2.4. Reflection Checkpoint

Key Takeaways

• Each M365 admin center owns specific objects: M365 admin center = users/domains/billing; Exchange = mailboxes; SharePoint = sites/libraries; Teams = policies; Entra = identity; Purview = governance; Defender = security policies
• Email security (anti-phishing, Safe Links, Safe Attachments) lives in Microsoft Defender, not Exchange Online
• Zero Trust = verify explicitly + least privilege + assume breach — MFA alone is not Zero Trust
• Conditional Access is a policy engine: conditions (who, what device, where, risk) → controls (grant, require MFA, block)
• PIM provides just-in-time admin access with time limits, approvals, and automatic expiration
• App registration = app definition; Enterprise app = in-tenant instance. Admin consent is required for high-privilege permissions.

Connecting Forward

Phase 3 moves into the heaviest exam domain: data protection and governance. You'll learn how Microsoft Purview protects sensitive data at rest and in motion, how Copilot changes the data security equation, and how to identify and respond to governance risks.

Self-Check Questions

• A user reports they keep getting prompted for MFA even on their corporate laptop at the office. You check Conditional Access and see a policy requiring MFA for all users outside named locations. What's the most likely issue, and where do you fix it?
• An organization deploys Copilot for Microsoft 365. The CISO is concerned that Copilot might access confidential HR files that some employees can already read. What does this concern reflect about how Copilot accesses data — and why is it actually a data governance problem, not a Copilot problem?