Pass Microsoft 365 MS-101 Exam in First Attempt Guaranteed!
Get 100% Latest Exam Questions, Accurate & Verified Answers to Pass the Actual Exam!
30 Days Free Updates, Instant Download!
MS-101 Premium Bundle
- Premium File 403 Questions & Answers. Last update: Nov 20, 2022
- Training Course 82 Lectures
- Study Guide 524 Pages
Last Week Results!
|Download Free MS-101 Exam Questions|
Size: 3.62 MB
Size: 3.6 MB
Size: 2.55 MB
Size: 1.98 MB
Size: 1.95 MB
Size: 1.68 MB
Size: 1.61 MB
Size: 1.74 MB
Size: 1.34 MB
Size: 1.45 MB
Size: 1.14 MB
Size: 953.06 KB
Microsoft 365 MS-101 Practice Test Questions and Answers, Microsoft 365 MS-101 Exam Dumps - PrepAway
All Microsoft 365 MS-101 certification exam dumps, study guide, training courses are Prepared by industry experts. PrepAway's ETE files povide the MS-101 Microsoft 365 Mobility and Security practice test questions and answers & exam dumps, study guide and training courses help you study and pass hassle-free!
Exchange Online Protection
7. Creating a Transport Rule to Bypass Safe Attachments
Having established an advanced threat protection and safe attachment policy, you may find yourself wanting to change the behaviour of attachments in certain environments. For example, do we really want to have all the messages between employees inside our organisation delayed if they have an attachment on them while it goes through and gets scanned for ATP? You can actually modify this behaviour by setting up an exclusion in your policy to bypass it. You can set up an exchange transport rule to actually bypass the safe attachments. In order to do that, you actually work in the Exchange Admin Center.
So if I were to open up the Exchange AdminCenter, I would have the ability to go in here and go to my mail flow, and in the mail flow, I could create a rule, a mail transport rule. So we're going to simply go in here and say, "I wanted to create a mail transport rule here." Notice we have the ability to restrict messages by sender and recipients, et cetera. But let's just go ahead and create a brand new rule. So we'll create a brand new rule. We'll open that up. We'll call this one the Safe Attach Bypass Rule. All right?
Now when will this rule apply? Right? If I go and click on this, if the sender is, if the recipient is, if the sender is located, And that sounds more along the lines of what I'm looking for. So I can say, you know, what if the sender is a member of the recipient address of any attachment that it contains. So I have the ability to go out there and actually define this for different environments. Let's say in this case that the sender is located inside my organization, right?
So if it's inside the organization, we'll let them bypass the safe attachments rule. If it was outside, which I'm not selecting, the rules still don't apply to them, right? So we're going to go ahead and actually say that if the sender is located inside my organization, what I want to do is modify the header. I want to set the header on that document to bypass the safe attachments. Now, in order to do that, you'd have to pull this down and go into the header setting. but it's not there. It's not actually showing. What you need to do is, if you look, you'll see that you actually have a "more options" section right here, right? And we have to go in there and actually click on the more options.
And once I do that now, when I pull down and do the following, you're going to see I have a lot more choices than I had before, right? And in this case, I can go down there and modify the message properties, and I can set a message header. So I'm going to click on and set a message header, and I want to enter the text that I want to appear in the safe attachments policy, right? to bypass it. So I'm going to click on "enter the text" and I'm going to enter the actual text that I want to have that. Now here is the actual text. Okay? In terms of the syntax, it has to be typed in exactly like this. So the XMS exchange.org skipsafeattachmentprocessing is going to be added to the header. And when a message comes in and the safe attachment policy sees it, it will allow it to bypass and not process it. So you have the ability to go out there and do that.
But what you need to understand about this is that when you're setting the message header, there are actually two different values you can enter, and you must fill in a value for the second part or it's going to ignore it. But if you click on "enter text" and just put in a space so that it actually has a value in there, then it can ignore it for the rest of the message. So now that I've got my policy set up right, I can go ahead and save it. And I now have an enforced policy that if somebody inside my organisation sends a message, the header will have the bypass safe attachment processing put into it, and it won't go through ATP now, and therefore there won't be any delay with people sending messages to each other inside the organization.
8. Creating a Safe Links Policy
If your subscription includes Advanced Threat Protection, you actually have a default Safe Links Attachment policy already created as part of your tenant account. Now, you can modify that if you wish. Sure, you can add other ones as well. Let's go take a look here in the Security and Compliance Center. I'm going to go down to Threat Management, and in Threat Management, I'm going to scroll down to Policy. Now, under policy, we have ATP, or safe links. I'm going to open up the Safe Links environment. What you're going to see is that there's a default policy, which is organization-wide and applies to everybody in the organization, right. I can't delete it, but I can modify some of the behaviours that are associated with it. That default policy right now does not track users. Click on the safe link. So it's not going to do any tracking.
