This chapter covers the foundational tenant-wide settings and organizational profile configuration in Microsoft 365, a key topic under Domain 1.1 (Tenant Management) of the MS-102 exam. Understanding how to set the tenant's identity, privacy preferences, and organization-wide defaults is critical because roughly 5-10% of exam questions touch on these settings, often in scenario-based questions that test your ability to choose the correct configuration path. You will learn the exact administrative interfaces, PowerShell commands, and default values that appear on the exam.
Jump to a section
Think of your Microsoft 365 tenant as a large corporate headquarters building. The 'Org Profile' is the main lobby directory and the company's official identity—name, address, phone number, and the 'Welcome' sign. Tenant-wide settings are the corporate policies posted on every floor: the dress code, security badges, and IT usage rules that apply to everyone, from the CEO to interns. Just as headquarters issues a single HR policy that all departments must follow, tenant-wide settings (like password policies, external sharing rules, and privacy preferences) are set once and automatically apply to all workloads (Exchange, SharePoint, Teams, etc.). If a department tries to set a conflicting policy, the corporate directive overrides it—exactly how tenant-level settings override workload-specific settings. The Org Profile is what external partners see when they look up your company in Microsoft 365—like the company's public listing. Misconfiguring the Org Profile is like having the wrong address on your corporate website: partners can't find you. Misconfiguring tenant-wide settings is like having no fire exits—compliance violations and security gaps appear everywhere.
What Are Tenant-Wide Settings and Org Profile?
Tenant-wide settings are configurations that apply globally across all Microsoft 365 services within a tenant. They are set once and affect Exchange Online, SharePoint Online, Microsoft Teams, and all other workloads. The Org Profile is the set of metadata that identifies your organization to Microsoft and to external users—it includes the organization name, technical contact, preferred language, and privacy profile.
These settings are stored in Azure Active Directory (Azure AD) and are accessible through the Microsoft 365 admin center (https://admin.microsoft.com) under Settings > Org Settings and Settings > Org Profile. The Org Profile specifically is found under Settings > Org Profile in the admin center.
Why They Exist
Microsoft 365 is a multi-tenant environment where each tenant is isolated. Tenant-wide settings ensure consistent policy enforcement across all services. For example, if you set a password expiration policy at the tenant level, all workloads inherit it. Without these settings, each workload would need separate configuration, leading to inconsistencies and security gaps. The Org Profile exists so that Microsoft and external users can identify your organization—for example, when sending email notifications or when users from other tenants try to collaborate.
How It Works Internally
When you configure a tenant-wide setting in the admin center, the change is written to Azure AD and then propagated to all service planes via Microsoft's synchronization infrastructure. The propagation is near-instant for most settings, but some (like SharePoint external sharing) may take up to 24 hours to fully apply due to caching. The Org Profile is stored in the companyInfo object in Azure AD Graph (now Microsoft Graph). The key attributes include:
- displayName: The organization name shown in the admin center and to users.
- technicalNotificationMails: Email addresses that receive service health notifications.
- privacyProfile: Contains a privacy statement URL and a contact email for data subject requests (DSRs) under GDPR.
- marketingNotificationEmails: (Deprecated) No longer used.
- street, city, state, postalCode, country: Physical address.
- phone: Main phone number.
- preferredLanguage: The default language for the tenant.
Key Components, Defaults, and Timers
Password policy: Default is 90-day expiration, but Microsoft now recommends 'never expire' (since Windows 10 1903 and Azure AD password protection). The exam may test that the default password expiration is 90 days unless changed.
External sharing: Default for SharePoint is 'Anyone' (users can share with anyone including anonymous links). For Teams, external sharing is disabled by default.
Privacy profile: No default URL; you must provide one. If not set, Microsoft will not display a privacy statement link in the Microsoft 365 compliance center.
Technical contact: Default is the first global admin who created the tenant. If empty, no notifications are sent.
Language: Default is 'English (United States)' for most tenants.
Session timeout: Default is 8 hours for the admin center; can be set to 1, 2, 4, 8, or 24 hours.
Configuration and Verification Commands
To view and set Org Profile settings via PowerShell, use the Azure AD module or Microsoft Graph PowerShell SDK.
