Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certifications›MS-102›Objectives›Implement and manage identity and access in Microsoft Entra ID
Objective 2.0

Implement and manage identity and access in Microsoft Entra ID

MS-102 Practice Questions

Use this page to practise Implement and manage identity and access in Microsoft Entra ID questions for this certification. Focus on how the exam tests implement and manage identity and access in microsoft entra id in scenario format — understanding the why behind each answer builds more durable knowledge than memorising options.

Full Practice Test →All Objectives

What this objective tests

MS-102 Implement and manage identity and access in Microsoft Entra ID — Key Topics

Implement and manage identity and access in Microsoft Entra ID questions on this certification test your ability to deploy and manage implement and manage identity and access in microsoft entra id concepts in scenario-based situations.

  • Core Implement and manage identity and access in Microsoft Entra ID concepts and how they apply in real-world cloud scenarios.
  • How to deploy implement and manage identity and access in microsoft entra id correctly and verify the outcome.
  • Troubleshooting implement and manage identity and access in microsoft entra id issues by interpreting error output and system state.
  • Cloud best practices and Implement and manage identity and access in Microsoft Entra ID design trade-offs tested by this certification.

Common exam traps

Where candidates lose marks on Implement and manage identity and access in Microsoft Entra ID

  • ⚠Selecting the most expensive service when a simpler managed option meets the requirement.
  • ⚠Forgetting that cloud resources must be explicitly secured — defaults are rarely secure.
  • ⚠Choosing a global service fix when the issue is region-specific.
  • ⚠Overlooking cost implications of cross-region data transfer in architecture questions.

MS-102 Implement and manage identity and access in Microsoft Entra ID — Practice Questions

30 questions from this objective

Question 2hardmulti select
Full question →

An organization has Microsoft Entra ID P2 licenses and wants to configure a Conditional Access policy to restrict access to Microsoft 365 services. Which of the following can be used as conditions in the policy? (Choose two that apply)

Question 3mediummultiple choice
Full question →

An organization with Microsoft Entra ID P2 licenses wants to require multi-factor authentication (MFA) for all users but allow them to register their authentication methods before being forced to use MFA. Which configuration should they implement?

Question 4mediummultiple choice
Full question →

An organization wants to enforce that all administrators use a phishing-resistant authentication method (e.g., FIDO2 security keys or Windows Hello for Business) when accessing Microsoft 365 admin portals. Which Microsoft Entra ID feature should be used?

Question 5hardmultiple choice
Full question →

An organization with Microsoft Entra ID P2 licenses needs to enforce that all users accessing the Azure portal must use FIDO2 security keys for multi-factor authentication. Which configuration should be implemented?

Question 6mediummultiple choice
Full question →

An organization wants to enable users to reset their own passwords using the Microsoft Authenticator app and to prevent reuse of the last five passwords. Which Microsoft Entra ID features should be configured?

Question 7easymultiple choice
Full question →

A company wants to ensure that all new users register for multi-factor authentication (MFA) within 14 days of account creation. Which Microsoft Entra ID feature should be used?

Question 8hardmultiple choice
Full question →

An organization has multiple Microsoft Entra ID tenants and wants to allow partner users to access internal applications using their own corporate credentials. Which feature should be used to enable this?

Question 9easymultiple choice
Full question →

An organization uses Microsoft Entra ID. They want to ensure that users cannot install browser extensions from the Microsoft Edge Add-ons store on managed devices. Which Microsoft Entra ID feature should they use to enforce this policy?

Question 10mediummultiple choice
Full question →

An organization uses Microsoft Entra ID P2 licenses. They want to implement a policy that forces users to perform multi-factor authentication (MFA) only when they sign in from an untrusted location. The trusted locations include the corporate office IP range. Which type of policy should they create?

Question 11hardmultiple choice
Full question →

An organization uses Microsoft Entra ID with Pass-through Authentication (PTA) and Seamless Single Sign-On (SSO). They notice that password changes in on-premises Active Directory are not reflecting immediately in Microsoft Entra ID for some users. What is the most likely cause?

Question 12hardmulti select
Full question →

A company uses Microsoft Entra ID with conditional access policies. They need to ensure that all external users who are invited via B2B collaboration must perform multi-factor authentication (MFA) when accessing the corporate SharePoint Online site. Which two configurations are required? (Choose two.)

Question 13mediummultiple choice
Read the full NAT/PAT explanation →

An organization wants to allow users to sign in to Microsoft 365 using their on-premises Active Directory credentials but does not want to synchronize password hashes to the cloud. They also want to eliminate the need for users to re-enter their credentials when accessing cloud resources from domain-joined devices. Which combination of authentication methods should they implement?

Question 14mediummultiple choice
Full question →

Contoso uses Microsoft Entra ID P1 licenses and has a dedicated corporate office with static public IP addresses. The company wants to require MFA for all users, but exempt users when they connect from the corporate office. Which configuration should the administrator implement?

