Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Implement and manage identity and access in Microsoft Entra ID practice sets

MS-102 Implement and manage identity and access in Microsoft Entra ID • Complete Question Bank

MS-102 Implement and manage identity and access in Microsoft Entra ID — All Questions With Answers

Complete MS-102 Implement and manage identity and access in Microsoft Entra ID question bank — all 0 questions with answers and detailed explanations.

82
Questions
Free
No signup
Certifications/MS-102/Practice Test/Implement and manage identity and access in Microsoft Entra ID/All Questions
Question 1hardmulti select
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

An organization has Microsoft Entra ID P2 licenses and wants to configure a Conditional Access policy to restrict access to Microsoft 365 services. Which of the following can be used as conditions in the policy? (Choose two that apply)

Question 2mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

An organization with Microsoft Entra ID P2 licenses wants to require multi-factor authentication (MFA) for all users but allow them to register their authentication methods before being forced to use MFA. Which configuration should they implement?

Question 3mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

An organization wants to enforce that all administrators use a phishing-resistant authentication method (e.g., FIDO2 security keys or Windows Hello for Business) when accessing Microsoft 365 admin portals. Which Microsoft Entra ID feature should be used?

Question 4hardmultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

An organization with Microsoft Entra ID P2 licenses needs to enforce that all users accessing the Azure portal must use FIDO2 security keys for multi-factor authentication. Which configuration should be implemented?

Question 5mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

An organization wants to enable users to reset their own passwords using the Microsoft Authenticator app and to prevent reuse of the last five passwords. Which Microsoft Entra ID features should be configured?

Question 6easymultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company wants to ensure that all new users register for multi-factor authentication (MFA) within 14 days of account creation. Which Microsoft Entra ID feature should be used?

Question 7hardmultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

An organization has multiple Microsoft Entra ID tenants and wants to allow partner users to access internal applications using their own corporate credentials. Which feature should be used to enable this?

Question 8easymultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

An organization uses Microsoft Entra ID. They want to ensure that users cannot install browser extensions from the Microsoft Edge Add-ons store on managed devices. Which Microsoft Entra ID feature should they use to enforce this policy?

Question 9mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

An organization uses Microsoft Entra ID P2 licenses. They want to implement a policy that forces users to perform multi-factor authentication (MFA) only when they sign in from an untrusted location. The trusted locations include the corporate office IP range. Which type of policy should they create?

Question 10hardmultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

An organization uses Microsoft Entra ID with Pass-through Authentication (PTA) and Seamless Single Sign-On (SSO). They notice that password changes in on-premises Active Directory are not reflecting immediately in Microsoft Entra ID for some users. What is the most likely cause?

Question 11hardmulti select
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Microsoft Entra ID with conditional access policies. They need to ensure that all external users who are invited via B2B collaboration must perform multi-factor authentication (MFA) when accessing the corporate SharePoint Online site. Which two configurations are required? (Choose two.)

Question 12mediummultiple choice
Read the full NAT/PAT explanation →

An organization wants to allow users to sign in to Microsoft 365 using their on-premises Active Directory credentials but does not want to synchronize password hashes to the cloud. They also want to eliminate the need for users to re-enter their credentials when accessing cloud resources from domain-joined devices. Which combination of authentication methods should they implement?

Question 13mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

Contoso uses Microsoft Entra ID P1 licenses and has a dedicated corporate office with static public IP addresses. The company wants to require MFA for all users, but exempt users when they connect from the corporate office. Which configuration should the administrator implement?

Question 14hardmultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company invites external partners as B2B guest users in Microsoft Entra ID. The partners' home tenants do not support MFA. The company wants to require MFA when guests access an internal application. What should the company configure?

Question 15mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Microsoft Entra ID with password hash synchronization. The security team wants to prevent users from setting passwords that include their username or common terms from a custom dictionary (e.g., company name, product names). Which feature should be configured?

Question 16mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Microsoft Entra ID P2 licenses. They want to ensure that all users are forced to use MFA when accessing a SaaS application from non-corporate networks. Corporate networks are identified by a set of IP ranges. Service accounts must be excluded from this requirement. Which policy should be created?

Question 17mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Microsoft Entra ID with Pass-through Authentication. The security team wants to block all sign-ins from countries that are not approved (e.g., high-risk regions). Which feature should they use?

Question 18mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company has a hybrid identity with password hash synchronization. They want to ensure that any user whose account is disabled in on-premises Active Directory is automatically prevented from signing in to Microsoft 365. How can this be achieved?

