Pass Your Microsoft 365 MS-101 Exam Easy!

Microsoft MS-101 Microsoft 365 Mobility and Security exam dumps vce, practice test questions, study guide & video training course to study and pass quickly and easily. Microsoft MS-101 Microsoft 365 Mobility and Security exam dumps & practice test questions and answers. You need avanset vce exam simulator in order to study the Microsoft 365 MS-101 certification exam dumps & Microsoft 365 MS-101 practice test questions in vce format.

Configuring Azure Identity Protection

2. Activating Azure Identity Protection

If you've decided you want to use it for identity protection, you actually have to turn it on. Even if you have a licence for the product, it's not on by default. You have to activate it for your organization. So in order to do that, you actually don't do it from the Microsoft 365 Admin Center. You have to go into the Azure Portal. So I'm going to go ahead and open up a new tab. And then here I'm going to go to Portal.Azure.com and log into that. Now because I'm already logged into my 365 Admin Center, it picked up that cash credential and just logged me right into the Admin Center. Now the next step is actually adding the Azure Identity Protection environment. Azure ad identity protection So, over here on the left, what we call the Hub menu, I'll click on the top here where it says Create a Resource. I'm going to click on Create a Resource in the Create a Resource menu. I'm just going to go in here, and I'm going to search for it. I'm going to type in "Azure Ad." And you can see, as I typed in Azure ad," the first option there is "Azure ad identity," or "protection." I'm going to click on that, and then you get the opportunity to go out there and actually create just by clicking on the Create button. Notice that they give you some information here that you can read. You can learn a little bit more about the reports that you can give and the risks that you can actually protect against in the environment. Right? Let's go ahead and click the "Create" button to create it now. It's going to go out there again. Show me the directory that I want to turn on for my client directory. So that's the one I'm going to activate it for. and we'll simply click on the Create button to create it. Now, having created that for my tenant account, I'm going to want to go in there and have the ability to look around in it. On the Hub menu, you actually have the ability to change what's exposed there if you'd like. So now that I've created Azure Ad Identity Protection as a service for my tenant account, I can go into my All Services section here and search for Azure Identity, and as we do that, you can see here's Azure Ad Identity Protection. and you see this grayed-out star here. If I click on that star, it will add that as a favourite to my Hub menu on the left-hand side, so I don't have to go looking for it every time I want to actually work in the environment. Specifically, by clicking on that starter, it adds it over here to the Hub menu now, right? So now I have my Hub menu, and if I wanted to, I could find it down here at the bottom. Let's say, for example, I'd like to have that closer to Azure Active Directory because I work with the two things together. I can actually go out there if I want to and drag this up a little bit and set it right next to Azure Active Directory. So when I'm ready to start configuring it, I can simply come into the portal and actually click on the Azure AD Identity Protection Environment. Bye

