Exam 70-346 Managing Office 365 Identities and Requirements
Published: February 17, 2014
Languages: English, Chinese (Simplified), Chinese (Traditional), French, German, Japanese, Portuguese (Brazil), Spanish
Audiences: IT professionals
Technology: Microsoft Office 365
Credit toward certification: MCP, MCSA
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam. View video tutorials about the variety of question types on Microsoft exams.
Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.
Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.
If you have concerns about specific questions on this exam, please submit an exam challenge.
If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.
As of June 30, 2016, this exam includes content covering the latest updates and features of Office 365. To learn more about these changes and how they affect the skills measured, please download and review the exam 70-346 change document.
Provision Office 365 (15–20%)
Configure the tenant name, tenant region, initial global administrator; manage tenant subscriptions; manage the licensing model; configure tenant for new features and updates
Add and configure custom domains
Specify domain name, confirm ownership, specify domain purpose, set default domain, and move ownership of DNS to Office 365
Plan a pilot
Designate pilot users; identify workloads that don’t require migration; run the Office 365 Health, Readiness, and Connectivity Checks; run IdFix; create a test plan or use case, and connect existing email accounts for pilot users; understand service descriptions and planning to onboard users to Office 365; configure connected accounts
Plan and implement networking and security in Office 365 (15–20%)
Configure DNS records for services
Create DNS records for Exchange Online, Skype for Business Online, and SharePoint Online
Enable client connectivity to Office 365
Configure proxy to allow client access to Office 365 URLs, configure firewalls for outbound port access to Office 365, recommend bandwidth, configure Internet connectivity for clients, deploy desktop setup for previous versions of Office clients
Administer Microsoft Azure Rights Management (RM)
Activate rights management, configure Office integration with rights management, assign roles for rights management, enable recovery of protected documents
Manage administrator roles in Office 365
Implement a permission model; create or revoke assignment of administrative roles or the administrative model; determine and assign global administrator, billing administrator, user administrator, and delegated administrator; control password resets
Create DNS records for Office 365 when you manage your DNS records
Assigning admin roles in Office 365
Manage cloud identities (15–20%)
Configure password management
Set expiration policy, password complexity, password resets in Administration Center
Manage user and security groups
Import users using bulk import (CSV), soft delete, Administration Center, and multi-factor authentication
Manage cloud identities with Windows PowerShell
Configure passwords to never expire, bulk update of user properties, bulk user creation, Azure Active Directory cmdlets, bulk user license management, hard delete users
Password policy for Office 365
User account management
Manage Azure AD using Windows PowerShell
Implement and manage identities by using Azure AD Connect (15–20%)
Prepare on-premises Active Directory for Azure AD Connect
Plan for non-routable domain names, clean up existing objects, plan for filtering Active Directory, implement support for multiple forests
Set up Azure AD Connect tool
Implement soft match filtering and identify synchronized attributes, password sync, and installation requirements
Manage Active Directory users and groups with Azure AD Connect in place
Delete (soft delete), create, modify users and groups with Azure AD Connect in place, schedule and force synchronization
Prepare for directory synchronization
Synchronize your directories
Implement and manage federated identities for single sign-on (SSO) (15–20%)
Plan requirements for Active Directory Federation Services (AD FS)
Plan namespaces and certificates, plan AD FS internal topologies and dependencies, plan WAP/AD FS proxy topologies, network requirements, multi-factor authentication, and access filtering using claims rules
Install and manage AD FS servers
Create AD FS service account, configure farm or stand-alone settings, add additional servers, convert from standard to federated domain, manage certificate lifecycle
Install and manage WAP/AD FS proxy servers
Set up perimeter network name resolution, install required Windows roles and features, set up certificates, configure WAP/AD FS proxy settings, set custom proxy forms login page, switch between federated authentication and password sync
Plan your AD FS deployment
Checklist: Use AD FS to implement and manage single sign-on
Administering Office 365 Jump Start (03): DirSync, SSO, and AD FS
Monitor and troubleshoot Office 365 availability and usage (15–20%)
Analyze service reports, mail protection reports, analyze Office 365 audit log reports, analyze portal email hygiene reports
Monitor service health
Monitor health using RSS feed, use service health dashboard (including awareness of planned maintenance, service updates, and historical data), Office 365 Management Pack for System Center Operations Manager, and Windows PowerShell cmdlets
Isolate service interruption
Create a service request; determine connection issues using the Microsoft Remote Connectivity Analyzer (RCA), Microsoft Lync Connectivity Analyzer tool, and Microsoft Connectivity Analyzer tool; determine availability issues using the hybrid free/busy troubleshooter; determine client configuration issues using Office 365 Client Performance Analyzer and Microsoft Support and Recovery Assistant for Office 365
Reporting features and troubleshooting tools
An organization plans to migrate to Office 365.
You need to estimate the post-migration network traffic.
Which tool should you use?
A. Lync 2013 Bandwidth Calculator
B. Process Monitor
C. Microsoft Network Monitor
D. Microsoft OnRamp Readiness tool
Office 365 includes Lync 2013.
With this latest version of the Microsoft Lync Server 2010 and 2013 Bandwidth Calculator, you can enter information about your users and the Lync Server features that you want to deploy, and the Bandwidth Calculator will determine bandwidth requirements for the WAN that connects sites in your deployment. The accompanying Bandwidth Calculator User Guide describes the recommended process for estimating your WAN bandwidth needs for Lync client real-time traffic.
Reference: Lync Server 2010 and 2013 Bandwidth Calculator Version 2.0
A company has an Office 365 tenant that has an Enterprise E1 subscription. The company has offices in several different countries.
You need to restrict Office 365 services for existing users by location.
Which Windows PowerShell cmdlet should you run?
The Set-MsolUser cmdlet is used to update a user object.
Example: The following command sets the location (country) of this user. The country must be a two-letter ISO code. This can be set for synced users as well as managed users. Set-MsolUser -UserPrincipalName email@example.com -UsageLocation “CA”
Some organizations may want to create policies that limit access to Microsoft Office 365 services, depending on where the client resides.
Active Directory Federation Services (AD FS) 2.0 provides a way for organizations to configure these types of policies. Office 365 customers using Single Sign-On (SSO) who require these policies can now use client access policy rules to restrict access based on the location of the computer or device that is making the request. Customers using Microsoft Online Services cloud User IDs cannot implement these restrictions at this time.
Reference: Limiting Access to Office 365 Services Based on the Location of the Client https://technet.microsoft.com/en-us/library/hh526961(v=ws.10).aspx
Reference: Set-MsolUser https://msdn.microsoft.com/en-us/library/azure/dn194136.aspx
Comments are closed.