Tag: on-premises

Azure Stack Preview 3 is available

Azure Stack is a hybrid cloud platform that lets you deliver Azure services from your organization’s datacenter. Microsoft Azure Stack Technical Preview 3 is being made available as a Proof of Concept (POC). The POC is an ideal environment for learning and demonstrating Azure Stack features.

Microsoft is also announced that Azure Stack will be available via Enterprise Agreement (EA) and Cloud Solution Provider Program (CSP) 

azure-stack-architecture

In addition to bug fixes and other improvements, here’s the list of new features:

  • Active Directory Federation Services (AD FS) support provides identity options for scenarios where network connectivity is limited or intermittent.
  • You can use Azure Virtual Machine Scale Sets to provide managed scale out of workloads.
  • Use Azure D-Series VM sizes for increased performance and consistency.
  • Deploy and create templates with Temp Disks that are consistent with Azure.
  • Marketplace Syndication allows you to use content from the Azure Marketplace and make available in Azure Stack.
  • Isolated administrator and user portals and APIs provide enhanced security.
    Use enhanced infrastructure management functionality, such as improved alerting.
  • Using the Windows Azure Pack connector, you can view and manage IaaS virtual machines that are hosted on a Cloud Platform System (CPS) stamp. For this preview release, you can try this only with a CPS environment and additional configuration is required.

Study Guide 70-346

What is the exam 70-346?

70-346 is one of the two exams (+70-347) that you have to pass to achieve MCSA: Office 365.

This exam checks your skills in administration, licensing (o365 plans and scenarios), planning and deploying hybrid solutions (on-premises <> cloud).

office365exam346_1

How many questions in the exam?

56

What types of questions exam has?

There are a lot of drag-and-drop . multiple-choice questions.

How to prepare for an exam?

Get the free trial of O365 E3 Plan

Fill out the required form. Make sure you provided the active phone number.

You will receive a verification code that is required to finalize creating new O365 account.

office365exam346_2office365exam346_3

Click on “You’re ready to go …” and you will be redirected to the main page of portal.

To get status of trial subscription or to view all available plans click on “Purchase” at the top-right corner of the screen

Note “days left” and parameters (expiration date, quantity of purchased users) of trial subscription

office365exam346_4office365exam346_5

Go to pricing and plans and try to remember the main differences between business and enterprise plans!

For example,

Business/Enterprise : 300 users maximum and unlimited respectively

Free trial option: Only for Business, Business Premium, E3

If you are not familiar with what O365 offers or want to get deep knowledge about plans and services go to these documents:

Office 365 service description

Office 365 service comparison

Just for your information :

MS has E4 plan (to enhance unified messaging experience) and going to add new plan called E5 before the end of this year

Education and Government plans are not widely presented in the exam so you can be free to omit them.

Prepare your workstation

To be able manage O365 with PowerShell you have to install some required software on your machine.

In my environment I use only the following modules (RMS+Azure AD) :

office365exam346_6

Then go to the exam’s official page and explore 6 categories of skills :

office365exam346_7

Open your Office 365 portal and run Azure AD PowerShell machine.

You have to be ready to repeat all described steps below in web GUI and PowerShell as well.

2015-10-19_16-20-51

Provision Office 365

Where is? Portal –> Domains , Portal –> Setup

Provision Tenants

  • Add and configure custom domains
  • Plan a pilot

GUI: https://www.microsoftpressstore.com/articles/article.aspx?p=2419713

PS: https://msdn.microsoft.com/en-us/library/azure/dn919677.aspx

office365exam346_8

Plan and implement networking and security

Where is ? Service Settings –> Rights Management , Portal –> Users

PowerShell: https://msdn.microsoft.com/en-us/library/dn629398.aspx

Example:How to activate RMS using PowerShell

#Import Rights Management module 
Import-Module aadrm

#Get credentials (global administrator)
$cred=Get-Credential -Credential rlevchenko@<tenantname>.onmicrosoft.com

#Connect to RM Service and activate it. 

Connect-AadrmService -Credential $cred -Verbose

VERBOSE: https://admin.eu.aadrm.com/adminV2/admin.svc
A connection to the Windows Azure AD Rights Management (AADRM) service was opened for rlevchenko@<tenantname>.onmicrosoft.com.

Enable-Aadrm -Verbose

The Rights Management service has been successfully enabled although additional
 configuration of other services might be required. For more information, see h
ttp://go.microsoft.com/fwlink/?LinkId=251909.

#Add user to RMS administrators group

Add-AadrmRoleBasedAdministrator -EmailAddress "user1@<tenantname>.onmicrosoft.com"
user1@<tenantname>..onmicrosoft.com was added to the list of administrators for the
Rights Management service.

#Disconnect from RM Service

Disconnect-AadrmService -Verbose
Connection to the AADRM service closed.

