Topic 1, Contoso, Ltd
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answer and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The offices have the users and devices shown in the following table.
Contoso recently purchased a Microsoft 365 E5 subscription.
Existing Environment
The network contains an Active directory forest named contoso.com and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You recently configured the forest to sync to the Azure AD tenant.
You add and then verify adatum.com as an additional domain name.
All servers run Windows Server 2016.
All desktop computers and laptops run Windows 10 Enterprise and are joined to contoso.com.
All the mobile devices in the Montreal and Seattle offices run Android. All the mobile devices in the New York office run iOS.
Contoso has the users shown in the following table.
Contoso has the groups shown in the following table.
Microsoft Office 365 licenses are assigned only to Group2.
The network also contains external users from a vendor company who have Microsoft accounts that use a suffix of @outlook.com.
Requirements
Planned Changes
Contoso plans to provide email addresses for all the users in the following domains:
✑ East.adatum.com
✑ Contoso.adatum.com
✑ Humongousinsurance.com
Technical Requirements
Contoso identifies the following technical requirements:
✑ All new users must be assigned Office 365 licenses automatically.
✑ The principle of least privilege must be used whenever possible.
Security Requirements
Contoso identifies the following security requirements:
✑ Vendors must be able to authenticate by using their Microsoft account when accessing Contoso resources.
✑ User2 must be able to view reports and schedule the email delivery of security and compliance reports.
✑ The members of Group1 must be required to answer a security question before changing their password.
✑ User3 must be able to manage Office 365 connectors.
✑ User4 must be able to reset User3 password.
HOTSPOT
You need to meet the security requirements for User3. The solution must meet the technical requirements.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
✑ User3 must be able to manage Office 365 connectors.
✑ The principle of least privilege must be used whenever possible.
Office 365 connectors are configured in the Exchange Admin Center.
You need to assign User3 the Organization Management role to enable User3 to manage Office 365 connectors.
A Global Admin could manage Office 365 connectors but the Organization Management role has less privilege.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to assign User2 the required roles to meet the security requirements.
Solution: From the Office 365 admin center, you assign User2 the Security Reader role.
From the Exchange admin center, you assign User2 the Compliance Management role.
Does this meet the goal?
- A . Yes
- B . NO
A
Explanation:
✑ User2 must be able to view reports and schedule the email delivery of security and compliance reports.
The Security Reader role can view reports.
The Compliance Management role can schedule the email delivery of security and compliance reports.
Reference: https://docs.microsoft.com/en-us/exchange/permissions-exo/permissions-exo
You need to meet the security requirement for Group1.
What should you do?
- A . Configure all users to sign in by using multi-factor authentication.
- B . Modify the properties of Group1.
- C . Assign Group1 a management role.
- D . Modify the Password reset properties of the Azure AD tenant.
D
Explanation:
References:
✑ The members of Group1 must be required to answer a security question before changing their password.
If SSPR (Self Service Password Reset) is enabled, you must select at least one of the following options for the authentication methods. Sometimes you hear these options referred to as "gates."
Mobile app notification
Mobile app code
Mobile phone
Office phone
Security questions
You can specify the required authentication methods in the Password reset properties of the Azure AD tenant. In this case, you should set the required authentication method to be ‘Security questions’.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks
You need to Add the custom domain name* to Office 36S K> support the planned changes as quickly as possible.
What should you create to verify the domain names successfully?
- A . three alias (CNAME) record
- B . one text (TXT) record
- C . one alias (CNAME) record
- D . three text (TXT) record
D
Explanation:
Contoso plans to provide email addresses for all the users in the following domains:
✑ East.adatum.com
✑ Contoso.adatum.com
✑ Humongousinsurance.com
To verify three domain names, you need to add three TXT records.
Reference: https://docs.microsoft.com/en-us/office365/admin/setup/add-domain?view=o365-worldwide
You need to assign User2 the required roles to meet the security requirements and the technical requirements.
To which two roles should you assign User2? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . the Exchange View-only Organization Management role
- B . the Microsoft 365 Records Management role
- C . the Exchange Online Help Desk role
- D . the Microsoft 365 Security Reader role
- E . the Exchange Online Compliance Management role
D,E
Explanation:
✑ User2 must be able to view reports and schedule the email delivery of security and compliance reports.
The Security Reader role can view reports but not schedule the email delivery of security and compliance reports.
The Exchange Online Compliance Management role can schedule the email delivery of security and compliance reports.
Reference: https://docs.microsoft.com/en-us/exchange/permissions-exo/permissions-exo
Note This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to assign User2 the required roles to meet the security requirements.
Solution: From the Office 365 admin center, you assign User2 the Security Administrator role. From the Exchange admin center, you add User2 to the View-Only Management role.
Does this meet the goal?
- A . Yes
- B . NO
B
Explanation:
✑ User2 must be able to view reports and schedule the email delivery of security and compliance reports.
The Security Administrator role can view reports but not schedule the email delivery of security and compliance reports.
The View-Only Organization Management role cannot schedule the email delivery of security and compliance reports.
Reference: https://docs.microsoft.com/en-us/exchange/permissions-exo/permissions-exo
To which Azure AD role should you add User4 to meet the security requirement?
- A . Password administrator
- B . Global administrator
- C . Security administrator
- D . Privileged role administrator
B
Explanation:
✑ User4 must be able to reset User3 password.
User3 is assigned the Customer Lockbox Access Approver role. Only global admins can reset the passwords of people assigned to this role as it’s considered a privileged role.
Reference: https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Customer-Lockbox-Approver-Role-Now-Available/ba-p/223393
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals- Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As m result, these questions will not appear in the review screen.
You need to assign User2 the required roles to meet the security requirement.
Solution: From the Office 36S admin center, you assign User2 the Records Management role. From the Exchange 3dmm center, you assign User2 the Help Desk role.
Does that meet the goal?
- A . Yes
- B . NO
You need to meet the security requirement for the vendors.
What should you do?
- A . From the Azure portal, add an identity provider.
- B . From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the CUserPrincipalName parameter.
- C . From the Azure portal, create guest accounts.
- D . From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the CUserType parameter.
C
Explanation:
✑ Vendors must be able to authenticate by using their Microsoft account when accessing Contoso resources.
You can invite guest users to the directory, to a group, or to an application. After you invite a user through any of these methods, the invited user’s account is added to Azure Active Directory (Azure AD), with a user type of Guest. The guest user must then redeem their invitation to access resources. An invitation of a user does not expire.
The invitation will include a link to create a Microsoft account. The user can then authenticate using their Microsoft account. In this question, the vendors already have Microsoft accounts so they can authenticate using them.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/b2b/add-users-administrator
You need to meet the security requirement for the vendors.
What should you do?
- A . From the Azure portal, modify the authentication methods.
- B . From Azure Cloud Shell, run the New-AzureADMSInvitation and specify the CInvitedIserEmailAddress cmdlet.
- C . From Azure Cloud Shell, run the Set-MsolUserPrincipalName and specify the CtenantID parameter.
- D . From the Azure portal, add an identity provider.
B
Explanation:
✑ Vendors must be able to authenticate by using their Microsoft account when accessing Contoso resources.
You can invite guest users to the directory, to a group, or to an application. After you invite a user through any of these methods, the invited user’s account is added to Azure Active Directory (Azure AD), with a user type of Guest. The guest user must then redeem their invitation to access resources. An invitation of a user does not expire.
