Pass Microsoft SC-400 Exam in First Attempt Easily

Introduction

1. A Solid Foundation of Active Directory Domains

Now, if you're going to understand Microsoft services and work with their products, especially their cutting-edge stuff, you need to have a solid understanding of how things were, how things are now, and what Microsoft's vision for the future is. And so I want to make sure you have a good, solid foundation of things like active directory domains, remote access, virtualization, and then, of course, getting into the cloud stuff and seeing how things sort of came together. Okay? So we'll start with this. If you go back far enough, you go back to the 1950s and 1960s, when they had mainframes, these massive computers that would take up the size of a room, and then eventually they became sort of the size of a refrigerator. And then, as we got along, people started making their own computers, and we got to the late 1970s, when the concept of personal computing came out. And then, by the time we got to the 80s, you actually started seeing computers in businesses. And so your companies out there would have actual computers that your office staff could use. And I'm just going to kind of draw a couple of things out for you here. And the idea here with these computers is that they would start populating the office, and maybe you'd have—let's say you've got 1,000 computers in your business. And of course, in the early days of computers, as we got into the 1980s when PCs and stuff started really becoming popular, we lived in what was called a peer-to-peer network. Okay? A peer-to-peer network basically means that every computer is equal. There is no real authority over each individual computer. In other words, if your boss walks up to you and says, "Hey, IT person," I want you to configure five things on all 1000 computers. You had to either sit down at all 1000 computers and configure them one at a time or write a script to do it. So peer-to-peer networking is not a great way to try to achieve things centrally, right? So what happened was that a company called Novell created a product called NetWare. They really changed things. They really push this whole concept of what is called client servers, where you have a more powerful computer, maybe not the size of a mainframe, but a more powerful computer, and your client computers interact with that server. Right? Well then, of course, Microsoft eventually got into the networking world as well. They created this thing called the domain, which is very similar to what Novel was doing. And then you reach the year 2000, where things really sort of change. Microsoft comes out with a new type of domain. They begin to use a triangle as their domain symbol, correct? And one of the main concepts of a domain is that you have a special type of server. Okay? And the server is called a domain controller, all right? So we'll just put "DC," all right? And inside that domain controller, you have a database. I'm just going to draw this little cylinder-looking thing for you guys here, all right? And this is your database. Now, your database is called the Active Directory database, all right? And so your domain controller controls your domain. So if you really want to know why our domain is important, my answer to you is one word, and that is centralization. A lot of people think security Yes, security is important, definitely. But centralization is why domains are so important, okay? Because they allow us to control all of our stuff, our clients, our servers—all of that stuff centrally, right? We can manage it all in one place instead of having to sit down at each individual machine and make changes, right? That's the idea. Okay. Of course, you'll usually want to have more than one domain controller. And the reason why you don't want to have more than one domain controller is the same reason you want to have more than one of anything—really, more than one of any server, especially—and that is fault tolerance and load balancing. Fault tolerance means redundancy. If one fails, you've got another. Okay? And with load balancing, you don't want all of your machines having to interact with only one server. I always use the analogy. It's like going to the grocery store and getting a cartload of groceries and going to check out. And then you get to the checkout line, and it turns out there's only one cash register and one cashier open. There are like 15 people waiting in line to check out, right? Well, first off, if that cash register breaks down, that's the only one they've got. Well, nobody's going to get to check out, right? Secondly, you've got a performance problem, right? It's going to take forever to get out of that store. So what you want to see is a bunch of cash registers open when you go to check out at a grocery store. And you can sort of load balance that way, right? Some people can go to one line, some people can go to another, so on and so forth. So we can do that if we've got multiple servers. Okay? So these domain controllers also have these things called GPOs, group policy objects, which help us control everything. So instead of having to sit down one by one and make changes to a machine, I can create this thing called the GPO. The GPO can deploy the settings out to the machines. Okay? Another interesting aspect of Active Directory, which is the Directory Services database and all that you use, is that it employs a protocol known as LDAP, the lightweight Directory Access Protocol, which is essentially the language that your directory services speak. User accounts, groups, all that stuff Passwords are all kept in there. And it also uses a protocol called Kerberos for its security. Now, domain controllers replicate. So whatever you do to one Active Directory database, it actually does it to the other. For example, if I create a little user account, we'll say that this little smiley face guy that I'm making here is going to represent a user account, all right? If we create this user account, we are creating the user account on the first domain controller here, which will replicate to the other domain controller and any other domain controllers in the Active Directory domain. So, basically, I'm saying that these domain controllers replicate with one another. So when you change one database, it's going to replicate over to the other, so they stay in sync. Okay? Now, another important component of a Microsoft domain is that your