Lab: Configuring client connectivity to Office 365
Exercise 1: Configuring DNS records for Office 365 clients
Task 1: Review the recommended DNS records in the Office 365 admin center
- On LON-CL1, open Microsoft Edge.
- Browse to http://portal.office.com, and then sign in as [email protected], replacing yyxxxxx with your unique Adatum number, and with the password you created in Module 1.
- In the Office 365 portal, select Admin.
- In the Microsoft 365 admin center, in the menu to the left, expand Setup, select Domains, and then review the domain names assigned to the Adatum tenant.
- In the Domains window, select Adatumyyxxxxx.hostdomain.com, where yyxxxxx is your unique Adatum number.
- Select DNS errors detected, click here to view and review the DNS errors shown.
- Close the dialog.
Task 2: Configure the DNS records for external clients
Configure DNS settings for Exchange Online
- On LON-DC1, open Server Manager.
- In Server Manager, select the Tools menu, and then select DNS.
- In DNS Manager, expand LON-DC1, and then expand Forward Lookup Zones.
- Click, and then right-click adatumyyxxxxx.hostdomain.com, where yyxxxxx is your unique Adatum number, and then select New Alias (CNAME).
- In the Aliasname text box, type autodiscover as the alias name.
- In the Fully qualified domain name (FQDN) for target host text box, type autodiscover.outlook.com.
- Select OK.
- Right-click adatumyyxxxxx.hostdomain.com, where yyxxxxx is your unique Adatum number, and then select New Mail Exchanger (MX).
- In the Mail Exchanger (MX) dialog box, in the Fully qualified domain name (FQDN) of mail server text box, type adatumyyxxxxx-hostdomain-com.mail.protection.outlook.com.
- Select OK.
Configure DNS settings for Skype for Business Online
- On LON-DC1, right-click the adatumyyxxxxx.hostdomain.com zone, where yyxxxxx is your unique Adatum number, and then select Other New Records.
- In the Resource Record Type dialog box, scroll down the list, select Service Location, and then select Create Record.
- On the Service Location (SRV) tab, enter the following information, and then select OK:
- Service: _sip
- Protocol: _tls
- Priority: 100
- Weight: 1
- Port number: 443
- Host offering this service: sipdir.online.lync.com
- Time to live: 1 hour (default)
- In the Resource Record Type dialog box, select Create Record.
- On the Service Location (SRV) tab, enter the following information, and then select OK:
- Service: _sipfederationtls
- Protocol: _tcp
- Priority: 100
- Weight: 1
- Port number: 5061
- Host offering this service: sipfed.online.lync.com
- Time to live: 1 hour (default)
- In the Resource Record Type dialog box, scroll back up the list, select Alias (CNAME), and then select Create Record.
- On the Alias (CNAME) tab, enter the following information, replacing yyxxxxx with your unique Adatum number, and then select OK:
- Alias name: sip
- Fully qualified domain name: sip.adatumyyxxxxx.hostdomain.com
- Fully qualified domain name (FQDN) for target host: sipdir.online.lync.com
- Time to live: 1 hour (default)
- In the Resource Record Type dialog box, select Create Record.
- On the Alias (CNAME) tab, enter the following information, replacing yyxxxxx with your unique Adatum number, and then select OK:
- Alias name: lyncdiscover
- Fully qualified domain name: lyncdiscover.adatumyyxxxxx.hostdomain.com
- Fully qualified domain name (FQDN) for target host: webdir.online.lync.com
- Time to live: 1 hour (default)
- In the Resource Record Type dialog box, select Done.
Configure DNS settings for Mobile Device Management
- On LON-DC1, right-click the adatumyyxxxxx.hostdomain.com zone, and then select Other New Records.
- In the Resource Record Type dialog box, scroll back up the list, select Alias (CNAME), and then select Create Record.
- On the Alias (CNAME) tab, enter the following information, and then select OK:
- Alias name: EnterpriseEnrollment
- Fully qualified domain name: EnterpriseEnrollment.adatumyyxxxxx.hostdomain.com
- Fully qualified domain name (FQDN) for target host: EnterpriseEnrollment.manage.microsoft.com
- Time to live: 1 hour (default)
- In the Resource Record Type dialog box, select Create Record.
- On the Alias (CNAME) tab, enter the following information, and then select OK:
- Alias name: EnterpriseRegistration
- Fully qualified domain name: EnterpriseRegistration.adatumyyxxxxx.hostdomain.com
- Fully qualified domain name (FQDN) for target host: EnterpriseRegistration.windows.net
- Time to live: 1 hour (default)
- In the Resource Record Type dialog box, select Done.
