ITIL:

ITIL (Information Technology Infrastructure Library) is a set of detailed practices for IT Service Management (ITSM) that focuses on aligning IT services as per need of business.
The goal is to improve efficiency and achieve predictable service delivery.
Like: Incident Management, Change Management, Problem Management etc.

ITIL lifecycle 5 stages:

1. Service strategy: Describes business goals and customer requirements and their objectives.
2. Service Design: it describes the design of new services which are more effective and more efficient and also describes any change or improvement needed to current
services.
3. Service transition: it guides to service design and helps in implementing the service deliveries as per strategy.
4. Service operation: it helps in maintaining quality of services and minimizes the service failure at customer end.
5. Continual Service Improvement: it ensures whether IT services are continuously aligned to business needs and helps in overall improvement of IT service.

Incident Management: It helps in handling any ongoing IT interruption or any unplanned event occurs in the service and restores it to its operational state.
like Account Lock, Outlook Not Working, VPN Issues etc.

Change Management: Any Update or Modification need to deploy across the domain. Like Internet Explorer Homepage Update, Trusted Site Update, Windows Patching, Deploying New
Software, Server Hardware Change/Replacement etc.

Problem Management: If any Incidents is continuously repeating then it should take care against a Problem Ticket (Problem Management). Example: A user is complaining his/her
account is locking again and again.

Service request:
Service Request is a formal user request for something new to be provided.
Example: I need a new MacBook, I need USB access, I need a paid software to install in my laptop like Microsoft Visio, Microsoft project, Auto cad, etc.

Incident:
An Incident is an unplanned event that disrupts or reduces the quality of a service and requires an emergency response. Example: “The website is down!”, Account Lock, VPN Not
working etc.
So generally an Incident is nothing but any IT interruption occurred to the end user.

SLA: Service-Level-Agreement
 it is a commitment between a service provider and a client.
 It explains the quality, delivery and responsibilities of the services as agreed between the service provider and the service user.
 The important goal of an SLA is to provide services to the users as per agreement.
 There should be penalties if SLA fails to provide.
.

Priorities:
Priority determined based on the IMPACT of the problem and URGENCY created by user.
 HIGH-need to update/resolve within 4 Hours of time
 MEDIUM- need to update/resolve within 8 Hours of time
 LOW- need to update/resolve within 24 hours etc.

Note: Every Incident includes 2 type of SLA.

i) Response – It’s nothing but need to take ownership once the ticket is assign to our queue. Simply we can say Ticket to own.
ii) Resolution – Need to update/resolve within the SLA period (Like for High 4 Hours, Medium 8 Hours etc.).

KPI: Key Performance Indicator (KPI)

 it measures performance of the organization against the organization goals.
 it shows how effectively a company is achieving key business objectives.
 KPI’s guideposts are designed in such way that they help organization people to achieve their goals.
 It includes total raised tickets, open tickets, closed tickets, reopened tickets, ticket resolution time and also IT costs v/s revenue.

MS Azure:
 Azure is a cloud computing platform with solutions including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
 Azure is a cloud computing platform which was launched by Microsoft in February 2010.
 It provides cloud services including virtualization, analytics, database storage and networking.

IaaS - (Infrastructure as a Service) provide virtual hardware & functions like data storage, networking equipment and virtual computing resources via the internet.

PaaS – (Platform as a Software) It provides platform to host application and allows developers to build applications and services.

SaaS – (Software as a Service) it allows users to run existing online applications.

Like GWS (google work space), MS Office, Facebook many more.

Naas- (Network as a software): it allows you to own networks without spending on infrastructure.
 Virtual routers
 Virtual firewalls

 Virtual private networks

ROUTER: router connects two or more networks and also it sends and receives data on networks.

FIREWALL: A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic networks based on a defined
set of security rules.
What is Azure portal
The Azure portal is a web-based, unified console that provides an alternative to command-line tools.
You can build, manage, and monitor everything from simple web apps to complex cloud employments. Create custom dashboards for an organized view of resources open any browser
like chrome, ie, edge and type portal.azure.com to access azure portal.

What is SharePoint used for:

 All organizations use Microsoft SharePoint to create websites.
 You can use it as a secure place to store, organize, share data and access information from any device.
 It’s similar to Google Drive.
 SharePoint is Microsoft's collaboration platform.
 It's a place where team members can communicate, exchange data, and work together.