domain must have a name. And the name that it uses is a DNSname domain name system, also known as "Domain Name Space," also known as "Domain Name Service. Okay? And this is because we human beings don't really like to identify devices by numbers. We don't really like having to memorize lots of numbers, right? We prefer to use names when we identify things. So DNS is the service that does that, okay? All your computers and services—all that—have IP addresses that they use, which are numbers. But we like to associate things with words and names. So your domain will have a name. Like, for example, if my domain is called Examlabpractice.com, that's my company name. A lot of times, your domain name will be the same as your web presence. Okay? So the other problem with that, though, is if your domain is going to have a DNS name, you've got to have a DNS service that's going to manage all that. So we actually have to have a server called the DNS server. Now, granted, your domain controller can actually play this role, but I'm going to draw it separately here. and inside that DNS database. Inside that DNS server, we have what is called a DNS database. So I'm going to draw another one of these little cylinder-looking things here. And the other thing that's interesting about that is that the database will be named after your domain. So if your domain's name is Examlabpractice.com, your database is going to be called Examlabpractice.com. That database is called a zone database, also known as a name database or namespace database. And what will happen is that all of your computers, as they come online, will automatically register their names inside that database, along with their names and their IP addresses. So now when the computers want to find each other, they can actually query that DNS server to find each other. So when these computers boot up, they have to authenticate to one of these domain controllers using Kerberos. They're going to do LDAP-based queries to do that, but they're going to first actually query DNS and say, "Hey, DNS, do you know who my domain controller is?" And since those domain controllers have actually registered DNS, he'll reply back and then register DNS. And then the client can go and get authenticated. Okay, and you are officially authenticated. And then when a client wants to communicate with the file server, they'll actually query that for the file server through DNS as well. Okay, so that is your basic back and forth that is happening to make all of this work. Now, we also have an Internet connection to think about. So let's draw this little cloud symbol here, and we'll just kind of clean it up here. There we go. So our little cloud here is going to represent the Internet coming in. All right? And let me just label that Internet. Of course, you don't want your internal network to be completely unprotected, so you probably want to have a firewall, right? Firewall router type combination So we'll say FW for firewall. We'll put a little box around it. That's going to be our firewall, and that's going to help police traffic going out to the Internet and things coming in from the Internet. All right. And we'll talk more about things coming up here in a minute, in the next foundation video. But hopefully this gives you now a good understanding of just the basics of what is the domain and why it is important. It's for centralization purposes. You can deploy GPO group policy objects, for which there are restrictions out there on people, machines, and all that. And hopefully, you now have a good understanding of what an Active Directory domain is. You.

2. A Solid Foundation of RAS, DMZ, and Virtualization

Talk to me about the remote access side of things. I want to talk a little bit about what a DMZ and all that stuff is as well. So as we move on here, I mentioned Active Directory. It came out in the year 2000. Originally, it was an operating system called Nt Five. And then Windows 2000 is when theyreleased it with they changed the name. They changed the name from NT 5 to Windows 2000. And the directory service used to be called NTDs, and they renamed it to Active Directory. Okay? So 20 years ago, Active Directory came out. This was cutting-edge. It was great. It was awesome. And one of the things that we sometimes need to happen is that we need computers on the outside world to get to the inside world, right? So imagine you've got a computer here. Maybe you've got somebody working from home, and they need to be able to access a resource. Like, maybe they need to access that file server. Well, let me tell you what you don't want to do. You don't want to simply open up a bunch of ports on your firewall and let things in, such as fileservers and Windows, which use a protocol called SMB Server MessageBlock, which uses ports four, four, or five. And there are a few other ports here, too, but you would be opening ports to let things come in from the Internet. And that's very dangerous, right? We don't want to do that on our firewall. We don't want to open up file ports and all that because we're just asking for a bad guy, all right? We're asking for a hacker to attempt to get into our environment, right? So let me just create a hacker here, all right? Let's just zoom in on him. We're going to make him a bad guy here. Let's give him some devil horns. Let's give him a devil tail, all right? We'll make him look like he's just in a bad mood. All right? Okay. All right. Sometimes I get a little carried away. Sorry. All right, so there's my hacker, all right? And we don't want to open up a bunch of work because we don't want a hacker to be able to get in, right? That's essentially where we're going with this. Now, we do have somebody over here, though, that we do want to get in, so maybe we're going to let them do that. Now, there are a couple of ways you can do that. One would be to get something called a VPN concentrator or VPN router. It's essentially an appliance, a box that you install on your network to allow secure access. Now, the Microsoft way of doing things usually involves setting up a server called a RazServer, sometimes referred to as an Rs Server, okay? And that Razz server is a remote access server. And based on what we can do there, we can allow access through our firewall; we can allow a VPN, or virtual private network. So from there, you can securely connect from the outside world to that Raz server, and you can access this file server or some