MCSE ( Microsoft Certified Solutions Expert )
Best institute for MCSE Core Infrastructure and MCSE Productivitytraining in Nepal, Jhapa, NW Networks has a team of certified, passionate and experienced faculties. These faculties are trained to mentor, guide and train students and professionals alike.
MCSE Core Infrastructure and MCSE Productivity courses at NW Networks in Jhapa Centre provides 24×7 Lab Facility. MCSE Core Infrastructure and MCSE Productivity is the expert level certification from Microsoft for the students and professionals who are looking for empowering their credentials with global certificates which will open the doors of infinite possibilities in their careers in the vast field of Microsoft technologies.
Microsoft has designated certification path competency areas as:
- Core Infrastructure: Excellence in workload administration & engineering
- Productivity: Expertise in deploying MS Office Cloud & Hybrid solutions to enterprise customers
- The remaining areas are Data Management & Analytics, App Builder and Business Applications.
Microsoft certification program has defined very specific competency areas that segregates MCSE into two different paths. The first path is MCSE Core Infrastructure and the second one is MCSE Productivity.
After receiving MCSA Windows Server 2012 or MCSA Windows Server 2016, you can receive either MCSE Core Infrastructure or MCSE Productivity by clearing any one of the elective exams available. Each track has 5 & 4 elective exams respectively. You need to clear one exam from the elective exams to receive MCSE in the respective track. The following are the details about MCSE Core Infrastructure and MCSE Productivity.
- MCSE CORE INFRASTRUCTURE
- This certification validates the skills needed to run a highly efficient and modern Data Center, Identity Management, Systems Management, Virtualization, Storage and networking.
The following are the elective exams available. You can clear anyone of them to receive an MCSE CORE INFRASTRUCTURE certificate.
- 70-413 – Designing and Implementing a Server Infrastructure
- 70-414 – Implementing an Advanced Server Infrastructure
- 70-537 – Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack (Retires Dec 31, 2019)
- 70-745 - Implementing a Software-Defined Datacenter
- 70-744 – Securing Windows Server 2016
MCSE Core Infrastructure certification qualifies you for jobs as administrator, architect, computer support specialist and information security specialist.
- MCSE PRODUCTIVITY
- This certification validates the skills needed to move your company to the cloud, increase user productivity and flexibility, reduce data loss and improve data security for your company.
- This certification is one of the prerequisites to become a Microsoft 365 Certified Enterprise Administrator Expert.
The following are the elective exams available. You can clear anyone of them to receive an MCSE PRODUCTIVITY certificate.
- 70-345 - Designing and Deploying Microsoft Exchange Server 2016
- 70-339 - Managing Microsoft SharePoint Server 2016
- 70-333 - Deploying Enterprise Voice with Skype for Business 2015
- 70-334 - Core Solutions of Microsoft Skype for Business 2015
MCSE CORE INFRASTRUCTURE EXAM SYLLABUS
70-413 – Designing and Implementing a Server Infrastructure
- Plan and deploy a server infrastructure (20–25%)
- Design and implement network infrastructure services (20–25%)
- Design and implement network access services (15–20%)
- Design and implement an Active Directory infrastructure (logical) (20–25%)
- Design and implement an Active Directory infrastructure (physical) (20–25%)
Plan and deploy a server infrastructure (20–25%)
- Design and implement network infrastructure services (20–25%)
- Design and implement network access services (15–20%)
- Design and implement an Active Directory infrastructure (logical) (20–25%)
- Design and implement an Active Directory infrastructure (physical) (20–25%)
Plan and deploy a server infrastructure (20–25%)
- Design and plan an automated server installation strategy
- Design considerations including images and bare metal/virtual deployment; design a server implementation using Windows Assessment and Deployment Kit (ADK); design a virtual server deployment
- Plan for deploying servers to Microsoft Azure infrastructure as a service (IaaS); plan for deploying servers to the public and private cloud by using AppController and Windows PowerShell; plan for multicast deployment; plan for Windows Deployment Services (WDS)
- Implement a server deployment infrastructure
- Configure multi-site topology and transport servers; implement a multi-server topology, including stand-alone and Active Directory-integrated Windows Deployment Services (WDS) servers; deploy servers to Microsoft Azure IaaS; deploy servers to the public and private cloud by using AppController and Windows PowerShell
- Plan and implement server upgrade and migration
- Plan for role migration; migrate server roles; migrate servers across domains and forests; design a server consolidation strategy; plan for capacity and resource optimization
- Plan and deploy Virtual Machine Manager services
- Design Virtual Machine Manager service templates; plan and deploy profiles, operating system profiles, hardware and capability profiles, application profiles, and SQL profiles; plan and manage services including scaling out, updating and servicing services; configure Virtual Machine Manager libraries; plan and deploy services to non-trusted domains and workgroups
- Plan and implement file and storage services
- Planning considerations include iSCSI SANs, Fibre Channel SANs, Virtual Fibre Channel, storage spaces, storage pools including tiered storage and data de-duplication; configure the Internet Storage Name server (iSNS); configure Services for Network File System (NFS); plan and implement SMB 3.0 based storage; plan for Windows Offloaded Data Transfer (ODX)
Design and implement network infrastructure services (20–25%)
- Design and maintain a Dynamic Host Configuration Protocol (DHCP) solution
- Design considerations including a highly available DHCP solution including split scope, DHCP failover, and DHCP failover clustering, DHCP interoperability, and DHCPv6; implement DHCP filtering; implement and configure a DHCP management pack; maintain a DHCP database
- Design a name resolution solution strategy
- Design considerations including Active Directory-integrated zones, DNSSEC, DNS Socket Pool, cache locking, disjoint namespaces, DNS interoperability, migration to application partitions, IPv6, Single-Label DNS Name Resolution, zone hierarchy, and zone delegation
