Enabling Microsoft Cloud Services
2
Enabling Microsoft
Cloud Services
L e s s on
O b j e c t i v e D o m a i n M at r i x
Technology Skill
Objective Domain Description
Objective Domain Number
Enabling Office 365
• Identifying the requirements and
dependencies for using Office 365
• Selecting a cloud service plan
for Office 365
• Signing Up for Cloud Services
for Office 365
• Setting Up the Initial
Configuration of Cloud Services
for Office 365
Identify the requirements and
dependencies for using Office 365
Select a cloud service plan (for
Office 365)
Sign up for cloud services (for Office
365)
Set up the initial configuration of
cloud services (for Office 365)
2.1
2.2
2.3
2.4
Enabling Microsoft Intune
• Identifying the Requirements
and Dependencies for Using
Microsoft Intune
• Selecting a Cloud Service Plan
for Microsoft Intune
• Signing Up for Cloud Services
for Microsoft Intune
• Setting Up the Initial
Configuration of Cloud Services
for Microsoft Intune
Identify the requirements and
dependencies for using Microsoft
Intune
Select a cloud service plan (for
Microsoft Intune)
Sign up for cloud services (for
Microsoft Intune)
Set up the initial configuration of
cloud services (for Microsoft Intune)
2.1
2.2
2.3
2.4
Understanding Microsoft Azure
• Understanding Virtual Machines
• Understanding Azure Services
• Understanding Azure Disaster
Recovery, High Availability,
Redundancy, and Fault Tolerance
(None)
K E Y TERM S
24
domain name
host
Domain Name System
(DNS)
hypervisor
Microsoft Azure
Microsoft Azure
Active Directory
(Azure AD)
Enabling Microsoft Cloud Services | 25
Microsoft Azure Fabric
Controller (FC)
Microsoft Office 2013
resource record (RR)
Multi‐Factor Authentication
(MFA)
second‐level domains
Microsoft Azure Site Recovery
Microsoft Intune
Office Web Apps
virtual machine
Microsoft Office 365
partition
Virtual Machine Manager (VMM)
top‐level domains
You are the administrator for the Contoso Corporation, which has decided to implement
both Office 365 and Microsoft Intune. Office 365 will be used to replace older versions
of Office on your client computers. Microsoft Intune will help you manage several client
computers that are used in homes and offices.
■■ Enabling
Microsoft Office 365
THE BOTTOM LINE
By deploying cloud computing services such as Microsoft Office 365, you can reduce the
workload on your IT staff. You can also improve the collaboration between your team
members.
Microsoft Office 365 is a Microsoft subscription‐based software service that enables users to
access their documents and collaborate with others from anywhere using their computers, the
Internet, or their smart devices. Office 365 moves the traditional Office suite to the cloud.
The service includes Office 365 apps (Word, Excel, PowerPoint, Outlook, OneNote, Access,
and Publisher), Exchange Online, SharePoint Online, and Lync Online. By using Office 365,
you can offload many of the administrative tasks normally handled by your IT department.
These tasks include managing software updates, patches, and service packs as well as purchasing additional server hardware to support company growth.
Administration is handled through a web portal/dashboard in which you can create/manage
user accounts and oversee the health of all services. Microsoft also provides tools to migrate
from your existing on‐premise Exchange Server to Office 365.
The service can be used in combination with the desktop version of Office and also works
even if you don’t have Office installed on your computers.
Office 365 is available in a number of different plans designed to meet different segments of
the market. Each plan uses a per‐user/month charge and provides access to either the entire
service or only subsets of Office 365.
The following are features available with Microsoft Office 365:
• Users can access email, calendars, and contacts using the Microsoft Exchange service.
The applications can be delivered to Outlook or Outlook Web Access.
• Users can create, edit, and store documents they create with Office Web Apps, which are
browser‐based versions of the standard Office suite (Word Online, PowerPoint Online,
and Excel Online), as shown in Figure 2-1. These documents are fully compatible with
the desktop versions of Office.
• Users can set up and maintain a company website.
• Users can connect immediately with their co‐workers via instant messaging by using
Microsoft Lync.
26 | Lesson 2
• Users can set up and conduct online meetings (audio, video, and web conferencing),
including the ability to share desktops, files, and presentations online.
• Users can share documents inside and outside of the organization and collaborate with
their colleagues by using Microsoft SharePoint.
Figure 2-1 Using Word Online
From an administrative perspective, Office 365 offers several benefits:
• Maintenance: Microsoft performs the administrative tasks, so you do not have to manage
backups, patches, and software updates for Office Online. However, if you install Office
on the local computer, you will still have to manage backups, patches, and software
updates.
• Software upgrades: Office 365 includes upgrades with the subscription price.
• Hardware: Because Office 365 runs in the cloud, you don’t have to purchase and
maintain expensive server hardware. You can migrate Exchange Server over to Office 365
while at the same time increasing the mailbox storage for users.
• Collaboration on projects: Using SharePoint as a document repository and
collaboration workspace, you can connect and work with a geographically dispersed
workforce. By using team sites, you can share a portfolio of company projects,
enable employees to access project information, share documents, and collaborate on
project documents.
Identifying the Requirements and Dependencies for Using Office 365
Office 365 is designed to work with the current or immediately previous versions of
Internet Explorer or Firefox or the latest versions of Chrome or Safari. It also designed to
work with any version of Microsoft Office in mainstream support. Of course, Microsoft
always recommends that you use the latest browsers, Office clients, and apps. You should
also install any Windows, Office, and browser updates.
Certification Ready
Identify the requirements
and dependencies for using
Office 365
2.1
Office 365 primarily uses IPv4. Although Office 365 does support IPv6, not all Office 365
features are fully enabled using IPv6. Some organizations restrict the client computers from
connecting to the Internet. Since Office 365 is used over the Internet, you can open Office 365
help to get a list of what URLs or IP addresses that will need to be available for your users to use
Office 365. Since the IP addresses assigned to a domain might change, it is recommended that
Enabling Microsoft Cloud Services | 27
you use root domain names, such as the following partial list of domains, instead of IPv4 or
IPv6 addresses:
• *.outlook.com
• *.microsoftOnline.com
• *.sharePoint.com
• *.office365.com
• *.office.com
• *.portal.office.com
• *.live.com
When configuring the corporate firewalls, clients, and on‐premises services (such as Active
Directory Federation Services), you should have access to the most up‐to‐date Root Certificate
Authorities.
All connections to Office 365 are done over the Internet and are secured by SSL as appropriate. You will need the following ports open at your firewalls to access Office 365:
• TCP 443: AD FS (federation server role), AD FS (proxy server role), Office 365 portal,
Office 365 My Company Portal, Outlook 2010 and Office Outlook 2007, Microsoft
Entourage 2008 for Mac Exchange Web Services/Outlook for Mac 2011, Outlook Web
App, and SharePoint Online
• TCP 25: Mail routing
• TCP 587: Simple Mail Transfer Protocol (SMTP) relay, which is used by SMTP Relay
with Exchange Online
• TCP 143/993: Simple IMAP4 migration tool
• TCP 995: POP3, which is used with Exchange Online
• TCP 80 and 443: Used by Azure Active Directory Sync tool, Simple Exchange Migration
Tool, Simple IMAP Migration Tool, Staged Exchange Migration Tool, Exchange
Management Console, Exchange Management Shell, and Office 365 ProPlus.