other resources, and it's all going to be encrypted using what's called an encrypted tunnel. Okay? And that will be one of your primary and safest methods of allowing things to enter. Another thing, Microsoft Sports is a thingcalled direct access, which are not reallyfocusing a lot on that these days. VPN is going to be one of the main ways you do this. There are other solutions. You can enable remote desktop by configuring a remote desktop gateway. But VPN is going to be your main way to do things. Okay? Now the other thing I'd like to mention is, what about situations where we have something like a server that we need to make available to the outside world? Okay, let me give you an example. Let's say that you are hosting your own Web server, all right? You have a web server, and you are hosting it. You're not going to pay GoDaddy or somebody like that to do it. You're going to host your own Web server. Well, here's the question. Where are you going to host it? Are you going to host it here? Are you going to host it out here? Well, I'm going to tell you, if you host it here, that's dangerous. Because if you're letting people get to your web server anonymously, then you've got people coming in here and going through your firewall and accessing that web server. Well, hackers can do this thing called pivoting. If they gain control over that server, they might be able to pivot to other resources. So that would not be a good idea. A better solution would be to store the Web server out here. Okay? The problem, though, with storing it outside your firewall is that you are not really giving your web server any protection. It's exposed completely to the elements. At that point, it's outside the firewall. So, in general, the rule of thumb is that most people would get another firewall and install it right next to their Internet connection. And at that point, you have something called a DMZ, a demilitarized zone, also known as a perimeter network. There are a couple of names for that DMZ perimeter network. And the great thing about that is that I can now police the traffic flowing in through the firewall. I can police ports that I may allow, such as port 84 40. You might have a DNS, and if you do, you use Port 53. But now people can get to this web server coming in. But then you could block everything except maybe your VPN and all that stuff going through that firewall. So that is the idea of a DMZ. If a hacker was to gain control over that web server, they would still be blocked and would not be able to flow through that firewall. That's the logic of this. All right? So the concept here is that there are multiple solutions when it comes to trying to allow people out or allow people in. If you're wanting to host something like a Web server, maybe you want to do the same thing with an email server. Microsoft has Exchange, and you have a type of Exchange role called Edge, which, of course, we could have what's called an Exchange Edge Server in there. And really, the mentality there is the logic that has always been with the world, that at least in it, we've always felt as it people, that we needed to sort of host and manage everything ourselves. And I want to kind of go over a couple of things in that regard. Let me just kind of move some of this out of the way to make some room here. All right? First off, I talked about centralization in a domain and the fact that we have to have central control. GPOs are going to be one of our main ways to do that. Microsoft also has another server that helps you get even more control over your environment. And in the 90s, they called it SMS system management services. And then in the early 2000s, they renamed this server that I'm about to tell you about to SCCM, which is System Center Configuration Manager, okay? And so for the longest time, that's what it was called. And System Center Configuration Manager can even more tightly control your devices; it can inventory devices, you can deploy images, you can deploy applications, and you can configure compliance. I mean, there's a ton of stuff you can do with SCCM, all right? and more recently, that got renamed to another product. It is no longer called SCCM. Hopefully, this is not a shocker to you. It is now called Endpoint Config Manager. I'm just going to install CMendpoint configuration manager. And this is because of a product that they are deploying in the cloud called Into that has sort of become the big cloud-based system for managing things. And what they want is for Config Manager and this other product, Intune, to sort of centrally work together. And so they renamed ConfigManager to Endpoint Configuration Manager. And so that's what it's now referred to as. All right? Okay. Finally, another type of logic that we've had over the years when it comes to managing things as people is that we have to have all these different servers, right? It's like we have to have an Exchange server, all right? We had to have a SharePoint server. I'll just say Spt, we need a database server like SQL, and we already have a file server, correct? Let me use that little file server here. Actually, just for the sake of keeping the font sizes the same, we'll just make it a little bit smaller so it'll fit here. So now we have a file server. Now, the mentality has always been that we have to host all these servers ourselves, okay? And we have to have all this equipment in order to do it. And so you end up with a lot of servers in order to deal with everything. So in the early 2000s, a company called VMware really came to the table with some innovative solutions for dealing with the problem of having so many servers and so much hardware. I actually used an old solution to fix newer problems. There's a thing called hypervisors. This is a term that actually came out in the 1970s, back in the Unix days, the early Unix days, and it was a virtualization idea. Hypervisor is not a new thing. It's actually been around for a long time. Okay? So they actually really came up with some cutting-edge stuff on this. And the concept was that if you can emulate hardware (processors RAM, storage, and network), you can then put software on that emulated hardware. So a virtual machine is emulated hardware with software installed, such as server, Windows 10, Windows Server, and so on. So you could take these four servers, these four physical servers, and you could actually run them on a single physical server. Okay? So instead of