Configure and use Microsoft Office 365 security and compliance features

Objective

During this lab, you will review the Microsoft® Office 365™ compliance, auditing, and reporting features available in your tenant. You will create mobile device management policies and configure data loss prevention policies for your online services. You will also learn about the advanced threat protection features in Exchange Online.
Estimated time to complete: 75 minutes
Before You Begin
Before you can complete this lab, you must have an Office 365 Enterprise E5 trial account.
What You Will Learn
After completing the exercises, you will be able to:
• Understand the Compliance Center.
• Enable mobile device management policies.
• Configure data loss prevention policies for Exchange Online, SharePoint® Online, and OneDrive® for Business.
• Encrypt and decrypt messages using Office 365 message encryption.
• Test mobile device access policies.
• Use Advanced Threat Protection in Exchange Online.
• Enable auditing and review auditing reports.

Scenario

You are the administrator for your Office 365 deployment. You are using Office 365 for all of your messaging, real-time communication, and document management. Your Office 365 tenant’s mobile device management, compliance, and advanced threat protection features are new to you. You need to familiarize yourself with the Compliance Center and its capabilities. You will tour the areas currently available in the Compliance Center and then perform some specific tasks related to mobile device policies and message encryption. You will also configure rules for protecting your organization from email based threats. Finally, you want to be sure you can audit and review the audit reports available to you.

Virtual Machines

1. 41-652-CLIENT01

Exercise 1: Loading Lab Content into Your Office 365 Tenant

In this exercise, you will run a script that will create user mailboxes, a SharePoint site, and load content into your tenant that will be used for this lab.
You must already have an Office 365 E5 tenant in order to complete this lab. Due to configuration changes made by this lab to the Office 365 tenant, it is recommended to use a new trial tenant to ensure your production tenant is not impacted.

1. Sign up for a new Office 365 E5 trial tenant
   If you have not been provided a tenant for use in this lab, you can sign up for a new Office 365 E5 trial tenant from here: https://products.office.com/en-us/business/office-365-enterprise-e5-business-software
2. Complete the Office 365 trial registration
   On the Office 365 Enterprise page, click Free trial and then complete the questionnaire. You should write down your tenant administrator username and password because it will be used throughout the lab.
3. Sign in to your new Office 365 trial tenant
   Once you have signed up for a tenant, sign in to your tenant and verify that it has finished provisioning.
4. Sign in to CLIENT01 as Admin
   On CLIENT01, sign in as Admin with a password of Pa$$w0rd
   If prompted to activate, click Close.
   If you see a Networks notification, click Yes to allow network discovery.
   If you see a message that updates are available, press Esc to clear the message and then close the UPDATE & SECURITY window.
5. Open Windows PowerShell® as Administrator
   In the taskbar, right-click Windows PowerShell and then click Run as Administrator
6. Run the slmgr command
   At the Windows PowerShell command prompt, type the following and then press Enter:
   Slmgr -rearm
   To save time, you can use the Type Text [A] icon whenever it is available to automatically type Windows PowerShell commands instead of typing. The Type Text feature is located to the left of the Done button in the task view screen. To use it, make sure the Windows PowerShell window is in the foreground, then click the icon. Review the text, and then press Enter to run the command.
7. Click OK and then close Windows PowerShell
   In the Windows Script Host dialog box, click OK.
   There is no need to restart at this time.
   Close Windows PowerShell.
8. Browse to C:\Scripts\SecComplianceLab
   Open File Explorer and then browse to C:\Scripts\SecComplianceLab.
9. Run O365SecComplianceLab.exe as Administrator
   Right-click O365SecComplianceLab.exe and then click Run as administrator.
10. Click More info then click Run anyway
    In the Windows protected your PC dialog box, click More info, and then click Run anyway.
11. Type your tenant administrator credentials
    In the Tenant Administrator Credentials window, sign in using your tenant administrator user credentials and then click OK.
    The script will configure and load content into your Office 365 tenant.
12. In the Script Complete window, click OK
    Wait for the script to complete and then, in the Script Complete window, click OK.
    This script may take 8-10 minutes to complete.
    The script may appear to stop running when verifying the SharePoint Online site creation. If the script takes longer than ten minutes, leave the script window open and continue with the lab. It may happen that some configurations are taking longer than expected.

Exercise 2: Reviewing the Office 365 Compliance Center

In this exercise, you will connect to and review the available options in the Office 365 Compliance Center.

