Cloud fundamentals/Using and configuring Microsoft cloud services
Configure Exchange Online
editSee this Microsoft Exchange Online link for background information on Exchange.
Manage recipients
editManage Anti-spam and Antivirus
editExchange online within Office 365 is preconfigured to filter email in the following ways:
Connection filtering: This filters based on who sent the email. You can set Exchange to allow or block particular senders based on their IP address, which is more efficient than just by name.
Changes are made from the Exchange Admin Center. From the Protection option select Collection filter and then double click 'Default Policy' to open the policy for editing. Click Connection filtering and enter your list to Block or Allow as appropriate to the situation. You can also select the Enable Safe List checkbox that will automatically filter out a list of well known nuisance senders that is maintained by Microsoft.
For more detail about connection filtering see this Microsoft Technet article and/or this Office 365 support article on connection filtering.
Content filtering: This filters based on examining the characteristics of the content of the email, looking for specific words or phrases. You can control how aggressive the search is and what the filter does with suspect email.
Changes are made from the Exchange Admin Center. From the Protection option select Content Filter and then either click on the 'Default Policy' to edit it or the '+new' if you want to create a new policy for a particular group of users. The main options of interest are on the Spam and bulk email actions page. Here you can choose what to do with mail identified as 'High confidence spam' and mail thought to be ordinary spam (what Microsoft call 'bulk mail'). The default is to move it to the junk mail folder, but you can choose to delete it or quarantine it. It is also possible to configure if recipients are informed about quarantined emails or not.
Content filtering is not an exact science, one persons informative sales email is another persons spam! Therefore there are numerous other setting available that include enabling the aggressiveness of the filtering to be controlled on a scale of 1 to 9, and the filtering out of mail in other languages. Although the MTA exam may expect you to be aware that there are many content filtering options, it is unlikely that you will be questioned on specifics such as how to filter out mail in a particular language. For further information this Office 365 support article is a good starting point (same as the one above), and more specific information is given in this Technet article.
Configure SharePoint Online, including OneDrive
editSee this Microsoft SharePoint link for background information on SharePoint. SharePoint is a system for storing and sharing all kinds of documents. OneDrive is the name given to the storage that Microsoft provides for users of Office 365, but is also available as independent cloud storage with a simple text editor.
In October 2014 Microsoft announced[1] that all Office 365 accounts would have access to unlimited storage instead of 1 TB. However the impact of this has not filtered through to all the related documentation, so it is likely that for the next year or so (Let's say until July 2016 as a guess) related MTA questions will refer to the 1TB limit.
Create and configure SharePoint team sites
editSharePoint is in effect a large hierarchical database where the database is refer to as a site collection. The site collection is made up of sections known as Team Sites, these are only accessible to those who have been granted access to them , that is the "Team". The team site can take many forms, and there are a number of templates available so that they can be customised to meet the needs of individual teams. They are described by Microsoft as follows: "A site for teams to quickly organize, author, and share information. It provides a document library and lists for managing announcements, calendar items, tasks and so on." A site is controlled by the Site Owner and managed by the Site Collection Administrator who have full control, however they can delegate the tasks associated with individual team sites down to other users. A site administrator can then decide who can access their sites via team membership and permission settings.
This YouTube video - 'Creating SharePoint team sites' explains how to create team sites in SharePoint on-line. The speaker points out that Microsoft had moved or renames some functions when compared to the previous version, so if you get to play with a real SharePoint site, it may look slightly different. This alternative video looks at the same material but give more details on themes, users, sharing and offline synchronisation.
A separate security group is created for SharePoint that contains all users in your Active Directory and this allows them to share some of the content. This group is given 'Member' status which means they can contribute to the SharePoint content (i.e. read, write, modify). Other core default groups are "Owners" and "Visitors", an owner has full control over their sub-site and a visitor will have read only permissions to whatever they have been invited to view. The permissions that apply to sub-sites are inherited, so thought needs to be given to how this will be achieved in Active Directory, this can be a complex area. Further information is given in the SharePoint planning page. The powerful sharing features of SharePoint on-line means that team administrators can delegate down much of the additional configuration.
Configure external sharing
editYou can share you SharePoint site with external users, these are people who you permit to see some or all of your site but do not require a SharePoint on-line licence to do so. External sharing can be configured in many ways; it can be applied to the whole SharePoint tenant (i.e. the whole site), an individual site or user, or anonymous guest users. Sharing is either on or off. External users start with the permissions granted to them by the person who invited them. In addition there are some restrictions over what they can and can not do. See this SharePoint webpage for more details. When setting up your SharePoint site, you should consider who you are going to let share access, as the default is for all users to be able to share. Sharing is turned on and off in the Setttings part of SharePoint admin center, where you are given a range of sharing options. The sharing options for site collections can also be set from the admin page site collections tab. Further details are available from the previous link.
Set up social features
editSharePoint on-line provides a rich mix of social features. For an overview of why an organisation may want to use the social features watch this YouTube video. Social features should be used with care in order that they present a positive view of the organisation, not just the view of a disgruntled employee!
The feature on offer include:
- Ask me about - Part of a users profile that details their areas of expertise
- Blogs - Lets individuals or groups write blogs
- Communities - Discussion areas
- Newsfeed - A means of presenting news relevant to your organisation to subscribing users
- Yammer - An instant messaging feature that operates alongside a shared document, image or video
- One click sharing / Share with me - A facility to share OneDrive documents with others or keep track of documents shared with you
- Personal sites - Each SharePoint on-line user has a personal site that they can use to promote there role or themselves
- Ratings - Allows readers to like or rate shared OneDrive documents
- Wikis - A site where anyone invited can share ideas
This list only includes features most relevant to a business, more information can be found in this SharePoint Social Features document.