Office 365 does not have an operating system requirements. However, you should only use
operating systems that include mainstream support. While Microsoft does not block Office
365 to operate with older operating systems, functionality might be diminished or might not
operate as expected. In addition, based on the Microsoft Service Pack Lifecycle Support Policy,
you should install Office Service Packs within 12 months of release.
Using Office 365 will most likely increase your organization’s Internet traffic. Email traffic,
directory synchronization, and Exchange hybrid deployments will have the most impact on
bandwidth. As with any cloud product, you will need to consider the following when estimating network traffic:
• The Office 365 service offerings being used
• The number of client accessing Office 365 at one time
• The type of task each client computer is performing
• The client’s network connections and current traffic patterns
• The organization’s network topology
• The capacity of network links and network hardware
To help you prepare for an Office 365 deployment, you can use the following tools:
• Exchange Client Network Bandwidth Calculator: Used predict the network bandwidth
requirements for a specific set of clients.
• Lync 2010 and 2013 Bandwidth Calculator: An Excel spreadsheet that calculates WAN
bandwidth requirements for a Lync Server deployment based on administrator‐specified
user profiles and network information.
28 | Lesson 2
• OneDrive for Business Synchronization Calculator: A calculator used to estimate the
bandwidth that a OneDrive for Business client deployment will require.
• Office 365 Network Analysis Tool: Helps analyze network‐related issues prior to
deploying Office 365 services.
Lastly, to access the Office 365 services over the Internet, client computers will have to use
DNS to translate IP addresses. However, for efficiency and higher security, clients can use local
DNS servers, which will then perform queries over the Internet.
Selecting a Cloud Service Plan for Office 365
Office 365 offers several plans designed for small, midsize, and enterprise‐level businesses.
The Office 365 Business (300 users) plan and the Office 365 Enterprise E3 and E4
(unlimited users) plan includes a subscription for Office 2013 for up to five PCs/Macs.
Certification Ready
Select a cloud service plan
(for Office 365)
2.2
Microsoft Office 2013 includes desktop versions of the following applications:
• Access 2013
• OneNote 2013
• Excel 2013
• Word 2013
• Outlook 2013
• PowerPoint 2013
• Publisher 2013
• OneDrive Pro 2013
• InfoPath (not available with the Small Business Premium plan)
• Lync 2013
Based on the plan that you choose, you can get some or all of these.
Some of the Office 365 licensing plans include the following:
• Personal: Includes Word, Excel, PowerPoint, OneNote, Outlook, Publisher, and Access
for home/non‐commercial use on one computer (PC or Mac) plus access to premium
features on one tablet or phone. It also gives 1 TB of additional OneDrive storage and 60
minutes of Skype international calls per month.
• Home: Targeted for mainstream consumers and families. It has the same features as
Personal except that it can be used on as many as five devices by up to five users.
• ProPlus: Offers access to the Office 2013 Professional Plus applications for up to 25 users
on up to five devices per user.
• Business Essentials: Targeted for small businesses. It offers access to hosted Exchange,
SharePoint, and Lync services only.
• Business: Offers desktop apps for both Macs and PCs for as many as five computers per users.
• Business Premium: Combines Business Essentials and Business to include hosted
Exchange, SharePoint and Lync services, with desktop apps for Macs and PCs.
• Enterprise (E3): Offers access to all Office applications, hosted Exchange, and
SharePoint, with enterprise‐specific legal compliance features and support.
• Enterprise (E4): Offers everything that E3 offers as well as Enterprise voice/enterprise
calling capabilities with Lync Server 2013.
Office 365 manages the licenses for Office 2013 through an online portal by indicating which
Office 365 users have the ability to install the program during the setup of the user’s account.
Enabling Microsoft Cloud Services | 29
In the Office 365 portal, you can delete a user to free up a licenses, remove a license from a
user if his job changes, or assign a license for a user after the account is set up. You can also
review which licenses are assigned to a user and purchase more if necessary.
Signing up for Cloud Services for Office 365
Certification Ready
Sign up for cloud services
(for Office 365)
2.3
A domain name represents the online identity of companies or individuals. You can use
your domain name in Office 365 with your emails, public websites, and Lync addresses.
When you sign up with the service, you start with two initial domains: the onmicrosoft.com
domain and a SharePoint Online domain. The <domainname>.onmicrosoft.com domain,
such as contoso.onmicrosoft.com, will be used with most Office 365 services, including your
Office 365 email addresses, team sites, and Lync. However, you would not use this for public
websites. SharePoint Online provides a public website. It is based on the <domainname>‐
public.sharepoint.com, such as contoso‐public.sharepoint.com. You cannot rename your
initial domains after sign‐up, but you can add domains to your Office 365 account.
When you sign up for Office 365, you have to define a user ID, such as [email protected]
onmicrosoft.com or [email protected] You can keep using this domain for your
user ID or you can add your organization domain names.
Many businesses would rather use their own domains for email addresses and public websites.
However, this requires a Small Business, Midsize Business, or Enterprise version of Office 365.
Therefore, if you own the contoso.com domain, you can then assign contoso.com for the
email addresses and the public website (such as contoso.com and www.contoso.com).
Take Note
*
Administrator roles are
covered in greater detail
in Lesson 3.
The first account created is assigned the global administrator role. A global administrator is the
administrator of the Office 365 portal. He can manage service licenses, users and groups,
domains, and subscribed services. He is also a SharePoint Online administrator.
The user ID that you create when you sign up includes the domain, as in [email protected]
onmicrosoft.com. You can continue using this domain for your user ID and for other users
that you add to your subscription. Some users do this while they’re using a trial version.
Microsoft has multiple data centers throughout the world. When you sign up for an Office
365 account, you have to select a country or region, which determines the primary storage
location for the customer’s data. For example, if you sign up for an account in North America,
at this time, the primary data centers are located in the United States. If you are accessing the
online services portal from a region other than North America, the web pages you are viewing
will be hosted in that region’s data center. For the Asia‐Pacific region, data centers are kept in
Hong Kong and Singapore. To determine where the data is stored, search the Microsoft
website for “Office 365” and “Where is my data?”
Sign Up for Office 365
GET READY. To sign up for Office 365, perform the following steps on a computer running
8.1 with a connection to the Internet.
1. On Win8A, log on using the contoso\administrator account and the Pa$$word
password.
2. On the taskbar, click the Internet Explorer icon to open Internet Explorer.
3. Go to http://office.microsoft.com/en‐us/business/.
4. Click See plans & pricing, and click See all plans & pricing.
5. At the top of the window, click Office 365 Enterprise E3.
30 | Lesson 2
6. Click Free trial.
7. On the Let’s get to know you page, enter the following information:
First Name: <Your first name>
Last Name: <Your last name>
Email: <Your email address>
Phone: <Your phone number>
<FirstName><LastName>Office365<Month><Year>
Therefore, if your name is John Smith and you are performing this lab in June 2015,
you would type the following:
JohnSmithOffice365062015, which produces a login domain of
JohnSmithOffice365062015.onmicrosoft.com
Click Next.
8. On the Create your user ID page, for the User ID, type the following:
<FirstInitial><LastName>
Therefore, if your name is John Smith, you would type the following:
JSmith
9. Ensure the domain name uses the following format:
<FirstName><LastName>Office365<Month><Year>
Therefore, if your name is John Smith and you are performing this lab in June 2015,
you would type the following:
JohnSmithOffice365062015.
10. For the Password text box and the Confirm password text box, type Pa$$w0rd.
11. In the Prove. You’re. Not. A. Robot page, select Send text message. Then type your
phone number in the appropriate text box.
12. Click Create my account.
13. If a Don’t lose access to your account dialog box displays, type a phone number
(preferably a mobile number) and then click Save and continue.
14. In the Enter your verification code text box, type the code that you receive from your
phone and click Create my account.
15. On the Save this info page, the Office 365 sign‐in page is https://portal.office.com.
Be sure to record your Office 365 user ID. Click the right arrow.
16. On the Don’t lose access to your account, specify a mobile phone number and
alternate email address, which can be used to reset your password. Click Save and
continue.
17. On the Install Office on your PC (as shown in Figure 2-2), click Install now.
18. When you are prompted to run or save the executable file, click Run.
19. In the Welcome to your new Office window, click Next.
20. On the First things first page, click No thanks and then click the Accept button.
21. On the Meet OneDrive page, click Next.
22. On the Welcome! Page, click Next.
23. On the Take a look at what’s new, click No, thanks.
24. When the installation completes, click All done.
25. Click the Office 365 settings button (the gear button at the top‐right corner of the
webpage) and then click Office 365 settings.
26. Scroll to the bottom of the window to view the assigned licenses. Then click Save.
Enabling Microsoft Cloud Services | 31
Figure 2-2 Installing Office 2013 from
Office 365
Setting up the Initial Configuration of Cloud Services for Office 365
Certification Ready
Set up the initial
configuration of cloud
services (for Office 365)
2.4
Figure 2-3 Managing Office 365 with the
Office 365 Admin Center
To manage the Office 365 services, you will open the Office 365 portal (https://portal.
office.com) and click the Admin button to launch the Office 365 Admin Center, as shown
in Figure 2-3.
32 | Lesson 2
Domain Name System (DNS) is a naming service that is used by a Transmission Control
Protocol / Internet Protocol (TCP/IP) network and is an essential service used by the Internet.
Every time a user accesses a web page, she must type a URL. Before the client communicates
with the web server, the client computer needs to use DNS to retrieve the IP address of the
web server, similarly to someone using a phone book to find a phone number. When an
enterprise client needs to communicate with a corporate server, the enterprise client also uses
DNS to find the IP address of the corporate service. The DNS servers are often referred to as
name servers.
TCP/IP is the most popular networking protocol suite used in the world and is the same
protocol used with the Internet. Of course, the Internet is a worldwide network that links
billions of computers. For a client computer or host to communicate on a TCP/IP network,
a client must have an IP address.
Traditional IP addresses based on IPv4 featured a four‐byte address written in a four‐octet
format. Each octet ranges from 0 to 255. An example of an IP address is 24.64.251.189 or
192.168.1.53. Most users would have difficulty remembering hundreds of telephone numbers
and hundreds of IP addresses. The Naming resolution infrastructure enables an administrator
to assign logical names to a server or network resource by IP address and translates a logical
name to an IP address.
DNS was developed as a system and a protocol to provide up‐to‐date name resolution.
The benefits of DNS include the following:
• Ease of use and simplicity: Allows users to access computers and network resources with
easy‐to‐remember names.
• Scalability: Allows the workload of name resolution to be distributed across multiple
servers and databases.
• Consistency: Allows IP addresses to be changed while keeping the host names consistent,
making network resources easier to locate.
A DNS resolver is a service that uses the DNS protocol to query for information about DNS
servers using UDP and TCP port 53.
To register a top‐level domain, which can be used for your email and website, you go to a
domain registrar company and search for and purchase a domain. When you click DOMAINS
from the Office 365 Admin Center, you can click Buy domain to check availability and
eventually purchase a domain from GoDaddy. Figure 2-4 shows the Manage domains page.
To keep the domain, you will have renew the domain from time to time, such as once a year or
once every couple of years.
DNS is a hierarchical system consisting of a tree of domain names. At the top of the tree is the
root zone (see Figure 2-5). The tree can then be organized into zones, each served by a name
(DNS) server. Each zone can contain one domain or many domains. The administrative
responsibility over any zone can be delegated or divided by creating a subdomain, which can
be assigned to a different name server and administrative entity.
Each node or leaf in the tree is a resource record (RR), which holds information associated
with the domain name. The most common resource record is the host address (A or AAAA),
which lists a host name and the associated IP address.
A domain name consists of one or more labels. Each label can be up to 63 characters. The fully
qualified domain name cannot exceed a total length of 253 characters.
The right‐most label designates the top‐level domain. For example, microsoft.com consists of
two labels. The top‐level domain is com. The hierarchy of domains descends from right to left.
Each label to the left specifies a subdomain of the domain or label on the right. Therefore, in
our example, microsoft is a subdomain of the com domain.
Enabling Microsoft Cloud Services | 33
Figure 2-4 Managing domains
Figure 2-5 Root (.)
Distributing domain names
through the DNS hierarchy
system
com
microsoft
server1
www
intel
contoso
www corporate
server1
edu
gov
au
mit
usa
gov
sales
computer1
Traditionally, top‐level domains consist of generic top‐level domains and international
country codes (such as us for United States, uk for United Kingdom, de for Germany, and jp
for Japan). Traditional generic top‐level domains include the following:
.com
Commercial
.org
Organization (originally intended for nonprofit organizations)
.edu
Educational
.gov
U.S. governmental entities
.net
Network (originally intended for the portal to a set of smaller websites)
Over the years, many other generic domains have been added, such as aero, biz, coop, info,
int, jobs, name, and pro. More recently, organizations can purchase their own top‐level
domains.
34 | Lesson 2
Second‐level domains are registered to individuals or organizations. Examples include:
microsoft.com
Microsoft Corporation
mit.edu
Massachusetts Institute of Technology
gov.au
Australian government
Second‐level DNS domains can have many subdomains, and any domain can have hosts.
A host is a specific computer or other network device in a domain. For example, computer1.
sales.contoso.com is the host called computer1 in the sales subdomain of the contoso.com domain.
A host has at least one IP address associated with it. For example, www.microsoft.com represents a particular address.
If you have server1.corporate.contoso.com, com is the top domain. contoso is a subdomain of
com, and corporate is a subdomain of contoso. In the corporate domain, you find one or more
addresses assigned to server1, which as 192.168.1.53. So as a result, when you type server1.
corporate.contoso.com into your browser, the client sends a query to a DNS server asking what
the IP address is for server1.corporate.contoso.com. The DNS server responds back with the
192.168.1.53 address. The client then communicates with the server with the address of
192.168.1.53.
A DNS zone database is made up of a collection of resource records, which are used to answer
DNS queries. Each resource record (RR) specifies information about a particular object. Each
record has a type, an expiration time limit, and some type‐specific data.
When you create a user account, certain properties define the user account, such as first name,
last name, and login name. When you define a printer in Active Directory, you define a name
of the printer and a location. A printer does not have a first name or a last name. Just as you
have different types of objects in Active Directory, you also have different types of resource
records in DNS, with different fields.
When you create a new zone, two types of records are automatically created:
• Start of Authority (SOA) record: Specifies authoritative information about a DNS zone,
including the primary name server, the e‐mail of the domain administrator, the domain
serial number, and the expiration and reload timers of the zone.
