smb partner tech series · 2016-12-11 · getting started with sharepoint online, office 365...
Post on 28-Jul-2020
4 Views
Preview:
TRANSCRIPT
Page 1
© Copyright 2015 Microsoft Corporation. All rights reserved. Modern Biz Content ID: GE1-HOL-0002 Release v1.0
ModernBiz
Grow E fficiently Track 1
SMB Partner
Tech Series
Office 365 Labs:
Getting started with SharePoint
Online, Office 365 Groups,
Skype broadcasting, and
Security and Compliance
features
Page 2 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Terms of Use
© 2016 Microsoft Corporation. All rights reserved.
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the companies, organizations, products, domain
names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no
association with any real company, organization, product, domain name, e-mail address, logo,
person, place, or event is intended or should be inferred. Complying with all applicable copyright
laws is the responsibility of the user. Without limiting the rights under copyright, no part of this
document may be reproduced, stored in or introduced into a retrieval system, or transmitted in
any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for
any purpose, without the express written permission of Microsoft Corporation.
For more information, see Microsoft Copyright Permissions at
http://www.microsoft.com/permission
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
The Microsoft company name and Microsoft products mentioned herein may be either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
This document reflects current views and assumptions as of the date of development and is
subject to change. Actual and future results and trends may differ materially from any
forward-looking statements. Microsoft assumes no responsibility for errors or omissions in
the materials.
THIS DOCUMENT IS FOR INFORMATIONAL AND TRAINING PURPOSES ONLY AND IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
Page 3 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Table of Contents
Getting started with SharePoint Online, Office 365 Groups, Skype broadcasting, and Security and Compliance
features ..................................................................................................................................................................... 5
Office 365 provides flexible and familiar tools for collaboration across teams, devices, and platforms. These
labs help you understand how to improve security and the overall user experience. ................................................ 5
Objective: .................................................................................................................................................................. 5
Requirements: ........................................................................................................................................................... 5
Scenarios ................................................................................................................................................................... 5
Lab 1: Use and administer Microsoft Office 365 Groups ................................................................................................ 6
Exercise 1: Configuring your lab tenant ..................................................................................................................... 6
Exercise 2: Using Office 365 Groups ......................................................................................................................... 10
Exercise 3: Administering Groups in Office 365 ........................................................................................................ 25
Lab 2: Administer Microsoft SharePoint Online ........................................................................................................... 37
Objective ................................................................................................................................................................. 37
Scenario ................................................................................................................................................................... 37
Virtual Machines ..................................................................................................................................................... 37
Exercise 1: PowerShell: Startup and connection ...................................................................................................... 37
Exercise 2: External sharing ..................................................................................................................................... 43
Exercise 3: Site Collection Administration: Create Site Collections using the browser ............................................. 54
Exercise 4: Site Collection Administration: SharePoint Online Management Shell ................................................... 64
Exercise 5: Site Collection Administration: Create a Site Collection using PowerShell .............................................. 69 Exercise 6: Site Collection Administration: Delete/Restore a Site Collection using PowerShell ................................ 73
Exercise 7: Resource management........................................................................................................................... 92 Exercise 8: User administration: Manage Profiles/Properties in browser ................................................................ 98
Exercise 9: User administration: Manage Users and Groups with PowerShell........................................................ 102
Exercise 10: User administration: Remove Users from a Group using PowerShell ................................................. 105 Exercise 11: User administration: User Reports ..................................................................................................... 107
Lab 3: Schedule and produce broadcast meetings ..................................................................................................... 111
Objective ............................................................................................................................................................... 111
Scenario ................................................................................................................................................................. 111 Virtual Machines ................................................................................................................................................... 111
Exercise 1: Enabling your organization for Skype Meeting Broadcast .................................................................... 111 Exercise 2: Using Skype Meeting Broadcast ........................................................................................................... 116
Lab 4: Configure and use Microsoft Office 365 security and compliance features ...................................................... 127
Objective ............................................................................................................................................................... 127
Scenario ................................................................................................................................................................. 127 Virtual Machines ................................................................................................................................................... 127
Exercise 1: Loading Lab Content into Your Office 365 Tenant ................................................................................ 127
Page 4 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Exercise 2: Reviewing the Office 365 Compliance Center ....................................................................................... 130 Exercise 3: Using Mobile Device Management ....................................................................................................... 134
Exercise 4: Using Data Loss Prevention .................................................................................................................. 138 Exercise 5: Using Office 365 Message Encryption ................................................................................................... 145
Exercise 6: Using Advanced Threat Protection ....................................................................................................... 152
Exercise 7: Auditing in Office 365 ........................................................................................................................... 158
Page 5 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Getting started with SharePoint Online, Office
365 Groups, Skype broadcasting, and Security
and Compliance features
Office 365 provides flexible and familiar tools for collaboration across teams, devices, and platforms.
These labs help you understand how to improve security and the overall user experience.
Objective:
After completing this Office 365 lab series, you will be better able to:
Enable SharePoint Online external sharing end to end, create site collections, create and apply
permissions to site collections, manage users and Groups, manage tenant storage and resources.
Create and delete Office 365 Groups, perform eDiscovery, litigation hold, and auditing of Groups.
Schedule and produce broadcast meetings.
Create and test a data loss prevention policy with Office 365 and configure and test
message encryption, configure and test Advanced Threat Protection, and review the
customer lockbox and auditing in Microsoft Office 365.
Requirements:
Before starting this lab series, you need to complete the Office 365 Lab Preparation and Setup Document
to create your 30-day Office 365 Trial Tenant that will be used throughout this Office 365 series.
Scenarios
This lab series includes the following four labs. Each lab is run as a separate client lab environment but
uses the one Office 365 Tenant in the cloud. While these are separate lab environments they should be
completed in the order outlined in this document.
Lab 1: Administer Office 365 Groups
Lab 2: Administer Microsoft SharePoint Online
Lab 3: Schedule and produce broadcast meetings
Lab 4: Configure and use Microsoft Office 365 security and compliance features
Page 6 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Lab 1: Use and administer Microsoft Office 365
Groups Objective
During this lab you experience using Microsoft Office 365 Groups. You create, join, and leave
Groups, and you become familiar with using Groups in Outlook 2016 and Outlook on the web.
You also perform administrative tasks associated with Office 365 Groups. You manage the
creation and deletion of Groups as well as reviewing the ability to perform eDiscovery, litigation
hold, and auditing of Groups.
Estimated lab time: 90 Minutes
Scenario
Virtual Machines
1. 41-652-CLIENT01
Exercise 1: Configuring your lab tenant In this exercise, you will run a script to prepare your Office 365 tenant for the remaining exercises
in this lab.
1. Sign in to new Office 365 trial tenant
Once you have signed up for a tenant, sign in to your tenant and verify that it has finished
provisioning.
2. Sign in to CLIENT01
Switch to CLIENT01. Click Start to verify you are signed in as Aaron Hartwell. If you are not, sign
out and sign in as Aaron Hartwell with a password of Pa$$w0rd. If you receive a Networks
notification, click Yes to allow network discovery.
Page 7 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
If you receive a message that updates are available, press Esc to clear the message and then
close the UPDATE & SECURITY window.
3. Run the ConfigureTenantforGroupsLab application
Open File Explorer and then browse to C:\Scripts\GroupsLab.
Right-click ConfigureTenantforGroupsLab.exe and then click Run as administrator.
If prompted, in the Windows protected your PC dialog box, click More info, and then click
Run anyway.
Sign in using your Office 365 tenant administrator user credentials and then click
OK. Wait for the script to complete and then, in the Script Complete window,
click OK.
This may take 12-14 minutes.
The script may appear to stop running when verifying job completion. If the script takes longer
than twelve minutes, leave the script window open and continue with the lab. It may happen
that some configurations are taking longer than expected.
Warnings for mailbox replication are expected.
4. Open Outlook 2016
Click Start, click All apps, scroll down and then click Outlook 2016. On the Welcome screen,
click Next.
5. Configure Aaron’s Outlook profile
On the Add an Email Account page, click Next. On the Auto Account Setup page, in the Your
Name box, type Aaron Hartwell.
In the E-mail Address box, type AaronH@yourtenantdomainname.
In the Password and Retype Password boxes, type Pa$$w0rd and then click Next.
In the Windows Security window, verify that AaronH@yourtenantdomainname is shown.
In the Password box, type Pa$$w0rd, select the Remember my credentials check box, and then
click OK. On the Configuring page, click Finish. Leave Outlook open.
Page 8 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
6. Activate Office ProPlus
In the Activate Office window, in the Type your email address or phone number box, type
AaronH@yourtenantdomainname and the click Next.
In the Password box, type Pa$$w0rd and then click
Sign in. In the Account Updated dialog box, click OK.
In the First things first dialog box, click Accept.
Leave Outlook open.
7. Open Skype for Business 2016
Click Start, click All apps, scroll down and then click Skype for Business
2016. Close the Welcome – Skype for Business window.
8. Sign in to Skype for Business 2016
In the Skype for Business client, in the Sign in address box, type
AaronH@yourtenantdomainname and then click Sign In.
In the Password box, type Pa$$w0rd and then click Sign In.
In the Do you want us to save your Skype for Business sign-in info dialog box,
click Yes. In the Help Make Skype for Business Better dialog box, click Yes.
9. Open Windows PowerShell as administrator
Open Windows PowerShell as administrator
10. Rearm the Virtual Machine
At the Windows PowerShell command prompt, type the following and then press
Enter:
slmgr -rearm
11. In the Windows Script Host dialog box, click OK
Page 9 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
In the Windows Script Host dialog box, click OK.
Close Windows PowerShell.
You do not need to restart the computer at this time.
Page 10 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Exercise 2: Using Office 365 Groups In this exercise, you will create and navigate Office 365 groups. You will find and join groups as
well as experience joining a public and private group. You will create group conversations, upload
and share files with a group, work with a group calendar, and subscribe to a group. Additionally,
you will add and remove group members and delete a group.
1. Sign in to Office 365
On CLIENT01 signed in as Aaron Hartwell, open Microsoft Edge and then browse to
http://outlook.office.com
Sign in to Office 365 as AaronH@yourtenantdomainname with a password of Pa$$w0rd
2. Create a group
In the left navigation under GROUPS, click Create +.
The groups already in the list were created by the script used in the first exercise.
3. Name the group Q1 Inventory
In the Create a group pane, in the Choose a name box, type Q1 Inventory.
Review the name in the Group ID box.
If the message "not available" displays, change the group name of group ID to make it unique
The Group ID can be changed by clicking Edit, and entering a group ID different from the group
name. For example, you may want an abbreviated name to shorten the URL used by SharePoint
Online or email address.
The group ID cannot be changed after the group is created
4. Make a group private
Under Privacy, click the down arrow, review the two privacy options, and then click Private.
Page 11 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
5. Set group options
Review the available language options.
Select Subscribe members so they receive group conversations in their inbox check box.
6. Click Create to create the group
In the Create a group pane, click Create.
In the Add members pane, click Not now.
7. Browse to the Inbox
In the navigation pane, under Folders, click More, and then click Inbox.
8. Review the group welcome message
Review the welcome message for the Q1 Inventory group. This message contains important
information and links to get you started.
You may have to wait for the message to arrive. If the message doesn’t arrive within 1-2 minutes,
continue to the next step.
9. Add a group to your Favorites
In the folder pane, click the Back arrow, and under Groups, click Q1 Inventory.
Right-click Q1 Inventory and the click Add to
Favorites. You will see this addition to Favorites later in
the lab.
10. Review the group header page
In the results pane, review the group’s header page information.
The group header displays important information and commands. Each group page (Outlook,
Calendar, People, and OneDrive for Business) has a similar group header.
Page 12 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
11. Review group actions
Each group header also has dedicated commands to quickly change to specific group pages.
In the group header, click More group actions and review the available actions. The More
actions menu is indicated by the ellipsis.
12. Find groups you belong to.
Under Groups, notice that there is an additional group listed. This Carpool group is another
group that Aaron is a member of and was created by the script in the beginning of this lab.
13. View other members in a group
Click Carpool.
In the Carpool group header, notice the additional members of the group.
14. View additional groups
In the group header, click 4 members.
Click Sara Sharkey’s profile picture.
Click the Groups tab in Sara’s profile card. Review the additional groups that Sara is a member
of.
A group is a dynamic environment. New members, conversations, email, calendar events, and
files are being added all the time. Also, the people in your organization will add many groups of
interest to you.
15. View all groups.
In the navigation pane, under Groups, click Discover.
Next to Active groups, click All groups.
All groups lists all of the groups in your organization and are displayed in alphabetical order
16. Search all groups
Page 13 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Depending on your tenant, Search all groups is located at the top of the All groups pane or
above the left navigation pane.
17. View group info
Under All groups, click Desktop Support.
On the Info tab, you can view basic information about the group and navigate to the group
conversations, calendar, members, and files.
18. View members
Click the Members tab and review the members of the group.
Click outside of the group profile card or press Esc to close the group profile card.
19. Find a public group
In Outlook on the web signed in as Aaron Hartwell, under All groups, click Company Sports.
20. Join a public group
Review the group’s description and then click Join.
If the message "Couldn't join. Please try again" displays, continue to the next task.
For public groups, you will see a confirmation message and will become a member
right away. In the navigation pane, under Groups, notice that the group has been
added to your list.
21. Close a group profile card
Press Esc to close the group profile card.
22. Browse to outlook.office.com
In Microsoft Edge, press Shift+Ctrl+P to open a new InPrivate browser
window. Make the window full screen and then browse to
http://outlook.office.com.
Page 14 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
23. Sign in to Office 365 as CouryneyK
Sign in to Office 365 as CourtneyK@yourtenantdomainname with a password of Pa$$w0rd.
24. Join the private Q1 Inventory group
Depending on your tenant, in the navigation pane, under Groups, click either Discover
or Browse. In the All groups pane, click Q1 Inventory. Click Join.
25. Send a group join request
In the Request to join Q1 Inventory pane, in the Message box, type I will be joining the
inventory team for the first quarter and then click Send.
26. Review the group join request
Switch to Microsoft Edge and Outlook on the web signed in as Aaron Hartwell.
In the top navigation, click the Notifications icon. The Notifications icon is the bell shaped icon.
Click the message from Courtney Keppler.
In the new message window, review the request and then close the window.
27. Add Courtney to the Q1 Inventory group
In the top navigation, click the Notifications icon to close the list of notifications.
In the navigation pane, under Groups, click Q1 Inventory.