Question 19mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

An organization uses Microsoft Entra ID P2 licenses. They need to require multi-factor authentication (MFA) for all users accessing a critical financial application, but they must exclude a set of service accounts that are members of the 'Service Accounts' group. Which policy should they create?

Question 20mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Password Hash Synchronization (PHS) to synchronize identities to Microsoft Entra ID. They want to enable users to access Microsoft 365 applications from their domain-joined work devices without being prompted to re-enter their credentials. Which feature should they enable in addition to PHS?

Question 21mediummultiple choice
Read the full NAT/PAT explanation →

A company uses Microsoft Entra ID P2 licenses. A security administrator needs to grant a user temporary elevation to the Global Administrator role for a specific task. The elevation should require approval from a designated group and be time-limited. Which Microsoft Entra feature should be configured?

Question 22hardmultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company (Contoso) frequently collaborates with a partner company (Fabrikam) via B2B collaboration. Contoso wants to require Fabrikam's guest users to perform MFA using Contoso's MFA policies, ignoring any MFA claims from the Fabrikam home tenant. However, Fabrikam's users already have MFA enabled in their home tenant. What should Contoso configure in their cross-tenant access settings?

Question 23easymultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company wants to reduce help desk calls by allowing users to reset their own passwords securely. Users should be able to reset their passwords using a mobile phone number or email as verification. Which Microsoft Entra ID feature should be enabled?

Question 24hardmultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Microsoft Entra ID P2 licenses. They want to create a Conditional Access policy that requires MFA for all users, but the policy should only be enforced when the sign-in risk is medium or higher. Additionally, they need to exclude a group named 'Emergency Access' from this policy. Which configuration is correct?

Question 25mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company wants to allow users to reset their own forgotten passwords using a mobile app notification as the verification method. Which Microsoft Entra feature should be enabled and configured?

Question 26mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Microsoft Entra ID P2 licenses. They want to block all authentication attempts from an internal app that uses legacy authentication protocols (POP3, IMAP, SMTP) because these protocols cannot enforce multi-factor authentication. Which Conditional Access policy setting should be used?

Question 27mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Microsoft Entra ID P1 licenses. They want to enforce multi-factor authentication (MFA) for all users accessing a critical cloud application. However, they have a group of service accounts that cannot perform MFA and must be excluded. What is the recommended approach?

Question 28mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Microsoft Entra ID P2 licenses and wants to block all authentication attempts from an internal legacy application that uses POP3 and SMTP protocols. The application cannot be updated and must be blocked from accessing Exchange Online. Which Conditional Access policy setting should the administrator configure?

Question 29mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

Contoso frequently collaborates with a partner company (Fabrikam) via B2B collaboration. Contoso uses Microsoft Entra ID P2 licenses and wants to require Fabrikam's guest users to authenticate using Contoso's MFA policies, ignoring any MFA claims from the Fabrikam home tenant. Fabrikam already has MFA enabled for its users. What configuration should Contoso make in their cross-tenant access settings?

Question 30mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Microsoft Entra ID P2 licenses. They want to require multi-factor authentication (MFA) for all users when accessing the Azure Management portal, but only from devices that are not marked as compliant. Additionally, a group named 'BreakGlass' must be excluded from this requirement. Which Conditional Access policy configuration should be applied?

Question 31mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Microsoft Entra ID P1 licenses. They want to allow access to a sensitive cloud application only from the company's trusted office IP ranges (10.0.0.0/24). However, the executive team (group "Execs") must be able to access the app from any location. Which Conditional Access policy configuration should the administrator use?

Question 32hardmulti select
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company wants to enable self-service password reset (SSPR) for all users. Which two configurations are mandatory to allow users to reset their own passwords? (Choose two.)

Question 33mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company wants to require MFA for all users when they access Office 365 from any network location that is not the company's trusted IP ranges. Which Conditional Access policy configuration should be applied?

Question 34mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Microsoft Entra ID P2 licenses and wants to enforce multi-factor authentication (MFA) for all users when accessing corporate applications. However, a small group of break-glass accounts must be excluded from MFA requirements to ensure emergency access. The administrator creates a Conditional Access policy targeting all users. Which configuration should be applied to achieve the exclusion?

Question 35hardmultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Microsoft Entra ID P2 licenses and wants to implement just-in-time (JIT) privileged access for administrators. Security requirements state that Global Administrator role members must request approval and provide a business justification before their role activation expires after 4 hours. Which Microsoft Entra feature should be configured?

Question 36mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company has an on-premises Active Directory environment and wants to sync user identities to Microsoft Entra ID while avoiding storing password hashes in the cloud. The company wants to provide seamless single sign-on (SSO) for domain-joined devices. Which authentication method should be chosen?

Question 37mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A junior administrator needs permission to view sign-in logs, audit logs, and security recommendations in the Microsoft Entra admin center, but must not be able to reset passwords, modify settings, or manage roles. Which built-in Microsoft Entra role should the administrator assign?

Question 38hardmultiple choice
Read the full NAT/PAT explanation →

A company uses Microsoft Entra ID P2 licenses. The security team wants to automatically block sign-ins for users with high sign-in risk, but only when the sign-in originates from outside the corporate network. For sign-ins from the corporate network, they want to require a password change for medium sign-in risk. A group of emergency access accounts (break-glass) must be excluded from all policies. What should the administrator implement?

Question 39mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Microsoft Entra ID P1 licenses. They want to enforce multi-factor authentication (MFA) for all users when accessing any cloud application from networks that are not trusted corporate locations. A group named 'Emergency' must be excluded from MFA requirements. Which Conditional Access policy configuration should the administrator use?

Question 40mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A security administrator needs to implement a just-in-time (JIT) privileged access solution for the Global Administrator role. Users must request activation and provide a business justification. The request must be approved by a separate group of approvers, and the role activation should expire after 4 hours. Which Microsoft Entra feature should be configured?

Question 41mediummultiple choice
Read the full NAT/PAT explanation →

A company uses Microsoft Entra ID P2 licenses. The security team wants to automatically require a password change for users with medium sign-in risk, but only when the sign-in originates from outside the corporate network. Users with high sign-in risk should be blocked entirely. A group of break-glass accounts must be excluded from all policies. Which feature should the administrator implement?

Question 42mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses password hash synchronization with Microsoft Entra Connect. The security team wants to enable self-service password reset (SSPR) so that users can reset their own passwords, and the password changes must be written back to the on-premises Active Directory. Which additional configuration is required to achieve password writeback?

Question 43mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Microsoft Entra ID P2 licenses. The security team wants to require multi-factor authentication (MFA) for all users when accessing any cloud application from networks that are not trusted corporate locations. A group named 'BreakGlass' must be excluded from MFA requirements. Additionally, the company wants to block legacy authentication protocols. Which approach should the administrator use?

Question 44mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company wants to implement just-in-time (JIT) privileged access for the Global Administrator role in Microsoft Entra ID. Users must request activation and provide a business justification. The request must be approved by a separate group of approvers, and the role activation should expire after 4 hours. Which Microsoft Entra feature should the administrator configure?

Question 45mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company wants to block access to Exchange Online from devices that are not compliant with Intune compliance policies. Which Conditional Access grant control should be used?

Question 46mediummultiple choice
Study the full multicast explanation →

An administrator who is not a Global Administrator needs to manage just-in-time privileged access to Azure resources using Microsoft Entra Privileged Identity Management (PIM). Which built-in role must be assigned to the administrator to allow PIM management for Azure resources?

Question 47mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company wants to require that all users accessing a critical cloud application for the first time must accept a company terms of use before they are granted access. Which Conditional Access policy grant control should be added?

Question 48hardmultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Microsoft Entra ID Governance to automate the lifecycle of user access. They want to automatically remove a user's group membership for a critical application 30 days after the user's employment end date is captured from the HR system. Which feature should be configured to meet this requirement?

Question 49hardmultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A development team builds a background service that needs to read all users' calendars via Microsoft Graph without a signed-in user. The service will run on a server with a client secret. Which OAuth 2.0 grant flow should the application use?

Question 50mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Azure AD Identity Protection. The security team wants to automatically block sign-ins that are detected as coming from a known malicious IP address. Which policy should be configured?

Question 51mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company wants to require that all users accessing a critical internal application must be on a compliant device (managed by Intune) and must have authenticated with multi-factor authentication in the last 30 minutes. Which Conditional Access configurations are needed?

Question 52easymultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

An administrator needs to allow external users from a partner company to sign up for access to a SharePoint Online site using their own Azure AD accounts. Which configuration should the administrator enable?

Question 53mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Azure AD Identity Protection. The security administrator wants to block user sign-ins when the sign-in risk level is detected as 'High' for a custom SaaS application. Which Conditional Access policy configuration should the administrator use?

Question 54mediummultiple choice
Study the full multicast explanation →

A company wants to implement just-in-time (JIT) privileged access for the Security Administrator role. Users must be able to activate the role with a business justification, and the activation must be approved by a designated group of approvers. The role activation should expire after 4 hours. Which Privileged Identity Management (PIM) configuration should the administrator modify?

Question 55mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Azure AD and SharePoint Online. They want to allow users from a partner organization (which also uses Azure AD) to access a specific SharePoint Online site using their existing partner credentials. The partner users should not require new accounts to be created. Which Azure AD feature should be configured?

Question 56mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Azure AD Identity Protection. The security team wants to automatically block users from signing in when the user risk level is 'High'. Which policy should they configure?

Question 57mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company wants to automatically assign Microsoft 365 E5 licenses to all users in the Sales department. The department is identified by the department attribute in Microsoft Entra ID. The administrator needs to configure a method where licenses are assigned based on group membership, and the group membership is automatically updated based on user attributes. Which licensing approach should the administrator use?

Question 58hardmultiple choice
Study the full multicast explanation →

A company wants to require approval for any activation of the Global Administrator role in Privileged Identity Management (PIM). The approvers are predefined as members of a security group named 'GA-Approvers'. Activations must require a business justification and expire after 4 hours. Which PIM configuration should the administrator modify to meet these requirements?

Question 59mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company plans to enable Self-Service Password Reset (SSPR) for all users. The administrator needs to ensure that users are required to register at least two authentication methods before they can use SSPR. Which configuration setting should the administrator modify?

Question 60mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Azure AD Conditional Access. The security team wants to require multi-factor authentication (MFA) for all users when accessing the Azure portal, except when they are connecting from the corporate network (which is defined as a trusted location). How should the Conditional Access policy be configured?

Question 61mediummultiple choice
Read the full NAT/PAT explanation →

An organization wants to configure Self-Service Password Reset (SSPR) for all users. The administrator must ensure that users register two authentication methods: one from the mobile app category (e.g., notification or code) and one from the phone call category (e.g., office phone or mobile phone). Which combination of methods should the administrator select in the SSPR settings?

Question 62mediummultiple choice
Read the full NAT/PAT explanation →

A company plans to enable Self-Service Password Reset (SSPR) for all users. The administrator must ensure that users are required to register at least two authentication methods: one from the 'mobile app' category and one from the 'phone call' category. Which combination of methods should the administrator select in the SSPR registration settings?

Question 63easymultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company wants to allow users to reset their own passwords without administrator intervention. They need to configure Self-Service Password Reset (SSPR) for all cloud-only users. Which Azure AD license is required for all users to enable SSPR?

Question 64mediummulti select
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

Administrators want to enforce multi-factor authentication (MFA) for all users when accessing cloud applications from untrusted networks. They plan to use Azure AD Conditional Access with named locations. Which two components must be configured to meet this requirement? (Select two.)

Question 65mediummultiple choice
Study the full multicast explanation →

The security team wants to require approval for any activation of the Global Administrator role in Azure AD Privileged Identity Management (PIM). The approvers must be members of a security group named 'GA-Approvers'. Activations must require a business justification and expire after 4 hours. Which PIM configuration should the administrator modify?

Question 66mediummulti select
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

Contoso wants to require multi-factor authentication (MFA) for all users when accessing cloud applications from any network except the corporate headquarters (trusted IP range). They plan to use Azure AD Conditional Access. Which two components must be configured to achieve this requirement? (Select all that apply.)

Question 67hardmultiple choice
Study the full multicast explanation →

The security team at Contoso wants to require that any activation of the Global Administrator role in Azure AD Privileged Identity Management (PIM) must be approved by members of a security group named 'GA-Approvers'. Activations must require a business justification and expire after 4 hours. Which PIM configuration should the administrator modify to achieve this?

Question 68mediummultiple choice
Read the full NAT/PAT explanation →

A company with Azure AD Premium P2 licenses wants to enforce that all activations of the Global Administrator role require approval from a designated security group. The activation must also require a business justification and expire after 4 hours. Which Azure AD feature should the administrator configure?

Question 69mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Azure AD Connect with password hash synchronization. They want to enable Azure AD Seamless Single Sign-On (SSO) for users accessing Microsoft 365 from domain-joined devices on the corporate network. Which configuration is required on the on-premises Active Directory?