Question 15hardmultiple choice
Full question →

A company invites external partners as B2B guest users in Microsoft Entra ID. The partners' home tenants do not support MFA. The company wants to require MFA when guests access an internal application. What should the company configure?

Question 16mediummultiple choice
Full question →

A company uses Microsoft Entra ID with password hash synchronization. The security team wants to prevent users from setting passwords that include their username or common terms from a custom dictionary (e.g., company name, product names). Which feature should be configured?

Question 17mediummultiple choice
Full question →

A company uses Microsoft Entra ID P2 licenses. They want to ensure that all users are forced to use MFA when accessing a SaaS application from non-corporate networks. Corporate networks are identified by a set of IP ranges. Service accounts must be excluded from this requirement. Which policy should be created?

Question 18mediummultiple choice
Full question →

A company uses Microsoft Entra ID with Pass-through Authentication. The security team wants to block all sign-ins from countries that are not approved (e.g., high-risk regions). Which feature should they use?

Question 19mediummultiple choice
Full question →

A company has a hybrid identity with password hash synchronization. They want to ensure that any user whose account is disabled in on-premises Active Directory is automatically prevented from signing in to Microsoft 365. How can this be achieved?

Question 20mediummultiple choice
Full question →

An organization uses Microsoft Entra ID P2 licenses. They need to require multi-factor authentication (MFA) for all users accessing a critical financial application, but they must exclude a set of service accounts that are members of the 'Service Accounts' group. Which policy should they create?

Question 21mediummultiple choice
Full question →

A company uses Password Hash Synchronization (PHS) to synchronize identities to Microsoft Entra ID. They want to enable users to access Microsoft 365 applications from their domain-joined work devices without being prompted to re-enter their credentials. Which feature should they enable in addition to PHS?

Question 22mediummultiple choice
Read the full NAT/PAT explanation →

A company uses Microsoft Entra ID P2 licenses. A security administrator needs to grant a user temporary elevation to the Global Administrator role for a specific task. The elevation should require approval from a designated group and be time-limited. Which Microsoft Entra feature should be configured?

Question 23hardmultiple choice
Full question →

A company (Contoso) frequently collaborates with a partner company (Fabrikam) via B2B collaboration. Contoso wants to require Fabrikam's guest users to perform MFA using Contoso's MFA policies, ignoring any MFA claims from the Fabrikam home tenant. However, Fabrikam's users already have MFA enabled in their home tenant. What should Contoso configure in their cross-tenant access settings?

Question 24easymultiple choice
Full question →

A company wants to reduce help desk calls by allowing users to reset their own passwords securely. Users should be able to reset their passwords using a mobile phone number or email as verification. Which Microsoft Entra ID feature should be enabled?

Question 25hardmultiple choice
Full question →

A company uses Microsoft Entra ID P2 licenses. They want to create a Conditional Access policy that requires MFA for all users, but the policy should only be enforced when the sign-in risk is medium or higher. Additionally, they need to exclude a group named 'Emergency Access' from this policy. Which configuration is correct?

Question 26mediummultiple choice
Full question →

A company wants to allow users to reset their own forgotten passwords using a mobile app notification as the verification method. Which Microsoft Entra feature should be enabled and configured?

Question 27mediummultiple choice
Full question →

A company uses Microsoft Entra ID P2 licenses. They want to block all authentication attempts from an internal app that uses legacy authentication protocols (POP3, IMAP, SMTP) because these protocols cannot enforce multi-factor authentication. Which Conditional Access policy setting should be used?

Question 28mediummultiple choice
Full question →

A company uses Microsoft Entra ID P1 licenses. They want to enforce multi-factor authentication (MFA) for all users accessing a critical cloud application. However, they have a group of service accounts that cannot perform MFA and must be excluded. What is the recommended approach?

Question 29mediummultiple choice
Full question →

A company uses Microsoft Entra ID P2 licenses and wants to block all authentication attempts from an internal legacy application that uses POP3 and SMTP protocols. The application cannot be updated and must be blocked from accessing Exchange Online. Which Conditional Access policy setting should the administrator configure?

Question 30mediummultiple choice
Full question →

Contoso frequently collaborates with a partner company (Fabrikam) via B2B collaboration. Contoso uses Microsoft Entra ID P2 licenses and wants to require Fabrikam's guest users to authenticate using Contoso's MFA policies, ignoring any MFA claims from the Fabrikam home tenant. Fabrikam already has MFA enabled for its users. What configuration should Contoso make in their cross-tenant access settings?

Question 31mediummultiple choice
Full question →

A company uses Microsoft Entra ID P2 licenses. They want to require multi-factor authentication (MFA) for all users when accessing the Azure Management portal, but only from devices that are not marked as compliant. Additionally, a group named 'BreakGlass' must be excluded from this requirement. Which Conditional Access policy configuration should be applied?

More Implement and manage identity and access in Microsoft Entra ID questions available in the full practice test.

Continue Practising →

All MS-102 Objectives

  • 2.Implement and manage identity and access in Microsoft Entra ID