In the Q1 Inventory pane, click More group actions … and then click Members.
Click Add members.
In the Enter the name of a person or a group box, type Courtney Keppler and then click Search
Directory. Since Courtney is the only result, she will be automatically added, click Save.
28. Review the joined group message
Switch to Microsoft Edge signed in to Outlook on the web as Courtney Keppler.
Click the Notifications icon and then click the message from Aaron Hartwell.
Page 15 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
If the message does not arrive after 1 minute, continue to the next task.
Review the message and then close the window.
29. Close Notifications list
The newly joined private group may not appear in Groups list
immediately. Click the Notifications icon to close the list.
30. Leave the Company Sports group.
In Outlook on the web signed in as Courtney Keppler, in the navigation pane, under Groups,
click Company Sports.
You may need to refresh the browser to return to the Inbox.
In the group header, click Joined and then click Leave group.
If the Joined menu is not available, click More group actions …, and then click Leave group.
Note: You can’t leave a group if you are the group’s only administrator. You’ll first need to
assign another member as an administrator before you leave.
31. Add the Carpool group as a favorite.
Switch to Outlook on the web signed in as Aaron Hartwell.
In the navigation pane, under Groups, right click Carpool and then click Add to Favorites.
32. Remove a group as a favorite
Switch to Outlook 2016. If necessary, open Outlook 2016. In the navigation pane under
Favorites, notice the two groups that were added to the Favorites list.
Right click Carpool and the click Remove from Favorites.
33. Review the change to favorites
Switch to Outlook on the web signed in as Aaron Hartwell. Under Groups, right click Carpool
and notice that it can be added as a Favorite again.
Page 16 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Right click Q1 Inventory and notice the option to Remove from Favorites.
34. Start a conversation in the Carpool group
In Outlook on the web signed in as Aaron Hartwell, in the navigation pane, under Groups, click
Carpool.
In the group header, click Conversations.
In the conversation list, click New conversation.
In the message box, type Hello Everyone, my car is out of the shop and I’m ready to get
back into the rotation. Notice the attachment and inline picture options. Click Send. Review
the new conversation that has been created.
Hello Everyone, my car is out of the shop and I’m ready to get back into the rotation.
35. Read and reply to a group conversation.
In the conversation list, click the message from Keenan Newton.
Review the conversation then click Reply all.
In the message box, type I’ll be able to take care of that. and then click Send. Notice that the
conversation has been moved to the top of the list and the conversation shown in the reading
pane.
I’ll be able to take care of that.
36. Forward a group conversation.
In the reading pane, in Aaron’s reply, click the More actions expanding arrow and then click
Forward.
Notice the message is using the regular email template. Click Discard. If Discard is not visible,
you may need to click More options and then click Discard.
37. Delete Aaron’s group conversation
In the conversation list, click the message from Aaron Hartwell stating his car is out of the shop.
Page 17 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
In the reading pane, next to Reply all, click More actions and then click Delete
conversation. In the Delete this conversation? dialog box, click Yes.
38. Browse to the Carpool group
In Outlook on the web signed in as Aaron Hartwell, in the navigation pane, under Groups, click
Discover depending on your tenant.
Click All groups.
Click Carpool.
39. Subscribe to group email
In the profile card, next to Add members, click More actions … and then click Subscribe to
this group by email.
When you subscribe to a group, you are requesting that conversations and meetings from the
group be sent to your inbox.
40. Start a group conversation
Press Esc or click outside of the All groups window.
In the navigation pane, under Groups, click Carpool. In the group header, click Conversations.
Click New conversation.
In the message box, type Testing my new subscription and then click Send.
Testing my new subscription.
41. Unsubscribe from the Carpool group email
Notice the new message notification. The new conversation message was also sent to
Aaron’s Inbox. In the group header, click Joined, and then click Unsubscribe from email for
this group.
42. As Courtney, open the Carpool group
Page 18 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Switch to Outlook on the web signed in as Courtney
Keppler. In the navigation pane, under Groups, click
Carpool.
43. Like a group conversation
In the conversation list, click the Out of rotation for two weeks
conversation. Under Aaron Hartwell’s reply, click Like.
44. As Aaron, review a Likes notification
Switch to Outlook on the web signed in as Aaron Hartwell. In the conversation list, click another
conversation and then click the Out of rotation for two weeks conversation.
Notice the like information. This may not be displayed immediately. Continue with the
lab. Click the Notifications icon and review the new Likes notification.
45. Browse the Carpool group’s files
In Outlook on the web signed in as Aaron Hartwell, in the Carpool group header, click Files.
Wait for the group files to be setup. If the site takes longer than 2 to 3 minutes, refresh the browser
window. In the Welcome dialog box, click NOT NOW.
46. Upload a file to the Carpool group
On the Files tab, click Upload.
Click Files
In the Add a document window, browse to C:\LabFiles, click Northwind Train Schedule.docx,
and then click Open. 47. Browse to the Sales SharePoint Online site
In Microsoft Edge, open a new tab.
In the new tab, browse to https://tenantname.sharepoint.com/sites/Sales
Replace tenantname with your Office 365 tenant name. For example,
https://contoso.sharepoint.com/sites/Sales
Page 19 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
47. Share a document with the Carpool group
On the Sales page, in the navigation pane, click Documents.
Next to New Bus Schedule, click Open Menu … and then click Share.
In the Share ‘New Bus Schedule’ window, in the Invite people box, type
Carpool. In the results list, click Carpool and then click Share.
48. Switch to the Carpool group tab
In Microsoft Edge, close the Carpool - Documents tab and switch to the Carpool group tab.
49. Review the URL for the shared document location
In the navigation menu, under Carpool, click Shared with us. You may need to refresh the page
to see the newly added document.
Move the mouse and pause on the file name. At the bottom of the browser, notice the URL
showing where the document exists.
50. Browse to the Q1 Inventory group
In Microsoft Edge, close the Carpool tab.
In the navigation pane, under Groups, click Q1 Inventory.
51. Open a group calendar
In the in the group header, click Calendar.
Notice that the navigation pane shows a month view. Also, in the navigation pane, a list of
calendars that you own, are a member of, or have added to, as well as the groups calendars are
shown.
52. Add an event to a group’s calendar
In the Calendar view, next to the Q1 Inventory tab, close the Calendar tab. This will close
Aaron’s personal calendar and leave the Q1 Inventory calendar open.
Page 20 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
In the Q1 Inventory group calendar, right-click Tuesday in the following week from today’s date
and then click New.
Unless you are subscribing to the group, events added by other members to the group calendar
are not automatically added to your personal calendar, but you can still add these events if you
want.
53. Add event details
In the Add a title for the event box, type Quick chat about the pickup
schedule. On the menu bar, click Skype meeting and then click Add Skype
meeting.
54. Attach a file to the event
On the menu bar, click Attach.
Click Group files, click the Carpool group.
In the files list, click Northwind Train Schedule, click Next, and then click Attach as a
OneDrive file.
If you see a message stating that something went wrong while connecting to OneDrive for
Business, click Cancel, and click done to reach task 54. It may happen that OneDrive is still being
provisioned in the service. If it still fails, scroll down page and click cancel, then continue onto
next step 56.
When you create a file or folder in the group’s OneDrive for Business page, it is automatically
shared with all members of the group. When you add members to the group, they automatically
get shared access to the files. By default, group members have view/edit access to the files,
while everyone else has view access.
55. Configure a meeting
Clear the All day check box.
Set the Start Time to 10:00AM
Set the End Time to 10:30AM
Page 21 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Save to calendar Q1 Inventory
In the message body, type We can use the attached train schedule to discuss when we'll
travel to the warehouse. Click Save
Start Time 10:00 AM
End Time 10:30 AM
Repeat Never
Save to
calendar
Q1 Inventory
Reminder 15 minutes
Show as Busy
Message body We can use the attached train schedule to discuss when we’ll
travel to the warehouse.
We can use the attached train schedule to discuss when we'll travel to the warehouse.
56. As Courtney, browse to the Q1 Inventory group
Switch to Outlook on the web signed in as Courtney
Keppler. In the navigation pane, under Groups, click Q1
Inventory.
If you have closed the Microsoft Edge browser window with the InPrivate session running, in
Microsoft Edge, press Shift+Ctrl+P to open a new InPrivate session browser window. Browse to
http://outlook.office.com and sign in as CourtneyK@yourtenantdomainname with a password of
Pa$$w0rd.
57. Add the group event to Courtney’s calendar
On the menu, click Calendar.
Page 22 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Click the calendar.
Notice the meeting notification. Click Add to my calendar.
58. Open Courtney’s calendar and review the event
In the navigation menu, under My calendars, click Calendar.
Verify that the meeting has been added to Courtney's calendar.
59. Switch to Aaron’s Outlook on the web Inbox
Switch to Outlook on the web signed in as Aaron Hartwell.
In the top navigation, click the apps launcher icon and then click Mail.
The GroupMail tab should be the only open tab. If you have closed Microsoft Edge entirely,
reopen Microsoft Edge, browse to http://outlook.office.com and sign in as
AaronH@yourtenantdomainname with a password of Pa$$w0rd.
60. Open the Q1 Inventory group editor
In the navigation pane, under Groups, click Q1 Inventory.
In the group header, click More group actions … and then click Edit group. Alternatively, you
can click the group icon or group photo.
61. Change the Q1 Inventory group photo
In the Edit group pane, review the available actions. Notice that the Privacy setting cannot be
changed.
At the bottom of the photo box, click the Change photo pencil icon.
Browse to C:\LabFiles, click Inventory.jpg and then click
Open. Verify the photo has been updated and then click Save.
62. Add members to the Q1 Inventory group
In the Q1 Inventory group header, click More group actions … and then click Members.
Page 23 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Click Add members.
In the Add members box, type Sara and then click Search Directory.
Click Sare Sharkey and then click Save.
Review the group members.
63. Remove Sara Sharkey from the Q1 Inventory group
In the Q1 Inventory group members list, point to Sara Sharkey and then click More
options … In the More options list, click Remove from group.
64. Review the Q1 Inventory group administrators
In the Q1 Inventory group header, click Owners.
Review the current group
administrators. In the group header,
click All.
65. Add Courtney Keppler as a group administrator
In the group members list, right-click Courtney Keppler and then click Make
owner. Notice that Courtney Keppler has been promoted to admin.
66. Delete the Q1 Inventory group.
In the Q1 Inventory group header, click More group actions … and then click Edit group.
In the Edit group pane, scroll down and the click Delete group.
In the Delete group dialog box, select the I understand that the group will be permanently
deleted check box, and then click Delete.
Be careful deleting a group. When you delete a group, you are permanently removing all group
conversations, email, files, calendar events and related information. There is no way to recover
the information. Deleting a group will not delete subscribed group emails that were sent to your
Inbox or group events in your calendar.
Page 24 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
After a group outlives its intended purpose, you can delete the group to free up system
resources and to remove the group from being listed or displayed.
67. Close all open browsers and open tabs
68. Close Outlook 2016
Page 25 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Exercise 3: Administering Groups in Office 365 In this exercise, you will become familiar with administrative tasks related to groups in Office 365.
You will review the admin center management tasks and available PowerShell management tasks.
You will also perform eDiscovery and review auditing options for the Office 365 groups.
1. Sign in to Office 365 as the administrator
On CLIENT01, open Microsoft Edge and browse to http://portal.office.com.
Sign in to Office 365 using your tenant administrator user name and
password. If necessary, click use another account and then sign in.
2. Review a distribution group in Office 365
On the Home page, scroll down and then click Admin or, in the top navigation, click the apps
launcher icon and then click Admin.
In the Office 365 admin center, in the navigation menu, click Groups, and then click Groups.
Review the list of groups and then click All Employees.
In the details pane, review the group’s information and then click Close.
If you are prompted to update your admin contact info, click cancel. It is not necessary to update
the information at this time. You will likely be prompted again during this lab and future labs.
You may choose to update the information at that time or click cancel.
You may also want to change the Zoom percentage in Internet Explorer from 100% to 75% if the
page does not display properly.
3. Review the Biking Frenzy group in Office 365
In the Groups list click Biking Frenzy.
In the details pane, review the group settings and notice the differences from the All Employees
distribution group. Click Close.
4. Search for a Group
Page 26 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
On the menu bar, click Search.
In the Search box, type Company and then press Enter.
Review the results and then click Clear Search X.
5. Delete the Dogs and Cats group
In the Groups list, click Dogs and Cats
In the details pane, click Delete group.
In the dialog box, review the information and then click Delete.
Review the deletion information and then click Close.
Even though most Groups, security groups, mail-enabled security groups, and distribution lists
will be created and managed by others, there are times when the global admin must step in.
Global admins can delete any group from the Office 365 admin center, regardless of the type of
group.
When deleting a Group, you will permanently remove all group conversations, email, documents,
calendar events, and related information. Once this information is deleted, you can't recover it.
6. Edit the Desktop Support group membership
In the Groups list, click Desktop Support.
In the details pane, next to Members, click Edit.
Review the existing members and their role.
7. Add Aaron Hartwell as a group member
On the menu, click Add members.
On the Add members page, select the Aaron Hartwell check box, and then click Save.
Review the information and then click
Close. On the View members page, click
Close.
8. Add Courtney Keppler as a group owner
Page 27 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
In the Desktop Support window, next to Owners, click Edit.
On the View owners page, click Add owners.
Select the Courtney Keppler check box and then click Save.
Review the information and then click
Close. On the View owners page, click
Close.
9. Review the added group members
On the Desktop Support page, review the newly added owners and members and then click
Close.
10. Open the Exchange admin center
In the Office 365 admin center, in the navigation menu, click Admin centers and then click
Exchange.
11. Open groups in the Exchange admin center
In the Exchange admin center, under recipients, click groups.
12. Configure the group naming policy
On the menu, click the More icon, the ellipsis, and then click Configure group naming policy.
Office 365 Group naming policy uses the distribution name policy used by Exchange security
groups. You can specify that a prefix, a suffix, or both be applied to all distribution group names.
You can also block certain words from being used in the names. Prefixes and suffixes can be a
string, an attribute, or a combination of both.
13. Prepend text to a group name
In the group naming policy window, under group naming policy, click the Select one menu,
and then click Text.
In the Enter text box, type Group- and then click OK.
Page 28 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Under Preview of policy, review the format that will be applied to a user created group.
14. Block a word from being used in group naming
In the left navigation, click blocked words.
In the Enter a word to block box, type Everyone, click the Add icon, and then click Save.