3. Configuring Azure Identity Protection

Now that you've activated Azure identity protection for your organization, you have the ability to go in there and actually set policies as to what type of behaviours you would like to prevent and/or intercept. If a user is going out there and doing something you don't want, we have the ability. If we go into the configure section, we can set user risk policies or sign in risk policies for the user here. Sign-in policies are things that would impact the user at the time of signing. Sometimes certain activities need further evaluation and may not be responded to immediately, in which case they would be picked up by the user risk policy. If I were to click on the sign-in risk policy here, I could decide to whom the policy is going to apply to.Notice right now it's got all users as the default. If I wanted to, I could select specific users and our groups that I wanted to include in the policy instead of having it applied to everybody, right? I can go out there and just pick a couple of users here and have the policy applied just to them. If I did all users but there were a couple of users I wanted to exclude, I could certainly do so. Now that I've set my users, the next step is for me to set the conditions. What are the risky conditions now? in a sign in?A risk is going to be considered either low-level, medium-risk, or high risk sign in.Depending on the risk level you choose willdetermine when that users sign in get evaluated. For example, if the user is connecting from a known IP address from a location where they normally sign in, that is most likely a low-risk connection. If the user is coming from a foreign location where they've never signed in before, or from an impossible journey, that's probably a high-risk sign-in, right? So we want to think about those sign-ins and determine where we want to start intercepting or interfering or requiring some additional information from that user when they go to sign in. So, if it's medium or higher, it's a medium or high-risk sign in attempt, and we'll choose that one. Right? So we've got the fact that if it's a medium, what do we want to do? Let's go and look at our control section now, and you'll notice that I can block the sign-in entirely. All right, if this is a medium or high-risk sign-in, I'm not going to even let you into my environment. Or I can say, "No, you know what? Here's what we'll do. We're going to allow you to log in, but we're going to require multi-factor authentication. We've actually forced you to go out there and use multi-factor authentication in order to get in. Now, one of the things that you can actually do is see the number of sign-ons impacted, and this is just kind of going out there to see if the policy covers the two users in here. In this case, what would the impact be on the users? Now, if I selected all, it might look at all of my users and figure out which ones have had medium or high-risk sign-ins and go out there and let us know who might have been impacted over the last 30 days here in the environment. So that's just going to give me an estimate out there, and then I have the ability to create the policy. Now I can create this policy in the off position, which means right now it's not being enforced, or I could go ahead and turn it on and enforce the policy. And now if either of those users tried to sign in using a medium- or high-risk sign-in, we'd be able to actually force them to use multi-factor authentication in order to sign in. Now, if we were to go look at the user risk policy, think about the user risk policy as things like, for example, the user's credentials were found on the Dark Web, right? So we've got some possible exposed credentials there that would be information that would be picked up without a user necessarily having to authenticate. Microsoft has discovered this capability, and it's something that you should be alerted to, right? With the user risk, again, we can set which users we want to select. We can have all or select individual users or groups in the environment. Then we set the conditions. But you'll notice here that we set that risk level, and again, let's say if it's a medium or higher risk, but the control here will be a little bit different, right, because this is a user sign-in activity, not an actual sign-in risk at the time, but the user activity. In this case, somebody's discovered their username and password, and we can force them to change their password the next time they sign in. So if it's been discovered on the dark web the next time they log in, let's go ahead and force them to actually go through the process of changing their password. Of course, the other thing we could do is block their access. We could go in and change their password, and then unblock them if we wanted to. So it's up to you which way you want to go with that, but you have the ability to enable that either way. Now I'm getting a notice that, hey, we haven't enabled the password yet. If your organisation was using Azure AD Connect for directory synchronisation with password sync and you didn't enable password rights back in a federated environment, your users would have to change their passwords against their on-premises solution. However, in this scenario where you might want to enable password rights, back then the user could change their password against Azure Active Directory and have that hash value written back to your on-premises environment. Go ahead and click the select button there. And again, I have the ability to see how many users might be impacted by this. In this case, based on current policy, two of the 37 users that we have would actually be impacted by this policy if we enforced it right, and then we can go out there and enforce the policy. For now, we're just going to create the policy without actually enforcing it. And so I have the ability to set user risks as well as sign-in risks for my users using Azure AD identity protection.

