Book Image

Microsoft 365 Mobility and Security ‚Äö√Ñ√¨ Exam Guide MS-101

By : Nate Chamberlain

Book Image

Microsoft 365 Mobility and Security ‚Äö√Ñ√¨ Exam Guide MS-101

By: Nate Chamberlain

Overview of this book

Exam MS-101: Microsoft 365 Mobility and Security is a part of the Microsoft 365 Certified: Enterprise Administrator Expert certification path designed to help users validate their skills in evaluating, planning, migrating, deploying, and managing Microsoft 365 services. This book will help you implement modern device services, apply Microsoft 365 security and threat management, and manage Microsoft 365 governance and compliance. Written in a succinct way, you’ll explore chapter-wise self-assessment questions, exam tips, and mock exams with answers. You’ll start by implementing mobile device management (MDM) and handling device compliance. You’ll delve into threat detection and management, learning how to manage security reports and configure Microsoft 365 alerts. Later, you’ll discover data loss prevention (DLP) tools to protect data as well as tools for configuring audit logs and policies. The book will also guide you through using Azure Information Protection (AIP) for deploying clients, applying policies, and configuring services and users to enhance data security. Finally, you’ll cover best practices for configuring settings across your tenant to ensure compliance and security. By the end of this book, you’ll have learned to work with Microsoft 365 services and covered the concepts and techniques you need to know to pass the MS-101 exam.

Preface

Who this book is for

What this book covers

How to get the most out of this book

Free Chapter

Section 1: Modern Device Services

Section 1: Modern Device Services

Implementing Mobile Device Management (MDM)

Implementing Mobile Device Management (MDM)

Planning for MDM

Configuring MDM integration with Azure AD

Setting an MDM authority

Setting device enrollment limits for users

Further reading

Managing Device Compliance

Managing Device Compliance

Planning for device compliance

Configuring device compliance policies

Designing, creating, and managing conditional access policies

Further reading

Planning for Devices and Apps

Planning for Devices and Apps

Creating and configuring Microsoft Store for Business

Planning app deployment

Planning device co-management

Planning device monitoring

Planning for device profiles

Planning for MAM

Planning mobile device security

Further reading

Planning Windows 10 Deployment

Planning Windows 10 Deployment

Planning for WaaS

Planning for Windows 10 Enterprise deployment

Analyzing Upgrade Readiness for Windows 10

Additional Windows 10 Enterprise security features

Further reading

Section 2: Microsoft 365 Security Threat Management

Section 2: Microsoft 365 Security Threat Management

Implementing Cloud App Security (CAS)

Implementing Cloud App Security (CAS)

Configuring CAS policies

Configuring connected apps

Designing a CAS solution

Managing CAS alerts

Uploading CAS traffic logs

Further reading

Implementing Threat Management

Implementing Threat Management

Planning a threat management solution

Designing and configuring Azure ATP

Designing and configuring Microsoft 365 ATP policies

Monitoring ATA incidents

Further reading

Implementing Windows Defender ATP

Implementing Windows Defender ATP

Planning our Windows Defender ATP solution

Configuring our preferences

Implementing Windows Defender ATP policies

Enabling and configuring the security features of Windows 10 Enterprise

Further reading

Managing Security Reports and Alerts

Managing Security Reports and Alerts

Managing the Service Assurance Dashboard

Microsoft Secure Score and Azure AD Identity Secure Score

Tracing and reporting on Azure AD Identity Protection

Microsoft 365 security alerts

Azure AD Identity Protection dashboard and alerts

Further reading

Section 3: Microsoft 365 Governance Compliance

Section 3: Microsoft 365 Governance Compliance

Configuring Data Loss Prevention (DLP)

Configuring Data Loss Prevention (DLP)

Configuring DLP policies

Designing data retention policies in Microsoft 365

Monitoring and managing DLP policy matches

Managing DLP exceptions

Further reading

Implementing Azure Information Protection (AIP)

Implementing Azure Information Protection (AIP)

Planning an AIP solution

Planning for classification labeling

Deploying AIP clients

Implementing an AIP tenant key

Planning for WIP implementation

Configuring IRM for workloads

Planning for the deployment of an on-premises Rights Management connector

Implementing AIP policies

Configuring a super user

Further reading

Managing Data Governance

Managing Data Governance

Planning and configuring information retention

Planning for a Microsoft 365 backup

Planning for restoring deleted content

Further reading

Managing Auditing

Managing Auditing

Configuring audit log retention

Configuring the audit policy

Monitoring unified audit logs

Azure AD audit and sign-in logs

Further reading

Managing eDiscovery

Managing eDiscovery

Searching content using the Security & Compliance Center

Planning for in-place and legal holds

Configuring eDiscovery

Further reading

Section 4: Mock Exams

Section 4: Mock Exams

Mock Exam 1

Mock Exam 2

Assessments

Another Book You May Enjoy

Another Book You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Managing CAS alerts

Once you have policies in place, you can customize your alerts. Alerts can be viewed in the CAS portal (portal.cloudappsecurity.com) | Alerts (the lowest icon on the left):

As can be seen in the preceding screenshot, you can filter your alerts according to those that are open, dismissed, or resolved. You can resolve alerts from this page as well. Other filters include the following:

Resolution status
Category (DLP and access control)
Severity
App (O365 or even more specific, such as just SharePoint-related alerts)
Username
Policy

Note that you can also choose to view these alerts in your O365 Security & Compliance center, but, at the time of writing, you're only able to view, and unable to resolve, alerts from Security & Compliance.

You can resolve alerts in a few different ways. In the case of those that are authorized violations or anomalies...