MICROSOFT 365 ADMINISTRATION

LEARNING PATH FOR BEGINNERS

Syllabus Overview

This structured syllabus will help you build a solid foundation in Microsoft 365
administration, progressing from fundamental concepts to advanced topics.

Lesson Plan (8-Week Timeline)

Week 1: Introduction to Microsoft 365 & Core Concepts

• What is Microsoft 365? (Subscription plans, services included)

• Microsoft 365 Admin Center Overview

• Understanding Azure Active Directory (AAD)

• Identity models: Cloud, Hybrid, and On-premises AD

• Hands-on: Navigating the Admin Center and AAD basics

Big Picture: Identity management is the foundation of security and access control in
Microsoft 365. Understanding AAD helps you manage users, groups, and permissions
efficiently.

Week 2: User and Group Management

• Creating and managing users

• Assigning licenses and roles

• Managing groups (Microsoft 365 Groups, Security Groups, Distribution Lists)

• Understanding Role-Based Access Control (RBAC)

• Hands-on: Creating and modifying users, assigning licenses, and managing groups

Big Picture: Proper user and group management ensures security, compliance, and
operational efficiency.

Week 3: Authentication & Security

• Multi-Factor Authentication (MFA)

• Conditional Access Policies

 • Self-Service Password Reset (SSPR)

• Identity Protection & Secure Score

• Hands-on: Enabling MFA and setting up conditional access

Big Picture: Authentication and security protect Microsoft 365 environments from
unauthorized access, forming the first line of defense in cybersecurity.

Week 4: Microsoft 365 Compliance & Data Governance

• Compliance Manager & Microsoft Purview

• Data Loss Prevention (DLP)

• Retention Policies & Sensitivity Labels

• eDiscovery and Auditing

• Hands-on: Implementing DLP and retention policies

Big Picture: Compliance tools help organizations meet regulatory requirements and
protect sensitive data.

Week 5: Exchange Online Administration

• Mail flow and connectors

• Managing mailboxes (shared, user, resource)

• Anti-spam & anti-phishing protection

• Mailbox permissions and retention policies

• Hands-on: Creating mailboxes and setting up mail flow rules

Big Picture: Email is a primary communication tool, and proper Exchange Online
management ensures smooth operations and security.

Week 6: SharePoint Online & OneDrive for Business

• Understanding SharePoint Sites and Permissions

• Managing OneDrive storage and policies

• External Sharing and Security Controls

• Hands-on: Creating a SharePoint site and configuring permissions

 Big Picture: SharePoint and OneDrive provide secure storage and collaboration
capabilities, ensuring controlled access to company resources.

Week 7: Teams Administration & Endpoint Management

• Managing Microsoft Teams policies and settings

• Teams lifecycle (creating, managing, archiving)

• Mobile Device Management (MDM) & Intune Overview

• Hands-on: Configuring Teams policies and basic Intune settings

Big Picture: Microsoft Teams connects users for collaboration, while Intune helps
manage and secure devices across the organization.

Week 8: PowerShell & Microsoft Graph for Automation

• Introduction to PowerShell for Microsoft 365

• Transition from MSOLService to Microsoft Graph

• Managing users, groups, and policies using PowerShell

• Hands-on: Running PowerShell scripts to automate admin tasks

Big Picture: PowerShell and Microsoft Graph help automate repetitive administrative
tasks, improving efficiency and reducing manual errors.

Additional Topics for a More Complete Understanding

These topics provide deeper insights into M365 administration and help improve problem-
solving, security, and automation.

• Hybrid Identity & Azure AD Connect – Essential for environments with on-
premises AD integration.

• Privileged Identity Management (PIM) – Enhances security by granting just-in-time

admin access.

• Defender for Microsoft 365 – Provides advanced threat protection for email and
endpoints.

• Microsoft 365 Licensing Optimization – Helps reduce costs by assigning the right
licenses.
 • Power Automate & Logic Apps – Automates workflows across M365 applications.

• Advanced Threat Analytics & Security Monitoring – Improves threat detection and
response.

• Microsoft Endpoint Manager (Intune) – Extends control over mobile devices and
applications.

• Zero Trust Security Model – Enhances security with least privilege access
principles.

Would you like a condensed cheat sheet summarizing the key commands, tools, and
concepts?

COMPARISON OF KEY CONCEPTS IN

MICROSOFT 365 CORE CONCEPTS
Why This
Concept Definition Similarities Differences Relationship
Matters

A cloud-based Understanding
service offering Some features subscription plans
All Microsoft 365
various tools and are available ensures you assign
concepts rely on
Microsoft 365 applications like only in specific the right licenses
licensing and
Subscription Exchange Online, plans (e.g., for the right users,
subscription to
SharePoint, Business vs. avoiding
function.
Teams, and Enterprise). unnecessary
OneDrive. costs.

Works with AAD, Knowing how to

A web-based Limited to web-
identity models, navigate the
interface for based UI, while
and other Admin Center
Microsoft 365 managing PowerShell and
Microsoft 365 helps in managing
Admin Center Microsoft 365 Microsoft Graph
services for identity, security,
settings, users, allow for deeper
centralized and service
and services. control.
administration. settings efficiently.
 Why This
Concept Definition Similarities Differences Relationship
Matters

AAD is the
backbone of
Microsoft’s Works with all On-prem AD
identity and
cloud-based identity models to relies on local
Azure Active security in
identity and manage user servers, while
Directory Microsoft 365.
access authentication AAD is cloud-
(AAD) Understanding it
management and access based. Hybrid
helps secure and
service. control. integrates both.
manage access
efficiently.

Cloud-based
AAD stores
All models identities Choosing the right
Identity
Determines how authenticate online, Hybrid identity model
Models
user identities users and provide integrates with affects security,
(Cloud,
are stored and access to on-prem AD, management, and
Hybrid, On-
managed. Microsoft 365 and On-Prem scalability of
Prem AD)
resources. AD stores Microsoft 365.
everything
locally.

Why These Relationships Matter

Microsoft 365 administration is built on identity management, licensing, and security.

Without a proper understanding of Azure Active Directory (AAD) and identity models, you
may face issues like unauthorized access, inefficient user management, and security
breaches. The Admin Center acts as a gateway to manage users, permissions, and
policies, but for advanced tasks, administrators need PowerShell and Microsoft Graph.

Additional Concepts to Explore

Concept Similarities Differences Why It’s Important

Entra ID focuses on
Works with AAD and Helps improve identity
Microsoft Entra cloud identity
identity models for protection beyond
ID governance and Zero
authentication. AAD.
Trust security.

Used to manage Unlike Admin Understanding it

Microsoft Graph Microsoft 365 users and Center, it enables improves automation
API services automation and and advanced
programmatically. deeper integrations. administration.

Enhances access Ensures that security

Zero Trust assumes
Zero Trust control, similar to policies are always
all access is
Security Model Conditional Access in verified, reducing
untrusted by default.
AAD. breaches.

Privileged Provides time-bound Reduces risks of

Works with RBAC and
Identity admin access compromised
Conditional Access for
Management instead of administrator
secure admin control.
(PIM) permanent roles. accounts.

Analogies to Understand Microsoft 365 Core Concepts

1. Microsoft 365 as a Digital Office Building

• Analogy: Imagine Microsoft 365 as a huge office building, where:

o Azure AD is the security system managing who can enter.

o The Admin Center is the front desk where access and permissions are
granted.

o Identity models (Cloud, Hybrid, On-Prem) decide whether employees can

work remotely or only from the office.

o Licensing determines which floors and rooms an employee can access.

• Strength: Provides a real-world comparison to how access and security are

managed.
 • Limitation: Does not fully explain the automation and backend integrations that
Microsoft 365 allows.

2. Microsoft 365 as a Streaming Service (Like Netflix)

• Analogy: Microsoft 365 is like a streaming service where:

o Subscription plans are the Netflix plans (Basic, Standard, Premium).

o Azure AD is the account system that lets users sign in.

o Admin Center is the settings menu where profiles and permissions are
managed.

o Identity models define whether the user watches online, downloads for
offline use, or shares an account.

• Strength: Relatable because most people use streaming services.

• Limitation: Oversimplifies the complex security and compliance features.

3. Microsoft 365 as a Large Hotel with a Keycard System

• Analogy: Microsoft 365 is like a hotel, where:

o Azure AD is the keycard system controlling room access.

o The Admin Center is the front desk where room assignments are managed.

o Identity models determine whether guests can enter with just a keycard
(Cloud), need manual check-in (On-Prem), or have both options (Hybrid).

o Licenses define what hotel amenities (gym, pool, lounge) guests can use.

• Strength: Explains identity management, access control, and permissions clearly.

• Limitation: Doesn’t cover automation and security monitoring features.

Would you like an expanded deep-dive into PowerShell and Microsoft Graph as your next
topic?
COMPARISON OF KEY CONCEPTS IN
USER AND GROUP MANAGEMENT
Why This
Concept Definition Similarities Differences Relationship
Matters

Process of
Users are Focuses on
creating, Ensures proper
assigned individual users,
User modifying, and access control,
licenses, roles, while groups
Management deleting compliance, and
and group handle multiple
individual users identity security.
memberships. users at once.
in Microsoft 365.

Organizing users
Using groups
into collections Both involve
Groups control correctly
(Security Groups, assigning
Group multiple users at simplifies
Microsoft 365 permissions and
Management once, reducing administration
Groups, managing
admin workload. and enhances
Distribution access.
security.
Lists).

Assigns
Works with both More granular Reduces security
Role-Based permissions
user and group and security- risks by ensuring
Access based on
management for focused than users have only
Control predefined roles
structured simple group the necessary
(RBAC) rather than
access. permissions. access.
individual users.

Ensures
Allocating Licenses are
Users and groups compliance and
Microsoft 365 assigned per
License must be licensed cost efficiency by
licenses to users user, while
Assignment to use Microsoft managing license
for access to groups manage
365 apps. allocation
services. permissions.
properly.
Why These Relationships Matter

User and group management are foundational to security, efficiency, and compliance in
Microsoft 365. Assigning users to groups reduces administrative workload, while RBAC
ensures least-privilege access, minimizing security risks. License management ensures
that resources are allocated effectively, avoiding unnecessary costs.

Additional Concepts to Explore

Concept Similarities Differences Why It’s Important

Privileged
Works with RBAC to PIM allows just-in-time Enhances security by
Identity
grant temporary access, while RBAC limiting long-term
Management
admin roles. assigns static roles. admin access.
(PIM)

Conditional Access Ensures users only

Works with user and
Conditional enforces security rules access resources
group policies to
Access dynamically, unlike under secure
control access.
static RBAC. conditions.

Reduces helpdesk
Self-Service Helps users manage Like MFA, it enhances
workload while
Password Reset their own credentials security but focuses on
maintaining strong
(SSPR) securely. password recovery.
identity security.

Automates license
Unlike manual license Ensures new users
Group-Based assignments based
assignment, it reduces receive the correct
Licensing on group
administrative effort. licenses automatically.
membership.

