Overview of the Microsoft Certified Solutions Associate (MCSA) certification for Office 365 – Part one – Exam 70-346
This is the first of two blog posts in my overview of the Microsoft Certified Solutions Associate (MCSA) certification for Office 365. I want to give an overview of the certification, an outline to the different certification paths, and to also provide a summary overview of some of the changes to the 70-346 exam, effective since June 30, 2016.
There are two exams, in total, for the certification – the first part is the Managing Office 365 Identities and Requirements (Exam 70-346) and the second part is Enabling Office 365 Services (Exam 70-347). This blog post will mainly focus on Managing Office 365 Identities and Requirements (Exam 70-346).
I recently completed these two exams over a couple of months of study (and some “on the job” use and training) and received my Microsoft Certified Solutions Associate (MCSA) certification. Once you obtain this certification, it is “yours to keep”; it does not require recertification as some of the Microsoft Certified Solutions Expert (MCSE) certifications do. This is shown below in the snip from my transcript. You’ll note my MCSA for Office 365 (and the other MCSA certifications) have only an “achievement date” on them. Some of my MCSE ones are also like this, but others have an “inactive date” listed (shown in the second snip).
Some of the Microsoft Certified Solutions Expert (MCSE) certifications now require the individual to recertify every three years, per the inactive date. If the certification recipient doesn’t, the exam is moved to another section of the transcript and the certification is labeled “inactive” after the date passes.
With my MCSE Server Infrastructure recertification exam, (70-980 – Recertification for MCSE: Server Infrastructure for this certification), I actually failed it the first time through and my retake date was after the inactivity date, (shown below), so for a short while, my charter certification on Server Infrastructure was moved to inactive status. I found out later (thankfully) that so long as you pass the recertification exam “at some point”, Microsoft will reinstate your certification (and in my case, with the full “charter” designation). The recertification date and the three year “active” window progresses from the point of recertification (and not the original obtainment date) as you can see when comparing my MCSE on Server Infrastructure from the original dates (below) and the new dates (above) when I finally passed the recertification exam on June 4, 2016.
Here is what that section will look like on your transcript should you miss the date and / or simply decide to not re-certify on a given technology:
NOTE: The “*Charter” designation was granted to all examinees that took and passed the certification exams for a technology within six months follow the retail release of the certification or certification series of exams. This is done to show that those members took to the early adoption of the technology and we certified on it.
As I mentioned above, the Microsoft Certified Solutions Associate (MCSA) certification for Office 365 itself does not require re-certification, but if you were to complete it, and go on to the Designing and Deploying Microsoft Exchange Server 2016 exam to complete the Microsoft Certified Solutions Expert certification for MCSE: Messaging (Exam 70-345), then the full certification (the MCSE part, not the MCSA part) would be subject to recertification:
“This MCSE certification requires you to show continued ability to perform in your chosen solution area by completing a recertification exam every three years.” – MCSE: Messaging exam webpage.
With respect to the 70-346 exam, many of the study topics have now been changed from their original “skills measured” outline, as originally listed on the Managing Office 365 Identities and Requirements webpage.
Microsoft recently released an update to the changes:
Objective Domain Exam 70-346: Managing Office 365 Identities and Requirements
The following is the list of changes to Exam 70-346, which have been made to reflect the latest updates and features to Office 365. These exam changes are effective as of June 30, 2016. (I have highlighted in red some of the changes, as provided from Microsoft Learning).