4. Configuring Alerts and Investigation

Having configured your user risk and sign-in risk policies for Azure Active Directory, you're going to want to be alerted if anybody triggers one or if something actually happens, so you understand what's going on with your authentications. In the Azure AD environment for identity protection, you can actually come in and check under Settings for Alerts. If you click on Alerts, you can configure which alerts you want to receive so that you can receive all alerts. So if you set it to low, pretty much every alert and every event that will trigger a low-risk user sign-in activity would actually be sent to you. It's probably a little bit more excessive than you'd want, but you could go with medium or high in your environment, and you can decide who you want the email sent to. You can go out there and choose who you want to actually have your email sent to in this environment. Right. And we could even have the ability to have additional emails, receive notification here if we wanted to, and have somebody else receive those emails. Now that's just going to be an alert if an activity occurs, right? In addition to that, I have a weekly digest. We have the ability to go out there, and I'm not going to actually save that. So we'll go ahead and have a weekly digest where we can actually have an email sent to us once a week. of all the alert activities surrounding the Azure Identity Protection environment. So, once again, if I wanted to, I could select who would receive that email. And then we could save that, and that would give us the ability to see that. Now if you get an alert that something has occurred, let's go ahead and discard that for now. And you wanted to dig into what actually happened. That's where the "investigate" section comes in. In the Investigate section, I have the ability to go out there and look at my users who are flagged for risk. I can see here that we've got three different users here that have some risk events that are occurring in their environment. If I pick on one here, it'll go out there and show me some of the activities here. In this case, the risk Allen is currently in the United States. here with Human Resources. MFA registered. Good. We can go out there and sign in from an unfamiliar location, right? I can actually drill in They signed in from New York. That user typically works in the Boston area, but right now they're signing in the New York area. Now I happen to know that Ellen happened to be down there on a project right now, so I'm okay with that. So I can say we can resolve that. It's not a false positive because it did happen, right? But we can say we've resolved that, and we don't have to worry about that risk event; it's been taken care of. So I can go out there and market and let people know that, "Oh, that's good, it's okay, we know where Ellen is and everything is good, and we can go out there and take a look at that so you can drill into those." If I look at my risk events here, youcan get a c real time risk here. Right now, one of two was closedbecause I did satisfy the one. If I go in there and open that up, I can see the other one. The fact that Ethan signed in from a different location is explained here. Right. In this case, Ethan signed in from Riverview, Oklahoma. So Ethan has been signing in from quite a distance away, and we don't have anything going on with that. We don't want Ethan there. Well, I could force a reset on his password, right? So now Ethan would have to go out there at the next sign and be required to actually reset the password because we're concerned about the fact that there was this Oklahoma sign when we were not aware of Ethan being out in that area. So it gives you the ability to go out there and actually drill in and see what's actually happening with those different sign-in risk events. Then you can look at vulnerabilities to see if you have anything here. We've got users without MFA registration, and they're just recommending that we may want to activate multi-factor authentication for those users. So it makes your environment just a little bit more secure.

5. Setting Exclusions

When creating your user or sign-in policies with Azure Identity Protection, you may find that you want to exclude certain users from those policies. You may want to exclude certain users for a variety of reasons, including those who do not have or cannot use multi-factor authentication. Perhaps you've got some users in an area where the cell signal is really weak. They don't have easy access to a phone, and so they're not going to be able to get multiple-leverage multi-factor authentication. So we want to exclude those users from the sign-in risk so that it doesn't unnecessarily elevate their sign-in risk or their user sign in.If there's a policy that's not practical, again, with no access to the help desk, am I going to keep forcing somebody who is in a remote office that doesn't have direct access to have their passwords reset? Am I going to force that person to always have to go through a process in order to do that? If I include them in a medium-risk or high-risk policy and they trigger it, they may be forced to go through and reset their passwords a lot. And that may become a difficult task for them to have to do on a semi-regular basis. Right. They're likely to generate a lot of false positives. For example, we talked about the fact that people might sign in from an unusual location. when you first activate Azure Active Directory identity protection. It's going to start out in an observation mode, observing where all of your users are signing in from. What if we have a team of salespeople that are working from our headquartered office when we activate it, and they all seem to be signing in from that same location, and then in a month we're going to send them all across the country or the globe to actually sell the product—to go out there and meet the customers and start selling the product? We're going to see a lot of false positives now when we're going to have a lot of people signing in from unusual locations. So we might want to exclude the sales team since they're going to be travelling around to different locations. So you may find that those false positives could really cause some issues for your users that are trying to put in their sales orders, for example, and you want to eliminate those, right.During the initial rollout, you probably don't want to set it down to, say, medium, for example, as a user sign-in risk because we're going to impact a greater number of users. Perhaps we'll start with a high setting. We'll evaluate it, we'll see what activities are occurring, and then once people get comfortable with that thought process, we could lower it down to medium so we don't have a lot of interruptions of the end user's workflow. If your organisation does require a high security environment, however, you may want to set that very low threshold for all you've got. Your user's sign-in puts them at risk of being caught even for minor infractions. working with Azure. Identity protection.

