Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsMS-102DomainsDeploy and manage a Microsoft 365 tenant
MS-102Free — No Signup

Deploy and manage a Microsoft 365 tenant

Practice MS-102 Deploy and manage a Microsoft 365 tenant questions with full explanations on every answer.

248questions

Start practicing

Deploy and manage a Microsoft 365 tenant — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

MS-102 Domains

Deploy and manage a Microsoft 365 tenantImplement and manage Microsoft Entra identity and accessManage security and threats by using Microsoft Defender XDRManage compliance by using Microsoft PurviewManage users, groups, licensing, and supportImplement and manage identity and access in Microsoft Entra ID

Practice Deploy and manage a Microsoft 365 tenant questions

10Q20Q30Q50Q

All MS-102 Deploy and manage a Microsoft 365 tenant questions (248)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

An administrator is onboarding a new custom domain for email in a Microsoft 365 tenant. Which step should be performed first?

2

A company wants to prevent their Microsoft 365 tenant from allowing external users to be invited by default. Only specific administrators should be able to invite guests. Which setting should be changed?

3

A company is planning to migrate from on-premises Exchange to Exchange Online and needs to ensure that mail flow can coexist between the two environments during the transition. Which tool should the administrator use to configure this hybrid deployment?

4

A company wants to allow users to log in to Microsoft 365 using their existing on-premises Active Directory credentials and ensure that password changes are reflected immediately in the cloud. Which authentication method should be implemented?

5

A newly hired administrator needs to manage user accounts, licenses, and reset passwords. Which portal should they access?

6

An organization wants to authenticate users using their on-premises Active Directory without synchronizing passwords to Microsoft Entra ID. Which identity model should they choose?

7

An administrator has created a new user account in Microsoft Entra ID. To ensure the user has a mailbox in Exchange Online, what is the next step?

8

An organization has registered the domain contoso.com and added it to their Microsoft 365 tenant. What is the next step to use this domain for user email addresses?

9

A company has recently signed up for Microsoft 365 Business Premium. They want to change the default domain from onmicrosoft.com to a custom domain they own. Which step must be completed first before the custom domain can be used for user email addresses?

10

An administrator is managing a Microsoft 365 tenant and needs to delegate the ability to reset user passwords to a group of helpdesk staff. The helpdesk staff should not have any other administrative privileges. Which built-in role should the administrator assign?

11

An organization has just purchased Microsoft 365 subscriptions and wants to add their custom domain 'fabrikam.com' to the tenant. Which record must they add to their DNS provider to verify domain ownership?

12

An administrator needs to delegate the ability to manage user licenses and assign roles to a junior admin, but without granting them access to the Microsoft 365 admin center's other settings. Which role should the junior admin be assigned?

13

A company plans to migrate their email from an on-premises Exchange server to Exchange Online. They want to ensure that during the migration, mail sent to users who have already been migrated is delivered to Exchange Online, while mail for non-migrated users is delivered to on-premises. Which type of domain configuration should they use?

14

A new helpdesk administrator needs to be able to reset user passwords and manage user account properties, but should not be able to manage licenses or assign administrative roles. Which built-in role should be assigned?

15

An organization has just purchased Microsoft 365 Business Standard licenses. The administrator adds a new user through the admin center. By default, does the new user receive a welcome email with sign-in instructions?

16

A company has purchased Microsoft 365 Business Standard and added the custom domain 'fabrikam.com' to the tenant. The company wants all new users to have 'fabrikam.com' as their default email domain instead of the onmicrosoft.com domain. How should the administrator achieve this?

17

An organization has just purchased Microsoft 365 Business Standard licenses and has added the custom domain 'contoso.com' to the tenant. The administrator wants all new user email addresses to use '@contoso.com' instead of the default '@contoso.onmicrosoft.com'. How can this be achieved?

18

An administrator needs to delegate the ability to manage user licenses, assign admin roles, and reset passwords to a group of users, but these users should not be able to modify tenant-level settings or billing. Which built-in role should be assigned?

19

A company has purchased Microsoft 365 Business Premium and added a custom domain 'contoso.com' to the tenant. They want all new users to have email addresses like user@contoso.com instead of the default onmicrosoft.com domain. What should the administrator do in the Microsoft 365 admin center?

20

An organization has just signed up for Microsoft 365 E3 with the initial domain 'contoso.onmicrosoft.com'. They need to create the first user accounts. What will be the default email address format for these new users if no custom domain is added yet?

21

A company has just purchased Microsoft 365 Business Standard and added the custom domain 'fabrikam.com' to the tenant. They want to verify domain ownership. Which DNS record type must they add to their DNS provider?

22

A company wants to display a custom help desk phone number and email on the Microsoft 365 sign-in page so that users can contact support easily. Which area of the Microsoft 365 admin center should the administrator use to configure this?

23

An administrator wants to add custom branding to the Microsoft 365 sign-in page, including company logo and colors. Which section of the Microsoft 365 admin center should they navigate to?

24

A company purchases Microsoft 365 E5 licenses for 500 users. The administrator wants to automatically assign licenses to new users based on their group membership. Which method should the administrator use?

25

A company adds and verifies the custom domain 'contoso.com' in their Microsoft 365 tenant. However, emails sent to new users at user@contoso.com bounce back. The existing MX record for contoso.com points to the on-premises mail server. What is the most likely cause of the bounce?

26

An administrator needs to delegate the ability to view service health and manage service requests to a helpdesk team, without granting permissions to reset passwords, manage users, or access billing. Which built-in Microsoft 365 admin role should be assigned?

27

An administrator needs to open a Microsoft 365 support request because a critical service issue is affecting all users. Which two pieces of information should the administrator have readily available before contacting support? (Choose two.)

28

A company has just signed up for Microsoft 365 Business Standard without adding a custom domain. An administrator needs to create the first user accounts. What will be the default email address format for these new users?

29

After adding a custom domain name to a Microsoft 365 tenant, what is the first step the administrator must complete before users can sign in using the custom domain?

30

An administrator needs to delegate the ability to view sign-in logs, audit logs, and security recommendations to a junior admin without granting any other administrative permissions. The junior admin should not be able to reset passwords or modify settings. Which built-in Microsoft Entra role should the administrator assign?

31

An administrator wants to customize the Microsoft 365 sign-in page to display the company logo and custom sign-in text. Where in the Microsoft 365 admin center should the administrator go to configure this?

