Mcs Uat Form

USER ACCEPTANCE TEST
MICROSOFT 365
Prepared To:
Prepared By:
Customer: Ministry of Civil Services
Title: User acceptance Test
Document Name: User acceptance Test documentation
Preparation
Action Name Date

Prepared by: Mr. Phy Khuon 1-Nov-2024
Verify by: Mr. Sophorn Ros 1-Nov-2024
Release
Version Date Released Change Notice Pages Affected Remarks/Changes

1 1-Nov-2024
Table of Contents
1. Install and configure Domain Controller .................................................................................................. 1

1.1. Summary .......................................................................................................................................... 1
1.2. Scope of Document .......................................................................................................................... 1
1.3. Rack layout ....................................................................................................................................... 1
2. Install and configure Domain Controller .................................................................................................. 2
2.1. Active Directory Server.................................................................................................................... 2
2.2. Creating AD Organizational Units ................................................................................................... 2
2.3. Creating AD Users ........................................................................................................................... 3
2.4. Entra ID sync .................................................................................................................................... 3
3. Configuring Microsoft 365 tenant .............................................................................................................. 5
3.1. Adding Public Domain .................................................................................................................... 5
3.2. Create users on Office 365 and assign license ................................................................................ 6
3.3. Creating groups on Office 365 ......................................................................................................... 7
3.4. Configure Entra ID Conditional access policy MFA ....................................................................... 8
3.5. Configure self-service password reset ............................................................................................. 9
3.6. Configure Intune Mobile Device management ................................................................................ 9
3.7. Configure update management, defender update .......................................................................... 10
3.8. Configure defender Endpoint detection and response policy ......................................................... 11
3.9. Configure Attack surface reduction rule ....................................................................................... 12
3.10. Configure defender Next-generation protection ............................................................................. 13
4. Acceptance sheet ........................................................................................................................................ 14
1. Introduction
1.1. Summary
The objective of this document is to list the items to be tested in On-premises AD and Office365 implemented
by Positron Multiverse co., Ltd. This document defines the specific actions necessary to complete the test for
Ministry of Civil Service. The test results will be recorded using this document to form as a Test results
document.
1.2. Scope of Document
The test cases in this document include installation check, functional test and resiliency test. The test
scenarios, steps and expected results of each test cases will be stated in each test cases.
This document will address the following areas:
❖ On-premises AD Test
❖ Office365 Test
2. On premise setup
2.1. Active Directory server
Test approach
To see whether the hardware/software configurations are meet the business requirements and as
the project kicked-off. It confirms whether the solution works well or not.
Verify the above activities and confirm passed or failed.  Passed  Failed
2.2. Creating AD Organizational Units
Verify below activities and confirm passed or failed.  Passed  Failed
To create OU under MCS domain. Right click on MCS.gov > New > Organizational Unit and give the OU
name as your organization needs. Following are OUs were created as per MCS requirements.
Page 1 of 12
2.3. Creating AD Users
To create user, select OU that users might resize right click on that OU > New > User give the user
information, First name, Last name, User logon name and password.
2.4. Entra ID sync

The sync service consists of two components, the on-premises Microsoft Entra Connect Sync component
and the service side in Microsoft Entra ID called Microsoft Entra Connect Sync service.
Page 2 of 12
OU filtering, select the OU that you want to sync the objects to Entra ID. We only sync objects under
“Ministry of Civil Service” OUs
To verify and ensure the synchronization is successful, login to Microsoft 365 admin center. On the
dashboard “Microsoft Entra Connect” all status should be green. And users should appear on the tenant.
Page 3 of 12
3. Configuring Microsoft 365 tenant
3.1. Adding public domain

To add, modify, or remove domains, you must be a Domain Name Administrator of a business or enterprise
plan.
• Go to the Microsoft 365 admin center.

