, type
autodiscover.outlook.com.
4. Click OK.
5. Right-click Adatumvsxxxx.virsoftlabs.com, and then click New Mail Exchanger (MX).
6. In the Mail Exchanger (MX) dialog box, in the Fully qualified domain name (FQDN) of mail
server text box, type Adatumvsxxxx-virsoftlabs-com.mail.protection.outlook.com.
7. Click OK.
Configure DNS settings for Skype for Business Online

8. On LON-DC1, right-click the Adatumvsxxxx.virsoftlabs.com zone, and then select Other New
Records.
9. In the Resource Record Type dialog box, scroll down the list, click Service Location, and then
click Create Record.
10. On the Service Location (SRV) tab, enter the following information, and then click OK:
o Service: _sip
o Protocol: _tls
o Priority: 100
o Weight: 1
o Port number: 443
o Host offering this service: sipdir.online.lync.com
o Time to live: 1 hour (default)
11. In the Resource Record Type dialog box, click Create Record.
12. On the Service Location (SRV) tab, enter the following information, and then click OK:
o Service: _sipfederationtls
o Protocol: _tcp
o Priority: 100
o Weight: 1
o Port number: 5061
o Host offering this service: sipfed.online.lync.com
13. In the Resource Record Type dialog box, scroll back up the list, click Alias (CNAME), and then
click Create Record.
14. On the Alias (CNAME) tab, enter the following information, and then click OK:
o Alias name: sip
o Fully qualified domain name (FQDN) for target host: sipdir.online.lync.com
15. In the Resource Record Type dialog box, click Create Record.
16. On the Alias (CNAME) tab, enter the following information, and then click OK:
o Alias name: lyncdiscover

o Fully qualified domain name (FQDN) for target host: webdir.online.lync.com
17. In the Resource Record Type dialog box, click Done.
18. Switch back to LON-CL1, and then in the Office 365 admin console, click Check DNS.
Note: Due to DNS timeouts of missing DNS records, the DNS check may take a long time.
19. If you do not get any results from the DNS check, then in the DNS errors section, click View errors,
and then click Refresh.
20. You should now see that most missing DNS records are not listed anymore. The only remaining
missing DNS records are listed below. There are not used in this course.
o msoid.Adatumvsxxxx
o enterpriseregistration.Adatumvsxxxx
o enterpriseenrollment.Adatumvsxxxx
o TXT Adatumvsxxx (for SPF)
21. In the menu bar, click the App launcher icon (9 small squares), and then click Mail.
22. On the Outlook page, select your time zone and click Save.
23. On LON-CL2, verify that you are signed in as Francisco.
24. Open Microsoft Edge, and then connect to https://login.microsoftonline.com.
26. In the Office 365 portal, click Mail.
28. In the middle pane, click the New button.
29. In the To text box, type Holly Dickson, and then click Search Directory.
30. When the name resolves, note her instant message (IM) status. It might take a couple of minutes for
her status to update.
31. Click Holly Dickson in the To text box.

32. In the pop-up dialog box, click the IM icon on the right.
33. In the IM pop-up window, type Hi Holly, do you know the time of the meeting?, and then press
Enter.
34. On LON-CL1, click the incoming IM notification from Francisco Chaves.
35. In the IM pop-up window, type It is at 4 PM. See you there!, and then press Enter.
Note that you can send instant messages between users.

36. On LON-CL2, close the IM window, and then close Microsoft Edge.
37. On LON-CL1, close the IM window, and then close Microsoft Edge.
Results: After completing this exercise, you should have reviewed the recommended DNS records in
the Office 365 admin center, configured the DNS records for external clients, and configured the DNS
records for internal clients.
Exercise 2: Running the Office 365 connectivity analyzer tools

Task 1: Run the Microsoft Connectivity Analyzer tool
1. On LON-CL1, open Microsoft Edge, and then browse to https://testconnectivity.microsoft.com/.
2. On the Microsoft Remote Connectivity Analyzer page, click the Office 365 tab.
3. On the Office 365 tab, select Office 365 Exchange Domain Name Server (DNS) Connectivity
Test, and then click Next.
4. In the Domain Name text box, type Adatumvsxxxx.virsoftlabs.com.
5. Under Verification, type the characters that you can see in the verification field, and then click
Verify.
6. Click Perform Test.
Note: If you receive a message about having performed too many tests in 60 seconds,
wait for a minute and then repeat the test.
7. When you see Connectivity Test Successful, under Test Details, expand Test Steps, and then
review the checks that were made against the Exchange Online domain.
8. Click Start Over.
9. On the Office 365 tab, select Office 365 Lync Domain Name Server (DNS) Connectivity Test,
and then click Next.
10. In the Sign-in address text box, type Francisco@Adatumvsxxxx.virsoftlabs.com, and then click
Perform Test.
11. When you see Connectivity Test Successful, under Test Details, expand Test Steps, and then
review the checks that were made against the Skype for Business Online domain.
13. Under Microsoft Office Outlook Connectivity Tests, click Outlook Connectivity, and then click
Next.
14. On the Outlook Connectivity page, in the Email Address and Microsoft Account text boxes, type
Francisco@Adatumvsxxxx.virsoftlabs.com.
15. In the Password and Confirm password text boxes, type Pa$$w0rd.
16. Select Use Autodiscover to detect server settings.
17. Select I understand that I must use the credentials of a working account from my Exchange
domain to be able to test connectivity to it remotely. I also acknowledge that I am responsible
for the management and security of this account.
18. Click Perform Test.

19. When you see Connectivity Test Successful with Warnings, under Test Details, expand
Test Steps, and then review the checks that were made against Outlook Anywhere. Note in
particular the message that contains information about the Autodiscover steps that fail.
20. In the top-right corner of the window (under Run Test Again), note that you can copy this test to the
clipboard, or save it as an XML or HTML file.

Task 2: Run the Office 365 Client Performance Analyzer

1. In the Microsoft Connectivity Analyzer window, on the Client tab, in the Microsoft Office 365 Client
Performance Analyzer section, click the Microsoft Office 365 Client Performance Analyzer link.
2. In the Office 365 Client Performance Analyzer window, under Download and install OCPA, click
the here link.
3. Wait for the Ocpa.msi download to finish, and then click Run.
5. In the Microsoft Office 365 Client Performance Analyzer window, click Accept, and then click
Run Exchange Analyzer.
6. In the pop-up window, type Francisco@Adatumvsxxxx.virsoftlabs.com, clear the Allow OCPA to
run in the background collecting diagnostics every few hours for you check box, and then click
OK.
7. Wait until Office 365 Client Performance Analyzer generates the results.
8. Review the results.
Note that for the online lab environment, it is expected that the analyzer tool reports that the DNS
Server is Out of Region for the user account.
9. Click Show Trace Route Details.
10. Review the details, and then close the window.
Results: After completing this exercise, you should have:

Run the Microsoft Connectivity Analyzer tool.
Run the Office 365 Client Performance Analyzer tool.
Exercise 3: Connecting Office 2016 clients

Task 1: Verify that Outlook 2016 can connect to Office 365
1. On LON-CL1, start Outlook 2016.
2. On the Welcome to Outlook 2016 page, click Next.
3. On the Add an Email Account page, click Next.
4. On the Auto Account Setup page, type the following information, and then click Next:
o Your Name: Holly Dickson

o E-mail Address: Holly@Adatumvsxxxx.onmicrosoft.com
o Retype Password: Pa$$w0rd
5. In the Windows Security dialog box for Microsoft Outlook, type Pa$$w0rd as the password,
select Remember my credentials, and then click OK.
6. Verify that you are connected to Exchange Online, and then click Finish.
7. In the First things first dialog box, select Ask me later, and then click Accept.
8. Close Outlook.
9. On LON-CL2, repeat the previous steps with the following information:
o Your Name: Francisco Chaves

o E-mail Address: Francisco@Adatumvsxxxx.virsoftlabs.com
Task 2: Verify that Skype for Business can connect to Office 365
1. On LON-CL1, start Skype for Business.
2. Close the Welcome - Skype for Business dialog box.
3. On the Skype for Business sign in page, type Holly@Adatumvsxxxx.onmicrosoft.com as the
Sign-in address, and then click Sign in.
4. On the second Sign in page, type Pa$$w0rd as the password, select Save my password, and click
Sign In.
5. In the confirmation dialog box about saving your sign-in info, click Yes.
6. In the Help Make Skype for Business Better! dialog box, click No.
7. Verify that you are connected to Skype for Business Online.
8. Close the Skype for Business window.
9. On LON-CL2, repeat the previous steps with the following information:
o Sign-in address: Francisco@Adatumvsxxxx.virsoftlabs.com
Results: After completing this exercise, you should have verified that Outlook 2016 can connect to
Office 365, verified that Skype for Business can connect to Office 365, and verified OneDrive for
Business connectivity to Office 365.
L4-28 Planning and Configuring Directory Synchronization
Module 4: Planning and Configuring Directory

Synchronization
Lab: Configuring directory synchronization
Exercise 1: Preparing for directory synchronization
Task 1: Configure UPN
1. Sign in to the LON-DC1 as ADATUM\Administrator with a password of Pa$$word.
2. In Server Manager, on the Tools menu, click Active Directory Domains and Trusts.
3. In the Active Directory Domains and Trusts window, right-click Active Directory Domains and
Trusts, and then click Properties.
4. On the UPN Suffixes tab, in the Alternative UPN suffixes text box, type
Adatumvsxxxx.virsoftlabs.com, and then click Add.
5. Click OK.
6. Close the Active Directory Domains and Trust window.
7. On the Start screen, right-click Windows PowerShell, and then click Run as administrator.
8. At the Windows PowerShell prompt, type the following command, and then press Enter:
Get-ADUser Filter * -Properties SamAccountName | ForEach { Set-ADUser $_ -UserPrincipalName

($_.SamAccountName + "@Adatumvsxxxx.virsoftlabs.com" )}
Task 2: Prepare problem user accounts

1. On the LON-DC1, in the Windows PowerShell prompt, type the following command, and then press
Enter:
CD C:\labfiles\
Set-ExecutionPolicy Unrestricted
3. To confirm the execution policy change, press Enter.

.\CreateProblemUsers.ps1
5. This Windows PowerShell script makes the following changes in AD DS:

o Amr Zaki. Add the "@" character to the beginning of "adatum" for the UserPrincipalName
attribute.
o Brad Sutton. Replace the existing string with "brad@adatum.com" for the emailAddress
attribute.
o Don Funk. Replace the existing string with "brad@adatum.com" for the emailAddress attribute.
o Holly Dickson. Replace the existing string with "holly@adatum.com" for the emailAddress
attribute.
o Kelly Rollins. Replace the existing string with " " for the emailAddress attribute.
Task 3: Run the IdFix tool and fix identified issues

1. On LON-CL1, open Microsoft Edge, and then browse to http://login.microsoftonline.com/.
5. On the Active users page, click More, and then click Directory synchronization.
6. On the Active Directory preparation page, click Go to the DirSync management.
7. On the Directory Sync Status page, in the IdFix Tool section, click Download IdFix Tool.
8. In the new Edge tab, under Install IdFix, click the IdFix DirSync Error Remediation Tool link.
9. On the IdFix DirSync Error Remediation Tool page, click Download.
10. Wait for the IdFix.zip download to finish, and then click Open folder.
11. In the Downloads folder, right-click IdFix.zip, and then click Extract All....
12. In the Extract Compressed (Zipped) Folders dialog box, in the destination text box, type
C:\Deployment Tools\IdFix, and then click Extract.
13. In File Explorer, in the C:\Deployment Tools\IdFix folder, right-click IdFix.exe, and then click
Run as administrator.
15. In the IdFix Privacy Statement message box, click OK.
16. In the IdFix application window, on the toolbar, click Query. You should see a number of errors.
17. Click the ERROR column to sort the character errors to the top of the list.
Note: Ignore possible topleveldomain errors, which cannot be fixed by the IdFix tool.
18. In the Amr Zaki row, in the ACTION column, select EDIT.
19. In the Holly Dickson row, in the ACTION column, select EDIT.
20. In the Kelly Rollin row, in the ACTION column, select EDIT.
21. On the toolbar, click Apply.
22. In the Apply Pending dialog box, click Yes.
Notice the COMPLETE status in the ACTION column indicating successful writes.
23. In File Explorer, in the C:\Deployment Tools\IdFix folder, double-click Verbose <date> <time>.txt
to view the updated transactions in the transaction log.
24. Close Notepad.
25. In the IdFix application window, on the toolbar, click Query.
26. In the Don Funk row, click in the UPDATE column to replace the string with don@adatum.com,
and then in the ACTION column, select EDIT.
27. In the Kelly Rollin row, click in the UPDATE column to replace the string with kelly@adatum.com,
and then in the ACTION column, select EDIT.
28. On the toolbar, click Apply.
29. In the Apply Pending dialog box, click Yes.

30. On the toolbar, click Query and verify that no more errors are reported.
31. Close the IdFix window.
32. Close the File Explorer windows.

Note: Where there are format and duplicate errors for distinguished names, the UPDATE
column either contains the same string as the VALUE column, or the UPDATE column entry is
blank. In either case, this means that IdFix cannot suggest a remediation for the error. You can
either fix these errors outside IdFix, or manually remediate them within IdFix. You can also
export the results and use Windows PowerShell to remediate a large number of errors.
Task 4: Configure the Office 365 tenant for directory synchronization

1. On LON-CL1, on the desktop, double-click Windows Azure Active Directory Module for
Windows PowerShell.
Connect-MsolService

password Pa$$w0rd.
Set-MsolDirSyncEnabled -EnableDirSync $true -Force
Note: The -Force switch disables the confirmation dialog box.
Although you might have to wait up to 24 hours for activation to complete, you should be able to
continue.
Get-MsolCompanyInformation
Note that in the output, DirectorySynchronizationEnable is True, indicating that sync is enabled.
Note: It might take a few minutes to return True. Rerun the command until you see True
showing.
Results: After completing this exercise, you will have resolved issues in AD DS identified by the IdFix
tool and you will have enabled Active Directory synchronization in Office 365.
Exercise 2: Configuring directory synchronization

Task 1: Download and install Azure AD Connect
1. On LON-DC1, Click Start, click Internet Explorer, and then browse to
https://login.microsoftonline.com.
Note: If you see the Active Directory synchronization is being activated warning, you can
ignore it at this time, but you will not be able to run directory synchronization later in this
exercise. You must wait until directory synchronization is activated. However, you can complete
the following steps, even if you do see the warning message.
5. On the Active Users page, click Holly Dickson.

6. On the Holly Dickson page, in the Email address section, click Edit.
7. Under Email address, after the @-sign, in the drop-down list box, select
Adatumvsxxxx.virsoftlabs.com, and then click Save.
8. Click Sign Out.
9. Close Internet Explorer.
10. Open Internet Explorer again, and browse to https://login.microsoftonline.com.
11. Sign in as Holly@Adatumvsxxxx.virsoftlabs.com with password Pa$$w0rd.
13. On the Home page click Users.
14. On the Active Users page, click More, and then click Directory Synchronization.
15. On the Active Directory preparation page, click Go to the DirSync management.
16. In the Directory sync client version section, click Upgrade to the latest version of Azure AD
Connect.
Note: You will be redirected to the Microsoft Azure Active Directory Connect download
page at http://go.microsoft.com/fwlink/?LinkId=617037.
17. On the Microsoft Azure Active Directory Connect download page in Internet Explorer, click
Download.
18. When the AzureADConnect.msi download has completed, in the Internet Explorer notification bar,
click Run.
19. In the Microsoft Azure Active Directory Connect wizard, on the Welcome page, select I agree to
the license terms and privacy notice, and then click Continue.
20. On the Express Settings page, click Customize.

Note: The steps in the Microsoft Azure Active Directory Connect wizard continue in the next task.
Task 2: Run the Azure AD Connect tool with custom settings

1. On the Install required components page, leave all the check boxes cleared, and click Install.
2. On the User sign-in page, select Password Synchronization, and then click Next.
3. On the Connect to Azure AD page, enter the following credentials, and then click Next:
o Username: Holly@Adatumvsxxxx.virsoftlabs.com
4. On the Connect your directories page, enter the following credentials, click Add Directory, and
then click Next:
o Username: ADATUM\Administrator
5. On the Domain and OU filtering page, select Sync selected domains and OUs, expand
Adatum.com, clear all check boxes for the child containers (also scroll down), except for the IT
check box, and then click Next.
6. On the Uniquely identifying your users page, click Next.
7. On the Filter users and devices page, verify that Synchronize all users and devices is selected,
and then click Next.
8. On the Optional Features page, leave the default options, and then click Next.
9. On the Ready to configure page, ensure that both check boxes are cleared, and then click Install.
Note: The installation process will take a few minutes to complete.
10. Once the installation completes, on the Configuration complete page, click Exit.
12. On the Start screen, click Administrator, and click Sign out.
13. Sign in as Adatum\Administrator again with password Pa$$w0rd.
Note: Because Adatum\Administrator was used to install Azure AD Connect, the

account is automatically added to the ADSyncAdmins group. You need to sign out and sign in
again to update the Kerberos token. If you use a different user account to install Azure AD
Connect, then you need to manually add the Azure AD Connect admin to the ADSyncAdmins
group.
Task 3: Configure synchronization service filtering for organizational units

1. On LON-DC1, on the Start screen, type sync, and then click Synchronization Service.
2. In Synchronization Service Manager, click the Connectors tab.
3. On the Connectors tab, double-click Adatum.com.
4. In the Properties dialog box, select Configure Directory Partitions.