32

A company wants to ensure that all new users created in Microsoft 365 are automatically assigned a specific set of licenses based on their department. The company has 200 users across Sales, Marketing, and IT departments. Each department uses different Microsoft 365 license plans. Which approach should the administrator use?

33

A company wants to migrate from on-premises Exchange to Exchange Online. They need to synchronize user mailboxes. Which tool should they use?

34

An administrator adds the custom domain 'contoso.com' to a new Microsoft 365 tenant and needs to verify domain ownership. Which type of DNS record must be added to the public DNS zone to complete verification?

35

An administrator needs to open a Microsoft 365 support request because all users are experiencing intermittent service outages for Exchange Online. Before contacting support, which two pieces of information should the administrator have ready to ensure efficient troubleshooting? (Choose two.)

36

A company recently added the custom domain 'contoso.com' to their Microsoft 365 tenant. Users report that they cannot receive external email sent to their new domain addresses. The administrator confirmed that the domain status shows 'Active' in the Microsoft 365 admin center. What is the most likely cause of this issue?

37

A company with 200 on-premises Exchange mailboxes plans to migrate to Exchange Online. They want to use a Microsoft-provided tool that supports granular control over mailbox migrations, allows batch migrations, and provides detailed reporting. Which migration method should the administrator choose?

38

A company has 500 users across Sales, Marketing, and IT departments. User objects are synced from on-premises Active Directory to Microsoft Entra ID using Azure AD Connect. Each department requires different Microsoft 365 license plans (e.g., Sales needs E3, Marketing needs Business Premium, IT needs E5). The administrator wants to automatically assign the appropriate license based on the department attribute without manual intervention. Which approach should the administrator use?

39

An administrator adds the custom domain 'fabrikam.com' to a new Microsoft 365 tenant. After adding the domain, the status shows 'Pending verification'. Which type of DNS record must be added to the public DNS zone to complete domain ownership verification?

40

An administrator wants to prevent users from inviting guest users from the domain 'contoso.com' to the tenant. The administrator needs to block all invitations for that specific domain while allowing invitations from all other external domains. Which setting in Microsoft Entra ID should be configured?

41

A new employee has been hired and their account already exists in the on-premises Active Directory. The administrator needs to provide the employee with access to Microsoft 365 services as quickly as possible. What is the most efficient way to enable the user?

42

An administrator is setting up a new Microsoft 365 tenant and has added the custom domain 'contoso.com'. The domain status shows 'Pending verification'. Which type of DNS record must the administrator add to the public DNS zone to complete domain ownership verification?

43

A company has purchased 1000 Microsoft 365 E5 licenses and wants to automatically assign licenses to users based on their department attribute, which is synchronized from on-premises Active Directory. The department attribute is stored in Azure AD. Which automated method should the administrator use to achieve this?

44

An administrator adds the custom domain 'adatum.com' to a new Microsoft 365 tenant. In the Microsoft 365 admin center, the domain status shows 'Pending verification'. Which type of DNS record must the administrator add to the public DNS zone to complete the domain ownership verification?

45

A company recently acquired another company and needs to allow users from the acquired tenant to access its SharePoint Online sites as guest users, but only if those users already have accounts in the acquired Azure AD tenant. Which Microsoft 365 feature should be configured?

46

An administrator needs to configure email notifications for Exchange Online service health incidents to be sent to a specific IT support mailbox. Where should the administrator configure these notifications in the Microsoft 365 admin center?

47

An administrator wants to configure the company's organization profile in Microsoft 365, including the display name, technical contact, and privacy settings. Where should the administrator go in the Microsoft 365 admin center?

48

A user account was accidentally deleted 10 days ago. The administrator needs to restore the user's mailbox and OneDrive for Business content. Which method should the administrator use?

49

A company has registered the custom domain 'contoso.com' and wants to host email for the subdomain 'sales.contoso.com' in Exchange Online. They have already verified the root domain. What additional step is required?

50

An administrator needs to update the organization's display name, technical contact, and privacy statement URL in the Microsoft 365 admin center. Which page should they navigate to?

51

An organization uses a third-party SaaS application that supports SAML-based single sign-on. The application is not in the Azure AD gallery. What is the first step to configure SSO?

52

An administrator has configured group-based licensing in Azure AD. After adding users to the group, some users do not receive licenses. The users are in the group and have an assigned usage location. What is a possible reason?

53

An administrator has added a custom domain 'contoso.com' to their Microsoft 365 tenant and verified ownership. However, users are unable to receive emails sent to their custom domain. Which type of DNS record must the administrator add in the public DNS zone to route emails to Exchange Online?

54

A company has just purchased Microsoft 365 E3 licenses. They want to configure the default mailbox storage limit for all new users. Which setting should they modify?

55

A company needs to migrate several shared mailboxes from on-premises Exchange 2016 to Exchange Online. The company plans to keep some user mailboxes on-premises for now. Which migration strategy should they use for the shared mailboxes?

56

An administrator wants to add a second custom domain, 'contoso-europe.com', to their existing Microsoft 365 tenant. The domain 'contoso.com' is already verified. What is the first step the administrator should take?

57

A company has an existing Microsoft 365 tenant with the verified custom domain 'contoso.com'. The administrator now wants to add a second custom domain, 'contoso-europe.com', to the same tenant. What is the first step the administrator should take?

58

An administrator wants to receive real-time notifications for service incidents in Microsoft 365. The notifications must be sent to a Microsoft Teams channel instead of email. Which configuration should the administrator set up?

59

An administrator wants to add a custom domain 'fabrikam.com' to a new Microsoft 365 tenant. What is the first step the administrator should perform?

60

An administrator needs to configure the default anti-spam policy for all users in the Microsoft 365 Defender portal. Where should the administrator navigate to find these settings?

61

An administrator wants to restrict which users in the organization can create Microsoft 365 groups. The requirement is that only members of the IT department (identified by the department attribute in Azure AD) should be able to create groups. Which configuration should the administrator use?

62

An administrator has added the custom domain 'contoso.co.uk' to their Microsoft 365 tenant and verified ownership. Users now need to receive email at @contoso.co.uk. Which DNS record must the administrator add in the public DNS zone to route emails to Exchange Online?

63

A global administrator wants to track service health issues and configure notifications for service incidents. Which portal should they use to view the current health status and set up email notifications?

64

A company has a Microsoft 365 tenant with the domain contoso.com. They acquire a subsidiary with the domain fabrikam.com and want to add it as an additional domain to the same tenant. The domain is already purchased and DNS management is available. What is the first step the administrator should take in the Microsoft 365 admin center?