15. Open an InPrivate browser session
In Microsoft Edge, press Shift+Ctrl+P to open a new InPrivate browser window.
16. Browse to http://outlook.office.com
Browse to http://outlook.office.com.
17. Sign in to Office 365 as Courtney Keppler
Sign in to Office 365 as CourtneyK@yourtenantdomainname with a password of Pa$$w0rd.
18. Attempt to create a group named Everyone
In the navigation pane, under Groups, click Create.
In the Create a group pane, in the Choose a name box, type Everyone.
In the Create a group pane, click Create.
Read the policy message and then click OK.
19. Rename the group and then create the group
In the Choose a name box, delete the existing name, type Our Company and then click Create.
In the Add members pane, click Not now.
In the navigation pane, under Groups, notice the new group has been created with the prefix
appended by the naming policy.
20. Close the InPrivate browser window.
Page 29 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Close the InPrivate browser window.
21. Open Windows PowerShell.
On CLIENT01, open Windows PowerShell.
You can click Start and then type PowerShell to search for a match. Click Windows PowerShell
Desktop app.
22. Create a PowerShell session to Exchange Online
At the Windows PowerShell command prompt, type the following and then press Enter:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -
ConnectionURI
https://outlook.office365.com/powershell-liveid -Credential (Get-Credential) -
Authentication Basic -AllowRedirection
In the Windows PowerShell credential request window, type your tenant administrator
user name and password and then click OK.
To save time, you can use the Type Text [A|] icon whenever it is available to automatically type
Windows PowerShell commands instead of typing. The Type Text feature is located to the left of
the Done button in the task view screen. To use it, make sure the Windows PowerShell window is
in the foreground then click the icon. Review the text, and then press Enter to run the command.
Every Exchange user has an OWA mailbox policy that governs what they can and can't do with
their mailbox. Updating this mailbox policy removes the ability for users to create Groups.
Because OWA policies are per user, you can limit the ability to create Groups for some users and
not others.
23. Import the PSSession
At the Windows PowerShell command prompt, type the following and then press Enter:
Import-PSSession $Session
24. Review the group creation mailbox policy
Page 30 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Review the existing Outlook on the web mailbox policy. At the Windows PowerShell command
prompt, type the following and then press Enter:
Get-OwaMailboxPolicy | fl Name,GroupCreation*
Review the output of the command. For this lab, the default policy will be used.
25. Use PowerShell to manage Groups.
At the Windows PowerShell command prompt, type the following and then press Enter:
Get-Command *-Unified*
Review the output of the command.
Click on the screen shot [camera] icon to view cmdlets that are available for managing groups.
In order to disable a subset of users from creating groups, you must create a new OWA mailbox
policy, edit the new policy with the settings you wish to enable or disable, and then assign that
policy using the Set-CASMailbox – Identity <user> -OWAMailboxPolicy “<policy name>” cmdlet
to the users.
26. List all existing groups
Review the existing groups. At the Windows PowerShell command prompt, type the following
and then press Enter:
Get-UnifiedGroup
Review the output of the command.
27. Review a group’s membership
Review a group’s membership. At the Windows PowerShell command prompt, type the
following and then press Enter:
Get-UnifiedGroupLinks -Identity Carpool -LinkType
Members
Review the output of the command.
Page 31 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
28. Review a group’s notes
At the Windows PowerShell command prompt, type the following and then
press Enter:
Get-UnifiedGroup -Identity Carpool | fl Name,Notes
Review the output of the command.
29. Configure a group’s notes
At the Windows PowerShell command prompt, type the following and then press Enter:
Set-UnifiedGroup -Identity Carpool -Notes "Share the ride."
There is no output for the command
30. Review the group’s new notes
At the Windows PowerShell command prompt, type the following and then
press Enter:
Get-UnifiedGroup -Identity Carpool | fl Name,Notes
Review the output of the command.
31. Review a group’s photo
At the Windows PowerShell command prompt, type the following and then
press Enter:
Get-UserPhoto -Identity Carpool -GroupMailbox
Review the output of the command.
You can get, set, or remove a group photo using the same *-UserPhoto cmdlet used for
managing user photos. The cmdlet must include the -GroupMailbox parameter.
32. Browse to the Security & Compliance Center
Page 32 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Switch to Microsoft Edge and the Office 365 admin center signed in as the tenant
administrator. In the navigation menu, under Admin centers, click Security &
Compliance.
33. Assign eDiscovery permissions
In the Security & Compliance Center, in the navigation menu, click Permissions.
In the Permissions list, double-click eDiscovery Manager.
Under eDiscovery Administrator, click Add.
In the Select Member window, in the names list, click your tenant administrator account, click
add, and then click OK.
Click Save.
34. Sign out and close all open tabs
Sign out of Office 365 and then close Microsoft Edge and all open tabs.
35. Browse to the Security & Compliance center
On CLIENT01, open Microsoft Edge. Browse to http://portal.office.com
Sign in as your Office 365 tenant administrator.
On the dashboard page, click the Security & Compliance tile.
36. Browse to eDiscovery
In the navigation menu, click Search & investigation, and then click eDiscovery.
37. Create a new eDiscovery compliance case
On the menu bar, click New +.
In the Compliance Case window, in the Case Name box, type Testing Group
eDiscovery. Click Finish.
38. Record the Carpool group’s SharePoint URL
Switch to Windows PowerShell. At the Windows PowerShell command prompt, type the
following and then press Enter:
Page 33 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Get-UnifiedGroup -Identity Carpool | fl Name,SharePointSite*
Write down the SharePoint Site URL. This URL will be used later when configuring the eDiscovery
set.
39. Edit a Compliance Case
Switch to Security & Compliance center and eDiscovery page.
In the Compliance cases list, click Testing Group eDiscovery and then click Edit.
40. Create a new case hold
In the Compliance Case window, in the left navigation, click Holds and then click
New+. In the New case hold window, in the Name box, type Hold for Carpool.
There are two types of holds available: Litigation Hold and In-Place Hold. Litigation Hold uses
the LitigationHoldEnabled property of a mailbox. When Litigation Hold is enabled, all mailbox all
items are placed on hold. In contrast, you can use an In-Place Hold to preserve only those items
that meet that the criteria of a search query that you define by using the In-Place eDiscovery
tool. You can place multiple In-Place Holds on a mailbox, but Litigation Hold is either enabled or
disabled for a mailbox. For both types of holds, you can also specify the duration period to hold
items. The duration is calculated from the date a mailbox item is received or created. If a
duration isn’t set, items are held indefinitely or until the hold is removed.
41. Add the Carpool mailbox to the hold
Under Mailboxes, click Add.
In the Select Members window, in the search box, type Carpool and then press
Enter. In the results list, click Carpool, click add, and then click OK.
42. Add the Carpool SharePoint site to the hold
Under Sites, click Add.
In the Choose sites window, in the Enter the site's URL box, type the Carpool SharePoint site URL
you recorded earlier, click add, and then click OK.
43. In the New case hold window, click Next
Page 34 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
In the New case hold window, click Next.
44. In the New case hold window, click Finish
In the New case hold window, click Finish.
45. Create a new Search
In the Compliance Case window, in the navigation menu, click
Searches. Under Searches, click New+.
46. Name the search and add a mailbox
On the New search page, in the Name box, type Carpool sources.
Under Where do you want us to look?, under choose specific mailboxes to search, click Add.
In the Select Members window, in the search box, type Carpool and then press
Enter. In the results list, click Carpool, click add, and then click OK.
47. Add a SharePoint site to the search
Under Choose specific sites to search, click Add.
In the Choose sites window, in the Enter the site's URL box, type the Carpool SharePoint site URL
you recorded earlier, click add, and then click OK.
48. On the New search page, click Next
On the New search page, click Next.
49. Add keywords to the search
In the What do you want us to look for box, type Schedule and then click Search.
50. Review the search details
In the Testing Group eDiscovery case, in the Carpool sources details pane, review the
information under Results.
51. Preview the search results
Page 35 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Under Results, click Preview search results.
52. Review the search results
In the Preview Search Results window, review the items that have been
discovered. When complete, close the Preview Search Results window.
53. Close the Testing Group eDiscovery window.
Close the Testing Group eDiscover window
54. In the navigation pane, click View reports.
In the navigation pane, click Reports and then click View reports.
55. Click Office 365 audit log report
Under Auditing, click Office 365 audit log report.
56. Click the Show results for all activities menu
On the Audit log search page, Under Activities, click the Show results for all activities menu
57. Review the available auditing reports
In the Show results for all activities menu, scroll down and locate Group administration
activities. Under Group administration activities, review the available reports.
58. Click Added member to group
Click Added member to group.
59. Click Updated group
Click Updated group.
60. Click Deleted group
Click Deleted group.
Page 36 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
61. Close the Activities list
Click an open area on the page to close the Activities list.
62. Review log search filters
Review the remainder of the log search filters. Logs for the activities in this lab will not have been
reported in the audit log. If log collection had been enabled, you would be able to create reports
for the activities performed against groups as well as other activities in your Office 365
organization.
63. Close all open windows
Close all open windows
Page 37 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Lab 2: Administer Microsoft SharePoint Online
Objective
After completing this lab, you will be better able to:
Enable external sharing end to end
Create site collections, one at a time with PowerShell
Create and apply permissions to site collections
Manage users and groups, manually with PowerShell
Manage tenant storage and resources
Scenario
The goal for this hands-on lab (HOL) is to learn how to perform common administrative tasks in the new
SharePoint Online (SPO) admin center, including some tasks using Windows PowerShell.
AUDIENCE
SharePoint IT Professionals and Administrators
Estimated time to complete this lab: 40 minutes
Virtual Machines
1. Ignite2015-DC
2. Ignite2015-EXCH
3. Ignite2015-SP
4. Ignite2015-SPAF
5. Ignite2015-WAC
6. Ignite2015-Win81Client
Exercise 1: PowerShell: Startup and connection
In this exercise you will:
Page 38 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Connect the SharePoint Online Management Shell to your SPO tenant
Connect to your tenant
Scenario: The SharePoint Online Management Shell is a version of PowerShell 3.0 that contains cmdlets
for administering SharePoint Online tenants. You will use this throughout the lab.
1. Connect to Ignite2015-Win81Client
Switch to Ignite2015-Win81Client by clicking on the Switch to Machine icon to the left of the
Done button. You should be logged in as Administrator. If not, sign in as
CONTOSO\Administrator with a password of pass@word1.
You can also select the machine using the Machines tab.
Page 39 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
2. Open SharePoint Online Management Shell
Start SharePoint Online Management Shell with elevated permissions (on the Desktop, right-
click SharePoint Online Management Shell, and then click Run as Administrator).
3. Connect-SPOService
In the PowerShell console, type Connect-SPOService -Url https://<tenant>-
admin.sharepoint.com -credential admin@<tenant>.onmicrosoft.com. Change the URL and
User <tenant> to your SharePoint Online tenant name, and then press ENTER. The SharePoint
Online Management Shell is now connected to your SPO tenant. Keep this open for use later.
Watch for the Type Text icon!!
To have the text automatically typed for you, position the cursor where you want the text to be
entered and click the Type Text icon to the left of the Done button in the lab interface. After the
text is typed, press ENTER.
Page 40 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
This capability is available whenever the Type Text icon is visible.
Connect-SPOService -Url https://-admin.sharepoint.com -credential
admin@.onmicrosoft.com
4. Connect to Tenant
From the Desktop Taskbar, open Internet Explorer. Connect to your tenant with credentials
for an administrative user: https://<tenant>-admin.sharepoint.com
User name: admin@<tenant>.onmicrosoft.com
Password: pass@word1
Page 41 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
5. View SharePoint Online
You are now ready to proceed with the lab.
Page 42 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Congratulations!
You have successfully:
Connected the SharePoint Online Management Shell to your SPO tenant
Connected to your tenant
Click Continue to advance to the next exercise.
Page 43 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Exercise 2: External sharing
In this exercise you will:
Work with external sharing options
Scenario: With SharePoint Online, you can enable the External Sharing feature for content outside your
organization. This would be especially beneficial in cases where you have external vendors collaborating on
a project. You might want certain vendors to have edit access to certain documents, or even read access to
one or more sites in your SharePoint Online environment. At the tenant level, you can allow external users
to accept sharing invitations and sign in as authenticated users. You can also allow document-level sharing
to be done with anonymous users through Guest Links. Once the External Sharing feature is enabled at the
tenant level, site collection administrators can then request sharing options for their site collection(s). Thus,
one site collection in a tenant could have external sharing disabled while another (or others) may allow for
authenticated External User or anonymous Guest Links. By default, new site collections will have external
sharing disabled.
1. Open Sharing
In the SharePoint admin center, in the left navigation, click sharing.
Task 1 – External Sharing Options
In this exercise, you will review the external sharing options for your tenant and then modify the
external sharing options for the Contoso site collection. Once the site collection external sharing
options are set, you will navigate to the site collection, create a document, and walk through the
steps for sending an anonymous Guest Link for that document.
Page 44 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
2. View External Sharing Errors
In the Sharing outside your organization area, be aware that, for the tenant, sharing is set to
Allow sharing to authenticated external users and using anonymous access links. This is the
default setting for tenants.
Page 45 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
3. Select Site Collection
In the left navigation, click site collections. Select the check box to the left of the first site
collection (https://<tenant>.sharepoint.com).
Page 46 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
4. Site Collection Sharing
In the ribbon, click Sharing.
Page 47 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
5. Configure Sharing Settings
In the sharing dialog, be aware that external sharing may be disabled. Click Allow sharing with
all external users, and by anonymous access links, which will allow users to share content
externally by sending anonymous access links. Click Save. Note: It may take up to several
minutes for processing on the update action to complete. You will see a green wait circle while
the processing occurs. You can continue with the next step.
Page 48 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
6. Open New Browser Tab
Start a new browser tab and navigate to the Contoso Team Site site at
https://<tenant>.sharepoint.com.
Page 49 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
7. Upload Document
In the Documents library, upload the C:\HOLs\HOL3100\New Training Programs PowerPoint
file.
Page 50 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
8. Share Document
Click the ellipsis for the document you uploaded and click SHARE.
Page 51 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
9. Configure Share Permissions
In the sharing window, to the right of the invite box, click the list dropdown to view the
permission options (Can edit or Can view). Note: You can type names or e-mail addresses in
the invite box (this can be any e-mail address, internal or external). If you want to see what an
end user receives, type your personal e-mail address and you will receive the sharing notification
if you click Share at the end of this exercise. Clear the Require sign-in check box to make this
invitation an anonymous Guest Link. Click Cancel. Note: Click Share if you want to see the
results of sharing.
