Powercamp: Microsoft 365 Certified - Enterprise Administrator Expert

Microsoft 365 ist die cloudbasierte Produktivitätsplattform von Microsoft für Endkunden und Businesskunden. Mit einem Abonnement für Microsoft 365 erhalten Sie die neuesten Produktivitäts-Apps wie Microsoft Teams, OneDrive, Sharepoint Online, Exchange Online und Microsoft 365 for Business/Enterprise und vieles mehr.
Microsoft 365 umfasst ebenso zusätzliche Sicherheits- und Compliance-Funktionen sowie Windows-Lizenzen zusätzlich zu den Kerndiensten.

Dieses PowerCamp geht ganz speziell auf die Einrichtung, Konfiguration und Verwaltung eines Microsoft 365-Tenants einschließlich Verwaltung von Identitäten, Sicherheitskonfigurationen und Umsetzung von Compliance Anforderungen von Microsoft 365 ein.

Des Weiteren sind die Vorbereitungen für die Examen MS-102 und SC-300 ein Schwerpunkt dieses PowerCamps. Bei erfolgreichem Abschluss beider Examen erreichen Sie den Titel „Microsoft 365 certified: Administrator Expert“.

Folgende IT-Jobroles werden in diesem PowerCamp behandelt:

Microsoft 365-Administrator*innen
Microsoft 365-Administrator*innen fungieren als Integrationshub für alle Microsoft 365-Workloads. Sie koordinieren mehrere Microsoft 365-Workloads. Zudem arbeiten sie mit Lösungsarchitekt*innen und anderen Administrator*innen zusammen, die für Workloads, Infrastrukturen, Identitäten, Sicherheit, Compliance, Endpunkte und Anwendungen verantwortlich sind.

Microsoft-Identitäts- und Zugriffs-Administrator*innen
Der Microsoft-Identitäts- und Zugriffs-Administrator entwirft, implementiert und betreibt die Systeme zur Identitäts- und Zugriffsverwaltung einer Organisation mithilfe von Microsoft Azure Active Directory (Azure AD), das Bestandteil von Microsoft Entra ist. Sie konfigurieren und verwalten die Authentifizierung und Autorisierung von Identitäten für Benutzer*innen, Geräte, Azure-Ressourcen und -Anwendungen.
Die Identitäts- und Zugriffsadministrator*innen stellen nahtlose Benutzerumgebungen und Self-Service-Verwaltungsfunktionen für alle Benutzer*innen bereit. Sie stellen sicher, dass die Identität explizit überprüft wird, um Zero Trust-Prinzipien umzusetzen. Sie automatisieren die Verwaltung von Azure AD mithilfe von PowerShell und analysieren Ereignisse mit der Kusto-Abfragesprache (KQL). Außerdem sind sie für die Problembehandlung, das Überwachen und die Berichterstellung für die Identitäts- und Zugriffsumgebung verantwortlich.
Identitäts- und Zugriffsadministrator*innen arbeiten mit vielen anderen Rollen in der Organisation zusammen, um strategische Identitätsprojekte zum Modernisieren von Identitätslösungen zu fördern sowie Hybrididentitätslösungen und Identitätsgovernance zu implementieren.
Sie sollten mit Azure- und Microsoft 365-Diensten und -Workloads vertraut sein.
 
Nach Besuch dieses PowerCamp haben die Teilnehmer*innen Kenntnisse zu folgenden Themen: 

