Exercise 2: Managing Office 365 password policies

Task 1: Configure the Office 365 password policy

1. Open Microsoft Edge, and then browse to https://portal.office.com/.
2. Sign in as [email protected] with the password you created in Module 1.
3. On the Office 365 portal, select Admin.
4. On the left side menu, point to Settings, and then select Security & privacy.
5. In the Password policy area, select Edit.
6. On the Password policy page, next to Set user passwords to never expire, select Off.
7. In the Days before passwords expire text box, type 14.

Note: This setting does not correspond with a real-world scenario. Use it as a sample scenario to verify the policy applied in the next exercise task.

1. In the Days before a user is notified about expiration box, leave the default value of 14, and then select Save.
2. Verify that the “Password policy has been updated” message appears at the top of the page and then select Close.
3. Close Microsoft Edge.

Task 2: Validate the password policy

1. Open Microsoft Edge, and then browse to https://portal.office.com.
2. Sign in as [email protected], where yyxxxxx is your unique Adatum number, with the password you created in Module 1.
3. On the upper-right side of the window, verify that the notification appears with the following information: “Time to change your password. Your password will expire in 13 days.”

Note: It might take a few minutes before the password change notification appears. You can also verify the password policy later.

Note: You have now verified that your password policy is applied. In a real-world scenario, after you verify that the password policy is applied, you would need to increase the number of days before the password expires, according to your organizational policy.

1. Close Microsoft Edge.

Task 3: Enable multi-factor authentication

1. Open Microsoft Edge, and then browse to https://portal.office.com.
2. Sign in as [email protected], where yyxxxxx is your unique Adatum number, with the password you created in Module 1.
3. In the Microsoft Office 365 portal, select Admin.
4. On the Home page, on the left menu, point to Settings, and then select Services & add-ins.
5. On the Services & add-ins page, select Azure multi-factor authentication.
6. On the Azure multi-factor authentication page, select Manage multi-factor authentication.
7. On the multi-factor authentication page, select the Amy Santiago check box, and then select Enable.
8. In the About enabling multi-factor auth pop-up, select enable multi-factor auth, and then select Close.
9. On the multi-factor authentication page, select service settings.
10. Under verification options, verify the Call to phone check box is not selected, select save, and then select Close.
11. Close Microsoft Edge.

Task 4: Verify multi-factor authentication

1. Open Microsoft Edge, and then browse to https://portal.office.com.
2. Sign in as [email protected], where yyxxxxx is your unique Adatum number, with the temporary password you created in Module 1.
3. On the More information required dialog, select Next.
4. On the Additional security verification page, under Step 1: How should we contact you?, verify that Authentication phone is selected.
5. In the Select your country or region drop-down select your country or region.
6. Next to the Select your country or region drop-down, in the text box enter your cell phone number and select Next.
7. Under When you receive the verification code, enter it here, enter the verification code that you receive on your phone, and select Verify.
8. Select Done.
9. In the Update your password dialog, in the Current password box, enter your temporary password.
10. In the New password and the Confirm password boxes, enter the password you created in Module 1, and select Sign in.
11. Close Microsoft Edge.

Task 5: To prepare for the next lab

• Keep the virtual machines running for the next lab in this module.

Result: After completing this exercise, you should have configured and validated an Office 365 password policy.

Lab B: Managing Office 365 groups and administration

Exercise 1: Managing Office 365 groups

Task 1: Creating Office 365 security groups

1. On LON-CL1, open Microsoft Edge, and then browse to https://portal.office.com/.
2. Sign in as [email protected], where yyxxxxx is your unique Adatum number, with the password you created in Module 1.
3. In the Office 365 admin center, select Admin.
4. On the left side menu, expand Groups, select Groups, and then select Add a group.
5. On the New Group page, in the Type drop-down box, select Security, and in the Name text box, type Sales.
6. In the Description text box, type Sales department users, select Add, and then select Close.
7. Select the Sales group, and then on the Sales page, next to Members, select Edit.
8. Select Add members, select Lindsey Gates, select Christie Thomas, select Save, and then select Close three times.
9. Select Add a group.
10. On the New Group page, in the Type drop-down box, select Security, and then in the Name text box, type Accounts.
11. In the Description text box, type Accounts department users, select Add, and then select Close.
12. Select the Accounts group, and then on the Accounts page, next to Members, select Edit.
13. Select Add members, select Francisco Chaves, select Sallie McIntosh, select Save, and then select Close three times.

Task 2: Manage security groups

1. In the Office 365 admin center, verify that you can see the following groups:
   • Accounts
   • Sales
2. In the Groups list, select the Sales group, and then on the Sales page, next to Members, select Edit.
3. Select Add members, select Amy Santiago, select Save, and then select Close three times.
4. Open Sales details page, and ensure that Amy Santiago is now present under the Members list.
5. Select Delete group.
6. On the Delete group page, select Delete, and then select Close.
7. On the left side menu, expand Users, and then select Active users.
8. Confirm that Amy Santiago’s account still exists in the list of users.
9. Close Microsoft Edge.

Result: After completing this exercise, you should have created and managed security groups.

Exercise 2: Managing Office 365 users and groups by using Windows PowerShell

Task 1: Installing Microsoft Azure Active Directory module for Windows PowerShell

1. On LON-CL1, click Start and enter Powershell.
2. Right-click Windows PowerShell and select Run as administrator.
3. In the User Account Control dialog, in the User name box, enter administrator.
4. In the Password box, enter Pa55w.rd and select Yes.
5. In the Administrator: Windows PowerShell console, enter install-module msonline and press Enter.
6. When prompted Do you want PowerShellGet to install import the NuGet provider now?, enter Yes and press Enter.
7. When prompted Are you sure you want to install the modules from ‘PSGallery’?, enter Yes and press Enter.
8. In the Administrator: Windows PowerShell console, enter install-module azuread and press Enter.
9. When prompted Are you sure you want to install the modules from ‘PSGallery’?, enter Yes and press Enter.

Task 2: Create new users and assign licenses by using Windows PowerShell

1. On LON-CL1, in the Administrator: Windows PowerShell console, type the following command, and then press Enter:

Connect-MsolService

In the Enter Credentials dialog box, sign in as [email protected], where yyxxxxx is your unique Adatum number, with the password you created in Module 1.

At the command prompt, type the following command, and then press Enter; hostdomain is your unique domain name:

New-MsolUser -UserPrincipalName [email protected] -DisplayName “Catherine Richard” -FirstName “Catherine” -LastName “Richard” -Password ‘<the password you created in Module 1>’ -ForceChangePassword $false -UsageLocation “CH”

At the command prompt, type the following command, and then press Enter; hostdomain is your unique domain name:

 New-MsolUser -UserPrincipalName [email protected] -DisplayName “Tameka Reed” -FirstName “Tameka” -LastName “Reed” -Password ‘<the password you created in Module 1>’ -ForceChangePassword $false -UsageLocation “CH”

To determine which users are unlicensed, at the command prompt, type the following command, and then press Enter:

Get-MsolUser -UnlicensedUsersOnly

To view the available licenses, at the command prompt, type the following command, and then press Enter:

Get-MsolAccountSku

To license Catherine Richard, at the command prompt, type the following command, and then press Enter; replace Adatumyyxxxxx in the -AddLicenses attribute with the onmicrosoft.com domain name provided by the hosting provider:

Set-MsolUserLicense -UserPrincipalName [email protected] -AddLicenses “Adatumyyxxxxx:ENTERPRISEPREMIUM”

To license Tameka Reed, at the command prompt, type the following command, and then press Enter; replace Adatumyyxxxxx in the -AddLicenses attribute with the onmicrosoft.com domain name provided by the hosting provider:

Set-MsolUserLicense -UserPrincipalName [email protected] -AddLicenses “Adatumyyxxxxx:ENTERPRISEPREMIUM”

To prevent a user from signing in, at the command prompt, type the following command, and then press Enter; hostdomain is your unique domain name:

Set-MsolUser -UserPrincipalName [email protected] -BlockCredential $true

To delete a user, at the command prompt, type the following command, and then press Enter; hostdomain is your unique domain name:

Remove-MsolUser -UserPrincipalName [email protected] -Force

To view the Deleted users list, at the command prompt, type the following command, and then press Enter:

Get-MsolUser -ReturnDeletedUsers

Verify that Catherine Richard is in the list of deleted users. Note that it specifies that she is still licensed.

To restore a deleted user, at the command prompt, type the following command, and then press Enter; hostdomain is your unique domain name:

Restore-MsolUser -UserPrincipalName [email protected]

To view the deleted users list, at the command prompt, type the following command, and then press Enter:

Get-MsolUser -ReturnDeletedUsers

Verify that Catherine Richard is no longer in the list of deleted users.

To view the active users list, at the command prompt, type the following command, and then press Enter:

Get-MsolUser

Verify that Catherine Richard is in the active users list.

To allow a user to sign in, at the command prompt, type the following command, and then press Enter; hostdomain is your unique domain name:

Set-MsolUser -UserPrincipalName [email protected] -BlockCredential $false

Task 3: Bulk-import of users by using Windows PowerShell

1. On LON-CL1, on the taskbar, select File Explorer.
2. Navigate to C:\labfiles, right-click O365users.csv, select Open with, and then select Notepad.
3. In Notepad, select Edit, and then select Replace.
4. In the Find what text box, type yourdomain.hostdomain.com.
5. In the Replace with text box, type your unique public domain name value, and then select Replace All.
6. In the Find what text box, type Adatumyyxxxx:ENTERPRISEPACK.
7. In the Replace with text box, type your unique Adatumyyxxxx value followed by :ENTERPRISEPREMIUM, and then select Replace All.

Note: Adatumyyxxxx in this step must be the onmicrosoft.com domain name.

Close O365users.csv, and then in the Notepad message box, select Save.

To bulk import several users from a comma-separated value (CSV) file, copy and paste this code into the Administrator: Windows Azure Active Directory Module for Windows PowerShell window on LON-CL1, and then press Enter:

Import-Csv -Path C:\labfiles\O365Users.csv | ForEach-Object { New-MsolUser -UserPrincipalName $_.”UPN” -AlternateEmailAddresses $_.”AltEmail” -FirstName $_.”FirstName” -LastName $_.”LastName” -DisplayName $_.”DisplayName” -BlockCredential $False -ForceChangePassword $False -LicenseAssignment $_.”LicenseAssignment” -Password $_.”Password” -PasswordNeverExpires $True -Title $_.”Title” -Department $_.”Department” -Office $_.”Office” -PhoneNumber $_.”PhoneNumber” -MobilePhone $_.”MobilePhone” -Fax $_.”Fax” -StreetAddress $_.”StreetAddress” -City $_.”City” -State $_.”State” -PostalCode $_.”PostalCode” -Country $_.”Country” -UsageLocation $_.”UsageLocation” }

To view the Active users list, at the command prompt, type the following command, and then press Enter:

Get-MsolUser

1. Switch back to Microsoft Edge, browse to https://portal.office.com, sign in as Beth, and select Admin.
2. On the Home page, select Users, then select Active users.
3. Review the active users that you just imported.
4. On the Admin centers menu, select Exchange.
5. Under recipients, select mailboxes and review the mailboxes and associated email addresses that were created.

Task 4: Configure groups and group membership by using Windows PowerShell

Switch to Windows Powershell.

To create a Marketing group, at the command prompt, type the following command, and then press Enter:

New-MsolGroup -DisplayName “Marketing” -Description “Marketing department users”

To configure a variable for the group, at the command prompt, type the following command, and then press Enter:

$MktGrp = Get-MsolGroup | Where-Object {$_.DisplayName -eq “Marketing”}

To configure a variable for the first user account, at the command prompt, type the following command, and then press Enter:

$Catherine = Get-MsolUser | Where-Object {$_.DisplayName -eq “Catherine Richard”}

To configure a variable for the second user account, at the command prompt, type the following command, and then press Enter:

$Tameka = Get-MsolUser | Where-Object {$_.DisplayName -eq “Tameka Reed”}

To add Catherine Richard to the Marketing group, at the command prompt, type the following command, and then press Enter:

Add-MsolGroupMember -GroupObjectId $MktGrp.ObjectId -GroupMemberType “User” -GroupMemberObjectId $Catherine.ObjectId

To add Tameka Reed to the Marketing group, at the command prompt, type the following command, and then press Enter:

Add-MsolGroupMember -GroupObjectId $MktGrp.ObjectId -GroupMemberType “User” -GroupMemberObjectId $Tameka.ObjectId

To verify the members of the Marketing group, at the command prompt, type the following command, and then press Enter:

Get-MsolGroupMember -GroupObjectId $MktGrp.ObjectId

Task 5: Configure user passwords by using Windows PowerShell

At the command prompt, type the following command, and then press Enter; hostdomain is your unique domain name:

Set-MsolPasswordPolicy -DomainName “Adatumyyxxxxx.hostdomain.com” -ValidityPeriod “90” -NotificationDays “14”

At the command prompt, type the following command, and then press Enter; hostdomain is your unique domain name:

Set-MsolUserPassword -UserPrincipalName “[email protected]” -NewPassword ‘<Create a new password>’

Note Write down the new password here:…………….

At the command prompt, type the following command, and then press Enter:

Get-MsolUser | Set-MsolUser -PasswordNeverExpires $false

Result: After completing this exercise, you should have created new users, assigned licenses, modified existing users, and configured groups and user passwords by using the Windows PowerShell command-line interface.

Exercise 3: Configuring service administrators

Task 1: Assign service administrators in the Office 365 admin center

1. On LON-CL1, open Microsoft Edge, and then browse to https://portal.office.com.
2. Sign in as [email protected], where yyxxxxx is your unique Adatum number, with the password you created in Module 1.
3. In the Office 365 admin center, select Admin.
4. On the left-hand side, expand Users, select Active users, and then select Francisco Chaves.
5. On the Francisco Chaves page, in the Roles section, select Edit.
6. Under Edit user roles, select Customized administrator, select Billing administrator from the list, select Save, and then select Close twice.
7. In the list of active users, select Tameka Reed.
8. On the Tameka Reed page, in the Roles section, select Edit.
9. Under Edit user roles, select Customized administrator, and then select Helpdesk administrator from the list.
10. Select Save, and then select Close twice.
11. In the list view, select Christie Thomas.
12. On the Christie Thomas page, in the Roles section, select Edit.
13. Under Edit user roles, select Customized administrator, and then select User management administrator from the list.
14. Above the Alternative email address text box, select Edit, in the text box type [email protected], select Save, and then select Close twice.
15. Close Microsoft Edge.

Task 2: Manage service administration with Windows PowerShell

In the Windows PowerShell window, at the command prompt, type the following command, and then press Enter:

Add-MsolRoleMember -RoleName “Service Support Administrator” -RoleMemberEmailAddress “[email protected]”

At the command prompt, type the following command, and then press Enter:

Add-MsolRoleMember -RoleName “Company Administrator” -RoleMemberEmailAddress “[email protected]”

At the command prompt, type the following command, and then press Enter:

$role = Get-MsolRole -RoleName “Service Support Administrator”

At the command prompt, type the following command, and then press Enter:

Get-MsolRoleMember -RoleObjectId $role.ObjectId

1. Verify that Sallie McIntosh is in the list of users who have the Service Support Administrator role.
2. At the command prompt, type the following command, and then press Enter:

$role = Get-MsolRole -RoleName “Billing Administrator”

At the command prompt, type the following command, and then press Enter:

Get-MsolRoleMember -RoleObjectId $role.ObjectId

Verify that Francisco Chaves is in the list of users who have the billing administrator role.

At the command prompt, type the following command, and then press Enter:

$role = Get-MsolRole -RoleName “Company Administrator”

At the command prompt, type the following command, and then press Enter:

Get-MsolRoleMember -RoleObjectId $role.ObjectId

Verify that Amy Santiago is in the list of users who have the Company Administrator role. You should also see Beth Burke on the list.

Close the Windows PowerShell window.

Task 3: Verify service administration

1. On LON-CL1, open Microsoft Edge, and then browse to https://portal.office.com.
2. Sign in as [email protected], with the new password you created earlier.
3. On the Update your password page, in the Current password text box, type the password you created earlier.
4. In the New password and Confirm password text boxes, type a new password, and then select Sign in.
5. On the Office 365 portal, select Admin.
6. If prompted, sign in again as [email protected] using the password you just created.
7. On the Home page, select Active users.
8. Select Jessica Jennings. Note that you cannot perform any administrative tasks.
9. Select Reset password.
10. On the Reset password page, select Reset.
11. Write down the temporary password here for future reference, and then select Send email and close: ______________________________
12. Close and reopen Microsoft Edge, and then browse to https://portal.office.com.
13. Sign in as [email protected], where hostdomain is your unique domain name, with the temporary password that you recorded in Lab A, Exercise 1.
14. Change Christie’s password to the password you created in Module 1.
15. In the Office 365 portal, select Admin.
16. If prompted, sign in again as [email protected] using the password you created in Module 1.
17. In the Microsoft 365 admin center, on the Home page, select Active users, and then select Jessica Jennings.
18. On the Jessica Jennings page, in the Contact information section, select Edit.
19. On the Edit contact information page, expand Contact information.
20. In the Office Phone text box, type 555-1234, select Save, and then select Close.
21. In the Sign-in status section, select Edit, select Block the user from signing in, select Save, and then select Close twice.
22. In the Microsoft 365 admin center, select Add a user.
23. In the First name text box, type Chris.
24. In the Last name text box, type Breland.
25. In the User name text box, type Chris, expand the Product licenses section, enable Office 365 E5, and then select Add. Select Send email and close.
26. In the Active users list, select Chris Breland.
27. On Chris Breland page, select the Delete user.
28. On the Delete user page, select Delete, and then select Close.
29. Close Microsoft Edge.

Result: After completing this exercise, you should have assigned service administrators in the Office 365 admin center, managed service administration with Windows PowerShell, and verified service administration.