🔒 Guided

Pre-launch preview. Authorised access only.

Incorrect code

Guided by A Guide to Cloud
Explore AB-900 AI-901
Guided MS-102 Domain 1
Domain 1 — Module 2 of 8 25%
2 of 28 overall

MS-102 Study Guide

Domain 1: Deploy and Manage a Microsoft 365 Tenant

  • Establish and Configure Your M365 Tenant
  • Monitor Tenant Health and Network Readiness
  • Adoption Tracking and Microsoft 365 Backup
  • Manage Users, Contacts and External Identities
  • Groups, Shared Mailboxes and Licensing at Scale
  • Automate with PowerShell: Bulk User Operations
  • Roles, Role Groups and Workload Permissions
  • Delegate with Administrative Units and PIM

Domain 2: Implement and Manage Microsoft Entra Identity and Access

  • Prepare for Identity Synchronization
  • Implement Connect Sync and Cloud Sync
  • Monitor and Troubleshoot Identity Sync
  • Authentication Methods and Self-Service Password Reset
  • Password Protection and Authentication Troubleshooting
  • Entra Identity Protection and Risk Policies
  • Conditional Access and MFA Enforcement

Domain 3: Manage Security and Threats by Using Microsoft Defender XDR

  • Defender XDR: Security Posture and Threat Intelligence
  • Investigate Incidents with Advanced Hunting
  • Defender for Office 365: Threat Policies
  • Email Threats, Attack Simulation and Restricted Entities
  • Defender for Endpoint: Onboard and Protect
  • Vulnerability Management
  • Defender for Cloud Apps: Connect and Govern
  • Cloud App Discovery and Activity Monitoring

Domain 4: Manage Compliance by Using Microsoft Purview

  • Sensitive Information Types and Data Classification
  • Retention Labels and Data Lifecycle
  • Sensitivity Labels and Monitoring
  • DLP Policies Across M365 Workloads
  • Endpoint DLP and Alert Response

MS-102 Study Guide

Domain 1: Deploy and Manage a Microsoft 365 Tenant

  • Establish and Configure Your M365 Tenant
  • Monitor Tenant Health and Network Readiness
  • Adoption Tracking and Microsoft 365 Backup
  • Manage Users, Contacts and External Identities
  • Groups, Shared Mailboxes and Licensing at Scale
  • Automate with PowerShell: Bulk User Operations
  • Roles, Role Groups and Workload Permissions
  • Delegate with Administrative Units and PIM

Domain 2: Implement and Manage Microsoft Entra Identity and Access

  • Prepare for Identity Synchronization
  • Implement Connect Sync and Cloud Sync
  • Monitor and Troubleshoot Identity Sync
  • Authentication Methods and Self-Service Password Reset
  • Password Protection and Authentication Troubleshooting
  • Entra Identity Protection and Risk Policies
  • Conditional Access and MFA Enforcement

Domain 3: Manage Security and Threats by Using Microsoft Defender XDR

  • Defender XDR: Security Posture and Threat Intelligence
  • Investigate Incidents with Advanced Hunting
  • Defender for Office 365: Threat Policies
  • Email Threats, Attack Simulation and Restricted Entities
  • Defender for Endpoint: Onboard and Protect
  • Vulnerability Management
  • Defender for Cloud Apps: Connect and Govern
  • Cloud App Discovery and Activity Monitoring

Domain 4: Manage Compliance by Using Microsoft Purview

  • Sensitive Information Types and Data Classification
  • Retention Labels and Data Lifecycle
  • Sensitivity Labels and Monitoring
  • DLP Policies Across M365 Workloads
  • Endpoint DLP and Alert Response
Domain 1: Deploy and Manage a Microsoft 365 Tenant Premium ⏱ ~15 min read

Monitor Tenant Health and Network Readiness

Use Service Health dashboards, configure notifications, review network connectivity insights, and manage software updates — before your users notice problems.

Why proactive monitoring matters at scale

☕ Simple explanation

At 20,000 users, you can’t wait for complaints to tell you something’s broken.