• Go to the Settings > Domain page.
• Select Add domain.
• Enter the domain name of MCS “MCS.gov.kh”
Page 4 of 12
3.2. Creating users on Office 365 and assign licenses
You must be a global, license, or a user admin to add users and assign licenses.
• Go to the Microsoft 365 admin center at https://admin.microsoft.com/
• Go to Users > Active users and select Add a user.
In the Assign product licenses pane, select the location and the appropriate license for the user. Select
available licenses (you can also leave this blank and assign license later). Select Next.
You can assign or unassign licenses for users in the Microsoft 365 admin center on either the Active users
page, or on the Licenses page. Navigate to Billing > Licenses
From Licenses page select the license you want to assign > Assign license > search for user to assign.
Page 5 of 12
3.3. Creating groups on Office 365
In the Groups section of the Microsoft 365 admin center, you can create and manage these types of groups:
• Microsoft 365 Groups are used for collaboration between users, both inside and outside your
company. They include collaboration services such as SharePoint and Planner. Microsoft Teams uses
Microsoft 365 Groups for membership.
• Distribution groups are used for sending email notifications to a group of people.
• Security groups are used for granting access to resources such as SharePoint sites.
• Mail-enabled security groups are used for granting access to resources such as SharePoint and
emailing notifications to those users.
• Shared mailboxes are used when multiple people need access to the same mailbox, such as a
company information or support email address.
In the admin center, expand Teams & groups, and then select Active teams & groups.
• Select Add Microsoft 365 group.

• On the Basics page, type a name for the group, and, optionally, a description. Select Next.
• On the Owners page, choose the name of one or more people who will be designated to manage the
group. Anyone who is a group owner will be able to delete email from the Group inbox. Other
members won't be able to delete email from the Group inbox. Select Next.
• On the Members page, choose the name of one or more people who will be designated as members
of the group. Select Next.
Page 6 of 12
3.4. Configure Entra ID Conditional access policy MFA
Use Conditional Access policies to apply the right access controls when needed to keep your organization
secure.
Creating a Conditional Access policy to enforce all admin users to do multifactor authentication.
• Sign in to the Microsoft Entra admin center as at least a Conditional Access Administrator.
• Browse to Protection > Conditional Access > Policies.
• Select New policy.
• Give your policy a name. We recommend that organizations create a meaningful standard for the
names of their policies. In this case we use “Require MFA for admins”
• Under Assignments, select Users or workload identities.
▪ Under Include, select admin users where you want to enforce.
▪ Under Exclude, select Users and groups and choose your organization's emergency access or
break-glass accounts.
• Under Target resources > Cloud apps > Include, select All cloud apps.
• Under Exclude, select any applications that don't require multifactor authentication.
• Under Access controls > Grant, select Grant access, Require multifactor authentication
• Confirm your settings and set Enable policy to Report-only.
• Select Create to create to enable your policy.
• After administrators confirm the settings using report-only mode, they can move the Enable policy
toggle from Report-only to On.
Page 7 of 12
3.5. Configure self-service password reset
This ability reduces help desk calls and loss of productivity when a user can't sign in to their device or an
application.
• Sign in to the Microsoft Entra admin center as at least an Authentication Policy Administrator.
• Browse to Protection > Password reset from the menu on the left side.
• From the Properties page, under the option Self-service password reset enabled, choose All. This
enabled for all users.
3.6. Configure Intune Mobile Device management

Microsoft Intune is a cloud-based endpoint management solution. It manages user access to organizational
resources and simplifies app and device management across your many devices, including mobile devices,
desktop computers, and virtual endpoints.
The following steps help create a Compliance policy for windows devices:
• Sign in to the Microsoft Intune admin center at https://intune.microsoft.com/
Page 8 of 12
• Browse to Devices
• From the Devices page, under the Manage devices section select Compliance.
• From the Compliance page, under Policies tap click Create policy, choose the device platform
“Windows 10 and later” click Create.
From Basics configuration page, give the policy name and meaningful description and click Next.
To begin creating Compliance policies for other devices platforms, following the instructions and choose the
respective device platforms to configure.
3.7. Configure update management and defender update