• Name Server (NS) record: Specifies an authoritative name server for the host.
You have to add additional resource records as needed. The most common resource
records are:
• Host (A and AAAA) record: Maps a domain/host name to an IP address.
• Canonical Name (CNAME) record: Sometimes referred to as an Alias, maps an alias
DNS domain name to another primary or canonical name.
• Pointer (PTR) record: Maps an IP address to a domain/host name.
• Mail Exchanger (MX) record: Maps a DNS domain name to the name of a computer
that exchanges or forwards e‐mail for the domain.
• Service Location (SRV) record: Maps a DNS domain name to a specified list of host
computers that offer a specific type of service, such as Active Directory domain
controllers.
The PTR records in the reverse lookup zone and all of the other record types are in the
forward lookup zone.
Enabling Microsoft Cloud Services | 35
Add a Domain to Office 365
GET READY. To add a domain to Office 365, perform the following steps on a computer
running 8.1 with a connection to the Internet.
1. On Win8A, log on using the contoso\administrator account and the Pa$$word password.
2. On the taskbar, click the Internet Explorer icon to open Internet Explorer and open
and sign into Office 365 (https://portal.office.com).
3. Click the Admin button and then click DOMAINS.
4. On the Manage domains page, choose Add domain.
5. Verify that you own the domain by creating a record at your DNS hosting provider or
domain registrar.
6. On the Add users page, create the users with email addresses on this domain.
7. On the Set domain purpose page, select Exchange Online. Also select Lync Online if
you’re planning to use it.
8. On the Set up domain page, the necessary DNS records that need to be added to your
DNS zone will be displayed: For Exchange Online, you will need:
• An MX record to route mail to Office 365.
• A CNAME Autodiscover record so that email clients like Outlook can automatically
discover the Office 365 server.
• A TXT record to help prevent spam.
If you selected Lync Online, the DNS records for Lync Online are also listed:
• A CNAME record for Autodiscover from Lync mobile clients.
• A CNAME record for automatic sign‐in.
• An SRV record to let users use Lync with people outside your organization.
• An SRV record for connecting to the internet outside your organization.
9. If necessary, on the Manage domains page, you change the default domain by naming
by choosing the domain and then choose Set as default.
■■ Enabling
Microsoft Intune
THE BOTTOM LINE
Microsoft Intune is a cloud‐based management solution that allows you to manage your
computers when they are connected to or not connected to the corporate network. In fact,
you don’t even have to be part of your domain. Microsoft Intune helps you manage your
computers and mobile devices through a web console. It provides the tools, reports, and
licenses to ensure your computers are always current and protected. For mobile devices, it
also allows you to manage your remote workforce by working through Exchange ActiveSync
or directly through Microsoft Intune.
Microsoft Intune can be operated in cloud‐only mode or in a new unified configuration
option that integrates the cloud‐based environment with Microsoft System Center 2012
Configuration Manager Service Pack 1 or System Center 2012 R2 Configuration Manager.
Microsoft Intune utilizes a subscription model in which you are charged on a per‐user basis.
Here are some of the things you can do with Microsoft Intune:
• Manage your mobile devices and computers through a web‐based console anywhere at any
time through Exchange ActiveSync and System Center 2012 R2 Configuration Manager.
36 | Lesson 2
• Manage your Microsoft Intune subscription, add new users and security groups, set up
and manage service settings, and access service status via a Microsoft Intune Account
portal.
• Assess the overall health of devices across your organization using the Microsoft Intune
Administration console.
• Organize users and devices into groups (geographically, by department, and by hardware
characteristics).
• Manage updates for computers in your organization.
• Enhance security of your managed devices by providing real‐time protection, by keeping
virus definitions current, and by automatically running scheduled scans.
• Access the overall health of your managed devices through the use of alerts.
• Deploy policies to secure data on mobile devices to determine which mobile devices can
connect, enroll, rename, and un‐enroll devices.
• Wipe mobile devices in case they are stolen.
• Deploy software and detect and manage software installed on computers.
• Manage licenses purchased through Microsoft Volume Licensing agreements.
• Run reports on software, hardware, and software licenses to help confirm current needs
and to plan for the future.
• Provide a cloud‐based, self‐service portal where users can enroll and manage their devices,
search for and install software applications, and request help.
Microsoft Intune deploys a client agent on each device that you want to manage. The
Microsoft Intune agent communicates back to the Microsoft Intune administration console,
allowing you to inventory software and hardware assets in your organization.
Microsoft Intune can be deployed with the following configurations:
• Microsoft Intune Stand‐Alone Cloud Configuration: With this configuration, you
have to administer your computers and devices (Windows 8/8.1, Windows RT,
Windows Phone 8, and Apple iOS) through the Administrator console. Although
this configuration allows you to create and manage policies, inventory your devices,
and upload and publish software, it does not support the discovery of mobile
devices.
• Microsoft Intune Cloud + On‐Premise Configuration: This configuration integrates
Microsoft Intune with your existing Active Directory and Exchange environment. With
this configuration, you can discover mobile devices using Exchange ActiveSync, synchronize your user accounts with your Active Directory, and manage your mobile devices
through Microsoft Intune.
• Microsoft Intune + System Center Configuration Manager: This configuration allows
you to manage your computers and mobile devices from the System Center Configuration
Manager 2012 R2 console.
Identifying the Requirements and Dependencies
for Using Microsoft Intune
Certification Ready
Identify the requirements
and dependencies for using
Office 365 and Microsoft
Intune
2.1
While Office 365 was a browser‐based service, Microsoft Intune is used to manage
devices. Therefore, Microsoft Intune requires that your firewalls will pass communications
between the managed devices and your Microsoft Intune services.
To manage computers that are behind firewalls and proxy servers, you must set up firewalls
and proxy servers to allow communications to access Microsoft Intune and related services.
Enabling Microsoft Cloud Services | 37
Although you should be aware of the fact that there are several websites necessary for Microsoft
Intune, you don’t have to memorize all of these for the exam:
• *.manage.microsoft.com: Port 80 and 443
• *manage.microsoft.com: Port 80 and 443
• manage.microsoft.com: Port 80 and 443
• *.microsoftonline‐p.com: Port 80 and 443
• *.microsoftonline‐p.net: Port 80 and 443
• *.spynet2.microsoft.com: Port 443
• blob.core.windows.net: Port 80
• c.microsoft.com: Port 80 and 443
• c1.microsoft.com: Port 80 and 443
• *.googleapis.com1: Port 80 and 443
• wustat.microsoft.com: Port 80 and 443
To access Microsoft Update Services, you will need to access the following:
• *.update.microsoft.com: Port 80 and 443
• download.microsoft.com: Port 80 and 443
• update.microsoft.com: Port 80 and 443
• *.download.windowsupdate.com: Port 80 and 443
• download.windowsupdate.com: Port 80 and 443
• *.windowsupdate.com: Port 80 and 443
• windowsupdate.microsoft.com: Port 80 and 443
• ntservicepack.microsoft.com: Port 80 and 443
To perform DNS lookup requests, you will need to access the following:
• manage.microsoft.com.nsatc.net: Port 80
To access documentation, Help, and support, users will need to access the following:
• *.livemeeting.com: Port 80 and 443
• *.microsoftonline.com: Port 80 and 443
• *.social.technet.microsoft.com: Port 80
• blogs.technet.com: Port 80
• go.microsoft.com: Port 80
• onlinehelp.microsoft.com: Port 80
• www.microsoft.com: Port 80
For the users to install Microsoft Intune client, they must have Internet connectivity and 200 MB
available disk space. You can install the Microsoft Intune client on the following operating systems:
• Windows Vista Business, Enterprise and Ultimate
• Windows 7 Professional, Enterprise or Ultimate
• Windows 8/8.1 Pro or Enterprise
To install the Microsoft Intune client, you will need administrative permissions on the client
computer. In addition, you will need to have a minimum of Windows Installer 3.1. If you
have any of the following incompatible client software, you will have to remove the incompatible client software:
• Any version of System Center 2012 Configuration Manager
• Any version of Configuration Manager 2007
• Any version of Systems Management Server
38 | Lesson 2
Lastly, the Microsoft Intune company portal website is supported by the default web browser
for each supported platform including
• Internet Explorer 9 or later
• Google Chrome
• Mozilla Firefox
The more clients you have, the more total bandwidth you need. To install the client, you will
consume the following:
• Intune client installation: 125 MB, One time
• Client enrollment package: 15 MB, One time
In addition, additional downloads include:
• Endpoint Protection agent: 65 MB, One time
• Operations Manager agent: 11 MB, One time
• Policy agent: 3 MB, One time
• Remote Assistance via Microsoft Easy Assist agent: 6 MB, One time
Additional downloads are possible when there are updates for this content type.