having so many different pieces of hardware here that you're trying to deal with and manage, you could do it all on a physical server. Of course, a lot of people, when they see that, are like, "I mean, now you've got a single point of failure." Well, I'll get to that in a second. So VMware really took off. Microsoft definitely took note of what they did. Microsoft actually bought a product called Virtual PC and then turned it into Virtual Server, and then eventually they renamed it to HyperV. So that is actually the Microsoft virtualization solution, even though VMware is still probably considered more popular than HyperV. So the other thing that we've got here is the fact that we have a single point of failure. As I mentioned, if that server dies, we're in trouble. Right? Well, see, that's the beauty of virtualization. We have the ability to actually very easily get another server. All right, let me shrink this down a little bit. We can get another server, we can use a storage area network, we can host our virtual machines on that, and the HyperV servers can do clustering. So you can get a very high level of redundancy with the help of virtualization. Okay? That's the idea of virtualization. Now with virtualization comes another term, and it's the term "elasticity." Elasticity means that those servers can have tons of memory, tons of storage, tons of network bandwidth, and tons of CPU usage, and they can pull it. So, if the Exchange virtual machine requires more memory but the sequel virtual machine does not, the sequel virtual machine can give up the memory it is not using so that the Exchange virtual machine can use that memory and CPU usage and shrink and grow. Okay? And that's one of the greatest benefits of virtual machines. Another great benefit of virtual machines is the fact that you have these things called checkpoints, which used to be called snapshots but are now called checkpoints, at least in Hyper-V terms. They are. So this really changed things. And as you'll see, this is also sort of the forerunner of cloud computing. All right? Okay. But hopefully that gives you a good foundation for some of the other concepts: remote access, DMZ, and the fundamentals of virtualization.

3. A Solid Foundation of the Microsoft Cloud Services

So it's now time to talk about sort of how cloud computing came about, alright? So with virtualization and this concept of elasticity, it definitely got people thinking, and that was, you know, that we could actually, as a company, host hardware and make that hardware available to people to host resources like virtual machines on our hardware. Now, this isn't a new idea. Let me give you an example, okay? Between my wife and myself, I have three teenage daughters, and I have no stress in my life whatsoever, right? But two of them are driving. They have cars. So I have four cars that we have to deal with, okay? Now I like to use this analogy of this. Now, if one of those cars breaks down, I have a couple of options. One is that I could fix the car myself, so I could actually turn my garage into an auto mechanic shop. I could buy all the tools, get all the skills, learn how to work on cars, and do it myself with a hydraulic lift and really go at it. And that could cost a lot of money upfront to get all of that and get the skills and all of that, right? And I also have to maintain that garage. I have to maintain the tools and make sure it's clean and make sure everything is organized so that I can do a good job and everything, have electricity and all of that that's needed, right? And then I could work on the cards myself. Now, that mentality, that sort of do-it-yourself mentality, is the way that we've always done things in it. We've hosted our own equipment; we've set up our own data centers; we've provided power and air conditioning. We had to have skills to manage the hardware that went with it. All right? There's a lot that went into that, and that was always a mentality. Now the other mentality is, if my car breaks down, I can take it to a company that offers that as a service, okay? Like there's auto mechanic shops, they got the garage, they got the tools, they got the people that have the skills. They can work on the car for me and fix it for a fee. And that is a concept that's basically what you have with cloud computing, and there are different phases of it, but ultimately that's the logic. Okay? So companies like Microsoft and Amazon created these huge warehouses and huge data centers full of equipment. You're talking tons of server blades, CPUs, tons of CPUs, RAM storage, and network bandwidth, and they're offering that as a service. Okay? So let's draw this big cloud here, all right? This is going to be, we'll say, Microsoft's cloud. All right, let me make it a little bit bigger. There we go. Okay, so they've made their own; they've got their own equipment and their own data centers, and they're basically going to host equipment for us to use as customers. That's the idea, all right? These data centers are connected to the Internet, all right? There are different versions of actual government equipment and equipment for consumer use. There's also the education system, which can get access to it. There are a lot of different pieces to all of this, right? Okay, so I want to introduce you to a couple of acronyms, all right? The first acronym is IAaS. IaaS is infrastructure as a service. Okay. Infrastructure as a Service is the concept of hosting all the equipment and making that equipment available to consumers, okay? So for example, they will host all the equipment for you. They will maintain it. They will provide power, air conditioning, redundancy, and they'll keep the equipment updated. We can host things on their equipment. So you see these virtual machines over here? I can host those in their cloud, so I can host virtual machines, okay? They will also provide other resources, like virtual appliances. So you're getting into things like virtual load balancers. You're talking about virtual firewalls, okay? They've got virtual storage for backing things up. They'll host databases there for you as a service. There are a lot of things they're going to host there for you. And the great thing about this is that you just pay for what you use. So if you don't use very much, you're not going to pay very much. I do consulting work. I have one client that basically has a virtual server running 2019; And they pay $30 a month. and