What is Citrix used for:

Citrix is software that lets you run applications on a remote computer but interact with those applications on your local computer.
It also lets you access a remote computer as if you were sitting at it, but inside a window.

Citrix Receiver:
Citrix Receiver is used primarily for connecting users to XenDesktop and XenApp desktops and applications, but it can also be used to deliver apps via Microsoft App-V, links to websites
and individual documents, among other things.

What is SSO and how does it work?

Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using ones set of credentials.
Example of SSO login is Google's implementation for their software products. Once a user is logged in to Gmail, the user automatically gains access to YouTube, Google Drive, Google
Photos, and other Google products. I signed into Gmail and already have access to all those products around the red marker.

What is MFA? (Multi-Factor Authentication)

MFA immediately increases your account security by asking multiple forms of verification to prove your identity when signing into an application.
Simply we can say it’s 2-way authentication method.

Benefits of MFA:
1. Protect your identities - Enable multi-factor authentication (MFA) to prompt users for additional verification.
2. Use across applications - Enable MFA (or 2FA) to ensure your accounts are up to 99.9% less likely to be compromised.
3. Use across applications - Provide users secure, seamless access to all their apps with single sign-on from any location or device.

MFA Registration Process:

We can do the MFA registration by process by following the below steps.

MFA Revoke & Reregister Process:

When user request to change the MFA number (phone number) we can update the MFA from portal.azure.com

Open portal.azure.com  Users  Enter the user email  Open the User Properties  Click on Authentication method.

Now change the Mobile number as per the user request.

Change the Authentication Method: (mobile application- authenticator)

We can change the Authentication methods by following the below steps.

What is OneDrive and why do I need it?

It's Microsoft's cloud storage service, OneDrive, can back up your personal and work files online. It's built into Windows 10. By this we can sync files on our Windows 10 PC to the cloud
and to our other Windows PCs.
VPN:

VPN is a virtual private network which allows us to access domain network from our home network.
VPN creates a secure tunnel to access the domain network. We used CISCO AnyConnect (ex for VPN) in last organization.

Other VPN like ZScaler, Pulse, Global Protect etc.

VPN Basic Troubleshoot:

When we receive any incident for VPN then immediately we need to check the below steps one by one.

i> Need to check user is from which region (Like EMEA, AMER, APAC etc.). Because in some organization region wise VPN server name will be implement.
ii> Now need to check whether the user is part of the VPN group(region) or not (EMEA region user need to be part of the EMEA VPN group, CHINA user should be
part of china VPN Group etc.).
iii> If user is not part of the particular VPN group, then immediately we need to add the user to the VPN group. If user is part of the VPN group, then please
remove and re add the user and check the behavior.
iv> We need to restart the VPN service.
v> Next we need to check whether VPN client is installed correctly or not. If not, we need to install the VPN client in user computer.
vi> If not works, we need to route the incident to the Network team.

Note: Also try to check whether the particular VPN Server is pinging or not.

Outlook:
Microsoft Outlook is an application that is used mainly to send and receive emails. It can also be used to manage various types of personal data including calendar appointments and
similar entries, tasks, contacts, and notes.
Versions: 2007, 2010, 2013, 2016, 2019

Office 365:
Office 365 refers to subscription plans (License) that include access to Office applications plus other productivity services that are enabled over the Internet (cloud services), such as
Microsoft Teams, Exchange Online hosted email for business, Additional online storage with OneDrive, SharePoint, Yammer etc.
Office 365 License type is like E1, E3 and E5
Difference between E3 and E5 licences:

A] security
 E3 license comes with Microsoft’s basic anti-spam and anti-malware.
E5 license comes with those basics and Microsoft Advanced Threat Protection software which guards your company against malicious threats in email messages,
attachments, and links.
 E5 has feature of password attacking tool. This tool tests user passwords against a list of commonly used passwords. But not in E3 licence.
 Office 365 cloud app security present in E5 licence but not in E3 licence.

B] Analytics
Office 365 comes with two analytics tolls: My Analytics and Power BI Pro. The E5 license is the only plan that offers Power BI Pro.

 E1 license has no application like power point, excel, word one note, outlook and exchange center but E3 and E5 have applications.
 E1 and E3 have no teams meeting application but E5 has Microsoft teams application.
 E1 and E3 have no advanced analytics feature like Power BI but E5 have this feature.
 MDM & MAM application present in E5 license not in E1 &E3 licenses.
 E5 have advance threat protection and advance information protection feature not in E3 & E5 licenses.
E1 license have application like share point, yammer and one drive.