- Switch back to LON-CL1, and then in the Office 365 admin console, select Check DNS, and then select DNS errors detected, click here to view.
- You should now see that most records are not listed anymore (you should see msoid and SPF records). Close the page.
- In the top bar, select Office 365 apps icon.
- Select Outlook.
- On the Outlook page, select your time zone and select Save.
- In the upper right corner, select your user icon and select Sign in to IM, if the link appears.
- On LON-CL2, verify that you are signed in as Francisco.
- Open Microsoft Edge, and then connect to https://portal.office.com.
- Sign in as [email protected], where yyxxxxx is your unique Adatum number, by using the password you created in Module 1.
- In the Office 365 portal, select Outlook.
- On the Outlook page, select your time zone, and then select Save.
- In the upper right corner, select your user icon and select Sign in to IM, if the link appears.
- In the upper-left corner, select the New button.
- In the To text box, type Beth Burke.
- When the name resolves, note her instant message (IM) status. It might take a couple of minutes for her status to update.
- Select Beth Burke in the To text box.
- Note that you now view the availability status of another user.
- Close the IM window, and then close the Microsoft Edge windows on both virtual machines.
Result: After completing this exercise, you should have:
- Reviewed the recommended DNS records in the Office 365 admin center.
- Configured the DNS records for external clients.
- Configured the DNS records for internal clients.
Exercise 2: Running the Office 365 connectivity analyzer tools
Task 1: Run the Microsoft Connectivity Analyzer tool
- On LON-CL1, open Microsoft Edge.
- In the address bar, type https://testconnectivity.microsoft.com/.
- On the Microsoft Remote Connectivity Analyzer page, select the Office 365 tab.
- On the Office 365 tab, select Office 365 Exchange Domain Name Server (DNS) Connectivity Test, and then select Next.
- Under Domain Name, type adatumyyxxxxx.hostdomain.com, replacing yyxxxxx with your unique Adatum number.
- Under Verification, type the characters that you can see in the verification field, and then select Verify.
Note: The verification code is not case-sensitive.
- Select Perform Test.
Note: If you receive a message about having performed too many tests in 60 seconds, wait for a minute and then repeat the test.
- When you see Connectivity Test Successful, under Test Details, expand Test Steps, and then review the checks that were made against the Exchange Online domain.
- Select Start Over.
- On the Office 365 tab, select Office 365 Lync Domain Name Server (DNS) Connectivity Test, and then select Next.
- In the Sign-in address text box, type [email protected], replacing yyxxxxx with your unique Adatum number, and then select Perform Test.
Note: If you receive a message about having performed too many tests in 60 seconds, wait for a minute and then repeat the test.
- When you see Connectivity Test Successful, under Test Details, expand Test Steps, and then review the checks that were made against the Skype for Business Online domain.
- Select Start Over.
- Under Microsoft Office Outlook Connectivity Tests, select Outlook Connectivity, and then select Next.
- On the Outlook Connectivity page, in Email Address and Microsoft Account, type [email protected], replacing yyxxxxx with your unique Adatum number.
- In the Password and Confirm password text boxes, type the password you created in Module 1.
- Select Use Autodiscover to detect server settings.
- Select I understand that I must use the credentials of a working account from my Exchange domain to be able to test connectivity to it remotely. I also acknowledge that I am responsible for the management and security of this account.
- Select Perform Test.
- When you see Connectivity Test Successful with Warnings, under Test Details, expand Test Steps, and then review the checks that were made against Outlook. Note in particular the message that contains information about the Autodiscover steps that fail.
- Under Run Test Again at the top-right corner of the window, note that you can copy this test to the clipboard, or save it as an XML or HTML file.
- Select Start Over.
Task 2: Run the Office 365 Support and Recovery Assistant
- In the Microsoft Connectivity Analyzer window, on the Client tab, in the Microsoft Support and Recovery Assistant for Office 365 section, select Support and Recovery Assistant download.
- On the new web page that opens, select Download now and then select Save.
- Wait for the download to finish, and then select Run.
- In the Application Install – Security Warning window, select Install.
- In the Microsoft Support and Recovery Assistant for Office 365 window, select I agree, then select Advanced diagnostics, and then select Next.
- On the next page, select Exchange Online and select Next.
- On the Select the diagnostic you’d like to run page, select Perform authentication checks and select Next and then select Yes and select Next again.