they have a few people that hit it every day. It's not that expensive. Of course, you can get into the higher tiers. The other great thing about it is its elasticity. So if you've got a lot of things going on that server, then Microsoft can give you more CPU, more memory, more storage, and more network. Of course you're going to pay for that. For the time being, their IaaS cloud is known as Azure. By the way, that's how I pronounce that. You may pronounce it differently. Azure. Azure. I've heard it pronounced as There are so many different names for it. I actually tried once to figure out the proper way to say that word. I actually watched the videos of the guys who created Azure, and guess what? They don't say it the same way, either. They call it something else, too. So that's how I say that word, okay? Azure. So Azure is their platform for dealing with all of these things, the hardware, basically, that you can store virtual things like VMs and appliances on. You're basically paying for what you use—how much CPU you use, memory, storage, network, all that. Now there's another piece to this, and it's called PaaS, and there's SaaS. Some people say it Pass and SAS. Pass is now a platform as a service. Platform as a Service is where they are hosting some kind of web-based platform and you have to configure it, set it up the way you want, deploy it the way you want, and configure it the way you want for your people, all right? And then essentially, they're giving you a platform with the tools to do what you need, but you have to use those tools. And then SAS, which is software as a service, is basically apps that are being hosted applications. For example, you can access Word, Excel, and PowerPoint online. Now their PaaS and SaaS platform is actually called Microsoft 365, okay? They used to call it Office 365, but it confused everybody because everybody thinks of Office, right? Word, Excel, PowerPoint, all that. But now they've changed it to Microsoft 365. and what you'll find is that Office 365 is part of that. And, believe it or not, Office 365 is considered a platform as a service because you can completely configure it, deploy the apps, and have Office Online and Office on the Web. That is your software as a service side of things, okay? Another component of this is things like Exchange Online, okay? so they're going to host the email stuff out there for you. They're going to host SharePoint online. You have something called One Drive for Business; that is their storage. And then you have teams, okay? While they were away, they were using Skype for Business and Skype for Business. They have teams, right? Teams are wonderful. It's a great collaboration tool, and all of that is you use that. And then you've also got a product called Intune. Intune is Microsoft's MDM mam product. So mobile device management, mobile application management—this is their product when it comes to managing all of your devices. The great thing about Intune is that you can manage on-premise devices like this or cloud devices or Internet devices that are just connected to the internet, like smartphones, tablets, and things like that. Even devices in people's homes, if they allow you to, can be managed. Intune is now also part of the Endpoint Manager configuration. So you're going to use a tool called Endpoint Manager to manage Intune, and it is related to Endpoint Configuration Manager. So the thing was that it confused everybody when Intune came out because it could do a lot of the same things that SCCM could, and so it confused everybody. So Microsoft renamed SCCM to Endpoint Config Manager, and Intune is now part of that as well. So you have a web-based portal that allows you to control both things, okay? And so it makes it a whole lot easier because you can centrally control everything, as opposed to having to jump back and forth. Now another great thing you get with EndpointConfig managers is that you can do this thing called "Co management," where you actually link the two together, and it can control Windows 10 devices, whether they're internal or out on the Internet. They can jump back and forth. And if the Windows Ten device is internal, then Endpoint Config Manager controls it. If the Windows 10 devices are on the Internet, then Intune will control them. Okay? Another aspect of this that I saved for last is something called Azure Ad. Azure AD is kind of the glue that ties these two things together. Your IaaS, PaaS, and SaaS are all tied together with Azure ads. That is your directory service. And it is a completely different directory service than what we had on premise. On premise. They'll use an acronym called Adds, which is Active Directory Domain Services. if I could actually spell. All right. active directory domain services. Okay, wow, lots of typos here. Okay, so DS stands for Active Directory Domain Services. That is your on-premise Active Directory. Azure ads are completely different. It was developed with web-based tool programming. So you're dealing with a lot of your web based SAML and what's called Open ID and Open Authorization. And it's a different language than what LDAP and Kerberos is built by. Okay? Now, you can actually another thing that's really cool about this is you can actually link the two together and synchronize. So you can actually set up this thing called an Azure AD Connect Server, all right? And if you set that Azure AD Connect server up, you can link your on-prem Active Directory with the cloud, and they can synchronize users, groups, passwords, and all that stuff between the two, all right? And then you can achieve what is called SSO single sign-on, where somebody on premise can actually authenticate on premise as well as on the cloud at the same time. But just so you know, you get to decide on all that. This is not forced on you, okay? You get to make that decision, and you also get to decide what gets synchronized. So if you don't want all your users synchronizing, nobody says they have to all be synchronized. You get to decide what's going to get synchronized. Okay? All right? So hopefully that gives you a halfway decent understanding of the basic foundations of where things were and where we are. And of course, as you can imagine, the cloud is really where Microsoft is heading in the future, and that's definitely where they're putting their time, effort, and energy. But hopefully that gives you guys a good foundation for how all that works.

