Study Guide 70-346

What is the exam 70-346?

70-346 is one of the two exams (+70-347) that you have to pass to achieve MCSA: Office 365.

This exam checks your skills in administration, licensing (o365 plans and scenarios), planning and deploying hybrid solutions (on-premises <> cloud).


How many questions in the exam?


What types of questions exam has?

There are a lot of drag-and-drop . multiple-choice questions.

How to prepare for an exam?

Get the free trial of O365 E3 Plan

Fill out the required form. Make sure you provided the active phone number.

You will receive a verification code that is required to finalize creating new O365 account.


Click on “You’re ready to go …” and you will be redirected to the main page of portal.

To get status of trial subscription or to view all available plans click on “Purchase” at the top-right corner of the screen

Note “days left” and parameters (expiration date, quantity of purchased users) of trial subscription


Go to pricing and plans and try to remember the main differences between business and enterprise plans!

For example,

Business/Enterprise : 300 users maximum and unlimited respectively

Free trial option: Only for Business, Business Premium, E3

If you are not familiar with what O365 offers or want to get deep knowledge about plans and services go to these documents:

Office 365 service description

Office 365 service comparison

Just for your information :

MS has E4 plan (to enhance unified messaging experience) and going to add new plan called E5 before the end of this year

Education and Government plans are not widely presented in the exam so you can be free to omit them.

Prepare your workstation

To be able manage O365 with PowerShell you have to install some required software on your machine.

In my environment I use only the following modules (RMS+Azure AD) :


Then go to the exam’s official page and explore 6 categories of skills :


Open your Office 365 portal and run Azure AD PowerShell machine.

You have to be ready to repeat all described steps below in web GUI and PowerShell as well.


Provision Office 365

Where is? Portal –> Domains , Portal –> Setup

Provision Tenants

  • Add and configure custom domains
  • Plan a pilot




Plan and implement networking and security

Where is ? Service Settings –> Rights Management , Portal –> Users


Example:How to activate RMS using PowerShell

#Import Rights Management module 
Import-Module aadrm

#Get credentials (global administrator)
$cred=Get-Credential -Credential rlevchenko@<tenantname>

#Connect to RM Service and activate it. 

Connect-AadrmService -Credential $cred -Verbose

A connection to the Windows Azure AD Rights Management (AADRM) service was opened for rlevchenko@<tenantname>

Enable-Aadrm -Verbose

The Rights Management service has been successfully enabled although additional
 configuration of other services might be required. For more information, see h

#Add user to RMS administrators group

Add-AadrmRoleBasedAdministrator -EmailAddress "user1@<tenantname>"
user1@<tenantname> was added to the list of administrators for the
Rights Management service.

#Disconnect from RM Service

Disconnect-AadrmService -Verbose
Connection to the AADRM service closed.


Example: How to create a new user and assign to one of administrators group

#Connect to MS Online. 
Connect-MSOnline -Credential $cred

#Create new user DisplayName and UserPrincipalName are REQUIRED! 
#Note: Password is automatically generated

New-MsolUser -DisplayName "User2" -UserPrincipalName user2@<tenantname>

Password            UserPrincipalName   DisplayName         isLicensed
--------            -----------------   -----------         ----------
Jura4110            user2@<tenantname>... User2               False

#List of available administrator roles

Get-MsolRole|ft Name

Compliance Administrator
Exchange Service Administrator
Device Managers
Partner Tier1 Support
Company Administrator
Helpdesk Administrator
Lync Service Administrator
Directory Readers
Directory Writers
Device Join
Device Administrators
Billing Administrator
Workplace Device Join
Directory Synchronization Accounts
Device Users
Partner Tier2 Support
Service Support Administrator
SharePoint Service Administrator
User Account Administrator

#Add user to Helpdesk Administrator

Add-MsolRoleMember -RoleName "Helpdesk Administrator" -RoleMemberEmailAddress "user2@<tenantname>" -Verbose


$role=Get-MsolRole -RoleName "HelpDesk Administrator"
Get-MsolRoleMember -RoleObjectId $role.ObjectId

RoleMemberType      EmailAddress        DisplayName         isLicensed
--------------      ------------        -----------         ----------
User                user2@<tenantname>...       User2                    False


Manage cloud identities

Where is ? Portal –> Users, <Billing>, <Service Settings –> Passwords>

PowerShell example:

#I have already connected to MS online so it's not necessary to execute Connect-MSolService.  