5. On the right side, click the Containers button.
6. In the Credentials dialog box, enter the following credentials, and then click OK:
o User name: Administrator
o Domain: Adatum.com
Note: Although this account is not the one used for directory synchronization, you use the
account credentials to access AD DS to configure filtering.
7. In the Select Containers dialog box, select the Research check box, verify that the IT check box is
also selected, and then click OK.
9. Close Synchronization Service Manager.
Task 4: Configure synchronization service filtering for object attributes

1. On LON-DC1, on the Start screen, type sync, and then click Synchronization Rules Editor.
2. In Synchronization Rules Editor, in Direction, select Inbound, and then click Add new rule.
3. In the Create inbound synchronization rule dialog box, in the Name box, type In from AD User
DoNotSyncFilter.
4. In the Connected System drop-down list box, select Adatum.com.
5. In the Connected System Object Type drop-down list box, type u, and then select user.
6. In the Metaverse Object Type drop-down list box, select person.
7. In the Link Type drop-down list box, select Join.
8. In the Precedence text box, type 50.
9. Click Next.
10. In the Create inbound synchronization rule dialog box, select Scoping filter, click Add group,
and then click Add clause.
11. In Add scoping filters:
o In the Attribute drop-down list box, select msDS-cloudExtensionAttribute15.
o In the Operator drop-down list box, select EQUAL.
o In the Value text box, type NoSync.
12. Click Next.
13. On the Join rules page, click Next.

14. On the Transformations page, click Add transformation:
o In the FlowType drop-down list box, select Constant.
o In the Target Attribute drop-down list box, select cloudFiltered.
o In the Source text box, type True.
15. Click Add to save the rule.
16. Close Synchronization Rules Editor.

17. Open Windows PowerShell.
18. In the Windows PowerShell window, type the following command, and then press Enter.
Start-ADSyncSyncCycle PolicyType Initial
Note: The Start-ADSyncSyncCyle PowerShell command returns immediately, but the initial
synchronization can still take a few moments to complete. Leave the Windows PowerShell window
open.
Task 5: Verify that synchronization was successful

1. On LON-DC1, on the Start screen, type sync, and then click Synchronization Service.
2. In Synchronization Service Manager, on Operations tab, notice the Status, Start Time and
End Time of the connector synchronization operations that were initiated in the previous task.
3. Wait until the Adatum.com connector has completed the Export task. This indicates that the
synchronization has completed.
5. Open Internet Explorer, and browse to
http://go.microsoft.com/fwlink/?LinkId=236297 (or http://aka.ms/siqtee).
6. After AdministrationConfig-en.msi finishes downloading, click Run.
7. In the Windows Azure Active Directory Module for Windows PowerShell Setup wizard, on the
Welcome page, click Next.
8. On the License Terms page, select I accept the terms in the License Terms, and click Next.
9. On the Install Location page, click Next.

10. On the Ready to Install page, click Install.
11. On the Completing the Windows Azure Active Directory Module for Windows PowerShell
Setup page, click Finish.
13. At the Windows PowerShell prompt, type the following commands, and press Enter after each:
Connect-MsolService
14. In the Enter Credentials dialog box, sign in as Holly@Adatumvsxxxx.virsoftlabs.com with

password Pa$$w0rd.
Get-MsolCompanyInformation
16. Verify the LastDirSyncTime (expressed in UTC) aligns with the last time synchronization was
initiated in the previous task.
17. On LON-CL1, open Microsoft Edge, and then browse to https://login.microsoftonline.com.

20. Notice that a DirSync Status tile is displayed on the Home page dashboard.
21. Click DirSync Status.
Note: If the DirSync Status tile is not displayed, then on the Home page, click Users.
On the Active users page, click More, and then click Directory synchronization.
On the Active Directory preparation page, click Go to the DirSync management.
22. On the Directory Sync Status page, click Home.

24. In the Active users list, notice that on-premises user accounts from the selected Active Directory
OUs are now included in the users list. Scroll to the right to see their Sync Type as Synced with
Active Directory.
Results: After completing this exercise, you will have installed Azure AD Connect with customized
settings. Upon completion of the installation, you will start directory synchronization to Office 365 and
have verified that synchronization was successful.
Exercise 3: Managing Active Directory users and groups

Task 1: Create a new user and new group account
1. On LON-DC1, in Server Manager, on the Tools menu, click Active Directory Users and
Computers.
2. In the console tree, expand Adatum.com, right-click Research, click New, and then click User.
3. In the New Object - User dialog box, in the First name text box, type Perry, and in the Last name
text box, type Brill.
4. In the User logon name text box, type Perry, and in the UPN drop-down list box, select
@Adatumvsxxxx.virsoftlabs.com and then click Next.
5. In the Password and Confirm password text boxes, type Pa$$w0rd.
6. Clear the User must change password at next logon check box, and select the Password never
expires check box.
7. Click Next, and then click Finish.
8. In the Research OU, right-click the new Perry Brill user, and then click Properties.
9. In the Properties dialog box, on the General tab, in the E-mail text box, type
Perry@Adatumvsxxxx.virsoftlabs.com, and then click OK.
10. In the console tree, right-click the Research OU, click New, and then click Group.
11. In the New Object Group dialog box, in the Group name text box, type Project Team, select
Universal, select Distribution, and then click OK.
12. In the Research OU, right-click the new Project Team group, and then click Properties.
13. In the Properties dialog box, on the General tab, in the E-mail text box, type
projectteam@Adatumvsxxxx.virsoftlabs.com.
14. On the Members tab, click Add.
15. In the Select Users, Contacts, Computers, Service Accounts, or Groups dialog box, in the Enter
the object names to select text box, type the following thee account names separated by a
semicolon, and then click Check Names:
o Chris Sells
o Lukas Keller
o Sabine Royant
16. Click OK, and click OK again.
Task 2: Move a user account out of the scope of synchronization

1. On LON-DC1, at the Windows PowerShell prompt, type the following command, and then press
Enter:
Get-MsolUser -SearchString "Josh"
2. Verify that the user Josh Bailey is listed in Office 365.

3. In Active Directory Users and Computers, in the Research OU, right-click Josh Bailey, click
Move, select the Sales OU, and then click OK.
Task 3: Move a user account into the scope of synchronization

1. In Active Directory Users and Computers, in the Marketing OU, right-click David So, click Move,
select the Research OU, and then click OK.
Task 4: Change group membership

1. In Active Directory Users and Computers, in the Research OU, right-click the Research security
group, and then click Properties.
2. In the Research Properties dialog box, on the Members tab, select the following three user
accounts, and click Remove. In the confirmation dialog box, click Yes.
o Allie Bellew
o Anil Elison
o Aziz Hassouneh
3. Click OK.
Task 5: Force synchronization

Enter:
Start-ADSyncSyncCycle PolicyType Delta
Note: The Delta parameter is used here so that only the updates are synchronized.
2. At the Start screen, type sync, and then click Synchronization Service.
3. In the Synchronization Service Manager, on the Operations tab, wait until the Adatum.com
connector has completed the Export task.
Task 6: Validate the results of directory synchronization

5. On the Active users list, in the Search text box, type Perry, and then click the search icon.
6. Verify that the new Perry Brill user has synchronized with Office 365.
Note: You may have to wait a few minutes before the user account appears. Refresh the
list until you see the Perry Brill user.
7. In the Active users list, click Perry Brill.

8. In the Product licenses section, click Edit.
9. On the Product licenses page, in the Location drop-down list box, select United States, and then
set the Office 365 Enterprise E3 switch to On.
10. Click Assign, and then click Close.
11. Close the Perry Brill page.
12. Repeat the previous steps for user David So.
13. In the left navigation, expand Groups and then click Groups.
14. On the Groups page, verify that the new Project Team group appears.
15. Click the Project Team group.
Note: You cannot change the Project Team membership on this page. This is because
group membership is maintained by Active Directory.

Enter:
Get-MsolGroup
18. Verify that you see the Research and Project Team groups.
19. At the Windows PowerShell prompt, type the following command, and then press Enter.
$PrjGrp = Get-MsolGroup | Where-Object {$_.DisplayName -eq "Project Team"}
Get-MsolGroupMember GroupObjectId $PrjGrp.ObjectId
21. Verify that the Project Team group in Office 365 contains the three user accounts that you added to
the group in Active Directory earlier:
o Chris Sells
o Lukas Keller
o Sabine Royant
$RschGrp = Get-MsolGroup | Where-Object {$_.DisplayName -eq "Research"}
Get-MsolGroupMember GroupObjectId $RschGrp.ObjectId
24. Verify that the Research group in Office 365, does not contain the three user accounts that you
removed from the group in Active Directory earlier:
o Allie Bellew
o Anil Elison
o Aziz Hassouneh
Get-MsolUser SearchString "Josh"
Note that the PowerShell command returns no user accounts. This confirms that the user
Josh Bailey has moved out of scope of synchronization.
Get-MsolAccountSku
The PowerShell command indicates how may Office 365 licenses are assigned.
Results: After completing this exercise, you will have identified how managing user and group accounts
has changed with directory synchronization.
L5-39 Planning and Deploying Office 365 ProPlus
Module 5: Planning and Deploying Office 365 ProPlus

Lab: Managing Office 365 ProPlus
installations
Exercise 1: Preparing an Office 365 ProPlus managed installation
Task 1: Download the Office 365 deployment tool
1. On LON-CL1, on the taskbar, click File Explorer.
2. In File Explorer, click Local Disk (C:) in the left navigation pane.
3. In File Explorer, on the Home tab, click New Folder.
4. Type Office16, and then press Enter.
5. In File Explorer, right-click Office16, click Share with, and then click Specific people.
6. In the File Sharing dialog box, click the drop-down list box, select Everyone from the list, click Add,
and then click Share.
7. In the File Sharing dialog box, click Done.
8. Open Microsoft Edge, and browse to https://login.microsoftonline.com.
9. Sign in as Holly@Adatumvsxxxx.virsoftlabs.com, with password Pa$$w0rd.
11. On the Home page, in the Office software tile, click Software download settings.
Note: If the Office software tile is not displayed, then in the left navigation pane, expand Settings,
and then click Services & add-ins.
On the Services & add-ins page, scroll down, and then click Software download settings.
12. On the Software download settings page, click Manually deploy user software.
13. On the Manage user software through Office 365 page, scroll down, and then click Learn how to
download and deploy software.
14. On the How admins can download Office 365 user software to deploy to users page, click
Manage user software in Office 365.
15. On the next Manage user software in Office 365 page, scroll down, and then click the Office
Deployment Tool (Office 2016 version) link to open the Office Deployment Tool download page.
Note: You can also go directly to the Office 2016 Deployment Tool page, by using the URL:
http://go.microsoft.com/fwlink/?LinkId=626065.
16. On the download page, expand Details, System Requirements, and Install Instructions, and read
and familiarize yourself with each section.
17. Click Download.
18. When the officedeploymenttool_nnnn.exe has finished downloading, click Run.

20. On the Microsoft Office 2016 Click-to-Run Administrator Tool dialog box, select Click here to
accept the Microsoft Software License Terms , and then click Continue.
21. Browse to the new C:\Office16 folder, and then click OK.
22. In the Files extracted successfully confirmation dialog box, click OK.
23. In File Explorer, go to the C:\Office16 folder. You should see two files:
o configuration.xml
o setup.exe
24. Close Microsoft Edge
Task 2: Modify an Office 365 ProPlus installation

1. In File Explorer, in the C:\Office16 folder, right-click configuration.xml, and then click Copy.
2. Right-click in the folder, and then click Paste. This creates a backup copy of the configuration.xml
file.
3. Right-click the configuration.xml file, click Open With, and then click Notepad.
4. In Notepad, edit the first Add line after <Configuration>. Replace:
<Add OfficeClientEdition="32" Branch="Current">
with:
<Add SourcePath="\\LON-CL1\Office16\" OfficeClientEdition="32" Branch="Current">
5. Comment out Microsoft Visio to make the download quicker. Replace:
<Product ID="VisioProRetail">
<Language ID="en-us" />
</Product>
6. with

7. Remove comments codes from three comments. Replace:




with
<Updates Enabled="TRUE" Branch="Current" />

<Display Level="None" AcceptEula="TRUE" />
<Property Name="AUTOACTIVATE" Value="1" />
8. On the File menu, click Save As, and in the File name text box, type AdatumConfiguration.xml.
9. Close Notepad.
10. In File Explorer, press Shift, and then right-click in the Office16 folder, and click Open command
window here.
11. At the C:\Office16> command prompt, type the following command, and then press Enter:
.\setup.exe /?
12. Note the Office Deployment Tool command-line options.

.\setup.exe /download \\LON-CL1\Office16\AdatumConfiguration.xml
14. In the User Account Control window, click Yes.

15. The download will take several minutes to complete.
16. In the C:\Office16 folder, notice that the download into the C:\Office16\Office folder has started. You
can continue with the next task and leave the download in the background.
Results: After completing this exercise, you will have downloaded a copy of Microsoft Office 365
ProPlus for managed deployment to a shared folder. You will also have downloaded and installed the
Office Deployment Tool.
Exercise 2: Managing user-driven Office 365 ProPlus installations

Task 1: Manage user rights to install Office 365 ProPlus
1. On LON-CL1, open Microsoft Edge, and browse to https://login.microsoftonline.com/.
5. On the Active users page, click Brad Sutton.
6. On the Brad Sutton page, in the Product licenses section, click Edit.
7. In the Location drop-down list box, select United Kingdom, and then set the Office 365
Enterprise E3 switch to On.
8. Set the Office 365 ProPlus switch to Off.

10. Close the Brad Sutton page.
11. On the Active users page, click Maira Wenzel.
12. On the Maira Wenzel page, in the Product licenses section, click Edit.
13. In the Location drop-down list box, select United Kingdom, and then set the Office 365
Enterprise E3 switch to On.
14. Verify that Maira has permission to use all features.
16. Close the Maira Wenzel page.
17. Repeat the previous Maira Wenzel steps for Roman Miler.
18. On the Active users page, click Home.
20. In the Software for PC section, set the 2016 version switch to Off.
21. Set the 2013 version switch to Off.
23. On the Home page, in the top-right corner, click the User icon, and then click Sign out.
24. Sign in as Brad@Adatumvsxxxx.virsoftlabs.com, with password Pa$$w0rd.
25. In the Office 365 portal, in the top-right corner, click the Settings (gear) icon.
26. On the Settings menu, under My app settings, click Office 365.
27. On the Settings page, click Software.
Note: Because this user is not licensed for Office 365 ProPlus, Office 2016 is not available
for download.

29. Open Microsoft Edge, and browse to https://login.microsoftonline.com/
30. Sign in as Roman@Adatumvsxxxx.virsoftlabs.com with password Pa$$w0rd.
Note: This user has a license, but Skype for Business and Office are not available for
download.
34. Click Phone & tablet. Verify that Phone apps and Tablet apps are available.
36. Open Microsoft Edge, and browse to https://login.microsoftonline.com/
40. In the Software for PC section, set the 2016 version switch to On.
41. Verify that Office and Skype for Business are both set to on.
44. On LON-CL3, verify that you are logged in as Roman.
Note: This user has a license, and Office 2016 (including Skype for Business) is available
for download.
Task 2: Install Office 365 ProPlus from the Office 365 portal
1. On LON-CL3, in Microsoft Edge, on the Software / Office page, in the Language drop-down list
box, ensure that English (United States) is selected.
2. Under version, ensure that 32-bit (Recommended) is selected.
Note: To see the 64-bit version option, you must click Advanced.
3. Click Install.
4. In the Microsoft Edge notification bar, after Setup.X86.en-us_O365ProPlusRetail_nnnn.exe has
finished downloading, click Run.
5. In the User Account Control dialog box, in the User name text box, type Adatum\Holly, and in the
Password text box, type Pa$$w0rd, and then click Yes.
6. On the taskbar, click the Office icon, and note the status of the download.
Note: It will take several minutes to complete, but applications are available now.
7. Click Close when the wizard finishes.