4. Creating a free Microsoft 365 Azure AD Account

A free email account. Of course, if you already have an email that's not assigned to a Microsoft 365 Azure account, then you can use that, obviously. But one thing you could simply do is go to somewhere like Outlook.com Gmail at Yahoo, create yourself a free email account, and from there you're going to go to this little URL right here. This is tinyurl.com. Try office three six five e five. So that'll take you directly to the place you need to go to sign up for this. The only other thing you're going to need when you do this is cash; you don't need a credit card or anything like that. Because it will perform a verification, you will need a cell phone that can receive text messages. As far as I know, I've never seen a limit on how many accounts can be tied to a cell phone. I've probably got 30 accounts tied to my cell phone number myself, so I wouldn't worry too much about it. Well, I've used my cell phone with another account. But you will have to have a cell phone because they are going to send a code to your cell phone, a one-time password, and you have to put that in. Okay, so we're now going to take a look at that. We'll take a look at the link and the steps, and I'll show you how to activate the EMS license, which is going to be important to get access to a lot of the security compliance stuff. So when you put in the tiny URL link that I gave you, this is where you're going to end up. You'll be looking at this Office 365 E5 page, and from there we're going to click on Free Trial. It detects that you've already created a Microsoft 365 account. It's going to ask you if you want to use that. I'm going to say no. I would want to sign up myself. So then at that point, if you're signed into an existing account, it's going to log you out of that account, tell you to close your browser, and all that. and then it'll redirect you. And then at that point, this is where you would put in your free email address that you've created. It'll ask for some personal information about you. And then at that point, it will require that one time password. So it will text your cell phone. Okay, so it's pretty easy; just fill out the form, and at that point you'll get your 30-day trial. But there's another step you have to do. Once you get logged in and signed into your free account, which again only takes a few minutes, you're going to go to Portal Azure.com, click the little menu button, click on Azure ActiveDirectory, and then go to Licenses. As you can see, if I look over here to the right, I've got an option that says "Get a free trial." We're going to click on "Get a Free Trial," and then what you're going to want is this Enterprise Mobility plus Security E-5 subscription. This is going to give you access to all the security things that we're going to be playing around with. So we dropped that down, and you would activate it. You need to give it about an hour to activate. Microsoft kind of says all this will take effect very quickly, but what I found is it takes longer than that to go through. so I would say give it about an hour to go through. The good news is that you'll be able to do most of what you'll be doing here at the start of this course with ease. But some of the later things, such as the Security Compliance Center, are going to be towards the end of the course. You won't be able to do that until this is fully and utterly activated. Don't believe it. It'll say it's activated. But you've got to give it time. It takes time before these features will show up. After you've activated that, come over here to where it says all products, and you'll have Enterprise Ability plus Security. You may not have all of these here; that's not a problem. You don't need access to these things right here to get access to the stuff we're using in the course. The big one is this guy right here. You need to make sure that you assign your admin account to this subscription. Your admin account information is right up here. So you would go here to Enterprise ability Plus Security, you would click Assign, and you would sign that to your Admin account. Okay? Now how do you know that this has actually shown up? How do you know it's ready to go? Well, if you go to Portal, dot Microsoft.com, dropdown, show all, and then click on Security, that's going to bring you into the Security Compliance Center. At that point, you'll see a bunch of options here that you can select. But keep in mind that regardless of if your EMS subscription is activated or not, you're going to see some options here anyway. The one you want to look for—that's sort of a guarantee that everything is activated—is this guy here, Ediscovery. If you don't see Ediscovery, then your subscription is not fully activated yet. So you need to give it some more time. Okay? Like I said, give it about an hour. Okay? Once that's done, you'll be able to do all the hands-on work that we do in the course and get a good bit of experience with everything. And again, you have access to all that for 30 days. So I highly encourage you to take the time to do that. But this is definitely a good way for you to really get down with Microsoft 365.