Analogies to Understand User and Group Management

1. Microsoft 365 User Management as a School System

• Analogy:

o Users are individual students.

o Groups are classes or clubs (e.g., Math Club, Science Club).

 o RBAC is the role system (Teachers have more permissions than students).

o License Assignment is like giving students different textbooks or lab access.

• Strength: Clear real-world example with structured roles and permissions.

• Limitation: Does not fully explain automation features like group-based licensing.

2. User and Group Management as a Bank System

• Analogy:

o Users are account holders.

o Groups are different account types (Savings, Checking, Business).

o RBAC is the authorization system for tellers, managers, and customers.

o License Assignment is like granting premium banking features.

• Strength: Shows how different levels of access impact security.

• Limitation: Doesn’t cover compliance aspects like Conditional Access.

3. Microsoft 365 as a Corporate Office

• Analogy:

o Users are employees.

o Groups are departments (HR, IT, Finance).

o RBAC defines whether an employee is a regular worker, manager, or director.

o License Assignment is like assigning work devices and software.

• Strength: Relatable in an enterprise environment.

• Limitation: Lacks an intuitive explanation of dynamic security policies.

Would you like to dive deeper into automation in user and group management using
PowerShell and Microsoft Graph?
COMPARISON OF KEY CONCEPTS IN
AUTHENTICATION & SECURITY
Why This
Concept Definition Similarities Differences Relationship
Matters

Requires users to Works with

Focuses on user
verify their Conditional Prevents
authentication,
Multi-Factor identity using two Access and unauthorized
while Conditional
Authentication or more factors Identity access even if
Access enforces
(MFA) (password + Protection to passwords are
rules on login
phone code, enhance compromised.
conditions.
etc.). security.

Conditional
Sets rules to
Works with MFA Access controls Adds flexibility
allow or deny
Conditional and Identity who, where, and by allowing
access based on
Access Protection for how access is secure access
conditions (e.g.,
Policies dynamic security granted, while under trusted
location, device,
enforcement. MFA controls conditions.
risk level).
verification.

Allows users to Works with MFA SSPR is about Reduces IT

Self-Service reset their since users must recovering workload while
Password passwords verify their access, while MFA keeping
Reset (SSPR) securely without identity to reset is about securing accounts
IT help. passwords. access. secure.

Enhances Identity Protection

Uses AI to detect security by is proactive
Ensures a data-
Identity risky sign-ins and monitoring (detecting risks),
driven approach
Protection & recommend authentication while Secure
to securing
Secure Score security threats and Score is advisory
Microsoft 365.
improvements. enforcing (suggesting
policies like MFA improvements).
 Why This
Concept Definition Similarities Differences Relationship
Matters

and Conditional
Access.

Why These Relationships Matter

Microsoft 365 authentication and security features work together to form a layered
defense against cyber threats. MFA adds an extra step to verify identity, Conditional
Access decides when access is safe, SSPR ensures users can regain access securely,
and Identity Protection monitors risks and suggests fixes. Using these together reduces
attack surfaces while maintaining productivity.

Additional Concepts to Explore

Concept Similarities Differences Why It’s Important

Privileged PIM focuses on just-in- Prevents excessive

Works with RBAC to
Identity time admin roles, unlike admin privileges from
grant temporary
Management regular MFA which increasing security
elevated access.
(PIM) secures all user logins. risks.

Uses AI to detect risky Helps automate

Azure AD Similar to Secure Score
sign-ins like security responses
Identity but focused on real-time
compromised and lock out threats
Protection security threats.
accounts. immediately.

Monitors identity- Focuses on attack

Microsoft Detects and blocks
based threats like detection, while
Defender for attackers before they
password spray Conditional Access
Identity gain access.
attacks. controls login behavior.

Zero Trust Requires verification Related to MFA and Ensures continuous

Security Model at every access point, Conditional Access but validation of users,
Concept Similarities Differences Why It’s Important

assuming no default applies to entire security devices, and

trust. strategy. requests.

Analogies to Understand Authentication & Security

1. Microsoft 365 Security as a Bank Vault

• Analogy:

o MFA is like requiring a PIN + fingerprint to enter the vault.

o Conditional Access is like only allowing access during business hours.

o SSPR is like letting customers reset their PIN securely if they forget it.

o Identity Protection is like security cameras detecting suspicious behavior.

• Strength: Clearly illustrates security layers.

• Limitation: Doesn't explain how AI-based risk detection (Identity Protection) adapts
over time.

2. Authentication as Airport Security

• Analogy:

o MFA is like showing both your passport and a boarding pass.

o Conditional Access is like only letting passengers through security based on

their ticket type and country.

o SSPR is like allowing passengers to recover lost boarding passes.

o Identity Protection is like security scanning travelers for suspicious

behavior.

• Strength: Easy to understand the role of multiple checkpoints.

• Limitation: Doesn't capture the continuous monitoring aspect of Identity

Protection.

3. Microsoft 365 Security as a VIP Club Entry

• Analogy:
 o MFA is like needing both a membership card and a password to enter.

o Conditional Access is like only allowing VIPs to enter after 10 PM.

o SSPR is like letting VIPs reset their access if they lose their card.

o Identity Protection is like a bouncer recognizing suspicious guests and

blocking them.

• Strength: Shows dynamic access control in an engaging way.

• Limitation: Doesn’t explain the automation behind security monitoring.

Would you like me to add PowerShell commands for enabling these security features in
Microsoft Graph?