65

A new administrator needs to automatically assign Microsoft 365 E5 licenses to all users in the Sales department. The Sales department is identified by the 'department' attribute in Azure AD. Which licensing method should the administrator use to minimize manual effort?

66

An organization wants to receive email notifications for all service health incidents. Which role must an administrator have to configure service health notifications in the Microsoft 365 admin center?

67

A newly hired Microsoft 365 administrator needs to receive email notifications for all service health incidents. The administrator wants to ensure they have the necessary permissions to configure these notifications. Which role is the minimum role required to manage service health notifications in the Microsoft 365 admin center?

68

An administrator has added the custom domain 'fabrikam.com' to their Microsoft 365 tenant and is now ready to verify ownership. Which type of DNS record should the administrator create in the public DNS zone to complete the verification?

69

An administrator wants to add a custom domain 'contoso.com' to a new Microsoft 365 tenant. The domain is already registered and available. What is the first step the administrator should perform in the Microsoft 365 admin center?

70

A company has a Microsoft 365 tenant with domain contoso.com. They own an additional domain fabrikam.com and have already added and verified it with a TXT record. Now they need to configure email to be routed to Exchange Online for fabrikam.com. Which DNS record must they create?

71

An administrator needs to add a custom domain 'contoso.org' to their Microsoft 365 tenant. They have already purchased the domain and have access to the DNS registrar. What is the first step the administrator should perform in the Microsoft 365 admin center?

72

An organization plans to automatically assign Microsoft 365 E3 licenses to all users in the 'Finance' department. The Finance department is identified by the 'Department' attribute in Azure AD. Which method should the administrator use to minimize manual effort?

73

An administrator recently added a custom domain 'tailspintoys.com' to their Microsoft 365 tenant and verified it. They now need to configure the domain so that all recipient email addresses for 'info@tailspintoys.com' are delivered to a shared mailbox in Exchange Online. The domain is currently set as internal relay. What should the administrator do first to route email for this domain to Exchange Online?

74

An administrator is planning to migrate from on-premises Exchange to Exchange Online. The current on-premises environment is Exchange 2016. The company has a hybrid deployment with Azure AD Connect. They want to use the cutover migration method. What is a prerequisite for starting a cutover migration?

75

An administrator wants to verify ownership of a custom domain 'adatum.com' in their Microsoft 365 tenant. They have already added the domain and received the TXT record value. However, the administrator's DNS hosting provider does not support adding a TXT record. Which alternative record type can be used for domain verification?

76

You are planning the initial deployment of a new Microsoft 365 tenant for Contoso Ltd. Which three of the following actions are required or recommended as part of the tenant provisioning and initial configuration process? (Choose three.)

77

As a Microsoft 365 administrator, you need to manage tenant health and adoption effectively. Which three of the following tools or features should you use to monitor and improve your Microsoft 365 tenant's performance and user engagement? (Choose three.)

78

You are a Microsoft 365 Administrator for a multinational organization that is deploying a new Microsoft 365 tenant. The organization has strict compliance and security requirements. Which four of the following actions should you take to properly deploy and manage the tenant? Choose all that apply. (There are four correct answers.)

79

Drag and drop the steps to deploy Microsoft Defender for Office 365 policies in the correct order.

80

Drag and drop the steps to configure role-based access control (RBAC) in Microsoft 365 Defender in the correct order.

81

Match each Microsoft 365 plan to its included services.

82

Your organization plans to migrate from on-premises Exchange to Exchange Online. You need to ensure minimal disruption during the migration. Which approach should you recommend?

83

Your company recently deployed Microsoft 365 Copilot. Users report that Copilot occasionally generates responses based on sensitive internal documents that should not be shared broadly. What should you configure to restrict Copilot's access?

84

A user reports they cannot access Microsoft Teams. They see a message: 'Your account is not enabled for Teams.' You verify the user has a valid Microsoft 365 E3 license assigned. What is the most likely cause?

85

Your organization uses Microsoft Entra ID. You want to enforce Multi-Factor Authentication (MFA) for all users. You have already configured Conditional Access policies. However, some users are still able to sign in without MFA. What should you check first?

86

Your company is deploying Microsoft Defender for Office 365. The security team wants to automatically remove messages identified as malware from all mailboxes after delivery. What should you configure?

87

You need to ensure that guest users who are invited to your Microsoft Entra ID tenant can access resources without needing to accept an invitation. What should you configure?

88

Your organization wants to use Microsoft Intune to manage devices. You need to ensure that only corporate-owned devices can enroll. What configuration should you use?

89

Your company has a Microsoft 365 tenant with a custom domain (contoso.com). You need to verify domain ownership before enabling email routing. Which DNS record type should you add?

90

Your organization uses Microsoft Purview Information Protection. You need to ensure that when a user applies a sensitivity label to a document in SharePoint, the label is automatically applied to the document when it is downloaded. What should you configure?

91

Which TWO actions are required to enable Microsoft 365 Copilot for your organization?

92

Which THREE settings must be configured to set up a hybrid identity deployment using password hash synchronization?

93

Which TWO tools can be used to manage Microsoft 365 tenant settings and configurations?

94

Your organization plans to use Microsoft 365 Copilot. To ensure compliance, you need to prevent Copilot from accessing sensitive content in SharePoint Online document libraries that are labeled as 'Highly Confidential'. What should you configure?

95

Your organization uses Microsoft 365 E5 licenses. You need to implement a secure score improvement plan. After reviewing the Secure Score, you notice a recommendation to 'Enable sign-in risk policy' in Microsoft Entra ID. However, you want to ensure that users who sign in from trusted locations are not challenged. What should you configure?

96

You are deploying a new Microsoft 365 tenant for a company that has a single domain, contoso.com. You need to verify domain ownership to enable email routing. Which DNS record type must you add to the public DNS zone?

97

Your organization's Microsoft Intune environment enforces device compliance policies for iOS devices. You need to ensure that only devices with a passcode that is at least 6 characters and have jailbreak detection enabled are considered compliant. What should you configure?

98

Your company recently merged with another company that uses Microsoft 365. Both tenants have the same primary domain, contoso.com. You need to merge the two tenants into a single tenant while preserving user email addresses. What should you do?

99

You are configuring Microsoft Purview for your organization. You need to ensure that all external emails are automatically tagged with an 'External' label in the subject line. Which feature should you configure?

100

Your organization uses Microsoft Defender for Office 365. You need to configure a policy that automatically redirects emails containing malicious attachments to a quarantine folder for admin review. What type of policy should you create?

101

Your organization uses Microsoft 365 and has enabled Microsoft Entra ID P2 licenses. You need to configure automatic user provisioning for a third-party SaaS application that supports SCIM 2.0. What should you do first in the Microsoft Entra admin center?

102

Your organization is migrating from on-premises Exchange to Exchange Online. You need to ensure that users can access their mailboxes during the migration with minimal interruption. Which migration method should you use?

103

Your organization uses Microsoft 365 E5 licenses. You need to implement a solution to protect against ransomware attacks. Which TWO features should you configure?

104

You are designing a Microsoft 365 tenant for a multinational organization. You need to ensure compliance with data residency requirements. Which THREE actions should you take?

105

Your organization needs to manage guest access to Microsoft Teams. Which TWO methods can you use to control guest access?

106

Your organization is deploying Microsoft 365 and needs to ensure that all new users are automatically assigned a Microsoft 365 Business Basic license. You want to use a group-based licensing strategy with an Azure AD security group. What should you do first?

107

You are a Microsoft 365 administrator. Users report that they cannot access Microsoft Teams. You check the Microsoft 365 admin center and see that the service health for Microsoft Teams shows a 'Service degradation' incident. What is the most appropriate initial action?

108

Your company is migrating from on-premises Exchange to Exchange Online. You have configured a hybrid deployment. During testing, you notice that free/busy information is not being shared between on-premises and cloud users. All other hybrid features work. What is the most likely cause?

109

You need to ensure that all users in your Microsoft 365 tenant are automatically enrolled in Microsoft Intune when they sign up for Microsoft 365. You want to use the default enrollment policy. What should you do?

110

Your organization uses Microsoft Defender for Office 365. You have configured a safe attachment policy that should automatically detonate attachments in a sandbox before delivery. However, some users still receive malicious attachments. What should you check first?

111

You are a Microsoft 365 administrator. You need to allow external users to access a SharePoint Online site without requiring them to sign in. Which sharing setting should you enable?

112

Your company is using Microsoft 365 Business Premium. You want to ensure that all company-owned Windows 10 devices are automatically upgraded to Windows 11 when it becomes available through Windows Update. What should you configure?

113

Your organization has a Microsoft 365 E5 tenant. You want to ensure that all users are automatically signed in to Microsoft 365 apps using single sign-on (SSO) when they are on the corporate network. You have Azure AD joined the devices. What additional configuration is required?

114

You are a Microsoft 365 administrator. A user reports that they cannot send emails to a specific external domain. You check the Exchange Admin Center and see that the domain is not blocked. What should you check next?

115

Which TWO actions are required to enable Microsoft 365 Copilot for all users in your tenant?

116

Which THREE conditions must be met for a tenant-to-tenant migration of SharePoint Online content?

117

Which TWO are valid methods for adding custom domains to Microsoft 365?

118

You are reviewing a conditional access policy in Microsoft Entra ID. The policy is intended to block legacy authentication. However, users are still able to connect using Exchange ActiveSync without modern authentication. What is the most likely reason?

119

You run the PowerShell command shown in the exhibit for a Microsoft 365 tenant. The output shows DisplayName as 'Contoso', DefaultDomainName as 'contoso.onmicrosoft.com', and InitialDomain as 'contoso.onmicrosoft.com'. What does this indicate about the tenant?

120

You are reviewing an ARM template that will be used to deploy a storage account for a Microsoft 365 migration project. The template includes 'supportsHttpsTrafficOnly': true. What is the primary benefit of this setting?

121

Your organization uses Microsoft 365 E5 licenses for all users. You need to configure role-based access control (RBAC) so that helpdesk staff can reset passwords and manage licenses, but cannot modify user principal names (UPNs) or delete users. Which role assignment should you use?

122

Your company has implemented Microsoft Entra ID tenant restrictions to prevent data exfiltration. You need to ensure that external users from a partner organization can access a SharePoint Online site without being blocked by tenant restrictions. What should you do?

123

An administrator runs the PowerShell command shown in the exhibit. What is the immediate effect on the user?

124

Your organization has a Microsoft 365 tenant with 5,000 users. You need to plan for tenant migration from an on-premises Exchange environment. You have a limited maintenance window and want to minimize user impact. Which approach should you recommend?

125

You are a Microsoft 365 administrator. Users report that they cannot create Microsoft Teams meetings using the Teams desktop client. They receive an error: 'Meeting creation is disabled by your IT administrator.' You need to enable meeting creation. You check the Teams admin center and find that meeting policies are set to 'Off' for 'Allow private meeting scheduling'. However, after changing it to 'On', users still get the error. What is the most likely cause?

126

Your organization is planning to deploy Microsoft 365 Copilot. You need to ensure that all prerequisites are met. Which of the following is a mandatory prerequisite for enabling Microsoft 365 Copilot?

127

An administrator creates a Conditional Access policy as shown in the exhibit. A user reports that they can still access Exchange Online using Outlook (modern authentication). Why does the policy not block the user?

128

Your company uses Microsoft 365 and has recently deployed Microsoft Intune for mobile device management. You need to ensure that corporate data on iOS devices is protected by preventing users from copying data from managed apps to unmanaged apps. What should you configure?

129

Your organization needs to create a custom domain in Microsoft 365. You have added the domain 'contoso.com' to the tenant. What is the next step to verify domain ownership?

130

Your organization is planning to migrate from on-premises Active Directory to Microsoft Entra ID using Azure AD Connect. You need to ensure that password synchronization is enabled. Which TWO components are required for password synchronization to work?

131

Your organization uses Microsoft Purview to enforce data loss prevention (DLP) policies. You need to block users from sharing credit card numbers via email. Which THREE components are required to implement this policy?

132

Your organization is deploying Microsoft 365 Copilot. You need to ensure that data security is maintained. Which THREE actions should you take?

133

A Global Administrator signs in to the Microsoft 365 admin center but is not prompted for MFA. The policy in the exhibit is the only Conditional Access policy. What is the most likely reason?

134

Your organization has a hybrid identity setup with Azure AD Connect. You need to ensure that users can reset their passwords from the cloud and have the changes synchronized back to on-premises Active Directory. Which feature must you enable?

135

Your organization wants to use Microsoft Defender for Office 365 to protect against malicious links and attachments in email. Which Defender plan is required?

136

Your organization has a Microsoft 365 tenant configured with a custom domain contoso.com. Users report they cannot receive email from external senders; internal email works fine. You verify the MX record for contoso.com points to the Microsoft 365 mail exchanger. What should you check next?

137

Your organization is deploying Microsoft 365 for a multinational company. You need to ensure users in different regions authenticate against the nearest Microsoft Entra ID endpoint for performance. What should you configure?

138

Your Microsoft 365 tenant has been configured with Microsoft Entra ID Connect synchronization from on-premises Active Directory. Users are unable to log in to Microsoft 365 services. You check the synchronization status and see that the last sync was successful. What is the most likely cause?

139

Your organization uses Microsoft 365 Defender for Office 365. You need to ensure that phishing emails reported by users are automatically submitted for analysis in Microsoft Defender XDR. What should you configure?

140

You are planning a Microsoft 365 tenant migration from an on-premises Exchange environment. You need to minimize the impact on end users during the migration. Which migration approach should you use?

141

Your Microsoft 365 tenant contains sensitive financial data that must be retained for 7 years. You configure a retention policy in Microsoft Purview compliance portal. After 7 years, the data is still accessible to users. What is the most likely reason?

142

Your organization uses Microsoft Intune to manage Windows 10 devices. You need to ensure that only compliant devices can access Microsoft 365 resources. What should you configure?

143

You are configuring Microsoft Entra ID for a new organization. You need to ensure that users can self-service reset their passwords. Which licensing is required?

144

Your organization is implementing Microsoft Purview Data Loss Prevention (DLP) policies to protect sensitive data in Microsoft Teams. You need to ensure that DLP policies apply to both chat and channel messages. What should you configure?

145

Which TWO actions are required to configure a custom domain for your Microsoft 365 tenant?

146

Which THREE factors are considered when Microsoft Entra ID evaluates a conditional access policy?

147

Which TWO are valid methods to add users to a Microsoft 365 tenant?

148

The exhibit shows a DLP policy configuration. A user reports that they cannot share a document containing a credit card number from OneDrive for Business. However, the document was shared successfully last week. What is the most likely reason for the change?

149

The exhibit shows the output of a PowerShell command for a user. The user reports that they cannot access Microsoft Teams, although they have an E3 license (ENTERPRISEPACK). What is the most likely cause?

150

The exhibit shows a KQL query used in Microsoft 365 Defender. The query returns no results for admin@contoso.com. What is the most likely reason?

151

Your organization has a Microsoft 365 tenant configured with a custom domain. You need to verify domain ownership using a TXT record. Where in the Microsoft 365 admin center would you initiate this process?

152

A company has recently acquired a smaller organization and needs to consolidate both Microsoft 365 tenants. They want to minimize user disruption and retain existing email addresses. Which approach should they use?

153

You are a Microsoft 365 administrator for a multinational company. The security team reports that a large number of failed sign-in attempts are originating from unexpected IP ranges. The company uses Microsoft Entra ID for identity. What should you configure to automatically block these malicious sign-ins?

154

Your organization uses Microsoft 365 and wants to ensure that only compliant devices can access Exchange Online. You have Microsoft Intune for device management. What should you configure?

155

A user reports that they cannot access their Microsoft 365 mailbox via Outlook on the web. Other users can access their mailboxes. What is the most likely cause?

156

Your company is planning to adopt Microsoft Copilot for Microsoft 365. The security team is concerned about data leakage. What must you implement to ensure that Copilot respects your organization's sensitivity labels and data classification?

157

You need to delegate the ability to reset user passwords in Microsoft Entra ID to a helpdesk team. However, they should not be able to modify other user attributes. What role should you assign?

158

Your organization has a Microsoft 365 E5 subscription. You want to enable Microsoft Defender for Office 365 to protect against malicious attachments in email. Which policy should you configure?

159

Your company is required to retain all emails sent to and from executives for 7 years due to regulatory compliance. You need to implement this with minimal administrative overhead. What should you use?

160

Your organization uses Microsoft 365 and wants to implement a passwordless authentication strategy. Which TWO methods are supported natively in Microsoft Entra ID for passwordless sign-in?

161

Your company uses Microsoft Defender for Endpoint and wants to perform a live response on a device. Which THREE prerequisites must be met?

162

You need to configure Microsoft Purview Data Loss Prevention (DLP) to prevent sensitive data from being shared via email. Which THREE elements can you use to define the policy?

163

Refer to the exhibit. You are reviewing the service principal for Microsoft Graph in your tenant. The passwordCredentials array is empty. What does this indicate?

164

Refer to the exhibit. An administrator runs the KQL query in Microsoft Defender for Endpoint. The result set is empty. What is the most likely reason?

165

Refer to the exhibit. You have a Conditional Access policy configured as shown. What is the effect of this policy?

166

Your organization has a Microsoft 365 E5 tenant with 10,000 users. You need to ensure that when a user is detected as high-risk by Microsoft Entra ID Protection, the user is automatically blocked from accessing sensitive SharePoint sites. The solution should minimize administrative overhead. What should you do?

167

Your company is deploying Microsoft 365 for a new subsidiary with 500 users. You need to configure the initial tenant with a custom domain (contoso.com) and verify ownership. What is the first step you must perform?

168

Your Microsoft 365 tenant has 50,000 users. You are planning to migrate mailboxes from on-premises Exchange Server 2019 to Exchange Online using a full hybrid configuration. During the migration, you must ensure that free/busy information is synchronized between on-premises and Exchange Online. Which component is required for free/busy synchronization in a hybrid deployment?

169

You are a Microsoft 365 administrator. You need to ensure that users can reset their own passwords without contacting the help desk. Which TWO components must be configured?

170

Your organization is deploying Microsoft 365 Copilot for 200 users. You need to ensure that Copilot can access user data from Microsoft Graph to provide personalized responses. Which THREE permissions must be granted?

171

You are configuring Microsoft 365 tenant-to-tenant migration. Which THREE tasks must be completed before migrating users?

172

Refer to the exhibit. A Conditional Access policy is created in Microsoft Entra ID. The policy targets the Office 365 app (which includes Exchange Online). You have 1000 users assigned. What is the immediate effect of this policy on users who are currently signed in?

173

Refer to the exhibit. You run the PowerShell command in a Microsoft 365 tenant. What does the output indicate?

174

Refer to the exhibit. You are reviewing a Microsoft Entra ID Governance access review. The JSON shows an access review scope for a SharePoint site. What does the 'isExternallyAccessible': false setting indicate about the site?