1. Open Internet Explorer
   In CLIENT01, open Internet Explorer®. 
2. Browse to http://portal.office.com
   Browse to http://portal.office.com
3. Sign in to the Office 365 portal
   On the Sign in page, sign in using your tenant administrator user name and password.
4. Click the Security & Compliance tile
   On the Home page, click the Security & Compliance tile.
5. Open Device management
   In the navigation menu, click Threat management, and then click Device management.
   If you are prompted to update your admin contact info, click cancel. It is not necessary to update the information at this time. You will likely be prompted again during this lab and future labs. You may choose to update the information at that time or click cancel. You may also want to change the Zoom percentage in Internet Explorer from 100% to 75% if the page does not display properly. 
6. Click Let’s get started
   Review the Setup Mobile Device Management (MDM) for Office 365 page and then click Let’s get started.
7. Click Start setup
   Review the information on the Setup Mobile Device Management for Office 365 page, scroll down, and then click Start setup.
8. Review the MDM message
   Review the message regarding mobile device management setup. This feature will not be available immediately.
9. Switch to the Security & Compliance center tab
   If necessary, switch to the Security & Compliance center tab.
10. Click Permissions
    In the feature pane, click Permissions.
    Review the available permissions that can be assigned.
    Assign permissions to people in your organization so they can perform tasks in the Security & Compliance Center. Although you can use this page to assign permissions for most features in the Security & Compliance Center, you’ll need to use the Exchange admin center and SharePoint to set permissions for others. 
11. In the feature pane, click Threat management
    In the feature pane, click Threat management.
12. Click Device management
    Under Threat management, click Device management.
    Review the information for Device management.
    Close the Intune tab.
    Device management may still be running the activation process. 
13. Click Data loss prevention
    Under Threat management, click Data loss prevention.
    Review the information for Data loss prevention
    Use data loss prevention (DLP) policies to help protect and manage your organization’s information across various locations. For example, you can set up policies to block access to content, automatically encrypt documents, or notify users if content is saved to the wrong location. 
14. In the navigation menu, click Data governance
    In the navigation menu, click Data governance.
15. Click Import
    Under Data governance, click Import.
    Review the data import feature.
    Use the Import service to transfer data from your organization’s servers to Office 365. You can ship hard drives to Microsoft or upload the data directly over the network. 
16. Click Archive
    Under Data governance, click Archive.
    Review the information for Archiving mailboxes.
    Archive mailboxes provide additional email storage for the people in your organization. Using Outlook® or Outlook Web App, people can view messages in their archive mailbox and move or copy messages between their primary and archive mailboxes. After an archive mailbox is enabled, messages older than two years are automatically moved to the archive mailbox by the default retention policy that’s assigned to every mailbox in your organization. 
17. Click Retention
    Under Data governance, click Retention.
    Review the information for retention and deletion of the organizations email and documents.
    Retention allows you to manage the lifecycle of content in Office 365 such as email and documents by keeping the content you need and then removing the content after it’s no longer required. 
18. Click Search and investigation
    In the navigation menu, click Search & investigation.
    Search your organization for content in email, documents, and other sources that contains specific keywords or meets other search criteria. You can then preview and export the search results. 
19. Click Content search
    Under Search & investigation, click Content search.
    Review the options for searching the organizations email, documents, and Skype for Business conversations.
20. Click Audit log search
    Under Search & investigation, click Audit log search.
    Review the options for creating a search of the organization’s audit logs.
21. Click eDiscovery
    Under Search & investigate, click eDiscovery.
    Review the information for eDiscovery.
    Use eDiscovery cases to identify, manage, and hold content in Exchange, SharePoint, and OneDrive for Business. Use this page to create cases, manage existing cases, and close cases that you no longer need. To access the eDiscovery Center or an eDiscovery case, you have to be a site collection administrator or a member of the Owners group. 
22. In the navigation menu, click Reports
    In the navigation menu, click Reports.
23. Click View reports
    Under Reports, click View reports.
    Use the View reports feature to review auditing, device management, and data loss prevention reports.
    Use auditing reports to view activity in SharePoint Online and OneDrive for Business sites, user sign-in activity in Office 365, and mail-related activity in Exchange Online. Audited activity in each of these services is recorded and available to view in an online report or export to a file. Use DLP reports to view information about the SharePoint Online and OneDrive for Business items in your organization that match your DLP policies and rules. 
24. Click Service assurance
    In the navigation menu, click Service assurance.
25. Under Service assurance, click Dashboard
    Under Service assurance, click Dashboard.
    You will be automatically redirected to the Region and industry settings page if you have not already configured these settings.
26. Set your region and industry settings
    If you have already configured these settings, you will not be directed to this page.
    Using the available options on this page, set your region and industry information and then click Save.
27. Click Dashboard
    Under Service assurance, click Dashboard.
    Review the information on the Service assurance page.
28. Click Compliance reports
    Under Service assurance, click Compliance reports.
    Review the information on the Service Compliance Reports page.
29. Click Trust documents
    Under Service assurance, click Trust documents.
    Review the Trust documents provided by Microsoft page.
    
    

Exercise 3: Using Mobile Device Management

In this exercise, you will use the Mobile Device Management feature in Office 365 to configure a device security policy for your mobile users.

1. In the navigation menu, click Threat management
   In the navigation menu, click Threat management.
2. Click Device management
   Click Device management. On the Intue tab, verify that mobile device management has completed provisioning. You may have to wait for provisioning to complete.
3. In IE, click the Microsoft Office Home tab
   In Internet Explorer, click the Microsoft Office Home tab.
4. Click the Admin tile
   On the Home page, click the Admin tile.
   If you are prompted to update your admin contact info, click cancel. It is not necessary to update the information at this time. You will likely be prompted again during this lab and future labs. You may choose to update the information at that time or click cancel. 
5. In the navigation menu, open Groups
   In the navigation menu, click Groups and then click Groups.
6. Click Add a group
   On the menu, click Add a group.
7. Create a group named Mobile Users
   In the New Group window, click the Type menu and then click Security group.
   In the Name box, type Mobile Users and then click Add.
8. On the Group was added page, click Close
   On the Group was added page, click Close.
9. In the Groups list, click Mobile Users
   In the Groups list, click Mobile Users.
10. Edit the group's membership
    In the Mobile Users window, next to Members, click Edit.
11. In the Mobile Users window, click Add members
    In the Mobile Users window, click Add members.
12. Search for Garret Vargas
    On the Add members page, in the Search box, type Garret.
13. Select Garret Vargas, click Save and then Close
    In the results list, select Garret Vargas, click Save and then click Close.
14. Review the addition and then click Close
    Verify that Garret Vargas is now shown in the Group members list and then click Close..
15. Close the Mobile Users security group window
    In the Mobile Users window, click Close.
16. Switch to the Intune tab
    In Internet Explorer, click the Intune tab.
17. Click Manage device security policies
    On the Mobile Device Management for Office 365 page, click the Manage device security policies and access rules.
18. Click Device security policies
    In the navigation menu, under Threat management, click Device security policies.
    Notice that you were redirected to the Security & Compliance center and that there is a new Device security policies feature. 
19. Click New +
    On the Device security policies page, click New +.
20. Name the policy and click Next
    In the New device security policy window, in the Name box, type Mobile Device Access, and then click Next.
21. Configure the policy settings
    On the What requirements do you want to have on devices page, review the default selections. In addition to the default settings, set the following settings that are shown in the knowledge feature. To view the knowledge feature click the [Bulb in Head] icon.
    Number of sign-in failures before device is wiped = 6
    Lock devices if they are inactive for this many minutes = 10
    Require managing email profile
    Block access and report violation 
22. Click Next
    Click Next.
23. Click Next
    On the What else do you want to configure page, review the available options and then click Next.
24. Click Yes
    On the Do you want to apply this policy now page, click Yes.
25. Under Yes, Click Add +
    Under Yes, click Add +.
26. Search for the Mobile Users group
    In the Select Group window, in the Search box, type Mobile and then click Search.
27. Add the Mobile Users group
    In the results list, click Mobile Users, click add, and then click OK.
28. Click Next
    On the New device security policy page, click Next.
29. Review the policy and then click Finish
    Review the policy settings and then click Finish.
    On the Device security page, verify that your new policy is listed.
30. Click Manage organization-wide device…
    On the Device security policies page, click Manage organization-wide device access settings.
31. Review the settings and then click Cancel
    Review the organization-wide settings and then click Cancel. 

Exercise 4: Using Data Loss Prevention

In this exercise, you will create and test a data loss prevention (DLP) policy that will help your organization protect itself from the accidental loss of financial data.