COMPARISON OF KEY CONCEPTS IN

MICROSOFT 365 COMPLIANCE & DATA
GOVERNANCE
Why This
Concept Definition Similarities Differences Relationship
Matters

Compliance
Manager helps
organizations Compliance
Understanding
assess and Manager focuses
Both help both ensures
Compliance manage on assessing
organizations regulatory
Manager & compliance risks, compliance
ensure compliance
Microsoft while Microsoft posture, while
compliance and while
Purview Purview provides Purview provides
manage risks. maintaining
data governance visibility and
data security.
and risk control over data.
management
solutions.
 Why This
Concept Definition Similarities Differences Relationship
Matters

Prevents
accidental or Works with
DLP prevents Ensures data
malicious sharing Retention
Data Loss data leaks, while protection
of sensitive data Policies and
Prevention retention policies without
(e.g., blocking Sensitivity
(DLP) control how long interfering with
credit card Labels to
data is kept. productivity.
numbers in enforce security.
emails).

Retention policies Retention policies

Helps
define how long focus on lifecycle
Retention Both help businesses
data is stored, management,
Policies & organizations balance
while sensitivity while sensitivity
Sensitivity manage and security and
labels classify and labels enforce
Labels protect data. accessibility of
protect sensitive classification and
critical data.
data. encryption.

eDiscovery helps
organizations
eDiscovery is used Ensures
search for and
for legal cases, organizations
retrieve data for Both help in
eDiscovery & while auditing can track,
legal and compliance
Auditing monitors user retrieve, and
compliance needs, investigations.
activity for investigate data
while auditing
security. when needed.
tracks actions
taken on data.

Why These Relationships Matter

Compliance and data governance work together to protect data while ensuring an
organization meets legal and regulatory requirements.

• DLP prevents leaks of sensitive information.

 • Retention policies ensure necessary data is kept, and sensitivity labels protect
it.

• eDiscovery helps find important data when needed, and auditing tracks its use.

Using these tools properly prevents legal, financial, and security risks while allowing
businesses to operate efficiently.

Additional Concepts to Explore

Concept Similarities Differences Why It’s Important

Works with DLP to Defender focuses on app

Microsoft Ensures sensitive data
monitor and security, while DLP
Defender for isn't exposed through
prevent data leaks prevents data leaks within
Cloud Apps third-party cloud apps.
in cloud services. Microsoft 365.

Similar to auditing, Helps detect potential

Insider risk predicts and
Insider Risk as it monitors user data breaches from
prevents threats, while
Management activity to detect within the
auditing logs past events.
threats. organization.

Like Sensitivity Sensitivity labels classify Prevents conflicts of

Labels, they data, while Information interest and data
Information
control access to Barriers block leaks (e.g., separating
Barriers
sensitive communication between finance and sales
information. certain users. teams).

Works with Retention policies apply Ensures critical

Records retention policies broadly, while records records are preserved
Management to manage long- management focuses on for legal or historical
term storage. legally required storage. purposes.

Analogies to Understand Compliance & Data Governance

1. Microsoft 365 Compliance as a Library System

• Analogy:

o DLP is like a librarian ensuring no rare books leave the library.

 o Retention Policies are like setting borrowing limits on books before they
must be returned.

o Sensitivity Labels are like putting restricted access signs on special

collections.

o eDiscovery is like a researcher searching through archives for a specific

book.

o Auditing is like tracking who checked out which book and when.

• Strength: Clearly explains data access, security, and tracking.

• Limitation: Doesn't cover real-time data security risks like insider threats.

2. Compliance as a Company’s Legal Team

• Analogy:

o Compliance Manager is like a corporate lawyer who ensures the company

follows the law.

o DLP is like a security team preventing leaks of sensitive company

information.

o Retention Policies are like keeping legal documents for a required period.

o eDiscovery is like a lawyer searching for evidence in case of a lawsuit.

o Auditing is like tracking who accessed confidential documents.

• Strength: Shows why compliance matters for legal and business security.

• Limitation: Doesn't highlight technical enforcement methods (e.g., encryption).

3. Microsoft 365 Compliance as a High-Security Airport

• Analogy:

o DLP is like security officers scanning for dangerous items.

o Retention Policies are like keeping passenger records for a certain period.

o Sensitivity Labels are like special clearance for VIP travelers.

o eDiscovery is like investigating past travel records for security reasons.

o Auditing is like tracking every security check and passenger movement.

 • Strength: Demonstrates security, monitoring, and compliance in action.

• Limitation: Doesn't illustrate classification and structured governance over time.

Would you like a PowerShell command list for implementing DLP, retention policies, and
compliance settings in Microsoft Graph?

COMPARISON OF KEY CONCEPTS IN

EXCHANGE ONLINE ADMINISTRATION
Why This
Concept Definition Similarities Differences Relationship
Matters

Works with
Governs how Mail flow defines
anti-spam & Ensures emails
emails are routed how emails
Mail Flow & anti-phishing are delivered
between users, travel, while anti-
Connectors protection to securely and
domains, and spam features
secure email reliably.
external services. filter threats.
delivery.

User mailboxes
are for individuals,
All are
Managing Creation and shared mailboxes
Microsoft 365 Helps businesses
Mailboxes management of allow team
mailboxes organize email
(Shared, different mailbox access, and
but serve communication
User, types for resource
different effectively.
Resource) communication. mailboxes manage
purposes.
meeting rooms or
equipment.

Works Anti-spam filters

Filters out Prevents email-
alongside junk mail, while
Anti-Spam & unwanted emails based security
mail flow anti-phishing
Anti-Phishing and phishing threats and
rules to filter detects
Protection attempts to protect business email
harmful fraudulent
users. compromise.
messages. attempts.
 Why This
Concept Definition Similarities Differences Relationship
Matters

Permissions focus
Permissions
on who can see
determine who can
Mailbox emails, while
access a mailbox, Both control Balances security
Permissions retention policies
while retention email access and regulatory
& Retention focus on data
policies define how and storage. compliance.
Policies compliance and
long emails are
lifecycle
stored.
management.

Why These Relationships Matter

Effective Exchange Online management ensures businesses can communicate securely

and efficiently:

• Mail flow rules ensure proper routing, while anti-spam & anti-phishing protect
users.

• Mailbox types optimize team collaboration (e.g., shared mailboxes for customer
service).

• Permissions and retention policies enforce access control and data

compliance.

A well-managed Exchange Online environment reduces security risks, prevents email

downtime, and improves productivity.

Additional Concepts to Explore

Concept Similarities Differences Why It’s Important

Exchange Works with anti- EOP focuses on email

Strengthens email
Online spam & anti- security, while mail flow
security against
Protection phishing to filter ensures emails are
evolving threats.
(EOP) threats. delivered properly.
Concept Similarities Differences Why It’s Important

Provides advanced
Microsoft Expands security EOP handles basic filtering,
protection against
Defender for features for email while Defender adds AI-
phishing and
Office 365 protection. powered security.
malware.

Encryption protects content, Ensures sensitive

Helps secure
Message while permissions control emails remain
emails, similar to
Encryption who can access the secure during
permissions.
mailbox. transit.

Journaling captures email

Supports legal
metadata for legal
Journaling vs. Both store email for compliance and
purposes, while archiving
Archiving compliance. email retention
stores messages for future
policies.
retrieval.

Analogies to Understand Exchange Online Administration

1. Exchange Online as a Post Office System

• Analogy:

o Mail flow is like the routes mail takes to reach its destination.

o Mailboxes are like post office boxes assigned to people or departments.

o Anti-spam & anti-phishing are like postal inspectors checking for

suspicious packages.

o Permissions & retention policies are like who has access to a PO box and
how long mail is kept.

• Strength: Simple, real-world comparison to physical mail.

• Limitation: Doesn’t illustrate advanced security measures like encryption.

2. Exchange Online as a Hotel Reception System

• Analogy:

o Mail flow rules are like hotel front desk staff directing guests to rooms.
 o Shared mailboxes are like conference rooms used by multiple
employees.

o Anti-spam & anti-phishing are like security screening guests before entry.

o Retention policies are like hotel policies on how long guest records are
kept.

• Strength: Shows access control and flow management.

• Limitation: Doesn’t highlight external threats like business email compromise

(BEC).

3. Exchange Online as a Water Supply System

• Analogy:

o Mail flow is like piping that delivers water to homes.

o Anti-spam & anti-phishing are like filters that remove contaminants.

o Mailbox permissions are like who has access to the water supply.

o Retention policies are like water storage limits to prevent overuse.

• Strength: Illustrates flow, security, and access control in a logical way.

• Limitation: Doesn’t emphasize collaboration aspects like shared mailboxes.

Would you like PowerShell commands for Exchange Online automation?

COMPARISON OF KEY CONCEPTS IN

SHAREPOINT ONLINE & ONEDRIVE FOR
BUSINESS
Why This
Concept Definition Similarities Differences Relationship
Matters

SharePoint SharePoint sites Both control SharePoint is for Defines how

Sites & store and access to team-based documents are
Permissions organize stored data collaboration, shared, secured,
documents, with and integrate while OneDrive is and accessed
 Why This
Concept Definition Similarities Differences Relationship
Matters

permission with Microsoft for individual file within an

settings for user 365. storage. organization.
access.

OneDrive is Helps employees

Personal cloud
Both use cloud individual-focused, manage personal
OneDrive storage where
storage and while SharePoint files while
Storage & users save and
allow access supports team ensuring
Policies sync files across
control. collaboration and enterprise data
devices.
automation. security.

SharePoint allows
Ensures secure
Determines how Both have broader
External collaboration
files and folders security organizational
Sharing & with external
can be shared controls to sharing, while
Security partners while
outside the restrict OneDrive is limited
Controls protecting
organization. access. to individual users’
sensitive data.
control.

Why These Relationships Matter

SharePoint and OneDrive form the backbone of document management and collaboration
in Microsoft 365:

• SharePoint enables structured team-based collaboration, while OneDrive

allows personal file management.

• Both provide security and access controls, ensuring compliance with company
policies.

• Understanding permissions is critical to preventing data breaches and

unauthorized access.

Mastering these concepts helps IT administrators ensure efficient collaboration while

maintaining data security.
Additional Concepts to Explore

Concept Similarities Differences Why It’s Important

Helps users
Teams & Both provide Teams is a communication collaborate
SharePoint collaboration tools platform, while SharePoint is seamlessly across
Integration for teams. a document repository. files, chats, and
meetings.

Groups manage access to

Ensures consistent
Both control user multiple services (Teams,
Microsoft 365 permissions
access and SharePoint, Outlook), while
Groups across Microsoft
permissions. SharePoint permissions are
365 services.
site-specific.

Works with security Helps prevent

Data Loss DLP automates security
controls to prevent accidental data
Prevention policies, while permissions
unauthorized data leaks and enforces
(DLP) rely on manual settings.
sharing. compliance.

Information Sensitivity labels apply

Both classify and Adds an extra layer
Protection & security policies, while
secure sensitive of protection
Sensitivity permissions define who can
data. against data leaks.
Labels access files.

Analogies to Understand SharePoint & OneDrive

1. SharePoint as a Library, OneDrive as a Personal Bookshelf

• Analogy:

o SharePoint is like a library where multiple people can check out and
collaborate on books.

o OneDrive is like a personal bookshelf where you keep your own books.

o Permissions control who can borrow or edit certain books.

• Strength: Helps differentiate team vs. personal storage.

• Limitation: Doesn’t fully explain security policies and external sharing.

2. SharePoint as an Office, OneDrive as a Personal Desk

• Analogy:

o SharePoint is like an office space where teams work together.

o OneDrive is like a personal desk where employees store private

documents.

o Permissions act as office keys determining who has access to certain

rooms.

• Strength: Highlights collaboration and security.

• Limitation: Doesn’t illustrate integration with Microsoft Teams and Outlook.

3. SharePoint as a Shared Kitchen, OneDrive as Your Fridge

• Analogy:

o SharePoint is like a shared kitchen where people contribute and use

common resources.

o OneDrive is like a personal fridge where you store your own food.

o External sharing is like letting a friend borrow ingredients.

• Strength: Demonstrates data ownership and access control.

• Limitation: Doesn’t fully capture advanced security settings like DLP.

Would you like PowerShell commands to automate SharePoint & OneDrive

administration?

Here are essential PowerShell commands for automating SharePoint Online and
OneDrive for Business administration.

Prerequisites

Before running any commands:

1. Install SharePoint Online Management Shell

2. Install-Module -Name Microsoft.Online.SharePoint.PowerShell -Force -

AllowClobber

3. Connect to SharePoint Online

 4. Connect-SPOService -Url https://yourdomain-admin.sharepoint.com -Credential
(Get-Credential)

SharePoint Online PowerShell Commands

Task PowerShell Command

List all
Get-SPOSite
SharePoint sites

New-SPOSite -Url "https://yourdomain.sharepoint.com/sites/YourSite"

Create a new
-Owner "admin@yourdomain.com" -StorageQuota 1024 -Template
SharePoint site
STS#3

Delete a Remove-SPOSite -Identity

SharePoint site "https://yourdomain.sharepoint.com/sites/YourSite"

Restore a
Restore-SPODeletedSite -Identity
deleted site
"https://yourdomain.sharepoint.com/sites/YourSite"
from recycle bin

Set-SPOSite -Identity
Set site storage
"https://yourdomain.sharepoint.com/sites/YourSite" -StorageQuota
quota
2048

Grant a user Set-SPOUser -Site "https://yourdomain.sharepoint.com/sites/YourSite"

access to a site -LoginName "user@yourdomain.com" -IsSiteCollectionAdmin $true

OneDrive for Business PowerShell Commands

Connect to OneDrive for Business

Connect-SPOService -Url https://yourdomain-admin.sharepoint.com

Task PowerShell Command

Get all OneDrive

Get-SPOSite -IncludePersonalSite $true
sites
Task PowerShell Command

Find a user's
Get-SPOUserOneDriveLocation -User "user@yourdomain.com"
OneDrive URL

Grant admin Set-SPOUser -Site "https://yourdomain-

access to a my.sharepoint.com/personal/user_domain_com" -LoginName
OneDrive account "admin@yourdomain.com" -IsSiteCollectionAdmin $true

Delete a user’s
OneDrive after Remove-SPOSite -Identity "https://yourdomain-
account my.sharepoint.com/personal/user_domain_com"
deactivation

Restore a deleted Restore-SPODeletedSite -Identity "https://yourdomain-

OneDrive account my.sharepoint.com/personal/user_domain_com"

Automating Bulk Operations

If you need to process multiple users/sites in bulk, you can use a CSV file:

Bulk Add Users as SharePoint Admins

$users = Import-Csv "C:\Users\admin\Documents\users.csv"

foreach ($user in $users) {

Set-SPOUser -Site $user.SiteUrl -LoginName $user.UserPrincipalName -

IsSiteCollectionAdmin $true

Export All SharePoint Sites to a CSV

Get-SPOSite | Select-Object Url, Owner, StorageUsageCurrent, LastContentModifiedDate |

Export-Csv -Path "C:\Users\admin\Documents\SharePointSites.csv" -NoTypeInformation

Next Steps

• Would you like Microsoft Graph API commands for more advanced automation?
 • Do you need Power Automate flows to manage SharePoint & OneDrive?

COMPARISON TABLE: MICROSOFT

TEAMS ADMINISTRATION VS.
ENDPOINT MANAGEMENT (INTUNE)
Feature Microsoft Teams Administration Endpoint Management (Intune)

Manages communication & Manages and secures devices (PCs,

Purpose
collaboration in Teams phones, tablets)

Chat, meetings, file sharing, Device compliance, app

Main Functions
policies management, security settings

Endpoint security, updates, and

Control Scope Teams settings, policies, lifecycle
access policies

Security Data loss prevention (DLP), Conditional access, mobile device

Features retention policies policies

Affects how users collaborate in Controls device compliance and

User Impact
Teams security

Works with SharePoint, Exchange, Works with Microsoft 365 Defender,

Integration
OneDrive Teams, Azure AD

Management Microsoft Intune (Endpoint Manager)

Teams Admin Center & PowerShell
Tool & PowerShell

Ensures secure and effective Protects company data on devices,

Biggest Benefit
collaboration even personal ones

Why This Relationship Matters

• Teams needs endpoint security: If unmanaged devices access Teams, security

risks increase (e.g., data leaks, malware).

• Intune enforces compliance: Ensures only secure, compliant devices access

Teams and other Microsoft 365 services.
 • Collaboration and security must balance: Teams enables communication, but
Intune enforces security without disrupting productivity.

Related Concepts & Their Importance

Concept Similarity Difference Why It Matters

Knowing when to use

Both support Teams is for real-time each helps in
Teams vs.
collaboration and communication; SharePoint is structuring
SharePoint
file sharing for structured content storage workspaces
effectively

Intune applies policies Using both ensures

Intune vs. Both enforce
directly to devices, while secure and compliant
Conditional security policies
Conditional Access controls access to Microsoft
Access on devices
sign-in behavior 365

Combining both
Microsoft Defender detects and
Both enhance strengthens security
Defender vs. mitigates threats, while Intune
security across endpoints and
Intune manages device policies
users

Analogies to Explain the Concepts

1⃣ Microsoft Teams is a digital office, and Intune is the security system

• Analogy: Imagine a physical office where Teams is the conference room, allowing
employees to communicate, share ideas, and collaborate. Intune is the security
system that ensures only authorized people enter and follow workplace rules.

• Strength: Highlights how both enable productivity while ensuring security.

• Limitation: Doesn't cover cloud-specific threats (e.g., phishing, identity theft).

2⃣ Teams is a smartphone, and Intune is the parental control settings

• Analogy: A smartphone allows communication and app usage (like Teams), but
parental controls (Intune) enforce restrictions to prevent misuse.
 • Strength: Shows how policies can restrict or allow specific actions.

• Limitation: Doesn't fully explain security compliance and enforcement levels.

3⃣ Teams is a public park, and Intune is the park ranger

• Analogy: A public park (Teams) allows people to gather and interact, but park
rangers (Intune) enforce rules, ensure safety, and remove hazards.

• Strength: Demonstrates proactive monitoring and security enforcement.

• Limitation: Doesn't cover device-specific controls like encryption or remote wipe.

Follow-Up Questions

• Do you want PowerShell commands to automate Teams policies and Intune

settings?

• Would you like to explore Defender for Endpoint, which integrates security with
Intune?

Here are some PowerShell commands to automate Microsoft Teams policies and Intune
settings using Microsoft Graph PowerShell and Teams PowerShell Module.

AUTOMATING MICROSOFT TEAMS

POLICIES VIA POWERSHELL
1⃣ Install and Connect to Microsoft Teams PowerShell

Install-Module -Name PowerShellGet -Force -AllowClobber

Install-Module -Name MicrosoftTeams -Force -AllowClobber

Connect-MicrosoftTeams

Why? This connects you to the Microsoft Teams admin environment.

2⃣ List All Teams in the Organization

Get-Team

Why? Helps you see existing teams and manage them efficiently.

3⃣ Create a New Team

New-Team -DisplayName "IT Support Team" -Visibility Private -Description "Team for IT
Support"

Why? Automates team creation for structured collaboration.

4⃣ Assign a Teams Policy to a User

Grant-CsTeamsMessagingPolicy -Identity user@domain.com -PolicyName

"MessagingPolicy-Restricted"

Why? Controls chat features for compliance.

5⃣ Set a Global Meeting Policy

Set-CsTeamsMeetingPolicy -Identity Global -AllowCloudRecording $false -

AllowTranscription $false

Why? Ensures security by preventing unauthorized meeting recordings.

6⃣ Bulk Assign Teams Policies to Multiple Users

$users = Get-Content "C:\UsersList.txt"

ForEach ($user in $users) {

Grant-CsTeamsMeetingPolicy -Identity $user -PolicyName "StandardMeetingPolicy"

Why? Saves time by applying policies in bulk.

 Automating Microsoft Intune (Endpoint Management) via PowerShell

1⃣ Install and Connect to Microsoft Graph PowerShell

Install-Module Microsoft.Graph -Scope CurrentUser

Connect-MgGraph -Scopes "DeviceManagementConfiguration.ReadWrite.All"

Why? Required for managing Intune settings via PowerShell.

2⃣ List All Intune-Managed Devices

Get-MgDeviceManagementManagedDevice | Select-Object DeviceName,

UserPrincipalName, OperatingSystem, ComplianceState

Why? Provides a report on device compliance and management status.

3⃣ Wipe a Lost or Stolen Device

Invoke-MgDeviceManagementManagedDeviceWipe -ManagedDeviceId "device-id"

Why? Ensures sensitive data is erased from compromised devices.

4⃣ Create a Conditional Access Policy for Secure Teams Access

$params = @{

displayName = "Require MFA for Teams Access"

conditions = @{

applications = @{ includeApplications = @("d4ce73c8-0156-4b40-bc87-

3505e3e0c77b") } # Teams App ID

userRiskLevels = @("high")

grantControls = @{

builtInControls = @("mfa")

}
}

New-MgConditionalAccessPolicy -BodyParameter $params

Why? Enforces Multi-Factor Authentication (MFA) when accessing Teams.

5⃣ List All Intune Policies

Get-MgDeviceManagementDeviceCompliancePolicy | Select-Object DisplayName,

Description

Why? Allows you to review existing security and compliance policies.

6⃣ Deploy a Compliance Policy to Devices

$params = @{

displayName = "Windows 10 Compliance Policy"

description = "Ensure devices meet security requirements"

operatingSystem = "Windows10AndLater"

settings = @{

passwordRequired = $true

passwordMinimumLength = 8

New-MgDeviceManagementDeviceCompliancePolicy -BodyParameter $params

Why? Enforces password policies and other compliance settings.

What’s Next?

Would you like scheduled automation scripts for regular policy enforcement and
reporting?
Here’s a detailed breakdown of Week 8: PowerShell & Microsoft Graph for Automation in
a structured way:

COMPARISON TABLE: POWERSHELL VS.