- Design and manage an IP address management solution
- Design considerations including IP address management technologies including IPAM, Group Policy-based, manual provisioning, and distributed, centralized, hybrid placement, and database storage; configure role-based access control; configure IPAM auditing; migrate IPs; manage and monitor multiple DHCP and DNS servers; configure data collection for IPAM; integrate IPAM with Virtual Machine Manager (VMM)
Design and implement network access services (15–20%)
- Design a VPN solution
- Design considerations including certificate deployment, firewall configuration, client/site to site, bandwidth, protocol implications, connectivity to Microsoft Azure IaaS and VPN deployment configurations using Connection Manager Administration Kit (CMAK)
- Design a DirectAccess solution
- Design considerations including deployment topology, migration from Forefront UAG, One Time Password (OTP), and use of certificates issued by enterprise Certificate Authority (CA)
- Design a Web Application Proxy solution
- Design considerations including planning for applications, authentication, and authorization, Workplace Join, devices, multifactor authentication, multifactor access control, single sign-on (SSO), certificates, planning access for internal and external clients
- Implement a scalable remote access solution
- Configure site-to-site VPN; configure packet filters; implement packet tracing; implement multi-site Remote Access; configure Remote Access clustered with Network Load Balancing (NLB); implement an advanced DirectAccess solution, configure multiple RADIUS server groups and infrastructure, configure Web Application Proxy for clustering
- Design and implement network protection solution
- Design considerations including Network Access Protection (NAP) enforcement methods for DHCP, IPSec, VPN, and 802.1x, capacity, placement of servers, firewall, Network Policy Server (NPS), and remediation network, configure NAP enforcement for IPsec and 802.1x, monitor for compliance
Design and implement an Active Directory infrastructure (logical) (20–25%)
- Design a forest and domain infrastructure
- Design considerations including multi-forest architecture, trusts, functional levels, domain upgrade, domain migration, forest restructure, Microsoft Azure Active Directory and DirSync
- Implement a forest and domain infrastructure
- Configure domain rename; configure Kerberos realm trusts; implement a domain upgrade; implement a domain migration; implement a forest restructure; deploy and manage a test forest including synchronization with production forests
- Design a Group Policy strategy
- Design considerations including inheritance blocking, enforced policies, loopback processing, security, and WMI filtering, site-linked Group Policy Objects (GPOs), slow-link processing, group strategies, organizational unit (OU) hierarchy, and Advanced Group Policy Management (AGPM), and Group Policy caching
- Design an Active Directory permission model
- Design considerations including Active Directory object security and Active Directory quotas; customize tasks to delegate in Delegate of Control Wizard; deploy administrative tools on the client devices; delegate permissions on administrative users (AdminSDHolder); plan for Kerberos delegation
Design and implement an Active Directory infrastructure (physical) (20–25%)
- Design an Active Directory sites topology
- Design considerations including proximity of domain controllers, replication optimization, and site link; monitor and resolve Active Directory replication conflicts
- Design a domain controller strategy
- Design considerations including global catalog, operations master roles, Read-Only Domain Controllers (RODCs), partial attribute set, and domain controller cloning, and domain controller placement
- Design and implement a branch office infrastructure
- Design considerations including RODC, Universal Group Membership Caching (UGMC), global catalog, DNS, DHCP, and BranchCache; implement confidential attributes; delegate administration; modify filtered attributes set; configure password replication policy; configure hash publication
EXAM 70-414 - Implementing an Advanced Server Infrastructure
- Manage and maintain a server infrastructure (25–30%)
- Plan and implement a highly available enterprise infrastructure (25–30%)
- Plan and implement a server virtualization infrastructure (25–30%)
- Design and implement identity and access solutions (20–25%)
Manage and maintain a server infrastructure (25–30%)
Design an administrative model
- Design considerations, including user rights and built-in groups; design a delegation of administration structure for Microsoft System Center 2012 R2; design self-service portals by using System Center Service Manager; delegate rights for managing private cloud by using AppController and System Center Virtual Machine Manager
Design a monitoring strategy
- Design considerations including monitoring servers using Audit Collection Services (ACS) and System Center Global Service Monitor, performance monitoring, application monitoring, centralized monitoring, and centralized reporting; implement and optimize System Center 2012 – Operations Manager management packs; plan for monitoring Active Directory
- Plan and implement automated remediation
- Create an Update Baseline in Virtual Machine Manager; implement a Desired Configuration Management (DCM) Baseline; implement Virtual Machine Manager integration with Operations Manager; configure Virtual Machine Manager to move a VM dynamically based on policy; integrate System Center 2012 for automatic remediation into your existing enterprise infrastructure; design and implement a Windows PowerShell Desired State Configuration (DSC) solution
Plan and implement a highly available enterprise infrastructure (25–30%)
- Plan and implement failover clustering
- Plan for and implement multi-node and multi-site clustering including the use of networking storage, name resolution, and Global Update Manager (GUM); design considerations including redundant networks, network priority settings, resource failover, and failback, heartbeat and DNS settings, Quorum configuration, storage placement, and replication, and cluster-aware updates
- Plan and implement highly available network services
- Plan for and configure Network Load Balancing (NLB); design considerations including fault-tolerant networking, multicast vs. unicast configuration, state management, and automated deployment of NLB using Virtual Machine Manager service templates
- Plan and implement highly available storage solutions
- Plan for and configure storage spaces and storage pools; design highly available, multi-replica DFS namespaces; plan for and configure multi-path I/O (MPIO); configure highly available iSCSI Target and iSNS Server; plan for and implement storage using RDMA and SMB multi-channel
- Plan and implement highly available roles
- Plan for a highly available Dynamic Host Configuration Protocol (DHCP) Server, Hyper-V clustering, Continuously Available File Shares, and a DFS Namespace Server; plan for and implement highly available applications, services, and scripts using Generic Application, Generic Script, and Generic Service clustering roles
- Plan and implement a business continuity and disaster recovery solution
- Plan a backup and recovery strategy; planning considerations including Active Directory domain and forest recovery, Hyper-V replica including using Microsoft Azure Site Recovery, domain controller restore and cloning, and Active Directory object and container restore using authoritative restore and Recycle Bin; plan for and implement backup and recovery by using System Center Data Protection Manager (DPM)
Plan and implement a server virtualization infrastructure (25–30%)
- Plan and implement virtualization hosts
- Plan for and implement delegation of virtualization environment (hosts, services, and VMs), including self-service capabilities; plan and implement multi-host libraries including equivalent objects; plan for and implement host resource optimization; integrate third-party virtualization platforms; deploying Hyper-V hosts to bare metal
- Plan and implement virtual machines
- Plan for and implement highly available VMs; plan for and implement guest resource optimization including shared VHDx; configure placement rules; create Virtual Machine Manager templates
- Plan and implement virtualization networking
- Plan for and configure Virtual Machine Manager logical networks, including virtual switch extensions and logical switches; plan for and configure IP address and MAC address settings across multiple Hyper-V hosts, including network virtualization; plan for and configure virtual network optimization; plan and implement Windows Server Gateway; plan and implement VLANs and pVLANs; plan and implement virtual machine (VM) networks; plan and implement converged networks
- Plan and implement virtualization storage
- Plan for and configure Hyper-V host clustered storage; plan for and configure Hyper-V virtual machine storage including virtual Fibre Channel, iSCSI, and shared VHDx; plan for storage optimization; plan and implement storage using SMB 3.0 file shares
- Plan and implement virtual machine movement
- Plan for and configure live and storage migration between Hyper-V hosts; plan for and manage P2V and V2V; plan and implement virtual machine migration between clouds
- Manage and maintain a server virtualization infrastructure
- Manage dynamic optimization and resource optimization; integrate Operations Manager with System Center Virtual Machine Manager and System Center Service Manager; update virtual machine images in libraries; plan for and implement backup and recovery of virtualization infrastructure by using System Center Data Protection Manager (DPM)
Design and implement identity and access solutions (20–25%)
- Design a Certificate Services infrastructure
- Design a multi-tier Certificate Authority (CA) hierarchy with offline root CA; plan for multi-forest CA deployment; plan for Certificate Enrollment Web Services and Certificate Enrollment Policy Web Services; plan for Network Device Enrollment Services (NDES); plan for certificate validation and revocation; plan for disaster recovery; plan for trust between organizations including Certificate Trust Lists (CTL), cross certifications, and bridge CAs
- Implement and manage a Certificate Services infrastructure
- Configure and manage offline root CA; configure and manage Certificate Enrollment Web Services and Certificate Enrollment Policy Web Services; configure and manage Network Device Enrollment Services; configure Online Certificates Status Protocol (OCSP) responders; migrate CA; implement administrator role separation; implement and manage trust between organizations including Certificate Trust Lists (CTL), cross certifications, and bridge CAs; monitor CA health
- Implement and manage certificates
- Manage certificate templates; implement and manage certificate deployment, validation, renewal, revocation, and publishing including Internet-based clients, CAs, and network devices; configure and manage key archival and recovery
- Design and implement a federated identity solution
- Plan for and implement claims-based authentication including planning and implementing Relying Party Trusts; plan for and configure Claims Provider and Relying Party Trust claim rules; plan for and configure attribute stores including Active Directory Lightweight Directory Services (AD LDS); plan for and manage Active Directory Federation Services (AD FS) certificates; plan for and implement Identity Integration with cloud services; integrate Web Application Proxy with AD FS
- Design and implement Active Directory Rights Management Services (AD RMS
- Plan for highly available AD RMS deployment; plan for AD RMS client deployment; manage Trusted User Domains; manage Trusted Publishing Domains; manage Federated Identity support; upgrade or migrate AD RMS; decommission AD RMS
70-537 – Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack(Retires Dec 31, 2019. Replacement exam may be available)
Deploying and Integrating an Azure Stack Environment (20-25%)
- Build test environments by using the Azure Stack Development Kit (ASDK).
- This objective may include but is not limited to: use PowerShell commands; install updated ASDK; troubleshoot failed installs; post-deployment registration
- Configure DNS for data center integration.
- This objective may include but is not limited to: configure external DNS name resolution from within Azure Stack; configure Azure Stack DNS names from outside Azure Stack
- Configure connectivity for data center integration.
- This objective may include but is not limited to: manage firewall ports needed at the edge; configure connectivity to the data center; install and renew certificates for public endpoints
- Connect to and perform API-based administration on Azure Stack.
- This objective may include but is not limited to: connect to the stack by using PowerShell; configure client certificates; configure the firewall to support remote administration; establish RBAC roles for the Azure Stack fabric; create subscriptions for end-users
Configuring PaaS and IaaS for an Azure Stack Environment (25-30%)
- Configure and administer the App Service resource provider.
- This objective may include but is not limited to: configure the system; configure source control; configure worker tiers; configure subscription quotas; scale worker tiers and App Service infrastructure roles; add custom software; configure Azure Stack networking security
- Configure and administer database resource providers.
- This objective may include but is not limited to: configure and administer the SQL adapter; configure and administer the MySQL adapter; set up SKUs; set up additional hosting capacity
- Configure and administer IaaS services.
- This objective may include but is not limited to: implement virtual machine images; prepare Linux and Windows images; prepare a custom image; upload an image created and manage quotas, plans, and offers.
Providing Services to and Enabling DevOps for Azure Stack Tenants (25-30%)
- This objective may include but is not limited to: create quotas; configure plans; configure offers; configure delegated offers; create add-on plans
- Manage tenants.
- This objective may include but is not limited to: add new tenants; remove tenants; manage authentication and authorization; establish RBAC roles for the tenant space
- Manage the Azure Marketplace.
- This objective may include but is not limited to: enable Azure Marketplace on Azure Stack; plan new packages; create and publish new packages; download Azure Marketplace items
- Enable DevOps for tenants.
- This objective may include but is not limited to: enable version control for tenants; manage ARM templates; deploy ARM templates; debug ARM templates; use Microsoft Visual Studio Team Services to connect to Azure Stack; use continuous integration and continuous deployment to automate a pipeline that targets Azure Stack
Maintaining and Monitoring an Azure Stack Environment (20-25%)
- Plan and implement a backup-recovery and a disaster-recovery solution.
- This objective may include but is not limited to: back up Azure Stack infrastructure services; perform cloud recovery of Azure Stack, replicate and failover IaaS virtual machines to Azure; back up and restore PaaS resource data; back up and restore backup and restore of user IaaS virtual machine guest-OS, disks, volumes, and apps
- Manage and monitor capacity, performance, updates, and alerts.
- This objective may include but is not limited to: manage storage; monitor available storage; integrate existing monitoring services; manage public IP address ranges; monitor infrastructure component health; monitor Azure Stack memory, public IP addresses, and storage tenant consumption; apply updates; update system firmware; review and react to alerts
- Manage usage reporting.
- This objective may include but is not limited to: provide access to the usage database; test usage by using the ASDK; collect the usage data by using the Provider Usage API and the Tenant Usage API; investigate the usage time versus the reported time
70-744 – Securing Windows Server 2016
- Implement Server Hardening Solutions (25-30%)
- Secure a Virtualization Infrastructure (5-10%)
- Secure a Network Infrastructure (10-15%)
- Manage Privileged Identities (25-30%)
- Implement Threat Detection Solutions (15-20%)
- Implement Workload-Specific Security (5-10%)
Implement Server Hardening Solutions (25-30%)
- Configure disk and file encryption
- This objective may include but is not limited to: Determine hardware and firmware requirements for secure boot and encryption key functionality; deploy BitLocker encryption; deploy BitLocker without a Trusted Platform Module (TPM); deploy BitLocker with a TPM only; configure the Network Unlock feature; configure BitLocker Group Policy settings; enable Bitlocker to use secure boot for platform and BCD integrity validation; configure BitLocker on Cluster Shared Volumes (CSVs) and Storage Area Networks (SANs); implement BitLocker Recovery Process using self-recovery and recovery password retrieval solutions; configure Bitlocker for virtual machines (VMs) in Hyper-V; determine usage scenarios for Encrypting File System (EFS); configure the EFS recovery agent; manage EFS and BitLocker certificates, including backup and restore
- Implement malware protection
- This objective may include but is not limited to: Implement antimalware solution with Windows Defender; integrate Windows Defender with WSUS and Windows Update; configure Windows Defender using Group Policy; configure Windows Defender scans using Windows PowerShell; implement AppLocker rules; implement AppLocker rules using Windows PowerShell; implement Control Flow Guard; implement Code Integrity (Device Guard) Policies; create Code Integrity policy rules; create Code Integrity file rules
- Protect credentials
- This objective may include but is not limited to: Determine requirements for implementing Credential Guard; configure Credential Guard using Group Policy, WMI, command prompt, and Windows PowerShell; implement NTLM blocking
- Create security baselines
- This objective may include but is not limited to: Install and configure Microsoft Security Compliance Toolkit; create, view, and import security baselines; deploy configurations to the domain and non-domain joined servers
Secure a Virtualization Infrastructure (5-10%)
- Implement a Guarded Fabric solution
- This objective may include but is not limited to: Install and configure the Host Guardian Service (HGS); configure Admin-trusted attestation; configure TPM-trusted attestation; configure the Key Protection Service using HGS; migrate Shielded VMs to other guarded hosts; troubleshoot guarded hosts
- Implement Shielded and encryption-supported VMs
- This objective may include but is not limited to: Determine requirements and scenarios for implementing Shielded VMs; create a shielded VM using only a Hyper-V environment; enable and configure vTPM to allow an operating system and data disk encryption within a VM; determine requirements and scenarios for implementing encryption-supported VMs; troubleshoot Shielded and encryption-supported VMs
Secure a Network Infrastructure (10-15%)
- Configure Windows Firewall
- This objective may include but is not limited to: Configure Windows Firewall with Advanced Security; configure network location profiles; configure and deploy profile rules; configure firewall rules for multiple profiles using Group Policy; configure connection security rules using Group Policy, the GUI management console, or Windows PowerShell; configure Windows Firewall to allow or deny applications, scopes, ports, and users using Group Policy, the GUI management console, or Windows PowerShell; configure authenticated firewall exceptions; import and export settings
- Implement a Software-Defined Datacenter Firewall
- This objective may include but is not limited to: Determine requirements and scenarios for Datacenter Firewall implementation with Software Defined Networking; determine usage scenarios for Datacenter Firewall policies and network security groups; Configure Datacenter Firewall Access Control Lists
- Secure network traffic
- This objective may include but is not limited to: Configure IPsec transport and tunnel modes; configure IPsec authentication options; configure connection security rules; implement isolation zones; implement domain isolation; implement server isolation zones; determine SMB 3.1.1 protocol security scenarios and implementations; enable SMB encryption on SMB Shares; configure SMB signing via Group Policy; disable SMB 1.0; secure DNS traffic using DNSSEC and DNS policies; install and configure Microsoft Message Analyzer (MMA) to analyze network traffic
Manage Privileged Identities (25-30%)
- Implement the Just-In-Time (JIT) Administration
- This objective may include but is not limited to: Create a new administrative (bastion) forest in an existing Active Directory environment using Microsoft Identity Manager (MIM); configure trusts between production and bastion forests; create shadow principals in bastion forest; configure the MIM Web portal; request privileged access using the MIM Web portal; determine requirements and usage scenarios for Privileged Access Management (PAM) solutions; create and Implement MIM policies; implement Just-in-Time administration principals using time-based policies; request privileged access using Windows PowerShell
- Implement Just-Enough-Administration (JEA)
- This objective may include but is not limited to: Enable a JEA solution on Windows Server 2016; create and configure session configuration files; create and configure role capability files; create a JEA endpoint; connect to a JEA endpoint on a server for administration; view logs; download WMF 5.1 to a Windows Server 2008 R2; configure a JEA endpoint on a server using Desired State Configuration (DSC)
- Implement Privileged Access Workstations (PAWs) and User Rights Assignments
- This objective may include but is not limited to: Implement a PAWS solution; configure User Rights Assignment group policies; configure security options settings in Group Policy; enable and configure Remote Credential Guard for remote desktop access; Implement an Enhanced Security Administrative Environment (ESAE) administrative forest design approach; Determine usage scenarios and requirements for implementing ESAE forest design architecture to create a dedicated administrative forest
- Implement Local Administrator Password Solution (LAPS)
- This objective may include but is not limited to: Install and configure the LAPS tool; secure local administrator passwords using LAPS; manage password parameters and properties using LAPS
Implement Threat Detection Solutions (15-20%)
- Configure advanced audit policies
- This objective may include but is not limited to: Determine the differences and usage scenarios for using local audit policies and advanced auditing policies; implement auditing using Group Policy and AuditPol.exe; implement auditing using Windows PowerShell; create expression-based audit policies; configure the Audit PNP Activity policy; configure the Audit Group Membership policy; enable and configure Module, Script Block, and Transcription logging in Windows PowerShell
- Install and configure Microsoft Advanced Threat Analytics (ATA)
- This objective may include but is not limited to: Determine usage scenarios for ATA; determine deployment requirements for ATA; install and configure ATA Gateway on a dedicated server; install and configure ATA Lightweight Gateway directly on a domain controller; configure alerts in ATA Center when suspicious activity is detected; review and edit suspicious activities on the attack timeline
- Determine threat detection solutions using Operations Management Suite (OMS)
- This objective may include but is not limited to: Determine usage and deployment scenarios for OMS; determine security and auditing functions available for use; determine Log Analytics usage scenarios
Implement Workload-Specific Security (5-10%)
- Secure application development and server workload infrastructure
- This objective may include but is not limited to: Determine usage scenarios, supported server workloads, and requirements for deployments; determine usage scenarios and requirements for Windows Server and Hyper-V containers; install and configure containers
- Implement a secure file services infrastructure and Dynamic Access Control (DAC)
- This objective may include but is not limited to: Install the File Server Resource Manager (FSRM) role service; configure quotas; configure file screens; configure storage reports; configure file management tasks; configure File Classification Infrastructure (FCI) using FSRM; implement work folders; configure file access auditing; configure user and device claim types; implement policy changes and staging; perform access-denied remediation; create and configure Central Access rules and policies; create and configure resource properties and lists.
70-745 – Implementing a Software-Defined Datacenter
- Plan and Implement System Center Virtual Machine Manager (VMM) Core Infrastructure
- Implement Software-Defined Networking (SDN)
- Implement Software-Defined Storage
- Implement Datacenter Compute Solutions with Virtual Machine Manager (VMM)
- Secure your Software-Defined Datacenter
- Monitor and Maintain the Software-Defined Datacenter
Plan and Implement System Center Virtual Machine Manager (VMM) Core Infrastructure
- Install and Configure Virtual Machine Manager (VMM)
- Determine requirements for Installation of System Center Virtual Machine Manager; install VMM server, VMM Administrative Console, and VMM local agents; configure SQL database requirements for the VMM database; add Hosts; upgrade VMM from previous versions of VMM including performing a rolling upgrade from Windows Server 2012 R2 host clusters; create service accounts for VMM; uninstall VMM; reinstall from a retained database.
- Install and Configure VMM Host Servers
- Determine requirements for bare metal installation of host servers; perform Hyper-V host deployment to the bare-metal machine; integrate Windows Deployment Services (WDS) with VMM to provide PXE services for bare metal deployments.
- Manage VMM Infrastructure
- Integrate Windows Server Update Services (WSUS) with VMM infrastructure; plan and orchestrate updates and patches on VMM servers, SQL database host agents, and management consoles; create Update Baselines; run compliance scans; remediate host servers and clusters; manage host groups; backup and restore VMM servers.
- Manage VMM Libraries
- Install and configure library servers; add library servers and library shares to VMM; enable Data Deduplication on library server; synchronize libraries; manage library association; manage object equivalence.
- Implement Highly Available VMM Infrastructure
- Determine component requirements for Highly Available VMM infrastructure; create a highly available VMM management server; create a Hyper-V Host cluster by using Failover Cluster Manager; determine requirements and options for SQL Server high availability; determine single-site and multi-site high availability options; create highly available library servers; implement Scale-Out File Server; perform Scale-Out File Server cluster deployment to a bare-metal machine; implement Distributed Key Management Solution; determine upgrade scenarios and options for a highly available VMM deployment; perform Cluster-Aware Updating; implement Rolling Cluster Upgrades; implement stretch clusters; manage mixed-mode clusters.
Implement Software-Defined Networking (SDN)
- Implement Core Network Fabric
- Create logical networks; create logical network sites; create IP pool; configure uplink port profiles; configure virtual port profiles; configure port classifications; create and configure logical switches; configure Hyper-V extensible virtual switches; integrate VMM switches with Top-of-Rack (TOR) switches; implement max bandwidth policies; enable NIC teaming; enable Switch Embedded Teaming (SET); create and configure MAC pools; configure Domain Name System (DNS); configure and enable NIC offload technologies such as virtual Receive Side Scaling (vRSS) and Virtual Machine Multi-Queue (VMMQ), and configure Single-Root I/O Virtualization (SR-IOV) on capable NICs.
- Plan for and Implement SDN solution
- Plan for software-defined network infrastructure; define and document fabric resource endpoints such as host servers, logical networks, software load balancer (SLB) multiplexers (MUX), VLANs and service credentials; implement SDN using VMM Service Templates; configure for single-tenant and multi-tenant scenarios; define front end Virtual IPs (VIPs) in multi-tier scenarios; define back end Dynamic IPs (DIPs) in multi-tier application scenarios; install and configure the SDN Host agent; configure DNS integration with SDN; configure DNS integration with Internal DNS Service (iDNS); create and configure Access Control Lists (ACL) for use in multi-tenant environments; configure virtual subnets.
- Configure a Network Controller (NC)
- Determine usage scenarios and requirements for the Network Controller; implement Network Controller in domain and non-domain environments; test successful Network Controller deployment; query Network Controller resources and provisioning state; define resource objects by using scripts; implement multi-node Network Controller deployments; implement highly available Network Controller resources; set up an Internet Protocol Address Management (IPAM) server.
- Configure and Manage Software Load Balancer (SLB)
- Determine infrastructure and tenant usage scenarios and requirements for load balancer deployment; configure SLB host agent; configure Border Gateway Protocol (BGP); configure SLB Multiplexer (MUX) to advertise Virtual IP Address (VIP); configure SLB rules to map virtual IP (VIP) and ports to back end Dynamic IPs (DIP) and ports in multi-tier application scenarios; configure NAT for inbound and outbound traffic; configure North-South and East-West load balancing; scale SLB Multiplexers; configure health probes.
- Configure Windows Server Gateway
- Determine usage scenarios and requirements for Windows Server Gateway (WSG) deployment; deploy WSG using SCVMM Service Templates; implement a Layer 3 gateway; implement Generic Routing Encapsulation (GRE) tunnelling; implement multi-tenant gateways by using PowerShell; implement IPsec Site-to-Site (S2S) tunnel; create M+N redundancy gateway pools; scale gateway pools; manage gateway by using Network Controller; integrate gateways with SLB; integrate VLAN networks with SDN gateway for Azure hybrid networking; configure BGP routing for gateway; assign gateway pools for tenant usage; configure Windows Server Gateway as a forwarding proxy; implement highly available Windows Server Gateway.
- Manage SDN Infrastructure
- Install updates on network controllers, Software Load Balancer components, and gateway components; configure health probes; query configuration state health information in load balancer MUX object; configure NC/SLB and GW logs; manage SDN components for service branching and patching considerations; troubleshoot SDN stack by using Network Controller diagnostics.
- Manage Tenant Virtual Networks
- Use network virtual appliances on virtual networks; configure network Quality of Service (QoS) for tenant VM network adapter; connect container endpoints to a tenant virtual network.
- Implement Software-Defined Storage
- Implement Software-Defined Storage Solutions
- Implement Storage Spaces Direct in hyper-converged scenario by using VMM; implement Storage Spaces Direct in a disaggregated scenario by using VMM; implement storage tiering; implement iSCSI storage; implement Storage Spaces fault tolerance; implement Cluster Shared Volumes (CSVs); determine usage scenarios and requirements for SMB 3 storage; configure and enable NIC offload technologies such as SMB Direct on Remote Direct Memory Access (RDMA) and SMB Multichannel on capable NICs for use as part of storage infrastructure; implement SMB file storage; encrypt cluster volumes; implement Storage QoS policies for Min/Max IOPs and Max Bandwidth; implement aggregated and dedicated QoS policies; provision Thin and Thick storage solutions; allocate Storage Array to a Host Group; create a LUN for a Hyper-V Cluster from allocated storage; allocate File Share to a Hyper-V Cluster; implement storage classifications for storage pools.
- Manage Software-Defined Storage
- Implement Storage Replica solutions; implement Hyper-V replica solutions; integrate Hyper-V Replica with Azure Site Recovery (ASR) for secondary on-premises site; implement Offloaded Data Transfer (ODX); determine LUN usage; decommission storage from Hyper-V Host; optimize Storage Spaces Direct storage pools; implement network QoS policies to control RDMA and SMB storage connections; implement SAN copy to rapidly provision VMs.
Implement Datacenter Compute Solutions with Virtual Machine Manager (VMM)
- Implement Compute solutions
- Determine requirements and usage scenarios for virtualized deployments; determine requirements for application deployments in virtualized infrastructure; create and configure virtual machine templates; configure hardware profiles; configure guest operating system profiles; configure application profiles; manage custom properties and placement rules; deploy and manage Nano server containers; perform operating system deployments using unattend.xml options; integrate sysprep with unattend.xml answer file; migrate existing virtual machine deployments to VMM; create and manage checkpoints; clone virtual machines; perform Virtual-to-Virtual (V2V) virtual machine conversions; implement and manage Linux virtual machines; deploy virtual machines from an existing VHD, template, P2V conversion, or VMM library; deploy containers by using VMM templates; manage guarded hosts.
- Implement Service Templates
- Create and configure Service Templates; implement availability sets within a template; add tiers to a Service Template; add network components to a Service Template; implement Active Directory Service Template; configure SharePoint Server Service Template; deploy Service Templates; update and modify Service Templates; import and export Service Templates; implement Guest Clustering.
Secure your Software-Defined Datacenter
- Secure the Compute Environment
- Determine the requirements for Host Guardian Service, implement Host Guardian Service; implement shielded VMs for new VMs by using templates; implement shielded VMs for existing virtual machines; implement Guarded Fabric solutions; implement DHCP guard; configure Run as accounts and User Roles; implement Role-Based Access Control (RBAC); implement Code Integrity solution; implement secure boot for Windows and Linux guests; implement Credential Guard; implement self-service.
- Secure the Network Environment
- Create and use port ACLs with VM networks, VM subnets and virtual NICs; create and use Global Settings for all VMs; implement Datacenter Firewall solutions using VMM; create ACL Rules using Datacenter Firewall; configure and apply Network Controller network policies; secure tenant networks; plan for integration of security appliances into tenant network infrastructure.
Monitor and Maintain the Software-Defined Datacenter
- Install and Configure System Center Operations Manager (SCOM)
- Determine requirements and usage scenarios for implementing Operations Manager; perform single and distributed deployment options for Operations Manager; install Operations Manager Agents by using Discovery Wizard or the command line; secure user access; create, install, and manage sealed and unsealed Management Packs.
- Monitor and Manage Infrastructure and Virtual Machine Workloads using System Center Operations Manager (SCOM)
- Tune Monitoring using Targeting and Overrides; configure maintenance schedules; suspend monitoring temporarily; configure notifications; configure reporting; integrate Operations Manager and VMM; enable Performance and Resource Optimization (PRO) tips in VMM; determine requirements and usage scenarios for backing up and restoring Software-Defined Datacenter workloads and Virtual Machine Manager with tools such as Data Protection Manager (DPM) and Microsoft Azure.
MCSE CORE INFRASTRUCTURE EXAM SYLLABUS
70-345 - Designing and Deploying Microsoft Exchange Server 2016
- Plan, Deploy, Manage, and Troubleshoot Mailbox Databases (15-20%)
- Plan, Deploy, Manage and Troubleshoot Client Access Services (15-20%)
- Plan, Deploy, Manage, and Troubleshoot Transport Services (15-20%)
- Plan, Deploy and Manage Exchange Infrastructure, Recipients, and Security (15-20%)
- Plan, Deploy and Manage Compliance, Archiving, eDiscovery, and Auditing (10-15%)
- Implement and Manage Coexistence, Hybrid Scenarios, Migration, and Federation (10-15%)
Plan, Deploy, Manage, and Troubleshoot Mailbox Databases (15-20%)
- Plan, deploy and manage mailbox databases
- Plan for database size and storage performance requirements; plan mailbox database capacity and placement; plan archive mailboxes capacity and placement ; plan modern public folder capacity and placement; plan for storage architecture (SAN, DAS, RAID, JBOD); plan file system requirements; plan for auto reseed; plan for virtualization requirements and scenarios; validate storage design by running JetStress; create and configure mailbox databases; manage mailbox databases; configure transaction log properties and file placement
- Plan, deploy and manage high availability solutions for mailbox databases
- Identify failure domains; plan a solution that meets SLA requirements around scheduled downtime; plan for software updates and server maintenance; plan for change management; create, configure, and manage Database Availability Groups (DAG); create, configure, and manage DAG networks; create, configure, and manage proper placement of a file share witness (FSW); create and configure mailbox database copies; create, configure, and manage Azure file share witness (FSW); create, configure, and manage Azure DAG members
- Plan, deploy and manage a site-resilient Database Availability Group (DAG)
- Recommend quorum options with given customer requirements; plan, create, and configure cross-site DAG configuration; plan, deploy and configure Datacenter Activation Coordination (DAC); configure and manage the proper placement of an alternate file share witness (FSW); test and perform site recovery
- Monitor and troubleshoot mailbox databases
- Monitor mailbox database replication and content indexing; troubleshoot mailbox database replication and replay; troubleshoot mailbox database copy activation; troubleshoot mailbox database performance; troubleshoot database failures (e.g., repair, defrag, recover); resolve quorum issues; troubleshoot data center activation
- Plan, deploy and manage backup and recovery solutions for mailbox databases
- Plan most appropriate backup solution that meets SLA requirements of recovery point objectives and recovery time objectives; deploy, configure, and manage lagged mailbox database copies; recover an Exchange server, mailbox database, mailbox, public folder or mail item; recover the public folder hierarchy; perform a dial tone restore
Plan, Deploy, Manage and Troubleshoot Client Access Services (15-20%)
- Plan, deploy and manage Client Access services
- Plan namespaces for client connectivity; plan proxy and redirection requirements; plan and deploy certificates; plan and configure authentication (including FBA, Basic, NTLM, and Kerberos, ADFS Claims-Based authentication); plan, deploy, and configure Autodiscover, Outlook Anywhere, Outlook MAPI over HTTP, Exchange Web Services, Outlook on the Web, Exchange Admin Center, Exchange ActiveSync, POP3, and IMAP4; plan, deploy, and configure Office Online Servers (OOS); deploy and configure Skype for Business integration ; plan, create and configure Offline Address Book (OAB); plan, create, and configure hierarchical address lists; plan, deploy, and configure address book policies
- Plan, deploy and manage mobility solutions
- Plan, deploy, and configure Outlook on the web and Outlook for Devices, Outlook for the Web policies, and mobile device mailbox policies; plan, deploy, and configure Allow Block Quarantine (ABQ); plan, deploy and configure Office Apps
- Plan, deploy and manage load balancing
- Configure namespace load balancing; plan for differences between layer seven and layer four load balancing methods
- Monitor and troubleshoot client connectivity
- Troubleshoot Outlook Anywhere connectivity; troubleshoot Outlook MAPI over HTTP connectivity; troubleshoot Exchange Web Services (EWS); troubleshoot Outlook on the Web; troubleshoot POP3 and IMAP4; troubleshoot authentication; troubleshoot AutoDiscover; troubleshoot Exchange ActiveSync; troubleshoot proxy and redirection issues
- Plan, deploy and manage a site-resilient client access services solution
- Plan site-resilient namespaces; configure site-resilient namespace URLs; perform and test steps for site failover and switchover; plan certificate requirements for site failovers; manage expected client behavior during a failover and switchover
Plan, Deploy, Manage, and Troubleshoot Transport Services (15-20%)
- Plan, deploy and manage transport services
- Plan a solution that meets SLA requirements around message delivery; plan inter-site mail flow; plan inter-org mail flow; plan, deploy and configure redundancy for intra-site scenarios; plan and configure for SafetyNet; plan and configure for shadow redundancy; plan and configure for redundant MX records; plan, create, and configure TLS transport, Edge transport, Send/Receive connectors, transport rules, accepted domains, email address policies, and Address Rewriting
- Troubleshoot and monitor transport services
- Interpret message tracking logs and protocol logs; troubleshoot a shared namespace environment; troubleshoot SMTP mail flow; given a failure scenario, predict mail flow and identify how to recover; troubleshoot TLS; troubleshoot the new transport architecture
- Plan, deploy and manage message hygiene
- Plan and configure malware filtering; plan and configure connection filtering; plan and configure spam filtering; plan and configure recipient filtering; plan and configure Sender Policy Framework; plan and configure Spam Confidence Level (SCL) thresholds
- Plan, deploy and manage site resilience transport services
- Plan, create and configure MX records for failover scenarios; manage resubmission and reroute queues; plan, create, and configure Send/Receive connectors for site resiliency; test and perform steps for transport failover and switchover
Plan, Deploy and Manage Exchange Infrastructure, Recipients, and Security (15-20%)
- Plan and configure Active Directory (AD) Domain Services for Exchange and Organizational settings
- Plan the number of domain controllers; plan placement of Global Catalog (GC); plan and configure DNS changes required for Exchange; plan for schema changes required for Exchange; prepare AD for Exchange; prepare domains for Exchange; plan and configure Active Directory site topology; plan and configure variant configuration; plan and configure throttling
- Create and configure mail-enabled objects
- Create and configure mailboxes, create and configure resource mailboxes and scheduling, create and configure shared mailboxes, create and configure mail-enabled users and contacts, create and configure distribution lists, configure moderation, create and configure linked mailboxes, create and configure modern public folders
- Manage mail-enabled object permissions
- Determine when to use Send-As and Send-On-Behalf permissions, configure mailbox folder permissions, configure mailbox permissions, set up room mailbox delegates, configure auto-mapping, create and configure public folder permissions
- Plan, deploy, manage, and troubleshoot Role-Based Access Control (RBAC)
- Determine appropriate RBAC roles and cmdlets, limit administration using existing role groups, evaluate differences between RBAC and Active Directory split permissions, plan and configure a custom-scoped role group, plan and configure delegated setup, plan and create unscoped top-level roles, troubleshoot RBAC, plan and configure user assignment policies
- Plan an appropriate security strategy
- Plan and configure BitLocker; plan and configure S/MIME
- Plan, deploy, manage, and troubleshoot IRM with Active Directory Rights Management Services (AD RMS) or Azure RMS