1. Click Data loss prevention
   On CLIENT01, in the Security & Compliance Center, in the feature pane under Threat management, click Data loss prevention. 
2. Click New DLP policy from template +
   On the toolbar, click New DLP policy from template +.
   The existing policy was created by the script in exercise 1.
3. Click Financial regulations
   On the New DLP policy page, under What information do you want to protect, click Financial regulations.
4. Click U.S. Financial Data
   In the template list, scroll down, and then click U.S. Financial Data.
5. Review the information and then click Next
   Review the template information and then click Next.
6. Review the default settings and then click Next
   On the Which services do you want to protect page, review the default settings and then click Next.
7. Review the existing settings and then click Next
   On the Customize rules page, review the existing settings and then click Next.
8. Name the new DLP policy
   In the Name box, type Protect U.S. Financial Data.
9. Verify the default selection and then click Create
   Under What do you want to do after this policy is created, verify that Test it out is selected, review this action description, and then click Create.
10. Click go to the Exchange admin center
    On CLIENT01, in the Compliance Center, on the Data loss prevention page, click go to the Exchange admin center.
11. Select your time zone and click Save
    In the new window, if necessary, select your time zone and then click Save.
12. Create a New DLP policy from template
    In the data loss prevention window, on the toolbar, click the New menu and then click New DLP policy from template.
13. Name the new DLP policy
    On the DLP policy from template page, in the Name box, type Protect U.S. Financial Data.
14. Choose the U.S. Financial Data template
    In the Choose a template list, scroll down, and then click U.S. Financial Data.
15. Click More options
    Scroll down and click More options.
16. Verify Enabled is selected and then click Save
    Under Choose the state of this DLP policy, verify Enabled is selected and then click Save.
17. Enable policy tips
    Verify that the Protect U.S. Financial Data policy is selected. In the details pane, under Policy Mode, click Test with Policy Tips
18. In the Warning dialog box, click Yes
    In the Warning dialog box, review the information and then click Yes.
19. Close the data loss prevention window
    Wait for the policy to be saved and then close the data loss prevention window.
20. In the app launcher, click Mail
    In the Security & Compliance Center, in the top navigation, click the app launcher, and then click Mail. 
    If the top navigation menu is not visible, in Internet Explorer, click the Back arrow, click the app launcher, and then click Mail.
21. Click New
    In the Inbox, click New.
22. In the To box, type BobK@TailspinToys.com
    In the To box, type BobK@TailspinToys.com
23. In the Subject box, type Testing DLP Policy
    In the Subject box, type Testing DLP Policy
24. Type the message body
    In the message body, type the following:
    Visa: 4111-1111-1111-1111
    Expires: 12/2019
25. Review the Policy Tip
    Wait for the Policy tip to appear. This may take 1-2 minutes.
    Review the Policy Tip.
26. Click Learn more
    Review the information in the Policy tip and then click Learn more.
27. Review the information and options
    Review the information and option to report the content as a false positive.
28. Click Discard
    On the toolbar, click Discard. If necessary, click the ellipsis and then click Discard.
29. Click Discard
    In the Discard Message dialog box, click Discard.
30. Close the Mail tab
    In Internet Explorer, close the Mail tab.
31. Switch to the Security & Compliance tab
    In Internet Explorer, switch to the Security & Compliance tab.
32. Click Data governance
    In the navigation menu, click Data governance.
33. Under Data governance, click Retention
    Under Data governance, click Retention.
34. Click Manage document deletion policies…
    On the Retention page, under Delete, click Manage document deletion policies for SharePoint Online and OneDrive for Business.
35. Review the Compliance Policy Center
    In the Compliance Policy Center, review the available areas for policies and policy assignments.
    In Internet Explorer, close the Compliance Policy Center tab.
36. Switch to the Security & Compliance center tab
    Switch to the Security & Compliance center tab and the Retention page.
37. Under Preserve, click New +
    On the Retention page, under Preserve, click New +.
38. Name the policy then click Next
    In the New preservation policy window, in the Name box, type Tailspin Documents and then click Next.
39. Select the search locations check boxes
    On the Where do you want us to look page, select the Mailboxes and SharePoint Online and OneDrive for Business check boxes.
40. Click Next
    Click Next.
41. Click Add +
    On the Which mailboxes do you want to include page, click Add +.
42. Add Garret Vargas’ mailbox
    In the Select Mailbox window, click Garret Vargas, click add, and then click OK.
43. Click Next
    On the Which mailboxes do you want to include page, click Next.
44. Click Add+
    On the Which SharePoint Online or OneDrive for Business sites do you want to include page, click Add +.
45. Type the Marketing SharePoint site’s URL
    In the Choose sites window, in the Enter the site’s URL box, type https://yourtenantname.sharepoint.com/sites/Marketing and then click add.
    For example, https://contoso.sharepoint.com/sites/Marketing
46. Type Garret Vargas’ OneDrive for Business URL
    In the Enter the site’s URL box, type https://yourtenantname-my.sharepoint.com/personal/garretv_yourtenantname_onmicrosoft_com and then click Add.
    For example, https://contoso-my.sharepoint.com/personal/garretv_contoso_onmicrosoft_com
47. Click OK and then click Next
    Click OK and then click Next.
48. Type keyword to search for
    In the What do you want to look for box, type Tailspin
49. Click Next
    Review the option to choose start and end dates, and then click Next.
50. Preserve content for 6 months
    On the How long do you want to preserve the content page, click the Time frame to preserve the content menu, click 6 months, and then click Next.
51. Click Next
    On the Do you want to turn on Preservation lock page, review the information, and then click Next.
52. Click Next
    On the Do you want to turn on this policy after it is created page, review the default setting, and then click Next.
53. Review the policy settings and then click Create
    Review the settings for the new policy and then click Create.
54. Review the policy status
    In the Preservations policy list, review the status of the newly created policy. It may take several minutes or longer before the policy status is listed as ‘On’. You do not have to wait for the status to update to On; you may continue with the lab.
55. Browse to the Office 365 admin center
    In the top navigation, click the apps launcher icon and then click Admin.
    