Page 52 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
10. Complete Share
At the bottom of the preview window, click SHARE.
Page 53 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Congratulations!
You have successfully:
Worked with external sharing options
Click Continue to advance to the next exercise.
Page 54 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Exercise 3: Site Collection Administration: Create
Site Collections using the browser
In this exercise you will:
Create new site collections in the browser
1. Open SharePoint Admin Center
Start on the site collections page of the SharePoint admin center (for example,
https://<tenant>-admin.sharepoint.com/).
2. View Resources
Page 55 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
At the upper right, review the storage (MB) and server resources available for this tenant. When
you create the new site collection here and later in the lab, keep these limitations in mind. In this
screenshot example, there are 13,900 MB and 300 server resources available.
3. Limit Resource Quota
Click the checkbox next to the /sites/sales site collection. In the ribbon, click Server Resource
Quota. In the set server resource quota window, in the “limit the server resource quota…” box,
enter 100. Click Save. At the top right of the site collections window, you should now see at
least several hundred more server resources reduced.
Page 56 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
4. Create Site Collection
In the ribbon, click New and click Private Site Collection.
Page 57 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
5. Configure Site Collection (Name)
In the new site collection dialog, in the Title box, type Contoso Test.
Page 58 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
6. Configure Site Collection (Web Site Address)
In the Website Address URL box, type contosotest. Note: If the Contoso Test site collection is in
the recycle bin, you might need to increment the site collection URL (for example, contosotest2).
Site collections are not permanently removed from the recycle bin until after 30 days; however,
you can use PowerShell to permanently delete them as will be demonstrated later.
Page 59 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
7. Configure Site Collection (Template)
In the Template Selection area, click the Enterprise and Publishing tabs to review the available
templates. Click the Collaboration tab and then click the Team Site template.
Page 60 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
8. Configure Site Collection (Tenant Administrator)
In the Administrator box, type the tenant administrator’s user alias and then click the Check
Names icon. The user name should resolve.
Page 61 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
9. Configure Site Collection (Quota)
In the Server Resource Quota box, type 300. Click OK.
Page 62 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
10. View Results
You will be returned to the admin center, where you can see the new site collection. It may take
up to several minutes for the create action to complete; you will see a “new” tag next to it.
Page 63 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Congratulations!
You have successfully:
Created new site collections in the browser
Click Continue to advance to the next exercise.
Page 64 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Exercise 4: Site Collection Administration:
SharePoint Online Management Shell
In this exercise you will:
Explore the SPO Management Shell
Obtain site collection information from the tenant
Scenario: In this exercise, you will explore the SPO Management Shell, and use it to obtain some site
collection information from the tenant.
PowerShell is especially useful when creating or managing multiple site collections or users. In this
exercise and elsewhere in this lab, you will use both the browser and PowerShell methods.
1. Switch to SharePoint Online Management Shell
Return to the SharePoint Online Management Shell that you prepared earlier, connected to the
online tenant.
2. Show List of Available Cmdlets for SharePoint
Page 65 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
PowerShell has powerful built-in help and discovery tools to help you learn. These are, not
surprisingly, provided through cmdlets right in the shell. For example, you can get a list of all the
cmdlets that are available for SharePoint Online. At the PowerShell prompt, type the following
cmdlet and then press ENTER: Get-Command –module
Microsoft.Online.SharePoint.Powershell. Don't forget to use the Type Text feature!
Get-Command –module Microsoft.Online.SharePoint.Powershell
Page 66 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
3. Show List of All Site Collections
At the PowerShell prompt, type the following cmdlet and then press ENTER: Get-SPOSite -
Detailed | Format-Table-AutoSize
Get-SPOSite -Detailed | Format-Table -AutoSize
4. Show List of Site Template Codes
You will soon be creating site collections using PowerShell. In order to define the site templates
for the new site collections, you need to know the template codes. Again, you can get these right
in PowerShell. At the PowerShell prompt, type the following cmdlet and then press
ENTER: Get-SPOWebTemplate | Select Name, Title
Page 67 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Get-SPOWebTemplate | Select Name, Title
5. OPTIONAL TASK: Export Output to Files
PowerShell can export its output to files, or import contents of a file. The output is usually more
detailed than can be shown in the shell. For example, if you wanted a permanent list of site
collection templates, you might use a cmdlet similar to the following (for Administrator,
substitute the logged-on user alias, for example administrator, or if you are on your own
machine, use your alias): Get-SPOWebTemplate | Export-Csv
c:/Users/Administrator/desktop/Templates.csv. Try it and see…open the file in Excel to view
the detailed list.
Page 68 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Get-SPOWebTemplate | Export-Csv c:/Users/Administrator/desktop/Templates.csv
Congratulations!
You have successfully:
Explored the SPO Management Shell
Obtained site collection information from the tenant
Click Continue to advance to the next exercise.
Page 69 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Exercise 5: Site Collection Administration: Create a
Site Collection using PowerShell
In this exercise you will:
Create a new site collection with the SharePoint Online team site template
Confirm site creation
Scenario: In this exercise, you will use the SPO Management Shell to create a site collections with a single
command.
1. Create Site Collection with SPO Team Site Template
At the PowerShell prompt, type the following cmdlet, edit as needed, and then press
ENTER: New-SPOSite -Owner <user>@<tenant>.onmicrosoft.com -StorageQuota 100 -Url
https://<tenant>.sharepoint.com/sites/Test01 -NoWait -ResourceQuota 25 -Template
EHS#1 -TimeZoneId 10 -Title "Test 1"
Where:
o <tenant> is the name of your SPO tenant
o <user> is the SharePoint user alias to which you want to grant ownership of the new site
collection; for example, aaronH or admin (it is recommended that you use the
administrative owner [admin]).
When the cmdlet completes, you will be returned to the PowerShell prompt—there is no
confirmation of the creation of the new site collection. You will do that in the next step.
Page 70 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
New-SPOSite -Owner @.onmicrosoft.com -StorageQuota 100 -Url
https://.sharepoint.com/sites/Test01 -NoWait -ResourceQuota 25 -Template EHS#1 -
TimeZoneId 10 -Title "Test 1"
2. Confirm Site Creation
At the PowerShell prompt, type the following cmdlet and then press ENTER: Get-SPOSite -
Detailed | Format-Table -AutoSize.
Page 71 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Get-SPOSite -Detailed | Format-Table -AutoSize
3. OPTIONAL TASK: Open New Site
In the browser, in a new tab, navigate to the new site collection to see the newly “PowerShell
created” team site (https://<tenant>.sharepoint.com/sites/test01).
Page 72 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Congratulations!
You have successfully:
Created a new site collection with the SharePoint Online team site template
Confirmed site creation
Click Continue to advance to the next exercise.
Page 73 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Exercise 6: Site Collection Administration:
Delete/Restore a Site Collection using PowerShell
In this exercise you will:
Add content to a site collection
Delete a site collection using PowerShell
Restore a site collection with PowerShell
Scenario: When you delete a site collection in SharePoint Online, it gets moved to the recycle bin. As an
administrator, you have 30 days to restore a deleted site collection, otherwise it is permanently deleted.
When you do restore a site collection, all of the properties of that site collection (including content) are
preserved. As you may have discovered in the previous task, the URLs for site collections in the recycle bin
are “still in use,” so they cannot be used when creating new site collections. As you will see later, you can
permanently delete the site collection using PowerShell if that is desired.
You can delete a site collection in the SharePoint admin center, but in this exercise you will use PowerShell
for that purpose. Upon deletion, the site collection is moved to the recycle bin. In a later task, you will
remove it permanently from the recycle bin. It is assumed that you successfully created the site collection
test01 in a previous exercise. You will use also use PowerShell to restore the deleted site collection, noting
how the content you added was preserved after the restoration.
In this task, you will first add content to an existing site collection, and then delete that site collection using
PowerShell.
1. Open Site (Test01)
Navigate to the home page for the Test01 Site Collection (for example,
https://<tenant>.sharepoint.com/sites/test01).
Page 74 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
https://.sharepoint.com/sites/test01
2. Create New Document
In the Documents Web part, click new and then click Word document.
Page 75 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
3. Rename File
In the breadcrumb at the top of Word Web App, click Document. Type Sample to rename the
document and press Enter.
Page 76 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
4. Add Text
In Word Web App, type sample content (for example, This is a sample Word document).
Page 77 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
5. Navigate to Home Page
In the breadcrumb at the top of Word Web App, click Contoso Team Site. Verify the new Word
document is in the Documents library.
Page 78 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
6. Switch to SPO Management Shell
Return to the SharePoint Online Management Shell.
Page 79 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
7. Delete SPO Site Using PowerShell
At the PowerShell prompt, type the following cmdlet, edit as necessary, and press
ENTER: Remove-SPOSite -Identity https://<tenant>.sharepoint.com/sites/test01. When
prompted, type Y and press Enter.
Page 80 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Remove-SPOSite -Identity https://.sharepoint.com/sites/test01
8. Switch to SharePoint Admin Center
Wait for the prompt to return (it may take several minutes) and then return to your browser
session. You should be in the SharePoint Admin Center.
Page 81 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
9. Open Recycle Bin
In the ribbon, click Recycle Bin.
Page 82 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
10. Verify Recycle Bin Contents
Verify that the site collection has been moved to the recycle bin.
Page 83 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
11. Switch to SPO Management Shell
Return to the SharePoint Online Management Shell.
Page 84 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
12. Restore SPO Site Using PowerShell
At the PowerShell prompt, type the following cmdlet, edit as necessary, and then press
ENTER: Restore-SPODeletedSite -Identity https://<tenant>.sharepoint.com/sites/test01
Page 85 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Restore-SPODeletedSite -Identity https://.sharepoint.com/sites/test01
13. Confirm Site Restoration
Wait for the prompt to return (it may take several minutes) and then return to your browser
session. Navigate back to the site collections page in the SharePoint admin center. Notice
the site collection has been restored.
Page 86 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
14. Navigate to Site (Test01)
Navigate to the restored test01 site collection https://<tenant>.sharepoint.com/sites/test01).
See that the content has also been restored (the sample document you created earlier).
Page 87 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
15. Switch to SharePoint Admin Center
In the browser, return to the SharePoint admin center (contains the list if site collections) and
refresh the page.
Permanently delete a site collection with PowerShell
In the previous steps, you deleted and then restored a site collection in the browser. As you may
have discovered, the URLs for site collections in the recycle bin are “still in use,” so they cannot be
used when creating new site collections – deleted site collections will remain in the recycle bin for
30 days by default. Fortunately, in PowerShell you can permanently delete a site collection if you
need to re-use the URL immediately or if you need to increase resource capacity. In this task, you
will use PowerShell to remove a site collection permanently from the recycle bin. Note: This step
is irreversible. If you did not create the site collection shown in a previous part of this lab,
substitute another site collection that you can delete permanently, or skip this task and move to
the next exercise.
Page 88 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
16. Delete SPO Collection
We will now delete the test01 site collection again, and this time follow up with permanent
deletion from the Recycle Bin. At the PowerShell prompt, type the following cmdlet, edit as
needed, and then press ENTER: Remove-SPOSite -Identity
https://<tenant>.sharepoint.com/sites/test01. When prompted, press Enter to accept the
default (Yes).
Page 89 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Remove-SPOSite -Identity https://.sharepoint.com/sites/test01
17. Permanently Delete SPO Site Using PowerShell
Wait for the PowerShell prompt to reappear. At the PowerShell prompt, type the following
cmdlet and then press ENTER: Remove-SPODeletedSite -Identity
https://<tenant>.sharepoint.com/sites/test01. When prompted, press ENTER to confirm.
Page 90 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Remove-SPODeletedSite -Identity https://.sharepoint.com/sites/test01
18. Switch to SharePoint Admin Center
Return to the SharePoint admin center, in the site collections page. Refresh the page. Confirm
that the site collection test01 has been removed.
Page 91 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Congratulations!
You have successfully:
Added content to a site collection
Deleted a site collection using PowerShell
Restored a site collection with PowerShell
Click Continue to advance to the next exercise.
Page 92 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Exercise 7: Resource management
In this exercise you will:
Use PowerShell to manage resource usage and quotas
1. Inventory Resource Usage
At the PowerShell prompt, type the following cmdlet and then press ENTER: Get-SPOSite –
Detailed | Select url, StorageQuota, StorageUsageCurrent | Format-Table –Wrap -Autosize.
(Your results may not exactly match the screen shot.)
Get-SPOSite –Detailed | Select url, StorageQuota, StorageUsageCurrent | Format-Table –
Wrap -Autosize
2. OPTIONAL: Generate Resource Inventory to CSV File
Page 93 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Because screen size in the PowerShell window is limited, we displayed only a few site collection
properties. To generate a more detailed report that is exported to a .csv file, you can use the
following cmdlet: Get-SPOSite –Detailed | Select * | Export-CSV c:\SiteCollectionData.csv.
Get-SPOSite –Detailed | Select * | Export-CSV c:\SiteCollectionData.csv
3. Modify SPO Site Collection (ContosoTest)
Suppose you are planning to add more content to the /contosotest site collection. Let’s raise its
storage quota from 100MB to 1000MB and generate a warning when the usage exceeds 750
MB. At the PowerShell prompt, type the following cmdlet, edit as necessary, and press
ENTER: Set-SPOSite –Identity https://<tenant>.sharepoint.com/sites/contosotest -
StorageQuota 1000 -StorageQuotaWarningLevel 750. Note: The cmdlet may take a minute or
so to complete. Wait for the prompt to reappear before moving on.
Page 94 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Set-SPOSite –Identity https://.sharepoint.com/sites/contosotest -StorageQuota 1000 -
StorageQuotaWarningLevel 750
4. Confirm Changes
To confirm the change, at the PowerShell prompt type the following cmdlet and then press
ENTER: Get-SPOSite –Detailed | Select url, StorageQuota, StorageUsageCurrent | Format-
Table –Wrap -Autosize.
Page 95 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Get-SPOSite –Detailed | Select url, StorageQuota, StorageUsageCurrent | Format-Table –
Wrap -Autosize
5. View Tenant Resource Usage and Quota
Let’s now look at the tenant resource usage and quota. 5. At the PowerShell prompt, type or
copy/paste the following cmdlet and then press ENTER: Get-SPOSite –Detailed | Select url,
ResourceQuota, ResourceUsageCurrent | Format-Table –Wrap -Autosize. Note: Your results
may not exactly match the screen shot.