8. Go to the Start screen.
9. On the Start screen, click Word 2016.
10. In the First things first dialog box, click Accept.
11. In the top-right corner, click Sign in to get the most out of Office.
12. In the Sign in dialog box, type Roman@Adatumvsxxxx.virsoftlabs.com, and then click Next.
13. In the Office 365 dialog box, in the Password text box, type Pa$$w0rd, and then click Sign in.
14. Once signed in, your subscription license is activated. At the top right, under Roman Miler, click
Switch account.
15. Click SIGN OUT, and then next to Roman Miler, click Sign out.
16. In the Remove Account message box, click Yes.
17. In the top-right corner, click Sign in to get the most out of Office.
18. In the Sign in dialog box, type Holly@Adatumvsxxxx.virsoftlabs.com, and then click Next.
20. Click Blank document.
21. In the new Word document, type the text Meeting Agenda, and then press Enter.
22. At the next line, type =Lorem(), and then press Enter.
Note: The option to quickly insert "random" text in a document, has been a fairly unknown feature
since Word 97 Standard Edition .
23. On the File menu, click Save.
24. Click Sites A. Datum (not OneDrive - A. Datum), and then click A. Datum in the right pane.
25. Double-click the Documents document library, ensure that the File name is
Meeting Agenda.docx, and then click Save.
26. Close Word.
27. In Microsoft Edge, on the Software / Office page, on the Edge menu bar, click the Refresh icon (or
press the F5 key).
Note that you now have a new Manage installs section at the top of the page where you can
manage Office 365 installs.
Task 3: Manage office licenses

5. On the Active users page, click Roman Miler.
6. On the Roman Miler page, in the Product licenses section, click Edit.
7. Set the Office 365 ProPlus switch to Off to remove the license from the Roman Miler account.
9. Close the Roman Miler page.
10. At the top right corner, click the User icon, and then click Sign out.
Note: Note that the Office installation is no longer listed, as Roman Miler no longer has an
active license. The Office 365 ProPlus applications will still be available to the user on any
machine on which he already installed them, but within 30 days, they will drop into
low-functionality mode. This means he will only be able to read and print documents.
Task 4: Reactivate Office 365 ProPlus

2. Open Microsoft Edge, and browse to https://login.microsoftonline.com/.

6. On the Active users page, click Roman Miler.
7. On the Roman Miler page, in the Product licenses section, click Edit.
8. Set the Office 365 ProPlus switch to On.
10. Close the Roman Miller page.

Results: After completing this exercise, you should be able to activate Office 365 ProPlus for self-
service installations and set licensing options correctly for end users so that deployment and installation
is possible.
Exercise 3: Managing centralized Office 365 ProPlus installations

Task 1: Configure a Group Policy Object (GPO) to distribute the custom installation
1. On LON-DC1, in Server Manager, on the Tools menu, click Active Directory Users and
Computers.
2. In Active Directory Users and Computers, in the console tree, right-click Adatum.com, click New,
and then click Organizational Unit.
3. Type Adatum_Computers, and then click OK.
4. In the console tree, under Adatum.com, select the Computers container.
5. In the Computers container, right-click LON-CL4, click Move, select Adatum_Computers, and
then click OK.
6. In Server Manager, on the Tools menu, click Group Policy Management.
7. In Group Policy Management, expand Forest: Adatum.com, expand Domains, expand
Adatum.com, and then select Adatum_Computers.
8. Right-click Adatum_Computers, and then click Create a GPO in this domain, and Link it here.
9. In the New GPO dialog box, in the Name box, type DeployOffice16, and then click OK.
10. In the right pane, right-click DeployOffice16, and then click Edit..
11. In Group Policy Management Editor, expand Computer Configuration, expand Policies, expand
Windows Settings, and then select Scripts (Startup/Shutdown).
12. In the right pane, right-click Startup, and then click Properties.
13. In the Startup Properties dialog box, click Show Files.
14. Right-click in the Startup folder, click New, and then click Text Document.
15. Rename the new text file from New Text Document.txt to DeployOffice16.cmd.
16. Right-click DeployOffice16.cmd, and then click Edit.
17. In the Open File - Security Warning message box, click Run.
Note: The security warning appears, because Group Policy Management editor opened the Startup
folder as a network location through \\Adatum.com\Sysvol, and not as a local path through C:\. The
"Run" command in this case means "run the Edit command on this network file".
18. In Notepad, add the following line:
\\LON-CL1\Office16\setup.exe /configure \\LON-CL1\Office16\AdatumConfiguration.xml
19. Close Notepad, and click Save.

20. Close the Startup folder.
21. In Group Policy Management Editor, in the Startup Properties dialog box, click Add.
22. In the Add a Script dialog box, click Browse.
23. In the Browse dialog box, select DeployOffice16.cmd, and then click Open.
24. In the Add a Script dialog box, click OK.
25. In the Startup Properties dialog box, click OK.
26. Close Group Policy Management Editor.

Note that you could also deploy this script by using Microsoft Intune, Microsoft System Center
Configuration Manager, or other software distribution methods.
Task 2: Verify the installation

1. On LON-CL4, right-click the Start button, and click Command Prompt (Admin).
2. In the User Account Control dialog box, in the User name text box, type Adatum\Holly, in the
Password text box, type Pa$$w0rd, and then click Yes.
gpupdate.exe /force
4. Wait for the Group Policy to update both the computer policy and the user policy.
5. Close the command prompt.
6. Restart the LON-CL4 computer.
7. After LON-CL4 has restarted, wait one minute before continuing. This is to allow the Group Policy
settings to take effect on LON-CL4.
8. Sign in as ADATUM\Maira with password Pa$$w0rd.
9. On the Start screen, notice that Office 2016 is installed. You might have to wait a few minutes before
you see any available Office applications.
10. Click Word 2016. If you do not see it on the Start screen, type Word to bring up the icon.
11. In the Activate Office dialog box, type Maira@Adatumvsxxxx.virsoftlabs.com, and then click
Next.
13. In the Account Updated message box, click OK.
14. In the First things first message box, click Accept.
15. In the What's New in Word message box, click Close.
16. Click Blank document.
17. In the new Word document, type the text Meeting Report, and then press Enter.
18. At the next line, type =Rand.old(), and then press Enter.
20. On the Save As page, click Browse.
21. Verify that the Save As dialog box, opens with the This PC > Documents folder.
22. Ensure that the File name is Meeting Report.docx, and then click Save.
23. Close Word 2016.
24. Right-click the taskbar, and then click Task Manager.
25. In Task Manager, on the Details tab, notice the OfficeClickToRun.exe process in the process list.
Note: Check Task Manager for your deployment. These items will all be present in a
successful install.
26. Close Task Manager.
Results: After completing this exercise, you will have enabled centralized managed deployment of Office
365 ProPlus and implemented a standardized Microsoft Office configuration by using one version of
Office.
L6-48 Planning and Managing Exchange Online Recipients and Permissions
Module 6: Planning and Managing Exchange Online

Recipients and Permissions
Lab: Managing Exchange Online recipients
and permissions
Exercise 1: Configuring Exchange Online recipients
Task 1: Create user mailboxes
5. On the Active users page, click Add a user.
6. On the New User page, enter the following information:
o First name: Martina
o Last name: Blair
o Display name: Martina Blair

o User name: Martina
7. Click Password, and then select Let me create the password.
8. In the Password text box, and the Retype password text box, type Pa$$w0rd.
9. Clear the Make this user change their password when they first sign in check box.
10. Click Product licenses, and ensure that the switch for Office 365 Enterprise E3 is On.
11. Click Save.
12. On the Martina Blair page, clear Send password in email, and then click Close.
13. Repeat the previous steps to add the following additional users:
o Matt Villagomez - assign user name MattV, because Matt@adatumvsxxxx.virsoftlabs.com is
already in use
o Olivia Emerson
o Kendra Sexton
14. In the left navigation pane, expand Admin Centers, and then click Exchange.
15. In the Exchange admin center, in the left navigation pane, click recipients.
Note: It might take a few minutes for the mailboxes to appear. Click the refresh icon
periodically until they do.
Task 2: Create groups and assign mailboxes

1. On the recipients page, click groups.
2. Click the + icon, and then click Distribution group.
3. In the New Distribution Group window, in the Display name text box, type IT.
4. In the Alias box, type IT.
5. Ensure that the Email address name is IT.
6. Under Members (not under Owners), click the + icon.

7. In the Select Members window, select Olivia Emerson, click Add, and then click OK.
8. In the New Distribution Group window, click Save.
9. Repeat the previous steps to add the following additional distribution groups and members:
o Managers - and member Martina Blair
o Development - and member Matt Villagomez
o Sales - and member Kendra Sexton
Task 3: Connect to Exchange Online with Windows PowerShell

1. Minimize Microsoft Edge.
2. On the desktop, right-click Windows Azure Active Directory Module for Windows PowerShell,
and then click Run as administrator.
3. At the User Account Control prompt, click Yes.
4. In the Windows PowerShell window, type the following command, and then press Enter:
$cred = Get-Credential
5. In the Windows PowerShell credentials request dialog box, sign in as

Holly@Adatumvsxxxx.virsoftlabs.com, and password Pa$$word.
Connect-MsolService Credential $cred
$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri

"https://outlook.office365.com/powershell-liveid/" -Credential $cred -Authentication Basic -
AllowRedirection
Import-PSSession $exchangeSession -DisableNameChecking
Get-AcceptedDomain
Note: This command returns the list of accepted domains and verifies that you can
connect to your Office 365 subscription.
Task 4: Create resource mailboxes

1. In Microsoft Edge, in the Exchange admin center, in recipients, click resources.
Note: There are currently no resources defined yet.
New-Mailbox -Name "Conference Room" Room
Set-CalendarProcessing "Conference Room" -AutomateProcessing AutoAccept
New-Mailbox -Name "Demonstration Laptop" Equipment
Set-CalendarProcessing "Demonstration Laptop" -AutomateProcessing AutoAccept
Note: If you receive an error running the Set-CalendarProcessing cmdlet for either of
these objects, wait a few moments and repeat.
6. In Microsoft Edge, in the Exchange admin center, click the Refresh icon. You should see both new
resources.
Set-Mailbox "Conference room" ResourceCapacity 25
8. In Microsoft Edge, in the Exchange admin center, click the Refresh icon. You should see the
changes you made in the details pane on the right.
Task 5: Configure additional Exchange Online recipients

1. On LON-CL1, in the C:\Labfiles, right-click ExternalContacts.csv, and then click Edit. Review the
file contents, and then close Notepad.
2. In Microsoft Edge, in the Exchange admin center, click contacts.
cd C:\Labfiles
Import-Csv .\Externalcontacts.csv | ForEach {New-MailContact -Name $_.Name -DisplayName

$_.Name -ExternalEmailAddress $_.ExternalEmailAddress -FirstName $_.FirstName -LastName
$_.LastName}
Import-Csv .\ExternalContacts.csv | ForEach {Set-Contact $_.Name -StreetAddress

$_.StreetAddress -City $_.City -StateorProvince $_.StateorProvince -PostalCode $_.PostalCode
-Phone $_.Phone -MobilePhone $_.MobilePhone -Pager $_.Pager -HomePhone $_.HomePhone -Company
$_.Company -Title $_.Title -OtherTelephone $_.OtherTelephone -Department $_.Department -Fax
$_.Fax -Initials $_.Initials -Notes $_.Notes -Office $_.Office -Manager $_.Manager}
6. In Microsoft Edge, in the Exchange admin center, in contacts, click the Refresh icon. You can see
the newly created objects.
Results: After completing this exercise, you will have created and configured Microsoft Exchange Online
recipients.
Exercise 2: Configuring delegated administration

Task 1: Assign users to built-in role groups
1. In the Exchange admin center, click permissions.
2. On the admin roles tab, select Organization Management, and then click the Edit icon (pencil
icon).
3. In the Organization Management window, under Members (not under Roles), click the + icon.
4. In the Select Members window, select Olivia Emerson, click add, and then click OK.
5. In the Organization Management window, click Save.
Task 2: Create a new admin role and assign a user to it

1. In the Windows PowerShell window, type the following commands, and then press Enter:
Enable-OrganizationCustomization
New-RoleGroup Name BranchOfficeAdmins roles "Mail Recipients", "Distribution Groups", "Move

Mailboxes", "Mail Recipient Creation"
Add-RoleGroupMember "BranchOfficeAdmins" -Member Martina
Get-RoleGroupMember "BranchOfficeAdmins"
5. In Microsoft Edge, in the Exchange admin center, click the Refresh icon. You can see the new
BranchOfficeAdmins role group.
Task 3: Create a new role assignment policy

1. In Microsoft Edge, in the Exchange admin center, click user roles.
New-RoleAssignmentPolicy "Limited Mailbox Configuration" -Roles MyBaseOptions,

MyAddressInformation, MyDisplayName
Set-RoleAssignmentPolicy "Limited Mailbox Configuration" -IsDefault
4. When prompted, type Y, and then press Enter.
5. In Microsoft Edge, in the Exchange admin center, click the Refresh icon. You can see the new role
assignment policy.
Results: After completing this exercise, you will have configured delegated administration of your
Exchange Online organization.
L7-53 Planning and Configuring Exchange Online Services
Module 7: Planning and Configuring Exchange Online

Services
Lab A: Configuring message transport in
Exchange Online
Exercise 1: Configuring message-transport settings
Task 1: Connect to Exchange Online in Windows PowerShell
1. On LON-CL1, on the desktop, right-click Windows Azure Active Directory Module for Windows
PowerShell, and then click Run as administrator.
2. At the User Account Control prompt, click Yes.
Note: You might have a Windows PowerShell connection to Office 365 open from a
previous lab. If so, you can use the existing connection and skip this step.
3. In Windows PowerShell, type the following command, and then press Enter.
4. In the Windows PowerShell credentials request dialog box, sign in as

Holly@Adatumvsxxxx.virsoftlabs.com, and password Pa$$word.
5. In Windows PowerShell, type the following command, and then press Enter:
$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri

"https://outlook.office365.com/powershell-liveid/" -Credential $cred -Authentication Basic
AllowRedirection
6. Type the following command, and then press Enter:
Import-PSSession $exchangeSession -DisableNameChecking
Task 2: Create a custom send and receive connector to enforce TLS

1. Open Microsoft Edge, and browse to https://login.microsoftonline.com/.
4. In the left navigation pane, expand Admin centers, and then click Exchange.
5. In the Exchange admin center, in the left pane, click mail flow, and then click connectors.
6. Click the + icon.
7. On the Select your mail flow scenario page, in the From list box, select Office 365.
8. In the To list box, select Partner organization, and then click Next.
9. On the New connector page, in the Name text box, type Humongous Insurance Outgoing, and
then click Next.
10. Ensure Only when email messages are sent to these domains is selected, and then click the +
icon.
11. On the add domain page, type humongousinsurance.com, click OK, and then click Next.
12. Ensure Use the MX record associated with the partner's domain is selected, and then click Next.
13. Ensure Always use Transport Layer Security (TLS) to secure the connection is selected, and
ensure Issued by a trusted certificate authority (CA) is selected, and then click Next.
14. On the Confirm your settings page, click Next.
15. On the Validate this connector page, click the + icon.
16. In the Send the test email to the address text box, type
postmaster@humongousinsurance.com, click OK, and then click Validate.
17. Wait while validation completes, and then click Close.
18. On the Validation Result page, click Save.
19. In the Warning window, click Yes.
Note: Validation of mail flow failed because the connector is to a fictitious organization.
This is expected behavior for this lab.
20. In the Exchange admin center, on the connectors tab, click the + icon.
21. On the Select your mail flow scenario page, in the From list box, select Partner organization.
22. In the To list box, select Office 365, and then click Next.
23. On the New connector page, in the Name box, type Humongous Insurance Incoming, and then
click Next.
24. Ensure Use the sender's domain is selected, and then click Next.
25. Click the + icon, type humongousinsurance.com, click OK, and then click Next.
26. Ensure Reject email messages if they aren't sent over TLS is selected, and then click Next.
27. On the Confirm your settings page, click Save.
Task 3: Create transport rules

1. In the Exchange admin center page, click rules.
2. Click the + icon, and then click Apply disclaimers.
3. In the new rule window, in the Name box, type A. Datum Disclaimer.
4. In the Apply this rule if list box, select The recipient is located..., select Outside the
organization, and then click OK.
5. Click Enter text.
6. In the specify disclaimer text window, type the following text, and then click OK.
<HR> If you are not the intended recipient of this message, you must delete it.
7. Click Select one.