    

Exercise 5: Using Office 365 Message Encryption

In this exercise, you will configure the necessary settings in your Office 365 tenant in order to use Office 365 message encryption. You will then test the configuration and verify automatic encryption for specific content is working.

1. In the navigation menu, click Services and add-ins
   On CLIENT01, in the Office 365 admin center, in the navigation pane, click Settings and then click Services & add-ins.
2. Click Microsfot Azure Information Protection.
   On the Services & add-ins page, scroll down and then click Microsoft Azure Information Protection .
3. On the Protect your information page, click Manage
   On the Protect your information page, click Manage Microsoft Azure Information Protection settings.
4. On the rights management page, click activate
   On the rights management page, click activate.
5. Click activate
   In the Do you want to activate Rights Management dialog box, review the information and then click activate.
6. Verify that Rights Management is activated
   Wait for the page to refresh and then verify that Rights Management is shown as activated.
7. Open Windows PowerShell®
   On CLIENT01, open Windows PowerShell.
   To save time, you can use the Type Text [A] icon whenever it is available to automatically type Windows PowerShell commands instead of typing. The Type Text feature is located to the left of the Done button in the task view screen. To use it, make sure the Windows PowerShell window is in the foreground, then click the icon. Review the text, and then press Enter to run the command 
8. Configure Microsoft.Exchange connection
   At the Windows PowerShell command prompt, type the following and then press Enter:
   $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionURI https://outlook.office365.com/powershell-liveid -Credential (Get-Credential) -Authentication Basic -AllowRedirection
9. Type your tenant administrator credentials
   In the Windows PowerShell credential request window, type your tenant administrator user name and password and then click OK.
10. Import the PSSession
    At the Windows PowerShell command prompt, type the following and then press Enter:
    Import-PSSession $Session
11. Review the rights management configuration
    At the Windows PowerShell command prompt, type the following and then press Enter:
    Get-IRMConfiguration
    Review the output.
12. Set the key sharing location
    At the Windows PowerShell command prompt, type the following and then press Enter:
    Set-IRMConfiguration -RMSOnlineKeySharingLocation https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc
    This is the key sharing location specific to North America.
13. Import the RMS trusted publishing domain
    At the Windows PowerShell command prompt, type the following and then press Enter:
    Import-RMSTrustedPublishingDomain -RMSOnline -Name "RMS Online"
14. Enable internal licensing
    At the Windows PowerShell command prompt, type the following and then press Enter:
    Set-IRMConfiguration -InternalLicensingEnabled $true
15. Review the rights management configuration
    At the Windows PowerShell command prompt, type the following and then press Enter:
    Get-IRMConfiguration
    Review the output of the command.
16. Test the rights management configuration
    At the Windows PowerShell command prompt, type the following and then press Enter:
    Test-IRMConfiguration -Sender yourtenantadministratorname
    For example: Test-IRMConfiguration -Sender Administrator@contoso.onmicrosoft.com
17. Verify that the overall result reads PASS
    In the output of the command, verify that the overall result reads PASS.
    Leave Windows PowerShell open. It will be used later in this lab.
18. Switch to Internet Explorer
    Switch to Internet Explorer.
19. Close the Rights Management tab
    Close the Rights Management tab.
20. Switch to the Office Admin center
    Switch to the Office Admin center tab.
21. On the Services and add-ins page, click Mail
    On the Services and add-ins page, click Mail.
22. Under mail flow, click Custom mail rules
    In the results pane, under mail flow, click Custom mail rules.
23. Create a new rule
    In the Exchange admin center, on the rules page, click the New menu and then click Create a new rule.
24. Name the new custom mail rule
    In the new rule window, in the Name box, type Encrypt Messages
25. Click More options
    Click More options.
26. Set the rule parameters
    Click the Apply this rule if menu, point to The subject or body, and then click subject includes any of these words.
27. Specify words or phrases
    In the specify words or phrases window, type Encrypt, click Add +, and then click OK.
28. Apply Office 365 Message Encryption
    Under Do the following, click the Select one menu, point to Modify the message security, and then click Apply Office 365 Message Encryption.
29. Click Save
    Scroll down and review the remaining options and then click Save.
30. Open a new InPrivate browser session in IE
    On CLIENT01, in Internet Explorer, press Ctrl+Shift+P to open a new InPrivate browser window.
31. Browse to http://outlook.office.com
    In the InPrivate browser window, browse to http://outlook.office.com
32. Sign in to Outlook as Garret Vargas
    Sign in as GarretV@yourtenantdomainname with a password of Pa$$w0rd For example: GarretV@contoso.onmicrosoft.com 
33. In the Inbox, click New
    In the Inbox, click New.
34. In the To box, type your tenant administrator name
    In the To box, type your tenant administrator name.
35. Type a specific subject for the email
    In the Add a subject box, type Encrypt: Testing protection.
36. Type a message for the email and click Send
    In the message body, type Testing the protection policy. and then click Send.
37. Switch to the Exchange admin center
    Switch to the Exchange admin center.
38. In the app launcher, click Mail
    Click the app launcher and then click Mail.
39. Download the message.html attachment
    In the Inbox, click the message from Garret Vargas. Click the message.html attachment and then click Download.
40. In the Internet Explorer banner, click Save
    In the Internet Explorer banner, click Save.
    If the message is not encrypted, you may have to wait until the policy becomes effective. This may take several minutes. 
41. Click Open
    In the The message.html download has completed banner, click Open.
42. Click Sign in
    In the new browser tab, review the information and then click Sign in. For the purpose of this lab, Internet Explorer has been set as the default browser. 
43. Review the message then close the tab
    Review the message and close the Encrypted Message tab.
44. Switch to Outlook signed on as Garret Vargas
    Switch to Outlook on the web signed on as Garret Vargas.
45. Close the InPrivate window
    Close the InPrivate Internet Explorer window.