Outlook Profile Creation: (OWA- outlook web application or access)

When end user complaint that they are not receiving email and can’t be able to send email then immediately need check whether it’s working in OWA or portal.office.com. Because if
the user account is not working in OWA/portal.office.com then after profile creation also it won’t work. Because the user is not able to connect to Microsoft Exchange Server. So
immediately we need to route the incident to the Exchange Team.

If it’s working, then we need to go ahead for creating the profile under the below path.
Control Panel  Mail  Show Profile  New  Enter the new profile name like, Outlook1  Then enter email ID and Password.

Checking Outlook in OWA/portal.office.com:

Open OWA link or Portal.office.com  Click on The Outlook Tab  Once outlook is open check whether all the emails are working as expected or not.
DL
Distribution List (DL) is used to distribute email to number of people.
Note: DL cannot send email just receiving email. But shared mailbox can send and receive email.

Shared Mailbox:
Shared Mailbox is a mailbox like our personal Mailbox. But only difference is shared mailbox use to shared among the number of people in the team. So all group member can
send/receive email from the Shared Mailbox.

Adding shared mailbox to OUTLOOK.

Open Outlook  File  Account Setting  Account Setting  Email  New  Enter the email id of the Shared Mailbox.

PST & OST:

Both the file is known as Outlook Data File.

PST  Personal Storage Table. Which allows us to save our outlook emails locally. Example if we want to save our Inbox email to local “C” drive.

OST  Offline Storage Table. It’s saving our Outlook email in offline to the exchange server. Example Draft/Outbox etc.

How to create PST File:

Outlook  File  Account Setting  Account Setting  Data Files  Add  Select the Drive Path where you want to save the .pst file.

Note: If you already have a .pst file you can also import the file to your outlook.

Outlook  File  Account Setting  Account Setting  Data Files  Open File Location  Select the .PST file where u saved.

Active Directory:
Active Directory (AD) is a database and set of services that connect users with the network resources.
The function of Active Directory is to enable administrators to manage permissions and control access to network resources.
In Active Directory, data is stored as objects, which include users, groups, applications, and devices, and these objects are categorized according to their name and properties.
AD also provides additional features such as Single Sign-On (SSO), security certificates, LDAP (lightweight directory access protocol), and access rights management.
The server who controls the active directory are called DOMAIN CONTROLER.

Active Directory is the Database, Repository of the Objects (User/Computer/Groups/Printer etc).

To open the “Active Directory Users and Computers” SNAPIN we need to type “Active Directory Users and Computers” in search bar or we can type “dsa.msc” in RUN tab.

Security Group & Distribution Group:

Distribution Group
A distribution group can be used for sending emails to a group of users.
We need to create this group (DL, DDL & Shared mailbox) from the Office 365
Portal (portal.office.com).

Security Group
By using a security group, we can create a group of user accounts in a department and grant them access to a shared folder.
If we want to grant permission to some certain users of network shared files, then we need to create security groups and add users to that group then every user has permission to
access those folders.

Example: VPN users group, USB Access Users Group, Auto Cad Users group etc.
We need to create the security Group from Active Directory Users and Computers.

Password Reset in Active Directory:

i> When any user calls us to RESET password then first we need to verify whether user is VALID user or not (Find the user in Active Directory Users and Computers).
ii> If user is VALID user, then we need to check whether USER account is ENABLE or DISABLE (Check in Active Directory Users and Computers).
iii> If DISABLE then we need to ask from when his account is disabled, because if the USER didn’t log in to any DOMAIN Computer from more than >21 days then his
account will be automatically DISABLE as per company DOMAIN Policy. So, for enabling his account we need to get approval from his manager as well as from IT
Security team by providing valid justification that why he is not logged in since last 21 days. So, this need to take care through a SERVICE REQUEST. Then after
 approval we can go ahead to ENABLE his account and user can login by his old password. If not, we can RESET password and share with his manager through
encrypted email.
iv> If user account is in ENABLE status, then we can go ahead to reset his password and share with him through encryption email process.

Open Active Directory Users and Computers  Right click on the Domain  Find  Enter the user email id  Now right click on the User object  Reset Password

If there is a DOWN Arrow in User Object that means user Object is DISABLED.

RESET Password in AZURE Portal:

Open portal.azure.com  Users  Enter the user email  Open the User Properties  Click on Password Reset.

RESET Password through SSPR:

SSPR – Self Service Password Reset:

SSPR is an Azure Active Directory (AD) feature that enables users to reset their passwords without contacting IT staff for help.

Open SSPR link in the browser User need to enter his valid registered mobile number, security code, or email for authentication purpose. Once user proved his identity through
authentication method he can reset his password.

https://sspr.cygate-solutions.com/

Account Unlock:

When user requested to unlock his account, then we need to find the user object under

Active Directory Users and Computers  Right click on the Domain  Find  Enter the user email id  Open the User Object  Account Tab  Check Unlock Account box  Apply
OK

Account Lockout:

Account lockout means again and again the user account keep locking.
Usually bad password and password not synced is the reason for user Account Lockout.
We can find the cause of the Account Lockout in details in Event Viewer
Type event viewer in search bar  Windows Logs  Security Logs  Check the logs

Note: We need to clear the CREDENTIAL MANAGER for this account lockout issues.

Credential Manager use to store our all local credential in the device.
For this just type Credential Manager in Search Bar  then remove all the stored Windows Credentials as below.

BITLOCKER:

Bit Locket is basically a Drive Encryption on removable data drives. BitLocker Drive Encryption is a data protection feature used for windows operating system and prevents from the
data stolen or data lost.
So simply we can say Bit locker is an encryption process to protect our company device (laptop/desktop etc.) hard disk drive. Once bit locker is enabled hackers cannot extract our data
which is present in our HDD.
Sometime user wrongly typed their Bit locker Key more than 3 times or they forgot their bit locker key then we need to provide them the BitLocker key.
Bit locker key usually starts from 10 digit to 48 digit as per the company standard.

How to find the bit locker key.

We usually find the Bit Locker key in 2 ways.

i) Intune(Azure)
ii) Active Directory User & Computers

What is Intune?
Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). You control how your
organization’s devices are used, including mobile phones, tablets, and laptops. You can also configure specific policies to control applications.
Intune helps make sure your organization's data stays protected and keep separate organization data from personal data.
A] MDM (mobile device management) – it controls organization devices like smartphone, laptop, tablets and windows.
Using MDM application, you can erase data if the device is stolen or lost.
B] MAM (mobile application management) it controls organization business data from users' personal devices. You can erase organizational data from
users’ personal devices if data is exchanged.

To find the Bit locker key we need to have user Device name or Serial Number.

Then go to Microsoft INTUNE portal by accessing the endpoint site

https://endpoint.microsoft.com

Select Device  All Device  Enter the Serial Number Or Device Name  Select the Device  Recovery Keys.

Now we can RECOVER the BITLOCKER key and share with the user.

Generate Bit Locker recovery key through Active Directory User and Computer.

Open Active Directory Users and Computers  Right click on the Domain  Find  Enter the computer name  Now right click on the Computer object  Properties Select
BitLocker Recovery Attribute.

Taking User Computer Remotely through Microsoft Teams & Quick Assist:
Note: When we take user computer remote through Teams we cannot enter Admin Credential. Because when we open anything (cmd, services, event viewer etc.) as admin in end user
computer then immediately an UAC (User Access Control) prompt will come, that time it will be invisible from our side. So, we need to use Quick Assist to take control of end User
Machine.

Quick Assist:

Open Quick Assist in your computer and end user computer by simply typing Quick Assist in search bar.

You need to Click on “Assist Another Person”, then you will get a “Security Code”. Now you need to share the code with the user and request to enter in “Code from Assistant” tab then
click on “Share Screen”.

RDP: (Remote Desktop Protocol)

RDP means Remote Desktop Connection. It uses port number 3389. We can connect any remote devices by this RDP process.

Windows + R (RUN) then type mstsc. Now need to enter the IP or Host Name which you want to connect.

MSTSC = Microsoft Terminal Service Client

Note: When we do RDP to any computer then it will be immediately disconnecting the session in Destination computer, so end user doesn’t know what we are doing and we will have
full control to their computer. So, we should not take RDP for end user computer.

RDP is only preferred to the SERVER

Network File Server - Access Grant/Revoke:

Network share access always need to take care against a Service Request as we need to get approval from the owner of the Shared Drive.

Run  \\Servername or IP of the server\Folder Name. Then we need to go to the particular folder the Right Click  Properties  Security Tab  Edit  Add User Name  Then click
on the Permission like Modify/Write/Read as per the user demand.

Example:

SCCM: ([system center configuration maanger]

System Center Configuration Manager (SCCM) is an Application Deployment Tool from where user can install all the company validated software’s from it. It’s like play store in our
mobile.

Simply type Software Center in Search bar it will open the application catalogue. Then select the application particularly which user want to install.

If user need additional software that should take care against a Service Request.

SCCM Troubleshooting:

When end user complaints that the particular software is not available in their computer then we need to do the basic troubleshooting steps for refreshing the Configuration manager.

Control Panel  Configuration Manager  select Actions tab  the click on the all Actions separately + Run Now  Now suggest user to restart their computer after 20-30 minutes as
policy refresh will take some time.

If still the software is not available in user computer then we need to re start the 2 services in user computer. Open services.msc and then select particular service right click the restart.

Search Bar  Services  Open as Admin  BITS & WMI

BITS  Background Intelligence Transfer Service

WMI  Windows Management Instrumentation

Note: For RESTART/STOP Service we need to open services as ADMIN, else we cannot perform the restart or stop service.

PING:

Ping used to check the connectivity in between two network devices.

We need to check the network data packets which send / receive value should be same.

DNS: [domain name server]

DNS is an internet service that translates the domain name into IP addresses.

Whenever you request for google.com or any other website, your request first goes to DNS servers. Then, the DNS server translates the domain into the corresponding IP Address and
forwards the request to the website server, and finally the website loads into your browser.

DNS is a domain name server/system which use to resolve

Domain Name  IP Address

IP Address  Domain Name
Host Name  IP Address
IP Address  Host Name

NOTE: DNS resolve FQDN (Fully Qualified Domain Name).

Example: www.yahoo.com/ndch32.corp.net

DNS use port number 53

NSLOOKUP (name server lookup)

NS lookup is a command-line tool used for testing and troubleshooting DNS servers. It is one of most powerful and frequently used tools used by Systems and Network Engineers /
Administrators.
NS lookup is a command from which we can troubleshoot the DNS.

If we know the domain name/host name then we can easily find the IP address of the domain name or the host name.

OR Vice versa

CMD  nslookup  enter the ip or host name/domain name or ip address

DHCP:

Dynamic Host Configuration Protocol used to assign IP Address to the client machine. DHCP use port number 68 and 67.

DHCP assign IP to Client computer through DORA Process

D  Discover
O  Offer
R  Request
A  Acknowledge

Static and Dynamic IP:

Static IP: We need to configure the IP manually (ex: printer, scanner, server etc.)
Dynamic IP: DHCP server automatically assign IP to the client machine (end user desktop/laptop)

IPCONFIG Switches:

Group Policy Update (gpupdate):

The gpupdate command refreshes a computer's local Group Policy and any Active Directory-based group policies.
Usually gpupdate command is used to update Group policies in Windows operating system Domain.
To update Group Policy just open Command prompt (cmd) then type gpupdate /force

How to pull the gpresult from the client computer:

Gpresult allow us to find the policy details which all applied to the user computer.
Just open Command prompt (cmd) then type gpresult /h gpreport.html

Internet not working on user computer:

Suggest user to plugin plug out the internet cable.

If still not working go to below path to clear cookies
Internet Explorer  Settings  Internet Option  General  Check “Delete browsing history on exit”  OK

If still not work the open Command Prompt run the below commands.
i) Ipconfig /release
ii) Ipconfig /renew
iii) Ipconfig /flushdns
iv) Ipconfig /registerdns

The main difference between Domain & Workgroup:

In domains is how resources on the network are managed. Computers on home networks are usually part of a workgroup, and computers on workplace networks are usually part of a
domain. In a workgroup: All computers are peers; no computer has control over another computer.
Any Domain user can login into any domain joined devices.

Difference B/W Windows 10 & 7:

Windows 10 basically increased the security like MFA, Windows Defender ATP. Other than that also updated Microsoft Edge is default browser, Windows Hello.
Microsoft's digital assistant Cortana is also available on Windows 10 PCs. The OS also integrates better with Microsoft OneDrive cloud tool.