Azure AD PowerShell (legacy but still tested):
Get-MsolCompanyInformation
Set-MsolCompanySettings -DisplayName "Contoso" -TechnicalNotificationMails "admin@contoso.com"Microsoft Graph PowerShell:
Get-MgOrganization
Update-MgOrganization -DisplayName "Contoso" -TechnicalNotificationMails @("admin@contoso.com")To set privacy profile:
$params = @{
privacyProfile = @{
privacyStatementUrl = "https://contoso.com/privacy"
contactEmail = "privacy@contoso.com"
}
}
Update-MgOrganization -BodyParameter $paramsTo verify, use Get-MgOrganization | Select-Object DisplayName, PrivacyProfile, TechnicalNotificationMails.
Interaction with Related Technologies
Azure AD Identity Protection: Tenant-wide settings like MFA and password policies integrate with Identity Protection to enforce conditional access.
Microsoft 365 Compliance Center: Privacy profile settings are used by the Compliance Center for DSR management.
Exchange Online: Org-wide mailbox settings (like the default mailbox quota) are separate but related; they are configured in Exchange admin center, not the Org Profile.
SharePoint Online: External sharing settings at tenant level override SharePoint site-level settings.
Teams: Teams external access (federation) is controlled at tenant level via Teams admin center, but Org Profile language affects default Teams language.
Exam-Relevant Details
The Org Profile is NOT the same as the tenant ID (GUID) or primary domain. The exam may ask where to find the tenant ID – it's in the Azure AD admin center under Properties, not in the Org Profile.
Privacy profile must be set for GDPR compliance; the exam may ask which two fields are required: privacy statement URL and contact email.
Technical notification emails can have up to 100 recipients; they receive service health incidents and planned maintenance notifications.
Custom branding: Not part of Org Profile; it's configured in Azure AD > Company Branding.
MFA settings: Not in Org Profile; they are in Azure AD > Users > Multi-Factor Authentication or Conditional Access.
Common Pitfalls
Confusing Org Profile with Azure AD Properties: The Org Profile in the Microsoft 365 admin center is a subset of Azure AD company information. Some settings (like tenant ID, directory ID) are only in Azure AD.
Assuming Org Profile changes apply immediately: Most do, but privacy profile updates may take up to 30 minutes to propagate to compliance center.
Setting the wrong language: If you set a language that doesn't have full Microsoft 365 support, some interfaces may default to English.
Step-by-Step Configuration Flow
Navigate to Microsoft 365 admin center > Settings > Org Profile.
Update organization name, address, phone, and technical contact.
Set privacy profile URL and contact email.
Set preferred language.
Save changes – they are written to Azure AD immediately.
Verify using PowerShell or admin center.
Advanced: Using Microsoft Graph API
GET https://graph.microsoft.com/v1.0/organization
PATCH https://graph.microsoft.com/v1.0/organization/{organizationId}
Body: {"displayName": "NewName", "privacyProfile": {"privacyStatementUrl": "https://...", "contactEmail": "..."}}The exam may test that the organization ID is the tenant ID (GUID).
Access Org Profile in Admin Center
Log into the Microsoft 365 admin center (https://admin.microsoft.com) with Global Admin or Billing Admin privileges. Navigate to Settings > Org Profile. This page displays the current organization name, address, technical contact, language, and privacy profile. The admin center is the primary GUI for these settings; the exam expects you to know this path. Note that some settings (like tenant ID) are not here – they are in Azure AD > Properties.
Modify Organization Information
Click 'Edit' next to Organization information. You can change the organization name (displayed in Microsoft 365 services), address (street, city, state, zip, country), and phone number. The organization name must be unique within Microsoft 365; if you try to use a name already taken by another tenant, you'll get an error. The address is used for compliance and billing. Changes are saved to Azure AD and propagate to all services within minutes.
Set Technical Notification Contacts
Under 'Technical contact', click Edit. Enter one or more email addresses (up to 100) separated by semicolons. These contacts receive service health notifications, planned maintenance alerts, and security advisories. If left empty, no notifications are sent. The exam may test that this is the correct place to ensure your team gets alerts about service incidents. Do not confuse with 'Alternate email' in user settings – that's for password reset.