Exercise 6: Testing MDM and Office 365 Message Encryption (Optional)

In this exercise, you will configure your mobile device to access an Office 365 mailbox using OWA. You will also experience using Office 365 message encryption on a mobile device.
You must have an email account configured on your device using the device’s mail app or a browser on the device that supports Form Post.

1. Connect to your device’s app store
   On your device, connect to your device’s app store.
2. Search the app store
   Search the app store for OME Viewer or Office 365 Message Encryption Viewer.
3. Install the free OME Viewer app
   Install the free OME Viewer app.
4. Search the app store
   Search the app store for OWA or Outlook Web App.
5. Install the free OWA app
   Install the free OWA app.
6. Open the OWA app
   Open the OWA app.
7. Tap Continue
   On the Before you start page, tap Continue.
8. Type the email address for Aubrey Smith
   In the Email address box, type AubreyS@yourtenantname.onmicrosoft.com
   For example, AubreyS@contoso.onmicrosoft.com
9. Type Pa$$w0rd and sign in
   In the Password box, type Pa$$w0rd and then click Sign in.
10. Tap New mail
    Tap New mail.
11. Type an accessible email address
    In the To box, type an email address for an account you have configured on your mobile device.
12. Type a specific subject for the email
    In the Subject box, type Encrypt: Sending from my OWA app
13. Type a message for the email and tap Send
    In the message body, type Testing message encryption and then tap Send. 
14. Open the receiving email account
    Open your device’s email app and the account you sent the message to.
    You will use your device’s native email app and the account that you sent the message to in the previous task.
15. Open the attachment from Aubrey Smith
    In the message from Aubrey Smith, tap the message.html attachment and then open the attachment using the OME Viewer.
16. Tap Use a one-time passcode
    In the OME Viewer, review the encrypted message. Tap Use a one-time passcode.
    Wait for the new reference code page to open. 
17. Switch to your email application
    Switch to your email application.
18. Tap the message from Microsoft Office 365
    Tap the message from Microsoft Office 365.
19. Write down or copy the Passcode
    In the message, locate and write down or copy the Passcode.
20. Switch to the OME Viewer
    Switch to the OME Viewer.
21. Type or paste the Passcode then tap Continue
    In the Passcode box, type or paste the passcode and then tap Continue.
22. Review the encrypted message
    Review the encrypted message from Aubrey Smith.
23. Add Garret Vargas’ email account
    On your device, using the device’s email app or if you have the Outlook app installed, add Garret Vargas’ email account. Use the information available in the knowledge feature[Bulb in Head] icon.
    User name: GarretV@yourtenantname.onmicrosoft.com
    Password: Pa$$w0rd
    Server: outlook.office365.com
24. Open the message from Microsoft Outlook
    Once the account is configured, in the Inbox, open the message from Microsoft Outlook.
25. Read the message and tap Enroll
    Read the message and tap Enroll.
26. Begin the enrollment process
    Complete the procedure your device uses to begin the enrollment process.
27. Read the page and then tap Get the app
    In the web browser, read the page and then tap Get the app. If you have already installed the Microsoft Intune app, you will not be prompted to install.
28. Complete the app retrieval and installation
    Complete the app retrieval and installation using your devices app store.
29. Open the Intune Company Portal app
    Open the Intune Company Portal app.
30. Tap Sign in
    On the Company Portal page, read the information and then tap Sign in.
31. Sign in as Garret Vargas
    On the Intune Company Portal page, sign in as GarretV@yourtenantname.onmicrosoft.com with a password or Pa$$w0rd
32. Tap Enroll
    On the Device Enrollment page, read the information and then tap Enroll.
33. Tap Activate
    On the Company Portal page, review the information and then tap Activate.
34. If necessary create a lock screen PIN
    If necessary, create a lock screen PIN that is at least four characters long. This is the minimum requirement used in the creation of the device security policy created earlier.
35. Complete the enrollment
    Complete the enrollment of your device by completing the onscreen prompts.
36. Switch to CLIENT01 and Office 365 admin center
    Switch to CLIENT01 and the Office 365 admin center.
    If necessary, sign in to http://portal.office.com using your tenant administrator user name and password.
37. Open a new tab and browse to Windows Intune
    Open a new tab and then browse to https://manage.microsoft.com
38. In the navigation menu, click Groups
    In the navigation menu, click Groups.
39. Under Groups, click All Devices
    Under Groups, click All Devices.
40. Click the device for Garret Vargas
    In the mobile devices list, click the device for Garret Vargas.
41. Review the information
    Review the information in the details pane. Some actions may not be available immediately for the device.
    If available, click Selective wipe.
42. Read the wipe information then click No
    In the Warning dialog box, read the selective wipe information and then click No.
43. On your mobile device, tap the MY DEVICES tab
    On your mobile device, in the Company Portal app, tap the MY DEVICES tab.
44. In the list, tap your device
    In the list, tap your device.
45. Tap Check Compliance
    Review the information and then tap Check Compliance.
46. Review compliance details
    If there are any compliance issues, review the compliance details.