• Daily client operations: 6 MB, Daily
• Endpoint Protection malware definition updates: Varies, but typically 40 KB to 2 MB,
Daily, up to three times a day.
• Endpoint Protection engine update: 5 MB, Monthly
In addition, you will need to plan for Windows and software updates and software
distribution.
Selecting a Cloud Service Plan for Microsoft Intune
Certification Ready
Select a cloud service plan
2.2
Compared to Office 365, a Microsoft Intune subscription is licensed on a per‐user basis.
Therefore, if you need to add more users, you just buy additional licenses. If you need to
reduce the number of subscriptions, you just reduce the number of licenses.
According to the official Microsoft Intune site, the subscription for Microsoft Intune include
the following:
• System Center 2012 R2 Configuration Manager
• 20 GB of storage for application distribution
• Software distribution
• PC Endpoint Protection
• Software licensing inventory reports
• Hardware inventory reports
• Mobile device app publishing
• Alerts and monitoring
• Security policy management
• 99.9% scheduled uptime service level agreement
• Best‐in‐class support
Enabling Microsoft Cloud Services | 39
Signing up for Cloud Services for Microsoft Intune
Certification Ready
Sign up for cloud services
(for Microsoft Intune)
2.3
When you sign up for Microsoft Intune, you are assigning a domain name, to which
onmicrosoft.com will be added as a suffix. Therefore, if you define contoso, your domain
name would be contoso.onmicrosoft.com. Similar to Office 365, after you complete the
sign‐up process, you cannot change the domain name. However, also like Office 365, you
can add your own custom domain names to Microsoft Intune.
Before you create new user accounts or synchronize accounts from your Active Directory, you
should decide whether you are going to use the .onmicrosoft.com domain or add your custom
domain name. If you do not configure a custom domain name and suffix, each user account
receives the onmicrosoft.com suffix for her user principal name (UPN).
The first user created will be a tenant administrator and service administrator for Microsoft
Intune. The tenant administrator manages the subscription, including billing, cloud storage,
and managing the users who can use Intune. The service administrator performs the
day‐to‐day tasks, including managing mobile devices or computers, deploying policy or
software, and running reports.
Sign Up for Microsoft Intune
GET READY. To sign up for Microsoft Intune, perform the following steps on a computer
running 8.1 with a connection to the Internet.
1. On Win8A, log on using the contoso\administrator account and the Pa$$word
password.
2. On the taskbar, click the Internet Explorer icon to open Internet Explorer.
3. Open the http://www.microsoft.com/en‐us/server‐cloud/products/microsoft‐
intune/ website. Click Try Now.
4. On the signup page, type the following information:
Country or Region: <Your country or region>
Organization language: <Your language>
First Name: <Your first name>
Last Name: <Your last name>
Organization: <Your last name> Corporation
Address: <Your street address>
City: <Your city>
State: <Your state>
Zip code: <Your zip code>
Phone number: <Your phone number>
Email address: <Your email address>
5. In the New domain name text box, type the following:
<FirstName><LastName>Training<Month><Year>
Therefore, if your name is John Smith and you are performing this lab in June 2015,
you would type the following:
JohnSmithTraining062015 (in front of .onmicrosoft.com)
6. Click Check availability.
40 | Lesson 2
7. In the New user ID text box, type your first initial and last name. Therefore, if your
name is John Smith, type JSmith.
8. For the Create new password text box and the Confirm new password text box, type
Pa$$w0rd.
9. In the Verification text box, type the code displayed.
10. Click I accept and continue.
11. Click Continue.
12. If a Microsoft Intune login screen appears, in the Password text box, type Pa$$w0rd
and then click Sign in.
13. If a Don’t lose access to your account displays, click Remind me later.
14. On the Microsoft Intune Admin Overview screen, in the menu bar just below the webpage address, click Admin Console.
15. If a message appears, indicating the application requires Microsoft Silverlight, click
Get Microsoft Silverlight. When you are prompted to run or save Silverlight_x64.exe,
click Run. If the User Account Control dialog box displays, click Yes.
16. In the Install Silverlight dialog box, click Install now. When you are prompted to
enable Microsoft Update, click Next. Click Close.
17. If you are prompted to log in, type Pa$$w0rd in the Password text box.
Setting up the Initial Configuration of Cloud Services
for Microsoft Intune
Certification Ready
Set up the initial
­configuration of cloud
services (for Microsoft Intune)
2.4
For Microsoft Intune, there are two administrative websites: the Microsoft Intune Account
Portal and the Microsoft Intune Admin Console.
The tenant administrator can log on to the Microsoft Intune Account Portal (https://account.
manage.microsoft.com/) to perform the following tasks (see Figure 2-6):
• Manage user accounts and subscription
• Configure directory synchronization from your on‐premises Active Directory
• Manage the security groups
• Assign Microsoft Intune licenses to users
• Configure the domain name that you use with your subscription
• Manage billing and purchase details for your subscription, including the number of
licenses you have, or the amount of cloud storage space you can use
• Find links to view the health of the Intune service
Users who have a sign‐in status of Allowed can also use the account portal to reset their
account password and edit their profile. By default, all user accounts are Allowed.
The service administrator or the tenant administrator with the global administrator role can
log on to the Microsoft Intune Admin Console (https://admin.manage.microsoft.com/) and
manage day‐to‐day operations (see Figure 2-7), including:
• Set policies for computers and mobile devices
• Upload and deploy software like software updates and apps
• Manage Intune Endpoint Protection on computers
• View device status and run reports
Enabling Microsoft Cloud Services | 41
Figure 2-6 Viewing the Microsoft Intune
Account Portal
Figure 2-7 Viewing the Microsoft Intune
Admin Console
After you subscribe to Microsoft Intune, you need to perform the following tasks:
1. Configure a domain name.
2. Add users and assign licenses for your subscription.
3. Manage Microsoft Intune licenses for users.
42 | Lesson 2
4. Assign administrative users.
5. Configure Security Groups.
6. Customize the Company Portal.
7. Add devices to your subscription.
The domain name defines the account that users sign in with. To add a domain to the
Microsoft Intune subscription, the domain is configured using the Microsoft Intune Account
Portal.
