Answered step by step

Verified Expert Solution

Link Copied!

Question

1 Approved Answer

Posted on Sep 26, 2024

1.Steps to complete the assignment - There are 10 lab activities in this document, follow the steps to answer the question. - Make sure to

1.Steps to complete the assignment

- There are 10 lab activities in this document, follow the steps to answer the question.

- Make sure to add a screenshot of the results.

2.Evaluation criteria

- Each lab is worth 5 points.

- Failure to add a screenshot from the interactive lab will cost you 1 point.

3.Format requirement

- Answer each lab activity on the corresponding slide, exception for lab 10 where the answer is on 2 slides.

Part A Configuring conditional access policy to require MFA for MS Teams

Microsoft Teams is built on the Microsoft 365 and Office 365 hyper-scale, enterprise-grade cloud. As such, it inherits the advanced security and compliance capabilities Microsoft customers expect with regard to identity and access management.

In the following Microsoft Interactive guide on identity and access management , you will see how Microsoft 365 and Azure AD can improve an organizations security posture by adopting more secure authentication methods, such as Multi-Factor Authentication (MFA) or passwordless authentication. Interactive guides are hands-on experiences where users are provided end-to-end, in-depth, and "click-through" guidance.

In this experience, you will see how to use conditional access to require MFA based on a number of advanced criteria including assessment of user or sign-on risk, client, etc. There is no charge to use this on demand practice environment.

Lab#1 :

While creating the new Teams MFA Policy, what is the target audience that can be added to a conditional access policy ?

Answer #1 :

Lab#2 :

While creating the Teams MFA Policy, what are the different conditions that you can use to enhance policy decisions ?

Answer #2 :

Lab#3 :

Organizations that have deployed Microsoft Intune can use the information returned from their devices to identify devices that meet specific policy compliance requirements. What additional control can you enforce when granting access to fulfill this need ?

Answer #3 :

Part B Controlling access to MS Teams using org-wide settings and policies

In this 2nd part of the Microsoft Interactive guide on identity and access management , you will see how you can use the Microsoft Teams admin center to configure settings and policies that align with your organizations security posture.

You will make changes to Teams org-wide settings and define several new policies to balance the security and collaboration requirements of your organization..

Lab#4 :

You want to be able to set up a specific access if you need to find, call, chat, and set up meetings with people outside your organization who use Teams, Skype for Business (online or on premises) or Skype, while allowing or blocking specific domains or by turning it off. Which type of access will you consider ?

Answer #4 :

Lab#5 :

You want to be able to provide access to teams, documents in channels, resources, chats, and applications to people outside your organization, while maintaining control over your corporate data. Which type of access will you consider ?

Answer #5 :

Lab#6 :

If your organization does want to allow access to cloud storage services, what are some of the storage solution providers, you can disable ?

Answer #6 :

Lab#7 :

Microsoft Teams apps allow collaboration with people outside your organization. As an admin, you control who can access Teams chats, meetings, and channel to collaborate with your organization's users. 3 types of users can be present in a Teams chat or meeting and if you allow it, they can use apps in Teams. The 1st category is the guest user, who is someone who isn't an employee, student, or member of your organization. The 2nd category is the external user, who is from another domain and doesn't have access to your organization's Teams resources. In the Meeting setting, what is the 3rd category that corresponds to a user joining a meeting via a link, who isn't logged in with their Microsoft account or their organizations account ?

Answer #7 :

Part C - Monitor and control administrator tasks with privileged access management in Office 365

Having privileged access to an application is all thats needed to execute commands with malicious intent to inflict damage to or exfiltrate data from an organization. Such high privileges can be misused to create fake accounts, grant excessive permissions, exfiltrate sensitive data, cause damage to infrastructure, wipe out or hold data for ransom, and set rules and policies that make it extremely hard to detect and restore state back.

In the following Microsoft Interactive guide - Monitor and control administrator tasks with privileged access management in Office 365 you will see how privileged access management in Office 365 goes beyond traditional access control capabilities by enabling access governance more granularly for specific tasks.

Its based on the principle of Zero Standing Access, which means users who need privileged access, must request permissions for access, and once received it is just-in-time and just-enough access to perform the job at hand.

Lab#8 :

What type of group can you leverage to control access to OneDrive and Sharepoint ?

Answer #8 :

Lab#9 :

What is the goal of Privileged Access setting here ?

Answer #9 :

Lab#10 :

After you have completed the entire lab, what are the 5 steps resuming the approval workflow from Admin requesting privileged access to high risk task to After the access period has expired where the requester doesnt have any privileged access to the task anymore ?

Answer #10 :

Step 1:

Answer #10 (continued) :

Step 2:

Step 3:

Step 4:

Step 5: