← Back to Exams
KLR AI Lab MS-900 / AB-900 Exam Prep
Page 1 — Cloud Concepts

PublicCloud

  • Provider manages hardware & updates
  • OpEx model — no upfront cost
  • Highly scalable and elastic
  • Examples: M365, Azure

PrivateCloud

  • Dedicated infrastructure
  • Higher control, higher cost
  • Used in regulated industries

HybridCloud

  • Mix of on-prem + cloud
  • Most common enterprise model
  • Supports gradual migration

SaaS

  • Provider manages everything
  • Users access via browser/apps
  • Example: Microsoft 365

PaaS

  • Customer manages apps only
  • Provider manages OS + runtime
  • Example: Azure App Service

IaaS

  • Customer manages OS + apps
  • Provider manages hardware
  • Example: Azure VMs

Cloud Benefits

Scalability Elasticity High Availability Cost Optimization Automatic Updates Global Reach
Page 2 — Microsoft 365 Core Services

Exchange Online

  • Enterprise email
  • 50 GB mailbox (E1) / 100 GB (E3/E5)
  • Archiving + retention (E3/E5)

OneDrive for Business

  • Personal file storage — 1 TB default
  • Sync client for offline access
  • Expandable storage

SharePoint Online

  • Intranet, document libraries
  • Metadata, content types
  • Site collections, sharing controls

Microsoft Teams

  • Chat, meetings, webinars
  • Teams Phone (E5 or add-on)
  • Collaboration hub for M365

Power Platform

Power Apps

  • Low-code app development

Power Automate

  • Workflow automation

Power BI

  • Analytics dashboards

Power Virtual Agents

  • Chatbots
Page 3 — Security, Compliance & Identity

Microsoft Defender Suite

Defender for Office 365

  • Safe Links & Safe Attachments
  • Anti-phishing
  • P1 (E3) / P2 (E5)

Defender for Endpoint

  • P1 — next-gen AV
  • P2 — EDR, threat hunting
  • P2 — automated investigation

Defender for Identity

  • Detects identity-based attacks
  • Integrates with Entra ID

Defender for Cloud Apps

  • CASB solution
  • App discovery
  • Session controls

Entra ID (Azure AD)

Core Features

  • MFA, Conditional Access
  • SSO, Password Protection
  • Identity Governance

Premium Tiers

  • P1 — Conditional Access, dynamic groups
  • P2 — Identity Protection, PIM

Microsoft Purview

  • Data Loss Prevention (DLP)
  • Sensitivity Labels
  • eDiscovery Standard / Premium
  • Insider Risk Management (E5)
  • Audit (Standard / Premium)
  • Records Management
Page 4 — Device & App Management

Microsoft Intune

  • Device compliance policies
  • App deployment
  • Autopilot provisioning
  • Conditional Access integration
  • MDM + MAM

Windows Enterprise

Included in E3 / E5

  • BitLocker encryption
  • Credential Guard
  • Application Control
  • Windows Sandbox
Page 5 — Admin Centers

M365 Admin Center

  • Users, groups, licenses
  • Billing & service health
  • Entry point to all admin centers

SharePoint Admin Center

  • Sites, OneDrive, sharing policies
  • Storage quotas, term store

Teams Admin Center

  • Teams & channels, meeting policies
  • Voice / Teams Phone
  • App permissions

Defender Portal

  • Threat protection
  • Email & endpoint security
  • Attack surface reduction

Purview Portal

  • DLP, Labels, eDiscovery
  • Compliance & Audit

Intune Admin Center

  • Device compliance & config
  • App deployment & Autopilot
Page 6 — Licensing Comparison

License Quick Reference

Feature E1 Biz Premium E3 E5
Desktop Apps
Intune
Windows Enterprise
Defender for Endpoint P2
Teams Phone
eDiscovery Premium
Insider Risk Mgmt
Max Users Unlimited 300 Unlimited Unlimited
Page 7 — Identity Secure Score

✓ Affects Secure Score

  • Number of global administrators
  • Password expiration policy
  • MFA enforcement
  • Blocking legacy authentication
  • Conditional Access policies
  • Identity Protection (P2)

✗ Does NOT Affect Score

  • User location
  • SharePoint permissions
  • Mailbox size
  • Teams settings

Cloud Service Types

SaaSMicrosoft 365 — provider manages all
PaaSAzure App Service — customer manages apps
IaaSAzure VMs — customer manages OS + apps

Cloud Models

PublicOpEx, scalable, shared infra
PrivateDedicated, regulated industries
HybridMix — gradual migration support

Licensing Tiers

E1Web-only apps, no Intune
Biz PremiumSMB ≤300, Intune, Defender P1
E3Desktop apps + Windows + Intune
E5E3 + Security + Compliance + Phone

Defender Products

for Office 365Safe Links, Safe Attach, phishing
for EndpointP1 AV / P2 EDR + threat hunting
for IdentityIdentity-based attack detection
for Cloud AppsCASB, session controls

Entra ID (Azure AD)

FreeMFA, SSO, password protection
P1Conditional Access, dynamic groups
P2Identity Protection, PIM

Microsoft Purview

DLPPrevent data leaks
LabelsSensitivity classification
eDiscoveryStandard (E3) / Premium (E5)
Insider RiskE5 only
AuditStandard / Premium logs

Admin Centers

TeamsMeetings, messaging, voice
SharePointSites, OneDrive, sharing
IntuneDevices, apps, Autopilot
PurviewCompliance, DLP, eDiscovery
DefenderSecurity, threats, endpoints

Secure Score Factors

Affects ✓MFA, Cond. Access, legacy auth block
Global admin count, password policy
No effect ✗User location, SharePoint perms
Mailbox size, Teams settings