- On the next page, type [email protected], replacing yyxxxxx with your unique Adatum number, type the password you created in Module 1 as password, select Keep me signed in and then select Next.
- Wait until Office 365 Support and Recovery assistant generates the results.
- Review the details, and then close the window.
Result: After completing this exercise, you should have:
- Run the Microsoft Connectivity Analyzer tool.
- Run the Office 365 Client Performance Analyzer tool.
Exercise 3: Connecting Office clients
Task 1: Verify that Outlook can connect to Office 365
- On LON-CL1, start Outlook.
- On the Welcome to Outlook page, select Next.
- On the Add an Email Account page, select Next.
- On the Auto Account Setup page, type the following information, replacing yyxxxxx with your unique Adatum number, and then select Next:
- Your Name: Beth Burke
- E-mail Address: [email protected]
- Password: The password you created in Module 1
- Retype Password: The password you created in Module 1
- In the Windows Security dialog box, type the password you created in Module 1 as the password, select Sign in.
- Verify that you are connected to Exchange Online, and then select Finish.
- In the First things first dialog box, select Ask me later, and then select Accept.
- On LON-CL2, repeat steps 1 through 7 by using the following information, replacing yyxxxxx with your unique Adatum number:
- Your Name: Francisco Chaves
- E-mail Address: [email protected]
- Password: The password you created in Module 1
- Retype Password: The password you created in Module 1
Task 2: Verify that Skype for Business can connect to Office 365
- On LON-CL1, start Skype for Business by clicking on Start button and typing Skype. In the Apps list select Skype for Business.
- Close the Welcome – Skype for Business dialog box.
- On the Skype for Business sign in page, type [email protected], replacing yyxxxxx with your unique Adatum number, as the Sign-in address, and then select Sign in.
- In the Help Make Skype for Business Better! dialog box, if it appears, select No. Verify that you are connected to Skype for Business Online.
- On LON-CL2, repeat steps 1 through 4 by using the following information, replacing yyxxxxx with your unique Adatum number:
- Sign-in address: [email protected]
- Password: The password you created in Module 1
- Keep the virtual machines running for the next module.
Result: After completing this exercise, you should have verified:
- That Outlook can connect to Office 365.
- That Skype for Business can connect to Office 365.
Exercise 4: Configuring MDM in Office 365
Task 1: Enable MDM in Office 365
- On LON-CL1, in Microsoft Edge, navigate to https://portal.office.com/EAdmin/Device/IntuneInventory.aspx and sign in as Beth.
- On the Set up Mobile Device Management for Office 365 page, select Let’s get started.
- On the Need one thing from you before we set everything up… page, accept the default security group and then select Start setup.
The initialization process can take considerable time to complete.
Task 2: Create a security group
- In Microsoft Edge, open an new tab, browse to http://portal.office.com, and select Admin.
- In the Microsoft 365 Admin center navigation pane, expand Groups, and then select Groups.
- In the details pane, select Add a group.
- In the New Group dialog box, in the Type list, select Security.
- In the Name box, type Windows Devices, select Add, and then select Close.
- Select Windows Devices.
- In the Windows Devices window, next to Members (0), select Edit.
- Click Add members.
- In the Search to add members box, type Beth Burke, select Beth Burke, select Save, and then select Close twice.
- Repeat steps 7 to 9, and add Francisco Chaves to the group.
Task 3: Create an MDM policy
- Open the Security & Compliance admin center, in the navigation pane, expand Data loss prevention, and then select Device management.
- Select Device policies then select Create a policy.
- In the New device security policy wizard, on the Name your policy page, in the Name box, type Windows Devices.
- In the Description box, type A Datum policies for Windows devices, and then select Next.
- On the What requirements do you want to have on devices? page, configure the following settings, and then select Next:
- Require a password: Enabled
- Minimum password length: 4
- Block access and report violation
- On the What else do you want to configure? page, enable the following settings, and then select Next:
- Block screen capture
- Block connection with removable storage
- Block Bluetooth connection
- On the Do you want to apply this policy now? page, select Yes.
- On the Do you want to apply this policy now? page, select Add.
- From the Groups list, select the group with the Display Name of Windows Devices, and then select Add.
- Select Next, select Create this policy, then select Close.
- Keep the virtual machines running for the next module.
Result: After completing this exercise, you should have:
- Enabled mobile device management in Office 365.
- Created a security group.
- Created an MDM policy and applied it to the security group
Microsoft 365 | Configuring client connectivity to Microsoft Office 365