When they click through to the link itself, there won't be any trackback on it. and that's enabled. Do not let users click through. which means that if they click the link and it's going to take them to a malicious site, it won't allow them to continue on to that site. And then we have this option here applied to 2016 on Windows. If you have Office 2016 or newer with ATP, if a user were to go click a link, say in a PowerPoint presentation, or if a user were to click a link in a Word document, you could have it also processed via ATP, but notice that's actually disabled. So if you wanted to do that, you would have to come to the default policy and choose to edit it. Click on the little pencil and edit it. We have the ability now to click the link to say, "Use Safe Links for 365ProPlus, Office for iOS and Android Devices." Now there's one other option that we're being presented with here in this default policy environment. And notice I can blacklist certain URLs, so I can actually add URLs, even if they are not considered to be malicious sites.
I can actually add in URLs that I want to be excluded so that when my users click them, it will deny them the ability to go out there and access that location. So it does give you some ability to modify that in the safe links. We can go out there and save it. Now, in this case, our users are going to go out there and now be able to have safe links as part of the 2016 environment as well. But if you scroll down a little further, this section at the bottom allows us to create policies based on individuals. So we can assign these to just select people in the organisation if we want to. I'll go ahead and click on the plus sign there to open that up. We can give this a name, and we'll just call this one. Let's see. How about safe links for it? We'll just make it for some people in the IT department, for example, so select the action of unknown, potentially malicious URLs. So if we've got some URLs and we don't know if they're safe or not, what do we want to do? Right? In this case, if it's off, it won't do anything, or we can have the unknown URL rewritten and checked against a list of known malicious sites before it allows the user to go through.
So let's go ahead and turn that policy on. Now that I have that policy, I can apply real-time URL scanning to all the suspicious URLs out there, right? We could go out there and apply safe links to email messages if we wanted to. So if somebody has it in an email, we can say, "Don't track our safe link; click through in our URLs." And again, I have the ability to go out there and say, "You know what, here are some URLs that I want to whitelist and that I want to be able to go to." So instead of blocking them, these are URLs that I actually want to allow my users to access, even if they show up on a malicious site. And I could add those URLs in, but then I have to specify who this belongs to.
Individual recipients, people in a domain And again, I could choose my male domain, which would be everybody, or I could go out there and make it if they're members of a given group, right, and we'd go through and choose whatever distribution list or security groups that we wanted to have here in the environment. Like, for example, we'll go out there and just say, for example, the dynamic group here, and create that and save that. So now I have a new "safe links" policy that's not applying to everybody in the organization, just the people that are part of that dynamic group. I think that dynamic group happened to be based on your department being accounts. So if your department equals accounts, you'd have this new "safe attachment policy," which would be a little bit different than what the default policy might be.
9. Creating a Transport Rule to Bypass Safe Links
If your Microsoft 365 subscription also has advanced threat protection as part of it, either with an E-five planner or as an add-on, that means you already have a default Safe Links Process Processing rule established for your organization. So Safe Links will actually process for everybody in your organization. Now you can create other Safe Link policies that you earmark for certain individuals or segments of your group as well, if you want to. But you may find yourself wanting to bypass safe link processing for emails that are sent inside your organization. In order to do that, you actually have to create a mail transport rule. We go over to the Exchange Admin Center to do that. In the Exchange Admin Center, we go into MailFlow, and in Mail Flow, we go into our rules section, and we click to create a new rule.
Now we'll give this rule a name, such as the "Safe Links Bypass Rule." Just being very descriptive, so if somebody sees that rule, they'll know exactly what it is we're trying to do with it. I can apply this rule to people if they're inside my organization, right? So you're somebody inside the organisation sending the message. So we'll say the sender is located inside the organization. We're going to do one of the following: Now the problem is that when I click these choices, what I want to do is be able to set a property in the header, but that choice isn't here. You have to go in and actually click on the "More options" button first. When you do that, that will open up some additional choices. In the drop-down menu, I'm going to scroll down to modify the message property, and what I'm going to want to do is go out there and actually set a message header, right? So I'm going to go through and set a message header here in the environment. So we'll select that one. And now I have to set the value. I have to click on the Enter text button and actually set a value.