• Bereitstellen und Verwalten eines Microsoft 365-Mandanten
• Verwalten von Benutzern und Gruppen
• Implementieren und Verwalten externer Identitäten
• Implementieren und Verwalten einer Hybrididentität
• Planen, Implementieren und Verwalten der Azure Multi-Factor Authentication (MFA) und Self-Service-Kennwortzurücksetzung
• Planen, Implementieren und Verwalten der Azure AD-Benutzerauthentifizierung
• Planen, Implementieren und Verwalten des bedingten Zugriffs für Azure AD
• Verwalten von Azure AD Identity Protection
• Implementieren der Zugriffsverwaltung für Azure-Ressourcen
• Verwalten und Überwachen des Anwendungszugriffs mithilfe von Microsoft Defender for Cloud Apps
• Planen, Implementieren und Überwachen der Integration von Unternehmensanwendungen
• Planen und Implementieren von Anwendungsregistrierungen
• Planen und Implementieren der Berechtigungsverwaltung
• Planen, Implementieren und Verwalten von Zugriffsüberprüfungen
• Planen und Implementieren von privilegiertem Zugriff
• Überwachen von Azure AD
• Verwalten von Sicherheitsberichten und Warnungen mithilfe des Microsoft 365 Defender-Portals
• Implementieren und Verwalten des E-Mail- und Zusammenarbeitsschutzes mithilfe von Microsoft Defender for Office 365
• Implementieren und Verwalten von Endpoint Protection mithilfe von Microsoft Defender for Endpoint
• Implementieren von Microsoft Purview Information Protection und der Datenlebenszyklusverwaltung
• Implementieren von Microsoft Purview Data Loss Prevention (DLP) 

• Administrator*innen 
• Prüfungsanwärter*innen
• Identity and Access Administrator
• Security Engineer

 allgemeine IT-Administration und grundlegende IT Infrastruktur Kenntnisse sowie grundlegende Sicherheitspraktiken und branchenübliche Sicherheitsanforderungen

5 Tage Microsoft 365-Administrator*innen

Configure your Microsoft 365 experience

• Configure your Microsoft 365 experience
• Manage your tenant subscriptions in Microsoft 365
• Integrate Microsoft 365 with customer engagement apps
• Complete your tenant configuration in Microsoft 365

Manage users, licenses, and mail contacts in Microsoft 365

• Determine the user identity model for your organization
• Create user accounts in Microsoft 365
• Manage user account settings in Microsoft 365
• Manage user licenses in Microsoft 365
• Recover deleted user accounts in Microsoft 365
• Perform bulk user maintenance in Azure Active Directory
• Create and manage guest users
• Create and manage mail contacts

Manage groups in Microsoft 365

• Examine groups in Microsoft 365
• Create and manage groups in Microsoft 3656 
• Create dynamic groups using Azure rule builder
• Create a Microsoft 365 group naming policy
• Create groups in Exchange Online and SharePoint Online

Add a custom domain in Microsoft 365

• Plan a custom domain for your Microsoft 365 deployment
• Plan the DNS zones for a custom domain
• Plan the DNS record requirements for a custom domain
• Create a custom domain in Microsoft 365

Configure client connectivity to Microsoft 365

• Examine how automatic client configuration works
• Explore the DNS records required for client configuration
• Configure Outlook clients
• Troubleshoot client connectivity

Configure administrative roles in Microsoft 365

• Explore the Microsoft 365 permission model
• Explore the Microsoft 365 admin roles
• Assign admin roles to users in Microsoft 365
• Delegate admin roles to partners
• Manage permissions using administrative units in Azure Active Directory
• Elevate privileges using Azure AD Privileged Identity Management

Manage tenant health and services in Microsoft 365

• Monitor the health of your Microsoft 365 services
• Monitor tenant health using Microsoft 365 Adoption Score
• Monitor tenant health using Microsoft 365 usage analytics
• Develop an incident response plan
• Request assistance from Microsoft

Deploy Microsoft 365 Apps for enterprise

• Explore Microsoft 365 Apps for enterprise functionality
• Explore your app compatibility by using the Readiness Toolkit
• Complete a self-service installation of Microsoft 365 Apps for enterprise
• Deploy Microsoft 365 Apps for enterprise with Microsoft Configuration Manager
• Deploy Microsoft 365 Apps for enterprise from the cloud
• Deploy Microsoft 365 Apps for enterprise from a local source
• Manage updates to Microsoft 365 Apps for enterprise
• Explore the update channels for Microsoft 365 Apps for enterprise
• Manage your cloud apps using the Microsoft 365 Apps admin center

Analyze your Microsoft 365 workplace data using Microsoft Viva Insights

• Examine the analytical features of Microsoft Viva Insights
• Create custom analysis with Microsoft Viva Insights
• Configure Microsoft Viva Insights
• Examine Microsoft 365 data sources used in Microsoft Viva Insights
• Prepare organizational data in Microsoft Viva Insights

