MS Exam 70-346: Managing Office 365 Identities and Requirements

This is the first exam in the MCSA track for Office 365
http://www.microsoft.com/learning/en-us/mcsa-office365-certification.aspx

Exam Home page is located at http://www.microsoft.com/learning/en-us/exam.aspx?ID=70-346

Please note that the Microsoft Cloud is constantly changing and improving, so some of this content may be outdated or points to websites that no longer exists. Therefore, make sure to check the official exam home page to get up to speed before taking the exam. I’m trying to keep these lists updated, but please send me an email with any missing content 🙂

This exam is divided into six main categories

  1. Provision Office 365 where you will be Provision tenants, add and configure custom domains and plan a pilot.
  2. Plan and Implement Networking and Security in Office 365 is testing you in DNS configuration for the services, enable client connectivity to Office 365, Administer rights management and Manage administrator roles in Office 365
  3. Manage Cloud Identities tests you in password management, managing user and security groups and manage cloud identities with Microsoft PowerShell
  4. Implement and manage identities using Azure Active Directory Synchronization (AADSync) where you need to know how to prepare on-premises Active Directory for AADSync, set up AADSync tool and manage Active Directory users and groups with AADSync in place.
  5. In Implement and Manage Federation Identities [single sign-on(SSO)] you are tested in AD FS requirements planning, install and manage AD FS servers and install and manage AD FS proxies.
  6. The last skill mentioned is Monitor and Troubleshoot Office 365 Availability and Usage. Here you will be tested on analyzing reports, monitor service health and isolate service interruption.

As with every other reading list, this list has gotten it’s life during my own reading, an I’m still reading for it my self.

Some general links that’s good to have knowledge about

Provision Office 365

Provision tenants

Configure the tenant name, tenant region, global administrator; manage tenant subscriptions; and manage the licensing model

Add and configure custom domains

Specify domain name, confirm ownership, specify domain purpose, and move ownership of DNS to Office 365

Plan a pilot

Designate pilot users, identify workloads that don’t require migration, run the Office 365 Health, Readiness, and Connectivity Checks, run IdFix, create a test plan or use case, and connect existing email accounts for pilot users, understand service descriptions and planning to onboard users to Office 365

Plan and Implement Networking and Security in Office 365

Configure DNS records for services.

Creating DNS records for Exchange, Lync, and SharePoint.

Enable client connectivity to Office 365

Configure proxy server to allow anonymous access to Office 365 URLs, configure firewalls for outbound port access to Office 365, recommend bandwidth, Internet connectivity for clients, and deploy desktop setup for previous versions of Office clients

Administer rights management

Activate rights management, Office integration with rights management, assign roles for Windows Azure Active Directory (WAAD) RM, and enable recovery of protected document

Manage administrator roles in Office 365

Permission model, create or revoke assignment of administrative roles or the administrative model, determine and assign global administrator, billing administrator and user administrator, delegated administrator, and control password resets

Manage Cloud Identities

Configure password management

Expiration policy, password complexity, password resets, and Administration Center

Manage user and security groups

Bulk import, Windows Azure Active Directory Graph API, soft delete, Administration Center, and multi-factor authentication

Manage cloud identities with Microsoft PowerShell

Configure passwords to never expire, bulk update of user properties, bulk user creation, Windows Azure Active Directory cmdlets, bulk user license management, and hard delete users

Implement and Manage Identities by Using DirSync

Please note that DirSync have been replaced by AADSync, that again have been replace by Azure AD Connect. This section will be updated to reflect this. Until then check this two page s

Prepare on-premises Active Directory for DirSync

Plan for non-routable domain names, clean up existing objects, plan for filtering Active Directory, and support for multiple forests

Set up DirSync [WAAD sync tool]

Soft match filtering and identify synchronized attributes, password sync, and installation requirements

Manage Active Directory users and groups with DirSync in place.

Deleting, create, modify, and scheduled and forcing synchronization

Implement and Manage Federated Identities for Single Sign-On (SSO)

Plan requirements for Active Directory Federation Services (AD FS)

Namespaces and certificates, plan AD FS internal topologies and dependencies, plan AD FS proxy topologies, network requirements, multi-factor authentication, and access filtering using claims rules

Install and manage AD FS servers

Create AD FS service account, configure farm or stand-alone settings, add additional servers, convert from standard to federated domain, and manage certificate lifecycle

Install and manage AD FS proxy servers

Set up perimeter network name resolution, install required Windows roles and features, set up certificates, configure AD FS proxy settings, and set custom proxy forms login page

Monitor and Troubleshoot Office 365 Availability and Usage

Analyze reports

Service reports, mail protection reports, auditing log, and portal email hygiene reports

Monitor service health

RSS feed, service health dashboard (including awareness of planned maintenance, service updates, and historical data), Office 365 Management Pack for System Center Operations Manager, and Windows PowerShell cmdlets

Isolate service interruption

Create a service request, Microsoft Remote Connectivity Analyzer (RCA), Microsoft Online Services Diagnostics and Logging (MOSDAL) support toolkit, Transport Reliability IP Probe (TRIPP), Microsoft Connectivity Analyzer tool, and hybrid free/busy troubleshooter

107 comments

  1. Anders – Thanks for putting this together. I’m finding it is too much to remember about each and ever feature offered by Azure, O365, SP, etc. Do you really recommended read each page word by word? Could you suggest any strategy to pass this exam?

    1. Hi,

      You should read/try as much as possible, and especially if it’s a topic that you don’t know that well.
      Just reading word by word might trick you of also, as the service might change faster than the documentation, and we don’t know when the exam was updated.

      My strategy is always to read and try the service, and as a read I write don’t my own test questions that I repeat a few times til they stick 🙂

      /Anders

      1. Do you have any new info on Azure AD Connect?
        It’s a new addition to the 70-346 exam, which replaces AAD Sync/DirSync.

      1. You are welcome. I am planning to take the 70-346 in the following weeks and i have a hard time getting proper documentation for it.
        Do you have perhaps some tips for correct resources for the exam besides the one above?

  2. Hi,

    A newbie to Sharepoint, looking to get certified. I can easily find good reading sources for the exam (including this extensive page). However, I learn better by experimenting and am completely lost as to how I can work on a Office 365 installation myself. The service requires a business email to signup, which I don’t have.

    So then am I stuck just reading and memorizing? Your insight will be much appreciated

    Thanks!

    1. Hi Harry,

      When reading for these lists, I created 30 day trials, where I got practical experience. Also, in stead of reading, maybe watching Microsoft Virtual Academy videos, and replicate what they do in your trial tenant?

      /Anders

  3. Thanks for putting this together Anders! I used this as a basis for reading up on sitting this exam and please to say I passed it today. I used CBT Nuggets and watched the MVA videos. It was ALOT harder than I was expecting so for those preparing make sure you know your AADConnect and ADFS inside and out. Onto 70-347!

  4. Any chance of modifying your blog to reflect recent changes of the 4th measured skill, Azure AD Connect that replaced AAD Sync & DirSync?

Leave a comment