MICROSOFT GRAPH FOR AUTOMATION
Microsoft Graph PowerShell
Feature/Concept PowerShell (MSOL/AzureAD)
(MgGraph)

Connect-MSOLService /
Connect-MgGraph (modern
Authentication Connect-AzureAD (username &
authentication, OAuth 2.0)
password)

Deprecation Being phased out (deprecated Actively supported and

Status by March 2024) recommended

Command Uses Get-MsolUser, Set-

Uses Get-MgUser, Update-MgUser
Structure AzureADUser

Covers a wider range: Teams,

Data Access
Limited to Azure AD/MSOL data SharePoint, Exchange, Intune,
Scope
Security & Compliance

Faster, optimized for bulk

API Performance Slower and less efficient
processing

Username/Password-based Uses OAuth tokens with granular

Security Model
authentication permissions

New-MsolUser - New-MgUser -DisplayName "User"

Example User
UserPrincipalName -UserPrincipalName
Creation
"user@domain.com" "user@domain.com"

Why Are These Relationships Important?

Understanding the transition from MSOLService to Microsoft Graph is critical because:

 1. Efficiency: Microsoft Graph enables broader automation across M365 services.

2. Security: OAuth-based authentication is more secure than traditional

username/password authentication.

3. Future-Proofing: Since MSOLService is deprecated, learning Graph PowerShell

ensures you stay relevant.

4. Scalability: Graph allows bulk operations, making administration faster and

reducing errors.

By understanding both old (PowerShell MSOLService/AzureAD) and new (Microsoft

Graph PowerShell) approaches, you can confidently manage M365 environments without
relying on outdated methods.

ADDITIONAL RELATED CONCEPTS

Relation to PowerShell &
Concept Importance
Microsoft Graph

REST API in Microsoft PowerShell scripts interact Helps admins integrate with
Graph with the Graph API external applications

Data from Graph API is in Understanding JSON helps in

JSON & API Queries
JSON format processing API responses

Used in Microsoft Graph Enhances security and role-

OAuth 2.0 Authentication
authentication based access

Power Automate & Logic Workflows that can call Automates M365 administration
Apps PowerShell scripts beyond PowerShell

Azure Functions & Run PowerShell scripts in Enables scheduled automation

Automation Accounts the cloud of admin tasks

3 Analogies to Explain PowerShell & Microsoft Graph Automation

1⃣ Factory Production Line (Automating Repetitive Tasks)

 • Analogy: Imagine an assembly line in a factory that builds cars. Instead of workers
manually assembling parts, machines (automation) do it faster and more
accurately.

• Strength: Demonstrates how PowerShell automates administrative tasks efficiently.

• Limitation: Doesn’t explain security controls like role-based access.

2⃣ GPS vs. Old Paper Maps (Transition from MSOL to Graph)

• Analogy: Using MSOLService is like relying on old paper maps, while Microsoft
Graph is like using GPS navigation—it's real-time, updated, and more accurate.

• Strength: Highlights why moving to Microsoft Graph PowerShell is necessary.

• Limitation: Doesn’t cover the complexity of API permissions and authentication.

3⃣ Remote Control for Smart Home Devices (Microsoft Graph API)

• Analogy: Microsoft Graph is like a universal smart home remote that can control
lights, AC, security cameras, and speakers—whereas MSOLService is like having a
separate remote for each device.

• Strength: Explains how Graph PowerShell can manage multiple M365 services
from one interface.

• Limitation: Doesn’t emphasize how API calls and JSON data work.

Next Steps

Would you like hands-on PowerShell scripts for Microsoft Graph automation, including
scheduled automation tasks and report generation? Let me know!

COMPARISON TABLE: MICROSOFT 365

ADDITIONAL TOPICS
Topic Similarities Differences

Hybrid identity integrates with on-

Hybrid Identity & Azure Manages user
premises AD; Azure AD Connect
AD Connect authentication
syncs user directories
Topic Similarities Differences

Privileged Identity Enhances security by PIM grants just-in-time access; RBAC

Management (PIM) managing admin access assigns permanent roles

Focuses on email and endpoint

Defender for Microsoft Protects against cyber
security, unlike general compliance
365 threats
tools

Microsoft 365 Licensing Manages user access Focuses on optimizing costs rather
Optimization and costs than security

Power Automate & Logic Automates workflows in Power Automate is low-code; Logic
Apps Microsoft 365 Apps is for advanced automation

Advanced Threat
Helps detect security Security monitoring is broader and
Analytics & Security
threats includes compliance audits
Monitoring

Microsoft Endpoint Manages devices and Intune focuses on mobile device

Manager (Intune) apps management

Zero Trust Security Enhances security using Zero Trust applies to users, devices,
Model least privilege and networks

Why These Relationships Matter

Understanding these concepts together helps you grasp the broader security, automation,
and identity management framework in Microsoft 365. For example, knowing how
Privileged Identity Management (PIM) works with Zero Trust can help you implement
stronger access controls. Similarly, integrating Power Automate with Defender for Microsoft
365 can improve threat response times by automating alerts and actions.

Additional Related Concepts

• Conditional Access Policies – Helps enforce MFA and access controls.

• Microsoft Sentinel – Security analytics and threat detection.

• Data Loss Prevention (DLP) – Protects sensitive information from being shared.
 • eDiscovery – Helps with legal and compliance investigations.

Analogies to Explain These Concepts

1. Microsoft 365 Security as a Castle Defense System

o Strength: Explains layers of security like walls (firewalls), guards (MFA), and
restricted access (PIM).

o Limitation: Doesn't fully explain automation and proactive threat detection.

2. Automation as a Self-Driving Car

o Strength: Demonstrates how Power Automate and Logic Apps streamline

repetitive tasks.

o Limitation: Some administrative tasks still require human oversight.

3. Zero Trust as a VIP Event

o Strength: Highlights how only pre-approved guests (users/devices) can enter

with proper credentials.

o Limitation: May not fully explain continuous access verification and micro-
segmentation.

By understanding these concepts and their relationships, you can better navigate Microsoft
365 administration and security effectively.