The invitation will include a link to create a Microsoft account. The user can then authenticate using their Microsoft account. In this question, the vendors already have Microsoft accounts so they can authenticate using them.
In this solution, we are creating guest account invitations by using the New-AzureADMSInvitation cmdlet and specifying the CInvitedUserEmailAddress parameter.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/b2b/add-users-administrator
https://docs.microsoft.com/en-us/powershell/module/azuread/new-azureadmsinvitation?view=azureadps-2.0
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to assign User2 the required roles to meet the security requirements.
Solution: From the Office 365 admin center, you assign User2 the Security Reader role.
From the Exchange admin center, you assign User2 the Help Desk role.
Does this meet the goal?
- A . Yes
- B . NO
B
Explanation:
✑ User2 must be able to view reports and schedule the email delivery of security and compliance reports.
The Security Reader role can view reports but not schedule the email delivery of security and compliance reports.
The Help Desk role cannot schedule the email delivery of security and compliance reports.
Reference: https://docs.microsoft.com/en-us/exchange/permissions-exo/permissions-exo
HOTSPOT
You need to meet the technical requirements for the user licenses.
Which two properties should you configure for each user? To answer, select the appropriate properties in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
All new users must be assigned Office 365 licenses automatically.
To enable Microsoft 365 license assignment, the users must have a username. This is also the UPN. The users must also have a Usage Location.
Topic 2, Fabrikam, Inc
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answer and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Overview
Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide.
Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States.
Existing Environment
Active Directory Environment
The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication.
Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts.
All users authenticate to on-premises applications by signing in to their device by using a UPN format of username@fabrikam.com.
Fabrikam does NOT plan to implement identity federation.
Network Infrastructure
Each office has a high-speed connection to the Internet.
Each office contains two domain controllers. All domain controllers are configured as a DNS server.
The public zone for fabrikam.com is managed by an external DNS server.
All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed.
All shared company documents are stored on a Microsoft SharePoint Server farm.
Requirements
Planned Changes
Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.
Fabrikam plans to implement two pilot projects:
✑ Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.
✑ Project2: After the successful completion of Project1, Microsoft Teams & Skype for Business will be enabled in Microsoft 365 for the sales department users.
Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.
Technical Requirements
Fabrikam identifies the following technical requirements:
✑ All users must be able to exchange email messages successfully during Project1 by using their current email address.
✑ Users must be able to authenticate to cloud services if Active Directory becomes unavailable.
✑ A user named User1 must be able to view all DLP reports from the Microsoft 365 admin center.
✑ Microsoft Office 365 ProPlus applications must be installed from a network share only.
✑ Disruptions to email address must be minimized.
Application Requirements
Fabrikam identifies the following application requirements:
✑ An on-premises web application named App1 must allow users to complete their expense reports online.
✑ The installation of feature updates for Office 365 ProPlus must be minimized.
Security Requirements
Fabrikam identifies the following security requirements:
✑ After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.
✑ The memberships of UserLicenses must be validated monthly. Unused user accounts must be removed from the group automatically.
✑ After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.
✑ The principle of least privilege must be used.
You need to meet the application requirement for App1.
Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . From the Azure Active Directory admin center, configure the application URL settings.
- B . From the Azure Active Directory admin center, add an enterprise application.
- C . On an on-premises server, download and install the Microsoft AAD Application Proxy connector.
- D . On an on-premises server, install the Hybrid Configuration wizard.
- E . From the Microsoft 365 admin center, configure the Software download settings.
A,B,C
Explanation:
✑ An on-premises web application named App1 must allow users to complete their expense reports online.
Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client. Application Proxy includes both the Application Proxy service which runs in the cloud, and the Application Proxy connector which runs on an on-premises server. Azure AD, the Application Proxy service, and the Application Proxy connector work together to securely pass the user sign-on token from Azure AD to the web application.
In this question, we need to add an enterprise application in Azure and configure a Microsoft AAD Application Proxy connector to connect to the on-premises web application (App1).
Reference: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy#how-application-proxy-works
You need to recommend which DNS record must be created before adding a domain name for the project.
You need to recommend which DNS record must be created before you begin the project.
Which DNS record should you recommend?
- A . alias (CNAME)
- B . host information (HINFO)
- C . host (A)
- D . mail exchanger (MX)
C
Explanation:
When you add a custom domain to Office 365, you need to verify that you own the domain.
You can do this by adding either an MX record or a TXT record to the DNS for that domain.
Reference: https://docs.microsoft.com/en-us/office365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider?view=o365-worldwide
Which role should you assign to User1?
- A . Security Administrator
- B . Records Management
- C . Security Reader
- D . Hygiene Management
C
Explanation:
✑ A user named User1 must be able to view all DLP reports from the Microsoft 365 admin center.
Users with the Security Reader role have global read-only access on security-related features, including all information in Microsoft 365 security center, Azure Active Directory, Identity Protection, Privileged Identity Management, as well as the ability to read Azure Active Directory sign-in reports and audit logs, and in Office 365 Security & Compliance Center.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-
assign-admin-roles
Which migration solution should you recommend for Project1?
- A . From the Microsoft 365 admin center, start a data migration and click Exchange as the data service.
- B . From the Exchange admin center, start a migration and select Cutover migration.
- C . From the Exchange admin center, start a migration and select Staged migration.
- D . From the Microsoft 365 admin center, start a data migration and click Upload PST as the data service.
A
Explanation:
Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.
Fabrikam does NOT plan to implement identity federation.
All users must be able to exchange email messages successfully during Project1 by using their current email address.
During Project1, some users will have mailboxes in Microsoft 365 and some users will have mailboxes in Exchange on-premises. To enable users to be able to exchange email messages successfully during Project1 by using their current email address, we’ll need to configure hybrid Exchange.
A new way to migrate mailboxes in a hybrid Exchange configuration is to use the Microsoft 365 data migration service. The data migration service can migrate Exchange, SharePoint and OneDrive. Therefore, we need to start a data migration and click Exchange as the service to be migrated.
Reference:
https://docs.microsoft.com/en-us/fasttrack/O365-data-migration
https://docs.microsoft.com/en-us/exchange/hybrid-deployment/move-mailboxes
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a Microsoft Office 365 tenant.
You suspect that several Office 365 features were recently updated.
You need to view a list of the features that were recently updated in the tenant.
Solution: You use Monitoring and reports from the Compliance admin center.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Depending on what your organization’s Office 365 subscription includes, the Dashboard in Security & Compliance includes several widgets, such as Threat Management Summary, Threat Protection Status, Global Weekly Threat Detections, Malware, etc. The Compliance admin center in Microsoft 365 contains much of the same information but also includes additional entries focusing on alerts, data insights.
The Monitoring and reports section from the Compliance admin center does not display a list of the features that were recently updated in the tenant so this solution does not meet the goal.
To meet the goal, you need to use Message center in the Microsoft 365 admin center.
Reference: https://docs.microsoft.com/en-us/office365/admin/manage/message-center?view=o365-worldwide
You need to ensure that all the sales department users can authenticate successfully during Project1and Project2.
Which authentication strategy should you implement for the pilot projects?
- A . password hash synchronization and seamless SSO
- B . pass-through authentication
- C . password hash synchronization
- D . pass-through authentication and seamless SSO
A
Explanation:
✑ Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.
✑ Project2: After the successful completion of Project1, Microsoft Teams & Skype for Business will be enabled in Microsoft 365 for the sales department users.
✑ After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.