Add and Verify a Domain
GET READY. To add and verify a domain, perform the following steps on a computer running
8.1 with a connection to the Internet.
1. On Win8A, log on using the contoso\administrator account and the Pa$$word
password.
2. On the taskbar, click the Internet Explorer icon to open Internet Explorer.
3. Open and logon to the Microsoft Intune Account Portal (https://account.manage.
microsoft.com).
4. Under Management click Domains.
5. On the Domains page (as shown in Figure 2-8), click Add a domain.
Figure 2-8 Managing domains
6. On the Specify domain page, in the text box, type the domain that you want to add
and then click Next.
7. A common method to verify that you own a domain is to add a TXT record to the DNS
zone for the domain. Therefore, after you add a TXT record to the zone, go back to the
Verify domain page (as shown in Figure 2-9) and click the Verify button at the bottom
of the page.
Enabling Microsoft Cloud Services | 43
Figure 2-9 Verifying the domain
■■ Understanding
THE BOTTOM LINE
Microsoft Azure
Microsoft Azure (formerly known as Windows Azure) is a cloud‐computing platform used
for building, deploying, and managing applications and services through a global network of
Microsoft‐managed datacenters. Although Microsoft Azure has its own web‐based tools, you
can also use System Center 2012 R2 Virtual Machine Manager (VMM) and App Controller.
Microsoft Azure includes the following features:
• Websites with support for ASP.NET, PHP, Node.js, or Python that can be deployed using
FTP, Git, Mercurial, or Team Foundation Server
• Virtual machines that run both Windows Server and Linux virtual machines
• Cloud services including Microsoft’s platform as a service (PaaS) environment that are
used to create scalable applications and services
• Data management using SQL Database (formerly known as SQL Azure Database) that
can integrate with Active Directory, Microsoft System Center, and Hadoop
• Media services that use PaaS to provide encoding, content protection, streaming, and/or
analytics
Take Note
*
IaaS is discussed in more
detail in Lesson 1.
When you use Microsoft Azure, you are leasing cloud resources provided by Microsoft.
Microsoft Azure resources can be self‐contained in the cloud (such as when you want to have
websites with databases) or you can extend your organization’s data center to the cloud by
using IaaS. By using IaaS, you can run applications in the cloud while maintaining full control
over the virtual machines themselves.
In a virtual environment, you can create multiple virtual machines by deploying the Windows
Server 2012 R2 operating system on the Hyper‐V host or cloud service that it runs under. You
can also upload a Windows Server 2012 R2 image template VHD file or a Windows Server
2012 R2 preconfigured image VHD file. You can then use the cloud tools to manage the
hosted virtual machines.
44 | Lesson 2
Microsoft provides several tools to deploy and manage servers running Windows Server 2012
R2 on public and private clouds:
• System Center 2012 R2 Virtual Machine Manager (VMM)
• Microsoft Azure virtual machine (VM) tools
• System Center 2012 R2 App Controller
System Center 2012 R2 Virtual Machine Manager (VMM) provides a single administrative tool
for deploying virtual servers and managing a virtualization infrastructure, including hosts, virtual
machines, storage, networks, and libraries. You can also use VMM to update virtual servers.
The Microsoft Azure Web Portal (see Figure 2-10) includes multiple tools for creating and
managing virtual machines that are hosted on the Microsoft Azure cloud platform. With these
tools, you can create VMs, attach disks, upload a Windows Server VHD file, load balance
virtual machines, and manage availability of virtual machines.
Figure 2-10 Using the Microsoft Azure
Web Portal
The System Center 2012 R2 App Controller application allows administrators to deploy and
manage services across the Microsoft private cloud services and the Microsoft public cloud
services, such as Microsoft Azure. App Controller has a web‐based interface that enables
administrators to manage services rather than servers.
Understanding Virtual Machines
Virtualization has become quite popular during the last few years. By using virtual
machine technology, you can run multiple operating systems concurrently on a single
machine, which allows separation of services while keeping cost to a minimum. It can also
be used to create Windows test systems in a safe, self‐contained environment. Microsoft
Hyper‐V is a hypervisor‐based virtualization system for x64 computers starting with
Windows Server 2008. The hypervisor is installed between the hardware and the operating system and is the main component that manages the virtual computers.
Enabling Microsoft Cloud Services | 45
Server virtualization in Windows Server 2012 R2 is based on a module called a hypervisor.
Sometimes called a Virtual Machine Monitor (VMM), the hypervisor is responsible for abstracting the computer’s physical hardware and creating multiple virtualized hardware environments,
called virtual machines (VMs). Each VM has its own (virtual) hardware configuration and can run
a separate copy of an operating system. Therefore, with sufficient physical hardware and the correct
licensing, a single computer running Windows Server 2012 with the Hyper‐V role installed can
support multiple VMs, which you can manage as though they were standalone computers.
Take Note
*
VMM is usually associated with older virtual machine technology. Don’t confuse VMM with
System Center Virtual Machine Manager (VMM), which is a software package that is used
to manage a virtual machine environment based on Microsoft Hyper‐V, VMWare ESX/ESXi,
and Citrix XenServer.
To run several virtual machines on a single computer, you need to have sufficient processing
power and memory to handle the load. However, since most servers often sit idle, virtualization utilizes the server’s hardware more efficiently.
To keep each virtual server secure and reliable, each server is placed in its own logical partition
that isolates processing and memory. A partition is a logical unit of storage in which operating
systems are hosted. The partition is not to be confused with a disk partition or a volume that
divides a storage area. Each virtual machine accesses the hypervisor, which handles interrupts
to the processor and redirects them to the respective partition.
By using Hyper‐V Manager, you can create new virtual machines and define the hardware
resources that the system should allocate to them. In the settings for a particular virtual
machine, depending on the physical hardware available in the computer and the limitations of
the guest operating system, you can specify the number of processors and the amount of
memory a virtual machine should use, install virtual network adapters, and create virtual disks
using various technologies, including storage area networks (SANs).
By default, Hyper‐V stores the files that make up virtual machines in the folders you specified
on the Default Stores page during installation. Each virtual machine uses the following files:
• A virtual machine configuration (.xml) file in XML format that contains the virtual
machine configuration information, including all settings for the virtual machine
• One or more virtual hard disk (.vhd or .vhdx) files to store the guest operating system,
applications, and data for the virtual machine
A virtual machine may also use a saved‐state (.vsv) file, if the machine has been placed into a
saved state.
Understanding Azure Services
Microsoft Azure has a wide range of services that you can tap into. The popular services
include Cloud Services, SQL Database, Storage, Virtual Machines, and Websites.
By providing the following services, Azure can be customized to fulfill the needs of virtually
any organization:
• Active Directory: Microsoft Azure Active Directory (Azure AD) provides identity
management and access control capabilities for your cloud applications. It can be synchronized with the on‐premises domain controllers. You can also enable single sign‐on to
simplify user access to cloud applications.
• API Management: Allows you to publish APIs to developers, partners and employees securely.
• Application Insights: Can be used to detect issues, solve problems, and continuously
improve your web applications by providing real time information, including availability,
performance, and usage.