To create Windows update ring policy,
• Sign in to the Microsoft Intune admin center at https://intune.microsoft.com/

• Browse to Devices, under Manage updates select Windows updates > Create policy.
• Next follow the configuration wizard as shown below.
Page 9 of 12
With Intune, administrators can efficiently manage Microsoft Defender Antivirus updates across the
organization’s devices, ensuring that all devices have the latest protection against emerging threats. Here’s an
overview of how you can use Intune to manage Microsoft Defender Antivirus updates.
• From Microsoft Intune admin center navigate to Endpoint security

• Under Manage, select Antivirus > Create policy
o Device platform, choose Windows
o Profile, choose Defender update controls
o Click Create.
3.8. Configure defender Endpoint detection and response policy

Endpoint detection and response capabilities in Defender for Endpoint provide advanced attack detections that
are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full
scope of a breach, and take response actions to remediate threats.
When a threat is detected, alerts are created in the system for an analyst to investigate. Alerts with the same
attack techniques or attributed to the same attacker are aggregated into an entity called an incident. Aggregating
alerts in this manner makes it easy for analysts to collectively investigate and respond to threats.
• Under Manage, select Endpoint detection and response > Create policy
Page 10 of 12
o Profile, choose Endpoint detection and response
o Click Create.
3.9. Configure Attack surface reduction rule

Your organization's attack surface includes all the places where an attacker could compromise your
organization's devices or networks. Reducing your attack surface means protecting your organization's devices
and network, which leaves attackers with fewer ways to perform attacks. Configuring attack surface reduction
rules in Microsoft Defender for Endpoint can help!
• Under Manage, select Attack surface reduction > Create policy
o Profile, choose Attack surface reduction rules
o Click Create.
Page 11 of 12
3.10. Configure defender Next-generation protection
Microsoft Defender for Endpoint includes next-generation protection to catch and block all types of emerging
threats. The majority of modern malware is polymorphic, meaning it constantly mutates to evade detection. As
soon as one variant is identified, another takes its place. This rapid evolution underscores the need for agile and
innovative security solutions.
Next-generation protections, such as Microsoft Defender Antivirus blocks malware using local and cloud-
based machine learning models, behavior analysis, and heuristics. Microsoft Defender Antivirus uses
predictive technologies, machine learning, applied science, and artificial intelligence to detect and block
malware at the first sign of abnormal behavior.
• Under Manage, select Antivirus > Create policy
o Profile, choose Microsoft Defender Antivirus
o Click Create.
4. Acceptance sheet
Here by I confirm acceptance and agreement of this document and the contained.
Positron Multiverse Co., Ltd Ministry of Civil Service
Signature : Signature :
Name : Khuon Phy Name :
Position : Position :
Date : Date :
Page 12 of 12

Mcs Uat Form

Uploaded by

Copyright:

Available Formats

Mcs Uat Form

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Mcs Uat Form

Uploaded by

Copyright:

Available Formats

USER ACCEPTANCE TEST

Action Name Date

Version Date Released Change Notice Pages Affected Remarks/Changes

1. Install and configure Domain Controller .................................................................................................. 1

2.1. Active Directory server

2.4. Entra ID sync

3.1. Adding public domain

• Go to the Microsoft 365 admin center.

• Select Add Microsoft 365 group.

3.6. Configure Intune Mobile Device management

• Sign in to the Microsoft Intune admin center at https://intune.microsoft.com/

3.7. Configure update management and defender update

• Sign in to the Microsoft Intune admin center at https://intune.microsoft.com/

• From Microsoft Intune admin center navigate to Endpoint security

3.8. Configure defender Endpoint detection and response policy

3.9. Configure Attack surface reduction rule

Positron Multiverse Co., Ltd Ministry of Civil Service

Name : Khuon Phy Name :

You might also like