Page 96 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Get-SPOSite –Detailed | Select url, ResourceQuota, ResourceUsageCurrent | Format-Table
–Wrap -Autosize
6. OPTIONAL TASK: Modify Quota and Warning Level
In the same way as for storage usage, use the following cmdlet to increase the resource quota
and set a warning level for the /project01 site collection: Set-SPOSite –Identity
https://<tenant>.sharepoint.com/sites/contosotest ResourceQuota 50 -
ResourceQuotaWarningLevel 40
Page 97 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Set-SPOSite –Identity https://.sharepoint.com/sites/contosotest -ResourceQuota 50 -
ResourceQuotaWarningLevel 40
Congratulations!
You have successfully:
Used PowerShell to manage resource usage and quotas
Click Continue to advance to the next exercise.
Page 98 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Exercise 8: User administration: Manage
Profiles/Properties in browser
In this exercise you will:
Manage user profiles and properties in the browser
Scenario: The content that appears on a user’s About Me page is gleaned from a user’s profile. As an
administrator, you can “on behalf of” edit a user’s profile in the SharePoint admin center. Users have the
ability to edit certain properties in their own profiles, and you as an administrator can unlock properties so
that users can make additional profile edits. In this task, you will manage Aaron’s profile by setting
Cathleen as his manager, which would get displayed on his About Me page within the Organizational
Browser. You will also unlock the Job Title property so that it can be edited by users.
1. Switch to SharePoint Admin Center
Navigate to the SharePoint admin center (for example,
https://<tenant>admin.sharepoint.com/).
Page 99 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
2. Manage User Profiles
In the left navigation, click user profiles. In the People area, click Manage User Profiles.
Page 100 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
3. Initiate Search (AaronH)
In the Find profiles box, type AaronH and then click Find.
4. Edit Profile
Pause on and then click the down arrow to the right of Aaron’s account name (this is not visible
until you pause to the right of the account name), and then click Edit My Profile.
5. Review Properties
Review how certain properties can be shown either to Everyone or Only Me, with the latter
option making the property visible on the About Me page only for that user.
6. View Properties
Page 101 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Aaron’s manager should be Cathleen Byrd. If not, in the Manager box, type cathleenb and then
click the Check Names icon. Click Save and Close.
7. Manage User Properties
In the left navigation, click user profiles. In the People area, click Manage User Properties.
8. Edit Job Title
Pause on and then click the down arrow to the right of the Job Title property (again, this is not
visible until you pause to the right of the property), and then click Edit.
9. Edit Settings (Unlock)
Scroll down to the Edit Settings area. To unlock the property, click Allow users to edit values
for this property. Click OK. End users can now fill in this field from their Personal Site.
Congratulations!
You have successfully:
Manage user profiles and properties in the browser
Click Continue to advance to the next exercise.
Page 102 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Exercise 9: User administration: Manage Users and
Groups with PowerShell
In this exercise you will:
Manage users and groups with PowerShell
Scenario: You can use PowerShell to manage users, groups, and permissions on a site collection. When a
site collection is created, by default only the site collection administrators have access to that site collection.
As the administrator for a site collection, you have to manually grant users access by specifying them as
owners, members, or visitors. Of course, a user that is an owner can also add other users to SharePoint
groups and thus grant access accordingly. In this task, you will add Aaron Hartwell to the list of Site
Collection Administrators on the Contoso Test site collection. You will then add Courtney Keppler to the
“Contoso Test Owners” group.
1. Modify Site Collection Administrators
Let’s start with adding Aaron to the list of Site Collection Administrators. At the PowerShell
prompt, type the following cmdlet and then press ENTER: Set-SPOUser -Site
https://<tenant>.sharepoint.com/sites/contosotest -LoginName
aaronh@<tenant>.onmicrosoft.com -IsSiteCollectionAdmin $true
Set-SPOUser -Site https://.sharepoint.com/sites/contosotest -LoginName
aaronh@.onmicrosoft.com -IsSiteCollectionAdmin $true
2. Modify Group (Project Alpha Owners)
Next, add Courtney to the Project Alpha Owners group. At the PowerShell prompt, type the
following cmdlet, edit as necessary, and then press ENTER: Add-SPOUser -Group “Contoso
test Owners” -LoginName courtneyk@<tenant>.onmicrosoft.com -Site
https://<tenant>.sharepoint.com/sites/contosotest
Add-SPOUser -Group “Contoso Test Owners” -LoginName courtneyk@.onmicrosoft.com
-Site https://.sharepoint.com/sites/contosotest
Page 103 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
3. Add Security Group (Auditors)
Now let’s add some new security groups to the site collection and assign permissions to the
group. For example, we might want a new group called “Auditors” that has “View Only”
permissions. At the PowerShell prompt, type the following cmdlet, edit as necessary, and then
press ENTER: New-SPOSiteGroup -Group Auditors -PermissionLevels "View Only" -Site
https://<tenant>.sharepoint.com/sites/contosotest. Note: Group properties such as
permission levels can be updated later using the SetSPOSiteGroup cmdlet.
New-SPOSiteGroup -Group Auditors -PermissionLevels "View Only" -Site
https://.sharepoint.com/sites/contosotest
4. Add Member to Group (Auditors)
Next, add a user to the new “Auditors” group. In this example we are using saras; you could use
any tenant user. At the PowerShell prompt, type the following cmdlet and then press
ENTER: Add-SPOUser -Group Auditors -LoginName saras@<tenant>.onmicrosoft.com -
Site https://<tenant>.sharepoint.com/sites/contosotest
Add-SPOUser -Group Auditors -LoginName saras@.onmicrosoft.com -Site
https://.sharepoint.com/sites/contosotest
5. Navigate to Site (contosotest)
To confirm that these additions were made to the tenant return to your browser and navigate to
https://<tenant>.sharepoint.com/sites/contosotest.
https://.sharepoint.com/sites/contosotest
6. Open Site Settings
Click Settings (gear icon at the upper right), and then click Site settings.
7. Open People and Groups
Click People and groups.
8. See More...
Page 104 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
In the left navigation, click More...
9. Open Group Properties (Auditors)
Click Auditors.
10. Confirm Changes
See that the new group and user have been correctly provisioned.
Congratulations!
You have successfully:
Managed users and groups with PowerShell
Click Continue to advance to the next exercise.
Page 105 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Exercise 10: User administration: Remove Users
from a Group using PowerShell
In this exercise you will:
Remove users from a group with PowerShell
Scenario: In this exercise, you will use PowerShell to remove a user from a site collection security group.
1. Get User List
At the PowerShell prompt, type the following cmdlet, edit as necessary, and then then press
ENTER:
Get-SPOUser –Site https://<tenant>.sharepoint.com/sites/contosotest
Get-SPOUser –Site https://.sharepoint.com/sites/contosotest
2. Remove User from Group
Let’s remove Sara Sharkey from the site collection Auditors group: at the PowerShell prompt, type
the following cmdlet, edit as necessary, and then press ENTER: Remove-SPOUser -LoginName
saras@<tenant>.onmicrosoft.com -Site https://<tenant>.sharepoint.com/sites/contosotest
-Group Auditors
Remove-SPOUser -LoginName saras@.onmicrosoft.com -Site
https://.sharepoint.com/sites/contosotest -Group Auditors
3. Confirm Removal of User from Group
To confirm the removal of Sara from the Auditors group: at the PowerShell prompt, type the
following cmdlet, edit as necessary, and then then press ENTER: Get-SPOUser –Site
https://<tenant>.sharepoint.com/sites/contosotest
Get-SPOUser –Site https://.sharepoint.com/sites/contosotest
Page 106 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Congratulations!
You have successfully:
Removed users from a group with PowerShell
Click Continue to advance to the next exercise.
Page 107 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Exercise 11: User administration: User Reports
In this exercise you will:
Generate user reports
Scenario: In this task, you will generate some user reports for several site collections.
1. Get User List
At the PowerShell prompt, type the following command, edit as necessary, and then press
ENTER: Get-SPOUser -Site https://<tenant>.sharepoint.com/sites/contosotest
Get-SPOUser -Site https://.sharepoint.com/sites/contosotest
2. Generate Report (Contosotest)
At the PowerShell prompt, type the following command, edit as necessary, and press ENTER:
Get-SPOUser -Site https://<tenant>.sharepoint.com/sites/contosotest | select * | Format-
table -Wrap -AutoSize | Out-File c:\UsersReport.txt -Force -Width 360 -Append
To make such reports more useful, we will pipe the results for several site collections to a nicely formatted
text file. Be aware that the parameter –Append will add new content to an existing file.
Get-SPOUser -Site https://.sharepoint.com/sites/contosotest | select * | Format-table -
Wrap -AutoSize | Out-File c:\UsersReport.txt -Force -Width 360 -Append
3. Generate Report (Sales)
At the PowerShell prompt, type the following command, edit as necessary, and press ENTER:
Get-SPOUser -Site https://<tenant>.sharepoint.com/sites/sales | select * | Format-table -
Wrap -AutoSize | Out-File c:\UsersReport.txt -Force -Width 360 -Append
To make such reports more useful, we will pipe the results for several site collections to a nicely formatted
text file. Be aware that the parameter –Append will add new content to an existing file.
Page 108 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Get-SPOUser -Site https://.sharepoint.com/sites/Sales | select * | Format-table -Wrap -
AutoSize | Out-File c:\UsersReport.txt -Force -Width 360 -Append
4. Open Report
Open the file C:\UsersReport.txt in Notepad and view the report (your results will not
necessarily match the screen shot). Note: Although the screenshot displays a fairly simple report,
the cmdlets could be combined into a PowerShell script. With a bit more code, you could add
other information to the report, for example the site collection name above each group. Close
the report.
Page 109 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
5. OPTIONAL TASK
Hint: Use Get-SPOSite and Out-File to write site collection information to the file before each
Get-SPOUser cmdlet in the script. For example, the following cmdlet would add information for
the contosotest site collection:
Get-SPOSite https://<tenant>.sharepoint.com/sites/contosotest | format-table -Wrap -
Autosize | Out-file c:\usersreport.txt -force -width 360 -Append
Page 110 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Get-SPOSite https://.sharepoint.com/sites/contosotest | format-table -Wrap -Autosize |
Out-file c:\usersreport.txt -force -width 360 -Append
Congratulations!
You have successfully:
Generated user reports
Click Continue to close and finalize this lab.
Page 111 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Lab 3: Schedule and produce broadcast
meetings
Objective
Scenario
Virtual Machines
41-661-Cloud-CLIENT1
41-661-Cloud-CLIENT2
Exercise 1: Enabling your organization for Skype
Meeting Broadcast
In this exercise, you will enable your Office 365 organization for Skype for Meeting Broadcast.
1. Verify lab requirements.
NOTE: If you already completed the setup and provisioned your Office 365 tenant using
Lab Preparation and Setup Document, you can skip to Step 2.
Verify lab requirements. You must already have an Office 365 E5 tenant in order to complete this
lab. Due to configuration changes made by this lab to the Office 365 tenant, it is recommended
to use a new trial tenant to ensure your production tenant is not impacted.
If you have not been provided a tenant for use in this lab, you can sign up for a new Office 365 E5
trial tenant from here: https://products.office.com/en-us/business/office-365-enterprise-e5-
business-software.
On the Office 365 Enterprise page, click Free trial and then complete the questionnaire. You
should write down your tenant administrator username and password because it will be used
throughout the lab.
Once you have signed up for a tenant, sign in to your tenant and verify that it has finished
provisioning.
Page 112 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
2. Switch to CLIENT1
Switch to CLIENT1.
3. Sign in as Jane Ayers
Sign in as Jane Ayers with a password of Pa$$w0rd
If you receive a Networks notification, click Yes to allow network discovery.
4. Open File Explorer
Open File Explorer
5. Browse to C:\Scripts\BroadcastMeeting
Browse to C:\Scripts\BroadcastMeeting
6. Run the configuration script
Right-click CreateCloudUsersBroadcastMeeting.exe and then click Run as administrator,
7. Click Yes
In the User Account Control dialog box, click Yes.
8. Sign in as your tenant administrator
In the credentials window, type your Office 365 tenant administrator user name and password.
9. Click OK
Click OK to create the user accounts that will be used in the lab.
10. In the Script Complete window, click OK
Wait for the script to complete and then, in the Script Complete window, click OK.
Page 113 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
If the script takes longer than seven minutes, leave the script window open and continue with the
lab. It may happen that a job is taking longer than expected.
11. Open Outlook 2016
Click Start, scroll down and then click Outlook 2016.
Outlook® 2016 and Skype for Business 2016 are being set up now for use in the lab. They are not
required to enable Skype Meeting Broadcast.
12. On the Welcome screen, click Next
On the Welcome screen, click Next.
13. On the Add an Email Account page, click Next
On the Add an Email Account page, click Next.
14. In the Your Name box, type Billie Townes
On the Auto Account Setup page, in the Your Name box, type Billie Townes.
15. Type Billie Townes’ email address
In the E-mail Address box, type BillieT@yourtenantdomainname.
16. Type the Password Pa$$w0rd
In the Password and Retype Password boxes, type Pa$$w0rd
17. Click Next
Click Next.
18. Verify Billie’s email address is shown
In the Windows Security dialog box, verify that BillieT@yourtenantdomainname is shown.
19. In the Password box, type Pa$$w0rd
Page 114 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
In the Password box, type Pa$$w0rd
20. Select the Remember my credentials check box
Select the Remember my credentials check box.
21. Click OK
Click OK.
22. On the Configuring page, click Finish
On the Configuring page, click Finish.
Leave Outlook open.
23. Type Billie Townes’ email address
In the Active Office window, in the Type your email address or phone number box, type
BillieT@yourtenantdomainname
24. Click Next
Click Next.
25. In the Password box, type Pa$$w0rd
In the Password box, type Pa$$w0rd
26. Click Sign in
Click Sign in.
27. In the Account Updated dialog box, click OK
In the Account Updated dialog box, click OK.
28. Click Accept
In the First things first dialog box, click Accept.
Page 115 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
29. Close any additional message dialog boxes
Close any additional message dialog boxes.
30. Open Skype for Business 2016
Click Start, scroll down and then click Skype for Business 2016.
31. Close the Welcome window
Close the Welcome – Skype for Business window.
32. Type Billie Townes’ email address
In the Skype for Business client, in the Sign in address box, type BillieT@yourtenantdomainname
33. Click Sign In
Click Sign In.