Exercise 7: Using Advanced Threat Protection

In this exercise, you will configure the safe attachments and safe links rules in the advanced threat protection feature of Exchange Online.

1. On CLIENT01 switch to Outlook
   On CLIENT01, switch to Internet Explorer and Outlook on the web.
2. Switch to the Office Admin center tab.
   Close the Mail tab and then switch to the Office Admin center tab.
3. Click Exchange
   In the navigation menu, under Admin centers, click Exchange.
4. Under advanced threats, click safe attachments
   On the dashboard, under advanced threats, click safe attachments.
5. Click New+
   On the safe attachments tab, on the toolbar, click New +.
6. Name the new safe attachments policy
   In the new safe attachments policy window, in the Name box, type Replace Suspect Attachments.
7. Click Replace
   Under Safe attachments unknown malware response, review the information and then click Replace.
8. Select Enable redirect
   Under Redirect attachment on detection, review the information and then select the Enable redirect check box.
9. Send the attachment to your tenant administrator
   In the Send the attachment to the following email address box, type your tenant administrator email address.
10. Click The recipient domain is
    Under Applied To, review the information, click the Select one menu, and then click The recipient domain is.
11. Click your tenant domain name
    In the domain selection window, click your tenant domain name, click add and then click OK.
12. Click Save
    Click Save.
13. Click the safe links tab
    In the Exchange admin center, click the safe links tab.
14. Click New +
    On the toolbar, click New +.
15. Name the new policy "Test safe links"
    On the new safe links policy page, in the Name box, type Test safe links.
16. Click On
    Under Select the action for unknown potentially malicious URLs in messages, click On.
17. Select the Do not allow users to click
    Select the Do not allow users to click through to original URL check box.
18. Click The recipient domain is
    Scroll down and, under Applied To, click the Select one menu, and then click The recipient domain is.
19. Click your tenant domain name
    In the domain window, click your tenant domain name, click add, and then click OK.
20. Click Save
    On the new safe links policy page, click Save.
21. Sign in to an accessible email account
    Tasks 21 to 33 test the safe links policy. These tasks are optional.  Sign in to an email account that you have access to. You can use the virtual environment to sign into a web accessible email account or use your mobile device.
22. Create a new email to Aubrey Smith
    Create a new email to AubreyS@yourtenantdomainname
23. Type a subject for the email
    In the Subject box, type Testing spam link.
24. Type a specific message for the email
    In the message body, type Here’s a link to test http://www.spamlink.contoso.com Depending on your email client, you may have to perform additional steps to configure the address as a hyperlink.
25. Click Send
    Send the message.
26. If necessary, switch to CLIENT01
    If necessary, switch to CLIENT01.
27. Open a new InPrivate browser window
    On CLIENT01, in Internet Explorer, press Ctrl+Shift+P to open a new InPrivate browser window.
28. Browse to http://outlook.office.com
    In the InPrivate browser window, browse to http://outlook.office.com
29. Sign in as Aubrey Smith
    Sign in as AubreyS@yourtenantdomainname with a password of Pa$$w0rd For example: AubreyS@contoso.onmicrosoft.com 
30. Click the email you sent to Aubrey Smith
    In the Inbox, click the email you sent to Aubrey Smith.
31. Pause the mouse pointer over the link
    In the reading pane, move the mouse pointer and pause over the www.spamlink.contoso.com link. In the lower left corner of Internet Explorer, notice the URL that the link in the email will be directed to.
32. Click the www.spamlink.contoso.com link
    In the reading pane, click www.spamlink.contoso.com
33. Review the message from Office 365
    In the Internet Explorer tab, review the message from Office 365. 
34. Close the InPrivate window and all tabs
    Close the InPrivate Internet Explorer window and all tabs.
35. On the toolbar, click the Reports menu
    In the Exchange admin center, on the safe links tab, on the toolbar, click the Reports menu.
    The Advanced Threat Protection (ATP) reports reviewed in this task will not likely contain any content due to the short period of activity during the lab
36. Click ATP by Disposition
    Click Advanced Threat Protection by Disposition.
    Wait for the report to be created. If the report is not created, close the window and click the report again. 
37. Review the available report
    Review the available report and notice the Disposition by ATP selections that are available.
38. Click View table
    In the report, click View table.
39. Review the information
    Review the information that can be made available
40. Click close
    Click close.
41. Click the View pending or completed requests
    Click the View pending or completed requests.
42. Review the information
    Review the information that can be provided.
43. Click Close
    Click Close
44. Close the ATP detection message window
    Close the Advanced threat protection detection message dispositions window.
45. On the toolbar, click the Reports menu
    On the safe links tab, on the toolbar, click the Reports menu
46. Click ATP File Types
    Click Advanced Threat Protection File Types.
47. Review the available report
    Review the available report and notice the Attachment types selections that are available.
48. Review the additional areas
    Review the additional areas of the report.
49. Close the ATP window
    Close the Advanced threat protection detection file types window.

Exercise 8: Auditing in Office 365

In this exercise, you will enable different auditing features in Office 365 and then review the available reports that can be helpful to the Office 365 organization’s administrators.

1. Switch to the Office admin center tab
   In Internet Explorer, switch to the Office admin center tab.
2. If necessary, close the Mail window
   If necessary, close the Mail window.
3. Under Admin centers, click Security & Compliance
   In the navigation menu, under Admin centers, click Security & Compliance.
4. In the navigation menu, click Reports
   In the Security & Compliance Center, in the navigation menu, click Reports.
5. Under Reports, click View reports
   Under Reports, click View reports.
6. Click Office 365 audit log report
   Under Auditing, click Office 365 audit log report.
7. Click Start recording user and admin activities
   On the Audit log search page, under Audit log search, click Start recording user and admin activities.
8. Click Turn on
   In the Start recording user and admin activities dialog box, read the information and then click Turn on.
   Wait for the organization settings to be updated.
   Activity search content is not available immediately.
   The remaining steps are used to familiarize you with the search options.
9. Click the Show results for all activities menu
   In the Audit log search window, under Activities, click the Show results for all activities menu.
10. Review the available auditing activities
    In the Activities list, scroll down and review the available activities that can be selected for auditing. Multiple items can be selected.
11. Close the Activities list
    Click an open area on the page to close the Activities list.
12. Review the remainder of the log search filters
    Review the remainder of the log search filters.
    Logs for the activities in this lab will not have been reported in the audit log. If log collection had been enabled, you would be able to create reports for the activities performed against your Office 365 organization. 
13. Switch to Windows PowerShell
    On CLIENT01, switch to Windows PowerShell.
    This should still be connected to Exchange Online using remote PowerShell.
    To save time, you can use the Type Text [A] icon whenever it is available to automatically type Windows PowerShell commands instead of typing. The Type Text feature is located to the left of the Done button in the task view screen. To use it, make sure the Windows PowerShell window is in the foreground, then click the icon. Review the text, and then press Enter to run the command. 
14. Review Garret Vargas’ mailbox
    At the Windows PowerShell command prompt, type the following and then press Enter:
    Get-Mailbox GarretV | FL Audit*
    Review the output of the command.
15. Enable auditing
    At the Windows PowerShell command prompt, type the following and then press Enter:
    Set-Mailbox -Identity GarretV -AuditOwner MailboxLogin,HardDelete -AuditLogAgeLimit 120 -AuditEnabled $True
16. Review Garret Vargas’ mailbox
    At the Windows PowerShell command prompt, type the following and then press Enter:
    Get-Mailbox GarretV | FL Audit*
    Review the updated audit settings for the mailbox.
17. Remove the PowerShell Session
    At the Windows PowerShell command prompt, type the following and then press Enter:
    Get-PSSession | Remove-PSSession
    It is not required to remove the open PowerShell session, however, it is good practice to close sessions when no longer in use. 
18. Close Windows PowerShell
    Close Windows PowerShell.
19. Switch to the Security & Compliance center
    Switch to Internet Explorer and the Security & Compliance center.
20. In the navigation menu, click View reports
    In the navigation menu, under Reports, click View reports.
21. Click Exchange audit reports
    Under Auditing, click Exchange audit reports.
22. Run the admin audit log report
    Review the available reports and then click Run the admin audit log report.
23. Review the cmdlets
    In the Search to view configuration changes window, wait for the search to complete and then review the currently logged cmdlets.
24. Click Close
    Click Close.
25. Close the Audit Reports window
    Close the Audit Reports window.