5. Managing Microsoft 365 Services with PowerShell

Let's spend some time now talking about how we can use PowerShell to connect to our cloud services. Now, the first thing you need to understand is that when you have a newly created operating system, you don't have access to cloud-based commands, Microsoft 365 commands, or things like Teams and Exchange Online right out of the gate. You actually have to install the commands. Now you can run the command, you can say "Get command," and you can hit "Enter," and it'll show you all the commands that you have right now in memory. Of course, in my case, I have actually installed my cloud-based commands. When I scroll down this list, I'm going to see some Azure commands and some Microsoft 365 commands and all that. There is one way to search to see if you have, for example, if I wanted to see if I had my Microsoft 365 commands. Those commands are called the MSOL commands. So if you actually type the Get command, hit the spacebar and type Noun, meaning I want to search for Noun. And if you were to just type MSOL and hit Enter, nothing's going to happen because there is no command where MSOL is just the only acronym in the noun. You actually want to search using wildcards. So if I hit the up arrow, watch this. If I put a star before the MSOL, that's a wild card. It's going to show me every command that ends with MSOL. If I was to put the star at the end, it would show me every command where MSOL starts as the noun. But I'm actually going to search and see everything that's got MSOL in it in general. So by putting the asterisk at the beginning and the end, it's going to search and look for a forever command that has Ms. Ol anywhere in the now. In my case, again, I've got these commands. In your case, you may not, though, if this is a newly installed version of Windows. Okay, so what we've got to do is install those commands. We can actually install them over the Internet. using this command. We can type "Install module" and then "MS Online." So if you hit Enter on that, it's going to ask your permission to basically install a path variable into a PowerShell. You're just going to hit "yes" to that. It'll also ask your permission to install something called Nougat, which is going to be the software that's going to download the commands from the Microsoft PowerShell Gallery. And then it'll tell you that it will ask your permission to install from the Microsoft PowerShell Gallery because it'll say it's an untrusted gallery. Even though it is Microsoft's gallery, it is a community gallery. So it will ask your permission. You're just going to hit "yes" to that. Now in my case, again, I've already got the commands for this, okay? Now the other thing we're going to want is, when we want to run these commands, to connect to the cloud. Right now we're not connected. So for example, if I type get MSOL user, this command would display all of my users. The problem is I'm not connected to the cloud service right now. Okay, so to connect to the cloud service, you're going to type "connect service," hit Enter, and it'll pop a little box up on the screen, and this is where you're going to put your cloud credentials in. So I'm going to put in [email protected] and then I'm going to put my password in here, and at that point, it should connect. And as I like to say, no news is good news. If you don't get an error message, you're doing good. Okay, so we're going to type get MSOL user and now I'll be able to see my user accounts. Okay, so these are the same user accounts. I've got my on-premises—not my on-premises, but my cloud-based Azure Active Directory. Check this out. I can also if, let's say I wanted to create a user account, something like that, I could actually create a user. I can type. All I've got to do is change the verb to "new MSOL user," okay? And I'm going to do the principal user name. Don't forget that if you don't know how to use these commands, Microsoft's knowledge base articles are excellent. So if I didn't know how to build a user account off the top of my head, I could just go out there and search for this command right out here on my search engine. So if I type new MSOL user and I hit enter, it's going to be the very first article, and I can go and I can see examples on how to use this command. Okay, it tells me all the parameters and shows me how to use it. It's very nice, and I definitely encourage you to check that out to use those PowerShell articles. So if I wanted to create a user, let's say I wanted to create a user named, let's say, "the user's email address." The user principal name is an email address. Type name. Let's say David James, examlabpractice.com. Okay, close quotation mark. And then I'm going to specify his display name, which is going to be David James. And then I'm going to say that my first name is David and my last name is James. and then let's go ahead and throw him in a department. Let's put him in the marketing department. So we'll say he is going to be in the marketing department. Now the other thing I can do is hit dash here, and I could tab through all these different parameters even if I wanted to. I could specify the usage location as "us." I could also do it; let's say I wanted to get his license. I could actually assign a license. If you go to their knowledge base article, you can look up the license codes for the various Microsoft products and assign things like an Office 365 five-user license and so on. So I'm just going to hit Enter, and I'm going to create this new user. And now my user David James has been created. So at that point, I should be able to go back over to Portal Azure.com or Portal Microsoft.com. It really doesn't matter. You can pick one, go to Azure Active Directory, click on Users, and my user, David James, should be showing up in my list here. And there it is, as you can see. So that worked perfectly. Now as far as creating a group, Now I want to warn you about this. When you go to create a group, one thing that's a little strange that will not let you create a group is a Microsoft 365 group. If I create a group, it does not give me a choice. Now I do want to clarify. You can create a Microsoft 365 group. I'm going to show you, but you won't use this noun to do it. The MSOL noun is not going to do it. Okay? So if I say "new MSOL group," for example, and I do the display name, and I'm just going to call it, let's just call it "Group Creation Test," that's kind of a crappy name, but this is just a demonstration. So if I use that as my display name, you can add a description. This is a test. When you create a group, it doesn't have a parameter that will let you change