#Reset user's password to random password. User will be required to set new password on the next sign in.

Set-MsolUserPassword -UserPrincipalName user2@<tenantname>

#....Not to random password
Set-MsolUserPassword -UserPrincipalName user2@<tenantname> -NewPassword Pass123!

#Set expiration of password
Set-MsolUser -UserPrincipalName user2@<tenantname> -PasswordNeverExpires $true

#Set password expiration policy

Set-MsolPasswordPolicy -DomainName <tenantname> -ValidityPeriod 90 -NotificationDays 14

#Get password expiration policy
Get-MsolPasswordPolicy -DomainName <tenantname>

ExtensionData                        NotificationDays            ValidityPeriod
-------------                        ----------------            --------------
System.Runtime.Serializ...                         14                        90


#Soft delete, no confirm 

Remove-MsolUser -UserPrincipalName user3@<tenantname> -Force

#List of deleted users

Get-MsolUser -ReturnDeletedUsers

UserPrincipalName          DisplayName                isLicensed
-----------------          -----------                ----------
user3@<tenantname>.onmicros... User3                      False

#Restore user after soft delete

Restore-MsolUser -UserPrincipalName user3@<tenantname>

UserPrincipalName          DisplayName                isLicensed
-----------------          -----------                ----------
user3@<tenantname>.onmicros... User3                      False

How to do “hard delete” users:

#First step it is to delete user with "soft" option

Remove-MsolUser -UserPrincipalName user3@<tenantname> -Force

#Delete user from recycle bin = hard delete

Remove-MsolUser -UserPrincipalName user3@<tenantname> -RemoveFromRecycleBin -Force

License management:

#Get list of unlicensed users

Get-MsolUser -UnlicensedUsersOnly

UserPrincipalName          DisplayName                isLicensed
-----------------          -----------                ----------
user2@<tenantname>.onmicros... User2                      False

#Get list of SKUs (as shown, 25 licenses are provided by trial)


AccountSkuId                    ActiveUnits     WarningUnits    ConsumedUnits
------------                    -----------     ------------    -------------
<tenantname>:ENTERPRISEPACK         25              0               2

#User must have UsageLocation
Set-MsolUser -UserPrincipalName user2@@<tenantname> -UsageLocation RU

#Add license to user
Set-MsolUserLicense -UserPrincipalName user2@<tenantname> -AddLicenses <tenantname>:ENTERPRISEPACK

#To remove license
Set-MsolUserLicense -UserPrincipalName user2@<tenantname> -RemoveLicenses <tenantname>:ENTERPRISEPACK

Some very important facts:

  1. soft delete – user will be in Recycle Bin for 30 days
  2. hard delete – user will be permanently removed from Recycle Bin
  3. Days before password expire: min 14 , max 730 days
  4. Days before a user is notified that their password will expire: min 1, max 30 days


Go to Active Users –> Active Directory synchronization setup and review all required steps


Fact: you cannot install AD FS proxy role with ADFS server on the same computer!


Monitor and troubleshoot Office 365 availability and usage

Where? Portal –> Service Health , Portal –> Support, Portal –> Tools, Portal –> Reports

Some “all-in-one” courses, labs and tips:

  1. Office 365 Guides at IgniteLabs (Labs)
  2. TechNet virtual labs (Labs, just type “365” in search box)
  3. Office 365 courses at MVA (Video/Slides)
  4. Managing Office 365 Identities and Services (Video/Slides)
  5. Free Microsoft 70-346 Exam Study Guide (PDF)
  6. Free Second Shot (available up to 12 January, 2016)

Thanks for reading and good luck on your exam!

%d bloggers like this: