Microsoft MS-100

M365 Enterprise Admin Expert: MS- 100 Identity and Services
Study online at https://quizlet.com/_b37gf9
1. After your company migrates their on-premises email A. You should

solution to Microsoft Exchange Online, you are acquire Microsoft
tasked with assessing which licenses to acquire.You 365 E3 licenses
are informed that licenses acquired for the compa- for the Managers
ny's IT and Managers groups should allow for the group members.
following: The IT group needs to have access to the
Microsoft Azure Active Directory (Azure AD) Privi-
leged Identity Management. Both the IT and Man-
agers groups should have access to Microsoft Azure
Active Directory (Azure AD) conditional access.You
need to make sure that the licensing costs are kept
to a minimum.Which two of the following options
should you recommend? (Choose two.)
A. You should acquire Microsoft 365 E3 licenses for
the Managers group members.
B. You should acquire Microsoft 365 E5 licenses for
C. You should acquire Microsoft 365 E3 licenses for
the IT group members.
D. You should acquire Microsoft 365 E5 licenses for
2. Your company's Microsoft 365 tenant includes Mi- B. Configure a

crosoft Exchange Online.You have been tasked with new organization
enabling calendar sharing with a partner organiza- relationship via
tion, who also has a Microsoft 365 tenant.You have to Exchange admin
make sure that users in the partner organization has center.
access to the calendar of every user instantly.Which
of the following actions should you take?
A. Configure a conditional access policy via Ex-
change admin center.
B. Configure a new organization relationship via Ex-
change admin center.
C. Configure the sharing settings via Exchange ad-
min center.
D. Run the Set-SPOSite cmdlet.
Hide Solution Discussion 3
3. B. No
1 / 171
Note: The question is included in a number of ques-
tions that depicts the identical set-up. However, every
question has a distinctive result. Establish if the so-
lution satisfies the requirements.After acquiring a Mi-
crosoft 365 Enterprise subscription, you are tasked
with migrating your company's Microsoft Exchange
Server 2016 mailboxes and groups toExchange On-
line.You have started a new migration batch. You,
subsequently, receive complaints from on-premises
Exchange Server users about slow performance.Your
analysis shows that the issue has resulted from the
migration. You want to make sure that the effect the
mailbox migration has on users is decreased.Solu-
tion: You create a label policy.Does the solution meet
the goal?
A. Yes
B. No
4. Note: The question is included in a number of ques- A. Yes

question has a distinctive result. Establish if the
solution satisfies the requirements.After acquiring
a Microsoft 365 Enterprise subscription, you are
tasked with migrating your company's Microsoft Ex-
change Server 2016 mailboxes and groups toEx-
change Online.You have started a new migration
batch. You, subsequently, receive complaints from
on-premises Exchange Server users about slow per-
formance.Your analysis shows that the issue has re-
sulted from the migration. You want to make sure that
the effect the mailbox migration has on users is de-
creased.Solution: You modify the migration endpoint
settings.Does the solution meet the goal?
A. Yes
B. No
5. You need to consider the underlined segment to es- C. Threat manage-

tablish whether it is accurate.You company has a ment policy.
Microsoft 365 subscription.To prevent your company
2 / 171
from receiving phishing email messages, create a
new mail flow rule.Select `No adjustment required` if
the underlined segment is accurate. If the underlined
segment is inaccurate, select the accurate option.
A. No adjustment required
B. Label policy.
C. Threat management policy.
D. Spam filter policy.
6. You work for a company manages all their identi- D. Set-EmailAd-

ties in the cloud.After acquiring a new domain name, dressPolicy
you are tasked with making sure that the primary
email address of all new mailboxes uses the new
domain.Which of the following is the Microsoft Ex-
change Online PowerShell cmdlet that you should
run?
A. Update-EmailAddressPolicy
B. Update-OfflineAddressBook
C. Set-AddressBookPolicy
D. Set-EmailAddressPolicy
7. You are responsible for your company's Microsoft C. Weekly

365 subscription.The company introduces a security
policy that requires DLP incident reports to be au-
tomatically sent to legal department users.You are
required to configure the reports to be delivered via
email as often you can.Which of the following is the
option you should use?
A. Annually
B. Monthly
C. Weekly
D. Quarterly
8. You have been tasked with detecting all users in your A. You should ac-
company's Microsoft 365 subscription who has a Mi- cess the Azure
crosoft Office 365 license as a result of belonging to portal, and navi-
a group.You need to make sure that the group used to gate to the Licens-
assign the license is included in your results.Which es blade.
of the following actions should you take?
3 / 171
A. You should access the Azure portal, and navigate
to the Licenses blade.
B. You should access the Microsoft 365 admin center,
and navigate to the Products blade.
C. You should access the Azure portal, and navigate
to the Monitor blade.
D. You should access the Microsoft 365 admin center,
and navigate to the Users blade.
9. You have previously accessed the Security & Compli- B. 30 days.

ance admin center to upload a number of archive PST
files to Microsoft 365.When you try to run an import
job for the PST files 45 days later, you find that they
have been removed from Microsoft 365.Which of the
following is the number of days that Microsoft 365
retains PST file before deleting them automatically?
A. 1 day.
B. 30 days.
C. 15 days.
D. 45 days.
10. You need to consider the underlined segment to es- A. No adjustment

tablish whether it is accurate.You have been tasked required.
with deploying a Windows 10 Enterprise image to a
large number of Windows 8.1 devices. These devices
are joined to an Active Directory domain.You use the
in-place upgrade Windows 10 deployment method for
the task.Select `No adjustment required` if the under-
lined segment is accurate. If the underlined segment
is inaccurate, select the accurate option.What should
you recommend?
A. No adjustment required.
B. Windows Autopilot
C. Windows Update
D. Azure AD Connect
11. Note: The question is included in a number of ques- B. No

4 / 171
lution satisfies the requirements.Your company cur-
rently has an on-premises Active Directory forest.You
have been tasked with assessing the application of
Microsoft 365 and the utilization of an authentica-
tion strategy.You have been informed that the au-
thentication strategy should permit sign in via smart
card-based certificates, and also permitting the use
of SSO to connect to on-premises and Microsoft
365 services.Solution: You recommend the use of
pass-through authentication and seamless SSO with
password hash synchronization as the authentica-
tion strategy.Does the solution meet the goal? Yes or
no?
12. Note: The question is included in a number of ques- B. No

of SSO to connect to on-premises and Microsoft 365
services.Solution: You recommend the use of pass-
word hash synchronization and seamless SSO as the
authentication strategy.Does the solution meet the
goal?
A. Yes
B. No
13. Note: The question is included in a number of ques- A. Yes

5 / 171
of SSO to connect to on-premises and Microsoft 365
services.Solution: You recommend the use of feder-
ation with Active Directory Federation Services (AD
FS) as the authentication strategy.Does the solution
meet the goal?
A. Yes
B. No
14. Your company's Microsoft Azure Active Directory A. The users with
(Azure AD) tenant includes four users. Three of the the Password ad-
users are each configured with the Password admin- ministrator and the
istrator,Security administrator, and the User adminis- User administrator
trator roles respectively. The fourth user has no role roles.
configured.Which of the following are the users that
are able to reset the password of the fourth user?
A. The users with the Password administrator and the
User administrator roles.
B. The users with the Security administrator and the
User administrator roles.
C. The users with the Password administrator and the
Security administrator roles.
D. The user with the Password administrator role only.
15. Your network contains an Active Directory domain A. 1

that spans a number of cities and a multitude of
users.After acquiring Microsoft 365, you intend to
deploy quite a few Microsoft 365 services.You want
to make sure that pass-through authentication and
seamless SSO can be used in your environment. You
also decide that Azure AD Connect won't be config-
ured to be in staging mode.With regards to redun-
dancy limits, which of the following is the maximum
amount of servers that can run Azure AD Connect?
A. 1
B. 3
6 / 171
C. 5
D. 7
16. Your network contains an Active Directory domain D. 13

that spans a number of cities and a multitude of
users.After acquiring Microsoft 365, you intend to
deploy quite a few Microsoft 365 services.You want
to make sure that pass-through authentication and
seamless SSO can be used in your environment. You
also decide that Azure AD Connect won't be config-
ured to be in staging mode.With regards to redundan-
cy limits, which of the following is the most amount
of servers that can run standalone Authentication
Agents?
A. 7
B. 9
C. 11
D. 13
17. Your company's Microsoft Azure Active Directory B. The User ad-
(Azure AD) tenant includes four users that are con- ministrator role.
figured with the Privileged role administrator, the
User administrator, the Security administrator, and
the Billing administrator roles respectively.A security
group has been included in the tenant for the pur-
pose of managing administrative accounts.Which of
the four roles can be used to create a guest user
account?
A. The Privileged role administrator role.
B. The User administrator role.
C. The Security administrator role.
D. The Billing administrator role.
Hide Solution
18. Your company's Microsoft Azure Active Directory B. The User ad-
(Azure AD) tenant includes four users that are con- ministrator role.
figured with the Privileged role administrator, the
User administrator, the Security administrator, and
the Billing administrator roles respectively.A security
7 / 171
group has been included in the tenant for the purpose
of managing administrative accounts.Which of the
four roles can be used to add a user with the Security
administrator role to the security group?
A. The Privileged role administrator role.
B. The User administrator role.
C. The Security administrator role.
D. The Billing administrator role.
19. Your company has an Active Directory domain as well C. Start-ADSync-

as a Microsoft Azure Active Directory (Azure AD) ten- SyncCycle
ant.After configuring directory synchronization for all
users in the organization, you configure a number of
new user accounts to be created automatically.You
want to run a command to make sure that the new
user accounts synchronize to Azure AD in the short-
est time required.Which of the following is the com-
mand that you should use?
A. New-ADSyncRule
B. Set-ADSyncSchedulerConnectorOverride
C. Start-ADSyncSyncCycle
D. Set-ADSyncSchema
20. Your company's Microsoft Azure Active Directory A. The user with
(Azure AD) tenant includes four users. Two of the the Global admin-
users are configured with the Global administrator, istrator role.
Password administrator roles respectively. A third C. The user
user has both the Security administrator and the with the Secu-
Guest inviter roles configured. The fourth user has no rity administrator
roles configured.Which of the following is the user and Guest inviter
that has the necessary permissions to alter the pass- roles.
word protection policy? (Choose all that apply.)
A. The user with the Global administrator role.
B. The user with the Password administrator role.
C. The user with the Security administrator and Guest
inviter roles.
D. The user with no roles.
21.
8 / 171
Your company's Microsoft Azure Active Directory A. The user with
(Azure AD) tenant includes four users. Two of the the Global admin-
users are configured with the Global administrator, istrator role.
Password administrator roles respectively. A third C. The user
user has both the Security administrator and the with the Secu-
Guest inviter roles configured. The fourth user has no rity administrator
roles configured.Which of the following is the user and Guest inviter
that has the necessary permissions to create guest roles.
users? (Choose all that apply.)
A. The user with the Global administrator role.
B. The user with the Password administrator role.
C. The user with the Security administrator and Guest
inviter roles.
D. The user with no roles.
22. You have been tasked with enable Microsoft Azure D. The
Information Protection for your company's Microsoft Set-AadrmOn-
365 subscription.You are informed that only the mem- boardingCon-
bers of a group, named Group1, are able to protect trolPolicy cmdlet.
content. To achieve your goal, you plan to run a Pow- Hide Solution Dis-
erShell cmdlet.Which of the following is the cmdlet cussion 1
you should run?
A. The Add-AadrmRoleBaseAdministrator cmdlet.
B. The Set-AadrmDoNotTrackUserGroup cmdlet.
C. The Clear-AadrmSuperUserGroup cmdlet.
D. The Set-AadrmOnboardingControlPolicy cmdlet.
23. Your company has acquired Microsoft 365 for their B. No

Active Directory domain, which includes five domain
controllers.Prior to implementing a number of Mi-
crosoft 365 services, you are tasked with making
use of an authentication solution that allows users
to access Microsoft 365 by using their on-premis-
es credentials. The solution should also only make
use of the current server infrastructure. Furthermore,
must allow for all user passwords to only be stored
on-premises, and be highly available.Solution: You
configure the use of password hash synchronization
9 / 171
only.Does the solution meet the goal?
A. Yes
B. No
24. Your company has acquired Microsoft 365 for their A. Yes
configure the use of pass-through authentication
only.Does the solution meet the goal?
A. Yes
B. No
25. Your company has acquired Microsoft 365 for their B. No

configure the use of pass-through authentication and
seamless SSO.Does the solution meet the goal?
A. Yes
B. No
26. Your company has a Microsoft Azure Active Directo- B. 90 days

ry (Azure AD) tenant with multi-factor authentication
enabled.You have also configured the Allow users to
submit fraud alerts, and the Block user when fraud is
reported settings to ON.A tenant user has submitted
10 / 171
a fraud alert for his account.Which of the following is
the length of time that the user's account will auto-
matically be blocked for?
A. 24 hours
B. 90 days
C. 1 month
D. 1 week
27. Your company has a Microsoft Azure Active Directo- A. 0

ry (Azure AD) tenant with multi-factor authentication
enabled.You have also configured the Allow users to
submit fraud alerts, and the Block user when fraud is
reported settings to ON.A tenant user has submitted
a fraud alert for his account. After receiving an alert
call, the user needs to enter a special code followed
by #.Which of the following is default special code?
A. 0
B. 9
C. 0000
D. 1234
28. Your company has a Microsoft Office 365 subscrip- D. You should
tion with a number of Microsoft SharePoint Online modify the shar-
sites.Currently, users are able to invite external users ing settings via the
to access files on the SharePoint sites. You are tasked SharePoint admin
with making sure that users are only able to authen- center.
ticated guest users to the SharePoint sites.Which of
the following actions should you take?
A. You should create a threat management policy via
the Security & Compliance admin center.
B. You should run the Set-SPOSite cmdlet.
C. You should run the Add-SPOUser cmdlet.
D. You should modify the sharing settings via the
SharePoint admin center.
29. Your company has a Microsoft 365 subscription.You D. You should

have been tasked with configuring external collabo- make sure that the
ration settings for your company's Microsoft Azure Admins and users
Active Directory (Azure AD) tenant.You want to make in the guest inviter
11 / 171
sure that authorized users are able to create guest role can invite set-
users in the tenant.Which of the following actions ting is set to Yes.
should you take?Which setting should you modify?
A. You should make sure that the Guests can invite
setting is set to NO.
B. You should make sure that the Guest users permis-
sions are limited setting is set to Yes.
C. You should make sure that the Members can invite
setting is set to NO.
D. You should make sure that the Admins and users
in the guest inviter role can invite setting is set to Yes.
30. After acquiring a Microsoft 365 subscription, you con- B. Get-MsolUser

figure the use of Microsoft Azure Multi-Factor Authen-
tication (MFA) for all users in the Azure Active Direc-
tory(Azure AD) tenant.You want to produce a report
that includes all the users who finished the Azure
MFA registration process. You want to make use of
an Azure Cloud Shell cmdlet.Which of the following
is the cmdlet you should use?
A. Get-AzureADUser
B. Get-MsolUser
C. New-AzureADMSInvitation
D. Set-MsolUserPrincipalName
31. You need to consider the underlined segment to es- B. user sign-ins
tablish whether it is accurate.You have recently con-
figured a conditional access policy to force mobile
device users to use multi-factor authentication when
accessing Microsoft SharePoint.To check who used
multi-factor authentication to authenticate, you view
the Usage reports from Azure Active Directory admin
center.Select `No adjustment required` if the under-
is inaccurate, select the accurate option.
B. user sign-ins
C. event logs
12 / 171
D. audit logs
Hide Solution
32. Your company has an Enterprise E5 subscription of D. You should cre-

Microsoft 365.You have been tasked with making sure ate a sign-in risk
that sales department users are compelled to make policy.
use of multi-factor authentication for all cloud-based
applications.Which of the following actions should
you take?
A. You should create an DLP.
B. You should create a new app registration.
C. You should create a session policy.
D. You should create a sign-in risk policy.
33. Your company has a Microsoft 365 subscription.Af- C. An Azure AD

ter implementing Active Directory Federation Ser- Connect server.
vices (AD FS), you are instructed to configure AD
FS user authentication auditing.You are preparing to
run the Register-AzureADConnectHealthSyncAgent
cmdlet.Which of the following is the server that the
cmdlet should be run from?NOTE: Each correct se-
lection is worth one point.
A. A member server.
B. A domain controller.
C. An Azure AD Connect server.
D. An AD FS server.

tablish whether it is accurate.Your company has de- required
ployed a Microsoft 365 tenant and to implemented
multi-factor authentication.They have four offices, of
which one houses the R&D department. You have
been asked to make sure that multi-factor authentica-
tion is compulsory only for users in the office houses
the R&D department.You create a conditional access
policy.Select `No adjustment required` if the under-
is inaccurate, select the accurate option.
13 / 171
B. password protection
C. DLP
D. label
35. Your company has configured all user email to be B. No

stored in Microsoft Exchange Online.You have been
tasked with keeping a duplicate of all the email mes-
sages from a specified user that includes a specific
word.Solution: You start by creating a spam filter pol-
icy via the Security & Compliance admin center.Does
the solution meet the goal?
A. Yes
B. No
36. Your company has configured all user email to be

word.Solution: You start by initiating a message trace
via the Security & Compliance admin center.Does the
solution meet the goal?
A. Yes
B. No
37. Your company has configured all user email to be B. No

word.Solution: You start by initiating a message trace
via the Security & Compliance admin center.Does the
solution meet the goal?
A. Yes
B. No
38. Your company has configured all user email to be A. Yes

sages from a specified user that includes a specif-
ic word.Solution: You start by creating a label and
label policy via the Security & Compliance admin
14 / 171
center.Does the solution meet the goal?
A. Yes
B. No
39. Your company has a Microsoft 365 subscription.You D. A supervisor

have previously created a group that includes users policy.
who send email messages to external users on a reg-
ular basis. The group's manager would like to group
wants to examine messages that include attachments
at random.You are required to make sure that the
manager can achieve his goal, but only make ten
out of a hundred messages accessible to him.You
need to provide the manager with the ability to review
messages that contain attachments sent from the
Support group users to external users. The manager
must have access to only 10 percent of the mes-
sages.Which of the following should you create?
A. A label policy.
B. A conditional access policy.
C. A DLP policy.
D. A supervisor policy.

tablish whether it is accurate.Your company has re- required
cently acquired a new sales application.You navigate
to the Discovered apps page in Cloud Discovery via
Microsoft Cloud App Security to check the applica-
tion's score. You then notice that a number of the ap-
plications have a low score as a result of omitted do-
main registration and consumer popularity data.You
want to make sure that the score is not affected by
the omitted data.You have to configure app tags via
the Cloud Discover settingsSelect `No adjustment
required` if the underlined segment is accurate. If the
underlined segment is inaccurate, select the accurate
option.What should you configure from the?
B. a label
15 / 171
C. App Connector flow
D. a custom key
41. You have been tasked with migrating your company's C. 150
on-premises Microsoft Exchange Server 2013 orga-
nization to Microsoft 365.You plan to make use of
the cutover migration method.Which of the following
is the maximum recommended number of mailboxes
that you should migrate?
A. 2000
B. 1000
C. 150
D. 75
42. You have recently created a Microsoft 365 Enterprise B. An XML down-
subscription and assigned all users licenses for all load file.
products.You want to configure all Microsoft Office
365 ProPlus installations to be done via a network
share. You also want to make sure that users are
prevented from using the Internet to install Office 365
ProPlus.Which of the following is the type of file that
you should create?NOTE: Each correct selection is
worth one point.
A. An HTML download file.
B. An XML download file.
C. An HTTP download file.
D. An EXE download file.
43. You have recently created a Microsoft 365 subscrip- C. Six monthly
tion.You have prepared an XML file for the upcoming
Microsoft Office 365 ProPlus deployment.The Chan-
nel attribute for the OfficeClientEdition attribute is set
to Broad, while the Channel attribute for the Updates
element is set to Targeted.Which of the following the
following is the frequency with which the installation
of Office 365 ProPlus feature updates will occur?
A. Weekly.
B. Monthly
16 / 171
C. Six monthly
D. Annually
44. You have recently created a Microsoft 365 subscrip- B. March and Sep-
tion.You have prepared an XML file for the upcoming tember
Microsoft Office 365 ProPlus deployment.The Chan-
nel attribute for the OfficeClientEdition attribute is set
to Broad, while the Channel attribute for the Updates
element is set to Targeted.Which of the following the
following are the months of the year that security
updates will be installed?
A. January and July.
B. March and September
C. June and December
D. April and October
45. Your company's network contains two Active Directo- D. A new service
ry forests, with two domains configured per forest. All connection point
workstations are domain-joined and have Windows (SCP).
10 installed.You have created a Microsoft Azure Ac-
tive Directory (Azure AD) tenant in preparation for
configuring Hybrid Azure AD join for the worksta-
tions.You want to make sure that the tenant can be
discovered by the workstations.Which of the follow-
ing should you create in each forest?
A. A migration endpoint.
B. A new conditional access policy.
C. A new trust relationship.
D. A new service connection point (SCP).
46. After your company acquires a Microsoft 365 sub- B. IMAP migration
scription, they instruct you to move all email data
from their corporate Gmail to Microsoft Exchange
Online.The migration will be done via the Exchange
admin center.Which of the following is the migration
method you should use?
A. Exchange Hybrid
B. IMAP migration
17 / 171
C. Cutover
D. Express migration
47. After your company acquires a Microsoft 365 sub- B. Only email data
scription, they instruct you to move all email data will be migrated.
from their corporate Gmail to Microsoft Exchange
Online.The migration will be done via the Exchange
admin center.Which of the following is TRUE with
regards to the data included in the migration?
A. All data will be migrated.
B. Only email data will be migrated.
C. Email and task data will be migrated.
D. Email and contact data will be migrated.
48. Note: This question is part of a series of questions B. No

that present the same scenario. Each question in the
series contains a unique solution that might meet the
stated goals. Some question sets might have more
than one correct solution, while others might not
have a correct solution.After you answer a question
in this section, you will NOT be able to return to it.
As a result, these questions will not appear in the re-
view screen.Your company has a Microsoft Office 365
tenant.You suspect that several Office 365 features
were recently updated.You need to view a list of the
features that were recently updated in the tenant.So-
lution: You use the View service requests option in the
Microsoft 365 admin center.Does this meet the goal?
A. Yes
B. No

As a result, these questions will not appear in the
18 / 171
review screen.Your company has a Microsoft Office
365 tenant.You suspect that several Office 365 fea-
tures were recently updated.You need to view a list
of the features that were recently updated in the ten-
ant.Solution: You use Dashboard in Security & Com-
pliance.Does this meet the goal?
A. Yes
B. No
50. Note: This question is part of a series of questions A. Yes

lution: You use Message center in the Microsoft 365
admin center.Does this meet the goal?
A. Yes
B. No

lution: You review the Security & Compliance report
19 / 171
in the Microsoft 365 admin center.Does this meet the
goal?
A. Yes
B. No
52. You recently migrated your on-premises email solu- D. 200 Microsoft
tion to Microsoft Exchange Online and are evaluating 365 E3 and 50 Mi-
which licenses to purchase.You want the members crosoft 365 E5
of two groups named IT and Managers to be able to
use the features shown in the following table.The IT
group contains 50 users. The Managers group con-
tains 200 users.You need to recommend which li-
censes must be purchased for the planned solution.
The solution must minimize licensing costs.Which
licenses should you recommend?
A. 250 Microsoft 365 E3 only
B. 50 Microsoft 365 E3 and 200 Microsoft 365 E5
C. 250 Microsoft 365 E5 only
D. 200 Microsoft 365 E3 and 50 Microsoft 365 E5
53. You have a Microsoft 365 tenant that contains Mi- B. From the
crosoft Exchange Online.You plan to enable calen- Exchange admin
dar sharing with a partner organization named ada- center, create a
tum.com. The partner organization also has a Mi- new organization
crosoft 365 tenant.You need to ensure that the cal- relationship.
endar of every user is available to the users in ada-
tum.com immediately.What should you do?
A. From the Exchange admin center, create a sharing
policy.
B. From the Exchange admin center, create a new
organization relationship.
C. From the Microsoft 365 admin center, modify the
Organization profile settings.
D. From the Microsoft 365 admin center, configure
external site sharing.
Reveal Solution Discussion 12
54. Your company has an on-premises Microsoft Ex-

change Server 2016 organization and a Microsoft 365
20 / 171
Enterprise subscription.You plan to migrate mailbox- C. Modify the mi-
es and groups to Exchange Online.You start a new gration endpoint
migration batch.Users report slow performance when settings.
they use the on-premises Exchange Server organiza-
tion.You discover that the migration is causing the
slow performance.You need to reduce the impact of
the mailbox migration on the end-users.What should
you do?
A. Create a mail flow rule.
B. Configure back pressure.
C. Modify the migration endpoint settings.
D. Create a throttling policy.
55. You have a Microsoft 365 subscription.You need to C. From the Secu-
prevent phishing email messages from being deliv- rity & Compliance
ered to your organization.What should you do? admin center, cre-
A. From the Exchange admin center, create an ate a new threat
anti-malware policy. management poli-
B. From the Security & Compliance admin center, cy.
create a DLP policy.
C. From the Security & Compliance admin center,
create a new threat management policy.
D. From the Exchange admin center, create a spam
filter policy.
56. our company has a Microsoft 365 subscription. All C. From the Mi-
identities are managed in the cloud.The company crosoft 365 ad-
purchases a new domain name.You need to ensure min center, select
that all new mailboxes use the new domain as their Setup, and then
primary email address.What are two possible ways configure the do-
to achieve the goal? Each correct answer presents mains.
a complete solution.NOTE: Each correct selection is E. From the Azure
worth one point. Active Directory
A. Run the Update-EmailAddressPolicy Windows admin center, con-
PowerShell command figure the custom
B. From the Exchange admin center, select mail flow, domain names.
and then configure the email address policies.
C. From the Microsoft 365 admin center, select Setup,
and then configure the domains.
21 / 171
D. Run the Set-EmailAddressPolicy Windows Power-
Shell command.
E. From the Azure Active Directory admin center, con-
figure the custom domain names.
57. You have a Microsoft 365 subscription.A new corpo- C. weekly

rate security policy states that you must automati-
cally send DLP incident reports to the users in the
legal department.You need to schedule the email de-
livery of the reports. The solution must ensure that
the reports are sent as frequently as possible.How
frequently can you schedule the delivery of the re-
ports?
A. hourly
B. monthly
C. weekly
D. daily
58. Your company has a Microsoft 365 subscription.You A. the Licenses

need to identify all the users in the subscription who blade in the Azure
are licensed for Microsoft Office 365 through a group portal
membership. The solution must include the name of
the group used to assign the license.What should you
use?
A. the Licenses blade in the Azure portal
B. Reports in the Microsoft 365 admin center
C. Active users in the Microsoft 365 admin center
D. Reports in Security & Compliance admin center
59. Your company has a Microsoft 365 subscription.You B. PST files are
upload several archive PST files to Microsoft 365 deleted automat-
by using the Security & Compliance admin center.A ically from Mi-
month later, you attempt to run an import job for the crosoft 365 after
PST files.You discover that the PST files were deleted 30 days.
from Microsoft 365.What is the most likely cause of
the files being deleted? More than one answer choice
may achieve the goal. Select the BEST answer.
A. The PST files were corrupted and deleted by Mi-
crosoft 365 security features.
22 / 171
B. PST files are deleted automatically from Microsoft
365 after 30 days.
C. The size of the PST files exceeded a storage quota
and caused the files to be deleted.
D. Another administrator deleted the PST files.
60. Your company has a main office and 20 branch offices D. In the branch
in North America and Europe. Each branch connects offices, configure
to the main office by using a WAN link. All the of- name resolution
fices connect to the Internet and resolve external host so that all queries
names by using the main office connections.You plan for external host
to deploy Microsoft 365 and to implement a direct names are redi-
Internet connection in each office.You need to rec- rected to public
ommend a change to the infrastructure to provide DNS servers di-
the quickest possible access to Microsoft 365 ser- rectly.
vices.What is the best recommendation to achieve
the goal? More than one answer choice may achieve
the goal. Select the BEST answer.
A. For all the client computers in the branch offices,
modify the MTU setting by using a Group Policy ob-
ject (GPO).
B. In each branch office, deploy a proxy server that
has user authentication enabled.
C. In each branch office, deploy a firewall that has
packet inspection enabled.
D. In the branch offices, configure name resolution so
that all queries for external host names are redirected
to public DNS servers directly.
61. Your network contains an Active Directory forest C. From Active Di-
named adatum.local. The forest contains 500 users rectory Users and
and uses adatum.com as a UPN suffix.You deploy Computers, modi-
a Microsoft 365 tenant.You implement directory syn- fy the UPN suffix
chronization and sync only 50 support users.You dis- of the five user ac-
cover that five of the synchronized users have user- counts.
names that use a UPN suffix of onmicrosoft.com.You
need to ensure that all synchronized identities retain
the UPN set in their on-premises user account.What
should you do?
23 / 171
A. From the Microsoft 365 admin center, add ada-
tum.com as a custom domain name.
B. From Windows PowerShell, run the Set-ADDomain
Ò€"AllowedDNSSuffixes adatum.com command.
C. From Active Directory Users and Computers, mod-
ify the UPN suffix of the five user accounts.
D. From the Microsoft 365 admin center, add ada-
tum.local as a custom domain name.
62. Your company has on-premises servers and a Mi- A. From Windows
crosoft Azure Active Directory (Azure AD) tenant.Sev- PowerShell, run
eral months ago, the Azure AD Connect Health agent the
was installed on all the servers.You review the health Register-AzureAD-
status of all the servers regularly.Recently, you at- ConnectHealth-
tempted to view the health status of a server named SyncAgent
Server1 and discovered that the server is NOT list- cmdlet.
ed on the Azure Active Directory ConnectServers E. From Serv-
list.You suspect that another administrator removed er1, reinstall the
Server1 from the list.You need to ensure that you can Azure AD Connect
view the health status of Server1.What are two pos- Health agent.
sible ways to achieve the goal? Each correct answer
presents a complete solution.NOTE: Each correct se-
A. From Windows PowerShell, run the Regis-
ter-AzureADConnectHealthSyncAgent cmdlet.
B. From Azure Cloud shell, run the Connect-AzureAD
cmdlet.
C. From Server1, change the Azure AD Connect
Health services Startup type to Automatic (Delayed
Start).
D. From Server1, change the Azure AD Connect
Health services Startup type to Automatic.
E. From Server1, reinstall the Azure AD Connect
Health agent.
63. You have a Microsoft 365 subscription.You suspect A. From the Mi-
that several Microsoft Office 365 applications or ser- crosoft 365 ad-
vices were recently updated.You need to identify min center, review
which applications or services were recently up- the Message cen-
24 / 171
dated.What are two possible ways to achieve the ter blade.
goal? Each correct answer presents a complete solu- B. From the Office
tion.NOTE: Each correct selection is worth one point. 365 Admin mobile
A. From the Microsoft 365 admin center, review the app, review the
Message center blade. messages.
B. From the Office 365 Admin mobile app, review the
messages.
C. From the Microsoft 365 admin center, review the
Products blade.
D. From the Microsoft 365 admin center, review the
Service health blade.

ant.Solution: You use Monitoring and reports from the
Compliance admin center.Does this meet the goal?
A. Yes
B. No

review screen.Your network contains an Active Direc-
tory domain named contoso.com that is synced to Mi-
25 / 171
crosoft Azure Active Directory (Azure AD).You man-
age Windows 10 devices by using Microsoft System
Center Configuration Manager (Current Branch).You
configure a pilot for co-management.You add a new
device named Device1 to the domain. You install the
Configuration Manager client on Device1.You need to
ensure that you can manage Device1 by using Mi-
crosoft Intune and Configuration Manager.Solution:
You add Device1 to an Active Directory group.Does
this meet the goal?
A. Yes
B. No

in this section, you will NOT be able to return to it. As
a result, these questions will not appear in the review
screen.Your network contains an Active Directory do-
main named contoso.com that is synced to Microsoft
Azure Active Directory (Azure AD).You manage Win-
dows 10 devices by using Microsoft System Center
Configuration Manager (Current Branch).You config-
ure a pilot for co-management.You add a new device
named Device1 to the domain. You install the Con-
figuration Manager client on Device1.You need to en-
sure that you can manage Device1 by using Microsoft
Intune and Configuration Manager.Solution: Define a
Configuration Manager device collection as the pilot
collection. Add Device1 to the collection.Does this
meet the goal?
A. Yes
B. No

26 / 171
review screen.Your network contains an Active Direc-
tory domain named contoso.com that is synced to Mi-
crosoft Azure Active Directory (Azure AD).You man-
age Windows 10 devices by using Microsoft System
Center Configuration Manager (Current Branch).You
configure a pilot for co-management.You add a new
device named Device1 to the domain. You install the
Configuration Manager client on Device1.You need to
ensure that you can manage Device1 by using Mi-
crosoft Intune and Configuration Manager.Solution:
You create a device configuration profile from the
Intune admin center.Does this meet the goal?
A. Yes
B. No
68. https://gyazo.com/f9883dcf- https://gya-

fc4e3668fd0bcde5bd5e24b6 zo.com/c3d487f504ac
69. https://gya- https://gya-

zo.com/455167c398fcd88c8305f20f098b50c5 zo.com/62524d74cb48

zo.com/ccdf1c22442a61c2e5ba0fe48e10a2e2 zo.com/d43506301f65
71. You have a Microsoft 365 subscription.You configure D. user overrides

a data loss prevention (DLP) policy.You discover that
users are incorrectly marking content as false posi-
tive and bypassing the DLP policy.You need to pre-
vent the users from bypassing the DLP policy.What
should you configure?
A. actions
B. exceptions
C. incident reports
D. user overrides
27 / 171
72. https://gya- D. an exception

zo.com/704848624bb417a308643f55857a0180
You need to ensure that internal users can email
documents that contain US bank account numbers
to external users who have an email suffix of con-
toso.com.What should you configure?
A. an action
B. a group
C. a condition
D. an exception
73. Your company uses on-premises Windows Server A. From the Share-
File Classification Infrastructure 9FCI). Some doc- Point admin cen-
uments on the on-premises file servers are clas- ter, create a man-
sifies asConfidential.You migrate the files from the aged property.
on-premises file servers to Microsoft SharePoint On-
line.You need to ensure that you can implement data
loss prevention (DLP) policies for the uploaded files
based on the Confidential classification.What should
you do first?
A. From the SharePoint admin center, create a man-
aged property.
B. From the SharePoint admin center, configure hy-
brid search.
C. From the Security & Compliance Center Power-
Shell, run the New-DlpComplianceRule cmdlet.
D. From the Security & Compliance Center Power-
Shell, run the New-DataClassification cmdlet.

zo.com/28ef0a649098dc2a53e26bf74bf59d82 zo.com/c2cdba1c5020
75. Your company has 10 offices.The network contains A. a provisioning

an Active Directory domain named contoso.com. The package
domain contains 500 client computers. Each office
is configured as a separate subnet.You discover that
one of the offices has the following: Computers that
have several preinstalled applications Computers
that use nonstandard computer names Computers
28 / 171
that have Windows 10 preinstalled Computers that
are in a workgroupYou must configure the comput-
ers to meet the following corporate requirements: All
the computers must be joined to the domain. All the
computers must have computer names that use a pre-
fix of CONTOSO. All the computers must only have
approved corporate applications installed.You need
to recommend a solution to redeploy the computers.
The solution must minimize the deployment time.
A. a provisioning package
B. wipe and load refresh
C. Windows Autopilot
D. an in-place upgrade
76. You have a Microsoft 365 subscription.You recent- B. Deploy Win-

ly configured a Microsoft SharePoint Online tenant dows Defender
in the subscription.You plan to create an alert poli- Advanced Threat
cy.You need to ensure that an alert is generated only Protection (Win-
when malware is detected in more than five docu- dows Defender
ments stored in SharePoint Online during a period of ATP).
10 minutes.What should you do first?
A. Enable Microsoft Office 365 Cloud App Security.
B. Deploy Windows Defender Advanced Threat Pro-
tection (Windows Defender ATP).
C. Enable Microsoft Office 365 Analytics.
77. https://gya- B. From the Con-

zo.com/cad5d2255797ebdee7e6df7b8576fa25 ditional access
blade in the Azure
Active Directory
admin center, cre-
ate named loca-
tions.

zo.com/4a5dd0ea646b66f18c86b2f5c742271d zo.com/c102270c817f

zo.com/d308aa2c3a9098dc89645d9106a9f54f zo.com/0b4a7d386f85
29 / 171
80. You have a Microsoft 365 tenant.You have a A. From Microsoft
line-of-business application named App1 that users Cloud App Se-
access by using the My Apps portal.After some re- curity, modify the
cent security breaches, you implement a conditional impossible travel
access policy for App1 that uses Conditional Access alert policy.
App Control.You need to be alerted by email if im-
possible travel is detected for a user of App1. The
solution must ensure that alerts are generated for
App1 only.What should you do?
A. From Microsoft Cloud App Security, modify the
impossible travel alert policy.
B. From Microsoft Cloud App Security, create a Cloud
Discovery anomaly detection policy.
C. From the Azure Active Directory admin center,
modify the conditional access policy.
D. From Microsoft Cloud App Security, create an app
discovery policy.
81. Your network contains an on-premises Active Direc- A. Deploy an

tory domain.Your company has a security policy that Azure ATP stand-
prevents additional software from being installed on alone sensor, and
domain controllers.You need to monitor a domain then configure
controller by using Microsoft Azure Advanced Threat port mirroring.
Protection (ATP).What should you do? More than
once choice may achieve the goal. Select the BEST
answer.
A. Deploy an Azure ATP standalone sensor, and then
configure port mirroring.
B. Deploy an Azure ATP standalone sensor, and then
configure detections.
C. Deploy an Azure ATP sensor, and then configure
detections.
D. Deploy an Azure ATP sensor, and then configure
port mirroring.
82. Your network contains an on-premises Active Direc- B. Offboard the

tory domain named contoso.com. The domain con- test devices
tains 1,000 Windows 10 devices.You perform a proof
of concept (PoC) deployment of Windows Defender
30 / 171
Advanced Threat Protection (ATP) for 10 test devices.
During the onboarding process, you configure Win-
dows Defender ATP-related data to be stored in the
United States.You plan to onboard all the devices to
Windows Defender ATP data in Europe.What should
you do first?
A. Create a workspace
B. Offboard the test devices
C. Delete the workspace
D. Onboard a new device
83. https://gya- E. 72 hours

zo.com/84af9bba3ce1a0ad54179aad1763dbaa
84. Your company has a Microsoft 365 E3 subscrip- A. Subscription

tion.All devices run Windows 10 Pro and are joined Activation
to Microsoft Azure Active Directory (Azure AD).You
need to change the edition of Windows 10 to En-
terprise the next time users sign in to their com-
puter. The solution must minimize downtime for the
users.What should you use?
A. Subscription Activation
B. Windows Update
C. Windows Autopilot

zo.com/ded6a79a5c9ad6faa13cce2a14ef279d zo.com/1e09884ff95fa

zo.com/cc55a6a211a62fc129a66f64186cfc40 zo.com/58680d4cfa3cf
87. Your network contains an Active Directory domain A. Wipe and load
named contoso.com. The domain contains 1000 Win- refresh
dows 8.1 devices.You plan to deploy a custom Win-
dows 10 Enterprise image to the Windows 8.1 de-
vices.You need to recommend a Windows 10 deploy-
ment method.What should you recommend?
A. Wipe and load refresh
B. Windows Autopilot
31 / 171
C. a provisioning package
88. You use Microsoft System Center Configuration man- C. Windows 10

ager (Current Branch) to manage devices.Your com- only
pany uses the following types of devices: Windows
10 Windows 8.1 Android iOSWhich devices can be
managed by using co-management?
A. Windows 10 and Windows 8.1 only
B. Windows 10, Android, and iOS only
C. Windows 10 only
D. Windows 10, Windows 8.1, Android, and iOS

zo.com/1cc4665f8de153067e697f62330d60f7 zo.com/ddb-
debd8da489166e6424
90. Your company has 20 employees. Each employee D. IMAP migration

has a mailbox hosted in Outlook.com.The company
purchases a Microsoft 365 subscription.You plan to
migrate all the mailboxes to Microsoft 365.You need
to recommend which type of migration to use for the
mailboxes.What should you recommend?
A. staged migration
B. cutover migration
C. minimal hybrid migration
D. IMAP migration
91. Your network contains an on-premises Active Direc- B. Microsoft

tory domain named contoso.com that is synced to SharePoint Migra-
a Microsoft Azure Active Directory (Azure AD) ten- tion Tool
ant.The on-premises network contains a file server Oh baby
named Server1. Server1 has a share named Share1
that contains company documents.Your company
purchases a Microsoft 365 subscription.You plan to
migrate data from Share1 to Microsoft 365. Only data
that was created or modified during the last three
months will be migrated.You need to identify all the
files in Share1 that were modified or created during
the last 90 days.What should you use?
32 / 171
A. Server Manager
B. Microsoft SharePoint Migration Tool
C. Resource Monitor
D. Usage reports from the Microsoft 365 admin center
92. Your company has two offices. The offices are lo- B. From the Mi-
cated in Seattle and New York.The company uses crosoft 365 admin
a third-party email system.You implement Microsoft center, add the
365.You move all the users in the Seattle office to adatum.com do-
Exchange Online. You configure Microsoft 365 to suc- main. From the
cessfully receive all the email messages sent to the Exchange admin
Seattle office users.All the users in the New York of- center, configure
fice continue to use the third-party email system.The adatum.com as an
users use the email domains shown in the following internal relay do-
table.You need to ensure that all the email messages main.
sent to the New York office users are delivered suc-
cessfully. The solution must ensure that all the email
messages for the users in both offices are routed
through Microsoft 365.You create the required DNS
records and Send connectors.What should you do
next from Microsoft 365?
A. From the Microsoft 365 admin center, set the de-
fault domain. From the Exchange admin center, cre-
ate a transport rule for all the email messages sent to
adatum.com.
B. From the Microsoft 365 admin center, add the ada-
tum.com domain. From the Exchange admin center,
configure adatum.com as an internal relay domain.
C. From the Microsoft 365 admin center, add the ada-
tum.com domain. From the Exchange admin center,
configure adatum.com as an authoritative domain.
D. From the Microsoft 365 admin center, set the de-
fault domain. From the Exchange admin center, con-
figure adatum.com as a remote domain.

zo.com/d45682a882b82be22aac581f215c4fed zo.com/6949fea3a3d3
94.
33 / 171
SIMULATION -Please wait while the virtual machine You need to add
loads. Once loaded, you may proceed to the lab sec- the contoso.com
tion. This may take a few minutes, and the wait time domain to
will not be deducted from your overall test time.When Microsoft 365
the Next button is available, click it to access the then set the
lab section. In this section, you will perform a set of domain as the
tasks in a live environment. While most functionality default.1. In the
will be available to you as it would be in a live en- Admin Center,
vironment, some functionality (e.g., copy and paste, click Setup then
ability to navigate to external websites) will not be click Domains.2.
possible by design.Scoring is based on the outcome Click the Ò€˜ Add
of performing the tasks stated in the lab. In other DomainÒ€™
words, it doesn't matter how you accomplish the task, button.3. Type in
if you successfully perform it, you will earn credit the domain name
for that task.Labs are not timed separately, and this (contoso.com)
exam may have more than one lab that you must and click the
complete. You can use as much time as you would Ò€˜ Use this
like to complete each lab. But, you should manage domainÒ€™
your time appropriately to ensure that you are able button.4. The
to complete the lab(s) and all other sections of the question states
exam in the time provided.Please note that once that another
you submit your work by clicking the Next button administrator will
within a lab, you will NOT be able to return to the perform the
lab.You may now click next to proceed to the lab.Lab required
information -Use the following login credentials as information to
needed:To enter your username, place your cursor in your DNS zone.
the Sign in box and click on the username below.To Therefore, you
enter your password, place your cursor in the Enter just need to click
password box and click on the password below.Mi- the Ò€˜ VerifyÒ€™
crosoft 365 Username:admin@LODSe426243.onmi- button to verify
crosoft.comMicrosoft 365 Password: 3&YWyjse-6-dIf domain
the Microsoft 365 portal does not load successfully ownership.5. Click
in the browser, press CTRL-K to reload the portal Finish.6. In the
in a new browser tab.The following information is domains list,
for technical support purposes only:Lab Instance: select the
10887751 -You plan to create 1,000 users in your Mi- contoso.com
crosoft 365 subscription.You need to ensure that all domain.7. Select
the users can use the @contoso.com suffix in their Ò€˜ Set as
username.Another administrator will perform the re-
34 / 171
quired information to your DNS zone to complete the defaultÒ€™.
Refer-
operation. ences:https://docs.mic
95. SIMULATION -Please wait while the virtual machine You need to edit
loads. Once loaded, you may proceed to the lab sec- the Data Loss Pre-
tion. This may take a few minutes, and the wait time vention Policy to
will not be deducted from your overall test time.When disable the email
the Next button is available, click it to access the notifications.1. Go
lab section. In this section, you will perform a set of to https://protec-
tasks in a live environment. While most functionality tion.office.com or
will be available to you as it would be in a live en- navigate to the Se-
vironment, some functionality (e.g., copy and paste, curity & Compli-
ability to navigate to external websites) will not be ance admin cen-
possible by design.Scoring is based on the outcome ter.2. In the left
of performing the tasks stated in the lab. In other navigation pane,
words, it doesn't matter how you accomplish the task, expand Data Loss
if you successfully perform it, you will earn credit Protection and se-
for that task.Labs are not timed separately, and this lect Policy.3. Se-
exam may have more than one lab that you must lect the Data Loss
complete. You can use as much time as you would Prevention poli-
like to complete each lab. But, you should manage cy and click the
your time appropriately to ensure that you are able to Edit Policy but-
complete the lab(s) and all other sections of the exam ton.4. Click Policy
in the time provided.Please note that once you submit Settings in the left
your work by clicking the Next button within a lab, you navigation pane of
will NOT be able to return to the lab.You may now click the policy.5. Se-
next to proceed to the lab.Lab information -Use the lect the policy
following login credentials as needed:To enter your rule and click the
username, place your cursor in the Sign in box and Edit Rule button.6.
click on the username below.To enter your password, Scroll down to
place your cursor in the Enter password box and click the Ò€˜ User noti-
on the password below.Microsoft 365 Username:ad- ficationsÒ€™sec-
min@LODSe1211885.onmicrosoft.comMicrosoft 365 tion.7. Toggle the
Password: oL9z0=?Nq@oxIf the Microsoft 365 por- slider labelled Ò€-
tal does not load successfully in the browser, press Use Notifications
CTRL-K to reload the portal in a new browser tab.The to inform users-
following information is for technical support purpos- Ò€¦.Ò€to Off.8. Click
es only: Save to save the
changes to the
35 / 171
policy rule.9. Click
Save to save the
changes to the
policy.
96. You have a Microsoft 365 subscription.You add a do- A. From the
main named contoso.com.When you attempt to verify domain registrar,
the domain, you are prompted to send a verification modify the contact
email to admin@contoso.com.You need to change information of the
the email address used to verify the domain.What domain
should you do?
A. From the domain registrar, modify the contact in-
formation of the domain
B. Add a TXT record to the DNS zone of the domain
C. Modify the NS records for the domain
D. From the Microsoft 365 admin center, change the
global administrator of the Microsoft 365 subscrip-
tion
97. Your company uses email, calendar, contact, and task B. email
services in Microsoft Outlook.com.You purchase a
Microsoft 365 subscription and plan to migrate all
users from Outlook.com to Microsoft 365.You need to
identify which user data can be migrated to Microsoft
365.Which type of data should you identify?
A. task
B. email
C. calendar
D. contacts
98. SIMULATION -Please wait while the virtual machine Correct Answer:
loads. Once loaded, you may proceed to the lab sec- See explanation
tion. This may take a few minutes, and the wait time below.You need to
will not be deducted from your overall test time.When modify the default
the Next button is available, click it to access the remote domain.
lab section. In this section, you will perform a set of When you add
tasks in a live environment. While most functionality a remote domain,
will be available to you as it would be in a live en- you specify the do-
vironment, some functionality (e.g., copy and paste, main name and
36 / 171
ability to navigate to external websites) will not be the settings ap-
possible by design.Scoring is based on the outcome ply to that domain.
of performing the tasks stated in the lab. In other The default re-
words, it doesn't matter how you accomplish the task, mote domain ap-
if you successfully perform it, you will earn credit plies to all other
for that task.Labs are not timed separately, and this domains. There-
exam may have more than one lab that you must fore, we need to
complete. You can use as much time as you would disable Out of Of-
like to complete each lab. But, you should manage fice replies for ex-
your time appropriately to ensure that you are able ternal users in the
to complete the lab(s) and all other sections of the settings of the de-
exam in the time provided.Please note that once you fault remote do-
submit your work by clicking the Next button within a main.1. Go to the
lab, you will NOT be able to return to the lab.You may Exchange Admin
now click next to proceed to the lab.Lab information Center.2. Click
-Use the following login credentials as needed:To Mail Flow in
enter your username, place your cursor in the Sign the left naviga-
in box and click on the username below.To enter your tion pane.3. Click
password, place your cursor in the Enter password on Remote Do-
box and click on the password below.Microsoft 365 mains.4. Select
Username: admin@LODSe878763.onmicrosoft.com- the default re-
Microsoft 365 Password: m3t^We$Z7&xyIf the Mi- mote domain and
crosoft 365 portal does not load successfully in the click the Edit icon
browser, press CTRL-K to reload the portal in a new (pencil icon).5. In
browser tab.The following information is for technical the Ò€Õut of Of-
support purposes only: fice automatic re-
ply typesÒ€™sec-
tion, select Ò€˜-
NoneÒ€™.6. Click
Save to save to
changes to the de-
fault remote do-
main.
99. https://gya- B. No
zo.com/f718b02b5745dce69da1c080c10d71af
zo.com/74c87aaec20f496d1ff0ae2042e5cd6d
37 / 171
101. https://gya- A. Yes
zo.com/d5751d7d9be31cd20b0b377a77313e59

zo.com/3989dda1abe0729ae72f33a1b12a226e zo.com/f7770d110477
zo.com/a0bad0a941a9d0f6b1f4e8def25dc570
104. https://gyazo.com/027489c56b23e9b754ddfd169ef- https://gya-

fce07 zo.com/f0b30e41b399
105. https://gya- B. Modify the TXT

zo.com/32fb665c1a2891de3639188613e76d8d record.

zo.com/80d9862eea7bf0d996abdd8c3f867292 zo.com/ae8ce4e7a6ef

zo.com/794a45662a14249b9d7b1b57769770c8 zo.com/111aeb32a6c3
108. You have an on-premises Microsoft Exchange Server D. Update the MX

organization that contains 100 mailboxes.You have a record to point to
hybrid Microsoft 365 tenant.You run the Hybrid Con- Exchange Online.
figuration wizard and migrate the mailboxes to the
tenant.You need to ensure that Microsoft 365 spam
filtering is applied to incoming email.What should
you do?
A. Run the Hybrid Configuration wizard again.
B. Update the Sender Policy Framework (SPF) TXT
record to point to the on-premises Exchange IP ad-
dress.
C. Run the Azure Active Directory Connect wizard
again.
D. Update the MX record to point to Exchange Online.
109. You have an on-premises Microsoft Exchange Serv- A. Mail Recipients

er organization that contains 500 mailboxes and a D. Mailbox Import
third-party email archive solution.You have a Mi- Export
crosoft 365 tenant that contains a user named
38 / 171
User1.You plan to use the User1 account to perform
a PST import of the archive mailboxes to the ten-
ant.Which two roles does User1 require to perform
the import? The solution must use the principle of
least privilege. Each correct answer presents part of
the solution.NOTE: Each correct selection is worth
one point.
A. Mail Recipients
B. Exchange admin
C. Records Management
D. Mailbox Import Export
E. eDiscovery Manager

lution: You review the Windows release health in the
A. Yes
B. No

39 / 171
ant.Solution: You use the Service health option in the
A. Yes
B. No
112. You have a Microsoft 365 subscription.You plan to D. Run the

enable Microsoft Azure Information Protection.You Set-AadrmOn-
need to ensure that only the members of a group boardingCon-
named PilotUsers can protect content.What should trolPolicy cmdlet.
you do?
A. Run the Add-AadrmRoleBaseAdministrator
cmdlet.
B. Create an Azure Information Protection policy.
C. Configure the protection activation status for
Azure Information Protection.
D. Run the Set-AadrmOnboardingControlPolicy
cmdlet.
113. Your company has a Microsoft 365 subscription.You D. Security &

need to identify which users performed the following Compliance audit
privileged administration tasks: Deleted a folder from log search
the second-stage Recycle Bin if Microsoft SharePoint
Opened a mailbox of which the user was not the
ownerReset a user password -What should you use?
A. Microsoft Azure Active Directory (Azure AD) audit
logs
B. Microsoft Azure Active Directory (Azure AD)
sign-ins
C. Security & Compliance content search
D. Security & Compliance audit log search
114. You have a Microsoft 365 subscription. You have a B. the eDiscov-
user named User1.You need to ensure that User1 can ery Manager role
place a hold on all mailbox content.What permission from the Security
should you assign to User1? & Compliance ad-
A. the User management administrator role from the min center
40 / 171
Microsoft 365 admin center
B. the eDiscovery Manager role from the Security &
Compliance admin center
C. the Information Protection administrator role from
the Azure Active Directory admin center
D. the Compliance Management role from the Ex-
change admin center

zo.com/1e133c8923dea958b85281315de0034f zo.com/9ce349949639
116. https://gya- A. A. user1, User2,

zo.com/0b5c2c98782df985b9f5f33eaf64ea56 User3, User4, and
User5
117. You have a Microsoft 365 subscription that contains C. Compliance Ad-
a Microsoft Azure Active Directory (Azure AD) tenant ministrator
named contoso.com.In the tenant, you create a user
named User1.You need to ensure that User1 can pub-
lish retention labels from the Security & Compliance
admin center. The solution must use the principle of
least privilege.To which role group should you add
User1?
A. Security Administrator
B. Records Management
C. Compliance Administrator
D. eDiscovery Manager

zo.com/822c7959b68aa21cad7c41d6ca1b7943 zo.com/4cc27dde7ebd
119. Your company has a Microsoft 365 E5 subscrip- D. Create a new

tion.Users in the research department work with sen- safe links policy.
sitive data.You need to prevent the research depart-
ment users from accessing potentially unsafe web-
sites by using hyperlinks embedded in email mes-
sages and documents. Users in other departments
must not be restricted.What should you do from the
Security & Compliance admin center?
A. Create a data loss prevention (DLP) policy that has
41 / 171
a Content contains condition.
B. Create a data loss prevention (DLP) policy that has
a Content is shared condition.
C. Modify the default safe links policy.
D. Create a new safe links policy.
120. https://gyazo.com/7826ac- https://gya-

face508e05110d7e068c13407f zo.com/8ae908c78f0a
121. A user receives the following message when attempt- C. Microsoft Azure
ing to sign in to https://myapps.microsoft.com:"Your Active Directory
sign-in was blocked. We've detected something un- (Azure AD) condi-
usual about this sign-in. For example, you might be tional access poli-
signing in from a new location, device, or app. Before cies
you can continue, we need to verify your identity.
Please contact your admin."Which configuration pre-
vents the users from signing in?
A. Security & Compliance supervision policies
B. Security & Compliance data loss prevention (DLP)
policies
C. Microsoft Azure Active Directory (Azure AD) con-
ditional access policies
D. Microsoft Azure Active Directory (Azure AD) Iden-
tity Protection policies

zo.com/f61380d702760612fd1818408c22dfda zo.com/476800f338ce

zo.com/5815cce01108811121038358ef94537b zo.com/856fdaeebb56

42 / 171
main.You deploy a Microsoft Azure Active Directory
(Azure AD) tenant.Another administrator configures
the domain to synchronize to Azure AD.You discover
that 10 user accounts in an organizational unit (OU)
are NOT synchronized to Azure AD. All the other
user accounts synchronized successfully.You review
Azure AD Connect Health and discover that all the
user account synchronizations completed success-
fully.You need to ensure that the 10 user accounts are
synchronized to Azure AD.Solution: From the Syn-
chronization Rules Editor, you create a new outbound
synchronization rule.Does this meet the goal?
A. Yes
B. No

synchronized to Azure AD.Solution: You run idfix.exe
and export the 10 user accounts.Does this meet the
goal?
A. Yes
B. No
43 / 171
synchronized to Azure AD.Solution: From Azure AD
Connect, you modify the Azure AD credentials.Does
this meet the goal?
A. Yes
B. No

zo.com/921879564a3062392d67b9971f315fe0 zo.com/4a74ec49b5ac

zo.com/09cc9b0a248fdb5bc9a55d669521c517 zo.com/8efe3c49badc7
129. https://gya- A. Delete User2

zo.com/e8926848ff23d78b32be2e5982e0524a and User4 only.
B. Reset the pass-
word of User2 and
User4 only.

44 / 171
synchronized to Azure AD.Solution: From Azure AD
Connect, you modify the filtering settings.Does this
meet the goal?
A. Yes
B. No

screen.Your company has 3,000 users. All the users
are assigned Microsoft 365 E3 licenses.Some users
are assigned licenses for all Microsoft 365 services.
Other users are assigned licenses for only certain Mi-
crosoft 365 services.You need to determine whether
a user named User1 is licensed for Exchange Online
only.Solution: You run the Get-MsolUser cmdlet.Does
this meet the goal?
A. Yes
B. No
45 / 171
a user named User1 is licensed for Exchange On-
line only.Solution: You run the Get-MsolAccountSku
cmdlet.Does this meet the goal?
A. Yes
B. No

a user named User1 is licensed for Exchange Online
only.Solution: You launch the Azure portal, and then
review the Licenses blade.Does this meet the goal?
A. Yes
B. No
134.
46 / 171
https://gya- https://gya-
zo.com/1d24b03887d03061a4625b42fb17f248 zo.com/16ca947b4182

zo.com/8e76437ec44806431e95563535589328 zo.com/2bb50122c31e
136. https://gya- D. Service admin-

zo.com/ded9bf225a3186491c9178f46051aa18 istrator
137. You have a Microsoft 365 subscription that contains A. Security reader
a Microsoft Azure Active Directory (Azure AD) ten-
ant named contoso.com. The tenant includes a user
namedUser1.You enable Azure AD Identity Protec-
tion.You need to ensure that User1 can review the
list in Azure AD Identity Protection of users flagged
for risk. The solution must use the principle of least
privilege.To which role should you add User1?
A. Security reader
B. User administrator
C. Owner
D. Global administrator

zo.com/be27790fe282ce9293a4d30805113434 zo.com/52171f3723ec
139. Your network contains three Active Directory B. one Azure

forests.You create a Microsoft Azure Active Directory AD Connect sync
(Azure AD) tenant.You plan to sync the on-premises server and one
Active Directory to Azure AD.You need to recommend Azure AD Con-
a synchronization solution. The solution must ensure nect sync server in
that the synchronization can complete successfully staging mode
and as quickly as possible if a single server fails.What
should you include in the recommendation?
A. three Azure AD Connect sync servers and three
Azure AD Connect sync servers in staging mode
B. one Azure AD Connect sync server and one Azure
AD Connect sync server in staging mode
C. three Azure AD Connect sync servers and one
Azure AD Connect sync server in staging mode
47 / 171
D. six Azure AD Connect sync servers and three
Azure AD Connect sync servers in staging mode
140. Your network contains an Active Directory domain C. From Win-

named adatum.com that is synced to Microsoft Azure dows PowerShell
Active Directory (Azure AD).The domain contains 100 on a domain
user accounts.The city attribute for all the users is set controller, run
to the city where the user resides.You need to modify the Get-ADUser
the value of the city attribute to the three-letter airport and Set-ADUser
code of each city.What should you do? cmdlets.
A. From Azure Cloud Shell, run the Get-AzureADUser
and Set-AzureADUser cmdlets.
B. From Azure Cloud Shell, run the Get-ADUser and
Set-ADUser cmdlets.
C. From Windows PowerShell on a domain controller,
run the Get-ADUser and Set-ADUser cmdlets.
D. From Azure Cloud Shell, run the Get-MsolUser and
Set-MSOluser cmdlets.

screen.Your network contains an on-premises Active
Directory forest named contoso.com. The forest con-
tains the following domains: Contoso.com East.con-
toso.comAn Azure AD Connect server is deployed to
contoso.com. Azure AD Connect syncs to an Azure
Active Directory (Azure AD) tenant.You deploy a new
domain named west.contoso.com to the forest.You
need to ensure that west.contoso.com syncs to the
Azure AD tenant.Solution: From the Azure AD Con-
nect server in contoso.com, you return the setup wiz-
ard and include the west.contoso.com domain.Does
this meet the goal?
48 / 171
A. Yes
B. No
142. Your network contains an on-premises Active Direc- A. an Office

tory domain named contoso.com. The domain con- 365 group that
tains a Microsoft Exchange Server 2019 organiza- uses the Assigned
tion.You plan to sync the domain to Azure Active membership type
Directory (Azure AD) and to enable device write- C. an Office 365
back and group writeback.You need to identify which group that uses
group types will sync from Azure AD.Which two the Dynamic User
group types should you identify? Each correct an- membership type
swer presents part of the solution.NOTE: Each cor-
rect selection is worth one point.
A. an Office 365 group that uses the Assigned mem-
bership type
B. a security group that uses the Dynamic Device
membership type
C. an Office 365 group that uses the Dynamic User
membership type
D. a security group that uses the Assigned member-
ship type
E. a security group that uses the Dynamic User mem-
bership type
143. https://gya- B. Message Cen-

zo.com/6d0dbbb50f67d68b718ffb63595e2b84 ter reader
144. https://gya- C. Global adminis-

zo.com/ea39edd244c26300b8da377dedb71614 trator

zo.com/e4554b05b632c73b2eb31a6303e66bae zo.com/e56d340c0e1c
146. Your network contains an Active Directory forest B. From Active Di-
named contoso.local.You have a Microsoft 365 sub- rectory Domains
scription.You plan to implement a directory synchro- and Trusts, add
nization solution that will use password hash syn- contoso.com as a
chronization.From the Microsoft 365 admin center, UPN suffix.
you verify the contoso.com domain name.You need
to prepare the environment for the planned directory
49 / 171
synchronization solution.What should you do first?
A. From the public DNS zone of contoso.com, add a
new mail exchanger (MX) record.
B. From Active Directory Domains and Trusts, add
contoso.com as a UPN suffix.
C. From the Microsoft 365 admin center, verify the
contoso.local domain name.
D. From Active Directory Users and Computers, mod-
ify the UPN suffix for all users.

zo.com/7cc3f7eee1a87561166f70b98c08fe0e zo.com/08915367ea04
148. Your network contains an Active Directory do- E. From the fire-
main and a Microsoft Azure Active Directory (Azure wall, modify the
AD) tenant.The network uses a firewall that con- list of allowed out-
tains a list of allowed outbound domains.You be- bound domains.
gin to implement directory synchronization.You dis-
cover that the firewall configuration contains only
the following domain names in the list of allowed
domains: *.microsoft.com*.office.comDirectory syn-
chronization fails.You need to ensure that directory
synchronization completes successfully.What is the
best approach to achieve the goal? More than one
answer choice may achieve the goal. Select the BEST
answer.
A. From the firewall, allow the IP address range of the
Azure data center for outbound communication.
B. From Azure AD Connect, modify the Customize
synchronization options task.
C. Deploy an Azure AD Connect sync server in stag-
ing mode.
D. From the firewall, create a list of allowed inbound
domains.
E. From the firewall, modify the list of allowed out-
bound domains.
149. Your network contains an on-premises Active Direc- B. federation with

tory forest.You are evaluating the implementation of Active Directory
50 / 171
Microsoft 365 and the deployment of an authentica- Federation Ser-
tion strategy.You need to recommend an authentica- vices (AD FS)
tion strategy that meets the following requirements:
Allows users to sign in by using smart card-based
certificates Allows users to connect to on-premises
and Microsoft 365 services by using SSOWhich au-
thentication strategy should you recommend?
A. password hash synchronization and seamless
SSO
B. federation with Active Directory Federation Ser-
vices (AD FS)
C. pass-through authentication and seamless SSO

zo.com/04ebd8eefe1f2c8af7767744e4f229aa zo.com/15f083b62a55

zo.com/36a62ed4709f6eaa02eb029e3ff842c4 zo.com/9f2ab0472ffb9

zo.com/5010e891a9978938e96d90967f60fb84 zo.com/813b8636c1c2

zo.com/e5670ecd50748e736ac8e64ca15872e3 zo.com/d27079bf30f4c
154. https://gya- A. 1
zo.com/f51cf9b52d1647d42a9b2e8be6d9de6d

zo.com/ec17a2fce0f182cb6e63fe95d8ef7c63 zo.com/4b778cae6bd6

zo.com/5233af4f5ccb2652b65cfad263d892f6 zo.com/c827779754a3
157. Your network contains an Active Directory domain A. From Active

named adatum.com that is synced to Microsoft Azure Directory Adminis-
Active Directory (Azure AD).The domain contains 100 trative Center, se-
user accounts.The city attribute for all the users is set lect the Active
to the city where the user resides.You need to modify Directory users,
the value of the city attribute to the three-letter airport and then modify
51 / 171
code of each city.What should you do? the Properties set-
A. From Active Directory Administrative Center, se- tings.
lect the Active Directory users, and then modify the
Properties settings.
B. From the Microsoft 365 admin center, select the
users, and then use the Bulk actions option.
C. From Azure Cloud Shell, run the Get-MsolUser and
Set-MSOluser cmdlets.
D. From Windows PowerShell on a domain controller,
run the Get-AzureADUser and Set-AzureADUser
cmdlets.
158. Your company has 10,000 users who access all ap- D. Run idfix.exe,
plications from an on-premises data center.You plan and then click Edit.
to create a Microsoft 365 subscription and to migrate
data to the cloud.You plan to implement directory
synchronization.User accounts and group accounts
must sync to Microsoft Azure Active Directory (Azure
AD) successfully.You discover that several user ac-
counts fail to sync to Azure AD.You need to resolve
the issue as quickly as possible.What should you do?
A. From Active Directory Administrative Center,
search for all the users, and then modify the proper-
ties of the user accounts.
B. Run idfix.exe, and then click Complete.
C. From Windows PowerShell, run the Start-AdSync-
Cycle Ò€" PolicyType Delta command.
D. Run idfix.exe, and then click Edit.
159. Your network contains an Active Directory forest. The D. From Windows
forest contains two domains named contoso.com PowerShell, run
and adatum.com.Your company recently purchased the
a Microsoft 365 subscription.You deploy a federated Update-MSOLFed-
identity solution to the environment.You use the fol- eratedDomain
lowing command to configure contoso.com for fed- Ò€"
DomainName
eration.Convert-MsolDomaintoFederated `"Domain- contoso.com
Name contoso.comIn the Microsoft 365 tenant, an ad- Ò€"
SupportMultiple-
ministrator adds and verifies the adatum.com domain Domain
name.You need to configure the adatum.com Active command.
52 / 171
Directory domain for federated authentication.Which E. From the fed-
two actions should you perform before you run the eration server, re-
Azure AD Connect wizard? Each correct answer pre- move the Mi-
sents part of the solution.NOTE: Each correct selec- crosoft Office 365
tion is worth one point. relying party trust.
A. From Windows PowerShell, run the Convert-Msol-
DomaintoFederated Ò€" DomainName contoso.com Ò€"-
SupportMultipleDomain command.
B. From Windows PowerShell, run the New-MsolFed-
eratedDomain Ò€" SupportMultipleDomain -Domain-
Name contoso.com command.
C. From Windows PowerShell, run the New-MsolFed-
eratedDomain -DomainName adatum.com command.
D. From Windows PowerShell, run the Up-
date-MSOLFederatedDomain Ò€" DomainName con-
toso.com Ò€" SupportMultipleDomain command.
E. From the federation server, remove the Microsoft
Office 365 relying party trust.
160. You have a Microsoft 365 subscription that contains D. Security admin-
a Microsoft Azure Active Directory (Azure AD) ten- istrator
ant named contoso.com. The tenant includes a user
namedUser1.You enable Azure AD Identity Protec-
tion.You need to ensure that User1 can review the
list in Azure AD Identity Protection of users flagged
for risk. The solution must use the principle of least
privilege.To which role should you add User1?
A. Compliance administrator
B. Global administrator
C. Owner
D. Security administrator
will not be deducted from your overall test time.When assign Christie
the Next button is available, click it to access the the Ò€˜
Service
lab section. In this section, you will perform a set of Support
tasks in a live environment. While most functionality AdminÒ€™role.1.
53 / 171
will be available to you as it would be in a live en- In the Microsoft
vironment, some functionality (e.g., copy and paste, 365 Admin
ability to navigate to external websites) will not be Center, click
possible by design.Scoring is based on the outcome Ò€˜ RolesÒ€™.2.
of performing the tasks stated in the lab. In other Scroll down to the
words, it doesn't matter how you accomplish the task, Service Support
if you successfully perform it, you will earn credit Admin role and
for that task.Labs are not timed separately, and this click on the role
exam may have more than one lab that you must name.3. Click the
complete. You can use as much time as you would Ò€˜ Assigned
like to complete each lab. But, you should manage AdminsÒ€™link.4.
your time appropriately to ensure that you are able Click the
to complete the lab(s) and all other sections of the Ò€˜ AddÒ€™
exam in the time provided.Please note that once button.5. Start
you submit your work by clicking the Next button typing the name
within a lab, you will NOT be able to return to the Christie then
lab.You may now click next to proceed to the lab.Lab select her
information -Use the following login credentials as account when it
needed:To enter your username, place your cursor in appears.6. Click
the Sign in box and click on the username below.To Save.Refer-
enter your password, place your cursor in the Enter ences:https://docs.mic
password box and click on the password below.Mi-
crosoft 365 Username:admin@LODSe426243.onmi-
crosoft.comMicrosoft 365 Password: 3&YWyjse-6-dIf
the Microsoft 365 portal does not load successfully
in the browser, press CTRL-K to reload the portal
in a new browser tab.The following information is
for technical support purposes only:Lab Instance:
10887751 -You need to modify Christie Cline to meet
the following requirements: Christie Cline must be
able to view the service dashboard and the Microsoft
Office 365 Message center. Christie Cline must be
able to create Microsoft support requests.The solu-
tion must use the principle of least privilege.
will not be deducted from your overall test time.When create a Dynamic
54 / 171
the Next button is available, click it to access the group. User
lab section. In this section, you will perform a set of accounts with the
tasks in a live environment. While most functionality city attribute set to
will be available to you as it would be in a live en- Ò€˜
SeattleÒ€™will
vironment, some functionality (e.g., copy and paste, automatically be
ability to navigate to external websites) will not be added to the
possible by design.Scoring is based on the outcome group.1. Go to the
of performing the tasks stated in the lab. In other Azure Active
words, it doesn't matter how you accomplish the task, Directory admin
if you successfully perform it, you will earn credit center.2. Select
for that task.Labs are not timed separately, and this Azure Active
exam may have more than one lab that you must Directory then
complete. You can use as much time as you would select Groups.3.
like to complete each lab. But, you should manage Click on the New
your time appropriately to ensure that you are able Group link.4. Give
to complete the lab(s) and all other sections of the the group a name
exam in the time provided.Please note that once such as Seattle
you submit your work by clicking the Next button Users.5. Select
within a lab, you will NOT be able to return to the Users as the
lab.You may now click next to proceed to the lab.Lab membership
information -Use the following login credentials as type.6. Select
needed:To enter your username, place your cursor in Ò€˜ Add dynamic
the Sign in box and click on the username below.To queryÒ€™.7.
enter your password, place your cursor in the Enter Select Ò€˜ CityÒ€™
password box and click on the password below.Mi- in the Property
crosoft 365 Username:admin@LODSe426243.onmi- drop-down box.8.
crosoft.comMicrosoft 365 Password: 3&YWyjse-6-dIf Select
the Microsoft 365 portal does not load successfully Ò€˜ EqualsÒ€™in
in the browser, press CTRL-K to reload the portal the Operator
in a new browser tab.The following information is drop-down box.9.
for technical support purposes only:Lab Instance: Enter Seattle as
10887751 -Your organization has an office in Seat- the Value. You
tle.You plan to create 100 users who will work in the should see the
Seattle office. The city attribute for all the users will following text in
be Seattle.You need to create a group named Group1 the Expression
that will automatically contain all the Seattle office box: user.city -eq
users. "Seattle"10. Click
Save to create the
55 / 171
group.Refer-
ences:https://docs.mic
will not be deducted from your overall test time.When create a user ac-
the Next button is available, click it to access the count and assign
lab section. In this section, you will perform a set of a license to the
tasks in a live environment. While most functionality account. You then-
will be available to you as it would be in a live en- To create the user
vironment, some functionality (e.g., copy and paste, account and mail-
ability to navigate to external websites) will not be box:1. In the Mi-
possible by design.Scoring is based on the outcome crosoft 365 ad-
of performing the tasks stated in the lab. In other min center, go
words, it doesn't matter how you accomplish the task, to User manage-
if you successfully perform it, you will earn credit ment, and select
for that task.Labs are not timed separately, and this Add user.2. En-
exam may have more than one lab that you must ter the name Ben
complete. You can use as much time as you would Smith in the First
like to complete each lab. But, you should manage Name and Last
your time appropriately to ensure that you are able Name fields.3. En-
to complete the lab(s) and all other sections of the ter Ben.Smith in
exam in the time provided.Please note that once the username field
you submit your work by clicking the Next button and click Next.4.
within a lab, you will NOT be able to return to the Assign a Microsoft
lab.You may now click next to proceed to the lab.Lab 365 license to the
information -Use the following login credentials as account.5. Click
needed:To enter your username, place your cursor in Next.6. Click Next
the Sign in box and click on the username below.To again.7. Click Ò€˜-
enter your password, place your cursor in the Enter Finish addingÒ€™.
10887751 -A user named Johanna Lorenz recently
56 / 171
left the company. A new employee named Ben Smith
will handle the tasks of Johanna Lorenz.You need to
create a user named Ben Smith. Ben Smith must be
able to sign in to http://myapps.microsoft.com and
open Microsoft Word Online.
tion. This may take a few minutes, and the wait time below.You need
will not be deducted from your overall test time.When to sign-in status
the Next button is available, click it to access the for the account
lab section. In this section, you will perform a set of to Ò€˜BlockedÒ€™.
tasks in a live environment. While most functionality Blocking doesn't
will be available to you as it would be in a live en- stop the ac-
vironment, some functionality (e.g., copy and paste, count from re-
ability to navigate to external websites) will not be ceiving email and
possible by design.Scoring is based on the outcome it doesn't delete
of performing the tasks stated in the lab. In other any data.1. On
words, it doesn't matter how you accomplish the task, the home page
if you successfully perform it, you will earn credit of the Microsoft
for that task.Labs are not timed separately, and this 365 admin cen-
exam may have more than one lab that you must ter, type the user-
complete. You can use as much time as you would Ò€™ s name into
like to complete each lab. But, you should manage the Search box.2.
your time appropriately to ensure that you are able Select the Nestor
to complete the lab(s) and all other sections of the Wilke account in
exam in the time provided.Please note that once the search re-
you submit your work by clicking the Next button sults.3. In the
within a lab, you will NOT be able to return to the Ò€˜
Sign-in status-
lab.You may now click next to proceed to the lab.Lab Ò€™section of
information -Use the following login credentials as the account prop-
needed:To enter your username, place your cursor in erties, click the
the Sign in box and click on the username below.To Edit link.4. Select
enter your password, place your cursor in the Enter Ò€˜ Block the user
password box and click on the password below.Mi- from signing inÒ€™
crosoft 365 Username:admin@LODSe426243.onmi- and click the Save
crosoft.comMicrosoft 365 Password: 3&YWyjse-6-dIf button.
57 / 171
10887751 -You hire a new Microsoft 365 administrator
named Nestor Wilke. Nestor Wilke will begin working
for your organization in several days.You need to
ensure that Nestor Wilke is prevented from using his
account until he begins working.
will not be deducted from your overall test time.When create the group
the Next button is available, click it to access the and assign a
lab section. In this section, you will perform a set of license to the
tasks in a live environment. While most functionality group. Anyone
will be available to you as it would be in a live en- who is added to
vironment, some functionality (e.g., copy and paste, the group will
ability to navigate to external websites) will not be automatically be
possible by design.Scoring is based on the outcome assigned the
of performing the tasks stated in the lab. In other license that is
words, it doesn't matter how you accomplish the task, assigned to the
if you successfully perform it, you will earn credit group.1. Go to the
for that task.Labs are not timed separately, and this Azure Active
exam may have more than one lab that you must Directory admin
complete. You can use as much time as you would center.2. Select
like to complete each lab. But, you should manage the Azure Active
your time appropriately to ensure that you are able Directory link then
to complete the lab(s) and all other sections of the select Groups.3.
exam in the time provided.Please note that once Click the New
you submit your work by clicking the Next button Group link.4.
within a lab, you will NOT be able to return to the Select
lab.You may now click next to proceed to the lab.Lab Ò€˜ SecurityÒ€™as
information -Use the following login credentials as the group type
needed:To enter your username, place your cursor in and enter
the Sign in box and click on the username below.To Ò€G̃roup2Ò€™for
enter your password, place your cursor in the Enter the group name.5.
password box and click on the password below.Mi- Click the Create
crosoft 365 Username:admin@LODSe426243.onmi- button to create
crosoft.comMicrosoft 365 Password: 3&YWyjse-6-dIf the group.6. Back
58 / 171
the Microsoft 365 portal does not load successfully in the Groups list,
in the browser, press CTRL-K to reload the portal select Group2 to
in a new browser tab.The following information is open the
for technical support purposes only:Lab Instance: properties page
10887751 -You need to create a group named Group2. for the group.7.
Users who are added to Group2 must be licensed Select
automatically for Microsoft Offline 365. Ò€˜LicensesÒ€™.8.
Select the Ò€˜+
AssignmentsÒ€™
link.9. Tick the box
to select the
license.10. Click
the Save button to
save the
changes.Refer-
will not be deducted from your overall test time.When assign the
the Next button is available, click it to access the Ò€˜
Billing
lab section. In this section, you will perform a set of AdministratorÒ€™
tasks in a live environment. While most functionality role to Grady
will be available to you as it would be in a live en- Archie.1. Go to
vironment, some functionality (e.g., copy and paste, the Azure Active
ability to navigate to external websites) will not be Directory admin
possible by design.Scoring is based on the outcome center.2. Select
of performing the tasks stated in the lab. In other Users.3. Select
words, it doesn't matter how you accomplish the task, the Grady Archie
if you successfully perform it, you will earn credit account to open
for that task.Labs are not timed separately, and this the account
exam may have more than one lab that you must properties
complete. You can use as much time as you would page.4. Select
like to complete each lab. But, you should manage Ò€˜ Assigned
your time appropriately to ensure that you are able rolesÒ€™.5. Click
to complete the lab(s) and all other sections of the the Ò€˜ Add
exam in the time provided.Please note that once AssignmentsÒ€™
you submit your work by clicking the Next button button.6. Select
59 / 171
within a lab, you will NOT be able to return to the Billing
lab.You may now click next to proceed to the lab.Lab Administrator
information -Use the following login credentials as then click the Add
needed:To enter your username, place your cursor in button.Refer-
the Sign in box and click on the username below.To ence:https://docs.micro
enter your password, place your cursor in the Enter
10887751 -You have a user named Grady Archie.
The solution must meet the following requirements:
Grady Archie must be able to add payment methods
to your Microsoft Office 365 tenant. The solution must
minimize the number of licenses assigned to users.
The solution must use the principle of least privilege.
will not be deducted from your overall test time.When create a dynamic
the Next button is available, click it to access the group based on
lab section. In this section, you will perform a set of the city attribute.
tasks in a live environment. While most functionality You then need to
will be available to you as it would be in a live en- assign a license
vironment, some functionality (e.g., copy and paste, to the group. User
ability to navigate to external websites) will not be accounts with the
possible by design.Scoring is based on the outcome city attribute set to
of performing the tasks stated in the lab. In other Ò€˜
NewYork will
words, it doesn't matter how you accomplish the task, automatically be
if you successfully perform it, you will earn credit added to the
for that task.Labs are not timed separately, and this group. Anyone
exam may have more than one lab that you must who is added to
complete. You can use as much time as you would the group will
like to complete each lab. But, you should manage automatically be
your time appropriately to ensure that you are able assigned the
60 / 171
to complete the lab(s) and all other sections of the license that is
exam in the time provided.Please note that once assigned to the
you submit your work by clicking the Next button group.1. Go to the
within a lab, you will NOT be able to return to the Azure Active
lab.You may now click next to proceed to the lab.Lab Directory admin
information -Use the following login credentials as center.2. Select
needed:To enter your username, place your cursor in Azure Active
the Sign in box and click on the username below.To Directory then
enter your password, place your cursor in the Enter select Groups.3.
password box and click on the password below.Mi- Click on the New
crosoft 365 Username:admin@M365x981607.onmi- Group link.4. Give
crosoft.comMicrosoft 365 Password: *yfLo7Ir2&y-If the group a name
the Microsoft 365 portal does not load successfully such as New York
in the browser, press CTRL-K to reload the portal Users.5. Select
in a new browser tab.The following information is Users as the
for technical support purposes only:Lab Instance: membership
10811525 -Your organization plans to open an office type.6. Select
in New York, and then to add 100 users to the of- Ò€Ãdd dynamic
fice. The city attribute for all new users will be New queryÒ€™.7.
York.You need to ensure that all the new users in the Select Ò€˜ CityÒ€™
New York office are licensed for Microsoft Office 365 in the Property
automatically. drop-down box.8.
Select
Ò€˜EqualsÒ€™in
the Operator
drop-down box.9.
Enter Ò€˜ New
YorkÒ€™as the
Value. You should
see the following
text in the
Expression box:
user.city -eq "New
York"10. Click
Save to create the
group.11. In the
Groups list, select
the new group to
open the
61 / 171
properties page
for the group.12.
Select
Ò€˜Licenses-
Ò€™.13. Select the
Ò€˜+
AssignmentsÒ€™
link.14. Tick the
box to select the
license.15. Click
the Save button to
save the
changes.Refer-
will not be deducted from your overall test time.When assign the
the Next button is available, click it to access the Ò€˜
Password
lab section. In this section, you will perform a set of AdministratorÒ€™
tasks in a live environment. While most functionality role to Alex
will be available to you as it would be in a live en- Wilber. A user
vironment, some functionality (e.g., copy and paste, assigned the
ability to navigate to external websites) will not be Password
possible by design.Scoring is based on the outcome Administrator role
of performing the tasks stated in the lab. In other can reset
words, it doesn't matter how you accomplish the task, passwords for
if you successfully perform it, you will earn credit non-administra-
for that task.Labs are not timed separately, and this tors and
exam may have more than one lab that you must Password
complete. You can use as much time as you would administrators.1.
like to complete each lab. But, you should manage Go to the Azure
your time appropriately to ensure that you are able Active Directory
to complete the lab(s) and all other sections of the admin center.2.
exam in the time provided.Please note that once Select Users.3.
you submit your work by clicking the Next button Select the Alex
within a lab, you will NOT be able to return to the Wilber account to
lab.You may now click next to proceed to the lab.Lab open the account
62 / 171
information -Use the following login credentials as properties
needed:To enter your username, place your cursor in page.4. Select
the Sign in box and click on the username below.To Ò€˜
Assigned
enter your password, place your cursor in the Enter rolesÒ€™.5. Click
password box and click on the password below.Mi- the Ò€˜
Add
crosoft 365 Username:admin@M365x981607.onmi- AssignmentsÒ€™
crosoft.comMicrosoft 365 Password: *yfLo7Ir2&y-If button.6. Select
the Microsoft 365 portal does not load successfully Password
in the browser, press CTRL-K to reload the portal Administrator
in a new browser tab.The following information is then click the Add
for technical support purposes only:Lab Instance: button.Refer-
10811525 -Alex Wilber must be able to reset the pass- ences:https://docs.mic
word of each user in your organization. The solution
must prevent Alex Wilber from modifying the pass-
word of global administrators.
tion. This may take a few minutes, and the wait time below.Debra will
will not be deducted from your overall test time.When need the Mail-
the Next button is available, click it to access the box Import Ex-
lab section. In this section, you will perform a set of port and Mail Re-
tasks in a live environment. While most functionality cipients roles to
will be available to you as it would be in a live en- be able to import
vironment, some functionality (e.g., copy and paste, PST files. These
ability to navigate to external websites) will not be roles cannot be
possible by design.Scoring is based on the outcome assigned directly
of performing the tasks stated in the lab. In other to a user account.
words, it doesn't matter how you accomplish the task, The way to as-
if you successfully perform it, you will earn credit sign just those two
for that task.Labs are not timed separately, and this roles to a user is to
exam may have more than one lab that you must create a new role
complete. You can use as much time as you would group, assign the
like to complete each lab. But, you should manage roles to the role
your time appropriately to ensure that you are able group and add the
to complete the lab(s) and all other sections of the user as a mem-
exam in the time provided.Please note that once ber.1. Go to the
you submit your work by clicking the Next button Exchange admin
within a lab, you will NOT be able to return to the center.2. Select
63 / 171
lab.You may now click next to proceed to the lab.Lab Permissions.3. In
information -Use the following login credentials as the Admin roles
needed:To enter your username, place your cursor in section, click the
the Sign in box and click on the username below.To plus (+) sign to
enter your password, place your cursor in the Enter create a new
password box and click on the password below.Mi- role.4. Give the
crosoft 365 Username:admin@M365x981607.onmi- role group a name
crosoft.comMicrosoft 365 Password: *yfLo7Ir2&y-If such as PST Im-
the Microsoft 365 portal does not load success- port.5. In the roles
fully in the browser, press CTRL-K to reload the section, click the
portal in a new browser tab.The following informa- plus (+) sign.6.
tion is for technical support purposes only:Lab In- Select the Mail-
stance: 10811525 -You plan to migrate data from an box Import Ex-
on-premises email system to your Microsoft 365 ten- port and Mail Re-
ant.You need to ensure that Debra Berger can import cipients roles and
a PST file. click Add to add
the roles.7. In the
Members section,
click the plus (+)
sign.8. Select De-
bra Berger then
click Add then Ok
to add Debra as
a member of the
new role group.9.
Click the Save but-
ton to save the
new role group.

zo.com/96705cefd8209c4587ef07a77fd46065 zo.com/3f4efe191eff9f

zo.com/1d2fe116b09a2f8cb49c6a199b008e5a zo.com/e78b8f6ce2dd

64 / 171
review screen.Your network contains an on-premis-
es Active Directory forest named contoso.com. The
forest contains the following domains: Contoso.com
East.contoso.comAn Azure AD Connect server is de-
ployed to contoso.com. Azure AD Connect syncs
to an Azure Active Directory (Azure AD) tenant.You
deploy a new domain named west.contoso.com to
the forest.You need to ensure that west.contoso.com
syncs to the Azure AD tenant.Solution: You create
an Azure DNS zone for west.contoso.com. On the
on-premises DNS servers, you create a conditional
forwarder for west.contoso.com.Does this meet the
goal?
A. Yes
B. No

zo.com/4d1cd2a7e41a6ea02deb4f0ace11114a zo.com/6e5cb2c49937
174. You have a Microsoft 365 subscription that contains A. From the Azure
an Azure Active Directory (Azure AD) tenant named Active Directory
contoso.com.Corporate policy states that user pass- admin center, con-
words must not include the word Contoso.What figure the Pass-
should you do to implement the corporate policy? word protection
A. From the Azure Active Directory admin center, settings.
configure the Password protection settings.
B. From the Microsoft 365 admin center, configure the
Password policy settings.
C. From Azure AD Identity Protection, configure a
sign-in risk policy.
D. From the Azure Active Directory admin center, cre-
ate a conditional access policy.
175. https://gyazo.com/81f0e7e4fc0688c645faf- https://gya-

ba8da49b3e0 zo.com/f5bbbd3f569a8
65 / 171
176. https://gya- Correct Answer:
zo.com/b99b881425d6bb1865e0dd6d1ea23356 See explanation
below.You need
to configure the
Password Expira-
tion Policy.1. Sign
in to the Microsoft
365 Admin Cen-
ter.2. In the left
navigation pane,
expand the Set-
tings section then
select the Settings
option.3. Click on
Security and Pri-
vacy.4. Select the
Password Expira-
tion Policy.5. En-
sure that the
checkbox labelled
Ò€Set user pass-
words to expire af-
ter a number of
daysÒ€is ticked.6.
Enter 180 in
the Ò€Days before
passwords expire-
Ò€field.7. Click the
Ò€˜Save changes-
Ò€™button.

zo.com/a087dbe2bd71f03f54edf4af07a2948e zo.com/b2d7f2ec959f0

zo.com/2aa86c9dd93e5183a691323258e85144 See explanation
below.You need to
create a group
named Managers
66 / 171
and add Adele
Vance to the
group. To ensure
that you can grant
permissions to the
Managers group,
the group needs
to be a Security
Group.1. Sign in to
the Microsoft 365
Admin Center.2. In
the left naviga-
tion pane, expand
the Groups sec-
tion then select
Groups.3. Click
the Ò€˜ Add a group-
Ò€™link.4. For the
group type, se-
lect Security and
click Next.5. En-
ter Ò€M̃anagers-
Ò€™in the Name
field and click
Next.6. Click the
Ò€˜Create Group-
Ò€™button to cre-
ate the Managers
group.7. In the
list of groups, se-
lect the Managers
group.8. Click the
Members link.9.
Click the Ò€˜ View
all and man-
age members link-
Ò€™.10. Click the
Ò€Ãdd Members-
Ò€™button.11. Se-
67 / 171
lect Adele Vance
and click the Save
button.12. Click
the Close button
to close the group
page.

zo.com/7e296452f0d937d0947dfcdf1aa9fdab zo.com/8e9e724ab6fc

zo.com/3c61fd569ca3def7e73c36a413d9480e See explanation
below.You need
to configure the
Password Expira-
tion Policy.1. Sign
in to the Mi-
crosoft 365 Ad-
min Center.2. In
the left navigation
pane, expand the
Settings section
then select the
Settings option.3.
Click on Securi-
ty and Privacy.4.
Select the Pass-
word Expiration
Policy.5. Ensure
that the check-
box labelled Ò€ Set
user passwords
to expire after a
number of daysÒ€
is ticked.6. Enter
60 in the Ò€ Days
before passwords
expireÒ€ field.7. En-
ter 10 in the
68 / 171
Ò€Days before a
user is notified
about expirationÒ€
field.8. Click the
Ò€˜Save changes-
Ò€™button.

Azure AD tenant.Solution: You install a new Azure
AD Connect server in west.contoso.com and set AD
Connect to active mode.Does this meet the goal?
A. Yes
B. No

69 / 171
Azure AD tenant.Solution: You install a new Azure
AD Connect server in west.contoso.com and set AD
Connect to staging mode.Does this meet the goal?
A. Yes
B. No
183. https://gya- C. only

zo.com/c49eda7ca4a66b5564ec23bdb64e25fe Contoso1919.on-
microsoft.com,
Sub1.Con-
toso1919.onmi-
crosoft.com, and
Sub2.Con-
toso1919.onmi-
crosoft.com
184. https://gya- A. User1

zo.com/f1fb90d8b1951c2cf976dba4d49fb83c
185. https://gya- A. Group1, User1,

zo.com/20c620ee66e1fb633e14828d99d34afa and User2

zo.com/d5fb90633e7f2efa5e0b2dbb1a09e94f zo.com/2600aa0c2594

zo.com/81e3083bce7d0469673662008ddba415 zo.com/9c66f0f0c6adf
188. Your network contains a single Active Directory do- A. Deploy two
main and two Microsoft Azure Active Directory (Azure servers that run
AD) tenants.You plan to implement directory syn- Azure AD Con-
chronization for both Azure AD tenants. Each tenant nect, and then fil-
will contain some of the Active Directory users.You ter the users for
need to recommend a solution for the planned direc- each tenant by us-
70 / 171
tory synchronization.What should you include in the ing organization-
recommendation? al unit (OU)-based
A. Deploy two servers that run Azure AD Connect, filtering.
and then filter the users for each tenant by using
organizational unit (OU)-based filtering.
B. Deploy one server that runs Azure AD Connect,
and then specify two sync groups.
C. Deploy one server that runs Azure AD Connect,
organizational unit (OU)-based filtering.
D. Deploy one server that runs Azure AD Connect,
domain-based filtering.

zo.com/d06136daf0bd083d5a7138f5bcf4fe93 zo.com/1338099ab3db

zo.com/7661cde9192ec7d28140f2eb27cff4b8 zo.com/c4bf84d6025e
191. You have a Microsoft 365 E5 subscription that is A. From the Azure
linked to an Azure Active Directory (Azure AD) tenant Active Directo-
named contoso.com.You purchase 100 Microsoft 365 ry admin center,
Business Voice add-on licenses.You need to ensure modify the set-
that the members of a group named Voice are as- tings of the Voice
signed a Microsoft 365 Business Voice add-on license group.
automatically.What should you do?
A. From the Azure Active Directory admin center,
modify the settings of the Voice group.
B. From the Microsoft 365 admin center, modify the
settings of the Voice group.
C. From the Licenses page of the Microsoft 365 admin
center, assign the licenses.
192. Your company has a Microsoft Azure Active Directory A. Security admin-
(Azure AD) tenant named contoso.onmicrosoft.com istrator
that contains a user named User1.You suspect that E. Reports reader
an imposter is signing in to Azure AD by using the F. Security reader
credentials of User1.You need to ensure that an ad-
ministrator named Admin1 can view all the sign in
71 / 171
details of User1 from the past 24 hours.To which three
roles should you add Admin1? Each correct answer
A. Security administrator
B. Password administrator
C. User administrator
D. Compliance administrator
E. Reports reader
F. Security reader
193. You have Microsoft 365 tenant that contains a Mi- A. Environment
crosoft Power Platform environment named Environ- maker
ment1 (default). Environment1 contains a Microsoft-
Dataverse database.In the tenant, you create a user
named User1. You assign a Microsoft Power Apps li-
cense to User1.Which security role for Environment1
is assigned automatically to User1?
A. Environment maker
B. System customizer
C. Delegate
D. Environment admin
194. https://gya- D. User4

zo.com/590d76ce2623e604be55bba64e95df41

zo.com/31257f990534913d1d49d42d240826ea zo.com/23dbe9344f72

zo.com/cf5bc27cc44e790177eb6910ab1055c8 zo.com/a3988424d2c1
197. https://gya- D. Admins and

zo.com/7e28181d81287690dab08380e656421e users in the guest
inviter role can in-
vite.
198. Your company recently purchased a Microsoft 365 C. From the Azure
subscription.You enable Microsoft Azure Multi-Factor Active Directory
Authentication (MFA) for all 500 users in the Azure admin center, use
72 / 171
Active Directory (Azure AD) tenant.You need to gen- the Usage & in-
erate a report that lists all the users who completed sights blade.
the Azure MFA registration process.What is the best
approach to achieve the goal? More than one answer
choice may achieve the goal. Select the BEST answer.
A. From Azure Cloud Shell, run the Get-AzureADUser
cmdlet.
B. From Azure Cloud Shell, run the Get-MsolUser
cmdlet.
C. From the Azure Active Directory admin center, use
the Usage & insights blade.
D. From the Azure Active Directory admin center, use
the Risky sign-ins blade.
199. You have a Microsoft 365 Enterprise subscription.You B. From the Azure
have a conditional access policy to force multi-fac- Active Directory
tor authentication when accessing Microsoft Share- admin center, view
Point from a mobile device.You need to view which the user sign-ins.
users authenticated by using multi-factor authentica-
tion.What should you do?
A. From the Microsoft 365 admin center, view the
Security & Compliance reports.
B. From the Azure Active Directory admin center, view
the user sign-ins.
C. From the Microsoft 365 admin center, view the
Usage reports.
D. From the Azure Active Directory admin center, view
the audit logs.
200. You have a Microsoft 365 Enterprise E5 subscrip- A. Create a sign-in

tion.You need to enforce multi-factor authentication risk policy.
on all cloud-based applications for the users in the
finance department.What should you do?
A. Create a sign-in risk policy.
B. Create a new app registration.
C. Assign an Enterprise Mobility + Security E5 license
to the finance department users.
D. Configure the sign-in status for the user accounts
of the finance department users.
73 / 171
201. Your network contains an on-premises Active Direc- B. From the Azure
tory domain named contoso.local. The domain con- portal, add a cus-
tains five domain controllers.Your company purchas- tom domain name.
es Microsoft 365 and creates a Microsoft Azure Ac- C. From Active Di-
tive Directory (Azure AD) tenant named contoso.on- rectory Domains
microsoft.com.You plan to install Azure AD connect and Trusts, add a
on a member server and implement pass-through UPN suffix.
authentication.You need to prepare the environment D. Modify the User
for the planned implementation of pass-through au- logon name for
thentication.Which three actions should you per- each user ac-
form? Each correct answer presents part of the solu- count.
tion.NOTE: Each correct selection is worth one point.
A. Modify the email address attribute for each user
account.
B. From the Azure portal, add a custom domain name.
C. From Active Directory Domains and Trusts, add a
UPN suffix.
D. Modify the User logon name for each user account.
E. From the Azure portal, configure an authentication
method.
F. From a domain controller, install an Authentication
Agent.

review screen.Your company plans to deploy sever-
al Microsoft Office 365 services.You need to design
an authentication strategy for the planned deploy-
ment. The solution must meet the following require-
ments: Users must be able to authenticate during
business hours only. Authentication requests must
be processed successfully if a single server fails.
When the password for an on-premises user account
74 / 171
expires, the new password must be enforced the next
time the user signs in. Users who connect to Office
365 services from domain-joined devices that are
connected to the internal network must be signed in
automatically.Solution: You design an authentication
strategy that contains a pass-through authentication
model. The solution contains two servers that have
an AuthenticationAgent installed and password hash
synchronization configured.Does this meet the goal?
A. Yes
B. No

strategy that contains a pass-through authentication
model. You install an Authentication Agent on three
servers and configure seamless SSO.Does this meet
the goal?
A. Yes
B. No
75 / 171
strategy that uses password hash synchronization
and seamless SSO. The solution contains two servers
that have anAuthentication Agent installed.Does this
meet the goal?
A. Yes
B. No

zo.com/daf80f0a02162c778da8b67abb9188e3 zo.com/53eec85fc505
206. You have a Microsoft 365 Enterprise E5 subscrip- C. Create a condi-

tion.You need to enforce multi-factor authentication tional access poli-
on all cloud-based applications for the users in the cy.
finance department.What should you do?
A. Create an activity policy.
B. Create a new app registration.
C. Create a conditional access policy.
D. Create a session policy.
76 / 171
207. You have a Microsoft 365 subscription.Your company A. From all the AD
deploys an Active Directory Federation Services (AD FS servers, run
FS) solution.You need to configure the environment auditpol.exe.
to audit AD FS user authentication.Which two actions E. On an AD
should you perform? Each correct answer presents FS server, install
part of the solution.NOTE: Each correct selection is Azure AD Connect
worth one point. Health for AD FS.
A. From all the AD FS servers, run auditpol.exe.
B. From all the domain controllers, run the Set-Ad-
minAuditLogConfig cmdlet and specify the Ò€"-
LogLevel parameter.
C. On a domain controller, install Azure AD Connect
Health for AD DS.
D. From the Azure AD Connect server, run the Regis-
ter-AzureADConnectHealthSyncAgent cmdlet.
E. On an AD FS server, install Azure AD Connect
Health for AD FS.

in this section, you will NOT be able to return to
it. As a result, these questions will not appear in
the review screen.Your network contains an Active
Directory forest.You deploy Microsoft 365.You plan
to implement directory synchronization.You need to
recommend a security solution for the synchronized
identities. The solution must meet the following re-
quirements: Users must be able to authenticate suc-
cessfully to Microsoft 365 services if Active Direc-
tory becomes unavailable. User passwords must be
10 characters or more.Solution: Implement password
hash synchronization and configure password pro-
tection in the Azure AD tenant.Does this meet the
goal?
77 / 171
A. Yes
B. No

screen.Your network contains an Active Directory for-
est.You deploy Microsoft 365.You plan to implement
directory synchronization.You need to recommend
a security solution for the synchronized identities.
Users must be able to authenticate successfully to
Microsoft 365 services if Active Directory becomes
unavailable. User passwords must be 10 characters
or more.Solution: Implement pass-through authenti-
cation and modify the password settings from the
Default Domain Policy in Active Directory.Does this
meet the goal?
A. Yes
B. No
210. You have a Microsoft 365 subscription that uses an C. From the Azure
Azure Active Directory (Azure AD) tenant named con- Active Directory
toso.com.A temporary employee at your company admin center, cre-
uses an email address of user1@outlook.com.You ate a new guest
need to ensure that the temporary employee can sign user.
in to contoso.com by using the user1@outlook.com
account.What should you do?
create a new user.
B. From the Microsoft 365 admin center, create a new
contact.
create a new guest user.
78 / 171
D. From the Microsoft 365 admin center, create a new
user.
211. Your company has an Azure Active Directory (Azure D. From the Azure
AD) tenant named contoso.com that contains 10,000 Active Directory
users.The company has a Microsoft 365 subscrip- admin center, con-
tion.You enable Azure Multi-Factor Authentication figure the diag-
(MFA) for all the users in contoso.com.You run the nostics settings to
following query.search "SigninLogs" | where Result- send logs to an
Description == "User did not pass the MFA chal- Azure Log Analyt-
lenge."The query returns blank results.You need ics workspace.
to ensure that the query returns the expected re-
sults.What should you do?
configure the diagnostics settings to archive logs to
an Azure Storage account.
B. From the Security & Compliance admin center, turn
on auditing.
enable Office 365 Analytics.
D. From the Azure Active Directory admin center,
configure the diagnostics settings to send logs to an
Azure Log Analytics workspace.
212. Your company has a Microsoft 365 subscription B. Enable the re-
that has multi-factor authentication configured for all member multi-fac-
users.Users that connect to Microsoft 365 services tor authentication
report that they are prompted for multi-factor authen- setting, and then
tication multiple times a day.You need to reduce the verify each device
number of times the users are prompted for multi-fac- as a trusted de-
tor authentication on their company-owned devices. vice.
Your solution must ensure that users are still prompt-
ed for MFA.What should you do?
A. Enable the multi-factor authentication trusted IPs
setting, and then verify each device as a trusted de-
vice.
B. Enable the remember multi-factor authentication
setting, and then verify each device as a trusted de-
vice.
79 / 171
C. Enable the multi-factor authentication trusted IPs
setting, and then join all client computers to Microsoft
Azure Active Directory (Azure AD).
D. Enable the remember multi-factor authentication
setting, and then join all client computers to Microsoft
Azure Active Directory (Azure AD).
will not be deducted from your overall test time.When add gmail.com as
the Next button is available, click it to access the a denied domain
lab section. In this section, you will perform a set of in the Ò€˜External
tasks in a live environment. While most functionality collaboration
will be available to you as it would be in a live en- settingsÒ€™.1. Go
vironment, some functionality (e.g., copy and paste, to the Azure
ability to navigate to external websites) will not be Active Directory
possible by design.Scoring is based on the outcome admin center.2.
of performing the tasks stated in the lab. In other Select Users then
words, it doesn't matter how you accomplish the task, select Ò€˜ User
if you successfully perform it, you will earn credit settingsÒ€™.3.
for that task.Labs are not timed separately, and this Under External
exam may have more than one lab that you must Users, select the
complete. You can use as much time as you would Ò€M̃anage
like to complete each lab. But, you should manage external
your time appropriately to ensure that you are able collaboration
to complete the lab(s) and all other sections of the settingsÒ€™.4.
exam in the time provided.Please note that once Under
you submit your work by clicking the Next button Ò€˜
Collaboration
within a lab, you will NOT be able to return to the restrictionsÒ€™,
lab.You may now click next to proceed to the lab.Lab select the Ò€˜ Deny
information -Use the following login credentials as invitations to the
needed:To enter your username, place your cursor in specified
the Sign in box and click on the username below.To domainsÒ€™
enter your password, place your cursor in the Enter option.5. Under,
password box and click on the password below.Mi- Target Domains,
crosoft 365 Username:admin@LODSe426243.onmi- type in the domain
crosoft.comMicrosoft 365 Password: 3&YWyjse-6-dIf name
the Microsoft 365 portal does not load successfully Ò€˜ gmail.comÒ€™6.
80 / 171
in the browser, press CTRL-K to reload the portal Click the Save
in a new browser tab.The following information is button at the top
for technical support purposes only:Lab Instance: of the screen to
10887751 -You plan to allow the users in your orga- save your
nization to invite external users as guest users to changes.Refer-
your Microsoft 365 tenant.You need to prevent the ences:https://docs.mic
organization's users from inviting guests who have
an email address that uses a suffix of @gmail.com.
will not be deducted from your overall test time.When assign the Glob-
the Next button is available, click it to access the al Admin role to
lab section. In this section, you will perform a set of Irvin Sayers. You
tasks in a live environment. While most functionality then need to con-
will be available to you as it would be in a live en- figure the account
vironment, some functionality (e.g., copy and paste, to require Mul-
ability to navigate to external websites) will not be ti-Factor Authen-
possible by design.Scoring is based on the outcome tication (MFA).1.
of performing the tasks stated in the lab. In other In the Microsoft
words, it doesn't matter how you accomplish the task, 365 admin cen-
if you successfully perform it, you will earn credit ter, select Users
for that task.Labs are not timed separately, and this then select Active
exam may have more than one lab that you must Users.2. Select
complete. You can use as much time as you would the Irvin Sayers
like to complete each lab. But, you should manage account to open
your time appropriately to ensure that you are able the account prop-
to complete the lab(s) and all other sections of the erties blade.3. In
exam in the time provided.Please note that once the Roles sec-
you submit your work by clicking the Next button tion, click on the
within a lab, you will NOT be able to return to the Ò€M̃anage roles-
lab.You may now click next to proceed to the lab.Lab Ò€™link.4. Se-
information -Use the following login credentials as lect the Ò€˜ Ad-
needed:To enter your username, place your cursor in min center ac-
the Sign in box and click on the username below.To cessÒ€™option.5.
enter your password, place your cursor in the Enter Select Global Ad-
password box and click on the password below.Mi- ministrator then
crosoft 365 Username:admin@LODSe426243.onmi- click the Ò€˜ Save
81 / 171
crosoft.comMicrosoft 365 Password: 3&YWyjse-6-dIf changesÒ€™but-
the Microsoft 365 portal does not load successfully ton.The next step
in the browser, press CTRL-K to reload the portal is to enable the
in a new browser tab.The following information is account for Mul-
for technical support purposes only:Lab Instance: ti-Factor Authenti-
10887751 -You hire a new global administrator named cation (MFA).1. If
Irvin Sayers to manage your Microsoft 365 tenant.You the Irvin Sayers
need to modify Irvin Sayers to meet the following account is select-
requirements: Uses at least two methods of user ed in the user ac-
authentication Has the highest Microsoft Office 365 counts list, des-
administrative privileges elect it (click on
the tick icon next
to the account
name). Selecting
a user account
changes the menu
options at the top
of the page; de-
selecting the ac-
counts changes
the menu op-
tions back.2. Click
on the Ò€M̃ulti-fac-
tor authentication-
Ò€™link at the
top of the page.3.
In the Ò€M̃ulti-fac-
tor authentication-
Ò€™page, select
the Irvin Sayers
account.4. Click
the Ò€˜EnableÒ€™
link on the right
side of the page.5.
In the pop-up win-
dow, click the Ò€˜-
enable multi-factor
authÒ€™button.
82 / 171
will not be deducted from your overall test time.When register App1 in
the Next button is available, click it to access the Azure Active
lab section. In this section, you will perform a set of Directory.1. Go to
tasks in a live environment. While most functionality the Azure Active
will be available to you as it would be in a live en- Directory admin
vironment, some functionality (e.g., copy and paste, center.2. Select
ability to navigate to external websites) will not be Azure Active
possible by design.Scoring is based on the outcome Directory.3.
of performing the tasks stated in the lab. In other Select Ò€˜ App
words, it doesn't matter how you accomplish the task, registrations-
if you successfully perform it, you will earn credit Ò€™.4. Click the
for that task.Labs are not timed separately, and this Ò€˜ New
exam may have more than one lab that you must registrationÒ€™
complete. You can use as much time as you would link.5. Enter the
like to complete each lab. But, you should manage name App1.6.
your time appropriately to ensure that you are able Click the Register
to complete the lab(s) and all other sections of the button.7. To add
exam in the time provided.Please note that once the URL to App1,
you submit your work by clicking the Next button select App1 in the
within a lab, you will NOT be able to return to the list of registered
lab.You may now click next to proceed to the lab.Lab apps.8. In the
information -Use the following login credentials as properties page of
needed:To enter your username, place your cursor in App1, select
the Sign in box and click on the username below.To Branding.9. Enter
enter your password, place your cursor in the Enter the URL
password box and click on the password below.Mi- https://app1.con-
crosoft 365 Username:admin@LODSe426243.onmi- toso.com in the
crosoft.comMicrosoft 365 Password: 3&YWyjse-6-dIf Ò€˜ Home page
the Microsoft 365 portal does not load successfully URLÒ€™box.10.
in the browser, press CTRL-K to reload the portal Click Save to save
in a new browser tab.The following information is the
for technical support purposes only:Lab Instance: changes.Refer-
10887751 -Your company has a web application ences:https://docs.mic
named App1.The company plans to publish App1 by
using a URL of https://app1.contoso.com.You need to
register App1 to your Microsoft Office 365 tenant.
83 / 171
will not be deducted from your overall test time.When create a guest
the Next button is available, click it to access the account for the
lab section. In this section, you will perform a set of external user.1.
tasks in a live environment. While most functionality Go to the Azure
will be available to you as it would be in a live en- Active Directory
vironment, some functionality (e.g., copy and paste, admin center.2.
ability to navigate to external websites) will not be Select Users.3.
possible by design.Scoring is based on the outcome Click the Ò€˜ New
of performing the tasks stated in the lab. In other guest userÒ€™
words, it doesn't matter how you accomplish the task, link.4. Select the
if you successfully perform it, you will earn credit Ò€˜Invite userÒ€™
for that task.Labs are not timed separately, and this option.5. Give the
exam may have more than one lab that you must account a name
complete. You can use as much time as you would and enter
like to complete each lab. But, you should manage fabrika-
your time appropriately to ensure that you are able muser@fab-
to complete the lab(s) and all other sections of the rikam.com in the
exam in the time provided.Please note that once email address
you submit your work by clicking the Next button field.6. Click the
within a lab, you will NOT be able to return to the Ò€˜InviteÒ€™
lab.You may now click next to proceed to the lab.Lab button.Refer-
information -Use the following login credentials as ences:https://docs.mic
needed:To enter your username, place your cursor in
the Sign in box and click on the username below.To
10887751 -You plan to provide an external user
named fabrikamuser@fabrikam.com with access to
several resources in your Microsoft 365 tenant.You
84 / 171
need to ensure that the external user can be added to
Office 365 groups.
will not be deducted from your overall test time.When modify the default
the Next button is available, click it to access the mobile device
lab section. In this section, you will perform a set of mailbox policy.1.
tasks in a live environment. While most functionality Go to the
will be available to you as it would be in a live en- Exchange Admin
vironment, some functionality (e.g., copy and paste, Center.2. Select
ability to navigate to external websites) will not be Ò€m̃obileÒ€™then
possible by design.Scoring is based on the outcome select Ò€m̃obile
of performing the tasks stated in the lab. In other device mailbox
words, it doesn't matter how you accomplish the task, policiesÒ€™.3.
if you successfully perform it, you will earn credit Click the Ò€˜
Create
for that task.Labs are not timed separately, and this a policyÒ€™
exam may have more than one lab that you must button.4. Select
complete. You can use as much time as you would the Default policy
like to complete each lab. But, you should manage and click the edit
your time appropriately to ensure that you are able icon (pencil
to complete the lab(s) and all other sections of the icon).5. Select the
exam in the time provided.Please note that once Ò€˜
SecurityÒ€™link
you submit your work by clicking the Next button to open the
within a lab, you will NOT be able to return to the security
lab.You may now click next to proceed to the lab.Lab settings.6. Tick
information -Use the following login credentials as the Ò€˜ Require a
needed:To enter your username, place your cursor in passwordÒ€™
the Sign in box and click on the username below.To checkbox.7. Tick
enter your password, place your cursor in the Enter the Ò€˜ Require
password box and click on the password below.Mi- encryption on
crosoft 365 Username:admin@LODSe426243.onmi- deviceÒ€™
crosoft.comMicrosoft 365 Password: 3&YWyjse-6-dIf checkbox.8. Click
the Microsoft 365 portal does not load successfully the Save button to
in the browser, press CTRL-K to reload the portal save the
in a new browser tab.The following information is changes.Refer-
for technical support purposes only:Lab Instance: ences:https://docs.mic
10887751 -You need to ensure that all mobile devices
85 / 171
that connect to Microsoft Exchange Online meet the
following requirements: A password must be used
to access the devices. Data on the devices must be
encrypted.
will not be deducted from your overall test time.When add contoso.com
the Next button is available, click it to access the as an allowed
lab section. In this section, you will perform a set of domain in the
tasks in a live environment. While most functionality Ò€˜ External
will be available to you as it would be in a live en- collaboration
vironment, some functionality (e.g., copy and paste, settingsÒ€™.1. Go
ability to navigate to external websites) will not be to the Azure
possible by design.Scoring is based on the outcome Active Directory
of performing the tasks stated in the lab. In other admin center.2.
words, it doesn't matter how you accomplish the task, Select Users then
if you successfully perform it, you will earn credit select Ò€˜
User
for that task.Labs are not timed separately, and this settingsÒ€™.3.
exam may have more than one lab that you must Under External
complete. You can use as much time as you would Users, select the
like to complete each lab. But, you should manage Ò€M̃anage
your time appropriately to ensure that you are able external
to complete the lab(s) and all other sections of the collaboration
exam in the time provided.Please note that once settingsÒ€™.4.
you submit your work by clicking the Next button Under
within a lab, you will NOT be able to return to the Ò€˜
Collaboration
lab.You may now click next to proceed to the lab.Lab restrictionsÒ€™,
information -Use the following login credentials as select the Ò€˜ Allow
needed:To enter your username, place your cursor in invitations only to
the Sign in box and click on the username below.To the specified
enter your password, place your cursor in the Enter domains (most
password box and click on the password below.Mi- restrictive)Ò€™
crosoft 365 Username:admin@M365x981607.onmi- option.5. Under,
crosoft.comMicrosoft 365 Password: *yfLo7Ir2&y-If Target Domains,
the Microsoft 365 portal does not load successfully type in the domain
in the browser, press CTRL-K to reload the portal name
in a new browser tab.The following information is Ò€˜
contoso.com-
86 / 171
for technical support purposes only:Lab Instance: Ò€™6. Click the
10811525 -You plan to invite several guest users to Save button at the
access the resources in your organization.You need top of the screen
to ensure that only guests who have an email address to save your
that uses the @contoso.com suffix can connect to changes.Refer-
the resources in your Microsoft 365 tenant. ences:https://docs.mic
will not be deducted from your overall test time.When to configure the
the Next button is available, click it to access the App Registrations
lab section. In this section, you will perform a set of setting in Azure
tasks in a live environment. While most functionality Active Directory.1.
will be available to you as it would be in a live en- Go to the Azure
vironment, some functionality (e.g., copy and paste, Active Directory
ability to navigate to external websites) will not be admin center.2.
possible by design.Scoring is based on the outcome Select Azure Ac-
of performing the tasks stated in the lab. In other tive Directory.3.
words, it doesn't matter how you accomplish the task, Select Ò€˜ User set-
if you successfully perform it, you will earn credit tingsÒ€™4. In the
for that task.Labs are not timed separately, and this Ò€˜ App registra-
exam may have more than one lab that you must tionsÒ€™section,
complete. You can use as much time as you would toggle the Ò€˜ Users
like to complete each lab. But, you should manage can register ap-
your time appropriately to ensure that you are able plicationsÒ€™set-
to complete the lab(s) and all other sections of the ting to No.5. Click
exam in the time provided.Please note that once Save to save the
you submit your work by clicking the Next button changes.
within a lab, you will NOT be able to return to the
lab.You may now click next to proceed to the lab.Lab
information -Use the following login credentials as
crosoft 365 Username:admin@M365x981607.onmi-
crosoft.comMicrosoft 365 Password: *yfLo7Ir2&y-If
87 / 171
10811525 -You need to prevent non-administrators in
your organization from registering applications.
will not be deducted from your overall test time.When create a guest
the Next button is available, click it to access the account for
lab section. In this section, you will perform a set of user1.1. Go to the
tasks in a live environment. While most functionality Azure Active
will be available to you as it would be in a live en- Directory admin
vironment, some functionality (e.g., copy and paste, center.2. Select
ability to navigate to external websites) will not be Users.3. Click the
possible by design.Scoring is based on the outcome Ò€˜ New guest
of performing the tasks stated in the lab. In other userÒ€™link.4.
words, it doesn't matter how you accomplish the task, Select the Ò€˜ Invite
if you successfully perform it, you will earn credit userÒ€™option.5.
for that task.Labs are not timed separately, and this Give the account
exam may have more than one lab that you must a name (User1)
complete. You can use as much time as you would and enter
like to complete each lab. But, you should manage user1@fab-
your time appropriately to ensure that you are able rikam.com in the
to complete the lab(s) and all other sections of the email address
exam in the time provided.Please note that once field.6. Click the
you submit your work by clicking the Next button Ò€˜InviteÒ€™
within a lab, you will NOT be able to return to the button.Refer-
lab.You may now click next to proceed to the lab.Lab ences:https://docs.mic
88 / 171
10811525 -Your organization recently partnered with
another organization named Fabrikam, Inc.You plan
to provide a Microsoft 365 license to an external user
named user1@fabrikam.com, and then to share doc-
uments with the user.You need to invite user1@fab-
rikam.com to access your organization.
will not be deducted from your overall test time.When configure the
the Next button is available, click it to access the device settings in
lab section. In this section, you will perform a set of Azure Active
tasks in a live environment. While most functionality Directory.1. Go to
will be available to you as it would be in a live en- the Azure Active
vironment, some functionality (e.g., copy and paste, Directory admin
ability to navigate to external websites) will not be center.2. Select
possible by design.Scoring is based on the outcome Azure Active
of performing the tasks stated in the lab. In other Directory.3.
words, it doesn't matter how you accomplish the task, Select Devices.4.
if you successfully perform it, you will earn credit Select Device
for that task.Labs are not timed separately, and this Settings.5. Toggle
exam may have more than one lab that you must the Ò€˜
Require
complete. You can use as much time as you would Multi-Factor Auth
like to complete each lab. But, you should manage to join devicesÒ€™
your time appropriately to ensure that you are able setting to Yes.6.
to complete the lab(s) and all other sections of the Click Save to save
exam in the time provided.Please note that once the
you submit your work by clicking the Next button changes.Refer-
within a lab, you will NOT be able to return to the ences:https://docs.mic
89 / 171
10811525 -You plan to provide several users in your
organization with the ability to join their Windows
10 device to Microsoft Azure Active Directory (Azure
AD).You need to ensure that all the users who join a
device use multi-factor authentication.
will not be deducted from your overall test time.When configure the Ex-
the Next button is available, click it to access the ternal Communi-
lab section. In this section, you will perform a set of cations settings in
tasks in a live environment. While most functionality the Skype for
will be available to you as it would be in a live en- Business admin
vironment, some functionality (e.g., copy and paste, center.1. You need
ability to navigate to external websites) will not be to go to the Skype
possible by design.Scoring is based on the outcome for Business ad-
of performing the tasks stated in the lab. In other min center. If you
words, it doesn't matter how you accomplish the task, see a Skype for
if you successfully perform it, you will earn credit Business admin
for that task.Labs are not timed separately, and this center in the ad-
exam may have more than one lab that you must min center list in
complete. You can use as much time as you would the Microsoft por-
like to complete each lab. But, you should manage tal, open it and
your time appropriately to ensure that you are able skip to step 4.2.
to complete the lab(s) and all other sections of the If you donÒ€™ t see
exam in the time provided.Please note that once a Skype for Busi-
you submit your work by clicking the Next button ness admin cen-
within a lab, you will NOT be able to return to the ter in the admin
lab.You may now click next to proceed to the lab.Lab center list in the
information -Use the following login credentials as Microsoft portal,
needed:To enter your username, place your cursor in open the Teams
the Sign in box and click on the username below.To admin center.3. In
90 / 171
enter your password, place your cursor in the Enter the Teams admin
password box and click on the password below.Mi- center, choose
crosoft 365 Username:admin@M365x981607.onmi- Skype > Lega-
crosoft.comMicrosoft 365 Password: *yfLo7Ir2&y-If cy Portal.4. In the
the Microsoft 365 portal does not load successfully Skype for Busi-
in the browser, press CTRL-K to reload the portal ness admin cen-
in a new browser tab.The following information is ter, select Orga-
for technical support purposes only:Lab Instance: nization.5. Select
10811525 -You need to prevent the users in your orga- External commu-
nization from establishing voice calls from Microsoft nications.6. Untick
Skype for Business to external Skype users. the Ò€˜Let peo-
ple use Skype
for Business to
communicate with
Skype users out-
side your organi-
zationÒ€™check-
box.7. Click Save
to save the
changes.

unavailable.User passwords must be 10 characters or
more.Solution: Implement pass-through authentica-
tion and configure password protection in the Azure
91 / 171
AD tenant.Does this meet the goal?
A. Yes
B. No

unavailable. User passwords must be 10 characters
or more.Solution: Implement password hash syn-
chronization and modify the password settings from
the Default Domain Policy in Active Directory.Does
this meet the goal?
A. Yes
B. No
225. Your company has three main offices and one branch A. Microsoft Azure
office. The branch office is used for research.The Active Directory
company plans to implement a Microsoft 365 tenant (Azure AD) condi-
and to deploy multi-factor authentication.You need to tional access.
recommend a Microsoft 365 solution to ensure that
multi-factor authentication is enforced only for users
in the branch office.What should you include in the
recommendation?
A. Microsoft Azure Active Directory (Azure AD) con-
ditional access.
B. Microsoft Azure Active Directory (Azure AD) pass-
word protection.
92 / 171
C. A Microsoft Endpoint Manager device compliance
policy.
D. A Microsoft Endpoint Manager device configura-
tion profile.
226. Your network contains an Active Directory domain B. provides seam-

named contoso.com.All users authenticate by using less SSO
a third-party authentication solution.You purchase D. ensures that all
Microsoft 365 and plan to implement several Mi- the users authen-
crosoft 365 services.You need to recommend an iden- ticate to Microsoft
tity strategy that meets the following requirements: 365 by using their
Provides seamless SSO Minimizes the number of on-premises user
additional servers required to support the solution account
Stores the passwords of all the users in Microsoft
Azure Active Directory (Azure AD) Ensures that all
the users authenticate to Microsoft 365 by using their
on-premises user accountYou are evaluating the im-
plementation of federation.Which two requirements
are met by using federation? Each correct answer
A. minimizes the number of additional servers re-
quired to support the solution
B. provides seamless SSO
C. stores the passwords of all the users in Azure AD
D. ensures that all the users authenticate to Microsoft
365 by using their on-premises user account

93 / 171
strategy that uses federation authentication by using
Active Directory Federation Services (AD FS). The
solution contains two AD FS servers and two Web
Application Proxies.Does this meet the goal?
A. Yes
B. No

zo.com/88c11370317e1674d8592808ce5a424a zo.com/1fc182e51996
229. Your network contains an Active Directory domain A. pass-through

named contoso.com. The domain contains five do- authentication and
main controllers.You purchase Microsoft 365 and seamless SSO
plan to implement several Microsoft 365 services.You
need to identify an authentication strategy for the
planned Microsoft 365 deployment. The solution must
meet the following requirements: Ensure that users
can access Microsoft 365 by using their on-premis-
es credentials. Use the existing server infrastruc-
ture only. Store all user passwords on-premises only.
Be highly available.Which authentication strategy
should you identify?
A. pass-through authentication and seamless SSO
B. pass-through authentication and seamless SSO
with password hash synchronization
C. password hash synchronization and seamless
SSO
D. federation
94 / 171
230. Your network contains an on-premises Active Di- A. From a do-
rectory domain.You have a Microsoft 365 subscrip- main controller, in-
tion.You implement a directory synchronization solu- stall the Azure AD
tion that uses pass-through authentication.You con- Password Protec-
figure Microsoft Azure Active Directory (Azure AD) tion Proxy.
smart lockout as shown in the following exhibit.You D. From Pass-
discover that Active Directory users can use the word protection for
passwords in the custom banned passwords list.You Windows Server
need to ensure that banned passwords are effective Active Directory,
for all users.Which three actions should you per- modify the Mode
form? Each correct answer presents part of the solu- setting.
tion.NOTE: Each correct selection is worth one point. E. From all the do-
A. From a domain controller, install the Azure AD main controllers,
Password Protection Proxy. install the Azure
B. From a domain controller, install the Microsoft AAD AD Password Pro-
Application Proxy connector. tection DC Agent.
C. From Custom banned passwords, modify the En-
force custom list setting.
D. From Password protection for Windows Server Ac-
tive Directory, modify the Mode setting.
E. From all the domain controllers, install the Azure
AD Password Protection DC Agent.
F. From Active Directory, modify the Default Domain
Policy.

zo.com/0a61474d92067bd8ae031e933263e66c zo.com/3327d336e771
232. https://gya- C. Modify the Ex-

zo.com/bd03468a815c244805d1d9cd4d119e5d ternal collabora-
tion settings.

zo.com/14703fc9c9d84f12b01125b93428fdd8 zo.com/53440bb1bad7

zo.com/4c7d0e241331e028a225f0b1d003e0c8 See explanation
below.You need to
enable Multi-Fac-
95 / 171
tor Authentication
for Lynne Rob-
bins.1. Sign in to
the Microsoft 365
Admin Center.2. In
the left naviga-
tion pane, expand
the Users sec-
tion and select Ac-
tive Users.3. Click
the Ò€M̃ulti-fac-
tor authentication-
Ò€™link.4. Select
Lynne Robbins.5.
In the right nav-
igation pane, se-
lect the Ò€˜
Enable-
Ò€™link to en-
able MFA for the
account.6. Con-
firm the setting
by clicking the Ò€˜-
Enable multi-fac-
tor authentication-
Ò€™button.7. Click
the Close button
to close the confir-
mation window.

zo.com/b7dfbd9359813ae6bd516f7ef6c0e3b0 See explanation
below.You need to
create a
SharePoint site
and configure the
sharing
settings.1. Go to
the SharePoint
Admin Center.2.
96 / 171
In the left
navigation pane,
expand Sites then
select Ò€Ãctive
SitesÒ€™.3. Click
on the Ò€˜+
CreateÒ€™link to
add a new site.4.
Select Ò€Õther
OptionsÒ€™then
Ò€˜Team SiteÒ€™
for the template.5.
Give the site the
name
Ò€˜Project1Ò€™.6.
In the Ò€˜Primary
AdministratorÒ€™
field, start typing
Ò€ãdminÒ€™then
select the
ad-
min@LODSe878763.o

zo.com/fa040ac872f86bcd37db0b503d05edd3 See explanation
below.You need to
create a guest ac-
count for the ex-
ternal user and
assign the Appli-
cation Developer
role. As the user-
Ò€™ s domain is an
external domain,
you will need toÒ€˜-
inviteÒ€™the user.
The external user
will need to ac-
cept the invita-
97 / 171
tion to create the
account.1. Go to
the Azure Ac-
tive Directory Ad-
min Center.2. In
the left naviga-
tion pane, select
Users.3. Click on
the Ò€˜+ New Guest
UserÒ€™link.4.
Ensure that the Ò€˜-
Invite userÒ€™op-
tion is selected.5.
Enter dev@fab-
rikam.com in the
email address
field.6. In the
Roles section, Ò€˜-
userÒ€™ will be se-
lected by default.
Click on Ò€˜ user-
Ò€™to open a list
of roles.7. Select
Application Devel-
oper in the list
and click the Ò€˜ Se-
lectÒ€™button to
assign the role.8.
Click the Ò€˜ Invite-
Ò€™ button to send
the invitation.
237. Your company has a Microsoft 365 subscription and C. From the Azure
a Microsoft Azure Active Directory (Azure AD) tenant portal, add a
named contoso.onmicrosoft.com.An external vendor new guest user,
has a Microsoft account that has a username of and then spec-
user1@outlook.com.You plan to provide user1@out- ify user1@out-
look.com with access to several resources in the sub- look.com as the
scription.You need to add the external user account email address.
98 / 171
to contoso.onmicrosoft.com. The solution must en-
sure that the external vendor can authenticate by
using user1@outlook.com.What should you do?
A. From Azure Cloud Shell, run the New-AzureADUser
cmdlet and specify Ò€"UserPrincipalName user1@out-
look.com.
B. From the Microsoft 365 admin center, add a con-
tact, and then specify user1@outlook.com as the
email address.
C. From the Azure portal, add a new guest user, and
then specify user1@outlook.com as the email ad-
dress.
D. From the Azure portal, add a custom domain
name, and then create a new Azure AD user and use
user1@outlook.com as the username.
238. You have a Microsoft 365 subscription that contains D. From the Share-
several Microsoft SharePoint Online sites.You dis- Point admin cen-
cover that users from your company can invite exter- ter, configure the
nal users to access files on the SharePoint sites.You sharing settings.
need to ensure that the company users can invite only Reveal Solution
authenticated guest users to the sites.What should Discussion 7
you do?
A. From the Microsoft 365 admin center, configure a
partner relationship.
B. From SharePoint Online Management Shell, run
the Set-SPOSite cmdlet.
configure a conditional access policy.
D. From the SharePoint admin center, configure the
sharing settings.
239. Your network contains an on-premises Active Direc- D. Modify the In-
tory domain. The domain contains 2,000 computers tranet zone set-
that run Windows 10.You purchase a Microsoft 365 tings by using
subscription.You implement password hash synchro- Group Policy
nization and Azure Active Directory (Azure AD) Seam-
less Single Sign-On (Seamless SSO).You need to en-
99 / 171
sure that users can use Seamless SSO from the Win-
dows 10 computers.What should you do?
A. Create a conditional access policy in Azure AD.
B. Deploy an Azure AD Connect staging server.
C. Join the computers to Azure AD.
D. Modify the Intranet zone settings by using Group
Policy

zo.com/36b77e1a4adc5bb109a24fcc94d42389 zo.com/d52a71d629a1
241. Your company has a hybrid deployment of Microsoft B. From Per-

365.Users authenticate by using pass-through au- formance Mon-
thentication. Several Microsoft Azure AD Connect Au- itor, use the
thentication Agents are deployed.You need to verify #PTA authentica-
whether all the Authentication Agents are used for tions counter.
authentication.What should you do?
A. From the Azure portal, use the Troubleshoot option
on the Pass-through authentication page.
B. From Performance Monitor, use the #PTA authen-
tications counter.
C. From the Azure portal, use the Diagnostics set-
tings on the Monitor blade.
D. From Performance Monitor, use the Kerberos au-
thentications counter.

zo.com/0eb25e9e4df28976d03d45ffae2eceb5 zo.com/a48f8973cf10b

zo.com/a711e89fa7b1ec04da3e339a7e699439 zo.com/cb03ba0dfc63

zo.com/f7cd90ea4f505df0eedfe87ee990e943 zo.com/9dd6ec7d4417

zo.com/8d976910dada9ff755025093f0f05a49 zo.com/bd212dc89ef9
246. https://gyazo.com/6ad727b1a84cd3caf7b2fd- B. No
fde6b58142
100 / 171
zo.com/95f9ec2c95086e466a4eb0296e508432
zo.com/221ef94752c1cafd71bcd00ee26ae57d

zo.com/a26bdc30867b9cdd78338226853ed361 zo.com/def742f8979b6
250. https://gya- A. User1 only

zo.com/25db8a45c89711ba68618892e9db3c0e
251. You have a Microsoft 365 E5 subscription.You need C. From the Azure
to ensure that users are prompted for multi-factor Active Directory
authentication (MFA) when they attempt to access admin center, cre-
Microsoft SharePoint Online resources. Users must ate a conditional
NOT be prompted for MFA when they attempt to ac- access policy.
cess other Microsoft 365 services.What should you
do?
A. From the Microsoft Endpoint Manager admin cen-
ter, create an app protection policy.
B. From the multi-factor authentication page, config-
ure the users settings.
create a conditional access policy.
D. From the Cloud App Security admin center, create
an app access policy.

zo.com/75c33e8e68bcbd374677d8191f3fb765 zo.com/93e0611d88bf

101 / 171
review screen.You have a Microsoft 365 subscrip-
tion.You discover that some external users accessed
content on a Microsoft SharePoint site. You modify
the SharePoint sharing policy to prevent sharing out-
side your organization.You need to be notified if the
SharePoint policy is modified in the future.Solution:
From the SharePoint admin center, you modify the
sharing settings.Does this meet the goal?
A. Yes
B. No

screen.You have a Microsoft 365 subscription.You
discover that some external users accessed content
on a Microsoft SharePoint site. You modify the Share-
Point sharing policy to prevent sharing outside your
organization.You need to be notified if the SharePoint
policy is modified in the future.Solution: From the
Security & Compliance admin center, you create a
threat management policy.Does this meet the goal?
A. Yes
B. No

screen.You have a Microsoft 365 subscription.You
102 / 171
need to prevent users from accessing your Microsoft
SharePoint Online sites unless the users are con-
nected to your on-premises network.Solution: From
the Device Management admin center, you a trusted
location and compliance policy.Does this meet the
goal?
A. Yes
B. No

tion.You need to prevent users from accessing your
Microsoft SharePoint Online sites unless the users
are connected to your on-premises network.Solution:
From the Microsoft 365 admin center, you configure
the Organization profile settings.Does this meet the
goal?
A. Yes
B. No

tion.You need to prevent users from accessing your
Microsoft SharePoint Online sites unless the users
are connected to your on-premises network.Solution:
103 / 171
From the Azure Active Directory admin center, you
create a trusted location and a conditional access
policy.Does this meet the goal?
A. Yes
B. No

zo.com/798b7206895f6fa12b3ef69b8ee5aa39 zo.com/974fe8fee47b7
259. https://gyazo.com/0a3465df- https://gya-

bcd627743f1f4225e5af4d24 zo.com/f8f9f66d850f80

zo.com/f48730d0e3396eda5c8d653528f91436 zo.com/9f8396437371
261. You have a Microsoft 365 subscription.You register D. From the Azure
two applications named App1 and App2 to Azure Active Directory
Active Directory (Azure AD).You need to ensure admin center, cre-
that users who connect to App1 require multi-fac- ate a conditional
tor authentication (MFA). MFA is required only for access policy.
App1.What should you do?
A. From the Microsoft 365 admin center, configure the
Modern authentication settings.
B. From Multi-Factor Authentication, configure the
service settings.
C. From the Enterprise applications blade of the
Azure Active Directory admin center, configure the
Users settings.
D. From the Azure Active Directory admin center, cre-
ate a conditional access policy.

zo.com/2bf0e48d5c1aadd0323f122886448574 zo.com/9022bb3de249
263. Your company has an on-premises Microsoft Ex- A. cutover migra-

change Server 2013 organization.The company has tion
100 users.The company purchases Microsoft 365
and plans to move its entire infrastructure to the
cloud.The company does NOT plan to sync the
on-premises Active Directory domain to Microsoft
104 / 171
Azure Active Directory (Azure AD).You need to rec-
ommend which type of migration to use to move
all email messages, contacts, and calendar items to
Exchange Online.What should you recommend?
A. cutover migration
B. IMAP migration
C. remote move migration
D. staged migration

zo.com/c77150de671baea586c6a25167e71b0d zo.com/2a0a6fbd9964
265. You create a Microsoft 365 Enterprise subscrip- A. From your com-
tion.You assign licenses for all products to all puter, run set-
users.You need to prepare the environment to ensure up.exe /down-
that all Microsoft 365 Apps for enterprise installations load download-
occur from a network share. The solution must pre- config.xml.
vent the users from installing Microsoft 365 Apps for B. Create an XML
enterprise from the Internet.You download the Office download file.
Deployment Tool (ODT).Which three actions should E. From the Mi-
you perform? Each correct answer presents part of crosoft 365 ad-
the solution.NOTE: Each correct selection is worth min center, con-
one point. figure the Soft-
A. From your computer, run setup.exe /download ware download
downloadconfig.xml. settings.
B. Create an XML download file.
C. From the Microsoft 365 admin center, deactivate
the Office 365 licenses for all the users.
D. From each client computer, run setup.exe /config-
ure installconfig.xml.
E. From the Microsoft 365 admin center, configure the
Software download settings.
266. https://gya- B. Server3

zo.com/aebe95d5b4ade889ec796f9b79f30d5d
267. Your on-premises network contains five file servers. D. Run the Share-
The file servers host shares that contain user Point Migration
data.You plan to migrate the user data to a Microsoft Tool.
365 subscription.You need to recommend a solution
105 / 171
to import the user data into Microsoft OneDrive.What
should you include in the recommendation?
A. Configure the settings of the OneDrive client on
your Windows 10 device.
B. Configure the Sync settings in the OneDrive admin
center.
C. Run the SharePoint Hybrid Configuration Wizard.
D. Run the SharePoint Migration Tool.
268. Your network contains two Active Directory forests. D. a new service
Each forest contains two domains.You plan to con- connection point
figure Hybrid Azure AD join for the computers.You (SCP) for each for-
create a Microsoft Azure Active Directory (Azure AD) est
tenant.You need to ensure that the computers can
discover the Azure AD tenant.What should you cre-
ate?
A. a new computer account for each computer
B. a new service connection point (SCP) for each
domain
C. a new trust relationship for each forest
D. a new service connection point (SCP) for each
forest
269. You have an on-premises Microsoft SharePoint Serv- B. OneDrive sites

er 2016 environment.You create a Microsoft 365 ten- must redirect
ant.You need to migrate some of the SharePoint users to online
sites to SharePoint Online. The solution must meet content.
the following requirements: Microsoft OneDrive sites D. When users
must redirect users to online content. Users must search for a doc-
be able to follow both on-premises and cloud-based ument by using
sites. Users must have a single SharePoint profile keywords, the re-
for both on-premises and on the cloud. When users sults must in-
search for a document by using keywords, the results clude online and
must include online and on-premises results.From on-premises re-
the SharePoint Hybrid Configuration Wizard, you se- sults.
lect the following features: Hybrid business to busi- Reveal Solution
ness (B2B) sites Hybrid OneDrive Hybrid Search- Discussion 8
Which two requirements are met by using the Share-
Point Hybrid Configuration Wizard features? Each
106 / 171
correct answer presents a complete solution.NOTE:
Each correct selection is worth one point.
A. Users must have a single SharePoint profile for
both on-premises and on the cloud.
B. OneDrive sites must redirect users to online con-
tent.
C. Users must be able to follow both on-premises and
cloud-based sites.
D. When users search for a document by us-
ing keywords, the results must include online and
on-premises results.

zo.com/ecc6ffb2806224c7a3abb806de0a4afa zo.com/9bc3942c8571
271. You have a Microsoft 365 subscription. All users have B. 30

client computers that run Windows 10 and have Mi-
crosoft 365 Apps for enterprise installed.Some users
in the research department work for extended peri-
ods of time without an Internet connection.How many
days can the research department users remain of-
fline before they are prevented from editing Office
documents?
A. 10
B. 30
C. 90
D. 120
272. Your network contains an Active Directory domain. B. Microsoft

The domain contains a server named Server1 that SharePoint Migra-
runs Windows Server 2016. Server1 has a share tion Tool
namedShare1.You have a hybrid deployment of Mi-
crosoft 365.You need to migrate the content in Share1
to Microsoft OneDrive.What should you use?
A. Windows Server Migration Tools
B. Microsoft SharePoint Migration Tool
C. Storage Migration Service
273. B. No
107 / 171
Note: This question is part of a series of questions
review screen.Your company has a main office and
three branch offices. All the branch offices connect to
the main office by using a WAN link. The main office
has a high-speedInternet connection. All the branch
offices connect to the Internet by using the main
office connection.Users use Microsoft Outlook 2016
to connect to a Microsoft Exchange Server mailbox
hosted in the main office.The users report that when
the WAN link in their office becomes unavailable, they
cannot access their mailbox.You create a Microsoft
365 subscription, and then migrate all the user data
to Microsoft 365.You need to ensure that all the users
can continue to use Outlook to receive email mes-
sages if a WAN link fails.Solution: You enable Cached
Exchange Mode for all the Outlook profiles.Does this
meet the goal?
A. Yes
B. No

zo.com/974a965e1f18b8938ab3565121e876ff See explanation
below.You need to
create a team.
You can create a
team in the Mi-
crosoft Teams Ad-
min Center or
in the Microsoft
Teams app. How-
ever, to be able to
specify the team
108 / 171
owner when cre-
ating the team,
you need to
use the Teams
Admin Center.1.
Go to the Mi-
crosoft Teams Ad-
min Center.2. In
the left naviga-
tion pane, expand
the Teams section
and select Ò€M̃an-
age TeamsÒ€™.3.
Click the Ò€˜+ Add-
Ò€™link to add a
new team.4. Give
the team the name
Project1.5. In the
Team Owner field,
remove your name
which is there by
default and add
Lee Gu.6. Click
the Ò€˜ Create a
teamÒ€™button to
create the team.7.
In the teams
list, select the
Project1 team.8.
Click on Ò€˜ Chan-
nelsÒ€™.9. Click
the Ò€˜+AddÒ€™
link to add a
new channel.10.
Give the channel
the name Chan-
nel1.11. Click the
Apply button to
109 / 171
create the chan-
nel.

zo.com/7e1c2779b22673d1f7e24dc6e5a2d626 See explanation
below.You need to
create a resource
mailbox in Ex-
change.1. Go to
the Exchange Ad-
min Center.2. In
the left naviga-
tion pane, select
Recipients.3. Click
the Resources
link.4. Click the
plus (+) icon
and select Ò€˜-
Equipment Mail-
boxÒ€™.5. Give the
mailbox a name
such as Ò€˜ Projec-
tor1Ò€™.6. Enter
the name projec-
tor1 in the email
address field.7.
Click the Save
button to cre-
ate the equipment
mailbox.8. In the
resource mailbox
list, select the new
mailbox and click
the Edit icon (pen-
cil icon).9. Select
Ò€˜Booking Dele-
gatesÒ€™in the
menu list.10. Se-
lect the option, Ò€-
110 / 171
Select delegates
who can accept
or decline book-
ing requestsÒ€.11.
Click the plus (+)
icon and add Lee
Gu as a dele-
gate.12. Click the
Save button to
save the changes.
276. Your company has an on-premises Microsoft Ex- C. hybrid migration

change Server 2016 organization. The organization
is in the company's main office in Melbourne. The
main office has a low-bandwidth connection to the In-
ternet.The organization contains 250 mailboxes.You
purchase a Microsoft 365 subscription and plan to
migrate to Exchange Online next month.In 12 months,
you plan to increase the bandwidth available for the
Internet connection.You need to recommend the best
migration strategy for the organization. The solution
must minimize administrative effort.What is the best
recommendation to achieve the goal? More than one
answer choice may achieve the goal. Select the BEST
answer.
A. network upload
B. cutover migration
C. hybrid migration
D. staged migration

zo.com/807e7cde81c034163923e8c15b3446a4 zo.com/0ad979bf1cc5
278. Your company has a Microsoft Azure Active Directo- D. Instruct all the
ry (Azure AD) directory tenant named contoso.onmi- users to log off
crosoft.com.All users have client computers that run of their computer,
Windows 10 Pro and are joined to Azure AD.The com- and then to log in
pany purchases a Microsoft 365 E3 subscription.You again.
need to upgrade all the computers to Windows 10
111 / 171
Enterprise. The solution must minimize administra-
tive effort.You assign licenses from the Microsoft 365
admin center.What should you do next?
A. Add a custom domain name to the subscription.
B. Deploy Windows 10 Enterprise by using Windows
Autopilot.
C. Create a provisioning package, and then deploy the
package to all the computers.
D. Instruct all the users to log off of their computer,
and then to log in again.
279. Your company has a Microsoft 365 subscription.You B. From Security

plan to move several archived PST files to Microsoft & Compliance, re-
Exchange Online mailboxes.You need to create an im- trieve the SAS key.
port job for the PST files.Which three actions should C. Run azcopy.exe
you perform before you create the import job? Each to copy the PST
correct answer presents part of the solution.NOTE: files to Microsoft
Each correct selection is worth one point. Azure Storage
A. Create a Microsoft Azure Storage account. E. Create a PST
B. From Security & Compliance, retrieve the SAS key. import mapping
C. Run azcopy.exe to copy the PST files to Microsoft file.
Azure Storage
D. From Exchange admin center, run a new migration
batch.
E. Create a PST import mapping file.
280. You have Windows 10 devices that are managed by B. an app configu-
using Microsoft Endpoint Manager. All the devices ration policy
have Microsoft Office 365 apps installed.You need to
configure the proofing tool settings for the Office 365
apps.From the Microsoft Endpoint Manager admin
center, what should you create?
A. a device compliance policy
B. an app configuration policy
C. an app
D. a device configuration profile
281. You publish an enterprise application named App1 C. an access re-

that processes financial data.You need to ensure that view
112 / 171
access to App1 is revoked for users who no longer
require viewing the processed financial data.What
should you configure?
A. an owner
B. an app protection policy
C. an access review
D. a conditional access policy

zo.com/aca77e03bfd16f8c6212c51a9050b5dd zo.com/27df7217569c

zo.com/5845447d28e32b95ee0ecacf2dd91c33 zo.com/2e76ae7f5904
284. Your network contains an Active Directory forest C. Purchase a

named contoso.local.You purchase a Microsoft 365 custom domain
subscription.You plan to move to Microsoft 365 and name.
to implement a hybrid deployment solution for the
next 12 months.You need to prepare for the planned
move to Microsoft 365.What is the best action to
perform before you implement directory synchroniza-
tion? More than one answer choice may achieve the
goal. Select the BEST answer.
A. Purchase a third-party X.509 certificate.
B. Rename the Active Directory forest.
C. Purchase a custom domain name.
D. Create an external forest trust.

zo.com/e35228a031e0194b50bd5dfb9ce69bb5 zo.com/a3712bb95747
286. You have a Microsoft Azure Active Directory (Azure D. Configure an

AD) tenant named contoso.com.You add an app SSO method for
named App1 to the enterprise applications in con- App1.
toso.com.You need to configure self-service app ac-
cess for App1.What should you do first?
A. Assign App1 to users and groups.
B. Add an owner to App1.
C. Configure the provisioning mode for App1.
D. Configure an SSO method for App1.
113 / 171
287. https://gya- B. Deploy one

zo.com/c325d80adff7c54e13195d7b4a0309d2 Application Proxy
connector.
288. https://gyazo.com/98bd08f831cd26ea- D. From the Mi-

caec7af63b7f7059 crosoft 365 ad-
min center, modi-
fy the Services &
add-ins settings.
289. Your network contains an Active Directory domain C.

named contoso.com.You have a Microsoft 365 sub- https://login.mi-
scription.You have a Microsoft Azure Active Di- crosofton-
rectory (Azure AD) tenant named contoso.onmi- line.com/con-
crosoft.com.You implement directory synchroniza- toso.onmi-
tion.The developers at your company plan to build an crosoft.com/
app named App1. App1 will connect to the Microsoft
Graph API to provide access to several Microsoft
Office 365 services.You need to provide the URI for
the authorization endpoint that App1 must use.What
should you provide?
A. https://login.microsoftonline.com/
B. https://contoso.com/contoso.onmi-
crosoft.com/app1
C. https://login.microsoftonline.com/contoso.onmi-
crosoft.com/
D. https://myapps.microsoft.com

zo.com/7a2ae462c10974eb40ac606117520992 zo.com/906e1f5255e6

114 / 171
sages if a WAN link fails.Solution: For each device,
you configure an additional Outlook profile that uses
IMAP.Does this meet the goal?
A. Yes
B. No

115 / 171
sages if a WAN link fails.Solution: In each branch of-
fice, you add a direct connection to the Internet.Does
this meet the goal?
A. Yes
B. No

screen.Your company has a main office and three
branch offices. All the branch offices connect to the
main office by using a WAN link. The main office has a
high-speedInternet connection. All the branch offices
connect to the Internet by using the main office con-
nection.Users use Microsoft Outlook 2016 to connect
to a Microsoft Exchange Server mailbox hosted in
the main office.The users report that when the WAN
link in their office becomes unavailable, they cannot
access their mailbox.You create a Microsoft 365 sub-
scription, and then migrate all the user data to Mi-
crosoft 365.You need to ensure that all the users can
continue to use Outlook to receive email messages
if a WAN link fails.Solution: You deploy a site-to-site
VPN from each branch office to Microsoft Azure.Does
this meet the goal?
A. Yes
B. No
294. You have an on-premises web application that is A. From an

published by using a URL of https://app.contoso.lo- on-premises serv-
cal.You purchase a Microsoft 365 subscription.Sev- er, install a con-
eral external users must be able to connect to the nector, and then
web application.You need to recommend a solution publish the app.
116 / 171
for external access to the application. The solution B. From the Azure
must support multi-factor authentication.Which two Active Directory
actions should you recommend? Each correct an- admin center, en-
swer presents part of the solution.NOTE: Each cor- able an Applica-
rect selection is worth one point. tion Proxy.
A. From an on-premises server, install a connector,
and then publish the app.
B. From the Azure Active Directory admin center,
enable an Application Proxy.
create a conditional access policy.
D. From an on-premises server, install an Authentica-
tion Agent.
E. Republish the web application by using
https://app.contoso.com.

zo.com/b654df73a0d8f1d4cffe1d05f396e8ea zo.com/7f42384c08ce

zo.com/30218aec76179c11170e4af15d488e2e zo.com/5f783196a859
297. You manage multiple devices by using Microsoft End- C. 4

point Manager. The devices run on the following op-
erating systems: Android 8.0, Android 8.1.0, and An-
droid 9 iOS 12 and iOS 13 MacOS 10.14 Windows
10You need to deploy Microsoft 365 apps to the de-
vices.From the Microsoft Endpoint Manager admin
center, what is the minimum number of apps you
should create?
A. 1
B. 3
C. 4
D. 7

zo.com/41ac9fec1e44e930706d4ad8e30cf2ee zo.com/42a66b169140

zo.com/bfaf0b17c4480c8a59f2575266d21153 zo.com/cb9e38659827
117 / 171
300. You have a Microsoft 365 subscription.From the Se- A. an export key
curity & Compliance admin center, you create a con-
tent search of all the mailboxes that contain the word
ProjectX.You need to export the results of the content
search.What do you need to download the report?
A. an export key
B. a password
C. a user certificate
D. a certification authority (CA) certificate
301. https://gyazo.com/a273f915d02c7c9fd- https://gya-

baf9f3d50406c1a zo.com/b7366c34fce4
302. You have a Microsoft 365 subscription that contains C. Modify the Re-
a user named User1.You need to ensure that User1 lease preferences
receives Microsoft 365 feature and service updates settings.
before the updates are released to all users.What
should you do in the Microsoft 365 admin center?
A. Modify the privileged access management set-
tings.
B. Modify Office software download settings.
C. Modify the Release preferences settings.
D. Submit a new service request.
303. You have a Microsoft 365 subscription.All users have C. From the Secu-
their email stored in Microsoft Exchange OnlineIn the rity & Compliance
mailbox of a user named User, you need to preserve a admin center, cre-
copy of all the email messages that contain the word ate a label and la-
ProjectX.What should you do first? bel policy.
A. From the Exchange admin center, start a mail flow
message trace.
B. From the Security & Compliance admin center,
start a message trace.
create a label and label policy.
D. From the Exchange admin center, create a mail flow
rule.
304.
118 / 171
https://gyazo.com/686c728a7bc04166504e1d9caf- https://gya-
ff3c28 zo.com/f0341bc09bba

zo.com/ac8bd326054c6a0f3aeafb9419f2c9fc zo.com/47e88526f36b
306. You have a Microsoft Power Platform production en- C. 28

vironment that contains a custom model-driven Mi-
crosoft Power Apps app.How many days will system
backups be retained for the environment?
A. 7
B. 14
C. 28
D. 90

zo.com/679f4ddefe9c265606e0806973151cc0 zo.com/093136b8770b

zo.com/5e8ee2abda5369c960915e634712ef8d zo.com/87f32b37f8c76
will not be deducted from your overall test time.When configure the
the Next button is available, click it to access the OneDrive
lab section. In this section, you will perform a set of retention period
tasks in a live environment. While most functionality for deleted
will be available to you as it would be in a live en- users.1. Go to the
vironment, some functionality (e.g., copy and paste, OneDrive admin
ability to navigate to external websites) will not be center.2. Select
possible by design.Scoring is based on the outcome Storage.3. Set the
of performing the tasks stated in the lab. In other Ò€
Days to retain
words, it doesn't matter how you accomplish the task, files in OneDrive
if you successfully perform it, you will earn credit after a user
for that task.Labs are not timed separately, and this account is
exam may have more than one lab that you must marked for
complete. You can use as much time as you would deletionÒ€option
like to complete each lab. But, you should manage to 60.4. Click
your time appropriately to ensure that you are able Save to save the
119 / 171
to complete the lab(s) and all other sections of the changes.Refer-
exam in the time provided.Please note that once ences:https://docs.mic
you submit your work by clicking the Next button
within a lab, you will NOT be able to return to the
10811525 -Your organization recently implemented a
new data retention policy. The policy requires that all
files stored in an employee's Microsoft OneDrive fold-
ers be retained for 60 days after the employee is ter-
minated from the organization.The human resources
(HR) department of the organization deletes the user
accounts of all terminated employees.You need to
ensure that the organization meets the requirements
of the data retention policy.
310. You have a Microsoft 365 subscription.Your com- B. Score metrics

pany purchases a new financial application named
App1.From Cloud Discovery in Microsoft Cloud App
Security, you view the Discovered apps page and
discover that many applications have a low score
because they are missing information about domain
registration and consumer popularity.You need to
prevent the missing information from affecting the
score.What should you configure from the Cloud Dis-
cover settings?
A. App tags
B. Score metrics
120 / 171
C. Organization details
D. Default behavior

zo.com/0b847bd8829f5d098ebca87ac1164217 zo.com/01b3aa01b022

zo.com/5332af336d539a335002cf2cdf10f36b zo.com/10e9fce758f7e
313. You have a Microsoft 365 tenant that contains a Mi- C. From Power
crosoft Power Platform environment.You need to en- Platform settings,
sure that only specific users can create new envi- modify the Gover-
ronments.What should you do in the Power Platform nance settings for
admin center? the environment.
A. From Data policies, create a new data policy.
B. From Data integration, create a new connection
set.
C. From Power Platform settings, modify the Gover-
nance settings for the environment.
D. From Environments, modify the behaviour settings
for the default environment.

zo.com/6ce72e062fea81d7af2d827cadedd93f zo.com/97b995e50725
315. https://gya- B. one text (TXT)

zo.com/7ee65529643690ba412bc427a7108934 record

zo.com/ff28cc78d6fd3a2f288ed7bab3452ed6 zo.com/94524417be10
317. Introductory InfoCase study -This is a case study. https://gya-

Case studies are not timed separately. You can use zo.com/1ebb59a1ac59
as much exam time as you would like to complete
each case. However, there may be additional case
studies and sections on this exam. You must manage
your time to ensure that you are able to complete all
questions included on this exam in the time provid-
ed.To answer the questions included in a case study,
you will need to reference information that is pro-
121 / 171
vided in the case study. Case studies might contain
exhibits and other resources that provide more in-
formation about the scenario that is described in the
case study. Each question is independent of the other
questions in this case study.At the end of this case
study, a review screen will appear. This screen allows
you to review your answers and to make changes
before you move to the next section of the exam.
After you begin a new section, you cannot return
to this section.To start the case study -To display
the first question in this case study, click the Next
button. Use the buttons in the left pane to explore
the content of the case study before you answer the
questions. Clicking these buttons displays informa-
tion such as business requirements, existing environ-
ment, and problem statements. When you are ready
to answer a question, click the Question button to
return to the question.Overview -Fabrikam, Inc. is an
electronics company that produces consumer prod-
ucts. Fabrikam has 10,000 employees worldwide.Fab-
rikam has a main office in London and branch of-
fices in major cities in Europe, Asia, and the United
States.Existing Environment -Active Directory Envi-
ronment -The network contains an Active Directory
forest named fabrikam.com. The forest contains all
the identities used for user and computer authenti-
cation.Each department is represented by a top-level
organizational unit (OU) that contains several child
OUs for user accounts and computer accounts.All
users authenticate to on-premises applications by
signing in to their device by using a UPN format of
username@fabrikam.com.Fabrikam does NOT plan
to implement identity federation.Network Infrastruc-
ture -Each office has a high-speed connection to the
Internet.Each office contains two domain controllers.
All domain controllers are configured as a DNS serv-
er.The public zone for fabrikam.com is managed
by an external DNS server.All users connect to an
on-premises Microsoft Exchange Server 2016 organi-
122 / 171
zation. The users access their email by using Outlook
Anywhere, Outlook on the web, or the Microsoft Out-
look app for iOS. All the Exchange servers have the
latest cumulative updates installed.All shared com-
pany documents are stored on a Microsoft Share-
Point Server farm.Requirements -Planned Changes
-Fabrikam plans to implement a Microsoft 365 En-
terprise subscription and move all email and shared
documents to the subscription.Fabrikam plans to im-
plement two pilot projects:Project1: During Project1,
the mailboxes of 100 users in the sales department
will be moved to Microsoft 365.Project2: After the
successful completion of Project1, Microsoft Teams
& Skype for Business will be enabled in Microsoft
365 for the sales department users.Fabrikam plans to
create a group named UserLicenses that will manage
the allocation of all Microsoft 365 bulk licenses.Tech-
nical Requirements -Fabrikam identifies the follow-
ing technical requirements:All users must be able to
exchange email messages successfully during Pro-
ject1 by using their current email address.Users must
be able to authenticate to cloud services if Active
Directory becomes unavailable.A user named User1
must be able to view all DLP reports from the Mi-
crosoft 365 admin center.Microsoft 365 Apps for en-
terprise applications must be installed from a net-
work share only.Disruptions to email access must
be minimized.Application Requirements -Fabrikam
identifies the following application requirements:An
on-premises web application named App1 must allow
users to complete their expense reports online. App1
must be available to users from the My Apps por-
tal.The installation of feature updates for Microsoft
365 Apps for enterprise must be minimized.Security
Requirements -Fabrikam identifies the following se-
curity requirements:After the planned migration to
Microsoft 365, all users must continue to authenticate
to their mailbox and to SharePoint sites by using
their UPN.The memberships of UserLicenses must
123 / 171
be validated monthly. Unused user accounts must
be removed from the group automatically.After the
planned migration to Microsoft 365, all users must
be signed in to on-premises and cloud-based ap-
plications automatically.The principle of least privi-
lege must be used.QuestionDRAG DROP -You need
to prepare the environment for Project1.You create
the Microsoft 365 tenant.Which three actions should
you perform in sequence next? To answer, move the
appropriate actions from the list of actions to the
answer area and arrange them in the correct order.Se-
lect and Place:
https://gya-
zo.com/fe924cd3bd28bda22793fe968c12dfd8
318. Introductory InfoCase study -This is a case study. D. mail exchanger

Case studies are not timed separately. You can use (MX)
124 / 171
125 / 171
lege must be used.QuestionYou are evaluating the
required processes for Project1.You need to recom-
mend which DNS record must be created before
adding a domain name for the project.Which DNS
record should you recommend?
A. alias (CNAME)
B. host information (HINFO)
C. host (A)
D. mail exchanger (MX)
126 / 171
319. Introductory InfoCase study -This is a case study. B. text (TXT)
Case studies are not timed separately. You can use
127 / 171
128 / 171
lege must be used.QuestionYou are evaluating the
required processes for Project1.You need to recom-
mend which DNS record must be created before
adding a domain name for the project.Which DNS
record should you recommend?
A. alias (CNAME)
B. text (TXT)
C. host (AAAA)
D. pointer (PTR)
320. Introductory InfoCase study -This is a case study. A. Yes

Case studies are not timed separately. You can use as
much exam time as you would like to complete each
case. However, there may be additional case studies
and sections on this exam. You must manage your
time to ensure that you are able to complete all ques-
tions included on this exam in the time provided.To
answer the questions included in a case study, you
will need to reference information that is provided in
the case study. Case studies might contain exhibits
and other resources that provide more information
about the scenario that is described in the case study.
Each question is independent of the other questions
in this case study.At the end of this case study, a
review screen will appear. This screen allows you to
129 / 171
review your answers and to make changes before
you move to the next section of the exam. After
you begin a new section, you cannot return to this
section.To start the case study -To display the first
question in this case study, click the Next button. Use
the buttons in the left pane to explore the content
of the case study before you answer the questions.
Clicking these buttons displays information such as
business requirements, existing environment, and
problem statements. When you are ready to answer
a question, click the Question button to return to
the question.Overview -Contoso, Ltd. is a consulting
company that has a main office in Montreal and two
branch offices in Seattle and New York.The offices
have the users and devices shown in the following
table.
https://gya-
zo.com/6c54cc15dafb89ddbc8f15acb82d4f0b
Existing Environment -The network contains an Ac-

tive directory forest named contoso.com and a Mi-
crosoft Azure Active Directory (Azure AD) tenant
named contoso.onmicrosoft.com.You recently con-
figured the forest to sync to the Azure AD tenant.You
add and then verify adatum.com as an additional do-
main name.All servers run Windows Server 2016.All
desktop computers and laptops run Windows 10 En-
terprise and are joined to contoso.com.All the mobile
devices in the Montreal and Seattle offices run An-
droid. All the mobile devices in the New York office
run iOS.Contoso has the users shown in the following
table.
https://gya-
zo.com/0f008224e953af916189b95ddf44b76c
Requirements -Planned Changes -Contoso plans to

provide email addresses for all the users in the
130 / 171
following domains:East.adatum.comContoso.ada-
tum.comHumongousinsurance.comTechnical Re-
quirements -Contoso identifies the following techni-
cal requirements:All new users must be assigned Of-
fice 365 licenses automatically.The principle of least
privilege must be used whenever possible.Security
Requirements -Contoso identifies the following secu-
rity requirements:Vendors must be able to authenti-
cate by using their Microsoft account when access-
ing Contoso resources.User2 must be able to view re-
ports and schedule the email delivery of security and
compliance reports.The members of Group1 must be
required to answer a security question before chang-
ing their password.User3 must be able to manage
Office 365 connectors.User4 must be able to reset
User3 password.QuestionNote: This question is part
of a series of questions that present the same sce-
nario. Each question in the series contains a unique
solution that might meet the stated goals. Some ques-
tion sets might have more than one correct solution,
while others might not have a correct solution.After
you answer a question in this section, you will NOT
be able to return to it. As a result, these questions
will not appear in the review screen.You need to as-
sign User2 the required roles to meet the security
requirements.Solution: From the Office 365 admin
center, you assign User2 the Security Reader role.
From the Exchange admin center, you assign User2
the ComplianceManagement role.Does this meet the
goal?
A. Yes
B. No
321. Introductory InfoCase study -This is a case study. B. No

your time to ensure that you are able to complete
131 / 171
all questions included on this exam in the time pro-
vided.To answer the questions included in a case
study, you will need to reference information that is
provided in the case study. Case studies might con-
tain exhibits and other resources that provide more
information about the scenario that is described in
the case study. Each question is independent of the
other questions in this case study.At the end of this
case study, a review screen will appear. This screen
allows you to review your answers and to make
changes before you move to the next section of the
exam. After you begin a new section, you cannot
return to this section.To start the case study -To
display the first question in this case study, click
the Next button. Use the buttons in the left pane to
explore the content of the case study before you
answer the questions. Clicking these buttons dis-
plays information such as business requirements,
existing environment, and problem statements. When
you are ready to answer a question, click the Ques-
tion button to return to the question.Overview -Con-
toso, Ltd. is a consulting company that has a main
office in Montreal and two branch offices in Seat-
tle and New York.The offices have the users and
devices shown in the following table. https://gya-
zo.com/5212ec094d8c3d501109d8222029c211

figured the forest to sync to the Azure AD ten-
ant.You add and then verify adatum.com as an
additional domain name.All servers run Windows
Server 2016.All desktop computers and laptops run
Windows 10 Enterprise and are joined to con-
toso.com.All the mobile devices in the Montreal
and Seattle offices run Android. All the mobile de-
vices in the New York office run iOS.Contoso has
132 / 171
the users shown in the following table. https://gya-
zo.com/2019919607d4d98cf266235f019ca331

ing Contoso resources.User2 must be able to view
reports and schedule the email delivery of securi-
ty and compliance reports.The members of Group1
must be required to answer a security question be-
fore changing their password.User3 must be able to
manage Office 365 connectors.User4 must be able
to reset User3 password.QuestionNote: This ques-
tion is part of a series of questions that present the
same scenario. Each question in the series contains
a unique solution that might meet the stated goals.
Some question sets might have more than one cor-
rect solution, while others might not have a correct
solution.After you answer a question in this section,
you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.You
need to assign User2 the required roles to meet the
security requirements.Solution: From the Office 365
admin center, you assign User2 the Security Admin-
istrator role. From the Exchange admin center, you
add User2 to the View-OnlyOrganization Management
role.Does this meet the goal?
A. Yes
B. No
322. B. No
133 / 171
Introductory InfoCase study -This is a case study.
zo.com/65dc716aaa8003b636cd39bbb04317f3

134 / 171
zo.com/e4ac69263f1e5c9efc376218e9cae43e

admin center, you assign User2 the Security Reader
role. From the Exchange admin center, you assign
135 / 171
User2 the Help Desk role.Does this meet the goal?
A. Yes
B. No
323. Introductory InfoCase study -This is a case study. B. No

zo.com/15cb2e9caa29590a8c5f1ed4337c2dd5

136 / 171
zo.com/1b82e0e2d8fe2d0478feb2f6cd8ab00a

137 / 171
admin center, you assign User2 the Records Man-
agement role. From the Exchange admin center, you
assign User2 the Help Desk role.Does this meet the
goal?
A. Yes
B. No

Case studies are not timed separately. You can use zo.com/e39529c9a61b
138 / 171
zo.com/0033a2e04479940afc7e8cd537ba6e73

zo.com/34e459d801b1774a2a1b69c294c22580

manage Office 365 connectors.User4 must be able to
reset User3 password.QuestionHOTSPOT -You need
to meet the technical requirements for the user li-
censes.Which two properties should you configure
for each user? To answer, select the appropriate prop-
139 / 171
erties in the answer area.NOTE: Each correct selec-
tion is worth one point.Hot Area:
325. Introductory InfoCase study -This is a case study. B. Global adminis-

Case studies are not timed separately. You can use trator
zo.com/1921ac666c7ba3f3ac203ae4caa4385f

140 / 171
zo.com/cba933eef4b3f085dba0d58faeb5b145

to reset User3 password.QuestionTo which Azure AD
role should you add User4 to meet the security re-
quirement?
A. Password administrator
B. Global administrator
C. Security administrator
D. Privileged role administrator

Case studies are not timed separately. You can use zo.com/c566b74cd8ae
141 / 171
zo.com/66d8198ef4b513cda43d67ed6c195707

142 / 171
zo.com/26aa682f4a8e92cdd9ede8a8c794224d

manage Office 365 connectors.User4 must be able to
reset User3 password.QuestionHOTSPOT -You need
to meet the security requirements for User3. The so-
lution must meet the technical requirements.What
should you do? To answer, select the appropriate
options in the answer area.NOTE: Each correct selec-
tion is worth one point.Hot Area:
https://gya-
zo.com/2305da2c0fa854856348d8cdbb69f400

Case studies are not timed separately. You can use zo.com/6aa65602f3fa4
143 / 171
zo.com/02a27069f97ca224b37ed8c1401c8101
328. Introductory InfoCase study -This is a case study. C. Security Read-

Case studies are not timed separately. You can use er
144 / 171
145 / 171
146 / 171
be signed in to on-premises and cloud-based appli-
cations automatically.The principle of least privilege
must be used.QuestionWhich role should you assign
to User1?
A. Security Administrator
B. Records Management
C. Security Reader
D. Hygiene Management

Case studies are not timed separately. You can use zo.com/43c7e9595b5b
return to the question.Overview -General Overview
-Litware, Inc. is a consulting company that has a main
office in Montreal and a branch office in Seattle.Lit-
ware collaborates with a third-party company named
147 / 171
ADatum Corporation.Environment -On-Premises En-
vironment -The network of Litware contains an Active
Directory domain named litware.com. The domain
contains three organizational units (OUs) named Lit-
wareAdmins,Montreal Users, and Seattle Users and
zo.com/b3c6c414b78f748ae7991bd9615268b2
Cloud environment -Litware has a pilot Microsoft

365 subscription that includes Microsoft Office
365 Enterprise E3 licenses and Azure Active Di-
rectory Premium Plan 2 licenses.The subscrip-
tion contains a verified DNS domain named lit-
ware.com.Azure AD Connect is installed and has
the following configurations:Password hash syn-
chronization is enabled.Synchronization is enabled
for the LitwareAdmins OU only.Users are assigned
the roles shown in the following table. https://gya-
zo.com/409f64ed7ea8b84fa811380804341533
Requirements -Planned Changes -Litware identifies

the following issues:Admin1 cannot create condition-
al access policies.Admin4 receives an error when
attempting to use SSPR.Users access new Office
365 service and feature updates before the up-
dates are reviewed by Admin2.Technical Require-
ments -Litware plans to implement the following
changes:Implement Microsoft Intune.Implement Mi-
crosoft Teams.Implement Microsoft Defender for Of-
fice 365.Ensure that users can install Office 365
apps on their device.Convert all the Windows 10
Pro devices to Windows 10 Enterprise E5.Configure
Azure AD Connect to sync the Montreal Users OU
and the Seattle Users OU.QuestionHOTSPOT -You
need to ensure that Admin4 can use SSPR.Which
tool should you use, and which action should
you perform? To answer, select the appropriate op-
tions in the answer area.NOTE: Each correct se-
148 / 171
lection is worth one point.Hot Area: https://gya-
zo.com/d94e290a7eb36f2991f117b40bcd39f0
330. Introductory InfoThis is a case study. Case studies D. Modify the

are not timed separately. You can use as much exam Password reset
time as you would like to complete each case. How- properties of the
ever, there may be additional case studies and sec- Azure AD tenant.
tions on this exam. You must manage your time to
ensure that you are able to complete all questions
included on this exam in the time provided.To answer
the questions included in a case study, you will need
to reference information that is provided in the case
study. Case studies might contain exhibits and other
resources that provide more information about the
scenario that is described in the case study. Each
question is independent of the other questions in this
case study.At the end of this case study, a review
screen will appear. This screen allows you to review
your answers and to make changes before you move
to the next section of the exam. After you begin a new
section, you cannot return to this section.To start the
case study -To display the first question in this case
study, click the Next button. Use the buttons in the left
pane to explore the content of the case study before
you answer the questions. Clicking these buttons
displays information such as business requirements,
zo.com/343719e3e54e820cd315dda94705bb5d

149 / 171
zo.com/4279e580225208a153c786a78c9c88d6

to reset User3 password.QuestionYou need to meet
the security requirement for Group1.What should you
do?
A. Configure all users to sign in by using multi-factor
authentication.
B. Modify the properties of Group1.
C. Assign Group1 a management role.
D. Modify the Password reset properties of the Azure
AD tenant.
331.
150 / 171
Introductory InfoThis is a case study. Case studies D. From the
are not timed separately. You can use as much exam Azure portal, cre-
time as you would like to complete each case. How- ate guest ac-
ever, there may be additional case studies and sec- counts.
zo.com/e30bd698c76b5b3b293811a2a7ac4edb

151 / 171
zo.com/3865140f31fb543d61b07263bb501f31

the security requirement for the vendors.What should
you do?
A. From the Azure portal, add an identity provider.
B. From Azure Cloud Shell, run the New-AzureADUser
cmdlet and specify the Ò€"UserPrincipalName para-
meter.
C. From Azure Cloud Shell, run the
Set-AzureADUserExtension cmdlet.
D. From the Azure portal, create guest accounts.
332. Introductory InfoThis is a case study. Case studies D. From Azure

are not timed separately. You can use as much exam Cloud Shell, run
time as you would like to complete each case. How- the
152 / 171
ever, there may be additional case studies and sec- New-AzureADM-
tions on this exam. You must manage your time to SInvitation cmdlet
ensure that you are able to complete all questions and specify the
included on this exam in the time provided.To answer Ò€" InvitedUserE-
the questions included in a case study, you will need mailAddress
to reference information that is provided in the case parameter.
zo.com/57a4cc31957c949ca53e591c7ce68136

153 / 171
zo.com/775d12ece9b43a899730789c26022de1

the security requirement for the vendors.What should
you do?
A. From Azure Cloud Shell, run the Set-MsolUserPrin-
cipalName and specify the Ò€" tenantID parameter.
B. From Azure Cloud Shell, run the
Set-AzureADUserExtension cmdlet.
C. Azure Cloud Shell, run the New-AzureADUser
cmdlet and specify the Ò€"UserPrincipalName para-
meter.
D. From Azure Cloud Shell, run the New-AzureADM-
SInvitation cmdlet and specify the Ò€"InvitedUserE-
mailAddress parameter.
333. Introductory InfoThis is a case study. Case studies https://gya-

are not timed separately. You can use as much exam zo.com/194542818e4d
time as you would like to complete each case. How-
154 / 171
ever, there may be additional case studies and sec-
tion button to return to the question.Overview -Fab-
rikam, Inc. is an electronics company that produces
consumer products. Fabrikam has 10,000 employees
worldwide.Fabrikam has a main office in London and
branch offices in major cities in Europe, Asia, and the
United States.Existing Environment -Active Directory
Environment -The network contains an Active Direc-
tory forest named fabrikam.com. The forest contains
all the identities used for user and computer authenti-
155 / 171
156 / 171
lege must be used.QuestionHOTSPOT -You create the
Microsoft 365 tenant.You implement Azure AD Con-
nect as shown in the following exhibit. https://gya-
zo.com/7a80f40826e804fd0b4b63258045a293
334. Introductory InfoThis is a case study. Case studies A. From the Azure
are not timed separately. You can use as much exam Active Directory
time as you would like to complete each case. How- admin center, con-
ever, there may be additional case studies and sec- figure the applica-
tions on this exam. You must manage your time to tion URL settings.
ensure that you are able to complete all questions B. From the Azure
included on this exam in the time provided.To answer Active Directory
the questions included in a case study, you will need admin center, add
to reference information that is provided in the case an enterprise ap-
study. Case studies might contain exhibits and other plication.
resources that provide more information about the C. On an
scenario that is described in the case study. Each on-premises serv-
question is independent of the other questions in this er, download and
case study.At the end of this case study, a review install the Mi-
screen will appear. This screen allows you to review crosoft AAD Appli-
your answers and to make changes before you move cation Proxy con-
to the next section of the exam. After you begin a new nector.
157 / 171
158 / 171
lege must be used.QuestionYou need to meet the ap-
plication requirement for App1.Which three actions
should you perform? Each correct answer presents
part of the solution.NOTE: Each correct selection is
worth one point.
configure the application URL settings.
B. From the Azure Active Directory admin center, add
an enterprise application.
C. On an on-premises server, download and install
the Microsoft AAD Application Proxy connector.
159 / 171
D. On an on-premises server, install the Hybrid Con-
figuration wizard.
E. From the Microsoft 365 admin center, configure the
Software download settings.
335. Introductory InfoThis is a case study. Case studies A. password

are not timed separately. You can use as much exam hash synchroniza-
time as you would like to complete each case. How- tion and seamless
ever, there may be additional case studies and sec- SSO
160 / 171
161 / 171
be signed in to on-premises and cloud-based appli-
cations automatically.The principle of least privilege
must be used.QuestionYou need to ensure that all the
sales department users can authenticate successful-
ly during Project1 and Project2.Which authentication
strategy should you implement for the pilot projects?
A. password hash synchronization and seamless
SSO
B. pass-through authentication
C. password hash synchronization
D. pass-through authentication and seamless SSO

Case studies are not timed separately. You can use zo.com/9478a74dcf4d
162 / 171
zo.com/0cb0fe5468407ee3d800755815608604

zo.com/c54a18f4b082c1afe1bfe15052d4b408
163 / 171
the following issues:Admin1 cannot create con-
ditional access policies.Admin4 receives an er-
ror when attempting to use SSPR.Users access
new Office 365 service and feature updates be-
fore the updates are reviewed by Admin2.Technical
Requirements -Litware plans to implement the fol-
lowing changes:Implement Microsoft Intune.Imple-
ment Microsoft Teams.Implement Microsoft Defend-
er for Office 365.Ensure that users can install Of-
fice 365 apps on their device.Convert all the Win-
dows 10 Pro devices to Windows 10 Enterprise
E5.Configure Azure AD Connect to sync the Mon-
treal Users OU and the Seattle Users OU.Ques-
tionHOTSPOT -You are evaluating the use of mul-
ti-factor authentication (MFA).For each of the fol-
lowing statements, select Yes if the statement is
true. Otherwise, select No.NOTE: Each correct se-
lection is worth one point.Hot Area: https://gya-
zo.com/b33c61ae4ccdf71ee623f6792c49142f
337. Introductory InfoCase study -This is a case study. C. Azure Active

Case studies are not timed separately. You can use Directory (Azure
as much exam time as you would like to complete AD) Privileged
each case. However, there may be additional case Identity Manage-
studies and sections on this exam. You must manage ment (PIM)
164 / 171
zo.com/425fff92abdbcc6f2121efc9df73add5

zo.com/a2a25079631079702c42f8487d8d2756

the following issues:Admin1 cannot create condition-
al access policies.Admin4 receives an error when
attempting to use SSPR.Users access new Office
365 service and feature updates before the up-
dates are reviewed by Admin2.Technical Require-
ments -Litware plans to implement the following
165 / 171
changes:Implement Microsoft Intune.Implement Mi-
crosoft Teams.Implement Microsoft Defender for Of-
fice 365.Ensure that users can install Office 365 apps
on their device.Convert all the Windows 10 Pro de-
vices to Windows 10 Enterprise E5.Configure Azure
AD Connect to sync the Montreal Users OU and
the Seattle Users OU.QuestionYou need to configure
just in time access to meet the technical require-
ments.What should you use?
A. access reviews
B. entitlement management
C. Azure Active Directory (Azure AD) Privileged Iden-
tity Management (PIM)
D. Azure Active Directory (Azure AD) Identity Protec-
tion
338. Introductory InfoCase study -This is a case study. C. From Exchange

Case studies are not timed separately. You can use admin center, start
as much exam time as you would like to complete the migration and
each case. However, there may be additional case select Remote
studies and sections on this exam. You must manage move migration.
166 / 171
167 / 171
lege must be used.QuestionWhich migration solution
should you recommend for Project1?
A. From Exchange Online PowerShell, run the
New-MailboxImportRequest cmdlet.
B. From Exchange Online PowerShell, run the
New-MailboxExportRequest cmdlet.
C. From Exchange admin center, start the migration
and select Remote move migration.
168 / 171
D. From the Exchange admin center, start the migra-
tion and select Cutover migration.
339. Introductory InfoCase study -This is a case study. A. From the Mi-
Case studies are not timed separately. You can use crosoft 365 admin
as much exam time as you would like to complete center, start a data
each case. However, there may be additional case migration and click
studies and sections on this exam. You must manage Exchange as the
your time to ensure that you are able to complete all data service.
169 / 171
170 / 171
lege must be used.QuestionWhich migration solution
should you recommend for Project1?
A. From the Microsoft 365 admin center, start a data
migration and click Exchange as the data service.
B. From the Exchange admin center, start a migration
and select Cutover migration.
C. From the Exchange admin center, start a migration
and select Staged migration.
D. From the Microsoft 365 admin center, start a data
migration and click Upload PST as the data service.
171 / 171

Microsoft MS-100

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Microsoft MS-100

Uploaded by

Copyright:

Available Formats

M365 Enterprise Admin Expert: MS- 100 Identity and Services

Study online at https://quizlet.com/_b37gf9

1. After your company migrates their on-premises email A. You should

2. Your company's Microsoft 365 tenant includes Mi- B. Configure a

4. Note: The question is included in a number of ques- A. Yes

5. You need to consider the underlined segment to es- C. Threat manage-

6. You work for a company manages all their identi- D. Set-EmailAd-

7. You are responsible for your company's Microsoft C. Weekly

9. You have previously accessed the Security & Compli- B. 30 days.

10. You need to consider the underlined segment to es- A. No adjustment

11. Note: The question is included in a number of ques- B. No

12. Note: The question is included in a number of ques- B. No

13. Note: The question is included in a number of ques- A. Yes

15. Your network contains an Active Directory domain A. 1

16. Your network contains an Active Directory domain D. 13

19. Your company has an Active Directory domain as well C. Start-ADSync-

23. Your company has acquired Microsoft 365 for their B. No

25. Your company has acquired Microsoft 365 for their B. No

26. Your company has a Microsoft Azure Active Directo- B. 90 days

27. Your company has a Microsoft Azure Active Directo- A. 0

29. Your company has a Microsoft 365 subscription.You D. You should

30. After acquiring a Microsoft 365 subscription, you con- B. Get-MsolUser

32. Your company has an Enterprise E5 subscription of D. You should cre-

33. Your company has a Microsoft 365 subscription.Af- C. An Azure AD

34. You need to consider the underlined segment to es- A. No adjustment

35. Your company has configured all user email to be B. No

36. Your company has configured all user email to be

37. Your company has configured all user email to be B. No

38. Your company has configured all user email to be A. Yes

39. Your company has a Microsoft 365 subscription.You D. A supervisor

40. You need to consider the underlined segment to es- A. No adjustment

48. Note: This question is part of a series of questions B. No

49. Note: This question is part of a series of questions B. No

50. Note: This question is part of a series of questions A. Yes

51. Note: This question is part of a series of questions B. No

54. Your company has an on-premises Microsoft Ex-

57. You have a Microsoft 365 subscription.A new corpo- C. weekly

58. Your company has a Microsoft 365 subscription.You A. the Licenses

64. Note: This question is part of a series of questions B. No

65. Note: This question is part of a series of questions B. No

66. Note: This question is part of a series of questions A. Yes

67. Note: This question is part of a series of questions B. No

68. https://gyazo.com/f9883dcf- https://gya-

69. https://gya- https://gya-

70. https://gya- https://gya-

71. You have a Microsoft 365 subscription.You configure D. user overrides

72. https://gya- D. an exception

74. https://gya- https://gya-

75. Your company has 10 offices.The network contains A. a provisioning

76. You have a Microsoft 365 subscription.You recent- B. Deploy Win-

77. https://gya- B. From the Con-

78. https://gya- https://gya-

79. https://gya- https://gya-

81. Your network contains an on-premises Active Direc- A. Deploy an

82. Your network contains an on-premises Active Direc- B. Offboard the

83. https://gya- E. 72 hours

84. Your company has a Microsoft 365 E3 subscrip- A. Subscription

85. https://gya- https://gya-

86. https://gya- https://gya-

88. You use Microsoft System Center Configuration man- C. Windows 10

89. https://gya- https://gya-

90. Your company has 20 employees. Each employee D. IMAP migration

91. Your network contains an on-premises Active Direc- B. Microsoft