Microsoft 365 Fundamentals MS-900 (MS-900) — Questions 826900

985 questions total · 14pages · All types, answers revealed

Page 11

Page 12 of 14

Page 13
826
MCQhard

You are reviewing an Azure Policy assignment in the exhibit. The policy set definition ID corresponds to the 'Microsoft cloud security benchmark' initiative. The effect is set to 'Deny'. What is the most likely outcome of this policy assignment?

A.Creation of non-compliant resources will be blocked
B.Non-compliant resources will automatically be remediated
C.The policy will only apply to resources with specific tags
D.Resources that are non-compliant will be audited and logged
AnswerA

The 'Deny' effect blocks non-compliant resource creation.

Why this answer

The 'Deny' effect (C) will block any resource creation that does not meet the benchmark. Option A (audit) would require 'Audit' effect. Option B (deploy) would require 'DeployIfNotExists'.

Option D (exempt) is a different feature.

827
MCQmedium

Refer to the exhibit. A Microsoft Graph PowerShell command is run. What does this command retrieve about user jdoe?

A.Only the user's display name and email.
B.All properties of the user.
C.Display name, user principal name, assigned licenses, and usage location.
D.Only the user's display name.
AnswerC

Exactly those properties are selected.

Why this answer

The command `Get-MgUser -UserId jdoe -Property DisplayName, UserPrincipalName, AssignedLicenses, UsageLocation` explicitly specifies only those four properties in the `-Property` parameter. Microsoft Graph PowerShell by default returns a subset of properties, but when you list specific properties, it retrieves only those requested. Therefore, the output includes exactly the display name, user principal name, assigned licenses, and usage location.

Exam trap

The trap here is that candidates assume the `Get-MgUser` cmdlet returns all user properties by default, but the explicit `-Property` parameter restricts the output to only the listed fields, making it a selective retrieval rather than a full one.

How to eliminate wrong answers

Option A is wrong because it claims only display name and email are retrieved, but the command explicitly requests UserPrincipalName, AssignedLicenses, and UsageLocation in addition to DisplayName, and does not request the email property (which is a separate attribute). Option B is wrong because the `-Property` parameter restricts the output to only the listed properties; without it, all default properties would be returned, but here the explicit list overrides that behavior. Option D is wrong because it states only the display name is retrieved, ignoring the other three properties explicitly specified in the command.

828
MCQmedium

A communications manager wants to create an interactive monthly newsletter that includes embedded videos, images, and links to SharePoint documents. The newsletter should be viewable on any device without needing to install an app. Which Microsoft 365 app is best suited for this?

A.Microsoft Sway
B.Microsoft PowerPoint
C.Microsoft SharePoint
D.Microsoft Stream
AnswerA

Correct. Sway enables creation of interactive, web-based newsletters with multimedia, and it is responsive across devices.

Why this answer

Microsoft Sway is a presentation and storytelling app designed to create interactive, web-based content that can include multimedia such as videos, images, and embedded links. It adjusts automatically to any screen size and is accessible via a browser without installation. PowerPoint is mainly for slideshows and offline viewing.

SharePoint is a document management and collaboration platform, not a content authoring tool. Stream is a video service, not suitable for a newsletter.

829
MCQmedium

During a Microsoft 365 planning workshop, explain why Microsoft 365 is cloud-based despite local Office apps. Cloud concept or benefit best matches this requirement?

A.Microsoft Planner
B.Cloud-hosted service backend
C.Data Loss Prevention (DLP)
D.Sensitivity labels
AnswerB

The local Office apps connect to cloud services such as Exchange Online, OneDrive, SharePoint, Teams, and identity services.

Why this answer

Microsoft 365 is considered cloud-based because its core services—such as Exchange Online, SharePoint Online, and the Microsoft 365 admin portal—are hosted and managed in Microsoft's cloud datacenters. Even though local Office apps (e.g., Word, Excel) run on the client device, they rely on a cloud-hosted service backend for licensing validation, data synchronization, and feature updates. This backend enables centralized management, automatic updates, and seamless integration with cloud services like OneDrive and Teams, which is the defining characteristic of a cloud-based platform.

Exam trap

The trap here is that candidates mistakenly think local Office apps mean the solution is not cloud-based, but Microsoft 365 is defined by its cloud-hosted backend that manages licensing, data, and updates, not by where the application code executes.

How to eliminate wrong answers

Option A is wrong because Microsoft Planner is a specific cloud-based task management application within Microsoft 365, not a general cloud concept or benefit that explains why the platform is cloud-based despite local apps. Option C is wrong because Data Loss Prevention (DLP) is a security feature that helps prevent sensitive data from being shared inappropriately, but it does not address the foundational cloud architecture or the reason local apps still qualify as cloud-based. Option D is wrong because sensitivity labels are classification and protection tools for data, not a cloud concept that describes the backend infrastructure enabling local apps to function as part of a cloud service.

830
MCQhard

Refer to the exhibit. You are reviewing a role definition in Microsoft Purview compliance portal. Which actions can a user assigned this role perform?

A.Manage compliance and data governance tasks in Microsoft Purview
B.Manage user accounts in Microsoft Entra ID
C.Manage security settings in Microsoft Defender XDR
D.View only compliance reports without making changes
AnswerA

The role has full permissions in the Security & Compliance Center and Protection Center, which are part of Purview.

Why this answer

The question refers to a role definition in the Microsoft Purview compliance portal. The Compliance Administrator role (or a custom role with equivalent permissions) is designed specifically to manage compliance and data governance tasks, such as data classification, data loss prevention (DLP), eDiscovery, and retention policies. Option A correctly identifies this scope, as Purview roles do not extend to identity management or security operations in other portals.

Exam trap

The trap here is that candidates often confuse the scopes of Microsoft Purview, Microsoft Entra ID, and Microsoft Defender XDR, assuming a single admin role covers all security and compliance tasks, when in fact each portal has its own distinct RBAC model and role assignments.

How to eliminate wrong answers

Option B is wrong because managing user accounts in Microsoft Entra ID requires roles like User Administrator or Global Administrator, which are assigned in the Microsoft Entra admin center, not in the Microsoft Purview compliance portal. Option C is wrong because managing security settings in Microsoft Defender XDR requires roles like Security Administrator or Security Operator, which are assigned in the Microsoft 365 Defender portal, not in Purview. Option D is wrong because a user assigned a role in Purview can perform actions beyond viewing reports, such as creating and managing compliance policies, unless they are assigned a read-only role like Compliance Reader.

831
MCQeasy

A company has 50 users with Microsoft 365 Business Basic licenses. They need desktop versions of Office apps (Word, Excel, PowerPoint) and 1 TB of cloud storage per user. They do not need advanced security, device management, or analytics features. Which licensing upgrade is the most cost-effective?

A.Microsoft 365 Business Standard
B.Microsoft 365 Business Premium
C.Microsoft 365 E3
D.Add an Office desktop apps add-on to Business Basic
AnswerA

Correct. Business Standard includes desktop Office apps and 1 TB cloud storage per user.

Why this answer

Microsoft 365 Business Standard includes desktop versions of Office apps (Word, Excel, PowerPoint) and provides 1 TB of OneDrive cloud storage per user, meeting the stated requirements exactly. It is the most cost-effective upgrade from Business Basic because it adds these features without the advanced security, device management, or analytics capabilities found in higher-tier plans.

Exam trap

The trap here is that candidates may think an add-on license exists for desktop Office apps on Business Basic, but Microsoft does not offer such an add-on; the only path is a plan upgrade, and Business Standard is the cheapest option that includes all required features without over-provisioning security or management capabilities.

How to eliminate wrong answers

Option B is wrong because Microsoft 365 Business Premium includes advanced security features (e.g., Microsoft Defender for Office 365, Conditional Access) and device management (Intune) that the company does not need, making it unnecessarily expensive. Option C is wrong because Microsoft 365 E3 is an enterprise plan designed for larger organizations with compliance and advanced analytics (e.g., eDiscovery, Power BI Pro), which exceeds the requirements and costs significantly more than Business Standard. Option D is wrong because there is no standalone 'Office desktop apps add-on' for Business Basic; the only way to get desktop Office apps is to upgrade to a plan that includes them, such as Business Standard or higher.

832
MCQmedium

Your organization is using Microsoft 365 Copilot. You want to ensure that Copilot uses only data that users have permission to access. Which principle does this enforce?

A.Zero Trust
B.Least privilege
C.Defense in depth
D.Need-to-know
AnswerB

Copilot respects user permissions, enforcing least privilege access to data.

Why this answer

Least privilege (B) ensures users only access data they need. Option A (zero trust) is broader. Option C (defense in depth) has multiple layers.

Option D (need-to-know) is similar but less formal in Microsoft 365.

833
MCQeasy

An employee uses Microsoft 365 Business Basic. They need to schedule a meeting with external clients who have Gmail accounts. Which Microsoft 365 app should they use?

A.Outlook on the web
B.Microsoft Teams
C.Microsoft Bookings
D.Microsoft To Do
AnswerA

Correct. Outlook can schedule meetings and send invites to external attendees.

Why this answer

Outlook on the web (OWA) is the correct choice because it includes a full-featured calendar that supports scheduling meetings with external participants, including those with Gmail accounts, via standard iCalendar invitations. OWA sends an .ics file attachment in the email invitation, which Gmail can parse and add to the recipient's Google Calendar, enabling the external client to accept the meeting regardless of their email provider.

Exam trap

The trap here is that candidates often assume Microsoft Teams is the primary scheduling tool for external meetings, but the exam tests that Outlook (including Outlook on the web) is the core calendar and scheduling application in Microsoft 365, with Teams relying on Outlook for invitation delivery.

How to eliminate wrong answers

Option B (Microsoft Teams) is wrong because while Teams can schedule meetings, its primary scheduling mechanism relies on Outlook integration; standalone Teams scheduling without Outlook still generates an Outlook-based .ics invitation, but the question asks for the app to use, and Teams is not the dedicated scheduling app for external clients with non-Microsoft email. Option C (Microsoft Bookings) is wrong because Bookings is designed for managing customer appointments and service bookings, not for ad-hoc one-on-one or group meetings with external clients; it requires setup of a booking page and is not the standard tool for a simple meeting invitation. Option D (Microsoft To Do) is wrong because To Do is a task management app with no calendar or meeting scheduling capabilities; it cannot send meeting invitations or integrate with external calendars.

834
Multi-Selecteasy

Which THREE statements about the Microsoft Service Trust Portal are true?

Select 3 answers
A.It includes the Compliance Manager tool.
B.It is accessible to authenticated users with an Azure AD account.
C.It provides independent audit reports and compliance documentation.
D.It allows real-time tracking of data location.
E.It provides downloads of Microsoft software patches.
AnswersA, B, C

Compliance Manager is part of the Service Trust Portal.

Why this answer

Options A, B, and D are correct: The Service Trust Portal provides audit reports, compliance guides, and is accessible to authenticated users. Option C is incorrect because it does not provide real-time data location; data residency is shown in other tools. Option E is incorrect because it does not allow downloading Microsoft software; only compliance documents.

835
MCQeasy

A user wants to create a dashboard that visualizes sales data from multiple sources in real time. Which Microsoft 365 app should they use?

A.Excel
B.Microsoft Lists
C.Microsoft Forms
D.Power BI
AnswerD

Power BI is designed for dashboards and real-time data visualization.

Why this answer

Option A is correct because Power BI is for data visualization and dashboards. Option B is wrong because Excel can visualize data but not real-time from multiple sources easily. Option C is wrong because Forms is for surveys.

Option D is wrong because Lists is for tracking items, not dashboards.

836
MCQhard

A compliance officer needs to ensure that any document containing passport numbers automatically gets a 'Highly Confidential' label and is encrypted when saved in SharePoint. The labeling should occur without any user interaction. Which Microsoft Purview feature should they configure?

A.Auto-labeling policy for sensitivity labels
B.Manual labeling using the Office apps
C.Retention labels with DLP policy
D.Trainable classifiers
AnswerA

Auto-labeling policies can automatically apply labels based on sensitive information types (e.g., passport numbers) without user intervention.

Why this answer

Option A is correct because auto-labeling policies in Microsoft Purview can automatically apply a sensitivity label (e.g., 'Highly Confidential') to documents containing passport numbers when saved in SharePoint, without any user interaction. This is achieved by configuring a policy that uses sensitive info types (e.g., 'Passport Number') to detect the data and then automatically apply the label and encryption. The labeling occurs at rest, triggered by document upload or modification, meeting the compliance officer's requirement for zero user intervention.

Exam trap

The trap here is that candidates often confuse retention labels (which manage lifecycle) with sensitivity labels (which enforce protection like encryption), leading them to choose Option C, or they mistakenly think trainable classifiers (Option D) can directly apply labels without an auto-labeling policy.

How to eliminate wrong answers

Option B is wrong because manual labeling requires users to actively select a label in Office apps, which contradicts the requirement for automatic labeling without user interaction. Option C is wrong because retention labels are designed for managing data retention and deletion, not for applying encryption or sensitivity classifications; DLP policies can enforce actions but do not automatically apply sensitivity labels with encryption. Option D is wrong because trainable classifiers are used to identify content based on machine learning patterns (e.g., contracts or resumes), but they do not directly apply sensitivity labels or encryption; they can be used as conditions in auto-labeling policies, but the feature itself is not the policy that applies the label.

837
MCQeasy

Your organization is implementing Microsoft Entra ID (formerly Azure AD) for identity management. Users report that they are prompted for multifactor authentication (MFA) every time they sign in, even from trusted devices. What should you configure to reduce MFA prompts while maintaining security?

A.Define trusted IP ranges in Named locations.
B.Configure self-service password reset (SSPR) to require MFA less often.
C.Use Microsoft Entra Privileged Identity Management (PIM) to grant MFA exemption.
D.Modify the Conditional Access policy to set session control 'Sign-in frequency' to a longer period.
AnswerD

This allows users to skip MFA for a set duration on trusted devices.

Why this answer

Option C is correct because Conditional Access policies allow setting session persistence to remember MFA on trusted devices. Option A is incorrect because MFA frequency is not set in Password reset. Option B is incorrect because Named locations are for IP-based trust, not device trust.

Option D is incorrect because Privileged Identity Management (PIM) is for just-in-time admin access.

838
MCQmedium

A company with 50 users currently has Microsoft 365 Business Basic licenses. They now want to give all users the desktop versions of Office apps and 1 TB of OneDrive storage per user. What is the most cost-effective licensing change?

A.Purchase Microsoft 365 Apps for Business licenses for all users
B.Upgrade all users to Microsoft 365 Business Standard
C.Upgrade all users to Microsoft 365 Business Premium
D.Purchase Microsoft 365 E3 licenses for all users
AnswerB

Correct. This plan includes desktop Office apps and 1 TB OneDrive storage, and upgrading from Business Basic is billed at the price difference, making it cheaper than maintaining two separate plans.

Why this answer

Microsoft 365 Business Standard includes desktop Office apps, Exchange Online, Teams, and 1 TB OneDrive storage. Upgrading the existing subscriptions to Business Standard is more cost-effective than adding separate Microsoft 365 Apps for Business licenses because the latter does not include additional benefits like Exchange, and upgrading is typically priced per user as an incremental cost.

839
Multi-Selectmedium

Which TWO Microsoft 365 security solutions are included in Microsoft Defender XDR (Extended Detection and Response)? (Choose two.)

Select 2 answers
A.Microsoft Defender for Office 365
B.Microsoft Defender for Identity
C.Microsoft Defender for Cloud Apps
D.Microsoft Defender for Endpoint
E.Microsoft Sentinel
AnswersA, D

Defender for Office 365 is a component of Microsoft Defender XDR.

Why this answer

Microsoft Defender XDR includes Defender for Office 365 (B) and Defender for Endpoint (C). Option A (Defender for Identity) is separate. Option D (Defender for Cloud Apps) is also separate.

Option E (Azure Sentinel) is a SIEM, not part of Defender XDR.

840
Multi-Selectmedium

Which TWO Microsoft 365 services allow users to collaborate in real-time on the same document?

Select 2 answers
A.SharePoint Online
B.OneDrive for Business
C.Microsoft Viva
D.Yammer
E.Microsoft Teams
AnswersA, B

Documents stored in SharePoint can be co-authored in real-time.

Why this answer

SharePoint Online and OneDrive for Business both support real-time co-authoring, allowing multiple users to edit the same document simultaneously. This is enabled by the Office Online Server infrastructure and the use of WebDAV and REST APIs to synchronize changes in near real-time. Co-authoring works in Word, Excel, and PowerPoint files stored in these services, with conflict resolution handled by the application.

Exam trap

The trap here is that candidates often select Microsoft Teams as a correct answer because it is a collaboration tool, but Teams itself does not provide real-time document editing—it merely hosts files that are stored in SharePoint or OneDrive, where the actual co-authoring happens.

841
MCQhard

Your organization is deploying Microsoft 365 for a subsidiary with 1,000 users. The subsidiary needs to be billed separately. Which licensing model should you use?

A.Create separate subscriptions in the same tenant with different billing profiles
B.Create a separate Microsoft 365 tenant for the subsidiary
C.Use a Microsoft Enterprise Agreement for the entire organization
D.Create a single Microsoft 365 tenant with multiple subscriptions
AnswerA

You can set up separate billing profiles for each subscription within the same tenant.

Why this answer

Option D is correct because separate subscriptions allow separate billing. Option A is incorrect because a single tenant with multiple subscriptions still shares billing. Option B is incorrect because volume licensing typically aggregates billing.

Option C is incorrect because a separate tenant is not required for separate billing.

842
MCQeasy

A sales team needs to collaborate on a document in real time and track changes. Which Microsoft 365 app is most suitable?

A.OneNote
B.Microsoft Forms
C.Word for the web
D.Microsoft Teams
AnswerC

Word for the web supports real-time co-authoring and track changes.

Why this answer

Word for the web (Option C) is the most suitable app because it is specifically designed for real-time co-authoring, allowing multiple users to edit a document simultaneously while tracking changes via the built-in version history and 'Track Changes' feature. Unlike desktop Word, the web version requires no manual sync and leverages Microsoft's Fluid Framework for seamless collaboration across devices.

Exam trap

The trap here is that candidates often confuse Microsoft Teams as a document collaboration tool because it displays files, but Teams relies on Word for the web for actual editing; the question specifically asks for the app that enables real-time editing and change tracking, which is Word for the web, not Teams.

How to eliminate wrong answers

Option A is wrong because OneNote is a digital notebook for free-form note-taking, not a word processor; it lacks structured document formatting and granular change tracking required for collaborative document editing. Option B is wrong because Microsoft Forms is a survey and quiz tool, not a document editor; it cannot support real-time co-authoring or track changes on a document. Option D is wrong because Microsoft Teams is a collaboration hub for chat, meetings, and file sharing, but its built-in document editing relies on Word for the web; Teams itself does not provide native document editing or change tracking capabilities.

843
Multi-Selecthard

Which THREE factors should an organization consider when choosing between Microsoft 365 Business Premium and Microsoft 365 E3?

Select 3 answers
A.Compliance capabilities
B.Maximum number of users allowed
C.Availability of phone support
D.Support for Mac users
E.Advanced security features included
AnswersA, B, E

E3 offers more advanced compliance features than Business Premium.

Why this answer

Compliance capabilities (A) are a key differentiator because Microsoft 365 Business Premium includes compliance features like Microsoft Purview Information Protection and Data Loss Prevention (DLP) for up to 300 users, while E3 offers a broader set of compliance tools such as eDiscovery, Advanced Audit, and Communication Compliance, which are essential for regulated industries. The maximum number of users (B) differs: Business Premium is capped at 300 users, whereas E3 has no upper limit, making it suitable for larger enterprises. Advanced security features (E) like Microsoft Defender for Office 365 Plan 1 are included in Business Premium, but E3 includes Defender for Office 365 Plan 2 and additional security capabilities such as Microsoft Entra ID P1, which provides conditional access and identity protection.

Exam trap

The trap here is that candidates often assume phone support or Mac compatibility are tier-dependent, when in fact both are available across all Microsoft 365 plans, and the real differentiators are user count limits, advanced security, and compliance depth.

844
Multi-Selecteasy

Which TWO cloud deployment models involve using public cloud services?

Select 2 answers
A.Public cloud
B.Private cloud
C.Community cloud
D.Hybrid cloud
E.Multi-cloud
AnswersA, D

Uses public cloud services exclusively.

Why this answer

Options A and C are correct. Public cloud uses only public cloud. Hybrid cloud uses a mix of public and private.

Option B is wrong because private cloud is dedicated. Option D is wrong because community cloud may be public or private. Option E is wrong because multi-cloud uses multiple public clouds.

845
Multi-Selecthard

Which THREE Microsoft 365 capabilities are included in Microsoft 365 E5 that are NOT included in Microsoft 365 E3?

Select 3 answers
A.Microsoft Purview Audit (Standard)
B.Microsoft Defender for Office 365 Plan 1
C.Microsoft Defender for Office 365 Plan 2
D.Microsoft Purview Advanced Audit
E.Microsoft Power BI Pro
AnswersC, D, E

Plan 2 includes advanced threat hunting and auto-investigation.

Why this answer

Microsoft Defender for Office 365 Plan 2 is included in Microsoft 365 E5 but not in E3. It provides advanced threat protection capabilities such as automated investigation and response (AIR), threat hunting with Threat Explorer, and simulation training, which are not available in Plan 1 or E3.

Exam trap

The trap here is that candidates often confuse Microsoft Defender for Office 365 Plan 1 (included in E3) with Plan 2 (included in E5), or mistakenly think that Purview Audit (Standard) is an E5-only feature when it is actually available in both E3 and E5.

846
MCQmedium

A law firm uses Microsoft 365 and wants to ensure that only authorized users can access client files stored in SharePoint Online. They also need to track when these files are accessed. Which combination of features should they use?

A.Sensitivity labels with encryption and Microsoft Purview auditing.
B.Conditional Access policies and Privileged Identity Management (PIM).
C.eDiscovery cases and Content search.
D.Data Loss Prevention (DLP) policies and Microsoft Defender for Cloud Apps.
AnswerA

Encryption restricts access, and auditing logs access events.

Why this answer

Option B is correct: Sensitivity labels with encryption restrict access, and auditing tracks access. Option A is incorrect because DLP policies prevent data loss but do not restrict access or track it. Option C is incorrect because Conditional Access controls sign-in but not file-level access.

Option D is incorrect because eDiscovery is for search and hold, not access restriction.

847
MCQeasy

A company currently has Microsoft 365 E3 licenses for all 200 users. They need to add PSTN calling capabilities (Phone System and Calling Plan) for making and receiving external phone calls from Microsoft Teams. They also want to allow dial-in audio conferencing for online meetings. They want to minimize additional costs while keeping existing E3 subscriptions. What is the most cost-effective licensing strategy?

A.Purchase Microsoft 365 E5 add-on for each user
B.Purchase Phone System add-on and Audio Conferencing add-on separately for each user
C.Purchase the 'Phone System + Audio Conferencing' add-on for each user
D.Upgrade all users to Microsoft 365 E5
AnswerC

This combined add-on includes both Phone System and Audio Conferencing at a lower cost than purchasing individually.

Why this answer

Option C is correct because the 'Phone System + Audio Conferencing' add-on is a bundled SKU specifically designed to provide both PSTN calling capabilities (Phone System and Calling Plan) and dial-in audio conferencing for Microsoft Teams at a lower combined cost than purchasing the two add-ons separately. Since the company already has Microsoft 365 E3 licenses, they only need this single add-on per user to meet all requirements without upgrading to E5 or buying individual add-ons, minimizing additional costs.

Exam trap

The trap here is that candidates may assume purchasing add-ons separately (Option B) is the most cost-effective because they overlook the existence of a bundled 'Phone System + Audio Conferencing' add-on, which Microsoft specifically offers to reduce costs for organizations needing both capabilities.

How to eliminate wrong answers

Option A is wrong because purchasing the Microsoft 365 E5 add-on for each user would be significantly more expensive than the bundled add-on, as E5 includes many additional features (e.g., Advanced Threat Protection, Compliance) that are not required, leading to unnecessary cost. Option B is wrong because purchasing Phone System and Audio Conferencing add-ons separately for each user would cost more than the bundled 'Phone System + Audio Conferencing' add-on, which Microsoft offers at a discounted combined price. Option D is wrong because upgrading all users to Microsoft 365 E5 would replace the existing E3 subscriptions with a higher-tier plan that includes many unneeded features, resulting in the highest cost without providing any benefit over the targeted add-on approach.

848
MCQmedium

Your organization is deploying Microsoft 365 Copilot and wants to ensure that users can generate meeting summaries from Teams recordings. Which licensing requirement must be met?

A.Microsoft 365 Copilot for Microsoft 365 with no additional license
B.Microsoft 365 E5 plus the Microsoft 365 Copilot add-on license
C.Microsoft 365 Copilot standalone license without any other subscription
D.Microsoft 365 Business Basic
AnswerB

E5 qualifies for Copilot; the add-on license enables the Copilot features.

Why this answer

Microsoft 365 Copilot can generate meeting summaries from Teams recordings, but this capability requires access to the Microsoft Graph API and the underlying AI processing, which is only available with the Microsoft 365 Copilot add-on license. This add-on must be assigned on top of a qualifying subscription such as Microsoft 365 E5, which provides the necessary Teams recording and transcription features. Without the E5 base license, the required recording and compliance features are not available, and without the Copilot add-on, the AI summarization is not enabled.

Exam trap

The trap here is that candidates often assume Microsoft 365 Copilot is a standalone product or that any Microsoft 365 subscription with Copilot can use all features, but Microsoft specifically requires the E5 base license for the Teams recording and transcription prerequisites needed for meeting summaries.

How to eliminate wrong answers

Option A is wrong because Microsoft 365 Copilot for Microsoft 365 is not a standalone product; it is an add-on license that requires a qualifying base subscription like E3 or E5, and it does not include the Teams recording and transcription features needed for meeting summaries. Option C is wrong because a Microsoft 365 Copilot standalone license does not exist; Copilot is always an add-on to an existing Microsoft 365 subscription, and without a base plan like E5, the required Teams recording and compliance capabilities are missing. Option D is wrong because Microsoft 365 Business Basic does not include the advanced Teams features such as recording and transcription, nor does it support the Copilot add-on, making it impossible to generate meeting summaries from recordings.

849
MCQmedium

A help desk lead is documenting the correct Microsoft 365 approach to estimate monthly Microsoft 365 subscription cost. Microsoft 365 licensing, admin, or support concept is most relevant?

A.Microsoft Whiteboard
B.Microsoft Stream
C.Plan selection, user count, add-ons, billing term, and applicable discounts
D.Microsoft Forms
AnswerC

Microsoft 365 cost depends on licenses, users, add-ons, and billing arrangements.

Why this answer

Option C is correct because estimating monthly Microsoft 365 subscription cost requires evaluating plan selection (e.g., Business Basic, Business Premium, Enterprise E3/E5), user count, add-ons (e.g., Microsoft 365 E5 Compliance, Power BI Pro), billing term (monthly vs. annual commitment), and applicable discounts (e.g., EA, CSP, or promotional offers). These factors directly determine the total monthly cost, making this the most relevant concept under the 'Describe Microsoft 365 pricing and support' domain.

Exam trap

The trap here is that candidates confuse individual Microsoft 365 services (like Whiteboard, Stream, or Forms) with the licensing and pricing concepts that actually determine subscription costs, leading them to select a service name rather than the correct cost-estimation factors.

How to eliminate wrong answers

Option A is wrong because Microsoft Whiteboard is a collaboration tool for real-time visual brainstorming, not a pricing or licensing concept. Option B is wrong because Microsoft Stream is a video service for enterprise content management, unrelated to subscription cost estimation. Option D is wrong because Microsoft Forms is a survey and quiz creation tool, with no role in calculating licensing costs.

850
MCQmedium

A company uses Microsoft 365 Business Premium and wants to enable secure remote access for employees using personal devices. Which Microsoft 365 app should they configure to enforce conditional access policies based on device compliance?

A.Microsoft Purview
B.Microsoft Intune
C.Microsoft Sentinel
D.Microsoft Defender for Cloud Apps
AnswerB

Intune manages device compliance and integrates with Entra ID for conditional access.

Why this answer

Microsoft Intune is the correct answer because it is the Microsoft 365 app that provides mobile device management (MDM) and mobile application management (MAM). It allows administrators to define device compliance policies (e.g., requiring encryption, PIN, or a minimum OS version) and integrate those policies with Microsoft Entra ID (formerly Azure AD) Conditional Access. When a user attempts to access corporate resources from a personal device, Conditional Access checks the device's compliance status reported by Intune before granting access.

Exam trap

The trap here is that candidates may confuse Microsoft Defender for Cloud Apps (a CASB) with device compliance enforcement, but Defender for Cloud Apps controls app access via session policies, not device health checks, which is Intune's role.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview is a suite of data governance, compliance, and risk management solutions (e.g., data loss prevention, eDiscovery, insider risk management); it does not enforce device compliance policies for remote access. Option C is wrong because Microsoft Sentinel is a cloud-native security information and event management (SIEM) and security orchestration automated response (SOAR) solution; it analyzes security logs and threats but does not manage device compliance or conditional access policies. Option D is wrong because Microsoft Defender for Cloud Apps is a cloud access security broker (CASB) that provides visibility and control over cloud app usage, including session policies and threat detection, but it does not directly enforce device compliance-based conditional access; that function belongs to Intune and Entra ID.

851
MCQeasy

Your company wants to ensure that only managed and compliant devices can access Microsoft 365 resources. Which Microsoft 365 security feature enforces conditional access based on device compliance?

A.Microsoft Purview Compliance Manager
B.Microsoft Defender for Cloud Apps
C.Microsoft Sentinel
D.Microsoft Intune with Conditional Access in Microsoft Entra ID
AnswerD

Intune provides device compliance, and Entra ID Conditional Access enforces it.

Why this answer

Microsoft Intune manages device compliance policies, and when integrated with Conditional Access in Microsoft Entra ID, it enforces access based on compliance. Option C is the correct pairing. Options A, B, and D are not the primary tools for device compliance enforcement.

852
MCQeasy

A user reports that they cannot access Microsoft 365 services because their license has expired. The administrator needs to restore access as quickly as possible while the company processes payment for renewal. What should the administrator do?

A.Contact Microsoft Support for a temporary extension
B.Assign a different license from another user
C.Use the grace period to temporarily enable access
D.Purchase a new subscription immediately
AnswerC

Microsoft 365 subscriptions have a grace period (typically 30 days) during which users can still access services.

Why this answer

Option C is correct because Microsoft 365 provides a built-in grace period (typically 30 days for most subscriptions) during which users retain access to services even after the license expires. The administrator can simply wait for the grace period to take effect, allowing users to continue working while payment is processed, without needing to contact support or reassign licenses.

Exam trap

The trap here is that candidates often assume expired licenses immediately block all access, leading them to choose contacting support or purchasing a new subscription, when in fact the grace period provides a seamless temporary solution without additional steps.

How to eliminate wrong answers

Option A is wrong because Microsoft Support does not offer temporary extensions for expired licenses; the grace period is the automatic mechanism designed for this scenario. Option B is wrong because reassigning a license from another user would disrupt that user's access and does not address the root cause of the expired license. Option D is wrong because purchasing a new subscription immediately is unnecessary and may incur additional costs; the existing subscription can be renewed within the grace period to restore full access.

853
MCQmedium

A legal team is involved in a court case and needs to identify all emails and documents related to a specific project across the entire organization. They need to place these items on hold to prevent deletion or modification. Which Microsoft Purview solution should they use?

A.Data Loss Prevention (DLP)
B.eDiscovery (Standard)
C.Audit (Standard)
D.Communication Compliance
AnswerB

eDiscovery (Standard) enables searching across Microsoft 365 content, placing legal holds, and exporting results. It is the correct tool for this requirement.

Why this answer

Option B, eDiscovery (Standard), is correct because it is specifically designed for legal discovery processes, allowing authorized users to search for content across Exchange Online, SharePoint Online, OneDrive for Business, and Teams. It can place a legal hold on identified items to preserve them from deletion or modification, which directly meets the legal team's requirement to identify and hold all emails and documents related to a specific project.

Exam trap

The trap here is that candidates often confuse eDiscovery with Audit, thinking that logging all activities (Audit) is sufficient for legal holds, but Audit only records events and cannot preserve or search content for litigation purposes.

How to eliminate wrong answers

Option A is wrong because Data Loss Prevention (DLP) is focused on preventing sensitive data from being shared or leaked, not on searching for and preserving content for legal cases. Option C is wrong because Audit (Standard) provides logging and visibility into user and admin activities but does not include search capabilities or the ability to place holds on content. Option D is wrong because Communication Compliance is designed to detect and remediate inappropriate communications (e.g., harassment, insider trading) and does not provide the discovery or hold functionality needed for litigation.

854
MCQeasy

A startup wants to focus only on developing and deploying its application code without managing underlying servers or operating systems. Which cloud service model best fits this need?

A.Infrastructure as a Service (IaaS)
B.Platform as a Service (PaaS)
C.Software as a Service (SaaS)
D.On-premises deployment
AnswerB

PaaS provides a complete platform including OS, runtime, and tools, so the startup can deploy and manage applications without server-level maintenance.

Why this answer

Platform as a Service (PaaS) is the correct choice because it abstracts the underlying infrastructure, including servers, operating systems, and runtime environments, allowing the startup to focus solely on developing and deploying application code. With PaaS, the cloud provider manages the OS patching, hardware scaling, and middleware, while the customer only manages the application and data. This directly matches the requirement of not managing servers or operating systems.

Exam trap

The trap here is that candidates often confuse PaaS with IaaS, mistakenly thinking that IaaS also abstracts the OS, but IaaS only abstracts the hardware while leaving OS management to the customer.

How to eliminate wrong answers

Option A is wrong because Infrastructure as a Service (IaaS) provides virtualized servers, storage, and networking, but the customer is still responsible for managing the operating system, middleware, and runtime—contradicting the requirement to avoid managing servers or OS. Option C is wrong because Software as a Service (SaaS) delivers fully managed applications (e.g., Office 365, Salesforce) where the customer does not develop or deploy code, only consumes the software—this does not fit the need to develop and deploy custom application code. Option D is wrong because on-premises deployment requires the startup to own and manage all hardware, servers, and operating systems, which is the opposite of the stated goal of not managing underlying infrastructure.

855
MCQmedium

A compliance administrator needs to assess compliance posture against standards and improvement actions. Which Microsoft 365 capability is the best fit?

A.OneDrive sync client
B.Microsoft Teams live events
C.Microsoft Purview Compliance Manager
D.Microsoft Bookings
AnswerC

Compliance Manager provides assessments, improvement actions, and compliance scoring.

Why this answer

Microsoft Purview Compliance Manager is the correct choice because it provides a comprehensive dashboard for assessing an organization's compliance posture against standards like ISO 27001, NIST, and GDPR, and it offers actionable improvement actions with step-by-step guidance. It automatically tracks controls, assigns scores, and integrates with Microsoft Secure Score to help administrators prioritize remediation efforts.

Exam trap

The trap here is that candidates may confuse general security or productivity tools (like OneDrive or Teams) with compliance-specific capabilities, overlooking that Compliance Manager is the dedicated solution for assessing and improving compliance posture against standards.

How to eliminate wrong answers

Option A is wrong because the OneDrive sync client is a file synchronization tool that syncs local files with cloud storage; it has no compliance assessment or improvement action capabilities. Option B is wrong because Microsoft Teams live events is a broadcasting feature for large virtual meetings; it does not provide compliance posture evaluation or improvement actions. Option D is wrong because Microsoft Bookings is a scheduling and appointment management tool; it lacks any compliance assessment or remediation functionality.

856
MCQhard

A company wants to use AI-powered features to summarize chat conversations in Microsoft Teams. Which Microsoft 365 service provides this capability?

A.Microsoft 365 Copilot
B.Microsoft Forms
C.Microsoft Stream
D.Microsoft Viva Insights
AnswerA

Microsoft 365 Copilot provides AI-powered chat summaries.

Why this answer

Microsoft 365 Copilot is the correct answer because it integrates AI directly into Microsoft Teams to summarize chat conversations, leveraging large language models and the Microsoft Graph to process conversation context and generate concise summaries. This capability is part of Copilot's broader AI-powered features across Microsoft 365 apps, specifically designed for real-time productivity enhancements like chat summarization.

Exam trap

The trap here is that candidates may confuse Microsoft Viva Insights' personal analytics features (like meeting recaps) with AI-powered chat summarization, but Viva Insights does not provide generative AI summaries of chat conversations.

How to eliminate wrong answers

Option B (Microsoft Forms) is wrong because it is a survey and data collection tool, not designed for AI-powered chat summarization in Teams. Option C (Microsoft Stream) is wrong because it is a video hosting and sharing service, lacking the natural language processing capabilities needed to summarize text-based chat conversations. Option D (Microsoft Viva Insights) is wrong because it focuses on personal productivity and wellbeing analytics, such as meeting habits and focus time, not on summarizing chat conversations using AI.

857
MCQeasy

A company currently uses Microsoft 365 Business Standard for all 50 users. They now need to add advanced security features like Microsoft Defender for Business and device management capabilities via Microsoft Intune. They want to minimize additional costs while retaining existing features. What is the most cost-effective licensing strategy?

A.Upgrade all users to Microsoft 365 Business Premium
B.Purchase Microsoft 365 E3 licenses for all users
C.Keep Business Standard and add Microsoft 365 Business Security add-on
D.Keep Business Standard and purchase Microsoft 365 E5 Compliance add-on
AnswerA

Business Premium includes desktop Office apps, email, and adds advanced security (Defender for Business) and device management (Intune) at a lower per-user cost than enterprise plans.

Why this answer

Microsoft 365 Business Premium includes all the features of Business Standard plus advanced security (Microsoft Defender for Business) and device management (Microsoft Intune) at a lower per-user cost than purchasing E3 licenses or adding separate add-ons. This minimizes additional costs while retaining existing Office apps and services, making it the most cost-effective strategy.

Exam trap

The trap here is that candidates often confuse the 'Microsoft 365 Business Security add-on' as a real SKU, when in fact Microsoft 365 Business Premium is the only bundle that adds Defender for Business and Intune to Business Standard features at a lower cost than E3 or E5 add-ons.

How to eliminate wrong answers

Option B is wrong because Microsoft 365 E3 licenses are significantly more expensive per user than Business Premium and include enterprise-grade features (e.g., advanced eDiscovery, information protection) that are not required here, leading to unnecessary cost. Option C is wrong because there is no standalone 'Microsoft 365 Business Security add-on' for Business Standard; the correct add-on to gain Defender for Business and Intune is Microsoft 365 Business Premium itself, not a separate SKU. Option D is wrong because the Microsoft 365 E5 Compliance add-on provides compliance features (e.g., insider risk management, advanced audit) but does not include Microsoft Defender for Business or Microsoft Intune device management, so it fails to meet the stated security and management requirements.

858
MCQmedium

An e-commerce application runs in the cloud and automatically adjusts the number of virtual machines based on real-time traffic. When traffic spikes, more VMs are added; when traffic drops, VMs are removed. Which cloud computing characteristic does this behavior exemplify?

A.Rapid elasticity
B.Measured service
C.Resource pooling
D.On-demand self-service
AnswerA

Elasticity allows resources to be automatically scaled out (added) and scaled in (removed) to match workload changes.

Why this answer

Rapid elasticity is the cloud characteristic that enables resources to scale out (add VMs) and scale in (remove VMs) automatically in response to real-time demand. In this e-commerce scenario, the application adjusts VM count based on traffic spikes and drops, which directly matches the definition of rapid elasticity as defined by NIST SP 800-145.

Exam trap

The trap here is that candidates confuse 'on-demand self-service' (manual provisioning by the user) with 'rapid elasticity' (automatic scaling), because both involve responding to demand, but only elasticity handles real-time, automated adjustments without user intervention.

How to eliminate wrong answers

Option B (Measured service) is wrong because measured service refers to the metering and billing of cloud resource usage (e.g., pay-per-hour or per-GB), not the automatic scaling of resources. Option C (Resource pooling) is wrong because resource pooling describes the multi-tenant model where physical and virtual resources are dynamically assigned to multiple customers, not the ability to scale out/in based on demand. Option D (On-demand self-service) is wrong because on-demand self-service allows a user to provision resources without human interaction, but it does not inherently include automatic scaling based on real-time traffic.

859
MCQhard

A healthcare organization is using Microsoft 365 and needs to ensure that patient data (protected health information) is not accidentally shared externally. They want to classify all documents containing medical terms and apply automatic encryption when shared outside the organization. Which two Microsoft Purview features should they combine? (Select TWO)

A.Sensitivity labels with auto-labeling based on trainable classifiers
B.Data Loss Prevention (DLP) policies with encryption action
C.Insider Risk Management policies
D.Communication Compliance policies
E.Microsoft Entra ID Conditional Access policies
AnswerA, B

Trainable classifiers can detect medical terms and auto-apply labels.

Why this answer

Options A and C are correct: Sensitivity labels classify data, and auto-labeling with trainable classifiers can detect medical terms. DLP policies then enforce encryption on external sharing. Option B is incorrect because Communication Compliance is for inappropriate messages.

Option D is incorrect because Insider Risk Management addresses internal risky behavior. Option E is incorrect because sensitivity labels alone do not enforce encryption; that requires DLP or label protection actions.

860
MCQeasy

A service owner is comparing Microsoft 365 capabilities and needs to meter compute and storage usage for consumption-based billing. Cloud concept or benefit best matches this requirement?

A.Sensitivity labels
B.Microsoft Planner
C.Data Loss Prevention (DLP)
D.Measured service
AnswerD

Measured service tracks usage so customers can be charged according to consumption.

Why this answer

Measured service is a core cloud computing concept where resource usage (such as compute and storage) is metered, tracked, and billed based on actual consumption. This directly matches the service owner's requirement for consumption-based billing, as Microsoft 365 uses metering for services like Azure Active Directory and Exchange Online to enable pay-as-you-go models.

Exam trap

The trap here is that candidates confuse operational features (like DLP or sensitivity labels) with cloud service model characteristics, mistakenly thinking data protection tools are related to billing rather than recognizing measured service as a fundamental cloud attribute.

How to eliminate wrong answers

Option A is wrong because sensitivity labels are a Microsoft Purview Information Protection feature used to classify and protect data based on sensitivity, not to meter compute or storage usage. Option B is wrong because Microsoft Planner is a task management and collaboration tool within Microsoft 365, not a billing or metering mechanism. Option C is wrong because Data Loss Prevention (DLP) is a security policy feature that prevents unauthorized sharing of sensitive data, not a consumption-based billing capability.

861
MCQeasy

A user wants to create a custom dashboard that displays key performance indicators from multiple data sources, such as Excel files and SharePoint lists. Which Microsoft 365 app should the user use?

A.Microsoft Excel
B.Microsoft Lists
C.Microsoft Power BI
D.Microsoft Forms
AnswerC

Business analytics service for interactive dashboards.

Why this answer

Microsoft Power BI is the correct choice because it is a business analytics service designed to connect to multiple data sources—including Excel files and SharePoint lists—and create interactive, custom dashboards with key performance indicators (KPIs). Unlike the other options, Power BI provides built-in data modeling, visualization, and real-time refresh capabilities, making it the only app in this list that fulfills the requirement for a multi-source KPI dashboard.

Exam trap

The trap here is that candidates often confuse Microsoft Lists or Excel as capable of creating dashboards because they can display data visually, but neither supports multi-source, interactive KPI dashboards with live data integration like Power BI does.

How to eliminate wrong answers

Option A is wrong because Microsoft Excel is a spreadsheet application for data entry and analysis, but it cannot natively create a live, multi-source dashboard that aggregates data from SharePoint lists and other sources without manual data import or complex add-ins. Option B is wrong because Microsoft Lists is a data tracking app for creating and managing lists (like SharePoint lists), but it lacks dashboarding and data visualization features to combine multiple data sources into a KPI dashboard. Option D is wrong because Microsoft Forms is a survey and form creation tool for collecting responses, not a dashboard or analytics tool; it cannot display KPIs from Excel or SharePoint lists.

862
MCQeasy

A tenant administrator is advising a department that wants to stop maintaining local file servers by using managed cloud storage. Cloud concept or benefit best matches this requirement?

A.Sensitivity labels
B.Reduced infrastructure maintenance
C.Microsoft Planner
D.Data Loss Prevention (DLP)
AnswerB

Managed cloud storage reduces the need to operate local file server infrastructure.

Why this answer

Option B is correct because moving from on-premises file servers to managed cloud storage (e.g., Microsoft OneDrive, SharePoint Online, or Azure Files) eliminates the need for the department to handle hardware procurement, patching, backups, and physical maintenance. This directly aligns with the cloud benefit of reduced infrastructure maintenance, a core concept in the MS-900 exam's 'Describe cloud concepts' domain.

Exam trap

The trap here is that candidates confuse security or compliance features (like sensitivity labels or DLP) with cloud benefits, when the question specifically asks for the cloud concept or benefit that matches reducing local server maintenance.

How to eliminate wrong answers

Option A is wrong because sensitivity labels are a Microsoft Purview Information Protection feature used to classify and protect data based on sensitivity, not a cloud concept or benefit for reducing infrastructure maintenance. Option C is wrong because Microsoft Planner is a task management and collaboration tool within Microsoft 365, unrelated to replacing local file servers or reducing maintenance overhead. Option D is wrong because Data Loss Prevention (DLP) is a security policy feature that helps prevent accidental sharing of sensitive data, not a cloud benefit that addresses the requirement of stopping local file server maintenance.

863
MCQmedium

A company currently uses Microsoft 365 Business Basic licenses for 80 users. They want to add the desktop versions of Office apps (Word, Excel, PowerPoint) without any additional security or compliance features. Which upgrade is the most cost-effective?

A.Upgrade to Microsoft 365 Business Standard
B.Upgrade to Microsoft 365 Business Premium
C.Upgrade to Microsoft 365 E3
D.Purchase Office 2019 Professional Plus standalone
AnswerA

Business Standard includes full desktop Office apps at a lower cost than Premium or E3.

Why this answer

Microsoft 365 Business Standard is the most cost-effective upgrade from Business Basic because it includes the desktop versions of Office apps (Word, Excel, PowerPoint) without adding the advanced security and compliance features found in Business Premium or Enterprise plans. Business Standard provides the same core productivity tools at a lower per-user price point, making it the ideal choice when only desktop Office is needed.

Exam trap

The trap here is that candidates often choose Business Premium or E3 because they assume 'more features' means 'better value,' but the question explicitly states no additional security or compliance features are needed, making the lower-tier Business Standard the correct cost-effective choice.

How to eliminate wrong answers

Option B is wrong because Microsoft 365 Business Premium includes advanced security and compliance features (e.g., Microsoft Defender for Office 365, Azure Information Protection) that are not required, making it more expensive than necessary. Option C is wrong because Microsoft 365 E3 is an enterprise plan with additional capabilities like advanced eDiscovery, legal hold, and larger mailbox storage, which are overkill and significantly more costly for a small business needing only desktop Office. Option D is wrong because Office 2019 Professional Plus standalone is a non-subscription product that lacks cloud integration, updates, and support, and is not a direct upgrade path from Microsoft 365 Business Basic; it also does not include the same cloud services (e.g., Exchange Online, SharePoint) that the company already uses.

864
MCQmedium

While preparing a Microsoft 365 adoption plan, a consultant is asked to assign licenses automatically when users join a department group. Microsoft 365 licensing, admin, or support concept is most relevant?

A.Microsoft Stream
B.Microsoft Forms
C.Microsoft Whiteboard
D.Group-based licensing
AnswerD

Group-based licensing assigns licenses based on group membership.

Why this answer

Group-based licensing in Microsoft 365 allows administrators to automatically assign or remove licenses based on Azure AD group membership. When a user joins a department group, the licensing assignment is triggered without manual intervention, making it the most relevant concept for automating license assignments in an adoption plan.

Exam trap

The trap here is that candidates confuse collaboration tools (Stream, Forms, Whiteboard) with licensing automation, failing to recognize that group-based licensing is the only option that directly addresses automatic license assignment via group membership.

How to eliminate wrong answers

Option A is wrong because Microsoft Stream is a video service for recording, sharing, and managing videos, not a licensing or group management tool. Option B is wrong because Microsoft Forms is a survey and quiz creation tool, unrelated to license automation. Option C is wrong because Microsoft Whiteboard is a digital canvas for collaboration, with no role in license assignment or group-based policies.

865
MCQeasy

A company wants to ensure that all outgoing emails containing sensitive financial data are encrypted automatically. The encryption should require the recipient to authenticate to read the message. Which Microsoft 365 solution should the administrator configure?

A.Microsoft Defender for Office 365
B.Microsoft Purview Message Encryption
C.Microsoft Purview Data Loss Prevention (DLP)
D.Microsoft Purview Insider Risk Management
AnswerB

This solution provides encrypted email delivery, allowing only authenticated recipients to decrypt and read the message. It can be automated via rules.

Why this answer

Microsoft Purview Message Encryption (MPME) is the correct solution because it allows organizations to send encrypted emails that require recipients to authenticate (via a Microsoft account or a one-time passcode) before they can read the message. This directly meets the requirement for automatic encryption of outgoing emails with sensitive financial data and recipient authentication.

Exam trap

The trap here is that candidates often confuse Microsoft Purview Data Loss Prevention (DLP) with Message Encryption, but DLP only detects and blocks sensitive data, while Message Encryption provides the actual encryption and recipient authentication required by the question.

How to eliminate wrong answers

Option A is wrong because Microsoft Defender for Office 365 is a security solution focused on threat protection (anti-phishing, anti-malware, safe attachments/links), not on encrypting outgoing emails with recipient authentication. Option C is wrong because Microsoft Purview Data Loss Prevention (DLP) can detect and block sensitive data in emails but does not natively encrypt messages with recipient authentication; it can trigger MPME policies but is not the encryption solution itself. Option D is wrong because Microsoft Purview Insider Risk Management is designed to detect and mitigate internal risks (e.g., data theft, policy violations) and does not provide email encryption or recipient authentication.

866
MCQmedium

A help desk lead is documenting the correct Microsoft 365 approach to web/mobile Office apps, business email, Teams, OneDrive, and SharePoint, but not desktop Office apps. Microsoft 365 licensing, admin, or support concept is most relevant?

A.Microsoft Stream
B.Microsoft Whiteboard
C.Microsoft Forms
D.Microsoft 365 Business Basic
AnswerD

Business Basic provides core cloud services and web/mobile apps without desktop Office apps.

Why this answer

The question describes a scenario requiring web/mobile Office apps, business email, Teams, OneDrive, and SharePoint—but explicitly excludes desktop Office apps. Microsoft 365 Business Basic is the correct plan because it includes all these services (Exchange Online for email, Teams, SharePoint Online, OneDrive for Business, and web/mobile versions of Office apps) without including the desktop Office applications, making it the most relevant licensing concept.

Exam trap

The trap here is that candidates often confuse Microsoft 365 Business Basic with Microsoft 365 Business Standard or Apps for Business, mistakenly thinking Basic includes desktop Office apps, or they incorrectly select a feature-specific tool (like Stream or Forms) instead of recognizing the question is about the correct licensing plan.

How to eliminate wrong answers

Option A is wrong because Microsoft Stream is a video service (for recording, sharing, and managing videos) and does not provide any of the core productivity services listed (email, Teams, OneDrive, SharePoint, or Office apps). Option B is wrong because Microsoft Whiteboard is a digital canvas collaboration tool, not a licensing plan that bundles the required services. Option C is wrong because Microsoft Forms is a survey and quiz creation tool, not a licensing plan that includes email, Teams, OneDrive, or SharePoint.

867
MCQhard

Your organization uses Microsoft 365 E5 and wants to implement Microsoft Copilot for Microsoft 365. Which licensing prerequisite must be met for each user?

A.Microsoft 365 F3
B.Microsoft 365 E3
C.Microsoft 365 E5
D.Microsoft 365 Business Premium
AnswerC

E5 is a prerequisite for Copilot for Microsoft 365.

Why this answer

Microsoft Copilot for Microsoft 365 requires users to have a license that includes Microsoft 365 E5 or an equivalent (such as Microsoft 365 E3 plus the Copilot add-on). The question specifies that the organization already uses Microsoft 365 E5, which is the prerequisite license for Copilot without needing an additional add-on. Option C is correct because Microsoft 365 E5 includes the necessary AI and security features (e.g., Microsoft Graph, Azure AD Premium P2, and advanced compliance) that Copilot relies on.

Exam trap

Microsoft often tests the misconception that any Microsoft 365 license (like Business Premium or F3) can support Copilot, but the trap here is that Copilot requires a specific enterprise-grade license (E3 or E5) with the necessary AI and security infrastructure, not just any Microsoft 365 plan.

How to eliminate wrong answers

Option A is wrong because Microsoft 365 F3 is a frontline worker license that lacks the full desktop apps and advanced security/compliance features required for Copilot; Copilot requires a license with Microsoft 365 E3 or E5 capabilities. Option B is wrong because Microsoft 365 E3 does not include Copilot by default; it requires an additional Copilot for Microsoft 365 add-on license (at an extra cost), whereas the question asks for the prerequisite license that must be met for each user, and E5 is the one that includes Copilot natively. Option D is wrong because Microsoft 365 Business Premium is designed for small and medium businesses and does not include Copilot for Microsoft 365; Copilot requires an E3 or E5 license (or equivalent with add-on), and Business Premium lacks the necessary enterprise-grade features like Azure AD Premium P2 and advanced compliance.

868
MCQmedium

An organization wants to automatically detect when a user attempts to share a document containing a customer's credit card number via email. The system should block the sharing and display a warning to the user. Which Microsoft Purview solution should they configure?

A.Data Loss Prevention (DLP)
B.Sensitivity labels
C.Retention policies
D.eDiscovery
AnswerA

DLP policies can automatically identify sensitive data like credit card numbers and enforce actions such as blocking and showing policy tips.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) is designed to identify, monitor, and automatically protect sensitive information—such as credit card numbers—across Exchange Online, SharePoint, OneDrive, and Teams. When a user attempts to share a document containing a credit card number via email, DLP can inspect the content using built-in sensitive information types (e.g., Credit Card Number), block the email, and display a policy tip warning to the user. This matches the requirement exactly.

Exam trap

The trap here is that candidates confuse sensitivity labels with DLP, assuming labels can block sharing, when in fact labels only apply protection settings (encryption, markings) and rely on DLP or other controls to enforce blocking actions.

How to eliminate wrong answers

Option B (Sensitivity labels) is wrong because sensitivity labels classify and protect data by applying encryption or visual markings, but they do not automatically inspect content for specific patterns like credit card numbers or block sharing actions in real time. Option C (Retention policies) is wrong because retention policies are used to preserve or delete data after a specified period for compliance or legal reasons, not to prevent sharing or detect sensitive content. Option D (eDiscovery) is wrong because eDiscovery is a tool for searching and exporting content for legal or investigative purposes, not for real-time blocking or warning on outbound sharing.

869
MCQmedium

During requirements gathering, an IT manager says the organization must allow a junior admin to read tenant configuration without making changes. Microsoft 365 licensing, admin, or support concept is most relevant?

A.Microsoft Forms
B.Microsoft Whiteboard
C.Global Reader
D.Microsoft Stream
AnswerC

Global Reader provides broad read-only visibility.

Why this answer

The Global Reader role in Microsoft Entra ID (formerly Azure AD) is specifically designed for read-only access to tenant configuration and settings across Microsoft 365 services. It allows a junior admin to view all administrative settings without the ability to make any changes, directly matching the requirement for read-only tenant configuration access.

Exam trap

The trap here is that candidates may confuse Global Reader with other read-only roles like Security Reader or Compliance Reader, but Global Reader is the only role that provides comprehensive read-only access to all tenant configuration settings across Microsoft 365.

How to eliminate wrong answers

Option A is wrong because Microsoft Forms is a survey and data collection application, not an admin role or licensing concept; it cannot provide read-only access to tenant configuration. Option B is wrong because Microsoft Whiteboard is a collaborative digital canvas tool, unrelated to administrative roles or tenant configuration access. Option D is wrong because Microsoft Stream is a video management service; it does not offer any administrative role for reading tenant configuration.

870
MCQhard

Refer to the exhibit. A tenant administrator runs this PowerShell command in Exchange Online. Which behavior will result?

A.The mailbox will have no retention policy applied
B.The retention policy will be applied but processing is suspended
C.The retention policy will be deleted from the mailbox
D.The mailbox will be placed on litigation hold
AnswerB

RetentionHoldEnabled suspends the policy processing, so items are not deleted or archived according to the policy.

Why this answer

Option D is correct. The command sets a retention policy and enables retention hold, which suspends the processing of the retention policy for the mailbox. This means retention actions like deletion are suspended.

Option A is incorrect because the retention policy is applied immediately. Option B is incorrect because the policy is applied, but hold is enabled. Option C is incorrect because the retention hold suspends policy processing, not deletes it.

871
MCQeasy

A user is trying to access Microsoft 365 services but is prompted for additional verification via a phone call. Which Microsoft 365 feature is enforcing this?

A.Microsoft Entra ID
B.Microsoft Purview
C.Microsoft Defender XDR
D.Microsoft Intune
AnswerA

Entra ID includes MFA for additional verification.

Why this answer

Microsoft Entra ID (formerly Azure AD) is the identity and access management service that enforces Conditional Access policies. When a user is prompted for additional verification via a phone call, it means a Conditional Access policy requiring multi-factor authentication (MFA) has been triggered. Entra ID evaluates the sign-in risk, user location, or device compliance and then invokes MFA through the Microsoft Authenticator service, which can deliver a phone call as one of the verification methods.

Exam trap

The trap here is that candidates often confuse Microsoft Defender XDR (a security monitoring tool) with identity security features, or they mistakenly think Intune or Purview handle authentication challenges, when in fact only Microsoft Entra ID (the identity provider) can enforce MFA prompts like phone call verification.

How to eliminate wrong answers

Option B (Microsoft Purview) is wrong because it is a compliance and data governance solution (e.g., data loss prevention, eDiscovery, retention policies), not an identity or authentication service; it does not enforce MFA prompts. Option C (Microsoft Defender XDR) is wrong because it is a unified security operations platform for threat detection and response across endpoints, email, and identities, but it does not directly enforce user authentication challenges like phone call verification. Option D (Microsoft Intune) is wrong because it is a mobile device management (MDM) and mobile application management (MAM) service that manages devices and apps, not authentication policies; while Intune can provide device compliance signals to Entra ID, the actual MFA enforcement is done by Entra ID, not Intune.

872
MCQeasy

Refer to the exhibit. An administrator is configuring a new Azure subscription with this ARM template snippet for Microsoft Defender for Cloud. What will be the immediate result?

A.All virtual machines will be automatically onboarded to Microsoft Defender for Endpoint
B.The subscription will be monitored for security issues and receive recommendations
C.The subscription will be protected by the highest security tier
D.No changes will occur until a security policy is manually created
AnswerB

Enabling Defender for Cloud provides continuous security assessment and actionable recommendations.

Why this answer

Option C is correct. Enabling Microsoft Defender for Cloud on a subscription activates the basic (free) tier, which provides security assessments and recommendations. Option A is incorrect because there are multiple pricing tiers.

Option B is incorrect because the free tier does not include the full suite of advanced protections. Option D is incorrect because manual configuration is not required for basic protection.

873
MCQmedium

A small business with 50 users currently has Microsoft 365 Business Basic subscriptions. They need the desktop versions of Office apps (Word, Excel, PowerPoint) for each user, in addition to the web and mobile versions they already have. What should they purchase for each user?

A.Microsoft 365 Business Standard license
B.Microsoft 365 F3 license
C.Office 365 E1 license
D.Microsoft 365 Business Voice add-on
AnswerA

Business Standard includes the desktop versions of Office apps along with all the features of Business Basic. This is the appropriate upgrade for users who need desktop Office.

Why this answer

Microsoft 365 Business Standard includes the desktop versions of Office apps (Word, Excel, PowerPoint) plus web and mobile access, making it the correct upgrade from Business Basic. The customer already has web and mobile apps via Business Basic, so adding Business Standard provides the missing desktop apps without over-provisioning.

Exam trap

The trap here is that candidates confuse 'Business Voice' as an Office app add-on rather than a PSTN telephony service, or they assume F3 or E1 include desktop apps because they are higher-tier enterprise plans, when in fact only Business Standard, Business Premium, and E3/E5 provide the full desktop Office suite.

How to eliminate wrong answers

Option B (Microsoft 365 F3 license) is wrong because F3 is a firstline worker plan that does not include the full desktop Office apps—it only provides web and mobile versions, which the customer already has. Option C (Office 365 E1 license) is wrong because E1 is an enterprise plan that also lacks desktop Office apps, offering only web and mobile access. Option D (Microsoft 365 Business Voice add-on) is wrong because it is a telephony add-on for calling features, not a license that includes desktop Office applications.

874
MCQmedium

A department head asks which Microsoft 365 option should be used to confirm whether a feature is included in a Microsoft 365 plan. Microsoft 365 licensing, admin, or support concept is most relevant?

A.Official Microsoft plan comparison and licensing documentation
B.Microsoft Stream
C.Microsoft Whiteboard
D.Microsoft Forms
AnswerA

Feature availability varies by plan and should be verified from official documentation.

Why this answer

Option A is correct because the official Microsoft plan comparison and licensing documentation (available at the Microsoft 365 admin center and the Microsoft 365 for business or enterprise plans page) provides the definitive, up-to-date list of features included in each subscription tier. This is the primary resource for confirming feature availability, as it directly maps service names (e.g., Exchange Online, Teams, SharePoint) to specific licensing SKUs, such as Microsoft 365 Business Basic or Microsoft 365 E5.

Exam trap

The trap here is that candidates often mistake a popular Microsoft 365 application (like Stream, Whiteboard, or Forms) for a resource that can verify licensing, when in fact only the official plan comparison and licensing documentation provides authoritative feature-to-plan mapping.

How to eliminate wrong answers

Option B is wrong because Microsoft Stream is a video service within Microsoft 365, not a tool for verifying licensing or feature inclusion; it is a feature itself, not a reference source. Option C is wrong because Microsoft Whiteboard is a collaborative digital canvas application, not a licensing or support resource; it cannot be used to confirm plan inclusions. Option D is wrong because Microsoft Forms is a survey and data collection tool, not a licensing documentation or support mechanism; it has no role in determining feature availability under a plan.

875
MCQhard

Your company is experiencing high costs for maintaining an on-premises email server and wants to reduce IT management overhead. Which Microsoft 365 service provides enterprise-grade email with minimal infrastructure management?

A.Microsoft Entra ID
B.SharePoint Online
C.Microsoft Intune
D.Exchange Online
AnswerD

Exchange Online is the cloud-hosted email service in Microsoft 365.

Why this answer

Option D is correct because Exchange Online is the cloud-based email service. Option A is wrong because Microsoft Entra ID is identity management. Option B is wrong because SharePoint Online is for collaboration and document management.

Option C is wrong because Microsoft Intune is for device management.

876
Multi-Selectmedium

Which THREE Microsoft 365 services are included in the Enterprise Mobility + Security (EMS) suite?

Select 3 answers
A.Microsoft Sentinel
B.Microsoft Purview
C.Microsoft Intune
D.Microsoft Entra ID
E.Microsoft Defender for Cloud Apps
AnswersC, D, E

Intune is part of EMS for mobile device management.

Why this answer

Microsoft Intune is a core component of Enterprise Mobility + Security (EMS) because it provides cloud-based mobile device management (MDM) and mobile application management (MAM) using the OMA-DM protocol. It enforces conditional access policies and allows IT to manage devices and applications without requiring on-premises infrastructure, directly aligning with EMS's goal of securing and managing endpoints.

Exam trap

Microsoft often tests the misconception that Microsoft Purview or Microsoft Sentinel are part of EMS, when in fact EMS focuses exclusively on identity, endpoint management, and cloud app security, not on SIEM or data governance.

877
MCQmedium

An organization wants to provide employees with a personalized news feed and learning resources within Microsoft 365. Which app should they use?

A.Microsoft Teams
B.Microsoft Stream
C.Microsoft Viva
D.Microsoft SharePoint
AnswerC

Viva provides personalized news, insights, and learning resources.

Why this answer

Microsoft Viva is the correct app because it is an employee experience platform that integrates with Microsoft 365 to deliver personalized news feeds via Viva Connections and curated learning resources through Viva Learning. Unlike other apps, Viva is specifically designed to aggregate content from across the organization and external sources into a single, tailored dashboard.

Exam trap

The trap here is that candidates often confuse Microsoft Viva with SharePoint or Teams, assuming those apps can natively provide personalized news and learning, but they lack the dedicated employee experience and AI-driven personalization that Viva is specifically built for.

How to eliminate wrong answers

Option A is wrong because Microsoft Teams is a collaboration hub for chat, meetings, and file sharing, not a dedicated app for personalized news feeds and learning resources. Option B is wrong because Microsoft Stream is a video service for recording, sharing, and managing videos, not for delivering personalized news or learning content. Option D is wrong because Microsoft SharePoint is a document management and collaboration platform that can host news and learning content, but it lacks the built-in personalization and aggregation features that Viva provides out of the box.

878
MCQhard

Your organization is a non-profit with 1000 users. You want to minimize costs while providing email, file storage, and Microsoft Teams. Which licensing strategy should you use?

A.Apply for Microsoft 365 Nonprofit Business Basic
B.Purchase Microsoft 365 Business Premium licenses
C.Purchase Microsoft 365 E5 licenses
D.Purchase Microsoft 365 E3 licenses at full price
AnswerA

Nonprofits are eligible for donated or discounted Microsoft 365 Business Basic licenses, which provide the required services at minimal cost.

Why this answer

The correct answer is D: Apply for Microsoft 365 Nonprofit Business Basic. Nonprofits can get discounted or donated plans. Microsoft 365 Business Basic includes Exchange Online, SharePoint, OneDrive, and Teams.

Option A (E3) is too expensive. Option B (Business Premium) includes more features than needed. Option C (E5) is overkill.

Option D is the most cost-effective.

879
MCQeasy

A company wants to enable its sales team to automatically generate meeting summaries and action items from Microsoft Teams conversations. Which Microsoft 365 app or feature provides this capability?

A.Microsoft Viva Insights
B.Microsoft Stream
C.Microsoft Copilot for Microsoft 365
D.Microsoft Forms
AnswerC

AI-powered assistant that summarizes meetings and generates action items.

Why this answer

Option A is correct because Microsoft Copilot for Microsoft 365 uses AI to summarize meetings and generate action items. Option B is wrong because Microsoft Viva Insights provides productivity analytics but not meeting summaries. Option C is wrong because Microsoft Stream hosts videos.

Option D is wrong because Microsoft Forms creates surveys.

880
MCQeasy

A small business with 10 users needs Microsoft 365 desktop versions of Office apps (Word, Excel, PowerPoint), business-grade email, and 1 TB of cloud storage per user. They do not need advanced security or compliance features. Which Microsoft 365 plan is the most cost-effective choice?

A.Microsoft 365 Business Basic
B.Microsoft 365 Business Standard
C.Microsoft 365 Business Premium
D.Microsoft 365 E3
AnswerB

Correct. Business Standard includes desktop Office apps, business-grade email, and 1 TB of cloud storage per user.

Why this answer

Microsoft 365 Business Standard is the most cost-effective plan that includes desktop versions of Office apps (Word, Excel, PowerPoint), business-grade email (Exchange Online), and 1 TB of OneDrive cloud storage per user. Business Basic only provides web and mobile apps, not desktop versions. Business Premium adds advanced security and compliance features (e.g., Microsoft Defender for Office 365, Azure Information Protection) that the customer explicitly does not need.

E3 is an enterprise plan with similar features but at a higher per-user cost, making it overkill for a 10-user small business.

Exam trap

The trap here is that candidates often confuse 'business-grade email' with the need for desktop Office apps, and incorrectly choose Business Basic because it includes Exchange Online email, forgetting that Basic lacks the desktop Office client installation rights that the question explicitly requires.

How to eliminate wrong answers

Option A is wrong because Microsoft 365 Business Basic includes only web and mobile versions of Office apps, not the full desktop installable versions (Word, Excel, PowerPoint) required by the customer. Option C is wrong because Microsoft 365 Business Premium includes advanced security and compliance features (e.g., Microsoft Defender for Office 365, Azure Information Protection, Data Loss Prevention) that the customer explicitly does not need, making it more expensive than necessary. Option D is wrong because Microsoft 365 E3 is an enterprise-grade plan designed for larger organizations with advanced compliance, security, and analytics capabilities (e.g., eDiscovery, Litigation Hold, Advanced Audit), and its per-user cost is significantly higher than Business Standard, making it an overpriced choice for a small business with only 10 users and no advanced requirements.

881
MCQhard

Contoso Pharmaceuticals uses Microsoft 365 E5 with Microsoft Purview. They have a requirement to automatically classify and protect documents containing research and development (R&D) data. The R&D data is stored in SharePoint Online and is defined by a custom sensitive info type that matches a specific pattern (e.g., 'R&D-XXXX-XXXX'). They want to apply a sensitivity label called 'Highly Confidential' to any document containing this pattern. The label should encrypt the document and restrict access to members of the R&D team only. Additionally, they want users to be prompted to apply the label when they create a new document in the R&D site. What should you configure?

A.Create a DLP policy that blocks sharing of documents containing the pattern.
B.Configure a default sensitivity label for the R&D SharePoint site.
C.Create an auto-labeling policy in Microsoft Purview that applies the 'Highly Confidential' label to documents containing the custom sensitive info type.
D.Train users to manually apply the 'Highly Confidential' label to R&D documents.
AnswerC

Auto-labeling can automatically apply the label with encryption and access control.

Why this answer

Option A is correct. Auto-labeling policies can automatically apply a sensitivity label based on sensitive info types. The label should be configured with encryption and access restrictions.

Option B (manual labeling) does not meet the automatic requirement. Option C (DLP policy) can detect but not apply labels automatically. Option D (default label) only applies a default label, not based on content.

882
MCQeasy

A company uses a cloud service where administrators can add or remove virtual machine instances through a web portal without contacting the provider. The provider bills only for the exact resources consumed. Which cloud computing characteristic does this scenario best demonstrate?

A.Rapid elasticity
B.On-demand self-service
C.Measured service
D.Resource pooling
AnswerB

The ability to provision and de-provision VMs via a web portal without interacting with the provider exemplifies on-demand self-service. Combined with consumption-based billing, this is the primary characteristic demonstrated.

Why this answer

On-demand self-service allows users to provision compute capabilities without requiring human interaction with the service provider. Measured service refers to metering resource usage; rapid elasticity is about scaling; resource pooling is about multi-tenancy. The combination of self-provisioning and usage-based billing points primarily to on-demand self-service.

883
Multi-Selectmedium

A sales team needs to manage leads, track customer interactions, and automate follow-up emails. They also want to collect customer feedback through surveys. Which two Microsoft 365 apps should they adopt for these requirements? (Choose two.)

Select 2 answers
A.Microsoft Dynamics 365 Sales
B.Microsoft Forms
C.Microsoft Stream
D.Microsoft Planner
AnswersA, B

Dynamics 365 Sales provides CRM capabilities for managing leads, contacts, and opportunities, plus workflows for automated follow-ups.

Why this answer

Microsoft Dynamics 365 Sales is a customer relationship management (CRM) application that provides lead management, customer interaction tracking, and automated follow-up email workflows. Microsoft Forms enables the creation and distribution of surveys to collect customer feedback, with responses automatically stored in Excel for analysis.

Exam trap

The trap here is that candidates may confuse Microsoft Stream or Planner as tools for customer interaction or feedback, overlooking that Dynamics 365 Sales is the dedicated CRM solution and Microsoft Forms is the specific survey tool within the Microsoft 365 ecosystem.

884
MCQmedium

Litware Inc. is a law firm that uses Microsoft 365 E5. They have a requirement to preserve all communications between attorneys and clients as legal hold for ongoing litigation. The legal team needs to identify and preserve all relevant emails and documents from specific users. The preservation should be indefinite until the hold is released. The IT team has enabled Litigation Hold for the mailboxes of the involved users. However, the legal team also needs to preserve documents in SharePoint Online and OneDrive for Business. What should you do to preserve the documents?

A.Create a retention policy in Microsoft Purview to retain all documents in the involved sites for 10 years.
B.Enable Litigation Hold for the users' OneDrive for Business accounts.
C.Create an eDiscovery case and place a hold on the relevant SharePoint sites and OneDrive accounts.
D.Apply a retention label to all documents in the involved sites.
AnswerC

eDiscovery hold can preserve content indefinitely in SharePoint and OneDrive.

Why this answer

Option C is correct. A eDiscovery hold can be placed on specific sites and mailboxes for a specific case. Option A (Litigation Hold) only applies to mailboxes, not SharePoint/OneDrive.

Option B (retention policy) is for time-based retention, not indefinite hold. Option D (label) does not preserve content permanently.

885
MCQhard

Contoso Ltd. is a multinational corporation with 10,000 employees. They have recently adopted Microsoft 365 E5 and want to implement a comprehensive security and compliance strategy. Their requirements include: 1) All sensitive emails must be encrypted in transit and at rest. 2) Access to SharePoint sites containing financial data must be restricted to employees from the finance department only, and only from compliant devices. 3) They need to detect and remediate insider threats involving data exfiltration via email and cloud storage. 4) They must comply with GDPR and be able to respond to DSARs within 30 days. 5) They want to use Microsoft 365 Copilot but ensure that Copilot only accesses data that users already have permission to see. Which combination of Microsoft 365 solutions should Contoso implement?

A.Enable Microsoft Purview Message Encryption, Conditional Access with device compliance, Microsoft Purview Insider Risk Management, Microsoft Purview eDiscovery (Premium), and Copilot with default permissions.
B.Deploy Azure Information Protection for email, Microsoft Entra ID Privileged Identity Management, Microsoft Sentinel, retention policies, and Copilot settings.
C.Implement Microsoft Purview Message Encryption, Microsoft Intune device compliance, Microsoft Defender for Cloud Apps, retention policies, and Copilot configuration.
D.Use Microsoft Purview Message Encryption, Conditional Access with device compliance, Microsoft Purview Insider Risk Management, eDiscovery (Premium), and Copilot's default permissions.
AnswerD

Covers all requirements correctly.

Why this answer

Option D is the best answer because it covers all requirements: Microsoft Purview Message Encryption (email encryption), Conditional Access with device compliance (restrict access), Insider Risk Management (insider threats), eDiscovery (DSARs), and Copilot's built-in permissions (least privilege). Option A lacks device compliance and proper insider threat detection. Option B uses Intune app protection instead of Conditional Access, which is less specific for SharePoint access.

Option C uses retention policies for DSARs, which is incorrect.

886
MCQmedium

During a Microsoft 365 planning workshop, identify purchased Microsoft 365 licenses that are not assigned. Microsoft 365 licensing, admin, or support concept is most relevant?

A.Microsoft Forms
B.Microsoft Stream
C.Microsoft Whiteboard
D.Available licenses
AnswerD

Available licenses are purchased but unassigned.

Why this answer

The question asks which concept is most relevant when identifying purchased but unassigned Microsoft 365 licenses. The 'Available licenses' count in the Microsoft 365 admin center directly shows the number of licenses purchased minus those assigned to users. This is a core licensing management concept, distinct from specific service apps like Forms, Stream, or Whiteboard.

Exam trap

The trap here is that candidates may confuse specific service applications (Forms, Stream, Whiteboard) with the licensing management concept, when the question is about identifying unassigned licenses, which is a core admin task tracked via the 'Available licenses' count.

How to eliminate wrong answers

Option A is wrong because Microsoft Forms is a survey and quiz application, not a licensing management tool; it does not show license counts or assignment status. Option B is wrong because Microsoft Stream is a video service for enterprise content, unrelated to tracking license inventory or assignments. Option C is wrong because Microsoft Whiteboard is a digital canvas collaboration app, not a licensing or admin console feature for viewing unassigned licenses.

887
MCQhard

An organization uses Microsoft 365 E5 and wants to automatically classify and protect sensitive documents stored in SharePoint Online based on content patterns (e.g., credit card numbers). They need to apply encryption and restrict access when such content is detected. Which Microsoft 365 service should they configure?

A.Microsoft Entra ID
B.Microsoft Purview Information Protection
C.Microsoft Sentinel
D.Microsoft Defender for Cloud Apps
AnswerB

Purview Information Protection provides automatic classification and labeling based on sensitive content.

Why this answer

Microsoft Purview Information Protection (formerly Azure Information Protection) is the correct service because it provides content-based classification and protection for sensitive data. It uses trainable classifiers and sensitive information types (e.g., credit card numbers) to automatically apply encryption and restrict access via sensitivity labels in SharePoint Online.

Exam trap

The trap here is that candidates often confuse Microsoft Defender for Cloud Apps (a CASB) with data classification, but it lacks the native content scanning and encryption enforcement that Purview Information Protection provides.

How to eliminate wrong answers

Option A is wrong because Microsoft Entra ID is an identity and access management service, not a content classification or protection engine; it cannot scan documents for patterns like credit card numbers. Option C is wrong because Microsoft Sentinel is a security information and event management (SIEM) solution for threat detection and response, not for data classification or encryption. Option D is wrong because Microsoft Defender for Cloud Apps is a cloud access security broker (CASB) that provides visibility and control over cloud apps, but it does not natively classify or encrypt content based on patterns within SharePoint documents.

888
MCQeasy

A sales team uses Microsoft 365 and wants to automatically capture and store email signatures for all outgoing messages. Which Microsoft 365 app should the administrator configure?

A.Microsoft Teams
B.Microsoft Viva Insights
C.Microsoft SharePoint Online
D.Microsoft Exchange Online
AnswerD

Exchange Online manages email transport rules and signatures.

Why this answer

Option A (Microsoft Exchange Online) is correct because email signatures are managed via Exchange mail flow rules or the Exchange admin center. Option B is wrong because Microsoft Teams is for collaboration, not email signatures. Option C is wrong because Microsoft SharePoint is for document management.

Option D is wrong because Microsoft Viva Insights focuses on productivity analytics.

889
MCQhard

A compliance officer needs to ensure that all user activities related to sensitive data in Microsoft 365 are recorded and available for forensic investigation. They require detailed logs of who accessed specific files in SharePoint Online, including attempts to access files that were blocked by DLP policies. Which solution should they enable?

A.Microsoft 365 Audit Log
B.Microsoft Defender for Cloud Apps
C.Microsoft Purview Activity Explorer
D.Microsoft 365 Defender
AnswerA

The unified audit log records all user and admin actions, including SharePoint file accesses and DLP actions, meeting forensic requirements.

Why this answer

Microsoft 365 Audit Log (Unified Audit Log) is the correct solution because it captures detailed records of user activities, including file access in SharePoint Online and blocked DLP policy actions. These logs are retained for forensic investigation and can be searched via the Microsoft 365 Purview compliance portal or accessed programmatically.

Exam trap

The trap here is that candidates confuse the real-time monitoring capabilities of Activity Explorer or Defender for Cloud Apps with the historical, searchable audit trail required for forensic investigation, mistakenly thinking those tools replace the Unified Audit Log.

How to eliminate wrong answers

Option B (Microsoft Defender for Cloud Apps) is wrong because it focuses on cloud app discovery, session controls, and anomaly detection, not on providing a comprehensive, searchable audit log of all user activities for forensic investigation. Option C (Microsoft Purview Activity Explorer) is wrong because it shows real-time activity insights and DLP rule matches, but it does not retain historical logs for extended forensic analysis; it relies on the underlying audit log for data. Option D (Microsoft 365 Defender) is wrong because it is a threat protection suite (including Microsoft Defender for Endpoint, Office 365, Identity, and Cloud Apps) designed for detecting and responding to security incidents, not for recording and retaining detailed user activity logs for compliance auditing.