Imagine managing a motorway system. You don’t wait for a pile-up to find out there’s black ice — you have sensors, cameras, and alerts. Microsoft 365 gives you the same tools: Service Health for outage detection, Network Insights for connectivity analysis, and update channels for controlled software rollouts.

The difference between a good admin and a great admin? Great admins know about problems before users do.

Microsoft 365 provides three interconnected monitoring surfaces for tenant operations:

  • Service Health (admin.microsoft.com > Health > Service health) — real-time service status, incident history, planned maintenance, and advisory notifications
  • Network connectivity (admin.microsoft.com > Health > Network connectivity) — office-level network performance assessments against Microsoft’s connectivity benchmarks
  • Software updates (admin.microsoft.com > Health > Software updates) — Microsoft 365 Apps update channel status, compliance rates, and deployment insights

These surfaces are complemented by the Microsoft 365 service communications API (via Microsoft Graph) for programmatic monitoring and the Message Center for upcoming changes.

Service Health: Your early warning system

The Service Health dashboard shows the real-time status of every M365 service in your tenant.

What you see on the dashboard

CategoryWhat It ShowsAction Required
Service incidentsActive issues affecting your tenantMonitor updates, communicate to users
AdvisoriesPerformance degradation or known issuesAssess impact, plan workarounds
Planned maintenanceScheduled maintenance windowsNotify affected teams in advance
Issue historyResolved incidents (last 30 days)Review for patterns, post-incident analysis

Configuring notifications

Priya can’t watch the dashboard 24/7 across six time zones. She configures:

  1. Email notifications — Health > Service health > Preferences > Email

    • Send to a distribution list: m365-ops@globalreach.com
    • Include service incidents AND advisories
    • Configure for specific services (Exchange, Teams, SharePoint — the critical ones)

  2. Message Center notifications — separate from Service Health

    • Alerts about upcoming changes, feature retirements, action required
    • Priya assigns a Message Center reader role to her regional admins
💡 Exam tip: Service Health vs Message Center

The exam distinguishes between these two:

  • Service Health = current problems (incidents, advisories, maintenance)
  • Message Center = upcoming changes (new features, retirements, required actions)

A common exam question pattern: “Where should Priya look to find out why Teams meetings are dropping?” → Service Health. “Where should Priya look to find out about a new Teams feature rolling out next month?” → Message Center.

Network connectivity insights

The Network connectivity page analyses how well your office locations connect to Microsoft 365 service endpoints.

How it works

  1. Office locations are detected — from Entra sign-in data or manually added
  2. Network assessments run — measuring latency, bandwidth, and routing to M365 service front doors
  3. A score is calculated — 0 to 100, benchmarked against similar organisations
  4. Recommendations appear — specific issues like DNS resolution delays, proxy interference, or suboptimal routing

What the score means

Score RangeStatusTypical Cause
80-100ExcellentDirect internet breakout, local DNS, optimal routing
60-79AcceptableMinor proxy overhead, regional DNS
Below 60Needs attentionBackhauled traffic, remote DNS, proxy inspection on M365 traffic

Priya’s network challenge

GlobalReach has offices in Singapore, Sydney, London, Tokyo, Mumbai, and New York. The Sydney office scores 45/100. Investigation reveals:

  • All internet traffic is backhauled to Singapore through a central firewall
  • DNS resolution happens in Singapore, not Sydney
  • M365 traffic is routed through a proxy that performs SSL inspection

The fix: implement local internet breakout in Sydney for M365 traffic, following Microsoft’s network connectivity principles (direct egress, local DNS, bypass proxy for trusted M365 endpoints).

ℹ️ Deep dive: Microsoft's network connectivity principles

Microsoft recommends three principles for optimal M365 connectivity:

  1. Differentiate M365 traffic — classify endpoints as Optimize, Allow, Default
  2. Optimize locally — direct internet breakout at each office, no backhauling
  3. Avoid network hairpins — don’t route M365 traffic through central inspection points

The Optimize category includes Exchange, SharePoint, and Teams endpoints that are most sensitive to latency. These should bypass proxies entirely. The exam may present scenarios where you need to identify which approach fixes a connectivity issue.

Software updates management

The Software updates page in the admin center shows Microsoft 365 Apps update status across your organisation.