Configure Privacy Profile
Edit the Privacy profile section. You must provide a privacy statement URL (starting with https://) and a contact email for data subject requests. This is required for GDPR compliance. If not set, the Microsoft 365 Compliance Center will show a warning. The URL should point to your organization's privacy policy. The contact email is displayed to users when they exercise their data subject rights (e.g., export request).
Select Preferred Language
Under 'Preferred language', choose the default language for the tenant. This affects the default language for new users, the admin center, and some service communications. Users can override their individual language settings. The exam may test that this setting does NOT change the language for existing users – only new users. To change language for existing users, you must do so per user in Azure AD.
Save and Verify Changes
After making changes, click Save. The system validates the inputs (e.g., URL format, email format). If valid, the changes are written to Azure AD. To verify, you can either refresh the Org Profile page or use PowerShell: `Get-MgOrganization | Select DisplayName, PrivacyProfile, TechnicalNotificationMails`. Note that some changes (like privacy profile) may take up to 30 minutes to appear in the Compliance Center.
Scenario 1: Global Enterprise GDPR Compliance
A multinational company with 50,000 users must comply with GDPR. They need to set a privacy statement URL and a DSR contact email. The tenant-wide privacy profile is configured in the Org Profile. The privacy team provides the URL (https://contoso.com/privacy) and a dedicated email (privacy@contoso.com). Once set, the Compliance Center automatically links to this URL in data subject request workflows. If not set, users cannot submit DSRs through the portal, leading to non-compliance. The exam tests that this configuration is done in Org Profile, not in Azure AD or Compliance Center.
Scenario 2: Service Health Notifications for IT Team
A mid-size company wants all IT staff to receive service health alerts. The Global Admin sets the technical notification email to a distribution group (it-alerts@contoso.com) that includes 10 IT members. When Microsoft detects a service incident (e.g., Exchange Online outage), an email is sent to that group. If the technical contact is left empty, no one gets notified – a common misconfiguration that leads to delayed response. The exam may present a scenario where an admin is not receiving alerts and ask where to check.
Scenario 3: Tenant Rebranding After Merger
After a merger, Company A acquires Company B and rebrands to 'Apex Global'. The tenant name is changed in Org Profile from 'CompanyA' to 'Apex Global'. This changes the name displayed in the admin center, in user portals (e.g., 'Apex Global - Microsoft 365'), and in email notifications. However, the primary domain (contoso.com) remains unchanged – the domain is managed separately in Domains settings. A common mistake is trying to change the tenant name by changing the domain. The exam tests that Org Profile name is distinct from domain names.
What MS-102 Tests on This Topic
Objective 1.1: 'Manage and configure tenant-wide settings and organizational profile.' The exam expects you to know:
The location of Org Profile settings in the admin center.
The difference between Org Profile and Azure AD Properties.
How to set technical notification emails (up to 100 recipients).
Privacy profile requirements (URL and contact email).
Default values (password expiration 90 days, session timeout 8 hours).
Common Wrong Answers and Why Candidates Choose Them
Confusing Org Profile with Azure AD Properties: A question asks 'Where do you set the tenant ID?' Many choose Org Profile, but the tenant ID is in Azure AD > Properties. Why? Because both contain 'organization' information. The trap: Org Profile shows name, address, etc., but not the GUID.
Setting privacy profile in Compliance Center: Candidates think privacy is a compliance feature, so they go to Compliance Center. But the privacy profile is set in Org Profile. The exam explicitly tests this distinction.
Using Exchange admin center for technical notifications: Some think service health is an Exchange feature. But technical notifications are set in Org Profile, not Exchange.
Assuming language change affects all users: The preferred language only applies to new users. Existing users keep their previous language setting. The exam may ask: 'After changing the preferred language, user A still sees English. Why?' Answer: User A's language is set individually.
Specific Numbers and Terms on the Exam
Technical notification emails: Up to 100 recipients.
Session timeout: Default 8 hours; can be set to 1, 2, 4, 8, or 24 hours.
Password expiration: Default 90 days (though modern best practice is never expire).
Privacy profile: Two required fields: privacy statement URL and contact email.
Organization name: Must be unique across all tenants.
Edge Cases and Exceptions
If you set a privacy statement URL that is not HTTPS, the system rejects it.
The technical contact must be a valid email; if you enter an invalid format, save fails.
Changing the organization name does not affect the primary domain or user principal names.
The Org Profile does not include the tenant ID; you must go to Azure AD Properties.
