Exam Ref MS-102 Microsoft 365 Administrator

# Exam Ref MS-102 Microsoft 365 Administrator ![rw-book-cover](https://m.media-amazon.com/images/I/71xicgMu8sL._SY160.jpg) ## Metadata - Author: [[Orin Thomas]] - Full Title: Exam Ref MS-102 Microsoft 365 Administrator - Category: #books ## Highlights - By default, synchronization occurs every 30 minutes. You can force synchronization to occur by using the Synchronization Service Manager tool. ([Location 33644](https://readwise.io/to_kindle?action=open&asin=B0CLYRQKPW&location=33644)) - Deleting a user from Microsoft 365 keeps their account in the Microsoft Entra ID Recycle Bin for 30 days. ([Location 33644](https://readwise.io/to_kindle?action=open&asin=B0CLYRQKPW&location=33644)) - primary architectural difference between the two products is that the synchronization engine is hosted on an on-premises server with Microsoft Entra Connect. With Microsoft Entra Cloud Sync, the synchronization engine runs in Azure. ([Location 49372](https://readwise.io/to_kindle?action=open&asin=B0CLYRQKPW&location=49372)) ## New highlights added December 21, 2023 at 9:11 PM - Reset the passwords of all user accounts except those assigned the Global Administrator, billing administrator, and service administrator roles ([Location 57236](https://readwise.io/to_kindle?action=open&asin=B0CLYRQKPW&location=57236)) - When you configure delegated administration, you can choose one of the following permission levels: ■ Full administration The delegated administrator has the same privileges as a member of the Global Administrator role. ■ Limited administration The delegated administrator has the same privileges as a Helpdesk (Password) Administrator role member. ([Location 57236](https://readwise.io/to_kindle?action=open&asin=B0CLYRQKPW&location=57236)) ## New highlights added December 23, 2023 at 9:20 AM - Smart Lockout locks out an account for 60 seconds after 10 failed sign-in attempts. If subsequent failed sign-in attempts occur after the 60 seconds expire, the duration of the lockout period increases. Smart Lockout tracks only when different passwords are used, which is the pattern during a brute-force attack, so if a user enters the same incorrect password 10 times, that will only count as one bad password toward the 10 that trigger account lockout. ([Location 75150](https://readwise.io/to_kindle?action=open&asin=B0CLYRQKPW&location=75150)) - EOP policies include ■ Anti-spam policies ■ Anti-malware policies ■ EOP anti-phishing policies ([Location 91752](https://readwise.io/to_kindle?action=open&asin=B0CLYRQKPW&location=91752)) - Microsoft Defender for Office 365 policies include ■ Anti-phishing policies (same spoof settings as EOP anti-phishing policies) ■ Impersonation settings ■ Advanced phishing thresholds ■ Safe Links policies ■ Safe Attachments policies ([Location 92188](https://readwise.io/to_kindle?action=open&asin=B0CLYRQKPW&location=92188)) ## New highlights added December 25, 2023 at 4:24 PM - On the Add Trusted ARC Sealers page, add trusted signing domains. The domain name you enter must match the domain shown in the domain “d” tag in the ARC-Seal and ARC-Message-Signature headers. You can locate this information in the email headers if you are unsure. ([Location 99617](https://readwise.io/to_kindle?action=open&asin=B0CLYRQKPW&location=99617)) - Identify which workloads have retention requirements Making this determination might require consultation with your organization’s legal department because retention requirements are not just determined by the organization’s business goals. Instead, retention requirements are determined by its responsibilities as defined by compliance regulations. ([Location 114034](https://readwise.io/to_kindle?action=open&asin=B0CLYRQKPW&location=114034)) - Sensitivity labels are persistent and stored in file and email message metadata, meaning the label will be stored with the content. ([Location 116218](https://readwise.io/to_kindle?action=open&asin=B0CLYRQKPW&location=116218)) - The most restrictive labels should have the highest priority value. When labels are automatically applied, the last in the list of applicable labels will be applied—the label or sublabel furthest down the list from the top. ([Location 117092](https://readwise.io/to_kindle?action=open&asin=B0CLYRQKPW&location=117092)) - A single Microsoft 365 tenancy can have up to 10,000 policies. This maximum number includes the policies for retention, policies for DLP, information barriers, eDiscovery holds, In-Place Holds, and sensitivity labels. You should add users responsible for managing retention policies and labels to the Compliance Administrator administrative role group. ([Location 118840](https://readwise.io/to_kindle?action=open&asin=B0CLYRQKPW&location=118840)) - Tags: [[orange]] - If a person edits or deletes content that is subject to a retention policy, a copy of the content is automatically retained in one of the following locations: ■ SharePoint and OneDrive sites The copy is retained in the Preservation Hold library. ■ Exchange mailboxes The copy is retained in the Recoverable Items folder. ■ Microsoft Teams and Viva Engage messages The copy is retained in a hidden SubstrateHolds subfolder in the Exchange Recoverable Items folder. ([Location 119277](https://readwise.io/to_kindle?action=open&asin=B0CLYRQKPW&location=119277)) - Tags: [[orange]] - Policies with static scopes have the following item limits: ■ Exchange mailboxes 1,000 ([Location 120150](https://readwise.io/to_kindle?action=open&asin=B0CLYRQKPW&location=120150)) - Tags: [[orange]] - Retention settings from retention labels differ from retention policies in that they travel with the content if it’s moved to a different location within your Microsoft 365 tenant. ([Location 121025](https://readwise.io/to_kindle?action=open&asin=B0CLYRQKPW&location=121025)) - Tags: [[orange]] - Retention labels override retention policies as they are applied at the item level. For example, if a retention policy says an item should be retained for 8 Years and a retention label specifies it should be deleted after 5 Years, the item will be deleted after 5 Years. ([Location 121462](https://readwise.io/to_kindle?action=open&asin=B0CLYRQKPW&location=121462)) - Tags: [[orange]] - Just Label Items Applies a label to the item, which is useful for sorting items or which can be used with DLP policies. ([Location 121898](https://readwise.io/to_kindle?action=open&asin=B0CLYRQKPW&location=121898)) - Tags: [[orange]] - You can restore an inactive mailbox should it be necessary to provide a new employee access to the contents of the previous employee’s mailbox. When you do this, the contents are copied to a new mailbox, and the original inactive mailbox is retained according to the applied retention policies and labels. ([Location 123209](https://readwise.io/to_kindle?action=open&asin=B0CLYRQKPW&location=123209)) - Tags: [[orange]]