Explore identity synchronization

• Examine identity models for Microsoft 365
• Examine authentication options for the hybrid identity model
• Explore directory synchronization

Prepare for identity synchronization to Microsoft 365

• Plan your Azure Active Directory deployment
• Prepare for directory synchronization
• Choose your directory synchronization tool
• Plan for directory synchronization using Azure AD Connect
• Plan for directory synchronization using Azure AD Connect Cloud Sync

Implement directory synchronization tools

• Configure Azure AD Connect prerequisites
• Configure Azure AD Connect
• Monitor synchronization services using Azure AD Connect Health
• Configure Azure AD Connect Cloud Sync prerequisites
• Configure Azure AD Connect Cloud Sync

Manage synchronized identities

• Manage users with directory synchronization
• Manage groups with directory synchronization
• Use Azure AD Connect Sync Security Groups to help maintain directory synchronization
• Configure object filters for directory synchronization
• Troubleshoot directory synchronization

Manage secure user access in Microsoft 365

• Manage user passwords
• Enable pass-through authentication
• Enable multifactor authentication
• Enable passwordless sign-in with Microsoft Authenticator
• Explore self-service password management
• Explore Windows Hello for Business
• Implement Azure AD Smart Lockout
• Implement conditional access policies
• Explore security defaults in Azure AD
• Investigate authentication issues using sign-in logs

Examine threat vectors and data breaches

• Explore today's work and threat landscape
• Examine how phishing retrieves sensitive information
• Examine how spoofing deceives users and compromises data security
• Compare spam and malware
• Examine how an account breach compromises a user account
• Examine elevation of privilege attacks
• Examine how data exfiltration moves data out of your tenant
• Examine how attackers delete data from your tenant
• Examine how data spillage exposes data outside your tenant
• Examine other types of attacks

Explore the Zero Trust security model

• Examine the principles and components of the Zero Trust model
• Plan for a Zero Trust security model in your organization
• Examine Microsoft's strategy for Zero Trust networking
• Adopt a Zero Trust approach

Explore security solutions in Microsoft 365 Defender

• Enhance your email security using Exchange Online Protection and Microsoft Defender for Office 365
• Protect your organization's identities using Microsoft Defender for Identity
• Protect your enterprise network against advanced threats using Microsoft Defender for Endpoint
• Protect against cyber attacks using Microsoft 365 Threat Intelligence
• Provide insight into suspicious activity using Microsoft Cloud App Security
• Review the security reports in Microsoft 365 Defender

Examine Microsoft Secure Score

• Explore Microsoft Secure Score
• Assess your security posture with Microsoft Secure Score
• Improve your secure score
• Track your Microsoft Secure Score history and meet your goals

Examine Privileged Identity Management

• Explore Privileged Identity Management in Azure AD
• Configure Privileged Identity Management
• Audit Privileged Identity Management
• Explore Microsoft Identity Manager
• Control privileged admin tasks using Privileged Access Management

Examine Azure Identity Protection

• Explore Azure Identity Protection
• Enable the default protection policies in Azure Identity Protection
• Explore the vulnerabilities and risk events detected by Azure Identity Protection
• Plan your identity investigation

Examine Exchange Online Protection

• Examine the anti-malware pipeline
• Detect messages with spam or malware using Zero-hour auto purge
• Explore anti-spoofing protection provided by Exchange Online Protection
• Explore other anti-spoofing protection
• Examine outbound spam filtering

Examine Microsoft Defender for Office 365

• Climb the security ladder from EOP to Microsoft Defender for Office 365
• Expand EOP protections by using Safe Attachments and Safe Links
• Manage spoofed intelligence
• Configure outbound spam filtering policies
• Unblock users from sending email

Verwalten sicherer Anlagen

• Benutzern mithilfe von „Sichere Anlagen“ vor bösartigen Anlagen schützen
• Richtlinien für "Sichere Anlagen" mit Microsoft Defender für Office 365 erstellen
• Erstellen von Richtlinien für sichere Anlagen mithilfe der PowerShell
• Ändern einer vorhandenen Richtlinie für sichere Anlagen
• Erstellen einer Transportregel zur Umgehung einer Sichere Anlagen-Richtlinie
• Untersuchen der Endbenutzererfahrung mit sicheren Anlagen