34. In the Password box, type Pa$$w0rd
In the Password box, type Pa$$w0rd
35. Click Sign In
Click Sign In.
36. Click Yes to save the password
In the Do you want us to save your Skype for Business sign-in info dialog box, click Yes.
37. Click Yes to make Skype for Business better
In the Help Make Skype for Business Better dialog box, click Yes.
38. On CLIENT1, open Windows PowerShell.
On CLIENT1, open Windows PowerShell.
Page 116 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
The Skype for Business Online module for Windows PowerShell has already been installed.
39. Create a new PowerShell session
At the Windows PowerShell command prompt, type the following and then press Enter:
$session = New-CsOnlineSession –Credential ($Cred = Get-Credential)
40. Type your tenant admin username and password
In the Windows PowerShell credential request window, type your tenant administrator’s user
name and password and then press Enter.
41. Import the PowerShell session
At the Windows PowerShell command prompt, type the following and then press Enter:
Import-PSSession $session
42. Review the Broadcast Meeting settings
At the Windows PowerShell command prompt, type the following and then press Enter:
Get-CsBroadcastMeetingConfiguration
43. Verify that Broadcast Meetings are enabled
In the output of the command, review the setting for EnableBroadcastMeeting. Verify that the it is
set to True. If it is not set to True, run the following command:
Set-CsBroadcastMeetingConfiguration –EnableBroadcastMeeting $True
Exercise 2: Using Skype Meeting Broadcast
In this exercise, you will schedule a Skype Meeting Broadcast and experience the meeting as a team
member and attendee.
1. On CLIENT1, open Microsoft Edge™
On CLIENT1, open Microsoft Edge.
2. Browse to https://broadcast.skype.com
Page 117 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Browse to https://broadcast.skype.com.
3. Sign in as Billie Townes
Sign in as BillieT@yourtenantdomainname with a password of Pa$$w0rd
4. Click New meeting
On the Skype Meeting Broadcast page, click New meeting.
If you receive a message stating that you do not have permissions to create the meeting, you
may have to wait 3-5 minutes and then try again. In some cases, it may take up to an hour before
Skype for Meeting Broadcast is enabled. If this occurs, note your tenant administrator user name
and password, and return to this lab at a later time. You will not have to run the setup script
again, just pick up where you left off in the lab.
5. In the title box, type My Live Broadcast
On the Meeting settings page, under Meeting details, in the Meeting title box, type My Live
Broadcast.
6. Verify the start date
In the Meeting time section, verify the Start Date is today’s date.
7. Set the start time
Set the Start time to 30 minutes from the current time.
8. Set the duration to 1 hour
Set the Duration to 1 hour.
9. Add members to the broadcast meeting
Under Event team, read the information, and then, in the Members box, type CathleenB,
ElijahD
10. Click Check names
Page 118 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Click Check names.
Be sure to separate the names using a comma. A semicolon can also be used.
11. Review the access levels
Scroll down, and under Attendees, review the access levels available for the meeting.
12. Click Anonymous
Click Anonymous.
13. Review the default recording selections
Under Video recording, notice that Create a video for download and Make video on demand
available after the meeting are selected by default.
14. Click Create
Scroll to the top of the page and then click Create.
15. Click Create Outlook invitation
On CLIENT1, in the Skype Meeting Broadcast window, under My Live Broadcast, click Create
Outlook invitation.
16. Click Save and then click Open
In the banner at the bottom of the window, click Save, and then click Open.
17. Open with Outlook 2016
In the How do you want to open this file dialog box, verify that Outlook 2016 is selected and
then click OK.
18. Review the meeting and then click Send Update (Note: This might take a 1-2 minutes to
display).
Page 119 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
In the My Live Broadcast – Meeting window, review the information that will be provided to
meeting participants. Click Send Update.
The meeting invitation may have opened behind the browser window.
19. Join the meeting
On CLIENT1, open the Outlook event from the reminder window or open the meeting from the
calendar and then click the Join the meeting link.
20. Click Sign in as event team member
On the Skype Meeting Broadcast page, click Sign in as event team member.
If necessary, on the Sign in page, type BillieT@yourtenantdomainname and then press Enter.
If the meeting does not launch, refresh the web page.
21. In the dialog box, click Yes
In Microsoft Edge, in the Did you mean to switch apps dialog box, click Yes.
22. In the Join Meeting Audio dialog box, click OK
In the Join Meeting Audio dialog box, click OK.
If prompted, in the Windows Firewall has blocked some features of this app window, click All
access.
23. Wait for the My Live Broadcast window to open
Wait for the My Live Broadcast window to open.
24. Switch to CLIENT2
Switch to CLIENT2.
25. Sign in as Cathleen Byrd
Sign in as Cathleen Byrd with a password of Pa$$w0rd
If you receive a Networks notification, click Yes to allow network discovery.
26. Open Skype for Business 2016
Page 120 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Click Start, scroll down, and then click Skype for Business 2016.
27. Type Cathleen’s email address
In the Active Office window, in the Type your email address or phone number box, type
CathleenB@yourtenantdomainname.
28. Click Next
Click Next.
29. In the Password box, type Pa$$w0rd
In the Password box, type Pa$$w0rd
30. Click Sign in
Click Sign in.
31. In the Account Updated dialog box, click OK
In the Account Updated dialog box, click OK.
32. In the dialog box, click Accept
In the First things first dialog box, click Accept.
33. Close the Welcome window
Close the Welcome – Skype for Business window.
34. Sign in as Cathleen Byrd
In the Skype for Business client, in the Sign in address box, type
CathleenB@yourtenantdomainname
35. Click Sign In
Click Sign In.
Page 121 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
36. In the Password box, type Pa$$w0rd
In the Password box, type Pa$$w0rd
37. Click Sign In
Click Sign In.
38. Save your sign-in info
In the Do you want us to save your Skype for Business sign-in info dialog box, click Yes.
39. Click Yes to make Skype for Business better
In the Help Make Skype for Business Better dialog box, click Yes.
40. Open Microsoft Edge
Open Microsoft Edge.
41. Browse to http://mail.Office365.com
Browse to http://mail.Office365.com.
42. Sign in as Cathleen Byrd
On the Office 365 page, sign in as CathleenB@yourtenantdomainname with a password of
Pa$$w0rd
43. Click the My Live Broadcast email.
In the Inbox, click the My Live Broadcast email.
44. Click the Join the meeting link
In the message body, click the link to join the meeting.
45. Click Sign in as event team member
Page 122 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
On the Skype Meeting Broadcast page, click Sign in as event team member.
If the meeting does not launch, refresh the web page.
46. In the Join Meeting Audio dialog box, click OK
In the Join Meeting Audio dialog box, click OK.
If prompted, in the Windows Firewall has blocked some features of this app window, click All
access.
47. In the dialog box, click Yes
In Microsoft Edge, in the Did you mean to switch apps dialog box, click Yes.
48. Wait for the My Live Broadcast window to open
Wait for the My Live Broadcast window to open.
If prompted, in the Windows Firewall has blocked some features of this app window, click All
access.
49. Switch to CLIENT1, and in the broadcast window
Switch to CLIENT1, and in the broadcast window.
50. Click the Present icon
Click the Present icon.
51. Click Present PowerPoint Files
Click Present PowerPoint Files.
52. Open the presentation in the LabFiles folder
In the Present PowerPoint® window, browse to C:\LabFiles, click Tailspin Toys Outline, and
then click Open.
53. Wait for the presentation to finish uploading
Wait for the presentation to finish uploading.
Page 123 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
54. Switch to CLIENT2
Switch to CLIENT2.
55. Verify that you can see the meeting content
In the My Live Broadcast window, verify that you can see the meeting content.
56. Switch to CLIENT1
Switch to CLIENT1.
57. In the broadcast window, click Content Only
In the broadcast window, under Broadcast Layouts, click Content Only.
The Video Only and Video and Content layouts are not available because no video is currently
available.
58. Click Start Broadcast
When the broadcast is ready, under Broadcast, click Start Broadcast.
59. In the dialog box, click Start Broadcast
In the Start Broadcast dialog box, read the information and then click Start Broadcast.
60. Wait for the broadcast to start
Wait for the broadcast to start.
61. Switch to CLIENT2
Switch to CLIENT2.
62. Sign out of Cathleen Byrd
Click Start, click Cathleen Byrd, and then click Sign out.
Page 124 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
63. Sign in as Elijah Danforth
Sign in as Elijah Danforth with a password of Pa$$w0rd
64. Open Microsoft Edge
Open Microsoft Edge.
65. Browse to http://mail.Office365.com
Browse to http://mail.Office365.com.
66. Sign in as Elijah Danforth
On the Office 365 page, sign in as ElijahD@yourtenantdomainname with a password of
Pa$$w0rd
67. Click the My Live Broadcast email
In the Inbox, click the My Live Broadcast email.
68. Click the Join the meeting
In the message body, click the Join the meeting link.
69. Click Join the event
On the Skype Meeting Broadcast page, click Join the event.
You are now attending the live broadcast as an attendee.
70. Wait for the presentation to begin
Wait for the presentation to begin.
71. Advance to the next slide in the presentation
Switch to CLIENT1 and advance to the next slide using the presentation controls.
Page 125 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
72. Verify the slides have advanced
Switch to CLIENT2 and verify that slides have advanced.
You may experience delays in the presentation.
73. (Optional) Add video to the broadcast meeting
The remaining tasks are optional and can only be performed if you have access to a personal
device that can be used to connect to the broadcast meeting.
The remaining tasks are optional and can only be performed if you have access to a personal
device that can be used to connect to the broadcast meeting.
74. Sign in to Outlook on the web as a lab user
On your personal device, sign in to Outlook on the web using one of the lab user accounts.
75. Click the My Live Broadcast email
In the Inbox, click the My Live Broadcast email.
76. Click the Join the meeting
In the message body, click the Join the meeting link
77. Join the meeting as an event team member
Join the Skype Broadcast meeting as an event team member.
78. Click the Video Call icon
In the presentation window, click the Video Call icon.
79. Click Start My Video
Click Start My Video.
80. Click Take Over as Presenter
Page 126 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Click Take Over as Presenter.
81. Make your video active for broadcasting
In the Participants list, right-click your video and the click Make Active Video for broadcasting.
The option to activate your video may not be available immediately.
82. Click Video and Content
Under Broadcast Layouts, click Video and Content.
The Video and Content option may not be able to be selected immediately. Wait and retry the
selection.
When multiple cameras are connected to a Video and Content broadcast, the presenter can
activate and deactivate cameras during the broadcast.
83. Navigate the different options
Navigate the different options available in the presenter window.
84. Click Stop Broadcast
When complete, click Stop Broadcast, and then click Stop Broadcast.
Page 127 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Lab 4: Configure and use Microsoft Office 365
security and compliance features
Objective
During this lab, review the compliance center and mobile device management. Create
and test a data loss prevention policy and configure and test message encryption.
Additionally, configure and test Advanced Threat Protection, review the customer
lockbox and auditing in Microsoft Office 365.
Scenario
Virtual Machines
1. 41-652-CLIENT01
Exercise 1: Loading Lab Content into Your Office
365 Tenant
In this exercise, you will run a script that will create user mailboxes, a SharePoint site, and load content into
your tenant that will be used for this lab.
Virtual Machines: The following virtual machine will be used during this exercise: CLIENT01
1. Sign in to CLIENT01 as Admin
On CLIENT01, sign in as Admin with a password of Pa$$w0rd
If you see a Networks notification, click Yes to allow network discovery.
If you see a message that updates are available, press Esc to clear the message and then close the
UPDATE & SECURITY window.
2. Open Windows PowerShell® as Administrator
Page 128 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
On the taskbar, right-click Windows PowerShell and then click Run as Administrator
3. Run the slmgr command
At the Windows PowerShell command prompt, type the following and then press Enter:
Slmgr -rearm
To save time, you can use the Type Text [A|] icon whenever it is available to automatically type Windows
PowerShell commands instead of typing. The Type Text feature is located to the left of the Done button
in the task view screen. To use it, make sure the Windows PowerShell window is in the foreground, then
click the icon. Review the text, and then press Enter to run the command.
Slmgr -rearm
4. Click OK and then close Windows PowerShell
In the Windows Script Host dialog box, click OK.
There is no need to restart at this time.
Close Windows PowerShell.
5. Browse to C:\Scripts\SecComplianceLab
Open File Explorer and then browse to C:\Scripts\SecComplianceLab.
6. Run O365SecComplianceLab.exe as Administrator
Right-click O365SecComplianceLab.exe and then click Run as administrator.
7. Type your tenant administrator credentials
In the Tenant Administrator Credentials window, sign in using your tenant administrator user credentials
and then click OK.
The script will configure and load content into your Office 365 tenant.
8. In the Script Complete window, click OK
Wait for the script to complete and then, in the Script Complete window, click OK.
This script may take 8-10 minutes to complete.
Page 129 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
The script may appear to stop running when verifying the SharePoint Online site creation. If the script
takes longer than ten minutes, leave the script window open and continue with the lab. It may happen
that some configurations are taking longer than expected.
Page 130 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Exercise 2: Reviewing the Office 365 Compliance
Center
In this exercise, you will connect to and review the available options in the Office 365 Compliance Center.
Virtual Machines: The following virtual machine will be used during this exercise: CLIENT01
1. Open Internet Explorer
In CLIENT01, open Internet Explorer®.
2. Browse to http://portal.office.com
Browse to http://portal.office.com
3. Sign in to the Office 365 portal
On the Sign in page, sign in using your tenant administrator user name and password.
4. Click the Security & Compliance tile
On the Home page, click the Security & Compliance tile.
5. Open Device management
In the navigation menu, click Threat Management, and then click Device management.
If you are prompted to update your admin contact info, click cancel. It is not necessary to update the
information at this time. You will likely be prompted again during this lab and future labs. You may
choose to update the information at that time or click cancel.
You may also want to change the Zoom percentage in Internet Explorer from 100% to 75% if the page
does not display properly.
6. Click Let’s get started
Review the Setup Mobile Device Management for Office 365 page and then click Let’s get started.
7. Click Start setup
Page 131 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Review the information on the Setup Mobile Device Management for Office 365 page, scroll down, and
then click Start setup.
8. Review the MDM message
Review the message regarding mobile device management setup. This feature will not be available
immediately.
Close the tab.
9. Switch to the Security & Compliance center tab
If necessary, switch to the Security & Compliance center tab.
10. Click Permissions
In the feature pane, click Permissions.
