Case Study
Background
You are the system administrator for a manufacturing company named Contoso, Ltd. The company has offices in Chicago, Seattle, and Dallas.
Contoso’s sales department is located in Chicago. The IT department is located in Seattle. The sales and IT departments use Microsoft Exchange Online, SharePoint Online, and OneDrive for Business. All employees in the sales department are in a group named Sales-Users. Employee user accounts are added and removed manually to this group as needed.
Your Active Directory Domain Services (AD DS) domain is named contoso.com. The domain is synchronized with Contoso’s Office 365 tenant using Microsoft Azure Active Directory (Azure AD) Connect.
Contoso purchases a toy manufacturer named Tailspin Toys. All employees are located in Dallas.
Tailspin Toys has an on-premises Exchange Server 2016 for all email in the tailspintoys.com domain. There are plans to migrate the users to Exchange Online.
Business Requirements
Email Security: You need to ensure email security meets the following requirements:
Sales users can easily identify email messages as internal only.
Sensitive emails cannot be forwarded externally.
Sensitive emails cannot be sent to external recipients.
Licenses: You need to be able to identify which Tailspin Toys users are licensed.
Support Contracts: Your company does not currently have any Microsoft support contracts.
Skype for Business pilot: You have recently purchased Skype for Business Online licenses and you plan to pilot the service with IT users. You also want to start utilizing dynamic groups for licensing. You have a dynamic group called ITS-Users that contains all users in the IT department.
Technical Requirements
Single Sign-On (SSO): You have the following requirements for SSO:
Ensure that users receive a phone call or text message as a second form of authentication when accessing Office 365 or on-premises resources.
The domain for federation must be fs.contoso.com.
The solution must support extranet users.
The solution must use Windows Integrated Authentication.
The solution must support device registration.
The solution must be highly availability.
The solution must be secured as much as possible.
Servers: You deploy Active Directory Federation Services (AD FS) and Web Application Proxy (WAP) services using Windows Server 2016. You deploy System
Center Configuration Manager (SCCM) and System Center Operations Manager (SCOM) in the contoso.com domain.
Monitoring: You need to be able to monitor and identify issues in the Office 365 environment.
Pilot: You plan to use a group of 25 Tailspin Toys users to test the functionality of Exchange Online. If the pilot is successful, you must migrate all other users to Exchange Online.
Tailspin Toys users must meet the following requirements:
Must not exist in an on-premises Active Directory.
The usernames must be unique.
Display names can be unique.
The tenants for tailspintoys.com and contoso.com must be separate.
Passwords must expire after 365 days.
Must receive a notification 14 days before passwords expire.
Issues: User1 is one of the pilot users for Tailspin Toys. User1 reports that Outlook prompts them to enter credentials. You confirm that the employee is using the correct password. You run the Microsoft Support and Recovery Assistant for Office 365. The tool does not identify any issues.
Note: This question is part of a series of questions that present the same scenario. Each question in the series holds a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it As a result these questions will not appear in the review screen.
You need to provide email security for the users in the sales department.
Solution: Configure an Office 365 Advanced Threat Protection Safe Links policy.
Does the solution meet the goal?
A. Yes
B. No