So I'll click on that, and I'll enter a value here. Now the value that you need to set here, right, is "xmsexchangeorganization skipsafelink processing," and it needs to be exactly that message, okay? That has to be in the message header. If you have any syntax errors or anything like that in there, it will error out if you try to save the message. So we'll go ahead and click "Okay" on that. And the second "Enter text" section over here, you can't leave it saying "Enter Text." You do have to actually enter some text for that, right? In order to do that, we can click on it, but I don't need to enter anything of real value because we're not going to use it. So I'm just going to put it in a space there as a holder so that I can take care of saving the policy. Now that I have that all set I can go out here and click on "Save," and this will create a "safe links" bypass policy. So if somebody goes and sends a message from inside the organisation to somebody else in the organization, because it came from somebody inside, the header will automatically bypass safe links. And as such, the user will now be able to click that link without having it processed to see if it's malicious or not.
10. Monitoring and Reporting
In working with Exchange online protection, we get a lot of feedback on the types of things that are actually being stopped, who is doing it, and where it's coming from. And in the Security and Compliance Center, we can actually look at a lot of those reports. If I were to scroll down in the Security and Compliance Center to the Reports section, I'd click on Reports and click on the Reports dashboard. Now the dashboard will populate with a lot of different reports for me to start going through and taking a look at. If we scroll down a little bit, I can see things like how many males were impacted by a transportation rule. So in other videos, we created transport rules to do things like bypass the spam filter and the safe attachments filter.
Now I can actually see how many messages are being impacted by those and see what's actually happening with it. I can see my top senders and recipients, my spoof detections that I have going on, spam detections going on in my environment, and how much sent and received mail we have. And while these are nice little charts to look at, I can actually drill a little bit deeper. So let's go open one up. Let's open up the spoof detections for a moment, and I can take a look to see. Now what you see is that I've got some good mail and some mail that was caught as spam, right? And you'll notice here that we've got some good mail flowing through this smaller environment, and then I've got some mail that was actually caught. Well, if I want to get a little bit more detail on that instead of looking at it as a chart, I can actually click on "view details" in the table when I open that up. No data is available for the selected range.
So we have some data, but it's not sufficient for us to be able to go out there and actually see it within this report. You need a good amount of data to be able to do that. Let's go through and take a look at another one. For example, let's just look at our top senders and recipients report here. We'll open that up. And let me go into my view tables here, and I can see that our good friend Ethan Cain has been sending and receiving the bulk of the mail here for the organization, right? You can see the postmasters got some, saleshas got some, and then there are some default ones from exchange.org that were sent out there as well. And again, you can switch between the two here, depending on whether you want to see the graphical chart or the details. We can filter out certain things if we want to, if the report is filled with hundreds of different users out there. But the other thing I can do is keep track of who my top senders and recipients were. And I don't feel the need to come in here and look at this on a regular basis. I can actually create a scheduled report, right? I can click on "create a schedule" and have it go out there.
In this case, send it to me weekly; that's fine; that'll work for me. and create the schedule. So I've now got a report that will actually show up in my mailbox. I no longer have to come in here and look for it. And once a week I'm going to get that report. If I wanted to, I could manage the schedule, right? Here's the report. You can see it coming to me. I'm going to the weekly top senders report. But if I wanted to, I could edit that schedule and make it monthly instead of weekly. Maybe I want it just once a month, right? So I want to get an idea of what's going on. And notice here the expiration date, right? It's going to expire in 2020, but let's change that to 2030 because I want to make sure that I get this for a long time out there in the environment. So now I'm going to have those reports coming to me monthly instead of weekly, right in my mailbox, without me having to go in and actually look for them, which is a nice feature.
So if we're looking at a report, if I open one up, let's say, again, for example, let's go ahead and open up the spam detection report here, right? I'm going through and looking at this, and I notice that there are some actions here that we can take. We have the ability to go out there and change the direction of it and the breakdown here in the environment. Again, I can request a report and just have it generate one. And then I'd have the ability to download a report from the requested reports list here. And of course, we do have the ability to go out there and view some of the details in the spam detection. So it does give us the ability to go through and actually look at that. You can see this was going to be part of a weekly digest email that we're going to be able to see delivered to our inbox. There is lots of information available to see exactly how Exchange Online Protection is protecting your organization.
Microsoft 365 MS-101 practice test questions and answers, training course, study guide are uploaded in ETE Files format by real users. Study and Pass MS-101 Microsoft 365 Mobility and Security certification exam dumps & practice test questions and answers are to help students.