Question 70easymultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses hybrid identity with Azure AD Connect and password hash synchronization. They want to enable Self-Service Password Reset (SSPR) with password writeback so that users can reset their on-premises Active Directory passwords. Which Azure AD license is required?

Question 71mediummultiple choice
Study the full multicast explanation →

A company uses Azure AD Privileged Identity Management (PIM) for role activation. They want to require that any activation of the Security Administrator role be approved by a designated group of approvers called 'Security Approvers'. Activations must include a ticket number and expire after 8 hours. Which PIM configuration should the administrator modify?

Question 72mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Azure AD Connect with password hash synchronization. They want to allow users to reset their on-premises Active Directory passwords from the cloud Self-Service Password Reset (SSPR) portal. Which additional configuration is required in Azure AD Connect?

Question 73mediummultiple choice
Study the full multicast explanation →

A company uses Azure AD Privileged Identity Management (PIM) to manage role activations. They have an Azure AD Premium P2 license. The security team wants to require that any activation of the Exchange Administrator role must be approved by a specific group named 'Exchange Approvers'. Additionally, activations must require a ticket number and expire after 6 hours. Which PIM configuration should the administrator modify?

Question 74mediummultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company uses Azure AD Conditional Access to enforce MFA for all cloud apps. They have some users who are physically located in countries that are considered high-risk by the security team. The team wants to require device compliance (as defined by Intune) for sign-ins from those specific countries, while still requiring MFA from all other locations. How should the administrator configure the Conditional Access policy?

Question 75easymultiple choice
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

A company wants to use Azure AD Identity Protection features such as user risk policies and sign-in risk policies to automatically respond to risky behavior. Which Azure AD license is required to enable these capabilities?

Question 76mediummulti select
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

You are implementing Microsoft Entra ID governance for a large enterprise. Which three of the following can be used to enforce access recertification and lifecycle management for users and groups? (Choose three.)

Question 77mediummulti select
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

Your organization uses Microsoft Entra ID and wants to implement least-privilege administrative access for managing Microsoft 365 services. Which three of the following should you configure? (Choose three.)

Question 78mediummulti select
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

You are a Microsoft 365 Administrator for a large enterprise that uses Microsoft Entra ID. The company's security team requires you to implement identity and access management solutions. Which four of the following statements accurately describe features or capabilities of Microsoft Entra ID? Choose all that apply. (There are four correct answers.)

Question 79mediumdrag order
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

Drag and drop the steps to configure Microsoft Entra ID (Azure AD) Connect for hybrid identity in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 80mediumdrag order
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

Drag and drop the steps to configure Microsoft Intune device enrollment restrictions in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 81mediummatching
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

Match each Microsoft 365 Defender portal component to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Protects email and collaboration tools

Protects devices from threats

Protects on-premises Active Directory

Protects cloud applications

Unified threat protection dashboard

Question 82mediummatching
Read the full Implement and manage identity and access in Microsoft Entra ID explanation →

Match each PowerShell command to its function in Microsoft 365.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Connects to Azure AD

Connects to Exchange Online

Connects to MS Online (legacy)

Lists mailboxes

Resets a user's password

Practice tests

Scored 10-question sessions with instant feedback and explanations.

MS-102 Practice Test 1 — 10 Questions→MS-102 Practice Test 2 — 10 Questions→MS-102 Practice Test 3 — 10 Questions→MS-102 Practice Test 4 — 10 Questions→MS-102 Practice Test 5 — 10 Questions→MS-102 Practice Exam 1 — 20 Questions→MS-102 Practice Exam 2 — 20 Questions→MS-102 Practice Exam 3 — 20 Questions→MS-102 Practice Exam 4 — 20 Questions→Free MS-102 Practice Test 1 — 30 Questions→Free MS-102 Practice Test 2 — 30 Questions→Free MS-102 Practice Test 3 — 30 Questions→MS-102 Practice Questions 1 — 50 Questions→MS-102 Practice Questions 2 — 50 Questions→MS-102 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Deploy and manage a Microsoft 365 tenantImplement and manage Microsoft Entra identity and accessManage security and threats by using Microsoft Defender XDRManage compliance by using Microsoft PurviewManage users, groups, licensing, and supportImplement and manage identity and access in Microsoft Entra ID

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Implement and manage identity and access in Microsoft Entra ID setsAll Implement and manage identity and access in Microsoft Entra ID questionsMS-102 Practice Hub