Update channels explained

Microsoft 365 Apps Update Channels
FeatureCurrent ChannelMonthly EnterpriseSemi-Annual Enterprise
Update frequencyMultiple times per monthOnce per month (2nd Tuesday)Twice per year (Jan, Jul)
Feature updatesAs soon as readyMonthlyEvery 6 months
Security updatesAs soon as readyMonthly (2nd Tuesday)Monthly (2nd Tuesday)
Best forUsers who want latest featuresOrganisations wanting predictabilityRegulated environments needing stability
Support durationUntil next release2 months14 months (changing to ~3 months from July 2026)
Exam relevanceKnow it's the defaultMost common enterprise choiceKnow when this is appropriate

What the dashboard shows

  • Devices by update channel — how many devices are on each channel
  • Update compliance — percentage of devices running the latest version for their channel
  • Devices behind — count of devices that haven’t updated within the expected window
  • Servicing profiles — admin-defined update schedules with rollout waves

Marcus uses Monthly Enterprise Channel for Oakwood Financial — predictable monthly updates on Patch Tuesday, with a one-week rollout window and automatic deferral for devices that are offline.

💡 Exam tip: Update channels and servicing profiles

The exam tests whether you can choose the right update channel for a scenario:

  • Startup wanting latest features → Current Channel
  • Enterprise wanting monthly predictability → Monthly Enterprise Channel
  • Bank requiring 6-month validation cycles → Semi-Annual Enterprise Channel

Servicing profiles let you create phased rollouts — e.g., IT team gets updates in week 1, finance in week 2, everyone else in week 3. This is configured in the M365 admin center, not Intune.

Key concepts to remember

Question

What is the difference between Service Health and Message Center?

Click or press Enter to reveal answer

Answer

Service Health shows current problems (active incidents, advisories, planned maintenance). Message Center shows upcoming changes (new features, retirements, required admin actions). Both are in the M365 admin center under Health.

Click to flip back
Question

What are the three Microsoft network connectivity principles for M365?

Click or press Enter to reveal answer

Answer

1. Differentiate M365 network traffic (Optimize, Allow, Default categories). 2. Optimise connections locally (direct internet breakout at each office). 3. Avoid network hairpins (don't backhaul M365 traffic through central inspection). Optimize-category endpoints should bypass proxies entirely.

Click to flip back
Question

What does a Network connectivity score below 60 typically indicate?

Click or press Enter to reveal answer

Answer

Backhauled internet traffic, remote DNS resolution, or proxy SSL inspection on Microsoft 365 traffic. The fix usually involves local internet breakout, local DNS, and bypassing proxies for M365 Optimize-category endpoints.

Click to flip back
Question

Which update channel should a regulated bank use for Microsoft 365 Apps?

Click or press Enter to reveal answer

Answer

Semi-Annual Enterprise Channel — updates every 6 months (January and July) with 14 months of support per release (note: changing to ~3 months effective July 2026). This gives maximum time for compatibility testing and change control. Security updates still arrive monthly.

Click to flip back

Knowledge check

Knowledge Check

Priya notices that GlobalReach's Sydney office reports slow Teams call quality and SharePoint uploads. The network connectivity score for that office is 42/100. Network analysis shows all traffic is backhauled to the Singapore datacenter. What should Priya recommend?
Knowledge Check

Marcus receives a report that 30% of Oakwood Financial's devices are running an outdated version of Microsoft 365 Apps. He wants monthly, predictable updates with a phased rollout (IT team first, then general staff). Which approach should he use?

🎬 Video coming soon

Next up: Adoption Tracking and Microsoft 365 Backup — proving ROI to leadership and protecting your tenant’s data from the unexpected.

← Previous

Establish and Configure Your M365 Tenant

Next →

Adoption Tracking and Microsoft 365 Backup

Guided

I learn, I simplify, I share.

A Guide to Cloud YouTube Feedback

© 2026 Sutheesh. All rights reserved.

Guided is an independent study resource and is not affiliated with, endorsed by, or officially connected to Microsoft. Microsoft, Azure, and related trademarks are property of Microsoft Corporation. Always verify information against Microsoft Learn.