Review the available permissions that can be assigned.
Assign permissions to people in your organization so they can perform tasks in the Security &
Compliance Center. Although you can use this page to assign permissions for most features in the
Security & Compliance Center, you’ll need to use the Exchange admin center and SharePoint to set
permissions for others.
11. In the feature pane, click Threat Management
In the feature pane, click Threat Management.
12. Click Device management
Under Threat Management, click Device management.
Review the information for Device management.
Close the Intune tab.
Device management may still be running the activation process. If so check back later.
13. Click Data loss prevention
Under Security policies, click Data loss prevention.
Review the information for Data loss prevention
Page 132 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Use data loss prevention (DLP) policies to help protect and manage your organization’s information
across various locations. For example, you can set up policies to block access to content, automatically
encrypt documents, or notify users if content is saved to the wrong location.
14. In the navigation menu, click Data Governance
In the navigation menu, click Data Governance.
15. Click Import
Under Data Governance, click Import.
Review the data import feature.
Use the Import service to transfer data from your organization’s servers to Office 365. You can ship hard
drives to Microsoft or upload the data directly over the network.
16. Click Archive
Under Data Governance, click Archive.
Review the information for Archiving mailboxes.
Archive mailboxes provide additional email storage for the people in your organization. Using Outlook®
or Outlook Web App, people can view messages in their archive mailbox and move or copy messages
between their primary and archive mailboxes. After an archive mailbox is enabled, messages older than
two years are automatically moved to the archive mailbox by the default retention policy that’s assigned
to every mailbox in your organization.
17. Click Retention
Under Data Governance, click Retention.
Review the information for retention and deletion of the organizations email and documents.
Retention allows you to manage the lifecycle of content in Office 365 such as email and documents by
keeping the content you need and then removing the content after it’s no longer required.
18. Click Search and investigation
In the navigation menu, click Search & investigation.
Page 133 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Search your organization for content in email, documents, and other sources that contains specific
keywords or meets other search criteria. You can then preview and export the search results.
19. Click Content search
Under Search & investigation, click Content search.
Review the options for searching the organizations email, documents, and Skype for Business
conversations.
20. Click Audit log search
Under Search & investigation, click Audit log search.
Review the options for creating a search of the organization’s audit logs.
21. Click eDiscovery
Under Search & investigation, click eDiscovery.
Review the information for eDiscovery.
Use eDiscovery cases to identify, manage, and hold content in Exchange, SharePoint, and OneDrive for
Business. Use this page to create cases, manage existing cases, and close cases that you no longer need.
To access the eDiscovery Center or an eDiscovery case, you have to be a site collection administrator or a
member of the Owners group.
22. In the navigation menu, click Reports
In the navigation menu, click Reports.
23. Click View reports
Under Reports, click View reports.
Use the View reports feature to review auditing, device management, and data loss prevention reports.
Use auditing reports to view activity in SharePoint Online and OneDrive for Business sites, user sign-in
activity in Office 365, and mail-related activity in Exchange Online. Audited activity in each of these
services is recorded and available to view in an online report or export to a file.
Use DLP reports to view information about the SharePoint Online and OneDrive for Business items in
your organization that match your DLP policies and rules.
Page 134 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
24. Click Service assurance
In the navigation menu, click Service assurance.
25. Under Service assurance, click Dashboard
Under Service assurance, click Dashboard.
You will be automatically redirected to the Region and industry settings page if you have not already
configured these settings.
26. Set your region and industry settings
If you have already configured these settings, you will not be directed to this page.
Using the available options on this page, set your region and industry information and then click Save.
27. Click Dashboard
Under Service assurance, click Dashboard.
Review the information on the Service assurance page.
28. Click Compliance reports
Under Service assurance, click Compliance reports.
Review the information on the Service Compliance Reports page.
29. Click Trust documents
Under Service assurance, click Trust documents.
Review the Trust documents provided by Microsoft page.
Exercise 3: Using Mobile Device Management
In this exercise, you will use the Mobile Device Management feature in Office 365 to configure a device
security policy for your mobile users.
Virtual Machines: The following virtual machines will be used during this exercise: CLIENT01
1. In the navigation menu, click Threat Management
Page 135 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
In the navigation menu, click Threat Management.
2. Click Device management
Click Device management. On the Intune tab, verify that mobile device management has completed
provisioning. You may have to wait for provisioning to complete.
3. In IE, click the Microsoft Office Home tab
In Internet Explorer, click the Microsoft Office Home tab.
4. Click the Admin tile
On the Home page, click the Admin tile.
If you are prompted to update your admin contact info, click cancel. It is not necessary to update the
information at this time. You will likely be prompted again during this lab and future labs. You may
choose to update the information at that time or click cancel.
5. In the navigation menu, open Groups
In the navigation menu, click Groups and then click Groups.
6. Click Add a group
On the menu, click Add a group.
7. Create a group named Mobile Users
In the New Group window, click the Type menu and then click Security group.
In the Name box, type Mobile Users and then click Add.
8. On the Group was added page, click Close
On the Group was added page, click Close.
9. In the Groups list, click Mobile Users
In the Groups list, click Mobile Users.
Page 136 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
10. Edit the group's membership
In the Mobile Users window, next to Members, click Edit.
11. In the Mobile Users window, click Add members
In the Mobile Users window, click Add members.
12. Search for Garret Vargas
On the Add members page, in the Search box, type Garret.
13. Select Garret Vargas, click Save and then Close
In the results list, select Garret Vargas, click Save and then click Close.
14. Review the addition and then click Close
Verify that Garret Vargas is now shown in the Group members list and then click Close..
15. Close the Mobile Users security group window
In the Mobile Users window, click Close.
16. Switch to the Intune tab
In Internet Explorer, click the Intune tab.
17. Click Manage device security policies
On the Mobile Device Management for Office 365 page, click the Manage device security policies and
access rules.
18. Click Device security policies
In the navigation menu, under Threat Management, click Device security policies.
Notice that you were redirected to the Security & Compliance center and that there is a new Device
security policies feature.
Page 137 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
19. Click New +
On the Device security policies page, click New +.
20. Name the policy and click Next
In the New device security policy window, in the Name box, type Mobile Device Access, and then click
Next.
21. Configure the policy settings
On the What requirements do you want to have on devices page, review the default selections.
In addition to the default settings, set the following settings that are shown in the knowledge feature. To
view the knowledge feature click the [Bulb in Head] icon.
Number of sign-in failures before device is wiped = 6
Lock devices if they are inactive for this many minutes = 10
Require managing email profile
Block access and report violation
22. Click Next
Click Next.
23. Click Next
On the What else do you want to configure page, review the available options and then click Next.
24. Click Yes
On the Do you want to apply this policy now page, click Yes.
25. Under Yes, Click Add +
Under Yes, click Add +.
Page 138 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
26. Search for the Mobile Users group
In the Select Group window, in the Search box, type Mobile and then click Search.
27. Add the Mobile Users group
In the results list, click Mobile Users, click add, and then click OK.
28. Click Next
On the New device security policy page, click Next.
29. Review the policy and then click Finish
Review the policy settings and then click Finish.
On the Device security page, verify that your new policy is listed.
30. Click Manage organization-wide device…
On the Device security policies page, click Manage organization-wide device access settings.
31. Review the settings and then click Cancel
Exercise 4: Using Data Loss Prevention
In this exercise, you will create and test a data loss prevention (DLP) policy that will help your organization
protect itself from the accidental loss of financial data.
Virtual Machines: The following virtual machine will be used during this exercise: CLIENT01
1. Under Threat Management click Data loss prevention
On CLIENT01, in the Security & Compliance center, in the navigation menu under Threat Management,
click Data loss prevention.
2. Click New DLP policy from template +
On the toolbar, click New DLP policy from template +.
Page 139 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
The existing policy was created by the script in exercise 1.
3. Click Financial Regulations
On the New DLP policy page, under What information do you want to protect, click Financial
Regulations.
4. Click U.S. Financial Data
In the template list, scroll down, and then click U.S. Financial Data.
5. Review the information and then click Next
Review the template information and then click Next.
6. Review the default settings and then click Next
On the Which services do you want to protect page, review the default settings and then click Next.
7. Review the existing settings and then click Next
On the Customize rules page, review the existing settings and then click Next.
8. Name the new DLP policy
In the Name box, type Protect U.S. Financial Data.
Protect U.S. Financial Data
9. Verify default selection and then click Create
Under What do you want to do after this policy is created, verify that Test it out is selected, review
this action description, and then click Create.
10. Click go to the Exchange admin center
On CLIENT01, in the Security & Compliance center, on the Data loss prevention page, click go to the
Exchange admin center.
Page 140 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
11. Select your time zone and click Save
In the new window, if necessary, select your time zone and then click Save.
12. Create a New DLP policy from template
In the data loss prevention window, on the toolbar, click the New menu and then click New DLP policy
from template.
13. Name the new DLP policy
On the DLP policy from template page, in the Name box, type Protect U.S. Financial Data.
Protect U.S. Financial Data
14. Choose the U.S. Financial Data template
In the Choose a template list, scroll down, and then click U.S. Financial Data.
15. Click More options
Scroll down and click More options.
16. Verify Enabled is selected then click Save
Under Choose the state of this DLP policy, verify Enabled is selected and then click Save.
17. Enable policy tips
Verify that the Protect U.S. Financial Data policy is selected. In the details pane, scroll down and ,under
Policy Mode, click Test with Policy Tips
18. In the Warning dialog box, click Yes
In the Warning dialog box, review the information and then click Yes.
19. Close the data loss prevention window
Wait for the policy to be saved and then close the data loss prevention window.
Page 141 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
20. In the app launcher, click Mail
In the Security & Compliance center, in the top navigation, click the app launcher, and then click Mail.
If the top navigation menu is not visible, in Internet Explorer, click the Back arrow, click the app launcher,
and then click Mail.
21. Click New
In the Inbox, click New.
22. In the To box, type BobK@TailspinToys.com
In the To box, type BobK@TailspinToys.com
BobK@TailspinToys.com
23. In the Subject box, type Testing DLP Policy
In the Subject box, type Testing DLP Policy
Testing DLP Policy
24. Type a specific message in email body
In the message body, type the following:
Visa: 4111-1111-1111-1111
Expires: 12/2019
Visa: 4111-1111-1111-1111
Expires: 12/2019
25. Review the Policy Tip
Wait for the Policy tip to appear above the email. This may take 1-2 minutes.
Review the Policy tip.
26. Click Learn more
Page 142 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
In the Policy tip, click Learn more.
27. Review the information and options
Review the information and option to report the content as a false positive.
28. Click Discard
On the toolbar, click Discard. If necessary, click the ellipsis and then click Discard.
29. Click Discard
In the Discard message dialog box, click Discard.
30. Close the Mail Tab
In Internet Explorer, close the Mail tab.
31. Switch to the Security and Compliance tab
In Internet Explorer, switch to the Security & Compliance tab.
32. Click Data Governance
In the navigation menu, click Data Governance.
33. Under Data Governance, click Retention
Under Data Governance, click Retention.
34. Click Manage document deletion policies…
On the Retention page, under Delete, click Manage document deletion policies for SharePoint Online
and OneDrive for Business.
35. Review the Compliance Policy Center
In the Compliance Policy Center, review the available areas for policies and policy assignments. In
Internet Explorer, close the Compliance Policy Center tab.
Page 143 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
36. Switch to the Security & Compliance center tab
Switch to the Security & Compliance center tab and the Retention page.
37. Under Preserve, click New +
On the Retention page, under Preserve, click New +.
38. Name the policy then click Next
In the New preservation policy window, in the Name box, type Tailspin Documents and then click Next.
39. Select the search locations check boxes
On the Where do you want us to look page, select the Mailboxes and SharePoint Online and OneDrive
for Business check boxes.
40. Click Next
Click Next
41. Click Add +
On the Which mailboxes do you want to include page, click Add +.
42. Add Garret Vargas’ mailbox
In the Select Mailbox window, click Garret Vargas, click add, and then click OK.
43. Click Next
On the Which mailboxes do you want to include page, click Next.
44. Click Add+
On the Which SharePoint Online or OneDrive for Business sites do you want to include page, click Add +.
45. Type the Marketing SharePoint site’s URL
Page 144 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
In the Choose sites window, in the Enter the site’s URL box, type
https://yourtenantname.sharepoint.com/sites/Marketing and then click add.
For example, https://contoso.sharepoint.com/sites/Marketing
46. Type Garret Vargas’ OneDrive for Business URL
In the Enter the site’s URL box, type https://yourtenantname-
my.sharepoint.com/personal/garretv_yourtenantname_onmicrosoft_com and then click Add.
For example, https://contoso-my.sharepoint.com/personal/garretv_contoso_onmicrosoft_com
47. Click OK and then click Next
Click OK and then click Next.
48. Type keyword to search for
In the What do you want to look for box, type Tailspin
49. Click Next
Review the option to choose start and end dates, and then click Next.
50. Preserve content for 6 months
On the How long do you want to preserve the content page, click the Time frame to preserve the
content menu, click 6 months, and then click Next.
51. Click Next
On the Do you want to turn on Preservation lock page, review the information, and then click Next.
52. Click Next
On the Do you want to turn on this policy after it is created page, review the default setting, and then
click Next.
53. Review the policy settings and then click Create
Review the settings for the new policy and then click Create.
Page 145 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
54. Review the policy status
In the Preservations policy list, review the status of the newly created policy. It may take several minutes
or longer before the policy status is listed as ‘On’. You do not have to wait for the status to update to On;
you may continue with the lab.
55. Browse to the Office 365 admin center
In the top navigation, click the apps launcher icon and then click Admin.
Exercise 5: Using Office 365 Message Encryption
In this exercise, you will configure the necessary settings in your Office 365 tenant in order to use Office 365
message encryption. You will then test the configuration and verify automatic encryption for specific
content is working.
Virtual Machines: The following virtual machine will be used during this exercise: CLIENT01
1. In the navigation menu, click Services and add-ins
On CLIENT01, in the Office 365 admin center, in the navigation pane, click Settings and then click Services
& add-ins.
2. Click Microsoft Azure Information Protection.
On the Services & add-ins page, scroll down and then click Microsoft Azure Information Protection.
3. On the Protect your information page, click Manage
On the Protect your information page, click Manage Microsoft Azure Information Protection settings.
4. On the rights management page, click activate
On the rights management page, click activate.
5. Click activate
In the Do you want to activate Rights Management dialog box, review the information and then click
activate.
