Book Image

Microsoft 365 Mobility and Security – Exam Guide MS-101

By : Nate Chamberlain
Book Image

Microsoft 365 Mobility and Security – Exam Guide MS-101

By: Nate Chamberlain

Overview of this book

Exam MS-101: Microsoft 365 Mobility and Security is a part of the Microsoft 365 Certified: Enterprise Administrator Expert certification path designed to help users validate their skills in evaluating, planning, migrating, deploying, and managing Microsoft 365 services. This book will help you implement modern device services, apply Microsoft 365 security and threat management, and manage Microsoft 365 governance and compliance. Written in a succinct way, you’ll explore chapter-wise self-assessment questions, exam tips, and mock exams with answers. You’ll start by implementing mobile device management (MDM) and handling device compliance. You’ll delve into threat detection and management, learning how to manage security reports and configure Microsoft 365 alerts. Later, you’ll discover data loss prevention (DLP) tools to protect data as well as tools for configuring audit logs and policies. The book will also guide you through using Azure Information Protection (AIP) for deploying clients, applying policies, and configuring services and users to enhance data security. Finally, you’ll cover best practices for configuring settings across your tenant to ensure compliance and security. By the end of this book, you’ll have learned to work with Microsoft 365 services and covered the concepts and techniques you need to know to pass the MS-101 exam.
Table of Contents (22 chapters)
Free Chapter
1
Section 1: Modern Device Services
6
Section 2: Microsoft 365 Security Threat Management
11
Section 3: Microsoft 365 Governance Compliance
17
Section 4: Mock Exams
18
Mock Exam 1
19
Mock Exam 2

Configuring audit log retention

Audit logging keeps track of all sorts of actions that users are taking in your environment across various apps and services. You might find actions included as significant as adding someone to an owner's group with full permission or as small as modifying a document.

Audit logging is not turned on by default, so an administrator will need to turn it on before your organization can benefit from it. The least permissive way of granting this level of authority is to provide the Audit Logs role in Exchange Online (not Security & Compliance). If someone just needs to view/search the logs, they could be assigned the View-Only Audit Logs role. The following screenshot shows a custom admin role group being created and both Audit Logs and View-Only Audit Logs are selected. In reality, you'd select one or the other (not both):

To turn it on...