1. Provision Office 365 (15–20%)
1.1. Provision tenants
Configure the tenant name, tenant region, and initial global administrator; manage tenant subscriptions; manage the licensing model; configure tenant for new features and updates
1.2. Add and configure custom domains
Specify domain name; confirm ownership; specify domain purpose; set default domain and move ownership of DNS to Office 365
1.3. Plan a pilot
Designate pilot users; identify workloads that don’t require migration; run the Office 365 Health, Readiness, and Connectivity Checks; run IDFix; create a test plan or use case and connect existing email accounts for pilot users; understand service descriptions and planning to onboard users to Office 365; configure connected accounts
2. Plan and implement networking and security in Office 365 (15–20%)
2.1. Configure DNS records for services
Create DNS records for Exchange Online, Skype for Business Online, and SharePoint Online
2.2. Enable client connectivity to Office 365
Configure proxy to allow client access to Office 365 URLs; configure firewalls for outbound port access to Office 365; recommend bandwidth; configure Internet connectivity for clients; deploy desktop setup for previous versions of Office clients
2.3. Administer Microsoft Azure Rights Management (RM)
Activate rights management; configure Office integration with rights management; assign roles for Rights Management; enable recovery of protected documents
2.4. Manage administrator roles in Office 365
Implement a permission model; create or revoke assignment of administrative roles or the administrative model; determine and assign global administrator, billing administrator and user administrator, delegated administrator, and control password resets
3. Manage cloud identities (15–20%)
3.1. Configure password management
Set expiration policy, password complexity, password resets in Administration Center
3.2. Manage user and security groups
Import users using bulk import (CSV), soft delete, Administration Center, and multi-factor authentication
3.3. Manage cloud identities with Windows PowerShell
Configure passwords to never expire; bulk update of user properties; bulk user creation using Azure Active Directory cmdlets; bulk user license management; hard delete users
4. Implement and Manage Identities by Using Azure AD Connect (15–20%) (This section used to read “Active Directory Synchronization (AADSync)” – in the exam topics now, anywhere that used to be this has changed, as shown in the subsections below. I did a strike through for the first change and the remainder will be replaced and “red” only).
4.1. Prepare on-premises Active Directory for
AADSync Azure AD Connect
Plan for non-routable domain names; clean up existing objects; plan for filtering Active Directory; implement support for multiple forests
4.2. Set up Azure AD Connect tool
Implement soft match filtering and identify synchronized attributes, password sync, and installation requirements
4.3. Manage Active Directory users and groups with Azure AD Connect in place
Delete (soft delete), create, and modify users and groups with Azure AD Connect in place; schedule and force synchronization
5. Implement and manage federated identities for single sign-on (SSO) (15–20%)
5.1. Plan requirements for Active Directory Federation Services (AD FS)
Plan namespaces and certificates; plan AD FS internal topologies and dependencies, plan WAP/AD FS proxy topologies, network requirements, multi-factor authentication, and access filtering using claims rules
5.2. Install and manage AD FS servers
Create AD FS service account; configure farm or stand-alone settings; add additional servers; convert from standard to federated domain; manage certificate lifecycle
5.3. Install and manage WAP/AD FS proxy servers
Set up perimeter network name resolution; install required Windows roles and features; set up certificates; configure WAP/AD FS proxy settings; set custom proxy forms login page; switch between federated authentication and password sync
6. Monitor and troubleshoot Office 365 availability and usage (15–20%)
6.1. Analyze reports
Analyze service reports; mail protection reports; analyze Office 365 audit log reports; Analyze portal email hygiene reports
6.2. Monitor service health
Monitor health using the RSS feed; use service health dashboard including awareness of planned maintenance, service updates, and historical data, Office 365 Management Pack for System Center Operations Manager, and Windows PowerShell cmdlets
6.3. Isolate service interruption
Create a service request; determine connection issues using the Microsoft Remote Connectivity Analyzer (RCA), Microsoft Lync Connectivity Analyzer Tool, and Microsoft Connectivity Analyzer tool; determine availability issues using the hybrid free/busy troubleshooter; determine client configuration issues using Office 365 Client Performance Analyzer and Microsoft Support and Recovery Assistant for Office 365
That’s a wrap for this post – please keep your eye on the Tallan blog for my next post on Enabling Office 365 Services (Exam 70-347) – coming soon.