Back to Microsoft 365 Administrator MS-102

Microsoft exam questions

Microsoft 365 Administrator MS-102 practice test

Practise identifying network protocols by port numbers, transport layer usage, and common application scenarios for the MS-102 exam.

975
practice questions
6
topics covered
MS-102
exam code
Microsoft
vendor

Study modes

Three ways to study

Start with the Study Sheet to learn the material, switch to Practice Tests for active recall, then take a Mock Exam to simulate the real thing.

Study Sheet

All 975 questions with correct answers and explanations already visible. Read at your own pace — no time pressure.

Start reading →

Practice Test

Answer first, then see feedback and explanation. Tracks your score per session. Best for active recall and identifying weak areas.

Mock Exam

Full timed simulation with countdown. Answers hidden until the end. Includes all question types just like the real exam.

Start mock exam →

Study Sheet

All 975 MS-102 questions with answers

Every question in the bank, paginated 75 per page. Correct answers and full explanations are revealed upfront — ideal for first-pass learning and pre-exam review.

13 pages · 75 questions per page · 975 total

Related practice questions

Study MS-102 by topic

Topic pages go deep on individual concepts — each one covers a specific exam topic with questions, explanations, and study notes.

Courseiva uses original exam-style practice questions created for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps. Learn the difference →

Sample questions

Microsoft 365 Administrator MS-102 practice questions

Start practice test

A company has a hybrid identity with password hash synchronization. They want to ensure that any user whose account is disabled in on-premises Active Directory is automatically prevented from signing in to Microsoft 365. How can this be achieved?

A company is deploying Microsoft 365 and wants to ensure that users in the finance department have access to only the apps they need. You need to recommend a licensing strategy that minimizes administrative overhead while enforcing access restrictions. What should you do?

An administrator wants to add a custom domain 'fabrikam.com' to a new Microsoft 365 tenant. What is the first step the administrator should perform?

A company wants to implement just-in-time (JIT) privileged access for the Global Administrator role in Microsoft Entra ID. Users must request activation and provide a business justification. The request must be approved by a separate group of approvers, and the role activation should expire after 4 hours. Which Microsoft Entra feature should the administrator configure?

A company recently added the custom domain 'contoso.com' to their Microsoft 365 tenant. Users report that they cannot receive external email sent to their new domain addresses. The administrator confirmed that the domain status shows 'Active' in the Microsoft 365 admin center. What is the most likely cause of this issue?

A company uses Azure AD Connect with password hash synchronization. They want to enable Azure AD Seamless Single Sign-On (SSO) for users accessing Microsoft 365 from domain-joined devices on the corporate network. Which configuration is required on the on-premises Active Directory?

A company uses Microsoft Entra ID P1 licenses. They want to enforce multi-factor authentication (MFA) for all users accessing a critical cloud application. However, they have a group of service accounts that cannot perform MFA and must be excluded. What is the recommended approach?

A company uses Azure AD Identity Protection. The security team wants to automatically block sign-ins that are detected as coming from a known malicious IP address. Which policy should be configured?

A company uses Microsoft Entra ID P1 licenses. They want to allow access to a sensitive cloud application only from the company's trusted office IP ranges (10.0.0.0/24). However, the executive team (group "Execs") must be able to access the app from any location. Which Conditional Access policy configuration should the administrator use?

Question 10mediummultiple choice
Read the full NAT/PAT explanation →

A company plans to enable Self-Service Password Reset (SSPR) for all users. The administrator must ensure that users are required to register at least two authentication methods: one from the 'mobile app' category and one from the 'phone call' category. Which combination of methods should the administrator select in the SSPR registration settings?

Question 11mediummultiple choice
Study the full multicast explanation →

A company uses Azure AD Privileged Identity Management (PIM) to manage role activations. They have an Azure AD Premium P2 license. The security team wants to require that any activation of the Exchange Administrator role must be approved by a specific group named 'Exchange Approvers'. Additionally, activations must require a ticket number and expire after 6 hours. Which PIM configuration should the administrator modify?

A company has just purchased Microsoft 365 E3 licenses. They want to configure the default mailbox storage limit for all new users. Which setting should they modify?

A company uses Microsoft Entra ID P2 licenses and wants to block all authentication attempts from an internal legacy application that uses POP3 and SMTP protocols. The application cannot be updated and must be blocked from accessing Exchange Online. Which Conditional Access policy setting should the administrator configure?

A company is planning to migrate from on-premises Exchange to Exchange Online and needs to ensure that mail flow can coexist between the two environments during the transition. Which tool should the administrator use to configure this hybrid deployment?

A company uses Microsoft Entra ID P2 licenses. The security team wants to require multi-factor authentication (MFA) for all users when accessing any cloud application from networks that are not trusted corporate locations. A group named 'BreakGlass' must be excluded from MFA requirements. Additionally, the company wants to block legacy authentication protocols. Which approach should the administrator use?

A company uses Microsoft Entra ID Governance to automate the lifecycle of user access. They want to automatically remove a user's group membership for a critical application 30 days after the user's employment end date is captured from the HR system. Which feature should be configured to meet this requirement?

Question 17mediummultiple choice
Read the full NAT/PAT explanation →

A company uses Microsoft Entra ID P2 licenses. A security administrator needs to grant a user temporary elevation to the Global Administrator role for a specific task. The elevation should require approval from a designated group and be time-limited. Which Microsoft Entra feature should be configured?

A company invites external partners as B2B guest users in Microsoft Entra ID. The partners' home tenants do not support MFA. The company wants to require MFA when guests access an internal application. What should the company configure?

A company uses Microsoft Entra ID with password hash synchronization. The security team wants to prevent users from setting passwords that include their username or common terms from a custom dictionary (e.g., company name, product names). Which feature should be configured?

A security administrator needs to block users from running portable executable files (e.g., .exe, .scr) that were downloaded from the internet on Windows devices. Which Attack Surface Reduction (ASR) rule should the administrator enable to meet this requirement?

A company wants to allow users to reset their own forgotten passwords using a mobile app notification as the verification method. Which Microsoft Entra feature should be enabled and configured?

A security administrator needs to block unsanctioned cloud apps in real time using a reverse proxy. Which two Microsoft Defender for Cloud Apps components must be configured?

A company uses Microsoft Entra ID with Pass-through Authentication. The security team wants to block all sign-ins from countries that are not approved (e.g., high-risk regions). Which feature should they use?

A security administrator wants to configure Microsoft Defender for Cloud Apps to block downloads of sensitive files from Salesforce to unmanaged devices in real time. Which Defender for Cloud Apps component must be configured?

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

Exam question guide

How to use these MS-102 questions

Use these questions as active recall, not passive reading. Try the question first, review the answer choices, then open the explanation and connect the result back to the exam topic.

Quick answer

Tests your ability to identify and differentiate common network protocols by port number and purpose.

Recognizing TCP vs UDP protocol characteristics

Matching ports to protocols (e.g., 80=HTTP)

Identifying secure protocol variants (HTTPS, SFTP)

Understanding protocol roles in email (SMTP, IMAP)

These MS-102 practice questions are part of Courseiva's free Microsoft certification practice question bank. Courseiva provides original exam-style MS-102 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.