What is the exam 70-346?
70-346 is one of the two exams (+70-347) that you have to pass to achieve MCSA: Office 365.
This exam checks your skills in administration, licensing (o365 plans and scenarios), planning and deploying hybrid solutions (on-premises <> cloud).
How many questions in the exam?
56
What types of questions exam has?
There are a lot of drag-and-drop . multiple-choice questions.
How to prepare for an exam?
Get the free trial of O365 E3 Plan
Fill out the required form. Make sure you provided the active phone number.
You will receive a verification code that is required to finalize creating new O365 account.
Click on “You’re ready to go …” and you will be redirected to the main page of portal.
To get status of trial subscription or to view all available plans click on “Purchase” at the top-right corner of the screen
Note “days left” and parameters (expiration date, quantity of purchased users) of trial subscription
Go to pricing and plans and try to remember the main differences between business and enterprise plans!
For example,
Business/Enterprise : 300 users maximum and unlimited respectively
Free trial option: Only for Business, Business Premium, E3
If you are not familiar with what O365 offers or want to get deep knowledge about plans and services go to these documents:
Office 365 service description
Just for your information :
MS has E4 plan (to enhance unified messaging experience) and going to add new plan called E5 before the end of this year
Education and Government plans are not widely presented in the exam so you can be free to omit them.
Prepare your workstation
To be able manage O365 with PowerShell you have to install some required software on your machine.
- Microsoft Online Services Sign-In Assistant for IT Professionals RTW
- Azure AD Module for Windows PowerShell (x86 (discontinued) or x64)
- Azure Rights Management Services Tool
- Sharepoint Online PowerShell Shell (optional, required for 70-347 exam)
- Skype For Business Online, PowerShell Module (optional, required for 70-347 exam)
- Connect Exchange Online using remote PowerShell (optional, required for 70-347 exam)
In my environment I use only the following modules (RMS+Azure AD) :
Then go to the exam’s official page and explore 6 categories of skills :
Open your Office 365 portal and run Azure AD PowerShell machine.
You have to be ready to repeat all described steps below in web GUI and PowerShell as well.
Provision Office 365
Where is? Portal –> Domains , Portal –> Setup
Provision Tenants
- Add and configure custom domains
- Plan a pilot
GUI: https://www.microsoftpressstore.com/articles/article.aspx?p=2419713
PS: https://msdn.microsoft.com/en-us/library/azure/dn919677.aspx
Plan and implement networking and security
Where is ? Service Settings –> Rights Management , Portal –> Users
- Configure DNS records for services
- Enable client connectivity to Office 365
- Administer Microsoft Azure Rights Management (RM)
PowerShell: https://msdn.microsoft.com/en-us/library/dn629398.aspx
Example:How to activate RMS using PowerShell
#Import Rights Management module Import-Module aadrm #Get credentials (global administrator) $cred=Get-Credential -Credential rlevchenko@<tenantname>.onmicrosoft.com #Connect to RM Service and activate it. Connect-AadrmService -Credential $cred -Verbose VERBOSE: https://admin.eu.aadrm.com/adminV2/admin.svc A connection to the Windows Azure AD Rights Management (AADRM) service was opened for rlevchenko@<tenantname>.onmicrosoft.com. Enable-Aadrm -Verbose The Rights Management service has been successfully enabled although additional configuration of other services might be required. For more information, see h ttp://go.microsoft.com/fwlink/?LinkId=251909. #Add user to RMS administrators group Add-AadrmRoleBasedAdministrator -EmailAddress "user1@<tenantname>.onmicrosoft.com" user1@<tenantname>..onmicrosoft.com was added to the list of administrators for the Rights Management service. #Disconnect from RM Service Disconnect-AadrmService -Verbose Connection to the AADRM service closed.