✑ Fabrikam does NOT plan to implement identity federation.
✑ After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.
You need to enable password hash synchronization to enable the users to continue to authenticate to their mailbox and to SharePoint sites by using their UPN.
You need to enable SSO to enable all users to be signed in to on-premises and cloud-based applications automatically.
Reference: https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn
Which migration solution should you recommend for Project1?
- A . From Exchange Online PowerShell, run the New-MaiboxImportRequest cmdlet.
- B . From Exchange Online PowerShell, run the New-MaiboxExportRequest cmdlet.
- C . From the Microsoft 365 admin center, start a data migration and click Upload PSST as the data service.
- D . From the Exchange admin center, start a migration and select Remote move migration
D
Explanation:
During Project1, some users will have mailboxes in Microsoft 365 and some users will have mailboxes in Exchange on-premises. To enable users be able to exchange email messages successfully during Project1 by using their current email address, we’ll need to configure hybrid Exchange.
To migrate mailboxes in a hybrid Exchange configuration, you use Exchange admin center perform Remote move migrations.
Reference: https://docs.microsoft.com/en-us/exchange/hybrid-deployment/move-mailboxes
HOTSPOT
You need to create the UserLicenses group. The solution must meet the security requirements.
Which group type and control method should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.
The memberships of UserLicenses must be validated monthly. Unused user accounts must be removed from the group automatically.
The group needs to be a Security group.
Azure Active Directory (Azure AD) access reviews enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments. User’s access can be reviewed on a regular basis to make sure only the right people have continued access.
HOTSPOT
You create the Microsoft 365 tenant.
You implement Azure AD Connect as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Explanation:
In the exhibit, seamless single sign-on (SSO) is disabled. Therefore, as SSO is disabled in the cloud, the Sales department users can access only on-premises applications by using SSO.
In the exhibit, directory synchronization is enabled and active. This means that the on-premises Active Directory user accounts are synchronized to Azure Active Directory user accounts. If the on-premises Active Directory becomes unavailable, the users can access resources in the cloud by authenticating to Azure Active Directory. They will not be able to access resources on-premises if the on-premises Active Directory becomes unavailable as they will not be able to authenticate to the on-premises Active Directory.
DRAG DROP
You need to prepare the environment for Project1.
You create the Microsoft 365 tenant.
Which three actions should you perform in sequence next? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.
All users must be able to exchange email messages successfully during Project1 by using their current email address.
After the planned migration to Microsoft 365, all users must continue to authenticate to their
mailbox and to SharePoint sites by using their UPN.
This configuration requires a hybrid Exchange configuration during the pilot phase. This means that you will have mailboxes hosted in Exchange Online and mailboxes hosted in Exchange on-premise.
The first steps to configure Exchange hybrid are to Create the Azure AD tenant, add the Fabrikam.com domain as a custom domain, then configure directory synchronization to replicate the on-prem Active Directory user accounts to Azure Active Directory.
HOTSPOT
You need to meet the application requirements for the Office 365 ProPlus applications.
You create an XML files that contains the following settings.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Explanation:
Box 1:
Office 365 ProPlus feature updates will be installed twice a year in March and September. The Channel element in the configuration file is set to ‘Targeted’. This means Semi-Annual Targeted.
To help your organization prepare for a Semi-Annual Channel release, Microsoft provides Semi-Annual Channel (Targeted). The primary purpose of this update channel is to give pilot users and application compatibility testers in your organization a chance to work with the upcoming Semi-Annual Channel release
Box 2:
Microsoft Office 365 ProPlus applications must be installed from a network share only.
The AllowCDNFallback value is currently set to true. The purpose of this setting is to enable Office 365 to be downloaded from Microsoft’s Content Delivery Network if the network share is unavailable. The AllowCDNFallback value should be set to false to meet the technical requirement.
You are evaluating the required processes for Project1.
You need to recommend which DNS record must be created before you begin the project.
Which DNS record should you recommend?
- A . mail exchanger (MX)
- B . alias (CNAME)
- C . host (A)
- D . host (AAA)
Which migration solution should you recommend for Project1?
- A . From the Exchange admin center, start a migration and select Staged migration.
- B . From the Microsoft 365 admin center, start a data migration and click Exchange as the data service.
- C . From the Microsoft 365 admin center, start a data migration and click Outlook as the data service.
- D . From the Exchange admin center, start a migration and select Cutover migration.
B
Explanation:
Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.
Fabrikam does NOT plan to implement identity federation.
All users must be able to exchange email messages successfully during Project1 by using their current email address.
During Project1, some users will have mailboxes in Microsoft 365 and some users will have mailboxes in Exchange on-premises. To enable users to be able to exchange email messages successfully during Project1 by using their current email address, we’ll need to configure hybrid Exchange.
A new way to migrate mailboxes in a hybrid Exchange configuration is to use the Microsoft 365 data migration service. The data migration service can migrate Exchange, SharePoint and OneDrive. Therefore, we need to start a data migration and click Exchange as the service to be migrated.
Reference:
https://docs.microsoft.com/en-us/fasttrack/O365-data-migration
https://docs.microsoft.com/en-us/exchange/hybrid-deployment/move-mailboxes
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest.
You deploy Microsoft 365.
You plan to implement directory synchronization.
You need to recommend a security solution for the synchronized identities.
The solution must meet the following requirements:
* Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
* User passwords must be 10 characters or more.
Solution: Implement pass-through authentication and modify the password settings from the Default Domain Policy in Active Directory.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization
Topic 3, Litware inc
Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Overview
General Overview
Litware, Inc. is a consulting company that has a main office in Montreal and a branch office in Seattle.
Litware collaborates with a third-party company named ADatum Corporation.
Environment
On-Premises Environment
The network of Litware contains an Active Directory domain named litware.com.
The domain contains three organizational units (OUs) named LitwareAdmins, Montreal Users, and Seattle Users and the users shown in the following table.
The domain contains 2,000 Windows 10 Pro devices and 100 servers that run Windows Server 2019.
Cloud environment
Litware has a pilot Microsoft 365 subscription that includes Microsoft Office 365 Enterprise E3 licenses and Azure Active Directory Premium Plan 2 licenses.
The subscription contains a verified DNS domain named litware.com.
Azure AD Connect is installed and has the following configurations:
✑ Password hash synchronization is enabled.
✑ Synchronization is enabled for the LitwareAdmins OU only.
Users are assigned the roles shown in the following table.
Self-service password reset (SSPR) is enabled.
The Azure Active Directory (Azure AD) tenant has Security defaults enabled.
Requirements
Planned Changes
Litware identifies the following issues:
✑ Admin1 cannot create conditional access policies.
✑ Admin4 receives an error when attempting to use SSPR.
✑ Users access new Office 365 service and feature updates before the updates are reviewed by Admin2.
Technical Requirements
Litware plans to implement the following changes:
✑ Implement Microsoft Intune.
✑ Implement Microsoft Teams.
✑ Implement Microsoft Defender for Office 365.
✑ Ensure that users can install Office 365 apps on their device.
✑ Convert all the Windows 10 Pro devices to Windows 10 Enterprise E5.
✑ Configure Azure AD Connect to sync the Montreal Users OU and the Seattle Users OU.
HOTSPOT
You need to configure the Office 365 service status notifications and limit access to the service and feature updates. The solution must meet the technical requirements.
What should you configure in the Microsoft 365 admin center? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Graphical user interface, text, table
Description automatically generated
You need to configure Azure AD Connect to support the planned changes for the Montreal Users and Seattle Use’s OUs.
What should you do?
- A . From PowerShell, run The Add-ADSyncConnectorAttributeinclusion cmdlet.
- B . From the Microsoft Azure Active Directory Connect wizard, select Customize synchronization options.
- C . From PowerShell, run the start-ADSyncSyncCycle cmdlet.
- D . From the Microsoft Azure Active Directory Connect wizard, select Manage federation.
HOTSPOT
You need to ensure that Admin4 can use SSPR.
Which tool should you use, and which action should you perform? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Graphical user interface, text, application, chat or text message
Description automatically generated
HOTSPOT
You need to ensure that the Microsoft 365 incidents and advisories are reviewed monthly.
Which users can review the incidents and advisories, and which blade should the users use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one pant
Explanation:
Graphical user interface, application
Description automatically generated
You need to configure Microsoft Teams to support the technical requirements tor collaborating with A. Datum
What should you configure in the Microsoft Teams admin center?
- A . meeting policies
- B . external access
- C . guest access
- D . messaging policies
HOTSPOT
You are evaluating the use of multi-factor authentication (MFA).
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Text
Description automatically generated
You need to configure just in time access to meet the technical requirements.
What should you use?
- A . access reviews
- B . entitlement management
- C . Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
- D . Azure Active Directory (Azure AD) Identity Protection
C
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
joergsi 5 months, 1 week ago
Privileged access management
The effectiveness of an information protection strategy depends on how secure the administrative accounts used to manage that strategy are. If accounts that can be used to configure and manage an information protection strategy are not properly secured, then the information protection strategy itself can be easily compromised.
Privileged access management enables you to configure policies that apply
=> just-in-time administrative principles to sensitive administrative roles.
For example, if someone needs temporary access to configure an information protection policy, that person would need to go through an approval process to obtain the necessary set of rights instead of having an Azure Active Directory (Azure AD) account with those rights permanently assigned.
Thomas, Orin. Exam Ref MS-100 Microsoft 365 Identity and Services (S.10). Pearson Education. Kindle-Version.
You need to ensure that Litware has the appropriate licence to support the planned changes. The solution must minimize costs.
Which license type should you use?
- A . Microsoft 365 Enterprise E5
- B . Office 365 Enterprise E5
- C . Office 365 Enterprise F3
- D . Microsoft 365 Enterprise E3
Topic 4, NEW Case Study
Case Study
Overview
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the question. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, n…… that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to ret…….. to the question.
Existing Environment
Microsoft 365
Contoso identifies the following business goals:
* Utilize core functionality of apps whenever possible.
* Reduce app development costs.
* Minimize training costs for end users.
Microsoft SharePoint/Microsoft Exchange
Contoso has a Microsoft 365 subscription that uses a domain named contoso.com. Each user is assigned a Microsoft 365 Enterprise E5 licence.
Problem Statement
Contoso moves all email accounts to Microsoft 365.
Contoso migrates the SharePoint Server 2013 intranet sites of the research department to SharePoint Online.
Requirements
Business Goals
Contoso identifies the following issues:
* Users in the sales department report that prepanng quotations is time-consuming as it requires manually copying and pasting data from multiple sources.
* Users in the HR department must use multiple apps to manage the hiring process.
* The solution to claim expenses requires multiple manual steps.
Planned Changes
Contoso identifies the following business goals:
* Utilize core functionality of apps whenever possible.
* Reduce app development costs.
* Minimize training costs for end users.
Technical Requirements
Contoso plans to implement the following changes;
* Redesign the SharePoint Online sites of the research department to provide users with an expenence that is consistent with the Microsoft 365 portal. The research department has a third-party project management solution that uses the Microsoft identity platform in Azure AD.
* Create an email workflow solution for expense claims. Users will submit their expense claims and the system will email an approval request to their manager.
* Implement a bring your own device (BYOD) model that supports Windows 10, macOS, and Android devices.
* Develop a custom Microsoft 365 app named SalesApp for the sales department.
* Develop a custom Microsoft 365 app named HRApp for the HR department
Security Requirement
Contoso identifies the following technical requirements for app development:
* The expense claims solution must provide managers with claim information and the ability to manage the claim by using Microsoft Outlook. Outlook on the web, or Outlook for iOS and Android.
* HRApp must include a bot named HRBot that will answer HR questions. Users must be able to access the bot by ©mentioning HRBot in a Microsoft Teams channel or private chat.
* HRApp must enable users to query a third-party HR system by using a tab from within a Microsoft Teams channel.
* HRApp must include a messaging extension that enables users to search jobs by job title or job ID.
* SalesApp must be integrated with Microsoft Word and must combine images and text from multiple sources to create a quotation as a DOCX file.
* The distribution of SalesApp must be automatic and require minimal user interaction.
* Solutions for SharePoint Online and Microsoft Office must follow the current Office user interface (Ul) design.
* Development tools and solutions must support Windows and non-Windows devices.
* Development effort must be minimized.
HRApp Manifest
All solutions must support the Microsoft identity platform in Azure AD.
Intranet components must not share access tokens.
You need to recommend which API object the SharePoint Framework (SPFx) intranet components will use to access the research department s project management solution.
What should you recommend?
- A . SPHttpClient
- B . AadHttpClient
- C . HSGraphClient
- D . HttpClient
B
Explanation:
Reference: https://docs.microsoft.com/en-us/sharepoint/dev/spfx/use-aadhttpclient
You need to ensure that users can initiate private conversations with HRBot. The solution must meet the technical requirements for HRApp.
How should you configure the HRApp manifest?
- A . In the tots section, change the scopes collection value from teams to personal.
- B . In the dots section, add personal to the scopes collection.
- C . In the staticTaes section, add perioral to the scopes collection.
- D . In the conf igur»bl«Tabs section, add groupchat to the scopes collection
DRAG DROP
You need to configure HRApp to enable users to search for specific jobs by using chat in Microsoft Teams.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Step 1: Create a bot registration.
Step 2: In the HRApp manifest, configure the botId value in the ComposeExtensions section to match the botId value of the bot registration.
Scenario: HRApp must include a messaging extension that enables users to search jobs by job title or job ID.
Step 3: Implement a handler
Reference: https://docs.microsoft.com/en-us/azure/bot-service/bot-service-quickstart-registration
You need to recommend which type of Office Add-in must be used for SalesApp.
What should you recommend?
- A . module extension
- B . task pane
- C . custom function
- D . contextual
B
Explanation:
Reference: https://docs.microsoft.com/en-us/office/dev/add-ins/word/word-add-ins-programming-overview
HOTSPOT
You need to modify the HRApp manifest to provide a tab that supports querying the third-party HR system.
Which section of the manifest should you modify, and which value should you set as the scope? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Graphical user interface, text, application
Description automatically generated
HOTSPOT
You need to recommend the development environment and tools for the redesign of the research department’s SharePoint Online sites.
What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Graphical user interface, text, application
Description automatically generated
You need to provide users with access to SalesApp. The solution must meet the technical requirements.
What should you include in the solution?
- A . Microsoft AppSource
- B . sideloading
- C . Centralized Deployment
- D . App Catalog in SharePoint Online
You need to recommend a model for the expense claims solution.
What should you recommend?
- A . actionable messages via connectors that use an actionable message card
- B . actionable messages via email that uses an adaptive card
- C . actionable messages via connectors that use an adaptive card
- D . actionable messages via email that uses an actionable message card
D
Explanation:
Sending actionable messages via email is supported. You use actionable message cards.
Scenario:
Create an email workflow solution for expense claims. Users will submit their expense claims and the system will email an approval request to their manager.
The expense claims solution must provide managers with claim information and the ability to manage the claim by using Microsoft Outlook, Outlook on the web, or Outlook for iOS and Android.
Reference: https://docs.microsoft.com/en-us/outlook/actionable-messages/send-via-email
HOTSPOT
You need to recommend the development environment and tools for the development of SalesApp.
What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Graphical user interface, text, application
Description automatically generated
Box 1: Office Add-ins
Scenario: SalesApp must be integrated with Microsoft Word and must combine images and text from multiple sources to create a quotation as a DOCX file.
You can use the Office Add-ins platform to build solutions that extend Office applications and interact with content in Office documents.
Box 2: Microsoft Visual Studio
Visual Studio can be used to create Office Add-ins for Excel, Outlook, Word, and PowerPoint. An Office Add-in project gets created as part of a Visual Studio solution and uses HTML, CSS, and JavaScript.
Box 3: Fluent UI
Fluent UI is the upcoming and continually evolving design system for Microsoft 365. Currently, there is an ongoing merge in the process to have one consistent UI Framework across the Microsoft ecosystem.
Topic 5, Misc. Questions
HOTSPOT
Your network contains an on premises Active Directory domain named contoso.com. The domain contains five domain controllers.
Your company purchases Microsoft 365 and creates a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You plan to establish federation authentication between on premises Active Directory and the Azure AD tenant by using Active Directory Federation Services (AD FS).
You need to establish the federation.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point
Explanation:
The on-premises Active Directory domain is named contoso.com. Before you can configure
federation authentication between on-premises Active Directory and the Azure AD tenant, you need to add the domain contoso.com to Microsoft 365. You do this by adding a custom domain name.
The next step is to establish the federation. You can configure AD FS by using Azure AD Connect.
HOTSPOT
You are developing a single-page application (SPA) named App1 that will be used by the public.
Many users of App1 restrict pop-up windows from opening in their browser.
You need to authenticate the users by using the Microsoft identity platform.
The solution must meet the following requirements:
• Ensure that App1 can read the profile of a user.
• Minimize user interaction during authentication.
• Prevent App1 from requiting admin consent for any permissions.
How should you complete the code? To answer, select the appropriate options in the answer area.
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You add an app named App1 to the enterprise applications in contoso.com.
You need to configure self-service for App1.
What should you do first?
- A . Assign App1 to users and groups.
- B . Add an owner to App1.
- C . Configure the provisioning mode for App1.
- D . Configure an SSO method for App1.
C
Explanation:
The provisioning mode (manual or automatic) needs to be configured for an app before you can enable self-service application access.
References: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-self-service-access
Your network contains an on-premises Active Directory domain that syncs to Azure Active Directory (Azure AD).
The on-premises network contains a Microsoft SharePoint Server 2019 farm.
The company purchases a Microsoft 365 subscription.
You have the users shown in the following table
You plan to assign User1 and User2 the required roles to run the SharePoint Hybrid Configuration Wizard.
User1 will be used for on-premises credentials and User2 will be used for cloud credentials.
You need to assign the correct role to User2. The solution must use the principle of least privilege.
Which role should you assign to User2?
- A . Application administrator
- B . SharePoint farm administrator
- C . Global administrator
- D . SharePoint administrator
C
Explanation:
To run the SharePoint Hybrid Configuration Wizard, you need to provide credentials of a user (in this case User2) of a Global Administrator account in Azure Active Directory.
Reference:
https://www.c-sharpcorner.com/article/sharepoint-2019-enable-hybrid-experience/
https://docs.microsoft.com/en-us/sharepoint/hybrid/accounts-needed-for-hybrid-configuration-and-testing
Your company has 10 offices.
The network contains an Active Directory domain named contoso.com. The domain contains 500 client computers. Each office is configured as a separate subnet.
You discover that one of the offices has the following:
✑ Computers that have several preinstalled applications
✑ Computers that use nonstandard computer names
✑ Computers that have Windows 10 preinstalled
✑ Computers that are in a workgroup
You must configure the computers to meet the following corporate requirements:
✑ All the computers must be joined to the domain.
✑ All the computers must have computer names that use a prefix of CONTOSO.
✑ All the computers must only have approved corporate applications installed.
You need to recommend a solution to redeploy the computers. The solution must minimize the deployment time.
- A . a provisioning package
- B . wipe and load refresh
- C . Windows Autopilot
- D . an in-place upgrade
A
Explanation:
By using a Provisioning, IT administrators can create a self-contained package that contains all of the configuration, settings, and apps that need to be applied to a device.
You have a Microsoft 365 E5 subscription.
All users are assigned a license to Microsoft 365 Apps for enterprise.
The users report that they do not have the option to install Microsoft 365 apps on their device as shown in the following exhibit.
You need to ensure that the users can install Microsoft 365 apps from the Office 365 portal.
What should you do?
- A . From the Microsoft 365 admin center, modify the user license settings.
- B . From the Microsoft Endpoint Manager admin center, create a Microsoft 365 Apps app and assign the app to the devices.
- C . From the Microsoft Endpoint Manager admin center, create a Microsoft 365 Apps app and assign the app to the users.
- D . From the Microsoft 365 admin center, modify the Services & add-ins settings.
You have a backend service that will access the Microsoft Graph API. The backend service is hosted on-premises. You need to configure the service to authenticate by using the most secure authentication method.
What should you configure the service to use?
- A . a client secret
- B . a certificate
- C . a hash
- D . a shared key
HOTSPOT
Your network contains an on-premises Active Directory domain. The domain contains a server named Server1.
Server1 has a share named Share1 that contains the files shown in the following table.
You have a hybrid deployment of Microsoft 365.
You create a Microsoft SharePoint site collection named Col lection1.
You plan to migrate Share1 to a document library in Collection1
You configure the SharePoint Migration Tool as shown in the exhibit. (Click the Exhibit tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: No
File1.txt will not be migrated as it was created before Jan 1 2019
Box 2: Yes
File2.txt will be migrated as it was created after Jan 1 2019 and was modified after Mar 1 2019.
Box 3: Yes
File permissions will be maintained after the migration.
References: https://docs.microsoft.com/en-us/sharepointmigration/spmt-settings
Your network contains an on-premises Active Directory domain.
Your company has a security policy that prevents additional software from being installed on domain controllers.
You need to monitor a domain controller by using Microsoft Azure Advanced Threat Protection (ATP).
What should you do? More than once choice may achieve the goal. Select the BEST answer.
- A . Deploy an Azure ATP standalone sensor, and then configure port mirroring.
- B . Deploy an Azure ATP standalone sensor, and then configure detections.
- C . Deploy an Azure ATP sensor, and then configure detections.
- D . Deploy an Azure ATP sensor, and then configure port mirroring.
C
Explanation:
If you’re installing on a domain controller, you don’t need a standalone ATP sensor. You need to configure the detections to detect application installations. With an ATP sensor (non-standalone), you don’t need to configure port mirroring.
Reference: https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step5
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-capacity-planning#choosing-the-right-sensor-type-for-your-deployment
You have a Microsoft 365 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.
Corporate policy states that user passwords must not include the word Contoso.
What should you do to implement the corporate policy?
- A . From the Azure Active Directory admin center, configure the Password protection settings.
- B . From the Microsoft 365 admin center, configure the Password policy settings.
- C . From Azure AD Identity Protection, configure a sign-in risk policy.
- D . From the Azure Active Directory admin center, create a conditional access policy.
A
Explanation:
The Password protection settings allows you to specify a banned password list of phrases that users cannot use as part of their passwords.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premisesoperations
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-configure
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad#custombanned-password-list
You have a Microsoft 365 E5 subscription that contains a group named Group 1.
Vou need to ensure that all the members of Group1 are notified when Microsoft 365 outages occur. The solution must minimize administrative effort
What should you do?
- A . From the Microsoft 365 admin center, configure a Service health email notification
- B . From the Exchange admin center, create an alert policy and configure an email notification.
- C . From the Microsoft 365 admin center, configure a Message center email notification.
- D . From the Microsoft 365 Defender portal create an alert policy and configure an email notification.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest.
You deploy Microsoft 365.
You plan to implement directory synchronization.
You need to recommend a security solution for the synchronized identities.
The solution must meet the following requirements:
✑ Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
✑ Users passwords must be 10 characters or more.
Solution: Implement password hash synchronization and modify the password settings from the Default Domain Policy in Active Directory.
Does this meet the goal?
- A . Yes
- B . No
A
Explanation:
This solution meets the requirements:
✑ Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable. (this is because the authentication is performed by Azure Active Directory).
✑ Users passwords must be 10 characters or more. (the Default Domain Policy in the on-premise Active Directory can be configured to require the password length)
Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@LODSe426243.onmicrosoft.com
Microsoft 365 Password: 3&YWyjse-6-d
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10887751
You plan to provide an external user named fabrikamuser@fabrikam.com with access to several resources in your Microsoft 365 tenant.
You need to ensure that the external user can be added to Office 365 groups.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@LODSe426243.onmicrosoft.com
Microsoft 365 Password: 3&YWyjse-6-d
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10887751
You plan to provide an external user named fabrikamuser@fabrikam.com with access to several resources in your Microsoft 365 tenant.
You need to ensure that the external user can be added to Office 365 groups.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@LODSe426243.onmicrosoft.com
Microsoft 365 Password: 3&YWyjse-6-d
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10887751
You plan to provide an external user named fabrikamuser@fabrikam.com with access to several resources in your Microsoft 365 tenant.
You need to ensure that the external user can be added to Office 365 groups.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@LODSe426243.onmicrosoft.com
Microsoft 365 Password: 3&YWyjse-6-d
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10887751
You plan to provide an external user named fabrikamuser@fabrikam.com with access to several resources in your Microsoft 365 tenant.
You need to ensure that the external user can be added to Office 365 groups.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@LODSe426243.onmicrosoft.com
Microsoft 365 Password: 3&YWyjse-6-d
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10887751
You plan to provide an external user named fabrikamuser@fabrikam.com with access to several resources in your Microsoft 365 tenant.
You need to ensure that the external user can be added to Office 365 groups.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@LODSe426243.onmicrosoft.com
Microsoft 365 Password: 3&YWyjse-6-d
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10887751
You plan to provide an external user named fabrikamuser@fabrikam.com with access to several resources in your Microsoft 365 tenant.
You need to ensure that the external user can be added to Office 365 groups.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@LODSe426243.onmicrosoft.com
Microsoft 365 Password: 3&YWyjse-6-d
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10887751
You plan to provide an external user named fabrikamuser@fabrikam.com with access to several resources in your Microsoft 365 tenant.
You need to ensure that the external user can be added to Office 365 groups.
HOTSPOT
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com that includes a user named User1.
You enable multi-factor authentication for contoso.com and configure the following two fraud alert settings:
✑ Set Allow users to submit fraud alerts: On
✑ Automatically block users who report fraud: On
You need to instruct the users in your organization to use the fraud reporting features correctly.
What should you tell the users to do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Code to report fraud during initial greeting: When users receive a phone call to perform two-step verification, they normally press # to confirm their sign-in. To report fraud, the user enters a code before pressing #. This code is 0 by default, but you can customize it.
Block user when fraud is reported: If a user reports fraud, their account is blocked for 90 days or until an administrator unblocks their account. An administrator can review sign-ins by using the sign-in report, and take appropriate action to prevent future fraud. An administrator can then unblock the user’s account.
You have a Microsoft 365 E5 subscription. You plan to use supervised chat in Microsoft Teams. You need to configure chat permission roles.
Which policy type should you use?
- A . teams
- B . messaging
- C . setup
- D . permission
You are developing a new application named App1 that uses the Microsoft identity platform to authenticate to Azure Active Directory (Azure AD).
Currently. App1 can read user profile information
You need to allow App1 to read the user’s calendar.
Solution: From the Azure portal, edit the API permission list for App1. Add the Microsoft Graph API and the Calendars-Read permissions and then grant tenant admin consent.
Does this meet the goal?
- A . Yes
- B . No
You have a Microsoft 365 subscription.
Your company deploys an Active Directory Federation Services (AD FS) solution.
You need to configure the environment to audit AD FS user authentication.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . From all the AD FS servers, run audltpol.exe.
- B . From all the domain controllers, run the set-AdminAuditLogConfig cmdlet and specify the CLogiLevel parameter.
- C . On a domain controller install Azure AD Connect Health for AD DS.
- D . From the Azure AO Connect server, run the Register-AzureADCConnectHealthSyncAgent cmdlet.
- E . On an server, install Azure AD Connect Health for AD FS.
D,E
Explanation:
To audit AD FS user authentication, you need to install Azure AD Connect Health for AD FS. The agent should be installed on an AD FS server. After the installation, you need to register the agent by running the Register-AzureADConnectHealthSyncAgent cmdlet.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-adfs
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You discover that some external users accessed content on a Microsoft SharePoint site. You modify the
SharePoint sharing policy to prevent sharing outside your organization.
You need to be notified if the SharePoint policy is modified in the future.
Solution: From the SharePoint site, you create an alert.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
You need to create a threat management policy in the Security & Compliance admin center.
Note: This question it part of a series of questions that present the same scenario. Cacti question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a Microsoft Office 36S tenant.
You suspect that several Office 365 features were recently updated.
You need to view a last of the features that were recently updated in the tenant.
Solution: You use Message center in the Microsoft 365 admin center.
Does this meet the goal?
- A . Yes
- B . NO
A
Explanation:
The Message center in the Microsoft 365 admin center is where you would go to view a list of the features that were recently updated in the tenant. This is where Microsoft posts official messages with information including new and changed features, planned maintenance, or other important announcements.
Reference: https://docs.microsoft.com/en-us/office365/admin/manage/message-center?view=o365-worldwide
HOTSPOT
You have a bot named SupporrBot that is registered to the Microsoft Bot Framework and deployed to the Azure Bot Service.
The bot is configured as shown in the following table.
SupportBot provides responses to user queries in Microsoft Teams conversations.
You need to create an app manifest to deploy SupportBot to Microsoft Teams.
How should you complete the manifest? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.
You are developing a daemon application mat reads all the emails in the Inbox of a specific Microsoft 365 mailbox. Some emails contain meeting dates and room mailbox names.
The application has the following requirements:
• Move each processed email to a subfolder in the mailbox
• If an email contains meeting data, create an event in the corresponding room mailbox calendar.
Which Microsoft Graph permissions should you grant for the application?