Sichere Links verwalten

• Benutzer vor schädlichen URLs mithilfe von"Sichere Links" schützen
• Erstellen von Richtlinien für sichere Links mithilfe von Microsoft 365 Defender
• Richtlinien für sichere Links mit PowerShell erstellen
• Ändern Sie eine bestehende Safe-Links-Richtlinie
• Erstellen einer Transportregel zur Umgehung einer Safe-Links-Richtlinie
• Untersuchen der Endbenutzererfahrung mit sicheren Links

Explore threat intelligence in Microsoft 365 Defender

• Explore Microsoft Intelligent Security Graph
• Explore alert policies in Microsoft 365
• Run automated investigations and responses
• Explore threat hunting with Microsoft Threat Protection
• Explore advanced threat hunting in Microsoft 365 Defender
• Explore threat analytics in Microsoft 365
• Identify threat issues using Microsoft Defender reports

Implement app protection by using Microsoft Defender for Cloud Apps

• Explore Microsoft Defender Cloud Apps
• Deploy Microsoft Defender for Cloud Apps
• Configure file policies in Microsoft Defender for Cloud Apps
• Manage and respond to alerts in Microsoft Defender for Cloud Apps
• Configure Cloud Discovery in Microsoft Defender for Cloud Apps
• Troubleshoot Cloud Discovery in Microsoft Defender for Cloud Apps

Implementieren von Endpoint Protection mithilfe von Microsoft Defender for Endpoint

• Erkunden Sie Microsoft Defender für Endpunkt
• Konfigurieren von Microsoft Defender für Endpunkt in Microsoft Intune
• Onboarden von Geräten in Microsoft Defender for Endpoint
• Verwalten von Endpunktsicherheitsrisiken mit Microsoft Defender Vulnerability Management
• Verwalten der Geräteerkennung und Sicherheitsrisikobewertung
• Verringern Sie Ihr Bedrohungs- und Schwachstellenrisiko.

Implement threat protection by using Microsoft Defender for Office 365

• Explore the Microsoft Defender for Office 365 protection stack
• Investigate security attacks by using Threat Explorer
• Identify cybersecurity issues by using Threat Trackers
• Prepare for attacks with Attack simulation training

4 Tage Microsoft-Identitäts- und Zugriffs-Administrator*innen

Explore identity and Azure AD

• Explain the identity landscape
• Explore zero trust with identity
• Discuss identity as a control plane
• Explore why we have identity
• Define identity administration
• Contrast decentralized identity with central identity systems
• Discuss identity management solutions
• Explain Azure AD Business to Business
• Compare Microsoft identity providers
• Define identity licensing
• Explore authentication
• Discuss authorization
• Explain auditing in identity

Implement initial configuration of Azure Active Directory

• Configure company brand
• Configure and manage Azure Active Directory roles
• Exercise manage users roles
• Configure delegation by using administrative units
• Analyze Azure AD role permissions
• Configure and manage custom domains
• Configure tenant-wide setting

Create, configure, and manage identities

• Create, configure, and manage users
• Exercise - assign licenses to users
• Exercise - restore or remove deleted users
• Create, configure, and manage groups
• Exercise - add groups in Azure Active Directory
• Configure and manage device registration
• Manage licenses
• Exercise - change group license assignments
• Exercise - change user license assignments
• Create custom security attributes
• Explore automatic user creation

Implement and manage external identities

• Describe guest access and Business to Business accounts
• Manage external collaboration
• Exercise - configure external collaboration
• Invite external users - individually and in bulk
• Exercise - add guest users to directory
• Exercise - invite guest users bulk
• Demo - manage guest users in Azure Active Directory
• Manage external user accounts in Azure Active Directory
• Manage external users in Microsoft 365 workloads
• Implement cross-tenant access controls
• Configure identity providers
• Implement and manage Entra Verified ID

Implement and manage hybrid identity

• Plan, design, and implement Azure Active Directory Connect
• Implement manage password hash synchronization (PHS)
• Implement manage pass-through authentication (PTA)
• Demo - Manage pass-through authentication and seamless single sign-on (SSO)
• Implement and manage federation
• Trouble-shoot synchronization errors
• Implement Azure Active Directory Connect Health
• Manage Azure Active Directory Connect Health

Secure Azure Active Directory users with Multi-Factor Authentication

• What is Azure AD Multi-Factor Authentication?
• Plan your multi-factor authentication deployment
• Exercise - Enable Azure AD Multi-Factor Authentication
• Configure multi-factor authentication methods

Manage user authentication

• Administer FIDO2 and passwordless authentication methods
• Explore Authenticator app and OATH tokens
• Implement an authentication solution based on Windows Hello for Business
• Exercise configure and deploy self-service password reset
• Deploy and manage password protection
• Configure smart lockout thresholds
• Exercise - Manage Azure Active Directory smart lockout values
• Implement Kerberos and certificate-based authentication in Azure AD
• Configure Azure AD user authentication for virtual machines

Plan, implement, and administer Conditional Access

• Plan security defaults
• Exercise - Work with security defaults
• Plan Conditional Access policies
• Implement Conditional Access policy controls and assignments
• Exercise - Implement Conditional Access policies roles and assignments
• Test and troubleshoot Conditional Access policies
• Implement application controls
• Implement session management
• Exercise - Configure authentication session controls
• Implement continuous access evaluation

Implement access management for Azure resources

• Assign Azure roles
• Configure custom Azure roles
• Create and configure managed identities
• Access Azure resources with managed identities
• Analyze Azure role permissions
• Configure Azure Key Vault RBAC policies
• Retrieve objects from Azure Key Vault
• Explore Entra Permissions Management (CloudKnox)

Plan and design the integration of enterprise apps for SSO

• Discover apps by using Microsoft Defender for Cloud Apps and Active Directory Federation Services app report
• Configure connectors to apps
• Exercise implement access management for apps
• Design and implement app management roles
• Exercise create a custom role to manage app registration
• Configure pre-integrated gallery SaaS apps
• Implement and manage policies for OAuth apps

Implement and monitor the integration of enterprise apps for SSO

• Implement token customizations
• Implement and configure consent settings
• Integrate on-premises apps by using Azure Active Directory application proxy
• Integrate custom SaaS apps for single-sign-on
• Implement application user provisioning
• Monitor and audit access to Azure Active Directory integrated applications
• Create and manage application collections

Implement app registration

• Plan your line of business application registration strategy
• Implement application registration
• Exercise register an application
• Configure application permission
• Exercise grant tenant-wide admin consent to an application
• Implement application authorization
• Exercise add app roles to application and receive tokens
• Manage and monitor application with App governance

Plan and implement entitlement management

• Define access packages
• Exercise create and manage a resource catalog with Azure AD entitlement
• Configure entitlement managemen
• Exercise add terms of use acceptance report
• Exercise manage the lifecycle of external users with Azure AD identity governance
• Configure and manage connected organizations
• Review per-user entitlements

Plan, implement, and manage access review

• Plan for access reviews
• Create access reviews for groups and apps
• Create and configure access review programs
• Monitor access review findings
• Automate access review management tasks
• Configure recurring access reviews

Plan and implement privileged access

• Define a privileged access strategy for administrative users
• Configure Privileged Identity Management for Azure resources
• Exercise configure Privileged Identity Management for Azure Active Directory roles
• Exercise assign Azure Active Directory roles in Privileged Identity Management
• Exercise assign Azure resource roles in Privileged Identity Management
• Plan and configure Privileged Access Groups
• Analyze Privileged Identity Management audit history and reports
• Create and manage emergency access accounts

Monitor and maintain Azure Active Directory

• Analyze and investigate sign-in logs to troubleshoot access issues
• Review and monitor Azure Active Directory audit logs
• Exercise connect data from Azure Active Directory to Microsoft Sentinel
• Export logs to third-party security information and event management system
• Analyze Azure Active Directory workbooks and reporting
• Monitor security posture with Identity Secure Score