the group type from security to Microsoft 365. Okay? You can, for example, go through all of these parameters. It will not let you make it a Microsoft 365 Group. Now in order to do that, you're going to need to access the Exchange commands. The Exchange Online commands are going to let you create a Microsoft 365 group. Again, this is very important. If you're wanting to create a team from a group, you're going to need to make it a Microsoft 365 group. A security group is not going to do it. Okay? So here's how you're going to do that, all right? You've got to connect to the Microsoft 365 Exchange Online Services in order to do it. And we are not connected to that right now. So we need to install the Exchange Online Management Commands. Okay? Now I'm going to tell you, this is really nice. They've made this so much easier than it was, like, a year ago. Even a year ago, connecting to Exchange Online was a big hassle. It's a lot easier now. So to do it, you've got to install the Exchange command. So I'm going to type Install Dashmodule Name, and what you're going to do is type Exchange Online Management. And then, depending on when you're doing this and all that, there's a certain version that you must have at least one of. So the reason I warn you about this is because maybe you've installed an older version of this on your computer. And if you did, you may have out-of-date commands that don't have the commands that can do what we're about to do. So I recommend that you put "requiredversion" and then say "1.0.1," okay? And that way, you'll have at least that version. And that version is going to have all these Exchange commands in it. But you can also go out there and look to see what the latest version of the Exchange Online Management commands are. You can find that in the PowerShell Gallery. If you go out there in the Google PowerShell Gallery, you can look up what the latest ones are, and you can install the latest one. However, 1.0.1 is the bare minimum you should install. So if I hit Enter, it's going to install those commands. All right? Now in my case, I've got most of the commands already installed, but it is going to double-check, and eventually it's going to pop back up. So I've already got the commands installed. The next thing you've got to do is connect to the Exchange Online Services. So you're going to type "ConnectExchangeOnline." Same thing. You're going to put your credentials in here. By the way, there is a way to store your credentials in a variable so that you don't have to keep putting this in. There's a little command that puts in the wrong password. There's a little command called the Get Credential command. You create a variable and point it to Get Credential, and it'll store it in memory. and that way you don't have to keep putting in your credentials. Okay, so it's loading the Exchange commands here. Now the command that's going to let us do what we want to do has a noun called "Unified Group." So a Microsoft 365 group in PowerShell is called Unified Group. If I do a search, if I say, "Let me just clear the screen and get the command star," I'm going to say "Unified unified group star." You can see the commands that support Unified Groups. So there is a "Get" command there. I can type Get UnifiedGroup, and I will be able to see my groups that are available. There are my Microsoft 365 groups right there. Now if you want to create a Microsoft 365 Group so you can associate it with the team, you can do so here. Let's create a new unified group display name and call it Consumers Group alias. This is the syntax. And by the way, don't forget that you can always just look up the syntax in the knowledge base. Okay? same thing I showed you a minute ago. So dash alias. And then I'll say the alias is going to be Consumer Group. Consumers Group. All right. And then we'll say email address because it is going to have an email address in the Microsoft 365 group. All right? And I'll say it will be consumers' groups. Add examlaboopspracticecom. You kind of have to spell that, right? That does help. All right. and then access type. This is going to be public or private. I'm going to make it private. Let's fix that. There we go. And I think I typed it. All right, so let's click to create. All right. And it does take a moment to create a unified group. It's a little bit slower than creating a security group, but as you can see, it did create it. And now I can actually type "get unified group." and I can see the group. Okay, so that's how you can create yourself a Microsoft 365 group. And instead of going to Azure this time, let's go to portal Microsoft.com and see if the group is visible on our Microsoft 365 services. Okay, so this is loading a little slowly. All right, so we're going to go over here to groups. Now. Drop this down and we'll see if it appears. And there it is, as you can see, and it is an Office 365-based group. So for our Microsoft 365 service, we have an Office 365 group called Consumer Group Exam that does not have a team associated with it. We know that because the Little Team symbol is not there. Speaking of which, I want to point out that I'm actually not connected to teams through PowerShell yet either. I've got to connect teams. You've got to have the team's permission in order to do that. You see the pattern here, how you're having to install these commands. Okay? There are thousands and thousands of PowerShell commands. Microsoft doesn't want to load them all up in memory, so they make us go get them and install them if we want to use them. So, to get teams, I'll use the following command: So I'll say "install module. All right? And then from there, after I got an error there, there we go: install module. And then I'm going to say dashname. And the module we want is called Microsoft Teams hit Enter. And of course I've already got it installed, so I'm good. But if you're doing this, it'll ask you to install it. And then, just like the previous methods of working with these modules, you have to make a connection. Okay? So I'm going to type connect Microsoft teams, hit enter. It's going to pop the little box up again, and then I'm going to put those credentials into [email protected]. I'm going to put my password in now and log on. and I am now connected. So I can now type "Get command star," "noun star," or "team star." And you can see all the team commands that are available to us. For example, if I want to see what teams I've got, I can type "Get Team." Okay, so now you've seen how you can make connections with PowerShell out to the cloud, and hopefully you're feeling a lot more comfortable now with AWS working with PowerShell.

Hide