PowerShell: https://msdn.microsoft.com/en-us/library/azure/dn919663.aspx
Example: How to create a new user and assign to one of administrators group
#Connect to MS Online. Connect-MSOnline -Credential $cred #Create new user DisplayName and UserPrincipalName are REQUIRED! #Note: Password is automatically generated New-MsolUser -DisplayName "User2" -UserPrincipalName user2@<tenantname>.onmicrosoft.com Password UserPrincipalName DisplayName isLicensed -------- ----------------- ----------- ---------- Jura4110 user2@<tenantname>... User2 False #List of available administrator roles Get-MsolRole|ft Name Name ---- Compliance Administrator Exchange Service Administrator Device Managers Partner Tier1 Support Company Administrator Helpdesk Administrator Lync Service Administrator Directory Readers Directory Writers Device Join Device Administrators Billing Administrator Workplace Device Join Directory Synchronization Accounts Device Users Partner Tier2 Support Service Support Administrator SharePoint Service Administrator User Account Administrator #Add user to Helpdesk Administrator Add-MsolRoleMember -RoleName "Helpdesk Administrator" -RoleMemberEmailAddress "user2@<tenantname>.onmicrosoft.com" -Verbose #Check $role=Get-MsolRole -RoleName "HelpDesk Administrator" Get-MsolRoleMember -RoleObjectId $role.ObjectId RoleMemberType EmailAddress DisplayName isLicensed -------------- ------------ ----------- ---------- User user2@<tenantname>... User2 False
Manage cloud identities
Where is ? Portal –> Users, <Billing>, <Service Settings –> Passwords>
- Configure password management
PowerShell example:
#I have already connected to MS online so it's not necessary to execute Connect-MSolService. #Reset user's password to random password. User will be required to set new password on the next sign in. Set-MsolUserPassword -UserPrincipalName user2@<tenantname>.onmicrosoft.com Toha1184 #....Not to random password Set-MsolUserPassword -UserPrincipalName user2@<tenantname>.onmicrosoft.com -NewPassword Pass123! Pass123! #Set expiration of password Set-MsolUser -UserPrincipalName user2@<tenantname>.onmicrosoft.com -PasswordNeverExpires $true #Set password expiration policy Set-MsolPasswordPolicy -DomainName <tenantname>.onmicrosoft.com -ValidityPeriod 90 -NotificationDays 14 #Get password expiration policy Get-MsolPasswordPolicy -DomainName <tenantname>.onmicrosoft.com ExtensionData NotificationDays ValidityPeriod ------------- ---------------- -------------- System.Runtime.Serializ... 14 90
- Manage user and security groups (+see examples and links above)
Examples:
#Soft delete, no confirm Remove-MsolUser -UserPrincipalName user3@<tenantname>.onmicrosoft.com -Force #List of deleted users Get-MsolUser -ReturnDeletedUsers UserPrincipalName DisplayName isLicensed ----------------- ----------- ---------- user3@<tenantname>.onmicros... User3 False #Restore user after soft delete Restore-MsolUser -UserPrincipalName user3@<tenantname>.onmicrosoft.com UserPrincipalName DisplayName isLicensed ----------------- ----------- ---------- user3@<tenantname>.onmicros... User3 False
How to do “hard delete” users:
#First step it is to delete user with "soft" option Remove-MsolUser -UserPrincipalName user3@<tenantname>.onmicrosoft.com -Force #Delete user from recycle bin = hard delete Remove-MsolUser -UserPrincipalName user3@<tenantname>.onmicrosoft.com -RemoveFromRecycleBin -Force
#Get list of unlicensed users Get-MsolUser -UnlicensedUsersOnly UserPrincipalName DisplayName isLicensed ----------------- ----------- ---------- user2@<tenantname>.onmicros... User2 False #Get list of SKUs (as shown, 25 licenses are provided by trial) Get-MsolAccountSku AccountSkuId ActiveUnits WarningUnits ConsumedUnits ------------ ----------- ------------ ------------- <tenantname>:ENTERPRISEPACK 25 0 2 #User must have UsageLocation Set-MsolUser -UserPrincipalName user2@@<tenantname>.onmicrosoft.com -UsageLocation RU #Add license to user Set-MsolUserLicense -UserPrincipalName user2@<tenantname>.onmicrosoft.com -AddLicenses <tenantname>:ENTERPRISEPACK #To remove license Set-MsolUserLicense -UserPrincipalName user2@<tenantname>.onmicrosoft.com -RemoveLicenses <tenantname>:ENTERPRISEPACK
Some very important facts:
- soft delete – user will be in Recycle Bin for 30 days
- hard delete – user will be permanently removed from Recycle Bin
- Days before password expire: min 14 , max 730 days
- Days before a user is notified that their password will expire: min 1, max 30 days
Go to Active Users –> Active Directory synchronization setup and review all required steps
- Prepare on-premises Active Directory for AADSync (review ALL requirements)
- Set up AADSync tool (formerly, DirSync . But MS has released newer version of AADSync called Azure AD Connect)
- Manage Active Directory users and groups with AADSync in place
- Plan requirements for Active Directory Federation Services (AD FS)
- Install and manage AD FS servers
- Install and manage WAP/AD FS proxy servers
- Understanding AD FS Proxy role
- Understanding certificates used by ADFS
- Customizing AD FS Sign-In pages
- AD FS 2.0 Customizing Overview (remember class/page names and their functions!)
Fact: you cannot install AD FS proxy role with ADFS server on the same computer!
Monitor and troubleshoot Office 365 availability and usage
Where? Portal –> Service Health , Portal –> Support, Portal –> Tools, Portal –> Reports
- Analyze reports
- Monitor service health
- View status of services (RSS feed, dashboard)
- O365 management pack for SCOM
- Isolate service interruption
- How to create service request
- Microsoft Remote Connectivity Analyzer (explore all tabs!)
- Troubleshoot free/busy issues (free/busy test is available in MRCA)
Some “all-in-one” courses, labs and tips:
- Office 365 Guides at IgniteLabs (Labs)
- TechNet virtual labs (Labs, just type “365” in search box)
- Office 365 courses at MVA (Video/Slides)
- Managing Office 365 Identities and Services (Video/Slides)
- Free Microsoft 70-346 Exam Study Guide (PDF)
- Free Second Shot (available up to 12 January, 2016)
Thanks for reading and good luck on your exam!
UseIT | Roman Levchenko 