8. In the specify fallback action window, select Wrap, and then click OK.
9. In the new rule window, click Save.
10. If the Warning window appears, click Yes.
11. In Exchange admin center, click the + icon, and then click Send messages to a moderator.
12. In the new rule window, in the Name box, type Moderate Managers.
13. In the Apply the rule if list box, select The recipient is a member of...
14. In the Select Members window, select Managers, click add, and then click OK.
15. In the Do the following list box, select Forward the message for approval to...
16. In the Select Members window, select Holly Dickson, click add, and then click OK.
17. In the new rule window, click Save.
21. In the Mail window, click New.
22. In the To field, type the email address of the new Microsoft account that you created for this course.
23. In the Subject field, type Disclaimer Test.
24. In the message body, type This message will have a disclaimer, and then click Send.
25. In Microsoft Edge, open a new tab, and browse to https://outlook.com.
26. Sign in with your Microsoft account
27. Verify that the received message has the disclaimer text If you are not the intended recipient of
this message, you must delete it added at the end of the message body. If the message is not in
the Inbox, check the Junk Email folder.
28. In the Mail window in which you are signed is as Francisco, click New.
29. In the To field, type Martina.
30. In the Subject field, type Moderation Test.
31. In the message body, type This message requires approval by Holly, and then click Send.
32. On LON-CL1, click Start, type Outlook, and then click Outlook 2016.
33. In the Windows Security dialog box, sign in as Holly@Adatumvsxxxx.virsoftlabs.com with
password Pa$$w0rd. If needed, complete the account setup wizard by clicking Next four times.
34. In Outlook, read the approval request, and then click Approve.
35. Close Outlook 2016.
Task 4: Create a journal rule for members of the research department

1. On LON-CL1, in the Exchange admin center, click compliance management, click journal rules,
and then click Select address.
2. In the non-delivery reports window, click Browse, select Holly Dickson, click OK, and then click
Save.
3. In the Warning window, click OK.
4. Click the + icon.
5. In the new journal rule window, in the Send journal reports to textbox, type
journal@humongousinsurance.com.
6. In the Name box, type Development Messages.
7. In the If the message is sent to or received from list box, select A specific user or group...,
select Development, click add, and then click OK.
8. In the Journal the following messages list box, select All messages, and then click Save.
Task 5: Track internal and external message delivery

1. On LON-CL1, in the Exchange admin center, click mail flow, and then click message trace.
2. Review the available search options, and then click search.
3. In the Message Trace results window, double-click the message sent to your Microsoft account.
4. Review the information in the message, including the message events that show that the disclaimer
was applied.
5. Click Close.
6. Double-click the message sent from Francisco to Martina.
7. Review the information in the message, including that the message was sent for moderation.
8. Click Close.
9. In the Message Trace Results window, click Close.
Results: After completing the exercise, you will have configured message-transport settings.
Lab B: Configuring email protection and

client policies
Exercise 1: Configuring email protection
Task 1: Configure the malware filter
1. On LON-CL1, in the Exchange admin center, click protection, and then click malware filter.
2. Click Default, and then click Edit (pencil icon).
3. In the Default window, click settings.
4. Under Notifications, select Notify internal senders.
5. Select Notify administrator about undelivered messages from internal senders, and then in the
Administrator email address text box, type Holly@Adatumvsxxxx.virsoftlabs.com.
6. Select Notify administrator about undelivered messages from external senders, and then in the
Administrator email address text box, type Holly@Adatumvsxxxx.virsoftlabs.com.
7. Click Save.
Task 2: Configure the connection filter

1. On LON-CL1, in the Exchange admin center, click connection filter.
3. In the Default window, click connection filtering.
4. Under IP Block list, click Add (+ icon).
5. In the add blocked IP address window, type 192.168.0.0/24, and then click OK.
6. Select Enable safe list, and then click Save.
Task 3: Configure the spam filter

1. On LON-CL1, in the Exchange admin center, click spam filter.
3. In the Default window, click spam and bulk actions.
4. In the High confidence spam list box, select Quarantine message, and then click Save.
5. Click Add (+ icon)
6. In the new spam filter policy window, in the Name box, type Sales spam policy.
7. In the Spam list box, select Prepend subject line with text.
8. In the High confidence spam list box, select Move message to Junk Email folder.
9. In the Prepend subject line with this text text box, type Junk:.
10. Scroll to the bottom of the window, and under Applied To, in the If list box, select The recipient is a
member of, select Sales, click add, and then click OK.
11. Click Save.
Task 4: Test the spam-filter settings (optional)

1. On LON-CL2, in Microsoft Edge, browse to http://outlook.com, and sign in to your Microsoft
account.
3. In the To field, type Kendra@Adatumvsxxxx.virsoftlabs.com.
4. In the Subject field, type Spam Test.
5. In the body of the message, include the following text, and then click Send.
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

7. In the To field, type Francisco@Adatumvsxxxx.virsoftlabs.com.
8. In the Subject field, type Spam Test.
9. In the body of the message, include the following text, and then click Send.
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
10. On LON-CL1, in the Exchange admin center, click protection, and then click quarantine.
11. Verify that the message sent to Francisco is in quarantine, but the message sent to Kendra is not.
12. Click the message sent to Francisco, click Release Message, and then click Release selected
message(s) to All recipients.
13. In the Warning window, click Yes.
14. When processing is complete, click Close.
15. On LON-CL2, in the Outlook mailbox of Francisco, verify that the message was delivered.
Results: After completing this exercise, you should have configured anti-spam and antivirus settings.
Exercise 2: Configuring client access policies

Task 1: Configure an Outlook Web App policy
1. On LON-CL1, in the Exchange admin center, click permissions, and then click Outlook Web App
policies.
2. Click New (+ icon)
3. In the new Outlook Web App mailbox policy window, in the Policy name text box, type
Limited features.
4. Clear the following check boxes:
o Instant messaging
o Text messaging
o Unified messaging
o LinkedIn contact sync
o Journaling
5. Under Private computer or OWA for devices, clear the Direct file access check box, and then
click Save.
6. Click recipients, select Kendra Sexton, and then click Edit (pencil icon).
7. In the Kendra Sexton window, click mailbox features.
8. Under Email Connectivity, click View Details.
9. In the Outlook Web App mailbox policy window, click Browse, select Limited features, click OK,
and then click Save.
10. In the Kendra Sexton window, click Save.
11. On LON-CL1, click Start, type Outlook and then click Outlook 2016.
12. In the Windows Security dialog box, sign in as Holly@Adatumvsxxxx.virsoftlabs.com with
password Pa$$w0rd.
13. Click New Email.
14. In the new email window, in the To box, type Kendra@Adatumvsxxxx.virsoftlabs.com, and then
click Check Names.
15. In the Subject box, type Attachment Test.
16. In the ribbon, click Attach File, and then click Browse This PC.
17. In the Insert File window, browse to C:\Windows\Logs\DISM, select dism.log, and then click
Insert.
18. Click Send.
19. On LON-CL2, in Outlook on the web, sign out.
20. Sign in again as Kendra@Adatumvsxxxx.virsoftlabs.com with password Pa$$w0rd.
22. Read the new Attachment Test message.
23. Click the message attachment.
24. Click OK to close the message, indicating that you do not have permission to download files.
Task 2: Configure mobile-device access

1. On LON-CL1, in the Exchange admin center, click mobile, and then click mobile device access.
2. Click edit.
3. In the Exchange ActiveSync access settings window, select Quarantine Let me decide to block
or allow later.
4. Under Quarantine Notification Email Messages, click Add (+ icon), select Holly Dickson, click
add, and then click OK.
5. In the Exchange ActiveSync access settings window, click Save.
Task 3: Configure a mailbox policy for mobile devices

1. On LON-CL1, in the Exchange admin center, on the mobile menu, click mobile device mailbox
policies.
2. Click Default (default), and then click Edit (pencil icon).
3. In the Default window, click security, and then select Require a password.
4. Select Allow simple passwords.
5. Select Minimum password length, enter a value of 4, and then click Save.
Task 4: Validate mobile-device management policies (optional)

1. On your mobile device, add a new ActiveSync account for Francisco Chaves.
2. If Autodiscover does not detect the server name, enter outlook.office365.com.
3. Your device will be placed into quarantine, and you must approve the device before you can send
and receive messages.
4. After you configure the Exchange ActiveSync account, the security settings from the mobile-device
mailbox policy will apply, and you may be prompted to create a password on your device.
5. When you finish your testing, you can delete the account from your mobile device.
6. Leave the virtual machines running for the next lab.
Results: After completing this exercise, you should have configured client access policies.
L8-61 Planning and Deploying Skype for Business Online
Module 8: Planning and Deploying Skype for Business Online

Lab: Configuring Skype for Business Online
Exercise 1: Configuring Skype for Business Online organization settings
Task 1: Download and install the Skype for Business Online module for Windows
PowerShell
1. On LON-CL1, open Microsoft Edge, and then browse to
http://go.microsoft.com/fwlink/?LinkId=294688.
2. On the Skype for Business Online, Windows PowerShell Module page, click Download.
3. When SkypeOnlinePowerShell.exe has finished downloading, click Run.
4. In the license dialog box, select I agree to the license terms and conditions, and then click
Install.

6. After the installation completes, click Close.
Task 2: Enable Skype Meeting Broadcast for the organization

1. On LON-CL1, on the Start screen, type PowerShell.
2. In the search results, right-click Windows PowerShell, and then click Run as administrator.
4. At the Windows PowerShell prompt,, type the following command, and then press Enter:
5. In the Windows PowerShell credential request dialog box, sign in as

Holly@Adatumvsxxxx.virsoftlabs.com with password Pa$$w0rd.
$SfbSession = New-CsOnlineSession Credential $cred
7. Type Y to start the WinRM service, and press Enter.

Import-PSSession $SfbSession
Set-CsBroadcastMeetingConfiguration EnableBroadcastMeeting $true
Get-CsBroadcastMeetingConfiguration
11. Verify that the EnableBroadcastMeeting parameter is set to True.

Task 3: Configure the organization settings for Skype for Business Online
1. On LON-CL1, at the Windows PowerShell prompt, type the following command, and then press
Enter:
Set-CsPrivacyConfiguration -EnablePrivacyMode $true
Notice the warning that you receive about enabling client version checking.
Set-CsPushNotificationConfiguration -EnableApplePushNotification $false
3. To verify the privacy notification settings, type the following command, and then press Enter:
Get-CSPrivacyConfiguration
4. To verify the push notification settings, type the following command, and then press Enter:
Get-CSPushNotificationConfiguration
5. To allow users to communicate with public Skype users, type the following command, and then
press Enter:
Set-CsTenantFederationConfiguration AllowPublicUsers $true
6. To allow users to communicate with federated partners, type the following command, and then press
Enter:
Set-CsTenantFederationConfiguration AllowFederatedUsers $true
7. To enable communication with all federated partners except for litware.com, type the following three
commands, and then press Enter after each command:
$AllDomains = New-CsEdgeAllowAllKnownDomains
$BlockedDomain = New-CsEdgeDomainPattern -Domain "litware.com"
Set-CsTenantFederationConfiguration -AllowedDomains $AllDomains BlockedDomains

$BlockedDomain
8. To verify the tenant federation configuration, type the following command, and then press Enter:
Get-CsTenantFederationConfiguration

12. On the Home page, in the left pane, expand Admin centers, and then click Skype for Business.
13. On the Skype for Business admin center, on the left side, click organization.
14. On the general page, under presence privacy mode, verify that the setting is configured as
Display presence information only to a user's contacts.
15. Under mobile phone notifications, verify that Apple Push Notification Service is not enabled.
16. Click external communications.
17. Under external access, verify that On except for blocked domains is selected.
18. Under blocked or allowed domains, verify that litware.com is listed as Blocked.
Task 4: Configure the meeting invitation settings

1. On LON-CL1, in the Skype for Business admin center, click meeting invitation.
2. In the Help URL text box, type http://help.adatum.com.
3. In the Footer text text box, type Sample legal disclaimer.
4. Click save.
5. At the Windows PowerShell command prompt, type the following command, and then press Enter:
Get-CsMeetingConfiguration
6. Verify that the HelpURL and CustomFooterText display the configured information.
Task 5: Validate the meeting invitation settings

1. On LON-CL1, click Start, type Skype, and then open Skype for Business 2016.
2. In the Skype for Business window, under the Sign-in address text box, click Change.
3. In the Skype for Business - Options dialog box, in the Sign-in address text box, type
Holly@Adatumvsxxxx.virsoftlabs.com, and then click OK.
4. Click Sign in.
5. In the Password text box, type Pa$$w0rd. Leave Save my password enabled, and then click Sign
in.
6. Click Yes to save your sign-in info.
7. Open Microsoft Outlook 2016.
8. If needed, in the Windows Security dialog box, sign in as Holly@Adatumvsxxxx.virsoftlabs.com,
with password Pa$$w0rd.
9. On the ribbon, click New Items, click Meeting, and then click Skype Meeting.
10. In the To text box, type Maira.
11. In the Subject text box, type Meeting Test.
12. In the Start time text box and End time text box, change the date to tomorrow's date.
13. Click Send.
14. Open the calendar.

15. Verify that the meeting for tomorrow is in the calendar.
16. Double-click the meeting and verify that the meeting contains the custom footer text and that the
help link reference to http://help.adatum.com.
Results: After completing this exercise, you should have configured Skype for Business Online service
settings.
Exercise 2: Configuring Skype for Business Online user settings

Task 1: Configure Skype for Business user settings
1. On LON-CL1, in Microsoft Edge, in the Office 365 admin center, on the Home page, click Users.
2. On the Active users page, click Christie Thomas.
3. On the Christie Thomas page, in the Product license section, click Edit.
4. Set the Skype for Business Online (Plan 2) switch to Off.
6. Close the Christie Thomas page.
7. In the Skype for Business admin center, on the left side, click users.
8. Verify that Christie Thomas is not listed as a Skype for Business user.
9. In the use list, select Maira Wenzel, and then in the right pane, click Edit (pencil icon).
10. On the general tab, under Audio and video, clear Record conversations and meetings.
11. On the left, click external communications, and clear External Skype users.
12. Click save.
13. In the user list, select Francisco Chaves, and then in the right pane, click Edit (pencil icon).
14. On the general tab, in the Audio and video list box, select Audio only.
15. Click save.
Task 2: Verify Skype for Business communications

1. On LON-CL4, on the Start screen type Outlook, and then click Outlook 2016.
3. On the Add an Email Account page, click Next. If the Office installation wizard launches, wait for
the installation to finish, and then continue.
4. On the Auto Account Setup page, fill in the following information, and then click Next:
o Your Name: Maira Wenzel
o E-mail address: Maira@Adatumvsxxxx.virsoftlabs.com
5. In the Windows Security dialog box, in the Password text box, type Pa$$w0rd.
6. Select Remember my credentials, and then click OK.
7. Click Finish.
8. If the What's New in Outlook dialog box appears, click Close.
9. On the Start screen, type Skype, and then click Skype for Business 2016.
10. On the Welcome - Skype for Business dialog box, in the top right corner, click Skip for now.
11. In the Skype for Business window, sign in as Maira@Adatumvsxxxx.virsoftlabs.com with
password Pa$$w0rd. Leave Save my password enabled.

13. In the Help Make Skype for Business Better dialog box, click No.
14. On LON-CL1, verify that Outlook 2016 and Skype for Business 2016 are open.
15. In Outlook 2016, on the ribbon, click New Items, and then click Meeting.
16. In the Meeting window, click Skype Meeting.
17. In the To text box, type Francisco Chaves; Maira Wenzel.
18. In the Subject text box, type Next meeting.
19. In the Start time section, change the time to today and 15 minutes from now.
20. Click Send.
21. In Skype for Business, in the Find someone text box, type Maira.
22. Double-click Maira Wenzel to open an IM window.
23. In the Maira Wenzel IM window, type Are you coming to the meeting?, and then press Enter.
24. On LON-CL4, verify that the IM from Holly is received
25. In the Holly Dickson IM window, type Yes, I was planning to, and press Enter.
26. In Outlook 2016, accept the meeting request from Holly Dickson.
27. Open the meeting, and then click Join Skype Meeting.
28. In the Join Meeting Audio dialog box, select Don't join audio, and then click OK.
29. Verify that Maira Wenzel is connected to the meeting.
30. On LON-CL1, open the meeting request, click Join Skype Meeting.
32. Verify that Holly Dickson is connected to the meeting.
33. In the meeting window, click the Present icon, and then click Present Desktop.
34. In the Present Desktop window, click Present.
35. In the Skype for Business dialog box, click OK.
36. On LON-CL4, verify that Holly Dickson's desktop is visible in the meeting window.
37. On LON-DC1, open Internet Explorer, and then browse to https://login.microsoftonline.com.