- A . Calendars.Readwrite and Mail. ReadWrite delegated permissions
- B . Calendars.Readwrite.Shared and Mail. Readwrite delegated permissions
- C . Calendars.Readwrite and Mail.Read application permissions
- D . Calendars .ReadWrite and Mail.Readwrite application permissions
You are developing a new application named App1 that uses the Microsoft identity platform to authenticate to Azure Active Directory (Azure AD).
Currently, App1 can read user profile information.
You need to allow App1 to read the user’s calendar.
Solution: Add https: //graph.windows.net/user, read to the list of scopes during the initial login request
Does this meet the goal?
- A . Yes
- B . No
HOTSPOT
You have a Microsoft 365 subscription.
You have a group named Support. Users in the Support group frequently send email messages to external users.
The manager of the Support group wants to randomly review messages that contain attachments.
You need to provide the manager with the ability to review messages that contain attachments sent from the Support group users to external users. The manager must have access to only 10 percent of the messages.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Supervision policies in Office 365 allow you to capture employee communications for examination by designated reviewers. You can define specific policies that capture internal and external email, Microsoft Teams, or 3rd-party communications in your organization.
You create supervision policies in the Compliance center. These policies define which communications and users are subject to review in your organization and specify who should perform reviews.
If you want to reduce the amount of content to review, you can specify a percentage of all the communications governed by a supervision policy. A real-time, random sample of content is selected from the total percentage of content that matches chosen policy conditions.
HOTSPOT
Your company has a hybrid deployment of Microsoft 365.
An on-premises user named User1 is synced to Microsoft Azure Active Directory (Azure AD).
Azure AD Connect is configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Explanation:
User1 cannot change her password from any Microsoft portals because Password Writeback is disabled in the Azure AD Connect configuration.
If the password for User1 is changed in Active Directory, the password will be synchronized to Azure AD because Password Synchronization is enabled in the Azure AD Connect configuration.
Your company uses email, calendar, contact, and task services in Microsoft Outlook.com.
You purchase a Microsoft 365 subscription and plan to migrate all users from Outlook.com to Microsoft 365.
You need to identify which user data can be migrated to Microsoft 365.
Which type of data should you identify?
- A . task
- B . email
- C . calendar
- D . contacts
B
Explanation:
You can use the Internet Message Access Protocol (IMAP) to migrate user email from Gmail, Exchange,
Outlook.com, and other email systems that support IMAP migration. When you migrate the user’s email by using IMAP migration, only the items in the users’ inbox or other mail folders are migrated. Contacts, calendar items, and tasks can’t be migrated with IMAP, but they can be by a user.
Reference: https://docs.microsoft.com/en-us/exchange/mailbox-migration/mailbox-migration#migrate-email-from-anotherimap-enabled-email-system
HOTSPOT
You have a Microsoft 365 subscription that uses a default domain named litwareinc.com.
The subscription has a Microsoft SharePoint site collection named Collection1.
From the Azure Active Directory admin center, you configure the External collaboration settings as shown in the External Collaboration Settings exhibit. (Click the External Collaboration Settings tab.)
From the SharePoint admin center, you configure the sharing settings as shown in the SharePoint Sharing exhibit. (Click the SharePoint Sharing tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Yes
In the first exhibit, “Allow invitations to be sent to any domain (most inclusive) is enabled”. Also, everyone is allowed to ‘invite’. The Target Domains setting will have no effect. This would only apply if one of the Allow/Deny invitations to the specified domain options were selected.
There is a restriction that blocks invitations being sent to contoso.com. However, this restriction does not apply to Fabrikam.com. Therefore, you can share the files in Collection1 to user1@fabrikam.com.
Box 2: Yes
As noted above, external sharing is enabled for any domain except contoso.com. The Target Domains setting in the first exhibit will have no effect. Therefore, you can share Collection1 to user2@fabrikam1.com.
Box 3: Yes
As noted above, external sharing is enabled for any domain except contoso.com. Blocking sharing to contoso.com does not block sharing to us.contoso.com. Therefore, you can share Collection1 to user3@us.contoso.com.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@M365x981607.onmicrosoft.com
Microsoft 365 Password: *yfLo7Ir2&y-
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to
reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10811525
Your organization recently partnered with another organization named Fabrikam, Inc.
You plan to provide a Microsoft 365 license to an external user named user1@fabrikam.com, and then to share documents with the user.
You need to invite user1@fabrikam.com to access your organization.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@M365x981607.onmicrosoft.com
Microsoft 365 Password: *yfLo7Ir2&y-
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to
reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10811525
Your organization recently partnered with another organization named Fabrikam, Inc.
You plan to provide a Microsoft 365 license to an external user named user1@fabrikam.com, and then to share documents with the user.
You need to invite user1@fabrikam.com to access your organization.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@M365x981607.onmicrosoft.com
Microsoft 365 Password: *yfLo7Ir2&y-
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to
reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10811525
Your organization recently partnered with another organization named Fabrikam, Inc.
You plan to provide a Microsoft 365 license to an external user named user1@fabrikam.com, and then to share documents with the user.
You need to invite user1@fabrikam.com to access your organization.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@M365x981607.onmicrosoft.com
Microsoft 365 Password: *yfLo7Ir2&y-
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to
reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10811525
Your organization recently partnered with another organization named Fabrikam, Inc.
You plan to provide a Microsoft 365 license to an external user named user1@fabrikam.com, and then to share documents with the user.
You need to invite user1@fabrikam.com to access your organization.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@M365x981607.onmicrosoft.com
Microsoft 365 Password: *yfLo7Ir2&y-
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to
reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10811525
Your organization recently partnered with another organization named Fabrikam, Inc.
You plan to provide a Microsoft 365 license to an external user named user1@fabrikam.com, and then to share documents with the user.
You need to invite user1@fabrikam.com to access your organization.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@M365x981607.onmicrosoft.com
Microsoft 365 Password: *yfLo7Ir2&y-
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to
reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10811525
Your organization recently partnered with another organization named Fabrikam, Inc.
You plan to provide a Microsoft 365 license to an external user named user1@fabrikam.com, and then to share documents with the user.
You need to invite user1@fabrikam.com to access your organization.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@M365x981607.onmicrosoft.com
Microsoft 365 Password: *yfLo7Ir2&y-
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to
reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10811525
Your organization recently partnered with another organization named Fabrikam, Inc.
You plan to provide a Microsoft 365 license to an external user named user1@fabrikam.com, and then to share documents with the user.
You need to invite user1@fabrikam.com to access your organization.
HOTSPOT
You have a Microsoft 365 subscription that contains the users shown in the following table.
You have the named locations shown in the following table.
You create a conditional access policy that has the following configurations:
Users and groups:
✑ Include: Group1
✑ Exclude: Group2
Cloud apps: Include all cloud apps
Conditions:
✑ Include: Any location
✑ Exclude: Montreal
Access control: Grant access, Require multi-factor authentication
User1 is on the multi-factor authentication (MFA) blocked users list.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
The Blocked User list is used to block specific users from being able to receive Multi-Factor Authentication requests. Any authentication attempts for blocked users are automatically denied. Users remain blocked for 90 days from the time that they are blocked.
Box 1: Yes
HOTSPOT
You have a Microsoft 365 subscription that contains the users shown in the following table.
You have the named locations shown in the following table.
You create a conditional access policy that has the following configurations:
Users and groups:
✑ Include: Group1
✑ Exclude: Group2
Cloud apps: Include all cloud apps
Conditions:
✑ Include: Any location
✑ Exclude: Montreal
Access control: Grant access, Require multi-factor authentication
User1 is on the multi-factor authentication (MFA) blocked users list.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
The Blocked User list is used to block specific users from being able to receive Multi-Factor Authentication requests. Any authentication attempts for blocked users are automatically denied. Users remain blocked for 90 days from the time that they are blocked.
Box 1: Yes
HOTSPOT
You have a Microsoft 365 subscription that contains the users shown in the following table.
You have the named locations shown in the following table.
You create a conditional access policy that has the following configurations:
Users and groups:
✑ Include: Group1
✑ Exclude: Group2
Cloud apps: Include all cloud apps
Conditions:
✑ Include: Any location
✑ Exclude: Montreal
Access control: Grant access, Require multi-factor authentication
User1 is on the multi-factor authentication (MFA) blocked users list.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
The Blocked User list is used to block specific users from being able to receive Multi-Factor Authentication requests. Any authentication attempts for blocked users are automatically denied. Users remain blocked for 90 days from the time that they are blocked.
Box 1: Yes
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@M365x981607.onmicrosoft.com
Microsoft 365 Password: *yfLo7Ir2&y-
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10811525
You plan to provide several users in your organization with the ability to join their Windows 10 device to Microsoft Azure Active Directory (Azure AD).
You need to ensure that all the users who join a device use multi-factor authentication.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@M365x981607.onmicrosoft.com
Microsoft 365 Password: *yfLo7Ir2&y-
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10811525
You plan to provide several users in your organization with the ability to join their Windows 10 device to Microsoft Azure Active Directory (Azure AD).
You need to ensure that all the users who join a device use multi-factor authentication.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@M365x981607.onmicrosoft.com
Microsoft 365 Password: *yfLo7Ir2&y-
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10811525
You plan to provide several users in your organization with the ability to join their Windows 10 device to Microsoft Azure Active Directory (Azure AD).
You need to ensure that all the users who join a device use multi-factor authentication.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@M365x981607.onmicrosoft.com
Microsoft 365 Password: *yfLo7Ir2&y-
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10811525
You plan to provide several users in your organization with the ability to join their Windows 10 device to Microsoft Azure Active Directory (Azure AD).
You need to ensure that all the users who join a device use multi-factor authentication.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@M365x981607.onmicrosoft.com
Microsoft 365 Password: *yfLo7Ir2&y-
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10811525
You plan to provide several users in your organization with the ability to join their Windows 10 device to Microsoft Azure Active Directory (Azure AD).
You need to ensure that all the users who join a device use multi-factor authentication.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@M365x981607.onmicrosoft.com
Microsoft 365 Password: *yfLo7Ir2&y-
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10811525
You plan to provide several users in your organization with the ability to join their Windows 10 device to Microsoft Azure Active Directory (Azure AD).
You need to ensure that all the users who join a device use multi-factor authentication.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@M365x981607.onmicrosoft.com
Microsoft 365 Password: *yfLo7Ir2&y-
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10811525
You plan to provide several users in your organization with the ability to join their Windows 10 device to Microsoft Azure Active Directory (Azure AD).
You need to ensure that all the users who join a device use multi-factor authentication.
HOTSPOT
Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com that includes the users shown in the following table.
Group2 is a member of Group1.
You assign a Microsoft Office 365 Enterprise E3 license to User2 as shown in the following exhibit.
You assign Office 365 Enterprise E3 licenses to Group1 as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Group-based licensing currently does not support groups that contain other groups (nested groups). If you apply a license to a nested group, only the immediate first-level user members of the group have the licenses applied.
References: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-group-advanced
HOTSPOT
You have a Microsoft 365 E5 subscription and an Azure AD tenant named contoso.com.
All users have computers that run Windows 11, are joined to contoso.com, and are protected by using BitLocker Drive Encryption (BitLocker).
You plan to create a user named Admin1 that will perform following tasks:
• View BitLocker recovery keys.
• Configure the usage location for the users in contoso.com.
You need to assign roles to Admin1 to meet the requirements. The solution must use the principle of least privilege.
Which two roles should you assign? To answer, select the appropriate roles in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
Your network contains an on-premises Active Directory domain named Contoso.com.
Your company purchase a Microsoft 365 subscription and establishes a hybrid deployment of Azure Active Directory (Azure AD) by using password hash synchronization.
You need to identify where an administrator can reset the password of each new user.
What should you identify? To answer, select the appropriate option in the area. NOTE: Each correct selection is worth point.
HOTSPOT
You have an Active Directory domain named Adatum.com that is synchronized to Azure Active Directory as shown in the exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Explanation:
Group Writeback is enabled in the Azure AD Connect configuration so groups created in Azure Active Directory will be synchronized to the on-premise Active Directory. A security group created in Azure Active Directory will be synchronized to the on-premise Active Directory as a security group.
Device Writeback is enabled in the Azure AD Connect configuration so computers joined to the Azure Active Directory will be synchronized to the on-premise Active Directory. They will sync to the Registered Devices container in the on-premise Active Directory.
Your company has an Azure AD tenant named contoso.com and a Microsoft 365 subscription.
All users use Windows 10 devices to access Microsoft Office 365 apps.
All the devices are in a workgroup.
You plan to implement password less sign-in to contoso.com.
You need to recommend changes to the infrastructure for the planned implementation.
What should you include in the recommendation?
- A . Deploy Azure AD Application Proxy.
- B . Deploy X.509.3 certificates to all the users.
- C . Deploy the Microsoft Authenticator app.
- D . Join all the devices to contoso.com.
You have an on-premises Microsoft Exchange Server organization that contains 100 mailboxes.
You have a hybrid Microsoft 365 tenant.
You run the Hybrid Configuration wizard and migrate the mailboxes to the tenant.
You need to ensure that Microsoft 365 spam filtering is applied to incoming email.
What should you do?
- A . Run the Hybrid Configuration wizard again.
- B . Update the Sender Policy Framework (SPF) TXT record to point to the on-premises Exchange IP address.
- C . Run the Azure Active Directory Connect wizard again.
- D . Update the MX record to point to Exchange Online.
D
Explanation:
Reference: https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/manage-mailboxes-using-microsoft-365-or-office-365
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
User1 is the owner of Group1, User2 is the owner of Group2.
You create an access review that contains the following configurations:
* Users to review, Member of a group
* Scope Everyone
* Group: Group1 and Group2
* Review Group owners
For each of the following statements, select Yes if the statement is true. Otherwise select No. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Yes
User1 is the owner of Group1. User2 is in Group1 and Group2. Group owners can review access. Therefore, User1 can review User2’s membership of Group1.
Box 2: Yes
User1 is the owner of Group1. User3 is in Group1 and Group2. Group owners can review access. Therefore, User1 can review User3’s membership of Group1.
Box 3: No
Only group owners can review access. User3 is not a group owner. Therefore, User3 cannot review membership of the groups.
References: https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review
HOTSPOT
On March 5. 2022, you create an access package named Package1 that has the following settings:
• Resource roles
• Name: Group1
• Type: Group and Team
• Role: Member
• Lifecycle
o Access package assignments expire: On date f Assignment expiration date: March 20. 2022
On March 5, 2022. you assign Package1 to the guest users shown in the following table.
On March 6, 2022, you assign the Reports reader role to Guest3.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