175

Your organization uses Microsoft 365 Business Premium. You need to configure Windows 365 Cloud PCs for 10 users who require access to a custom line-of-business (LOB) application that is not compatible with Windows 11. The LOB app requires Windows 10 and 8 GB RAM. What is the most cost-effective Cloud PC configuration that meets the requirements?

176

You are a Microsoft 365 administrator. Your tenant has a Microsoft Entra ID P2 license. You need to create a dynamic group for all users whose department is 'Engineering' and who are located in the United States. Which rule syntax should you use?

177

Your company has a Microsoft 365 E5 tenant. You need to ensure that all external emails are marked with a warning banner at the top of the email body. What should you configure?

178

Your organization uses Microsoft Intune to manage Windows 10 devices. You need to deploy a custom PowerShell script that runs in the user context after every device restart. Which Intune policy type should you use?

179

Your Microsoft 365 tenant has a Microsoft Entra ID tenant with custom B2B collaboration settings. You need to allow external users from a specific domain (partner.com) to self-service sign up, but block all other external domains. What should you configure?

180

You need to ensure that all Microsoft 365 users in your organization have a consistent password policy that requires passwords to be at least 12 characters and include complexity requirements. What should you configure?

181

Your organization is planning to deploy Microsoft 365 for 500 users. You need to ensure that all users can authenticate using their on-premises Active Directory credentials while also enabling self-service password reset (SSPR) in the cloud. Which configuration should you implement?

182

A company has a Microsoft 365 E5 tenant with 10,000 users. You need to delegate the ability to manage Microsoft Entra ID roles to a group of support engineers. The solution must follow the principle of least privilege and allow engineers to assign only specific roles to users. What should you do?

183

Your organization uses Microsoft 365 Business Premium. You need to ensure that when a user is assigned an Intune license, the device automatically enrolls in Microsoft Intune. What should you configure?

184

A user reports that they cannot access Microsoft Teams from their mobile device. Other Microsoft 365 services work fine. You verify that the device is compliant with Intune policies. What is the most likely cause?

185

Your organization has a hybrid identity with Microsoft Entra Connect. You need to migrate from federation to password hash synchronization with seamless single sign-on (SSO). The migration must have minimal user impact. Which tool should you use?

186

You need to ensure that only users from your organization can access a SharePoint Online site. Which setting should you configure?

187

Your organization is implementing Microsoft 365 Copilot. You need to ensure that users' data is protected from being used for training the underlying AI models. What should you configure?

188

You have a Microsoft 365 E5 tenant with Microsoft Defender for Cloud Apps. You need to discover unsanctioned cloud apps used by users. What should you configure?

189

Your organization needs to enforce multi-factor authentication (MFA) for all users. You want to use a security default policy. What is the prerequisite?

190

Your organization is using Microsoft 365 Business Premium. You need to ensure that devices are automatically enrolled in Microsoft Intune when users sign in with their work account. Which TWO configurations are required?

191

You are planning a Microsoft 365 tenant migration from another tenant. You need to migrate email, OneDrive, and SharePoint content. Which THREE tools or methods can you use to migrate data?

192

Your organization is implementing Microsoft Purview Data Loss Prevention (DLP). You need to ensure that sensitive data such as credit card numbers cannot be shared externally via email. Which THREE components should you configure?

193

Refer to the exhibit. You are reviewing a Conditional Access policy in Microsoft Entra ID. What is the effect of this policy?

194

Refer to the exhibit. You are creating a custom role in Microsoft Entra ID for helpdesk staff. What can users assigned this role do?

195

Refer to the exhibit. You run this PowerShell command in your Microsoft 365 tenant. What is the purpose of the command?

196

Your organization is preparing to deploy Microsoft 365 for 5,000 users. You need to ensure that all users can authenticate using their existing on-premises Active Directory credentials while minimizing infrastructure changes. You also need to support self-service password reset (SSPR) for cloud-only users. Which authentication method should you recommend?

197

Your organization has a Microsoft 365 E5 tenant. You need to ensure that users are prompted to register for multifactor authentication (MFA) the first time they sign in. Which Microsoft Entra ID policy should you configure?

198

Your company recently acquired a subsidiary that uses a different Microsoft 365 tenant. You are tasked with merging the two tenants into one. The subsidiary has 1,500 users with unique email domains. You need to migrate all users, mailboxes, and SharePoint data while minimizing downtime and preserving data integrity. You have access to both tenants as global admin. What should you do first?

199

Your organization uses Microsoft 365 Copilot for Sales. You need to ensure that only licensed users can access Copilot features, and that usage is monitored for compliance. What should you configure?

200

Your company has a Microsoft 365 E3 tenant. You need to enable Microsoft Purview Data Loss Prevention (DLP) to prevent sensitive data from being shared externally via email. What must you do first?

201

Your organization has a Microsoft 365 tenant with 10,000 users. You are configuring Microsoft Entra ID Identity Protection to detect risky sign-ins. You need to ensure that when a sign-in risk level of 'High' is detected, the user is blocked from signing in and an administrator is notified. What should you configure?

202

Your organization uses Microsoft Intune for mobile device management (MDM). You need to enforce that all iOS and Android devices must have a screen lock password of at least 6 characters before they can access corporate email. What should you configure?

203

Your company is implementing Microsoft 365 Copilot for Microsoft 365. You need to ensure that Copilot can access data from across the organization, but only for users who have the appropriate permissions. What is the primary security boundary for Copilot data access?

204

Your organization recently deployed Microsoft Defender for Office 365. Users report that some legitimate external emails are being quarantined as phishing attempts. You need to reduce false positives without compromising security. What should you do?

205

Your organization has a Microsoft 365 E5 tenant with Microsoft Defender for Cloud Apps. You need to discover and control the use of unsanctioned cloud apps. Which TWO actions should you take? (Choose two.)

206

Your organization uses Microsoft Sentinel for security operations. You need to ensure that Sentinel can ingest logs from Microsoft 365 Defender (XDR) and Microsoft Entra ID. Which THREE data connectors should you enable? (Choose three.)

207

Your company is planning to use Microsoft 365 Copilot for Microsoft 365. Which THREE prerequisites are required for Copilot to function? (Choose three.)

208

Refer to the exhibit. You are reviewing an app registration in Microsoft Entra ID for the Microsoft Teams Admin Center. The permission shown is for another resource. What is the consequence of this permission configuration?

209

Refer to the exhibit. You run the PowerShell commands shown. The output displays 10 mailboxes with various RecipientTypeDetails, including UserMailbox, SharedMailbox, and RoomMailbox. You need to ensure that only user mailboxes are returned. What should you modify?

210

You are a Microsoft 365 administrator for Contoso Corporation, a multinational company with 20,000 users. The company uses Microsoft 365 E5, Microsoft Entra ID P2, Microsoft Defender XDR, Microsoft Purview, and Microsoft Intune. The security team wants to implement a zero-trust access model. Requirements: 1. All access to corporate resources must require multifactor authentication (MFA) and device compliance. 2. Users must register for MFA before accessing any app. 3. Legacy authentication protocols must be blocked for all users. 4. External collaboration must be governed by identity governance. 5. Sensitive data in SharePoint Online must be protected by DLP. 6. All administrative actions must be audited. You need to design the configuration. Which combination of actions should you take?

211

Your organization uses Microsoft 365 E5 licenses. You need to ensure that all external sharing links for SharePoint Online expire after 30 days by default. You configure this in the SharePoint admin center. However, users report that links created before the change still do not have an expiration. What should you do?

212

You are deploying Microsoft 365 for a new subsidiary. The subsidiary has a single domain subsidiary.com. You need to configure a hybrid identity solution with Microsoft Entra ID. The on-premises Active Directory has a single domain and all user accounts are synchronized using Microsoft Entra Connect. You want to ensure that users can sign in to Microsoft 365 using their on-premises credentials without exposing the password hash to Microsoft. What should you do?

213

Your company has a Microsoft 365 E5 subscription. You need to configure multi-factor authentication (MFA) for all users. However, the CEO insists that he should not be prompted for MFA when connecting from the corporate office. What should you do?

214

Your organization has a Microsoft 365 tenant with a custom domain contoso.com. You have configured Exchange Online to accept emails for contoso.com. You now need to add a subdomain sales.contoso.com and ensure that email sent to sales.contoso.com is delivered to a specific shared mailbox. What should you do?

215

You manage a Microsoft 365 tenant for a multinational corporation. You need to implement Microsoft Purview Information Protection to automatically classify and protect documents containing credit card numbers. The solution must apply encryption automatically when a document is saved to SharePoint Online. What should you do?

216

Your organization uses Microsoft 365 Business Premium. You need to ensure that all Windows 10 devices are enrolled in Microsoft Intune and comply with a device compliance policy that requires BitLocker encryption and a minimum OS version. What should you do first?

217

You have a Microsoft 365 E5 tenant. Users report that they cannot access the Microsoft 365 admin center (https://admin.microsoft.com). You verify that they have the Global Administrator role assigned. You check the sign-in logs in Microsoft Entra ID and see that the sign-in was blocked by a Conditional Access policy. The policy requires MFA and a compliant device. The users are using personal devices that are not enrolled. What should you do to allow access while maintaining security?

218

Your company is deploying Microsoft 365 Copilot. You need to ensure that users can use Copilot in Word, Excel, and PowerPoint. The licensing is in place. However, you are concerned about data leakage. You want to ensure that Copilot does not use sensitive organizational data when generating content. What should you configure in Microsoft 365?

219

Your organization has a Microsoft 365 E5 tenant. You need to set up a shared mailbox for the IT help desk (helpdesk@contoso.com). The help desk team needs to monitor the mailbox and respond to emails. What is the recommended way to grant access to the shared mailbox?

220

You are reviewing a Conditional Access policy in Microsoft Entra ID. The exhibit shows the policy configuration. You need to allow users to access Office 365 applications from personal devices that are not enrolled in Microsoft Intune. However, the policy currently blocks access because it requires a compliant device. Users are prompted for MFA but then blocked due to device compliance. What should you modify in the policy?

221

Your organization is planning to migrate from on-premises Exchange to Exchange Online. You need to choose a migration strategy. Which TWO statements about migration methods are correct?

222

You are implementing Microsoft Defender for Office 365. You need to configure anti-phishing policies to protect against user impersonation. Which THREE settings should you configure?

223

Your company uses Microsoft 365 Business Premium. You need to configure Microsoft Entra ID Protection to automatically remediate risks. Which TWO risk remediation actions can be configured?

224

You are the Microsoft 365 administrator for a large enterprise with 50,000 users. The company is deploying Microsoft 365 Copilot for all users. You need to ensure that the data used by Copilot is protected and that Copilot does not inadvertently expose sensitive information. The company has strict data residency requirements: all data must remain within the European Union (EU). You have already configured data boundaries in Microsoft 365 to keep data in the EU. However, you are concerned about Copilot's AI model training. You need to implement additional controls. The company uses Microsoft Purview Information Protection with sensitivity labels. You have created a sensitivity label "Highly Confidential" that applies encryption and a "Confidential" label that applies visual markings. You also have a DLP policy that prevents sharing of "Highly Confidential" data externally. You need to ensure that when a user uses Copilot with a document labeled "Highly Confidential", the Copilot response does not include any of the sensitive content from that document. What should you do?

225

Your organization has a hybrid identity deployment with Microsoft Entra Connect. You have synchronized all on-premises Active Directory users to Microsoft Entra ID. You need to enable Microsoft Entra ID Password Protection to automatically block weak passwords. You have installed the Password Protection proxy on a server and registered it. You also need to enforce the password protection policy for on-premises users. What additional step is required?

226

You are a Microsoft 365 administrator for a small business with 50 users. The company is using Microsoft 365 Business Basic. You need to configure email for the custom domain contoso.com. You have added the domain in the Microsoft 365 admin center and verified ownership. Users currently have onmicrosoft.com email addresses. You need to change the primary email address for all users to their custom domain (e.g., user@contoso.com). What should you do?

227

Contoso recently acquired a company with an existing Microsoft 365 tenant. You need to migrate their user accounts and mailboxes to the Contoso tenant. The acquired company uses a custom domain for email. You must ensure minimal disruption and maintain email flow during migration. What should you do first?

228

Your organization uses Microsoft Defender for Identity and has enabled Microsoft Secure Score. You notice that the Secure Score for Identity has dropped significantly after a recent configuration change. Which action is most likely to have caused the decrease?

229

A user reports that they cannot access their Microsoft 365 mailbox from the Outlook desktop client, but they can access it via Outlook on the web. Other users in the same tenant are not experiencing issues. What is the most likely cause?

230

You are configuring Microsoft Purview Information Protection for your tenant. You need to ensure that documents containing credit card numbers are automatically labeled as 'Highly Confidential' and encrypted. Which two components must you configure?

231

Your organization uses Microsoft Intune to manage Windows 10 devices. You need to deploy a custom Line-of-Business (LOB) app to a group of devices. The app is not in the Microsoft Store. What is the recommended method to deploy the app?

232

You need to configure Microsoft Teams to allow external access for federation with another organization. The other organization uses a different domain. Which setting must you enable in the Teams admin center?

233

Your organization has a Microsoft 365 E5 subscription. You need to enforce that all users must use multi-factor authentication (MFA) when accessing Microsoft 365 services. Which TWO components should you configure?

234

Your organization is deploying Windows 11 using Microsoft Intune. You need to ensure that devices are automatically enrolled in Intune when users sign in with their Microsoft Entra ID credentials. Which THREE prerequisites must be met?

235

You are implementing Microsoft Purview Data Lifecycle Management. You need to retain all emails for a minimum of 5 years but automatically delete them after 7 years. Which TWO actions should you configure?

236

Your organization uses Microsoft Defender for Cloud Apps. You need to create a policy that automatically blocks downloads of files containing sensitive information from SharePoint Online to unmanaged devices. What type of policy should you create?

237

You need to ensure that only users from your organization's on-premises Active Directory can access Microsoft 365 services. You have Microsoft Entra Connect configured. What is the simplest way to prevent cloud-only user accounts from signing in?

238

Contoso is a multinational company with 50,000 users. They have a Microsoft 365 E5 subscription and use Microsoft Entra ID for identity. They recently deployed Microsoft Copilot for Microsoft 365 to 10,000 users. The security team wants to ensure that Copilot responses do not expose sensitive information. They also need to monitor Copilot usage for unusual activity. The company uses Microsoft Purview Information Protection and Microsoft Defender for Cloud Apps. You need to configure the environment to meet these requirements. Which action should you take?

239

Your organization has 5,000 users and uses Microsoft 365 E3. You are planning to migrate from on-premises Exchange to Exchange Online. You have already synchronized identities using Microsoft Entra Connect. The CIO wants to ensure that users can continue to access their email if the internet connection to Microsoft 365 is temporarily lost. You need to recommend a solution that provides offline access while minimizing cost and administrative overhead. What should you recommend?

240

You are a Microsoft 365 administrator for a small business with 50 users. The company uses Microsoft 365 Business Premium. You need to ensure that all users have multi-factor authentication (MFA) enabled. The company does not have any custom conditional access policies. You want to implement MFA as quickly as possible with minimal configuration. What should you do?

241

You are the Microsoft 365 administrator for a large enterprise. You need to ensure that only users with a valid business justification can access sensitive data stored in SharePoint Online. The solution must enforce access reviews and provide detailed reports for auditors. Which TWO actions should you take?

242

Your company is deploying Microsoft 365 Copilot for all users. You need to ensure that Copilot responses are grounded only in organizational data that users already have permission to access. Additionally, you must comply with data residency requirements in the European Union. Which THREE actions should you take?

243

You are the Microsoft 365 administrator for Contoso, a company with 5,000 users. The company recently acquired a subsidiary, Fabrikam, which has 2,000 users currently using on-premises Exchange and Active Directory. The goal is to migrate Fabrikam users to Microsoft 365 and merge their identities into the existing Contoso tenant. The migration must minimize user password changes and preserve existing email addresses. You need to plan the identity migration. What should you do first?

244

Your organization uses Microsoft 365 and has strict compliance requirements. The compliance officer has noticed that some users are able to access sensitive documents from unmanaged devices. You need to ensure that all access to sensitive data from unmanaged devices is blocked, while still allowing access from managed devices. The solution must be implemented using Microsoft Entra ID and Microsoft Intune. You have already deployed Microsoft Intune for mobile device management. What should you do?

245

You are the Microsoft 365 administrator for a multinational company. The company has deployed Microsoft Defender for Office 365 and Microsoft Defender for Cloud Apps. Recently, the security team detected that a user's credentials were compromised and used to access SharePoint Online from an unusual location. You need to investigate the incident and determine the full scope of the breach. The solution must use Microsoft 365 Defender to correlate events. What should you do first?

246

Your organization is planning to deploy Microsoft 365 Copilot for all users. The compliance team has concerns about data leakage through Copilot responses. Specifically, they want to ensure that Copilot does not generate responses based on highly confidential data labeled with the 'Highly Confidential' sensitivity label. Additionally, users must be able to use Copilot for general productivity tasks. You need to configure Microsoft 365 Copilot to meet these requirements. The solution must use Microsoft Purview Information Protection. What should you do?

247

You are the Microsoft 365 administrator for a company with a hybrid identity configuration using Azure AD Connect. The company has a custom domain 'contoso.com' federated with Active Directory Federation Services (ADFS). All users are synced from on-premises Active Directory. The security team wants to implement Microsoft Entra ID Protection to detect risky sign-ins. However, they are concerned that federated authentication bypasses some risk detection capabilities. You need to ensure that Microsoft Entra ID Protection can evaluate risk for all sign-ins, including federated ones. What should you do?

248

Your company uses Microsoft 365 Business Premium. You need to ensure that all company-owned Windows 10 devices are automatically enrolled in Microsoft Intune when users sign in with their work account. The devices are Azure AD joined. You have configured automatic enrollment in Intune. However, some devices are not enrolling. You need to troubleshoot the issue. What should you check first?

Practice all 248 Deploy and manage a Microsoft 365 tenant questions

Other MS-102 exam domains

Implement and manage Microsoft Entra identity and accessManage security and threats by using Microsoft Defender XDRManage compliance by using Microsoft PurviewManage users, groups, licensing, and supportImplement and manage identity and access in Microsoft Entra ID

Frequently asked questions

What does the Deploy and manage a Microsoft 365 tenant domain cover on the MS-102 exam?

The Deploy and manage a Microsoft 365 tenant domain covers the key concepts tested in this area of the MS-102 exam blueprint published by Microsoft. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all MS-102 domains — no account required.

How many Deploy and manage a Microsoft 365 tenant questions are in the MS-102 question bank?

The Courseiva MS-102 question bank contains 248 questions in the Deploy and manage a Microsoft 365 tenant domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Deploy and manage a Microsoft 365 tenant for MS-102?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Deploy and manage a Microsoft 365 tenant questions for MS-102?

Yes — the session launcher on this page draws questions exclusively from the Deploy and manage a Microsoft 365 tenant domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your MS-102 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

MS-900AZ-104