How to Eliminate Wrong Answers
If the question mentions 'service health notifications', look for 'technical contact' in Org Profile – not Exchange admin center.
If the question mentions 'GDPR' or 'privacy', the answer is Org Profile, not Compliance Center.
If the question asks for 'tenant ID', eliminate any answer that says Org Profile – it's Azure AD Properties.
If the question asks about 'language for new users', the answer is Org Profile – not user settings.
Org Profile is found under Settings > Org Profile in the Microsoft 365 admin center.
Technical notification emails can have up to 100 recipients and receive service health alerts.
Privacy profile requires both a privacy statement URL (HTTPS) and a contact email.
Preferred language only applies to new users, not existing ones.
The tenant ID is NOT in Org Profile; it's in Azure AD > Properties.
Default password expiration is 90 days (exam may test this).
Default admin center session timeout is 8 hours.
Organization name must be unique across all Microsoft 365 tenants.
These come up on the exam all the time. Here's how to tell them apart.
Org Profile (Microsoft 365 Admin Center)
Contains organization name, address, phone, technical contact, preferred language, privacy profile.
Accessed via Settings > Org Profile in admin.microsoft.com.
Changes affect tenant-wide display and notifications.
Does NOT show tenant ID, directory ID, or subscription details.
Used for GDPR privacy and service health notifications.
Azure AD Properties (Azure Portal)
Contains tenant ID, directory ID, technical contact (same as Org Profile), country, and data location.
Accessed via Azure Active Directory > Properties in portal.azure.com.
Shows technical details like tenant ID and SKU.
Does not include privacy profile or preferred language.
Used for Azure AD-specific configurations and troubleshooting.
Mistake
The Org Profile contains the tenant ID.
Correct
The tenant ID (a GUID) is found in Azure Active Directory > Properties, not in the Org Profile. The Org Profile only contains human-readable information like organization name and address.
Mistake
Changing the preferred language updates the language for all existing users.
Correct
The preferred language only affects new users and the default language in the admin center. Existing users retain their individual language settings unless changed per user in Azure AD.
Mistake
Technical notification emails can only be a single address.
Correct
You can enter up to 100 email addresses separated by semicolons. They can be individual emails or a distribution group.
Mistake
The privacy profile is optional and only for GDPR compliance.
Correct
While it's especially important for GDPR, the privacy profile is required for any organization that wants to manage data subject requests through the Microsoft 365 Compliance Center. If not set, the DSR functionality is limited.
Mistake
The organization name in Org Profile must match the primary domain.
Correct
The organization name is independent of the primary domain. You can have an organization name 'Contoso' with a primary domain 'fabrikam.com'. The domain is configured separately under Settings > Domains.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
In the Microsoft 365 admin center, go to Settings > Org Profile > Privacy profile. Click Edit and enter the URL (must start with https://) and a contact email. This setting is required for GDPR compliance and enables data subject requests in the Compliance Center. It is not set in the Compliance Center itself.
In Org Profile, under Technical contact, enter up to 100 email addresses separated by semicolons (e.g., admin1@contoso.com;admin2@contoso.com). You can also use a distribution group address. These contacts receive service incident and planned maintenance notifications.
No. Changing the organization name only affects the display name in the admin center, user portals, and some notifications. It does not change the primary domain or user principal names. Domains are managed separately under Settings > Domains.
The preferred language setting only applies to new users created after the change. Existing users retain their individual language settings. To change language for existing users, you must modify each user's language in Azure AD (under user profile) or via PowerShell.
The tenant ID (a GUID) is in the Azure portal under Azure Active Directory > Properties. It is also available in the Microsoft 365 admin center under Settings > Org Settings > Organization information (but not in Org Profile). The exam tests that you know it's not in Org Profile.
The default session timeout is 8 hours. You can change it to 1, 2, 4, 8, or 24 hours in Settings > Org Settings > Security & privacy > Session timeout. This setting applies to all admin center sessions.
No. The organization name must be unique across all Microsoft 365 tenants. If you try to set a name that is already in use, you will receive an error. You can check availability by attempting to save the name.
You've just covered Tenant-Wide Settings and Org Profile — now see how well it sticks with free MS-102 practice questions. Full explanations included, no account needed.
Done with this chapter?