Exchange Online Protection

1. What is Exchange Online Protection

You. One of the opportunities you have to help protect your organisation is to leverage Exchange Online Protection, often called EOP, Microsoft's cloud-based antispam and antimalware system. If you're using Exchange Online, all mail routed to Exchange Online will go through EOP. You will have to point your mail exchange record or your MX record to the EOP service. Microsoft is not going to allow mail to enter their systems until Exchange Online Protection has actually processed the information. So it's going to go through, it's going to be processed by EO P, and it's not just a simple, "Let's run a couple of scanners on it and we're going to get it done. Right. It goes through multiple layers before it's allowed to actually enter the exchange environment. The first process here we're going to go through is going to be looking at the reputation of the sender, right? Is the email coming from an IP address that is a known malicious mail sender or a known spammer out there in the environment? It's going to go out there and look at the heuristics, the patterns of that message, to try to determine if that message is really spam or malicious in any way, shape, or form. And it will stop a lot of spam and malware right at the entry point, before it even gets to the evaluation stage. After that, they're actually going to scan the message. The email is going to get scanned not by one scanner but by multiple scanners, right? So multiple scanners will go through and scan those messages to ensure that they are not spam or viruses infiltrating the environment out there. And then it's going to scan individual files using what's called a reputation block, which means it's going to look at the file and see if the file itself or any part of that file had previously been identified as being a malicious file. So even if somebody thinks they're being smart, they're going to rename the file. If the actual binaries the bits of that file. have already been detected as malicious. The scanners with Exchange Online Protection are going to go out there and have the ability to pick that up, and they're going to understand exactly what's going on with it. so it'll take care of that in that environment. Right now, heuristic clustering is going to identify suspicious mail based on delivery patterns. So it's going to go out there and look at where the mail is going. Is it something that somebody's trying to send across the entire organisation to a specific group in my organization, and if so, we can take advantage of that information to try to determine whether it's legitimate mail or whether it's spam in that environment out there, right? Signals are collected. In other words, it's collecting information. It's going to go out there and run that information through some machine learning. So it's going to use intelligence out there to model what's actually happening in the behaviour of the message to try to further define what that message is. Is it a good letter, or is this suspicious mail that we should go out there and actually stop in the environment right now? In addition to that, you can also have, as part of your subscription, advanced threat protection, or ATP. Exchange online advanced threat protection scans, all email that has passed EOP So first, the message has to get through exchange online protection. So it's going to have to go through all of those multiple scanners, the heuristics, the reputation blocking, and the like. And then once it's done that, the advanced threat protection will scan the message and look to see what's actually occurring with it. Right now it has ATP, a safe attachment section, and what that means is any attachment that comes in is going to be scanned for malicious behavior. But what it's actually going to do is spin up a virtual machine, a sandboxed environment, if you will, and it's going to open that attachment, and it's going to monitor the behaviours to see whether or not they're spacious behaviours or not, right? Because if it's behaving, if it's attempting to redirect traffic, if it's attempting to load something into memory, if it's attempting to hit a specific location on your hard drive, it will be detected by the ATP safe attachment scans available. So it's going to look at those behaviours and try to get a sense of exactly what it's doing. It's a Word document if it isn't, if it's just sitting there. It's not trying to do anything to redirect to a different network. Okay, maybe it's a safe piece of mail and we'll let it through. We also have what are called safe links. Now, oftentimes we'll receive emails, and they'll have links to locations. Well, what if I sent you an email today and that link went to my website, and when you click it, it goes to my website and it's safe? There's no problem with my website at all. But then what I do is go back and reinvent my website, embed various malicious pieces of software into it that hopefully will attach to or attack your environment, and three days later, you go and you click that same message. Well, now, that message might be taking you to a malicious site, right? That's where advanced representation-safe links come in. It checks the links against a list of known URLs at the time of detonation, which is the time of click. So if I receive the message and I click it, and right now your website is not on that list of malicious URLs, it's going to allow me to go onto that site. Three days later, I go to click it, and your site has now been identified as a malicious site. It will stop me. It'll block it. It will prevent me from going to your site. And those lists are updated approximately every 20 minutes. So you can have just exchange online protection protecting your organization, or depending on your plan, you can also have Advanced Threat Protection, which is included with, say, an E-five plan. Alternatively, you can include it as an add-on to any existing plan.

Go to testing centre with ease on our mind when you use Microsoft 365 MS-101 vce exam dumps, practice test questions and answers. Microsoft MS-101 Microsoft 365 Mobility and Security certification practice test questions and answers, study guide, exam dumps and video training course in vce format to help you study with ease. Prepare with confidence and study using Microsoft 365 MS-101 exam dumps & practice test questions and answers vce from ExamCollection.