40. In the meeting request from Holly Dickson, click Accept, and then click Send the response now.
41. Click the App launcher icon (9 small squares) at the top of the window, and then click Calendar.
42. Double-click Holly Dickson's meeting request.
43. In the meeting details window, click Join Skype Meeting.
44. In the Skype for Business Web App window, click Sign in if you are an Office 365 user.
45. Close the Join Meeting Audio dialog box.

46. In the View presentation section, click Install to download and install the Skype for Business Web
App plug-in.
47. When the SkypeMeetingApp.msi has finished downloading, click Run.

48. Verify that you can join the meeting and that Holly Dickson's desktop is visible.
49. Close Internet Explorer, and when prompted, click Leave this page.
50. On LON-CL4, disconnect from the meeting.

51. On LON-CL1, disconnect from the meeting.
Results: After completing this exercise, you should have configured Skype for Business Online user
settings and validated Skype for Business Online functionality.
Exercise 3: Configuring a Skype Meeting Broadcast

Task 1: Configure a Skype Meeting Broadcast
1. On LON-CL1, open Microsoft Edge, and browse to https://broadcast.skype.com.
3. In the Skype Meeting Broadcast window, click New Meeting.
4. In the Meeting details window, fill in the following information:
o Meeting title: Test broadcast meeting
o Meeting time: Today's date
o Start time: Within the next 15 minutes
o Duration: 1 hour
o Members: Roman, and then click Check names
o Access: Secure
o Attendees: Maira, and then click Check names
5. Scroll back to the top of the window, and then click Create.
6. In the Skype Meeting Broadcast window, click Create Outlook invitation, and then click Open.
7. In the Test broadcast meeting - Meeting window, click Send Update.
Task 2: Validate the Skype Meeting Broadcast configuration

1. On LON-CL3, on the Start screen, type Outlook, and then click Outlook 2016.
3. On the Add an Email Account page, click Next.
4. On the Auto Account Setup page, fill in the following information, and then click Next:
o Your Name: Roman Miler
o E-mail address: Roman@Adatumvsxxxx.virsoftlabs.com
5. In the Windows Security dialog box, in the Password text box, type Pa$$w0rd. Select Remember
my credentials, and then click OK.
6. Click Finish.
7. On the Start screen, type Skype, and then click Skype for Business 2016.
8. In the Welcome - Skype for Business window, in the top right corner, click Skip for now.
9. In Skype for Business, sign in as Roman@Adatumvsxxxx.virsoftlabs.com with password
Pa$$w0rd. Leave Save my password enabled.
11. In the Help Make Skype for Business Better dialog box, click No.
12. On the Start screen, type PowerPoint, and then click PowerPoint 2016.
13. In PowerPoint 2016, click Blank Presentation.
14. As title for the presentation, type Presentation Skills.
16. On the Save As page, click Browse.
17. In the Save As dialog box, ensure that the Documents folder is opened, and that the file name is
Presentation Skills.pptx, and then click Save.
18. Close PowerPoint 2016.
19. In Outlook, click the broadcast meeting request from Holly Dickson, and then click Accept.
20. In the Reminders pop-up window, double-click the Test broadcast meeting request.
21. Click Join the meeting.
22. On the Skype Meetings page, sign in as Roman@Adatumvsxxxx.virsoftlabs.com with password
Pa$$w0rd.
23. On the Skype Meeting Broadcast page, Join the event.
25. In the meeting window, click Present (monitor icon), and then click Present PowerPoint Files.
26. Browse to the Documents folder, select Presentation Skills.pptx, and then click Open.
27. In the right side of the meeting window, click Content only, and then click Start Broadcast.
28. Click Start Broadcast again.

29. Wait for the broadcast to start.
30. On LON-CL4, signed in as Maira Wenzel, in Outlook 2016, accept the broadcast meeting request
from Holly Dickson.
31. Open the Test broadcast meeting request, and then click Join the Meeting.
32. In the Skype Meetings window, sign in as Maira@Adatumvsxxxx.virsoftlabs.com with password
Pa$$w0rd.
33. On the Skype Meeting Broadcast page, click Join the event.
The Presentation Skills PowerPoint appears.
34. Close the Test broadcast meeting window.
35. On LON-CL3, in the broadcast window, click Stop Broadcast, and then click Stop Broadcast
again.
36. Close the Test broadcast meeting window.
Results: After completing this exercise, you should have configured a broadcast meeting and verified
that users can join the meeting.
L9-69 Planning for and Configuring SharePoint Online
Module 9: Planning for and Configuring SharePoint Online

Lab: Configuring SharePoint Online
Exercise 1: Configuring SharePoint Online settings
Task 1: Configure settings
1. In LON-CL1, open Microsoft Edge, and browse to https://login.microsoftonline.com/.
4. On the Home page, in the left navigation pane, expand Admin centers, and then click SharePoint.
5. In the SharePoint admin center, on the left side, click settings.
6. In the Site Collection Storage Management section, ensure Automatic is selected.
7. Scroll down to the Enterprise Social Collaboration section, and then select Use Yammer.com
service.
8. Scroll down to the External sharing section, and ensure Allow both external users who accept
sharing invitations and anonymous access links is selected.
9. Scroll down, and click OK.
Task 2: Configure user profiles

1. In the SharePoint admin center, on the left side, click user profiles.
2. Under People, click Manage User Profiles.
3. In the Find profiles text box, type Brad, and then click Find.
4. In the results, in the Account name column, right-click the account name for Brad Sutton, and then
on the menu click Edit My Profile.
5. In the Manager text box, type Holly, and then click the Check Names icon.
6. Click Save and Close.
7. On the left side, click user profiles.
8. Under My Site Settings, click Setup My Sites.
9. Scroll down to the My Site Cleanup section.
10. In the Secondary Owner text box, type Holly, and then click the Check Names icon.
Task 3: Configure apps

1. On the left side, click apps
2. On the apps page, click Configure Store Settings.
3. In the Apps for Office from the Store section, select No to disable apps from starting when
documents are opened in the browser.
4. Click OK.
Results: After completing this exercise, you should have configured SharePoint Online service settings.
Exercise 2: Creating and configuring SharePoint Online site collections

Task 1: Create a site collection using the SharePoint admin center
1. On LON-CL1, in Microsoft Edge, in the SharePoint admin center, on the left side, click
site collections.
2. On the Site Collections ribbon, click New, and then click Private Site Collection.
3. In the new site collection dialog box, in the Title section, type Marketing.
4. In the Web Site Address section, in the empty text box, type marketing.
5. In the Administrator section, type Holly, and then click the Check Names icon.
6. Click OK.
Note: SharePoint Online provisions the new marketing site. This process can take a few
minutes.
7. After the new marketing site is created, move the mouse in front of the
https://adatumvsxxxx.sharepoint.com/sites/marketing URL, and then select the appearing check
box.
8. After the marketing site is selected, on the ribbon, click Sharing.
Note: It can take a few minutes until the Sharing icon on the ribbon is active. You can
speed this up by pressing the Refresh icon on the Microsoft Edge menu bar.
9. In the Sharing dialog box, select Allow sharing with all external users, and by using
anonymous access links.
10. Scroll down, and click Save.
Note: The site settings changes to allow external user sharing. This process is usually
done within one minute. Now, external user sharing is enabled and you can use it for this
marketing site.
Task 2: Create a site collection using Windows PowerShell

1. On LON-CL1, in Microsoft Edge, open a new tab, and browse to
http://go.microsoft.com/fwlink/?LinkId=401133 (or http://aka.ms/f04q5o).
2. On the SharePoint Online Management Shell page, click Download.
3. On the Choose the download you want page, select the check box for the 64-bit version with the
highest version number. Click Next.
4. After sharepointonlinemanagement_nnnn_x64_en-us.msi has finished downloading, click Run.
5. On the SharePoint Online Management Shell Setup page, select the I accept the terms in the
License Agreement check box, and then click Install.
6. If a User Account Control dialog box appears, click Yes.
7. When the installation completes, click Finish.

8. In Microsoft Edge, close the SharePoint Online Management Shell tab.
9. On the Start screen, type SharePoint, and then right-click SharePoint Online Management Shell,
and click Run as administrator.
11. At the PowerShell prompt, type the following command, and then press Enter:
Connect-SPOService Url https://adatumvsxxxx-admin.sharepoint.com
12. In the Sign in to your account dialog box, sign in as Holly@Adatumvsxxxx.virsoftlabs.com with
password Pa$$w0rd.
New-SPOSite -Url https://adatumvsxxxx.sharepoint.com/sites/AcctsProj -Owner

Holly@Adatumvsxxxx.virsoftlabs.com -StorageQuota 500 -NoWait -Template PROJECTSITE#0 Title
"Accounts Project"
14. Close the PowerShell window.
Task 3: Configure permissions on the site collections

1. In LON-CL1, in Microsoft Edge, in the SharePoint admin center, on the left side, click
site collections.
2. Move the mouse before https://adatumvsxxxx.sharepoint.com/sites/marketing, and then select
the appearing check box.
3. On the ribbon, click Owners, and then click Manage Administrators.
4. In the manage administrators dialog box, in the Site Collection Administrators section, after
Holly Dickson, type Brad, click the Check Names icon, and then click OK.
Task 4: Verify access to the site collections

1. In LON-CL1, on the Microsoft Edge menu bar, on the right, click More (three dots icon), and then
click New InPrivate window.
2. In the InPrivate window, browse to https://adatumvsxxxx.sharepoint.com/sites/marketing.
3. Sign in as Maira@Adatumvsxxxx.virsoftlabs.com, with password Pa$$w0rd.
Note: The Maira Wenzel account does not have permission to access this site.
4. In the You need permission to access this site text box, type Please enable access for the new
marketing project. Thanks. and then click Request Access.
5. Close the current Microsoft Edge window.
6. In the other Microsoft Edge window, where Holly Dickson is signed in, open another tab, and browse
to https://Adatumvsxxxx.sharepoint.com/sites/marketing.
7. On the Marketing page, in the top right corner, click Settings (gear icon), and then near the bottom
of the menu, click Site settings.
8. On the Site Setting page, under User and Permissions, click Site permissions.
9. Click the Show access requests and invitations link.
10. Under Pending Requests, for Maira Wenzel, right-click the user icon, and then click View Item.
11. Note the message from Maira Wenzel, and then click Close.
12. Under Pending Requests, for Maira Wenzel, click Approve.
13. In the top right corner, click Settings (gear icon), and then click Site Settings.
14. On the Site Settings page, under User and Permissions, click Site permissions.
15. Click Marketing Members.
16. Verify that Maira Wenzel is added to the Marketing Members group.
17. Click New, and then click Add Users.
18. In the Share 'Marketing' dialog box, in the top text box, type Perry, and then click Perry Brill.
19. Click Share.
20. Close the current Microsoft Edge tab.
21. On the Microsoft Edge menu bar, on the right, click More (three dots icon), and then click
New InPrivate window.
22. In the InPrivate window, browse to https://adatumvsxxxx.sharepoint.com/sites/marketing.
23. Sign in as Maira@Adatumvsxxxx.virsoftlabs.com, with password Pa$$w0rd.
24. Verify that you can now access the site.
25. Close the current Microsoft Edge window.
26. Repeat the previous five steps to verify site access for:
o Perry@Adatumvsxxxx.virsoftlabs.com
o Brad@Adatumvsxxxx.virsoftlabs.com
Results: After completing this exercise, you should have created and configured SharePoint Online site
collections.
Exercise 3: Configuring and verifying external user sharing

Task 1: Configure global settings for external user sharing
1. In LON-CL1, in Microsoft Edge, in the SharePoint admin center, on the left side, click settings.
2. Scroll down to the External sharing section
3. Verify that Allow both external users who accept sharing invitations and anonymous access
links is selected.
Task 2: Configure a site collection for external user sharing

1. In SharePoint admin center, on the left side, click site collections.
2. Move the mouse before https://Adatumvsxxxx.sharepoint.com/sites/AcctsProj, and then select

the appearing check box.
3. On the ribbon, click Sharing.
4. In the Sharing dialog box, select Allow sharing with all external users, and by using
anonymous access links.
5. Scroll down, and click Save.
6. Wait for the operation to complete.
Note: In the steps below, the lab steps specify the Microsoft account that you used to set
up Office 365, as the external user to invite to the site. However, that Microsoft account email
address is currently also configured as alternate email address for global administrator Holly
Dickson. To avoid that SharePoint recognizes the alternate email address, and sends the invite
to Holly Dickson instead, you must temporarily change the alternate email address for Holly
Dickson.
Alternatively, you can also use another Microsoft account email address in the lab steps below.
7. In the Office 365 admin center, on the Home page, click Users.
8. On the Active users page, click Holly Dickson.
9. On the Holly Dickson page, in the Roles section, click Edit.
10. On the Edit user roles page, in the Alternative email address text box, type "x" (without quotes) in
front of the email address to specify a different (non-existing) email address.
12. Do not close the Holly Dickson page yet.
13. Open a new Microsoft Edge tab, and browse to
https://Adatumvsxxxx.sharepoint.com/sites/AcctsProj.
14. On the Accounts Project site, in the top right corner, click SHARE.
15. In the Share 'Accounts Project' dialog box, in the top text box, type the email address of the
Microsoft account that you used to set up Office 365, and then in the drop-down list box, click your
email address.
Note that Holly Dickson may appear in the drop-down list box as well.
16. in the bottom text box, type You can now access this shared site on Adatum Publishing.
17. Click Share.
18. Browse to https://Adatumvsxxxx.sharepoint.com/sites/marketing.

19. In the left navigation pane, click Documents.
20. On the Documents page, click New, and then click Word document.
21. In the Word Online window, type (sample text) Marketing Plan for Next Year, and then press Enter.
Wait for Saved to appear in the document title bar.
22. In the document title bar, click the Marketing link.
23. On the Document page, next to the document that you just created, click the ellipsis button (...), and
then click SHARE.
24. In the Share 'Document' dialog box, click Get a link, and then in the drop-down list box, select
Edit link - no sign-in required.
25. In the text box, right-click the link text, and click Select All. Right-click the selected text, and then
click Copy.
26. Click Close.

27. In the SharePoint window, on the SharePoint menu bar, click the Apps icon (9 small squares), and
then click Mail.
28. If prompted, select your language and time zone, and then click Save.
29. In Outlook, click New.
30. In the To box, type the email address for your Microsoft account, and then in the Subject box, type
Shared Document.
31. Right-click in the message box, and then click Paste to paste the copied link text.
32. Click Send.
Task 3: Verify external user sharing

1. On the Microsoft Edge menu bar, on the right, click More (three dots icon), and then click
New InPrivate window.
2. In the InPrivate window, browse to https://outlook.com.
3. Sign in with your Microsoft account.
Note: The Inbox should show two emails from Holly Dickson (or Microsoft Online Services
Team).
4. In the Inbox, open the email message with subject Holly Dickson wants to share Accounts
Project.
5. In the email message, click the Accounts Project link.
6. In the Welcome to SharePoint Online window, click Microsoft Account.
7. Verify that you can access the Accounts Project site.

8. Close the Accounts Projects window.
9. In your Inbox, open the email message with subject Shared Document.
10. In the email message, click the document link.
11. Verify that you can access the Word document in Word Online, and then click Edit in Browser.
12. In the document, at the second line, type (sample text) - Increase social media presence, and then
press Enter. The updated document is saved to SharePoint.
13. Close InPrivate Microsoft Edge windows.
14. In the Office 365 admin center, on the Holly Dickson page, in the Roles section, click Edit.
15. On the Edit user roles page, in the Alternative email address text box, remove "x" (without
quotes) in front of the email address.
17. Close the Holly Dickson page.

Results: After completing this exercise, you should have configured a new site collection for external
user sharing, and you should have shared a site and a document with external users.
L10-76 Planning and Configuring an Office 365 Collaboration Solution
Module 10: Planning and Configuring an Office 365

Collaboration Solution
Lab: Planning and configuring an Office 365
collaboration solution
Exercise 1: Configuring Yammer Enterprise
Task 1: Configure a Yammer organization setting
1. In LON-CL1, open Microsoft Edge, and then browse to https://login.microsoftonline.com/.
3. In the Office 365 portal, click Yammer.
4. On the WHO DO YOU WORK WITH? page, click the X at the top-right corner of the window to close
the page.
5. In Yammer, in the left pane, next to Holly Dickson, click the Settings icon, and then click
NETWORK ADMIN.
6. In the Yammer admin center, in the Network section, click Usage Policy.
7. On the Usage Policy page, select Require users to accept policy during sign up and after any
changes are made to the policy.
8. Select Display policy reminder in sidebar.
9. In the Custom Policy Title text box, replace the existing text with Adatum Acceptable Use Policy.
10. In the Enter your policy in the textbox below text box, type
Welcome to <b>Yammer</b><br>Please be nice!
11. Click Save.

