1.3. Reflection Checkpoint

Key Takeaways

• Microsoft 365 is a SaaS platform of interconnected cloud services sharing a single identity system (Microsoft Entra ID) — not a monolithic product
• Identity is the security perimeter in M365: access is determined by verified identity and authorization, not network location
• The M365 admin center is the hub; workload-specific admin centers (Exchange, SharePoint, Teams, Purview, Defender) own their service's configuration surface
• Admin roles control who can configure the tenant (RBAC); licenses control which features users can access — these are separate systems
• Least privilege: assign the most scoped admin role that gets the job done

Connecting Forward

Phase 2 dives into the specific admin centers and security tools you'll need to know for the exam. You'll see that each admin center reflects the principles from this phase: identity-centric access, scoped roles, and clear ownership of configuration surfaces.

Self-Check Questions

• Why does "being on the corporate network" no longer guarantee trusted access to Microsoft 365 resources?
• A user has a Microsoft 365 E5 license but still can't use a feature that requires E5. What are two possible explanations that don't involve the license being wrong?