PowerShell: https://msdn.microsoft.com/en-us/library/azure/dn919663.aspx

Example: How to create a new user and assign to one of administrators group

#Connect to MS Online. 
Connect-MSOnline -Credential $cred

#Create new user DisplayName and UserPrincipalName are REQUIRED! 
#Note: Password is automatically generated

New-MsolUser -DisplayName "User2" -UserPrincipalName user2@<tenantname>.onmicrosoft.com

Password            UserPrincipalName   DisplayName         isLicensed
--------            -----------------   -----------         ----------
Jura4110            user2@<tenantname>... User2               False

#List of available administrator roles

Get-MsolRole|ft Name

Name
----
Compliance Administrator
Exchange Service Administrator
Device Managers
Partner Tier1 Support
Company Administrator
Helpdesk Administrator
Lync Service Administrator
Directory Readers
Directory Writers
Device Join
Device Administrators
Billing Administrator
Workplace Device Join
Directory Synchronization Accounts
Device Users
Partner Tier2 Support
Service Support Administrator
SharePoint Service Administrator
User Account Administrator

#Add user to Helpdesk Administrator

Add-MsolRoleMember -RoleName "Helpdesk Administrator" -RoleMemberEmailAddress "user2@<tenantname>.onmicrosoft.com" -Verbose

#Check

$role=Get-MsolRole -RoleName "HelpDesk Administrator"
Get-MsolRoleMember -RoleObjectId $role.ObjectId

RoleMemberType      EmailAddress        DisplayName         isLicensed
--------------      ------------        -----------         ----------
User                user2@<tenantname>...       User2                    False

office365exam346_9

Manage cloud identities

Where is ? Portal –> Users, <Billing>, <Service Settings –> Passwords>

PowerShell example:

#I have already connected to MS online so it's not necessary to execute Connect-MSolService.  

#Reset user's password to random password. User will be required to set new password on the next sign in.

Set-MsolUserPassword -UserPrincipalName user2@<tenantname>.onmicrosoft.com
Toha1184

#....Not to random password
Set-MsolUserPassword -UserPrincipalName user2@<tenantname>.onmicrosoft.com -NewPassword Pass123!
Pass123!

#Set expiration of password
Set-MsolUser -UserPrincipalName user2@<tenantname>.onmicrosoft.com -PasswordNeverExpires $true

#Set password expiration policy

Set-MsolPasswordPolicy -DomainName <tenantname>.onmicrosoft.com -ValidityPeriod 90 -NotificationDays 14

#Get password expiration policy
Get-MsolPasswordPolicy -DomainName <tenantname>.onmicrosoft.com

ExtensionData                        NotificationDays            ValidityPeriod
-------------                        ----------------            --------------
System.Runtime.Serializ...                         14                        90

Examples:

#Soft delete, no confirm 

Remove-MsolUser -UserPrincipalName user3@<tenantname>.onmicrosoft.com -Force

#List of deleted users

Get-MsolUser -ReturnDeletedUsers

UserPrincipalName          DisplayName                isLicensed
-----------------          -----------                ----------
user3@<tenantname>.onmicros... User3                      False

#Restore user after soft delete

Restore-MsolUser -UserPrincipalName user3@<tenantname>.onmicrosoft.com

UserPrincipalName          DisplayName                isLicensed
-----------------          -----------                ----------
user3@<tenantname>.onmicros... User3                      False

How to do “hard delete” users:

#First step it is to delete user with "soft" option

Remove-MsolUser -UserPrincipalName user3@<tenantname>.onmicrosoft.com -Force

#Delete user from recycle bin = hard delete

Remove-MsolUser -UserPrincipalName user3@<tenantname>.onmicrosoft.com -RemoveFromRecycleBin -Force

License management:

#Get list of unlicensed users

Get-MsolUser -UnlicensedUsersOnly

UserPrincipalName          DisplayName                isLicensed
-----------------          -----------                ----------
user2@<tenantname>.onmicros... User2                      False

#Get list of SKUs (as shown, 25 licenses are provided by trial)

Get-MsolAccountSku

AccountSkuId                    ActiveUnits     WarningUnits    ConsumedUnits
------------                    -----------     ------------    -------------
<tenantname>:ENTERPRISEPACK         25              0               2


#User must have UsageLocation
Set-MsolUser -UserPrincipalName user2@@<tenantname>.onmicrosoft.com -UsageLocation RU

#Add license to user
Set-MsolUserLicense -UserPrincipalName user2@<tenantname>.onmicrosoft.com -AddLicenses <tenantname>:ENTERPRISEPACK

#To remove license
Set-MsolUserLicense -UserPrincipalName user2@<tenantname>.onmicrosoft.com -RemoveLicenses <tenantname>:ENTERPRISEPACK

Some very important facts:

  1. soft delete – user will be in Recycle Bin for 30 days
  2. hard delete – user will be permanently removed from Recycle Bin
  3. Days before password expire: min 14 , max 730 days
  4. Days before a user is notified that their password will expire: min 1, max 30 days

image

Go to Active Users –> Active Directory synchronization setup and review all required steps

office365exam346_10

Fact: you cannot install AD FS proxy role with ADFS server on the same computer!

office365exam346_11

Monitor and troubleshoot Office 365 availability and usage

Where? Portal –> Service Health , Portal –> Support, Portal –> Tools, Portal –> Reports

Some “all-in-one” courses, labs and tips:

  1. Office 365 Guides at IgniteLabs (Labs)
  2. TechNet virtual labs (Labs, just type “365” in search box)
  3. Office 365 courses at MVA (Video/Slides)
  4. Managing Office 365 Identities and Services (Video/Slides)
  5. Free Microsoft 70-346 Exam Study Guide (PDF)
  6. Free Second Shot (available up to 12 January, 2016)

Thanks for reading and good luck on your exam!