12. In the Adatum Acceptable Use Policy window, click I Accept.
13. In the left pane, next to Holly Dickson, click the Settings icon, and then click NETWORK ADMIN.
14. In the Yammer admin center, in the Network section, click Configuration.
15. In the Email Settings section, select A weekly digest of your group messages.
16. In the Enabled Features section, clear 3rd Party Applications.
17. Click Save.

18. In the Yammer admin center, in the Content and security section, click Data Retention.
19. On the Data Retention Policy page, select Soft Delete.
20. Click Save.
21. In the Yammer admin center, in the Content and security section, click Monitor Keywords.
22. On the Monitor Keywords page, in the Email address text box, type
Holly@Adatumvsxxxx.virsoftlabs.com.
23. In the next text box, type the following words, one per line: gambling, erotic, warez.
24. Click Save.
25. In the Yammer admin center, in the Network section, click Success.
26. On the Success page, click Write a welcome message.

27. In the middle pane, in the What are you working on? text box, type
Welcome to all Adatum users!
28. Click Post.
Task 2: Configure Yammer service settings, and enforce Office 365 identity
NETWORK ADMIN.
2. In the Yammer admin center, in the Content and security section, click Security Settings.
3. On the Security Settings page, scroll down to the Enforce Office 365 identity in Yammer section,
and then select the Enforce Office 365 identity in Yammer check box.
4. In the pop-up dialog box, click Yes, I'm ready.
5. Click Save.
Task 3: Configure the Yammer user experience

EDIT SETTINGS.
2. On the Profile page, click Notifications.
3. In the Send me a digest of message activity drop-down list, click weekly.
4. In the Email me when...section, select only the following three options:

o I receive a message in my inbox
o I log in from somewhere new
o I post a message via email (This will send a confirmation email)
5. Click Save.
Task 4: Use Yammer

1. On LON-CL3, open Microsoft Edge, and browse to https://login.microsoftonline.com.
2. Sign in as Roman@adatumvsxxxx.virsoftlabs.com with password Pa$$w0rd.
3. In the Office 365 portal, click Yammer.
4. In the WHO DO YOU WORK WITH? dialog box, in the first text box, type Christie, and then click
DONE.
5. If needed, in the top right corner of the window, click X to close the dialog box.
6. In the Adatum Acceptable Use Policy dialog box, click I accept.
7. Find the Welcome post from Holly Dickson in the post list.
8. Click LIKE, and then click SHARE.
9. In the Share This Conversation dialog box, on the Post in a Group tab, in the drop-down text box,
type All, and then select All Company. In the text box below, type Welcome from me too.
10. Click Share.
11. Scroll up, and in the What are you working on? text box, type free gambling here, and then click
Post.
13. On LON-CL1, in Microsoft Edge tab, in the Yammer window, click the Office 365 Apps icon (9 small
squares), and click Mail.
14. Verify that you received a message from Yammer with a report about monitored keyword
appearance in the Roman post.
Results: After completing this exercise, you should have enabled Yammer Enterprise for A. Datum.
Exercise 2: Configuring OneDrive for Business

Task 1: Enable OneDrive for Business synchronization
1. On LON-CL3, on the Start screen, type Word, and then click Word 2016.
2. In the Word window, in the top right corner, verify that Word is licensed to Roman Miler.
3. If Word is licensed to another account, click Switch account.
4. In the Accounts dialog box, click SIGN OUT, and then next to the account, click Sign out.
5. In the Remove Account notice, click Yes.
6. At the top right, click Sign in to get the most out of Office.
7. On the Sign in page, in the text box, type Roman@Adatumvsxxxx.virsoftlabs.com, and then click
Next.
8. On the Sign in page, in the Password box, type Pa$$w0rd, and then click Sign in.
9. Verify that Word is now licensed to Roman Miler.
10. Close Word.
12. Sign in as Roman@adatumvsxxxx.virsoftlabs.com with password Pa$$w0rd.
13. In the Office 365 portal, click OneDrive.
14. On the Welcome to OneDrive for Business page, click Next.
15. In the OneDrive window, click New, and then click Word document.
16. In the Word Online window, type (sample text) Travel Journal, and then press Enter.
17. In the black title bar, click Roman Miler.
18. In the OneDrive window, click Sync, and then click Sync now.
19. In the Did you mean to switch apps? dialog box, click Yes.
20. In the Sync the library 'Documents' for Roman Miler? dialog box, click Sync Now.
21. If prompted to sign in, type Holly@adatumvsxxxx.virsoftlabs.com, and click Next.
22. Type Pa$$w0rd and click Sign In.
23. In the Microsoft OneDrive for Business dialog box, click Show my files.
24. Note that File Explorer opens and displays the location where the synchronized files will be stored.
Verify that the Word document has been synchronized to the local computer.
Task 2: Create files to synchronize with OneDrive for Business

1. On LON-CL3, ensure that the OneDrive for Business folder is open in File Explorer.
2. On the ribbon in File Explorer, click Home, click New folder, and then create a new folder named
Private.
3. On the ribbon, click Home, click New folder, and then create a second new folder named Project
A.
4. Double-click the folder Private. Right-click in this folder, and on the context menu, click New, and
then click Microsoft Word Document. Name the document Holidays.docx.
5. Double-click Holidays.docx to open it, and then type some text. Save the changes, and then close
Microsoft Word.
6. See how the document icon in the taskbar changes from two blue arrows to a small green
checkmark icon after the synchronization process is complete. The document has been transferred
to the cloud storage automatically.
7. In the File Explorer window, navigate to OneDrive for Business in the navigation address line to
move one level up.
8. Double-click the folder Project A. Right-click in this folder, and on the context menu, click New, and
then click Microsoft Word Document. Name the document Project targets.docx.
9. Double-click Project targets.docx to open it, and then type some text. Save the changes, and then
close Microsoft Word.
10. Verify that the document synchronizes.
11. To view the files online, switch to the Microsoft Edge window. Refresh the view.
12. In the Files list, you should see your two folders, Private and Project A.
13. Navigate to the Private folder. Click the synchronized document Holidays.docx to open it in Word
Online.
14. Click Edit document, and then click Edit with Word Online. Add some text. The document is
saved automatically when Saved is displayed in the title bar.
15. In the menu bar right beside Word Online, click Roman Miler to return to OneDrive for Business.
16. The content of the Private folder changes, and you will see that you changed the document online.
The changed column shows that the document changed some seconds (or minutes) ago.
17. Switch back to File Explorer. Navigate to the folder Private, and then open Holidays.docx. You will
see that the changes you made in Word Online are synchronized back automatically.
Task 3: Share files with other users

1. In File Explorer, right-click the folder Project A, point to OneDrive for Business, and then click Go
to browser.
2. Microsoft Edge opens. Open the Project A folder, right-click Project Targets.docx, and then click
Share.
SharePoint Online automatically opens a dialog box named Share Project targets.
3. The left navigation pane displays the link Invite people. In the text box, type Holly Dickson.
4. Ensure that the drop-down list on the right has Can edit selected, add a short message in the
message text box, and then click Share.
5. Open a new InPrivate Microsoft Edge window, and connect to https://portal.office.com.
6. Sign in as Holly@adatumvsxxxx.virsoftlabs.com using the password Pa$$w0rd.

7. In the Office 365 Portal, click Mail.
8. Click the message with the subject Roman Miler wants to share Project Targets.
9. In the message box, click Project Targets.

10. When the document opens, click Edit Document, and then select Edit in Word Online. Verify that
you can open the document and edit it. All modifications are stored online in the OneDrive for
Business cloud storage. By default, SharePoint Online creates a new version when the document
changes. This can be viewed by the owner in the version history.
11. Close the InPrivate Microsoft Edge window.
12. In the Microsoft Edge window, right-click Project Targets, and then click Share on the menu bar.
13. Click Shared with, and then click Stop sharing to stop sharing this document. Click Stop sharing
again, and then click Close.
14. Close the Microsoft Edge window.
Results: After completing this exercise, you should have configured OneDrive for A. Datum.
Exercise 3: Configuring Office 365 groups

Task 1: Configure a private Office 365 group
1. On LON-CL1, open Microsoft Edge, and browse to http://login.microsoftonline.com.
2. Sign in as Holly@Adatumvsxxxx.virsoftlabs.com with password Pa$$word.
4. On the Home page, in the left pane, expand Groups, and then click Groups.
5. On the Groups page, click Add a group.
6. In the New Group window, in the Type drop-down list box, verify that Office 365 group is selected.
7. In the New Group window, configure the following settings:
o Name: AdatumMarketing
o Group Id: adatummarketing @ Adatumvsxxxx.virsoftlabs.com
o Description: Adatum Marketing Group
o Privacy: Private Only members can see group content.
o Language: English (United Kingdom)

o Group owner: type Holly, and then click Holly Dickson
8. Click Add, and then click Close.
9. In the AdatumMarketing window, in the Members section, click Edit.
10. In the Search text box, type Roman, and then click Roman Miler.
12. Close the AdatumMarketing page.
Task 2: Configure a public Office 365 group with Windows PowerShell

1. On LON-CL1, on the desktop, double-click Windows Azure Active Directory Module for
Windows PowerShell.

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri

https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -
AllowRedirection
Import-PSSession $session AllowClobber
6. To create a new public Office 365 group named Planning Group, at the PowerShell prompt, type
the following command, and then press Enter:
New-UnifiedGroup DisplayName "Planning Group" -Alias "PlanningGroup" EmailAddresses

PlanningGroup@Adatumvsxxxx.virsoftlabs.com
7. To add user Holly Dickson as owner to group Planning Group, at the PowerShell prompt, type the
Add-UnifiedGroupLinks "Planning Group" -LinkType Owner Links

Holly@Adatumvsxxxx.virsoftlabs.com
8. To add user Francisco Chaves as member to group Planning Group, at the PowerShell prompt,
type the following command, and then press Enter:
Add-UnifiedGroupLinks "Planning Group" -LinkType Member Links

Francisco@Adatumvsxxxx.virsoftlabs.com
Task 3: Explore the Office 365 group components

1. On LON-CL1, in Microsoft Edge, in the Office 365 admin center, click the Apps icon (9 small
squares), and then click Mail.
2. In the left pane, click Planning Group, and then click Start a group conversation.
3. In the text area, type When is the next planning meeting?, and then click Send.
4. On the Planning Group menu bar, click Calendar, and then view the group calendar.
5. Click New.
6. On the Details page, fill out the following information:
o Title: Planning meeting
o Location: Conference room B
o Start: select tomorrow's date

7. Click Save.
8. click the Apps icon (9 small squares), and then click Mail.
9. In the left pane, click Planning Group.

10. On the Planning Group menu bar, click Files, and then wait for the files store to be created.
11. When you see Ready to go, click Take me to Planning Group files.
12. On the OneDrive page, click New, and then click Word document.
13. In the Word Online document, type Planning meeting topics, and then press Enter.
14. When you see Saved in the title bar, close the Microsoft Edge tab.
15. On the Planning Group menu bar, click Files, and verify that the document has been added to the
group.
18. Sign in as Roman@Adatumvsxxxx.virsoftlabs.com, with password Pa$$w0rd.
20. If requested, specify your Time zone, and then click Save.
21. Verify that in the Groups list, the AdatumMarketing group appears.
22. Under Groups, click Discover.
23. On the right side, click Planning Group, and then click Join.
Because this is a public group, you can join the group.
24. In the left pane, click Planning Group.
25. On the Planning Group page, verify that you see the message that Holly Dickson sent to the
group.
26. On the Planning Group menu bar, click Files, and verify that you see the document in the files store.
Results: After completing this exercise, you should have configured Office 365 groups at A. Datum.
L11-83 Planning and Configuring Rights Managements and Compliance
Module 11: Planning and Configuring Rights Management

and Compliance
Lab: Configuring Rights Management and
compliance
Exercise 1: Configuring Rights Management in Office 365
Task 1: Activate Rights Management in Office 365
4. On the Home page, in the left pane, expand Settings and then click Services & add-ins.
5. On the Services & add-ins page, click Microsoft Azure Rights Management.
6. On the Microsoft Azure Rights Management page, click Manage Microsoft Azure Rights
Management settings.
7. On the rights management page, click activate.
8. In the Do you want to activate Rights Management? message box, click activate.
9. Close the current Microsoft Edge tab.
10. On the Microsoft Azure Rights Management page, click Close.
Task 2: Configure Rights Management for Exchange Online

1. On the desktop, double-click Windows Azure Active Directory Module for Windows PowerShell.

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri

https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -
AllowRedirection
Import-PSSession $session
6. To set the IRM sharing location to the region of the tenant, at the PowerShell prompt, type the
following command, and then press Enter.
Set-IRMConfiguration -RMSOnlineKeySharingLocation "https://sp-

rms.eu.aadrm.com/TenantManagement/ServicePartner.svc"
Note: In the first lab, you created a new Office 365 tenant and specified as country
United Kingdom. That is why the preceding command uses the IRM sharing location for
Europe, containing "eu" in the link.
7. To configure Azure RMS as a trusted publishing domain, at the PowerShell prompt, type the
Import-RMSTrustedPublishingDomain -RMSOnline -Name "RMS Online"
8. To enable IRM features for messages sent to internal recipients, at the PowerShell prompt, type the
Set-IRMConfiguration -InternalLicensingEnabled $true
9. To test the confirmation, at the PowerShell prompt, type the following command, and then press
Enter:
Test-IRMConfiguration -Sender Holly@Adatumvsxxxx.virsoftlabs.com
10. At the PowerShell prompt, type the following command, press Enter:
Remove-PSSession $session
11. Close the PowerShell window.
Task 3: Configure Rights Management for SharePoint Online

1. In Microsoft Edge, In the Office 365 admin center, in the left pane, expand Admin centers, and then
click SharePoint.
2. In the SharePoint admin center, in the left pane, click settings.
3. Scroll down to the Information Rights Management (IRM) section, and then select Use the IRM
service specified in your configuration, and then click Refresh IRM Settings.
4. Scroll down to the Information Rights Management (IRM) section again, and verify that the IRM
settings are refreshed successfully.
Task 4: Validate the Azure Rights Management functionality

1. On LON-CL1, on the Start screen, type Word, and then click Word 2016.
2. In the Word window, at the top right corner, click Switch account.
3. In the Accounts dialog box, click Add Account.
4. In the Sign in dialog box, type Holly@Adatumvsxxxx.virsoftlabs.com, and then click Next.
5. Type Pa$$w0rd, and then click Sign in.
6. Close Word 2016.

7. On the Start screen, type Outlook, and then click Outlook 2016.
8. In Outlook, on the ribbon, click New Email.
9. In the new message, in the To text box, type Brad Sutton, and then click Check Names.
10. In the Subject text box, type New details.
11. In the message body, type Did you hear about our merger with Contoso?.
12. On the Options tab, click Permission, and then click Connect to the Rights Management
Servers and get templates.
13. Click Permission again, and then click Do Not Forward.

14. Click Send.
15. In Microsoft Edge, browse to https://adatumvsxxxx.sharepoint.com/sites/marketing.
16. In the left pane, click Documents.

17. On the Library ribbon, on the right side, click Library Settings.
18. On the Settings page, under Permissions and Management, click Information Rights
Management.
19. On the Information Rights Management Settings page, select Restrict permissions on this
library on download.
20. In the Create a permission policy title text box, type Marketing Policy.
21. In the Add a permission policy description text box, type Marketing policy for downloads.
22. Click SHOW OPTIONS.
23. Under Configure document access rights, select Allow viewers to write on a copy of the
downloaded document.
24. Click OK.
27. Sign in as Brad@Adatumvsxxxx.virsoftlabs.com with the password Pa$$w0rd.
29. On the Outlook page, select your time zone, and then click Save.
30. Verify that you received an email from Holly Dickson that is IRM protected.
31. Click the message.

32. Click the down arrow beside Reply all, and then verify that you do not have the option to forward or
print the message.
33. In Microsoft Edge, browse to https://adatumvsxxxx.sharepoint.com/sites/marketing.
34. In the left pane, click Documents.
35. On the Documents page, click Document to open the document in Word Online.
36. In Word Online in the opened document, attempt to add text at the end of the document. Verify that
you get a message that the document is read-only.
Results: After completing this exercise, you will have configured Rights Management for Exchange
Online and SharePoint Online.
Exercise 2: Configuring compliance features

Task 1: Configure Protection Center permissions and audit logging

3. In the Office 365 portal, click the Admin.
4. In the Office 365 admin center, in the left pane, expand Admin centers and then click
Security & Compliance.
5. In the Security & Compliance admin center, click Permissions.
6. On the Permissions page, select Compliance Administrator, and then click Edit (pencil icon).
7. On the Compliance Administrator page, under Members, click Add (+ icon).
8. In the Select Members window, select Brad Sutton, click add, and then click OK.
9. Click Save.
10. On the Permissions page, click go to the Exchange admin center.
11. On the Role Groups page, select Compliance Management, and then click Edit (pencil icon).
12. On the Compliance Management page, under Members, click Add (+ icon).
13. In the Select Members window, select Brad Sutton, click add, and then click OK.
14. Click Save.
15. Close the Role Groups window.
16. On the Permissions page, select eDiscovery Manager, and then click Edit (pencil icon).
17. On the eDiscovery Manager page, scroll down to the eDiscovery Administrator section (not the
eDiscovery Manager section), and then click Add (+ icon).
18. In the Select Members window, select Christie Thomas, click add, and then click OK.
19. Click Save.
20. On the left side, expand Reports, and then click View reports.
21. On the View reports page, click Office 365 audit log report.
22. On the Audit log search page, click Start recording user and admin activities, and then click
Turn on
Task 2: Configure archive mailboxes

1. On LON-CL1, open Microsoft Edge, and then browse to the Security & Compliance admin center
at https://protection.office.com.
2. Sign in as Brad@Adatumvsxxxx.virsoftlabs.com with password Pa$$w0rd.
Brad is a member of the Compliance Administrator role, so he can connect to the protection website.
3. In the Security & Compliance admin center, in the left pane, expand Data management, and then
click Archive.
4. In the Archive window, select Christie Thomas, and then press Ctrl and select Jessica Jennings.
5. Under Bulk Edit, click Enable.
6. In the Warning message box, click Yes.
7. Click Close.
8. On the Archive page, click Refresh (recycle icon), and then in the Archive mailbox column, verify
that Christie Thomas and Jessica Jennings have been enabled for an archive mailbox.
Task 3: Configure retention tags and policies

1. In the Security & Compliance admin center, in the left pane, expand Data management, and then
click Retention.
2. On the Retention page, click Manage retention tags for mailboxes.
3. On the Retention Tags page, click New tag (+ icon), and then select applied automatically to
entire mailbox (default).
4. In the new tag window, in the Name text box, type Research User 1 year move to archive.
5. Under Retention action, select Move to Archive.
6. Under Retention period, in the text box, type 365.
7. Click Save.
8. On Retention Tags page, click New tag (+ icon), and then select applied automatically to entire
mailbox (default).
9. In the new tag window, in the Name text box, type Default 2 years move to Deleted Items.
10. Under Retention action, select Delete and Allow Recovery.
12. Click Save.
13. On Retention Tags page, click New tag (+ icon), and then select applied automatically to a
default folder.
14. In the new tag window, in the Name text box, type Purge Deleted Items 30 days.
15. In the Apply this tag to the following default folder drop-down list box, select Deleted Items.
16. Under Retention action, select Permanently Delete.
18. Click Save.

19. On Retention Tags page, click New tag (+ icon), and then select applied by users to items and
folders (personal).
20. In the new tag window, in the Name text box, type 2 Year Delete.
21. Under Retention action, select Delete and Allow Recovery.
23. Click Save.

24. On Retention Tags page, click New tag (+ icon), and then select applied by users to items and
folders (personal).
25. In the new tag window, in the Name text box, type Never archive.
26. Under Retention action, select Move to Archive.
27. Under Retention period, select Never.
28. Click Save.

29. Close the Retention Tags window.
30. On the Retention page, click Manage retention policies for mailboxes.
31. On the Retention Policies page, click New (+ icon).
32. On the new retention policy page, in the Name text box, type Research MRM Policy.
33. Under Retention tags, click Add (+ icon).
34. In the select retention tags window, press Ctrl and click the following retention tags:
o 1 Year Delete
o 2 Year Delete
o 6 Month Delete
o Default 2 year move to Deleted Items
o Never archive
o Never Delete
o Personal 1 year move to archive
o Purge Deleted Items 30 days
o Research user 1 year move to archive
35. Click add, and then click OK.
36. Click Save.
37. Close the Retention Policies window.
38. On the Retention page, click Assign retention policies to mailboxes.
39. On the Assign Retention Policies to Mailboxes page, select Christie Thomas, and then click
Edit (pencil icon).
40. On the Assign Retention Policy to Christie Thomas page, in the Retention policy drop-down list
box, select Research MRM Policy, and then click Save.
41. In the Warning message box, click Yes.
42. Close the Assign Retention Policies to Mailboxes window.
Task 4: Configure content deletion and preservation policies

1. On the Retention page, click Manage document deletion policies for SharePoint Online and
OneDrive for Business.
2. If the creation of the default policy takes a long time, then on the Microsoft Edge tool bar, click
Refresh, and then click Manage document deletion policies for SharePoint Online and
OneDrive for Business again.
3. On the SharePoint Compliance Policy Center page, click Sample Document Policy.
4. On the Sample Document Policy page, in the Policy name text box, change the name to
Marketing Document Policy.
5. Under Rules for this policy, click New.

6. In the New deletion rule dialog box, in the Name text box, type Delete Messages at 7 Years.
7. Under Delete action, select Permanently Delete.
8. In the Date from when the document deletion will be calculated drop-down list box, select
Created Date.
9. Configure Time period after which the document will be deleted as 7 Years.
10. Select Set as default rule.
11. Click Save, and then click OK.

12. On the Sample Document Policy page, click Save.
13. On the Compliance Policy Center page, on the left side, click Policy Assignments for Site
Collections.
14. On the Policy Assignments for Site Collections page, click new item.
15. On the New: Site Collection Assignment page, click First choose a site collection.
16. In the Choose a site collection dialog box, in the search box, type Marketing, and then click the
Search icon.
17. Select the Marketing check box, and then click Save.
18. On the New: Site Collection Assignment page, click Manage Assigned Policies.
19. In the Add and manage policies dialog box, select the Marketing Document Policy check box,
and then click Save.
20. On the New: Site Collection Assignment page, select Mark Policy as Mandatory, and then click
Save.
21. Close the Policy Assignments for Site Collections tab.
22. On the Retention page, under Preserve, click New (+ icon).
23. On the New preservation policy page, in the Name text box, type Retain contract details, and
then click Next.
24. On the Where do you want us to look? page, select Mailboxes and select SharePoint Online
and OneDrive for Business sites, and then click Next.
25. On the Which mailboxes do you want to include? page, click Add (+ icon).
26. On the Select Mailbox page, select Francisco Chaves, click add, and then click OK.
27. Click Next.
28. On the Which SharePoint Online or OneDrive for Business sites do you want to include?
page, click Add (+ icon).
29. On the Choose sites page, in the site's URL text box, type
https://adatumvsxxxx.sharepoint.com/sites/AcctsProj/, click add, and then click OK.
Note: if validating the site URL takes a long time, then click Cancel, and try to add the site again.
30. Click Next.
31. On the What do you want to look for? page, in the text box, type Contract.\
32. Select the Start date check box, and then pick a date that is two days ago.
33. Leave the End date check box cleared, and then click Next.
34. On the How long do you want to preserve the content? page, in the Time frame to preserve
content drop-down list box, select 7 years, and then click Next.
35. On the Do you want to turn on Preservation Lock? page, ensure that No is selected, and then
click Next.
36. On the Do you want to turn on this policy after it is created? page, ensure that Turn it on is
selected, and then click Next.
37. On the Review your settings page, click Create.
Task 5: Configure data loss protection policies in SharePoint Online

1. In Security & Compliance admin center, in the left pane, expand Security Policies, and then click
Data loss prevention.
2. On the Data loss prevention page, click New DLP policy from template (+ icon).
3. On the What information do you want to protect? page, ensure that Custom is selected, and
then click Next.
4. On the Which services do you want to protect? page, ensure that All SharePoint Online sites
and All OneDrive for Business sites are selected, and then click Next.
5. On the Customize rules page, click New DLP rule (+ icon).
6. In the New DLP Rule window, click Add condition.
7. In the condition drop-down list box, select Content contains sensitive information.
8. Click Add (+ icon).
9. In the Sensitive information types window, select IP address, click add, and then
click OK.
10. On the New DLP Rule page, on the left side, click Actions, and then click Add actions.
11. In the action drop-down list box, select Send a notification.
12. In the Send a notification area, do not change any settings.
13. On the New DLP Rule page, on the left side, click Incident reports.
14. Select Send an incident report to these people when this rule is matched, and then click
Add people.
15. In the Select Members dialog box, select Christie Thomas, click add, and then click OK.
16. On the New DLP Rule page, on the left side, click General.
17. In the Name text box, type IP address check, and then click OK.
18. On the Customize rules page, click Next.
19. On the New DLP policy page, in the Name text box, type Test DLP policy.
20. Select Send notifications and Policy Tips to end users.
21. Click Create.
Task 6: Configuring data loss protection policies for email

1. On the Data loss prevention page, click go to the Exchange admin center.
2. On the Policy Mode page, click New (+ icon), and then select New custom DLP policy.
3. On the new custom DLP policy page, in the Name text box, type Test DLP policy for email.
4. Under Choose a mode for the requirements in this DLP policy, select Enforce.
5. Click Save.
6. On the Policy Mode page, ensure that Test DLP policy for email is selected, and then click Edit
(pencil icon).
7. On the Test DLP policy for email page, on the left side, click rules.
8. Click New (+ icon), and then click Block messages with sensitive information unless the sender
overrides.
9. On the new rule page, on the right side, click Select sensitive information types.
10. On the Contains any of these sensitive information types page, click Add (+ icon), select
IP address, click add, and then click OK.
11. Click OK.

12. On the new rule page, on the right side, click Select one.
13. On the Select Members page, select Christie Thomas, and then click OK.
14. On the new rule page, click add action.
15. In the new drop-down list box, point to Modify the message security, and then select
Apply rights protection.
16. In the select RMS template dialog box, ensure that A. Datum - Confidential View Only is
selected, and then click OK.
17. On the new rule page, select Activate this rule on the following date, and leave the current date
and time configured, and then click Save.
18. In the Warning dialog box, click OK.
19. Click Save.
20. Close the Policy Mode window.
Task 7: Create compliance check content

1. In Microsoft Edge, on the Office 365 Apps icon (9 small squares) click Mail.
3. In the To text box, type your external Microsoft account name.
4. In the Subject text box, type Server IP address.
5. In the message body, The new server IP address is 10.10.0.72.
6. Click Send.
7. Note that Microsoft Outlook sends back a non-delivered message.
8. Click the message from Microsoft Outlook, and then review the message content.
9. At the top of the message, click click here.
10. In the Policy tip, click Show details.
11. Click Override, and then click Send.
Task 8: Validate the configuration

1. Open Microsoft Edge, and then browse to https://outlook.com.
2. Sign in with your Microsoft account.
3. Click the message from Brad Sutton with the subject Server IP address.
4. Verify that the message is protected with Microsoft Information Protection and that you cannot open
the attachment in Microsoft Edge.

6. Open Microsoft Edge, and then browse to https://login.microsoftonline.com.
7. Sign in as Christie@Adatumvsxxxx.virsoftlabs.com with password Pa$$w0rd.

Note: Christie Thomas is a member of the eDiscovery Manager role group.
9. Select your time zone, and then click Save.

10. In the left pane of Christie Thomas' mailbox, under Folders, click More.
11. Verify that a folder named In-Place Archive Christie Thomas has been created.
12. Click the newest message in the mailbox, and then verify that it is a report on the message sent with
the Server IP address subject.
Results: After completing this exercise, you will have implemented the Office 365 compliance features.
L12-93 Monitoring and Troubleshooting Office 365
Module 12: Monitoring and troubleshooting Office 365

Lab: Monitoring and troubleshooting
Office 365
Exercise 1: Monitoring Office 365
Task 1: Send an email to a nonexistent domain
5. In the To text box, type user@alt.none.
6. In the Subject text box, type Meeting invitation.
7. In the message body area, type Will we see you Tuesday?
8. Click Send.
Task 2: Track mail delivery

1. Wait for the delivery failure message from Microsoft Outlook to appear.
2. Double-click the delivery failure message to open it in a separate window.
Notice the reason for the failure: "550 5.4.301 DNS domain does not exist".
3. Right-click in the body text of the message, and then click Select All.
4. Right-click the blue selected text, and the click Copy.

5. Close the delivery failure email message.
6. In Microsoft Edge, create a new tab, and then browse to http://testconnectivity.microsoft.com.
7. On the Microsoft Remote Connectivity Analyzer page, select the Message Analyzer tab.
8. Under Message Header Analyzer, right-click in the text area, and then click Paste.
9. Click Analyze headers.
Note the diagnostic information and the time taken for the message to be rejected.
10. Click Clear to reset the Message Header Analyzer.
Task 3: Send an email to a nonexistent user

1. In Microsoft Edge, switch to the Mail - Holly Dickson tab.

3. In the To text box, type jimmy@Adatumvsxxxx.virsoftlabs.com.
4. In the Subject text box, type Meeting invitation.
5. In the message body area, type Will we see you Tuesday?
6. Click Send.
Task 4: Track mail delivery

1. Wait for the delivery failure message from Microsoft Outlook to appear.
Notice the reason for the failure: "550 5.1.10 Recipient not found by SMTP address lookup",
or "550 5.1.351 Remote server returned unknown recipient or mailbox unavailable"
2. Right-click in the body text of the message, and then click Select All.
3. Right-click the blue selected text, and the click Copy.
4. Close the delivery failure email message.
5. In Microsoft Edge, switch to the Microsoft Remote Connectivity Analyzer tab.
6. On the Microsoft Remote Connectivity Analyzer page, on the Message Analyzer tab, right-click
in the text area, and then click Paste.
7. Click Analyze headers.
8. Note the diagnostic information and the time taken for the message to be rejected.
9. In Microsoft Edge, close the Microsoft Remote Connectivity Analyzer tab.
Task 5: Analyze mail flow

1. In Microsoft Edge, on the Mail - Holly Dickson tab, click the Office 365 Apps icon (9 small
squares), and then click Admin.
2. If the Are you sure you want to leave this page? dialog box appears, click Leave this page.
3. On the Office 365 Home page, in the left pane, expand Admin centers, and then click Exchange.
4. In the Exchange admin center, in the left pane, click mail flow.
5. On the mail flow page, click message trace.
6. On the message trace page, next to Sender, click add sender.
7. In the Date range drop-down list box, select Past 24 hours.
8. In the Delivery status drop-down list box, select Failed,
9. In the Select Members dialog box, select Holly Dickson, click add, and then click OK.
10. Click Search.
11. In the Message Trace Results window, notice the two found messages.
12. Select the failed message to user@alt.none, and then click Details (pencil icon).
Notice the Message Events (Receive, Submit, Journal, etc.), and the Additional Properties (Message
ID, Message size, IP address information)
13. Double-click each message to view the sender, recipient, message size, ID, and IP address
information.
14. Click Close.
15. Repeat the previous 2 steps for the message to jimmy@Adatumvsxxxx.virsoftlabs.com.

16. Close the Message Trace Results window.
17. In Microsoft Edge, close the Exchange admin center tab.
Results: After completing this exercise, you should have used the Message Header Analyzer to identify
why email failed to deliver.
Exercise 2: Monitoring service health and analyzing reports

Task 1: View Office 365 service health
1. On LON-CL1, on the Office 365 Home page, in the left pane, expand Health, and then click
Service health.
2. On the Service health page, click Exchange Online.
3. On the right side, click View history.
4. Click any entry in the calendar that is colored yellow to see further details about an incident. Details
appear below the calendar.
5. On the left side, click the Home icon.
Task 2: View reports in the Office 365 admin center

1. On the Office 365 Home page, in the left pane, expand Reports, and then click Usage.
2. On the Usage page, click the Email activity pane.
Note: There might be little or no data shown because there is not much mailbox usage in
the lab environment.
3. On the Email activity page, scroll down to see the User details table.
4. In the left pane, expand Reports, and then click Security & compliance.
5. On the Security & compliance page, in the Protection section, click Malware detections.
6. Close the Malware detections window.
7. On the Security & compliance page, in the Protection section, click Spam detections.
8. Close the Spam detections window.

Results: After completing this exercise, you should have monitored the health of Office 365 services and
viewed reports in the Office 365 admin center.
L13-96 Planning and Configuring Identity Federation
Module 13: Planning and Configuring Identify Federation

Lab: Planning and configuring identity
federation
Note: The AD FS exercises in this module use a complex setup. To help understand the setup for this
module, including the IP addresses used, see the graphic below
Exercise 1: Deploying Active Directory Federation Services (AD FS) and

Web Application Proxy
Task 1: Verify UPN Suffix and add DNS records required for AD FS
1. On LON-DC1, open Windows PowerShell.
Get-ADForest
3. Verify that the domain Adatumvsxxxx.virsoftlabs.com is listed as one of the UPN Suffixes for the
local Active Directory Forest. That is the domain that will be federated with Office 365.
certlm.msc
5. In the Certificates console for the local computer, in the left pane, expand Personal, and then select
Certificates.
Notice that in the lab environment, a publicly issued wildcard certificate (*.virsoftlabs.com) for the
virsoftlabs.com domain is already loaded on LON-DC1. Office 365 trusts this certificate when
connecting to the AD FS public endpoint in the lab environment.
6. Close the Certificates console.
ping publicip.virsoftlabs.com
The command returns the public IP address provided by the lab hosting platform, which you should
use for this lab. External clients connect to this IP address to access the AD FS server through the
AD FS Proxy. Note that the DNS name publicip.virsoftlabs.com is only used in this lab exercise,
the DNS name is not used by the AD FS software.
ipconfig
The command returns the private IP address (172.16.0.10) of LON-DC1 where AD FS will be
installed. Later in this exercise, you will configure the AD FS Proxy (on LON-WAP1) to forward
AD FS network traffic to this IP address.
9. Open Server Manager, and then on the Tools menu, click DNS.
10. In DNS Manager, expand LON-DC1, expand Forward Lookup Zones, and then select
Adatumvsxxxx.virsoftlabs.com.
11. Right-click Adatumvsxxxx.virsoftlabs.com, and then click New Host (A or AAAA).
12. In the New Host dialog box, provide the following information, click Add Host, and then click OK.
o Name: (leave blank)
o IP address: (type the public IP address provided earlier in this task)
o Time to live (TTL): 0:0:2:0
Note: To configure AD FS, you would normally not leave the host name blank, but instead use
fs.Adatumvsxxxx.virsoftlabs.com or adfs.Adatumvsxxxx.virsoftlabs.com. However, in the lab
environment a single wildcard certificate *.virsoftlabs.com is used, which only matches one
subname level in front of virsoftlabs.com, not two subname levels.
Also, for ease of testing and changing, a very short TTL of 2 minutes is used.
13. Click Done.
Task 2: Install and configure the AD FS server role

Add-KdsRootKey EffectiveTime (Get-Date).AddHours(-10)
Get-KdsRootKey
The Add-KdsRootKey command creates a root key that is needed by the Key Distribution Service
(KDS) to generate and maintain the password for a Group Managed Service Account (gMSA),
instead of manually creating and maintaining a new service account to run the AD FS service. To
allow for replication between multiple domain controllers, a new KDS root key is not available until
10 hours after creation. In a single DC environment, you can safely set the "effective time" 10 hours
in the past, so that the root key is available immediately.
3. In Server Manager, on the Dashboard page, click Add Roles and Features.
4. In the Add Roles and Features Wizard, on the Before you begin page, click Next.
5. On the Select installation type page, select Role-based or feature-based installation, and then
click Next.
6. On the Select destination server page, ensure that LON-DC1.Adatum.com is selected, and then
click Next.
7. On the Select server roles page, select Active Directory Federation Services, and then click
Next.
8. On the Select features page, click Next.
9. On the Active Directory Federation Services (AD FS) page, click Next.
10. On the Confirm installation selections page, click Install.
11. When the installation is completed, on the Installation progress page, click Close.
12. In Server Manager, click the Notifications icon (flag and exclamation mark icon), and then click
Configure the federation service on this server.
13. In the Active Directory Federation Services Configuration Wizard, on the Welcome page, ensure
that Create the first federation server in a federation server farm is selected, and then click
Next.
14. On the Connect to Active Directory Domain Services page, click Next.
15. On the Specify Service Properties page, use the following settings, and then click Next:
o SSL Certificate: select the *.virsoftlabs.com certificate.
o Federation Service Name: type Adatumvsxxxx.virsoftlabs.com (replacing *.virsoftlabs.com).
o Federation Service Display Name, type Adatum Corporation.
16. On the Specify Service Account page, ensure that Create a Group Managed Service Account is
selected, and then in the Account Name text box, type svc-adfs, and then click Next.
17. On the Specify Configuration Database, ensure Create a database on this server using
Windows Internal Database is selected, and then click Next.
18. On the Review Options page, click Next.
Note: You can ignore the warning about the root key replication.
19. Once the prerequisites check is complete, on the Pre-requisite Checks page, click Configure.
20. When the configuration completes, on the Results page, click Close.
Task 3: Verify that AD FS is operational

1. In Server Manager, on the Tools menu, click Event Viewer.
2. In Event Viewer, in the left pane, expand Applications and Services Logs, expand AD FS, and
then select Admin.
3. In the Event ID column, verify that there is an AD FS event with ID 100. This event indicates that the
Federation Service started successfully.
4. Close Event Viewer.
Task 4: Install the Web Application Proxy server role service

1. On LON-WAP1, open Windows PowerShell.
certlm.msc
3. In the Certificates console for the local computer, in the left pane, expand Personal, and then select
Certificates.
In the lab environment, the publicly issues wildcard certificate *.virsoftlabs.com is already loaded
on LON-WAP1.
4. Close the Certificates console.
ipconfig /all
Notice that the LON-WAP1 server represents a Web Application Proxy (WAP) server in a corporate
DMZ area. It is not configured with the DNS address of the internal domain. You must edit the local
hosts file, so that the AD FS service name (Adatumvsxxxx.virsoftlabs.com, or
fs.Adatumvsxxxx.virsoftlabs.com, etc.) can resolve to the AD FS server on the internal network.
notepad.exe C:\Windows\System32\drivers\etc\hosts
7. At the end of the hosts file, on a separate line, add the following text:
172.16.0.10 Adatumvsxxxx.virsoftlabs.com
8. Close Notepad, and click Save to save the changes to the hosts file.
9. Open Internet Explorer and browse to
https://Adatumvsxxxx.virsoftlabs.com/adfs/services/trust/mex.
10. Verify that Internet Explorer displays federation meta data in xml-format, and that Internet Explorer
does not give a warning message about the security certificate.
The result confirms that the LON-WAP1 server can now correctly resolve the
Adatumvsxxxx.virsoftlabs.com name, and connect to the AD FS server on the internal network.
12. Open Server Manager, and then on the Dashboard page, click Add Roles and Features.
13. In the Add Roles and Features Wizard, on the Before you begin page, click Next.
14. On the Select installation type page, select Role-based or Feature-based installation, and then
click Next.
15. On the Select destination server page, ensure that LON-WAP1 is selected, and then click Next.
16. On the Select server roles page, select Remote Access, and then click Next.
17. On the Select features page, click Next.
18. On the Remote Access page, click Next.
19. On the Select role services page, select Web Application Proxy.
20. In the Add features that are required for Web Application Proxy? dialog box, click
Add Features, and then click Next.
21. On the Confirm installation selections page, click Install.
22. When the installation is complete, on the Installation progress page, click Close.
Task 5: Configure the Web Application Proxy server

1. In Server Manager, click the Notifications icon (flag and exclamation mark icon), and then click
Open the Web Application Proxy Wizard.
2. In the Web Application Proxy Configuration Wizard, on the Welcome page, click Next.
3. On the Federation Server page, use the following settings and then click Next:
o Federation service name: Adatumvsxxxx.virsoftlabs.com
o User name: Adatum\Administrator
4. On the AD FS Proxy Certificate page, select the *.virsoftlabs.com certificate, and then click Next.
5. On the Confirmation page, click Configure.
6. When the configuration is complete, on the Results page, click Close.

After the Web Application Proxy Wizard is closed, the Remote Access Management Console opens.
7. In the Remote Access Management Console, in the left pane, select Operations Status.
8. In the middle pane, for AD FS Proxy, confirm that the Status is Working.
9. Close the Remote Access Management Console.
Task 6: Verify that the Web Application Proxy server is operational

1. On the student computer (or any computer on the Internet), open Internet Explorer, and browse to
https://adatumvsxxxx.virsoftlabs.com/adfs/ls/idpinitiatedsignon.aspx.
2. On the Adatum Corporation test sign in page, click Sign in.
3. Sign in as Brad@Adatumvsxxxx.virsoftlabs.com, with password Pa$$w0rd.
4. Verify that on the test sign in page, the message appears "You are signed in".
This result confirms that you can successfully authenticate from the Internet through the Web
Application Proxy (WAP) server against the AD FS server on the internal network.
5. Click Sign Out.
Results: After completing this exercise, you should have deployed the AD FS server in a federation
server farm, and deployed the Web Application Proxy server to support AD FS.
Exercise 2: Configuring federation with Microsoft Office 365

Task 1: Switch the Office 365 tenant to federated mode
1. On LON-DC1, open Internet Explorer, and browse to https://login.microsoftonline.com.
4. On the Office 365 Home page, click Users.

5. On the Active Users page, click Holly Dickson.
6. On the Holly Dickson page, in the Email address section, click Edit.
7. On the Edit email addresses page, under User name, change the user name suffix to
Adatumvsxxxx.onmicrosoft.com.

Note: Holly Dickson cannot change the Adatumvsxxxx.virsoftlabs.com to a federated domain if she
is logged in using an account from this domain.
Connect-MsolService

password Pa$$w0rd.
Get-MsolDomain
13. Verify that your lab domain Adatumvsxxxx.virsoftlabs.com is listed as Verified and Managed.
Set-MsolAdfsContext -Computer LON-DC1.Adatum.com
Note: The Set-MsolAdfsContext command sets up a remote connection to the AD FS server. The
command is not really needed when the AD FS server is the local computer.
Convert-MsolDomainToFederated -DomainName Adatumvsxxxx.virsoftlabs.com
16. Verify that you get a Successfully updated 'Adatumvsxxxx.virsoftlabs.com' domain message.
Get-MsolDomain
18. Verify that your lab domain Adatumvsxxxx.virsoftlabs.com is now listed as Verified and
Federated.
Get-MsolFederationProperty -DomainName Adatumvsxxxx.virsoftlabs.com
Results: After completing this exercise, you should have enabled a federation trust between your on-
premises Active Directory domain and Office 365 through your AD FS federation server, and you should
have converted your domain for federated authentication in Office 365.
Exercise 3: Verifying single sign-on (SSO)

Task 1: Verify SSO for internal users
1. On the student computer (or any computer on the Internet), open Internet Explorer, and browse to
https://login.microsoftonline.com.
2. If a list of user accounts appears, then click Use another account.

3. In the Email or phone text box, type Brad@Adatumvsxxxx.virsoftlabs.com, and then press the
Tab key.
4. Verify that you are redirected to the Adatum Corporation sign in page.
Note: If you are not redirected to the Adatum Corporation page, sign in and sign out, or wait a few
minutes for Office 365 to be updated, and try again.
5. In the password text box, type Pa$$w0rd, and then click Sign in.
6. Verify that you are connected to Office 365.
7. In the Office 365 portal, in the top left corner, click the user icon, and then click Sign out.
Results: After completing this exercise, you should have verified SSO authentication to Office 365 for a
user on your corporate network and for a user on your host computer that is connected to the Internet.
Exercise 4: Remove federation from Office 365 domain

Enter.
Connect-MsolService

password Pa$$w0rd.
Get-MsolDomain
4. Verify that your lab domain Adatumvsxxxx.virsoftlabs.com is now listed as Verified and
Federated.
Set-MsolAdfsContext -Computer LON-DC1.Adatum.com
Convert-MSOLDomainToStandard DomainName Adatumvsxxxx.virsoftlabs.com

SkipUserConversion:$true -PasswordFile c:\userpasswords.txt
Note: If you enable user conversion, then a text file will be created containing the new temporary
passwords of the Office 365 users. But even when you skip user conversion, you must specify the
password file parameter in this PowerShell command.
7. Verify that you get a Successfully updated 'Adatumvsxxxx.virsoftlabs.com' domain message.
Get-MsolDomain
9. Verify that your lab domain Adatumvsxxxx.virsoftlabs.com is listed as Verified and Managed.
Note: when logging on to Office 365 again, it may take a few minutes before users are not redirected
to the Adatum Corporation sign in page anymore.
10. Close Windows PowerShell.

20347A Studentlabs Virsoft

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

20347A Studentlabs Virsoft

Uploaded by

Copyright:

Available Formats

20347A

Enabling and Managing Office 365

Version: Hyper-V hosted - by Virsoft Solutions

Introduction to the 20347A Online Labs

There are six different virtual machines for each student.

Welcome to the 20347A Office 365 training

Tips for the Office 365 admin center

Module 1: Planning and Provisioning Office 365

Note that the resulting account is: Holly@Adatumvsxxxx.onmicrosoft.com

Task 2: Verify Office 365 service health

4. Close Microsoft Edge.

Exercise 2: Configuring a custom domain

4. In the left-hand menu, point to Settings and then click Domains.

18. On the Zone File page, click Next.

27. In the Resource Record type dialog box, click Done.

34. Close the Command Prompt window.

Task 2: Complete the custom domain setup

Results: After completing this exercise, you should have:

Added a custom domain.

Exercise 3: Exploring the Office 365 administrator interfaces

4. Review the users list.

Task 2: Explore the Exchange admin center

Task 3: Explore the Skype for Business admin center

Task 4: Explore the SharePoint admin center

Module 2: Managing Office 365 Users and Groups

12. Expand Password.

Task 2: Edit Office 365 users

Task 3: Verify user settings

8. Close Microsoft Edge.

13. In the Office 365 portal, click Admin.

Exercise 2: Managing Office 365 password policies

Task 2: Validate the password policy

4. In the Office 365 portal, click Admin.

Lab B: Managing Office 365 groups and

Task 2: Manage security groups

10. Close Microsoft Edge.

Exercise 2: Managing Office 365 users and groups by using Windows

16. Close Microsoft Edge.

2. If a User Account Control dialog box appears, click Yes.

4. In the Enter Credentials dialog box, sign in as Holly@Adatumvsxxxx.onmicrosoft.com with

New-MsolUser UserPrincipalName Catherine@Adatumvsxxxx.virsoftlabs.com DisplayName

New-MsolUser UserPrincipalName Tameka@Adatumvsxxxx.virsoftlabs.com DisplayName "Tameka

Set-MsolUserLicense -UserPrincipalName Catherine@Adatumvsxxxx.virsoftlabs.com AddLicenses

Set-MsolUserLicense -UserPrincipalName Tameka@Adatumvsxxxx.virsoftlabs.com AddLicenses

Set-MsolUser -UserPrincipalName Catherine@Adatumvsxxxx.virsoftlabs.com -BlockCredential $true

Remove-MsolUser UserPrincipalName Catherine@Adatumvsxxxx.virsoftlabs.com Force

Restore-MsolUser UserPrincipalName Catherine@Adatumvsxxxx.virsoftlabs.com

18. Verify that Catherine Richard is in the Active Users list.

Set-MsolUser -UserPrincipalName Catherine@Adatumvsxxxx.virsoftlabs.com -BlockCredential

Task 3: Modify existing users by using Windows PowerShell

4. In the Find what text box, type xxxx.

Import-Csv -Path C:\Labfiles\O365Users.csv | ForEach-Object { New-MsolUser -UserPrincipalName

9. On LON-CL1, open Microsoft Edge, and then browse to https://login.microsoftonline.com/.

Task 4: Configure groups and group membership by using Windows PowerShell

New-MsolGroup DisplayName "Marketing" Description "Marketing department users"

$MktGrp = Get-MsolGroup | Where-Object {$_.DisplayName -eq "Marketing"}

$Catherine = Get-MsolUser | Where-Object {$_.DisplayName -eq "Catherine Richard"}

$Tameka = Get-MsolUser | Where-Object {$_.DisplayName -eq "Tameka Reed"}

Add-MsolGroupMember -GroupObjectId $MktGrp.ObjectId -GroupMemberType "User" -

Add-MsolGroupMember -GroupObjectId $MktGrp.ObjectId -GroupMemberType "User" -

Get-MsolGroupMember -GroupObjectId $MktGrp.ObjectId

Task 5: Configure user passwords by using Windows PowerShell

Set-MsolPasswordPolicy -DomainName Adatumvsxxxx.onmicrosoft.com ValidityPeriod 90 -