46 | Lesson 2
• Automation: Allows you to automate the creation, deployment, monitoring, and maintenance of resources in your Azure environment using a highly scalable and reliable workflow execution engine.
• Backup: Allows you to back up to and restore from the cloud using familiar tools in
Windows Server 2012/Windows Server 2012 R2 or System Center 2012 R2 Data
Protection Manager.
• Batch: Allows you to run large‐scale parallel and High Performance Computing (HPC)
workloads in Azure.
• BizTalk Services: Provides Business‐to‐Business (B2B) and Enterprise Application
Integration (EAI) capabilities for delivering cloud and hybrid integration solutions.
• CDN: Short for Content Delivery Network, allows you to deliver high‐bandwidth
content to end‐users around the world with low latency and high availability via a robust
network of global data centers.
• Cloud Services: Allows you to move or extend your corporate infrastructure to the cloud.
• Data Factory: Produces trusted information from raw data in cloud or on‐premises
sources. It can create, orchestrate and schedule high‐available, fault‐tolerant workflows of
data movement and transformation activities. It can also monitor all your data pipelines
and service health.
• DocumentDB: A fully‐managed NoSQL document database service that offers query and
transactions over schema‐free data, predictable and reliable performance, and rapid
development.
• Event Hubs: Enables elastic scale telemetry and event ingestion with durable buffering
and sub‐second end‐to‐end latency for millions of devices and events.
• ExpressRoute: Enables you to create private connections between Azure datacenters and
infrastructure at your premises or in a colocation environment.
• HDInsight: A Hadoop‐based service that brings an Apache Hadoop solution to the
cloud. It is typically used to manage Big Data on a cloud‐based data platform that
manages data of any type and any size.
• Key Vault: Offers an easy, cost‐effective way to safeguard keys and other secrets in the
cloud using Hardware Security Modules (HSMs).
• Machine Learning: Allows you to easily design, test, operationalize and manage predictive analytics solutions in the cloud.
• Managed Cache: Creates a cache that will increase access to applications and data.
• Media Services: Offers cloud‐based media solutions from several existing technologies,
including ingest, encoding, format conversion, content protection, and both on‐demand
and live streaming capabilities.
• Mobile Services: Provides a scalable cloud back‐end for building Windows Store,
Windows Phone, Apple iOS, Android, and HTML/JavaScript applications. It can be used
to store data in the cloud, authenticate users, or send push notifications to your application within minutes.
• Multi‐Factor Authentication (MFA): By having more than one method of authentication, you can help prevent unauthorized access to on‐premises and cloud applications.
• Notification Hubs: Allows a scalable, cross‐platform push notification infrastructure that
can be used for broadcasting push notifications to millions of users at once or tailoring
notifications to individual users.
• Operational Insights: Enables you to collect, correlate, and visualize all your machine data
(such as event logs, network logs, and performance data) from on premise and cloud assets.
• Redis Cache: A popular open source cache for your Azure applications.
• RemoteApp: RemoteApp helps employees stay productive anywhere on a variety of
devices (such as Windows, Mac OS X, iOS, or Android).
Enabling Microsoft Cloud Services | 47
• Scheduler: Allows you to invoke actions that call HTTP/S endpoints or post messages to
a storage queue on any schedule.
• Azure Search: Provides a fully managed service for adding sophisticated search capabilities
to web and mobile applications.
• Service Bus: Provides a messaging infrastructure that sits between applications.
• Site Recovery: Provides a simple, cost‐effective disaster recovery that can replicate and, if
needed, recover resources in the private cloud.
• SQL Database: Provides a relational database service that enables you to rapidly create,
extend, and scale relational applications into the cloud.
• Storage: Offers non‐relational data storage, including Blob, Table, Queue, and Drive
storage.
• StorSimple: Offers a unique hybrid cloud storage solution that provides primary storage,
archive, and disaster recovery.
• Stream Analytics: Provides an event‐processing engine that helps uncover insights from
devices, sensors, cloud infrastructure, and existing data properties in real time.
• Traffic Manager: Allows you to load‐balance incoming traffic across multiple hosted
Azure services whether they’re running in the same datacenter or across different datacenters around the world.
• Virtual Machines: Enables you to deploy a Windows Server or Linux image in the cloud.
• Virtual Network: Enables you to create Virtual Private Networks (VPN) within Azure
and securely link these with on‐premises network.
• Visual Studio Online: A cloud‐based Application Lifecycle Management (ALM) solution
that provides hosted code repositories and issue tracking, load testing, and automated
builds. Visual Studio Online is licensed separately from Azure Services.
• Websites: Enables you to deploy web applications on a scalable and reliable cloud
infrastructure.
Understanding Azure Disaster Recovery, High Availability,
Redundancy, and Fault Tolerance
Microsoft Azure has a wide range of tools that provide high availability, redundancy, and
fault tolerance to keep your cloud components running 24/7 and to provide a wide range
of tools you can use to recover from a disaster.
When deploying any application or service, you need to look at availability, which is the
percentage of time applications and services can be accessed. The effective availability of your
cloud service is also affected by the various Service Level Agreements (SLAs) of other dependent services.
For example, Azure provides the following SLA:
• Compute: 99.95%, which allows 21.6 minutes of downtime per month.
• SQL Database: 99.90%, which allows for 43.2 minutes of downtime per month.
• Storage: 99.90%, which allows for 43.2 minutes of downtime per month.
If any of these go down, an application will go down. When you combine all of the SLAs
(99.95%x99.90%x99.90%), the overall SLA/general service available for the entire application
is 99.65%, which gives you 151 minutes of downtime per month.
To print high availability, Azure provides the Azure Business Continuity Technical Guidance,
which can be found by searching the Microsoft website.
48 | Lesson 2
The Microsoft Azure Fabric Controller (FC) is responsible for provisioning and monitoring
the condition of the Azure compute instances. When it checks the status of the hardware and
software of the host and guest machine instances and detects a failure, it will automatically
relocate the VM instances.
To provide redundancy to your application, it is recommended that you group two or more
virtual machines in an Availability Set. By using an Availability Set, two VMs that provide the
same service will be hosted on two different physical hosts so that if one physical host goes
down, the other VM is not affected. As a result, Availability Sets provide redundancy, including when you are performing maintenance or when one of the hosts go down.
Microsoft Azure Site Recovery is a software component used to orchestrate protection for
virtual machines that are located on on‐premises Hyper‐V host servers located in the VMM
cloud. With Microsoft Azure Site Recovery, you can configure:
• On‐premises to on‐premises protection: Replicates on‐premise virtual machines to
another on‐premise site.
• On‐premises to Azure protection: Replicates on‐premise virtual machines to Azure by
configuring and enabling protection settings in Azure Site Recovery vaults. Virtual
machine data replicates from an on‐premises Hyper‐V server to Azure storage.
Microsoft Azure Site Recovery can be used to replicate a large number of virtual machines
between the primary site and a disaster recovery site. By using the Microsoft Azure cloud and
the Recovery Manager service, you can access all of the components necessary to orchestrate
the failover of virtual machines in one data center to another, even when one of the data center
sites is unresponsive.
Recovery Manager has the following requirements:
• System Center 2012 R2 VMM or VMM 2012 SP1 with cumulative update 3
• Windows Server 2012 with latest updates or Windows Server 2012 R2
To configure Azure Site Recovery, perform the following steps:
1. Create an Azure Site Recovery vault, including specifying a vault key.
2. Install the Site Recovery agent on the VMM servers that you want to register in the vault.
3. Specify protection settings for the cloud, including source and target settings, recovery
points and snapshots, and initial replication settings.
4. Create mappings between VM networks on source and destination VMM servers.
5. Create mappings between storage classifications on source and target VMM servers.
6. Enable protection for virtual machines.
7. Create and customize recovery plans that specify how virtual
S u m m a r y S k i ll M a t r i x
In this lesson you learned:
• Microsoft Office 365 is a Microsoft subscription–based software service that enables users
to access their documents and collaborate with others from anywhere using their computers, the Internet, or their smart devices. Office 365 moves the traditional Office suite to the
cloud.
• Office 365 is designed to work with the current or immediately previous versions of
Internet Explorer or Firefox or the latest versions of Chrome or Safari. It also designed to
work with any version of Microsoft Office in mainstream support.
Enabling Microsoft Cloud Services | 49
• Office 365 offers several plans designed for small, midsize, and enterprise‐level
businesses. The Office 365 Business (300 users) plan and the Office 365 Enterprise E3
and E4 (unlimited users) plan includes a subscription for Office 2013 for up to five
PCs/Macs.
• A domain name represents the online identity of companies or individuals. You can use
your domain name in Office 365 with your emails, public websites, or Lync addresses.
• Microsoft Intune is a cloud‐based management solution that allows you to manage your
computers when they are connected to or not connected to the corporate network. In fact,
you don’t even have to be part of your domain. Microsoft Intune helps you manage your
computers and mobile devices through a web console. It provides the tools, reports, and
licenses to ensure your computers are always current and protected.
• Compared to Office 365, a Microsoft Intune subscription is licensed on a per‐user basis.
Therefore, if you need to add more users, you just buy additional licenses. If you need to
reduce the number of subscriptions, you just reduce the number of licenses.
• Microsoft Azure (formerly known as Windows Azure) is a cloud‐computing platform used
for building, deploying, and managing applications and services through a global network
of Microsoft‐managed datacenters. Although Microsoft Azure has its own web‐based tools,
you can also use System Center 2012 R2 Virtual Machine Manager (VMM) and App
Controller.
■■ Knowledge
Assessment
Fill in the Blank
Complete the following sentences by writing the correct word or words in the blanks provided.
1. ____________ provides Microsoft Office, Exchange, Lync, and SharePoint based on a
subscription service.
2. If you want Microsoft Office, SharePoint, Exchange, and Lync Server 2013, for your large
corporation, you will need to use the ____________ licensing plan.
3. ____________ is a cloud‐based management solution that allows you to manage computers and other devices.
4. ____________ is a cloud‐computing platform that provides a virtual machine
infrastructure.
5. In Office 365, ____________ provides instant messaging.
6. If you have a domain called litware.com, ____________ is the default name for the
SharePoint public website.
7. When configuring DNS for Office 365, the ____________ record is used to help prevent
spam.
8. To access the Microsoft Intune company portal, you should use Internet Explorer
____________ or higher.
9. You can run ____________ virtual machines on Microsoft Azure.
10. When using Azure, ____________ provides identity management and access control
capabilities for your cloud applications.
50 | Lesson 2
Multiple Choice
Circle the letter that corresponds to the best answer.
1. Which Office 365 licensing plan is targeted for user who can have up to five devices?
a. Personal
b. Home
c. ProPlus
d. Business Essentials
2. In Office 365, which role is assigned to the first user?
a. Site administrator
b. System administrator
c. Account administrator
d. Global administrator
3. Which of the following is used to determine which Microsoft data center will be used to
store data for an Office 365 account?
a. The data center that has the most resources available
b. The location of where you signed up for the account
c. The selected data center
d. The specified user location
4. Which port must be open to perform a query for DNS?
a. UDP and TCP port 53
b. UDP and TCP port 80
c. UDP and TCP port 389
d. UDP and TCP port 25
5. Which DNS resource record maps a host name to an IP address?
a. A
b. CNAME
c. PTR
d. SRV
6. Which Microsoft Intune deployment integrates with your existing Active Directory and
Exchange environment?
a. Microsoft Intune Stand‐Alone Cloud Configuration
b. Microsoft Intune Cloud + On‐Premise Configuration
c. Microsoft Intune + System Center Configuration Manager
d. Microsoft Intune + System Center Operations Manager
7. Which of the following is the least expensive Office 365 plan that offers Exchange and
SharePoint with enterprise‐specific legal compliance features?
a. Business Premium
b. E3
c. E4
d. ProPlus
8. Which clients can be used with the Microsoft Intune client? (Choose all that apply)
a. Windows XP
b. Windows Vista
c. Windows 7
d. Windows 8/81
Enabling Microsoft Cloud Services | 51
9. When you sign up for Office 365, which two domains are you assigned? (Choose all that apply)
a. <domainname>‐private.sharepoint.com
b. <domainname>‐public.sharepoint.com
c. <domainname>.com
d. <domainname>.onmicrosoft
10. Which of the following is responsible for provisioning and monitoring the condition of
the Azure compute instances?
a. Azure Virtual Machine Manager
b. Azure Site Manager
c. Azure Fabric Controller
d. Azure Virtual Machine Converter
True / False
Circle T if the statement is true or F if the statement is false.
T F 1. The CNAME DNS resource record is used to redirect a host name to a server
with another name.
T F 2. To share documents inside and outside of your organization and to collaborate on
projects, you should use Microsoft Exchange.
T F 3. For devices managed by Microsoft Intune, the device must be able to communicate with manage.microsoft.com and windowsupdate.microsoft.com.
T F 4. You do not need additional network bandwidth when using Office 365.
T F 5. You should not use the cloud if you need to maintain the security of your
applications.
■■ Case
Projects
Scenario 2‐1: Upgrading Microsoft Office
As an administrator for the Contoso Corporation, you manage nearly 800 computers
running a mix of Windows 7 and Windows 8 machines with a mix of Office 2007 and 2010.
You need to upgrade Office and your Exchange environment with the least amount of effort.
You also want the ability to use the newest version of Microsoft Office. Describe the best
solution.
Scenario 2‐2: Using Your Domain Name
You are an administrator for the Adatum Corporation and you are ready to deploy Office
365. You want to use SharePoint for your external website and Exchange for your corporate
email. However, you want to keep the adatum.com name for the website and the email
addresses. Describe the solution you need to use in order to ensure Office 365 can use this
domain name.
52 | Lesson 2
Scenario 2‐3: Selecting an Office 365 Licensing Plan
You are an administrator for the Contoso Corporation and you are ready to purchase Office
365 for your 800 users. First, however, you need to determine which licensing plan that you
want to purchase. Right now, you want your users to have the newest version of Office that
can be used online or on their local computers. You want also want to use Microsoft Exchange
and Microsoft SharePoint. Describe the licensing plan you should use and explain your
reasoning.
Scenario 2‐4: Selecting a Cloud Service Plan for Microsoft Intune
As the administrator the Contoso Corporation, you manage a system of about 500 users
working from their home offices. You want to be sure that their mobile or office computers are
protected with the newest updates, install software, and perform inventory. Describe the
solution you need to use and the licensing plan you should purchase.
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement