Book Image

Microsoft 365 Mobility and Security ‚Äö√Ñ√¨ Exam Guide MS-101

By : Nate Chamberlain

Book Image

Microsoft 365 Mobility and Security ‚Äö√Ñ√¨ Exam Guide MS-101

By: Nate Chamberlain

Overview of this book

Exam MS-101: Microsoft 365 Mobility and Security is a part of the Microsoft 365 Certified: Enterprise Administrator Expert certification path designed to help users validate their skills in evaluating, planning, migrating, deploying, and managing Microsoft 365 services. This book will help you implement modern device services, apply Microsoft 365 security and threat management, and manage Microsoft 365 governance and compliance. Written in a succinct way, you’ll explore chapter-wise self-assessment questions, exam tips, and mock exams with answers. You’ll start by implementing mobile device management (MDM) and handling device compliance. You’ll delve into threat detection and management, learning how to manage security reports and configure Microsoft 365 alerts. Later, you’ll discover data loss prevention (DLP) tools to protect data as well as tools for configuring audit logs and policies. The book will also guide you through using Azure Information Protection (AIP) for deploying clients, applying policies, and configuring services and users to enhance data security. Finally, you’ll cover best practices for configuring settings across your tenant to ensure compliance and security. By the end of this book, you’ll have learned to work with Microsoft 365 services and covered the concepts and techniques you need to know to pass the MS-101 exam.

Preface

Who this book is for

What this book covers

How to get the most out of this book

Free Chapter

Section 1: Modern Device Services

Section 1: Modern Device Services

Implementing Mobile Device Management (MDM)

Implementing Mobile Device Management (MDM)

Planning for MDM

Configuring MDM integration with Azure AD

Setting an MDM authority

Setting device enrollment limits for users

Further reading

Managing Device Compliance

Managing Device Compliance

Planning for device compliance

Configuring device compliance policies

Designing, creating, and managing conditional access policies

Further reading

Planning for Devices and Apps

Planning for Devices and Apps

Creating and configuring Microsoft Store for Business

Planning app deployment

Planning device co-management

Planning device monitoring

Planning for device profiles

Planning for MAM

Planning mobile device security

Further reading

Planning Windows 10 Deployment

Planning Windows 10 Deployment

Planning for WaaS

Planning for Windows 10 Enterprise deployment

Analyzing Upgrade Readiness for Windows 10

Additional Windows 10 Enterprise security features

Further reading

Section 2: Microsoft 365 Security Threat Management

Section 2: Microsoft 365 Security Threat Management

Implementing Cloud App Security (CAS)

Implementing Cloud App Security (CAS)

Configuring CAS policies

Configuring connected apps

Designing a CAS solution

Managing CAS alerts

Uploading CAS traffic logs

Further reading

Implementing Threat Management

Implementing Threat Management

Planning a threat management solution

Designing and configuring Azure ATP

Designing and configuring Microsoft 365 ATP policies

Monitoring ATA incidents

Further reading

Implementing Windows Defender ATP

Implementing Windows Defender ATP

Planning our Windows Defender ATP solution

Configuring our preferences

Implementing Windows Defender ATP policies

Enabling and configuring the security features of Windows 10 Enterprise

Further reading

Managing Security Reports and Alerts

Managing Security Reports and Alerts

Managing the Service Assurance Dashboard

Microsoft Secure Score and Azure AD Identity Secure Score

Tracing and reporting on Azure AD Identity Protection

Microsoft 365 security alerts

Azure AD Identity Protection dashboard and alerts

Further reading

Section 3: Microsoft 365 Governance Compliance

Section 3: Microsoft 365 Governance Compliance

Configuring Data Loss Prevention (DLP)

Configuring Data Loss Prevention (DLP)

Configuring DLP policies

Designing data retention policies in Microsoft 365

Monitoring and managing DLP policy matches

Managing DLP exceptions

Further reading

Implementing Azure Information Protection (AIP)

Implementing Azure Information Protection (AIP)

Planning an AIP solution

Planning for classification labeling

Deploying AIP clients

Implementing an AIP tenant key

Planning for WIP implementation

Configuring IRM for workloads

Planning for the deployment of an on-premises Rights Management connector

Implementing AIP policies

Configuring a super user

Further reading

Managing Data Governance

Managing Data Governance

Planning and configuring information retention

Planning for a Microsoft 365 backup

Planning for restoring deleted content

Further reading

Managing Auditing

Managing Auditing

Configuring audit log retention

Configuring the audit policy

Monitoring unified audit logs

Azure AD audit and sign-in logs

Further reading

Managing eDiscovery

Managing eDiscovery

Searching content using the Security & Compliance Center

Planning for in-place and legal holds

Configuring eDiscovery

Further reading

Section 4: Mock Exams

Section 4: Mock Exams

Mock Exam 1

Mock Exam 2

Assessments

Another Book You May Enjoy

Another Book You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Planning an AIP solution

AIP allows you to automatically or manually classify data for protection based on dedicated labels per data type. There are three ways labels can be applied to content (emails or documents):

Automatically, by policy design (detects specified data types and applies labels accordingly)
Manually, by users (selected from the available published labels in Exchange, SharePoint, or Office applications)
Manually, by recommendation (if the AIP client has been deployed to devices, it will provide in-product notifications when sensitive data types are detected and suggest a label accordingly)

Your users could, for example, flag their own documents as confidential, which would apply a specific type of protection to the document. Alternatively, they could create a notice that appears at the top of a document-in-progress letting the user know it identified a social...