Page 146 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
6. Verify that Rights Management is activated
Wait for the page to refresh and then verify that Rights Management is shown as activated.
7. Open Windows PowerShell®
On CLIENT01, open Windows PowerShell.
To save time, you can use the Type Text [A|] icon whenever it is available to automatically type Windows
PowerShell commands instead of typing. The Type Text feature is located to the left of the Done button
in the task view screen. To use it, make sure the Windows PowerShell window is in the foreground, then
click the icon. Review the text, and then press Enter to run the command
8. Configure Microsoft.Exchange connection
At the Windows PowerShell command prompt, type the following and then press Enter:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionURI
https://outlook.office365.com/powershell-liveid -Credential (Get-Credential) -Authentication Basic -
AllowRedirection
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionURI
https://outlook.office365.com/powershell-liveid -Credential (Get-Credential) -Authentication
Basic -AllowRedirection
9. Type your tenant administrator credentials
In the Windows PowerShell credential request window, type your tenant administrator user name and
password and then click OK.
10. Import the PSSession
At the Windows PowerShell command prompt, type the following and then press Enter:
Import-PSSession $Session
Import-PSSession $Session
11. Review the rights management configuration
Page 147 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
At the Windows PowerShell command prompt, type the following and then press Enter:
Get-IRMConfiguration
Review the output.
Get-IRMConfiguration
12. Set the key sharing location
At the Windows PowerShell command prompt, type the following and then press Enter:
Set-IRMConfiguration -RMSOnlineKeySharingLocation "https://sp-
rms.na.aadrm.com/TenantManagement/ServicePartner.svc"
This is the key sharing location specific to North America.
Set-IRMConfiguration -RMSOnlineKeySharingLocation "https://sp-
rms.na.aadrm.com/TenantManagement/ServicePartner.svc"
13. Import the RMS trusted publishing domain
At the Windows PowerShell command prompt, type the following and then press Enter:
Import-RMSTrustedPublishingDomain -RMSOnline -Name “RMS Online”
Import-RMSTrustedPublishingDomain -RMSOnline -Name “RMS Online”
14. Enable internal licensing
At the Windows PowerShell command prompt, type the following and then press Enter:
Set-IRMConfiguration -InternalLicensingEnabled $true
Set-IRMConfiguration -InternalLicensingEnabled $true
15. Review the rights management configuration
At the Windows PowerShell command prompt, type the following and then press Enter:
Get-IRMConfiguration
Review the output of the command.
Get-IRMConfiguration
16. Test the rights management configuration
Page 148 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
At the Windows PowerShell command prompt, type the following and then press Enter:
Test-IRMConfiguration -Sender yourtenantadministratorname
For example: Test-IRMConfiguration -Sender Administrator@contoso.onmicrosoft.com
17. Verify that the overall result reads PASS
In the output of the command, verify that the overall result reads PASS.
Leave Windows PowerShell open. It will be used later in this lab.
18. Switch to Internet Explorer
Switch to Internet Explorer.
19. Close the Rights Management tab
Close the Rights Management tab.
20. Switch to the Office Admin center
Switch to the Office Admin center tab.
21. On the Services and add-ins page, click Mail
On the Services and add-ins page, click Mail.
22. Under mail flow, click Custom mail rules
In the results pane, under mail flow, click Custom mail rules.
23. Create a new rule
In the Exchange admin center, on the rules page, click the New menu and then click Create a new rule.
24. Name the new custom mail rule
In the new rule window, in the Name box, type Encrypt Messages
25. Click More options
Page 149 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Click More options.
26. Set the rule parameters
Click the Apply this rule if menu, point to The subject or body, and then click subject includes any of
these words.
27. Specify words or phrases
In the specify words or phrases window, type Encrypt, click Add +, and then click OK.
28. Apply Office 365 Message Encryption
Under Do the following, click the Select one menu, point to Modify the message security, and then
click Apply Office 365 Message Encryption.
29. Click Save
Scroll down and review the remaining options and then click Save.
30. Open a new InPrivate browser session in IE
On CLIENT01, in Internet Explorer, press Ctrl+Shift+P to open a new InPrivate browser window.
31. Browse to http://outlook.office.com
In the InPrivate browser window, browse to http://outlook.office.com
32. Sign in to Outlook as Garret Vargas
Sign in as GarretV@yourtenantdomainname with a password of Pa$$w0rd
For example: GarretV@contoso.onmicrosoft.com
33. In the Inbox, click New
In the Inbox, click New.
34. In the To box, type your tenant administrator name
Page 150 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
In the To box, type your tenant administrator name.
35. Type a specific subject for the email
In the Add a subject box, type Encrypt: Testing protection.
Encrypt: Testing protection
36. Type a message for the email and click Send
In the message body, type Testing the protection policy. and then click Send.
Testing the protection policy
37. Switch to the Exchange admin center
Switch to the Exchange admin center.
38. In the app launcher, click Mail
Click the app launcher and then click Mail.
39. Download the message.html attachment
In the Inbox, click the message from Garret Vargas. Click the message.html attachment and then click
Download.
40. In the Internet Explorer banner, click Save
In the Internet Explorer banner, click Save.
If the message is not encrypted, you may have to wait until the policy becomes effective. This may take
several minutes.
41. Click Open
In the The message.html download has completed banner, click Open.
42. Click Sign in
Page 151 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
In the new browser tab, review the information and then click Sign in.
For the purpose of this lab, Internet Explorer has been set as the default browser.
43. Review the message then close the tab
Review the message and close the Encrypted Message tab.
44. Switch to Outlook signed on as Garret Vargas
Switch to Outlook on the web signed on as Garret Vargas.
45. Close the InPrivate window
Close the InPrivate Internet Explorer window.
Page 152 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Exercise 6: Using Advanced Threat Protection
In this exercise, you will configure the safe attachments and safe links rules in the advanced threat
protection feature of Exchange Online.
Virtual Machines: The following virtual machine will be used during this exercise: CLIENT01
1. On CLIENT01 switch to Outlook
On CLIENT01, switch to Internet Explorer and Outlook on the web signed in as your tenant administrator.
2. Switch to the Office Admin center tab.
Close the Mail tab and then switch to the Office Admin center tab.
3. Click Exchange
In the navigation menu, under Admin centers, click Exchange.
4. Under advanced threats, click safe attachments
On the dashboard, under advanced threats, click safe attachments.
5. Click New+
On the safe attachments tab, on the toolbar, click New +.
6. Name the new safe attachments policy
In the new safe attachments policy window, in the Name box, type Replace Suspect Attachments.
7. Click Replace
Under Safe attachments unknown malware response, review the information and then click Replace.
8. Select Enable redirect
Under Redirect attachment on detection, review the information and then select the Enable redirect
check box.
Page 153 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
9. Send the attachment to your tenant administrator
In the Send the attachment to the following email address box, type your tenant administrator email
address.
10. Click The recipient domain is
Under Applied To, review the information, click the Select one menu, and then click The recipient
domain is.
11. Click your tenant domain name
In the domain selection window, click your tenant domain name, click add and then click OK.
12. Click Save
Click Save.
13. Click the safe links tab
In the Exchange admin center, click the safe links tab.
14. Click New +
On the toolbar, click New +.
15. Name the new policy "Test safe links"
On the new safe links policy page, in the Name box, type Test safe links.
16. Click On
Under Select the action for unknown potentially malicious URLs in messages, click On.
17. Select the Do not allow users to click
Select the Do not allow users to click through to original URL.
18. Click The recipient domain is
Page 154 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Scroll down and, under Applied To, click the Select one menu, and then click The recipient domain is.
19. Click your tenant domain name
In the domain window, click your tenant domain name, click add, and then click OK.
20. Click Save
On the new safe links policy page, click Save.
21. Sign in to an accessible email account
Tasks 21 to 33 test the safe links policy. These tasks are optional.
Sign in to an email account that you have access to. You can use the virtual environment to sign into a
web accessible email account or use your mobile device.
22. Create a new email to Aubrey Smith
Create a new email to AubreyS@yourtenantdomainname
23. Type a subject for the email
In the Subject box, type Testing spam link.
24. Type a specific message for the email
In the message body, type Here’s a link to test http://www.spamlink.contoso.com
Depending on your email client, you may have to perform additional steps to configure the address as a
hyperlink.
25. Click Send
Send the message.
26. If necessary, switch to CLIENT01
If necessary, switch to CLIENT01.
27. Open a new InPrivate browser window
Page 155 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
On CLIENT01, in Internet Explorer, press Ctrl+Shift+P to open a new InPrivate browser window.
28. Browse to http://outlook.office.com
In the InPrivate browser window, browse to http://outlook.office.com
29. Sign in as Aubrey Smith
Sign in as AubreyS@yourtenantdomainname with a password of Pa$$w0rd
For example: AubreyS@contoso.onmicrosoft.com
30. Click the email you sent to Aubrey Smith
In the Inbox, click the email you sent to Aubrey Smith.
31. Pause the mouse pointer over the link
In the reading pane, move the mouse pointer and pause over the www.spamlink.contoso.com link.
In the lower left corner of Internet Explorer, notice the URL that the link in the email will be directed to.
32. Click the www.spamlink.contoso.com link
In the reading pane, click www.spamlink.contoso.com
33. Review the message from Office 365
In the Internet Explorer tab, review the message from Office 365.
34. Close the InPrivate window and all tabs
Close the InPrivate Internet Explorer window and all tabs.
35. On the toolbar, click the Reports menu
In the Exchange admin center, on the safe links tab, on the toolbar, click the Reports ICON menu.
The Advanced Threat Protection (ATP) reports reviewed in this task will not likely contain any content due
to the short period of activity during the lab
Page 156 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
36. Click ATP by Disposition
Click Advanced Threat Protection by Disposition.
Wait for the report to be created. If the report is not created, close the window and click the report again.
37. Review the available report
Review the available report and notice the Disposition by ATP selections that are available.
38. Click View table
In the report, click View table.
39. Review the information
Review the information that can be made available
40. Click close
Click close.
41. Click the View pending or completed requests
Click the View pending or completed requests.
42. Review the information
Review the information that can be provided.
43. Click Close
Click Close
44. Close the ATP detection message window
Close the Advanced threat protection detection message dispositions window.
45. On the toolbar, click the Reports menu
Page 157 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
On the safe links tab, on the toolbar, click the Reports menu
46. Click ATP File Types
Click Advanced Threat Protection File Types.
47. Review the available report
Review the available report and notice the Attachment types selections that are available.
48. Review the additional areas
Review the additional areas of the report.
49. Close the ATP window
Close the Advanced threat protection detection file types window.
Page 158 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
Exercise 7: Auditing in Office 365
In this exercise, you will enable different auditing features in Office 365 and then review the available
reports that can be helpful to the Office 365 organization’s administrators.
Virtual Machines: The following virtual machine will be used during this exercise: CLIENT01
1. Switch to the Office admin center tab
In Internet Explorer, switch to the Office admin center tab.
2. If necessary, close the Mail window
If necessary, close the Mail window.
3. Under Admin centers, click Compliance
In the navigation menu, under Admin centers, click Security & Compliance.
4. In the navigation menu, click Reports
In the Security & Compliance Center, in the navigation menu, click Reports.
5. Under Reports, click View reports
Under Reports, click View reports.
6. Click Office 365 audit log report
Under Auditing, click Office 365 audit log report.
7. Click Start recording user and admin activities
On the Audit log search page, under Audit log search, click Start recording user and admin activities.
8. Click Turn on
Page 159 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
In the Start recording user and admin activities dialog box, read the information and then click Turn
on.
Wait for the organization settings to be updated.
Activity search content is not available immediately. The remaining steps are used to familiarize you with
the search options.
9. Click the Show results for all activities menu
In the Audit log search window, under Activities, click the Show results for all activities menu.
10. Review the available auditing activities
In the Activities list, scroll down and review the available activities that can be selected for auditing.
Multiple items can be selected.
11. Close the Activities list
Click an open area on the page to close the Activities list.
12. Review the remainder of the log search filters
Review the remainder of the log search filters.
Logs for the activities in this lab will not have been reported in the audit log. If log collection had been
enabled, you would be able to create reports for the activities performed against your Office 365
organization.
13. Switch to Windows PowerShell
On CLIENT01, switch to Windows PowerShell.
This should still be connected to Exchange Online using remote PowerShell.
To save time, you can use the Type Text [A|] icon whenever it is available to automatically type Windows
PowerShell commands instead of typing. The Type Text feature is located to the left of the Done button
in the task view screen. To use it, make sure the Windows PowerShell window is in the foreground, then
click the icon. Review the text, and then press Enter to run the command.
Page 160 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
14. Review Garret Vargas’ mailbox
At the Windows PowerShell command prompt, type the following and then press Enter:
Get-Mailbox GarretV | FL Audit*
Review the output of the command.
Get-Mailbox GarretV | FL Audit*
15. Enable auditing
At the Windows PowerShell command prompt, type the following and then press Enter:
Set-Mailbox -Identity GarretV -AuditOwner MailboxLogin,HardDelete -AuditLogAgeLimit 120 -
AuditEnabled $True
Set-Mailbox -Identity GarretV -AuditOwner MailboxLogin,HardDelete -AuditLogAgeLimit 120 -
AuditEnabled $True
16. Review Garret Vargas’ mailbox
At the Windows PowerShell command prompt, type the following and then press Enter:
Get-Mailbox GarretV | FL Audit*
Review the updated audit settings for the mailbox.
Get-Mailbox GarretV | FL Audit*
17. Remove the PowerShell Session
At the Windows PowerShell command prompt, type the following and then press Enter:
Get-PSSession | Remove-PSSession
It is not required to remove the open PowerShell session, however, it is a good practice to close sessions
when no longer in use.
Get-PSSession | Remove-PSSession
18. Close Windows PowerShell
Close Windows PowerShell.
Page 161 © Copyright 2016 Microsoft Corporation. All rights reserved.
SMB Partner Tech Series
19. Switch to the Security & Compliance center
Switch to Internet Explorer and the Security & Compliance center.
20. In the navigation menu, click View reports
In the navigation menu, under Reports, click View reports.
21. Click Exchange audit reports
Under Auditing, click Exchange audit reports.
22. Run the admin audit log report
Review the available reports and then click Run the admin audit log report.
23. Review the cmdlets
In the Search to view configuration changes window, wait for the search to complete and then review the
currently logged cmdlets.
24. Click Close
Click Close.
25. Close the Audit Reports window
Close the Audit Reports window.
top related