Set storage and resource limits
editWhen you sign up for Office 365 you (the tenant) are allocated a pool of 10GB plus 500MB per user of storage. This is then consumed by users up to a limit of 1TB per user, this is your OneDrive. (In 2014 the limit was raised from 25GB to 1TB per user, and users could be allocated more by the site administrator.) If this pool becomes empty, the organisation would need to purchase further storage resources in their subscription. In the SharePoint Admin Center the storage allocated to a Site collection can be manually adjusted up to a maximum of 1 TB, see this Office 365 article for further details. Note the space allocated to a user is for all their Office 365 applications storage, not just SharePoint, and managed from the Admin Center too.
Enable Office on demand
editGotcha! This feature was removed from Office 365 by Microsoft in August 2014, four months before the objectives were made public. So for completeness here's a brief overview of what it was.
Office on demand allowed Office 365 subscribers to temporarily install Office applications on computers such as on a public computer in coffee shop, or on a computer with an old version of Office. I can see why it was withdrawn, apart from a very limited uptake (around 2%) it must have required significant bandwidth to download each time in the first place, and then probably encountered numerous problems with installation permissions and conflicts with other versions. In practice users would only see a fractional gain in functionality over using Office 365 on-line anyway.
Configure Lync Online
editSee this Microsoft Lync link for background information on Lync online.
Most of the information relating configuring Lync online is contained in this article from PC Pro. (Other magazines are available and may have similar articles!) The first part looks at federation which is discussed in the Administer Office 365/Creating users section.
Manage Lync user options
editBefore configuring users you need to consider who you want your users to be able to exchange information with, this is known as federation. There is the facility to either permit or deny domain names with whom you can exchange information with, or you can simple permit information exchange with anyone. Public instant messaging just has an on/off option, and Lync can only IM with Windows Live Messenger users. These settings apply to your Lync system as a whole, and may need a day or more to come in to effect because of changes that may take place in DNS.
Lync has very few user configuration options, of which two relate to federation and instant messaging. If the general rules permit federation or messaging, this can then be denied on an individual basis in the user configuration. The remaining two options relate to the users ability to transfer files and to use audio/video conferencing, these are just either permitted or denied.
Manage communications settings
editConfiguring communication settings is a bit more complex and what you need to do may vary depending on the firewall you use and your Internet Service Provider. There are a number of ports that need to be open on your firewall as per the following table:
Port | Protocol | Usage |
443 | STUN/TCP | Audio, video, data and application sharing |
3478 | STUN/UDP | Audio and video sessions |
5223 | UDP | Lync Mobile push notifications |
50000-59999 | RTP/UDP | Audio and video sessions |
Your external firewall also needs to be configured to permit outgoing connections from Lync to the following domains:
- *.microsoftonline.com
- *.outlook.com
- *.lync.com
- A firewall entry may be required for the Microsoft Online Services Sign-in Assistant, msoidsvc.exe to operate correctly.
- The HTTP/SSL time out value needs to be set to 8 hours.
The table and data above is based on this Microsoft TechNet article, and is also given in the PC Pro article cited earlier.
Configure dial-in and meeting invitations
editThe dial-in settings only need configuring if you want users to get the audio content of a conference using the telephone network rather than using the audio part of Lync. Dial-in conferencing is a service provided by telecommunication companies that the conference host needs to be subscribed to in order to start a conference. The subscription details also need to be added in to their Office 365 account. Clients joining such a conference do not need a subscription, and access the conference using a conference ID, the phone number and a PIN.
Configure DNS for Lync
editTwo Domain Name Services (DNS) entries are required if you are using your own domain name with Office 365. They are CNAME type (Canonical Name) and require a Time-to-live (TTL) value of 1 hour.
Host name | Destination |
---|---|
sip.yourname.com | sipdir.online.lync.com |
lyncdiscover.yourname.com | webdir.online.lync.com |
Replace yourname.com with your actual domain name e.g. boots.co.uk would require hosts sip.boots.co.uk and lyncdiscover.boots.co.uk
If you have configured access to public instant messaging a further DNS entry is required:
Type: | SRV | Service: | _sipfederationtls | Port: | 5061 |
Name: | yourname.com | Target: | sipfed.online.lync.com | Priority: | 1 |
As noted in the configuration part at the start of this section, changes to DNS may take a 24 hours to become fully functional.
Configure Intune
editThe idea of 'Bring Your Own Device' (BYOD) is becoming increasingly common both in business and in education. It allows you to effectively use whatever device you prefer when and where you want to, and have access to the same 'identity' and resources from whatever device.
Installing Intune clients
editThe client installation process varies across different platforms and Windows versions.
Windows 8.1 has been designed to work with Intune, hence configuration is relatively straightforward. In the network configuration section the user is given the option to enrol the device and thus enable management of it. Switching this on creates a lightweight AD connection so that after signing in to your organisation you can use company resources like internal website and apps. There is also an option to un-enrolled the device using 'turn off'.
Apple devices need to download the company portal app from the Applestore. Once the portal is setup by the administrator and put in the Applestore, the rest is done by the user.
Running this portal app lets you login to your company portal and will show the devices associated with the users account. If the device has not been enrolled in to Intune, an i in a circle will be seen. Clicking on the chosen device will show basic information and an 'Add device' button. Clicking on this button brings up the management profile and installs a the security certificate from server on device and returns to the portal when complete.
Creating and deploying Intune policies and notifications
editThe System Center Configuration Manager Admin. Console is used to manage all of Intune.