890
MCQmedium

A compliance administrator needs to automatically detect when employees share documents containing a customer's credit card number via email and block such sharing before the email is sent. Which Microsoft Purview solution should they configure?

A.Data Loss Prevention (DLP)
B.Information Rights Management (IRM)
C.Sensitivity labels
D.Microsoft Defender for Office 365 (ATP)
AnswerA

DLP policies can identify sensitive data like credit card numbers in email and block the message from being sent.

Why this answer

Data Loss Prevention (DLP) is the correct solution because it is specifically designed to automatically detect sensitive data, such as credit card numbers, in transit (e.g., email) and enforce policy actions like blocking the email before it is sent. DLP uses deep content analysis, including pattern matching against predefined sensitive information types (e.g., credit card number regex), to inspect email bodies and attachments in real time within Exchange Online.

Exam trap

The trap here is that candidates often confuse Information Rights Management (IRM) with DLP because both involve protecting sensitive data, but IRM controls access after sending while DLP prevents the send action itself.

How to eliminate wrong answers

Option B is wrong because Information Rights Management (IRM) protects content after it is sent by encrypting and restricting permissions (e.g., prevent forwarding or printing), but it does not automatically detect or block sensitive data before transmission. Option C is wrong because sensitivity labels are used to classify and protect data based on manual or automatic labeling, but they do not natively scan for specific patterns like credit card numbers or block emails in transit; DLP policies can leverage labels, but the detection and blocking action is DLP's function. Option D is wrong because Microsoft Defender for Office 365 (formerly ATP) focuses on threat protection against malware, phishing, and malicious links, not on preventing accidental sharing of sensitive data like credit card numbers via content inspection.

891
MCQeasy

Your organization uses Microsoft 365 Business Premium. You need to protect users from phishing attacks by blocking malicious links in real-time when they click them in emails. Which feature provides this capability?

A.Microsoft Defender for Office 365 Safe Attachments
B.Microsoft Defender for Office 365 Safe Links
C.Exchange Online Protection (EOP) anti-spam policy
D.Microsoft Defender XDR
AnswerB

Safe Links protects users by checking URLs at click time.

Why this answer

Option A is correct because Microsoft Defender for Office 365 Safe Links provides time-of-click protection against malicious URLs. Option B is wrong because Safe Attachments scans attachments. Option C is wrong because Anti-spam policies filter spam.

Option D is wrong because Microsoft Defender XDR is a broader security suite.

892
MCQhard

A company wants to automate a business process where an approval request is sent to a manager when a new employee is added to the HR system. The HR system is a custom list in SharePoint Online. The process should run without any custom code. Which Microsoft 365 tool should they use to create this automation?

A.Microsoft Power Automate
B.Microsoft Power Apps
C.Microsoft SharePoint Designer
D.Microsoft Visio
AnswerA

Power Automate provides pre-built connectors and templates to create automated workflows triggered by SharePoint list changes, such as sending approval requests.

Why this answer

Microsoft Power Automate is the correct tool because it is designed specifically for creating automated workflows between apps and services without custom code. In this scenario, Power Automate can use a trigger (e.g., 'When an item is created or modified' in SharePoint) to send an approval request to a manager, fully meeting the requirement for a no-code solution.

Exam trap

The trap here is that candidates may confuse Microsoft Power Apps (for building apps) with Power Automate (for workflows), or mistakenly think SharePoint Designer is still a viable no-code option, when in fact it is deprecated and requires custom code.

How to eliminate wrong answers

Option B (Microsoft Power Apps) is wrong because Power Apps is a low-code platform for building custom applications, not for automating workflows or approval processes. Option C (Microsoft SharePoint Designer) is wrong because SharePoint Designer is a legacy tool for customizing SharePoint sites and workflows, but it requires custom code and is deprecated in favor of Power Automate. Option D (Microsoft Visio) is wrong because Visio is a diagramming and visualization tool for creating process maps, not for executing automated workflows.

893
MCQmedium

A tenant administrator is advising a department that wants to find who made Microsoft 365 admin changes and when. Microsoft 365 licensing, admin, or support concept is most relevant?

A.Microsoft Stream
B.Microsoft Whiteboard
C.Microsoft Forms
D.Microsoft Purview Audit
AnswerD

Audit records can show administrator activities and timing.

Why this answer

Microsoft Purview Audit (formerly Office 365 Audit) is the correct answer because it provides a unified audit log that records every admin and user action across Microsoft 365 services, including who made a change, what change was made, and when it occurred. This directly meets the department's requirement to track Microsoft 365 admin changes. The other options are productivity tools that do not offer audit logging or change tracking capabilities.

Exam trap

The trap here is that candidates may confuse Microsoft Purview Audit with other Microsoft 365 services that have 'audit' in their name or assume that productivity tools like Forms or Stream include administrative logging, when in fact only Purview Audit provides the centralized, searchable audit log required for tracking admin changes.

How to eliminate wrong answers

Option A is wrong because Microsoft Stream is a video management and sharing service, not a tool for auditing admin changes. Option B is wrong because Microsoft Whiteboard is a digital canvas for collaboration, with no audit or change-tracking functionality. Option C is wrong because Microsoft Forms is a survey and quiz creation tool, lacking any audit logging features.

894
MCQmedium

During a Microsoft 365 planning workshop, understand which security tasks Microsoft handles and which remain with the customer. Cloud concept or benefit best matches this requirement?

A.Microsoft Planner
B.Data Loss Prevention (DLP)
C.Sensitivity labels
D.Shared responsibility model
AnswerD

The shared responsibility model explains provider and customer responsibilities in cloud services.

Why this answer

The shared responsibility model defines which security tasks are managed by Microsoft (e.g., physical security, hypervisor patching) and which remain with the customer (e.g., user access, data classification). This directly matches the requirement to understand task ownership during a planning workshop. Options like Microsoft Planner, DLP, and sensitivity labels are specific features, not the overarching cloud concept that clarifies responsibility boundaries.

Exam trap

The trap here is that candidates confuse specific security features (like DLP or sensitivity labels) with the overarching shared responsibility model, which is the foundational cloud concept that defines who owns each security task.

How to eliminate wrong answers

Option A is wrong because Microsoft Planner is a project management tool for task assignment and scheduling, not a security concept or model for defining responsibility boundaries. Option B is wrong because Data Loss Prevention (DLP) is a specific security policy feature that helps prevent data leaks, but it does not explain which security tasks Microsoft handles versus the customer. Option C is wrong because sensitivity labels are a classification and protection mechanism for data, not a model that delineates shared security responsibilities between provider and tenant.

895
MCQmedium

A company wants to automatically send an email notification to a manager when a new request is submitted in a SharePoint list. The process should require no custom code. Which Microsoft 365 tool should they use?

A.Power Automate
B.SharePoint Designer
C.Power Apps
D.Microsoft Lists
AnswerA

Power Automate provides pre-built templates and triggers, like 'When a new item is created in SharePoint', to send email notifications without code.

Why this answer

Power Automate is the correct choice because it provides a no-code, trigger-based workflow engine that can automatically send an email when a new item is added to a SharePoint list. It integrates directly with SharePoint and Outlook, requiring no custom code or developer intervention.

Exam trap

The trap here is that candidates may confuse Microsoft Lists (a data storage tool) with Power Automate (the automation engine), or mistakenly think SharePoint Designer is still the standard for no-code workflows, when in fact Power Automate is the modern, recommended solution for this scenario.

How to eliminate wrong answers

Option B is wrong because SharePoint Designer is a legacy tool that requires custom workflows (often using SharePoint 2010/2013 workflow types) and is deprecated for new solutions; it also demands more technical overhead and is not recommended for modern no-code automation. Option C is wrong because Power Apps is a low-code platform for building custom applications and user interfaces, not for automating email notifications based on list events. Option D is wrong because Microsoft Lists is a data management and tracking application that does not include built-in automation capabilities; it relies on Power Automate for any workflow or notification logic.

896
MCQmedium

A manager wants to set up a daily automated reminder email to employees who have not completed a mandatory training video in Microsoft Stream. The reminder should stop once the training is marked complete. Which Microsoft 365 tool should the manager use?

A.Power Automate
B.Microsoft Forms
C.SharePoint Designer
D.Viva Learning
AnswerA

Power Automate can create a flow that triggers daily, checks the training completion status via Microsoft 365 apps, and sends reminder emails only to those who haven't completed, stopping when done.

Why this answer

Power Automate is the correct tool because it can create an automated workflow that queries Microsoft Stream (or a connected system like SharePoint or a custom list) for employees who have not completed the training, sends a daily reminder email, and stops when the training status changes to 'complete'. This leverages triggers like 'Recurrence' and conditions based on data from Stream or a related data source.

Exam trap

The trap here is that candidates often confuse Viva Learning (a learning portal) with an automation tool, assuming it can send reminders, but Viva Learning lacks workflow triggers and actions for automated email scheduling.

How to eliminate wrong answers

Option B is wrong because Microsoft Forms is a survey and data collection tool, not an automation engine; it cannot send automated reminders or check completion status. Option C is wrong because SharePoint Designer is a legacy tool for SharePoint 2010/2013 workflows, not designed for Microsoft 365 cloud automation or integration with Stream. Option D is wrong because Viva Learning is a learning management interface for accessing and assigning training content, but it lacks native workflow automation to send recurring reminders based on completion status.

897
MCQmedium

While preparing a Microsoft 365 adoption plan, a consultant is asked to let users report suspicious phishing messages from Outlook for investigation. Microsoft security, identity, or compliance capability should it use?

A.Microsoft Defender for Office 365 user submissions
B.Microsoft Planner
C.Microsoft Forms
D.Microsoft Stream
AnswerA

Defender for Office 365 supports user submissions and investigation workflows for suspicious email.

Why this answer

Microsoft Defender for Office 365 user submissions (Option A) is the correct capability because it allows users to report suspicious phishing messages directly from Outlook, which are then routed to the Microsoft 365 Defender portal for investigation and analysis. This feature integrates with the built-in Report Message or Report Phishing add-ins, enabling security teams to review and act on user-reported threats within the unified security operations framework.

Exam trap

The trap here is that candidates may confuse Microsoft Forms (a generic survey tool) with a legitimate reporting mechanism, overlooking that Microsoft 365 provides a dedicated, integrated security solution (Defender for Office 365) for phishing submissions.

How to eliminate wrong answers

Option B (Microsoft Planner) is wrong because it is a task management and project planning tool, not a security or compliance feature for reporting phishing messages. Option C (Microsoft Forms) is wrong because it is a survey and data collection tool that lacks the automated integration with Microsoft 365 Defender required for phishing investigation workflows. Option D (Microsoft Stream) is wrong because it is a video sharing and management platform, with no capability to process or analyze email security threats.

898
MCQhard

Refer to the exhibit. You are configuring a Microsoft Purview Data Loss Prevention (DLP) policy in the Microsoft 365 compliance portal. The policy is intended to block access to files containing credit card numbers when accessed from outside the organization. However, users report that the policy is not blocking access. What is the most likely reason?

A.The policy is not assigned to any locations.
B.The policy mode is set to 'advanced' which is not a valid mode; it should be 'enforce' or 'test'.
C.The confidence level is set to 'high' which is too restrictive.
D.The sensitive information type is incorrect.
AnswerB

The valid modes are 'test' and 'enforce'. 'Advanced' is not a mode; this likely means the policy is not applied.

Why this answer

Option B is correct because the policy mode 'advanced' is not a valid mode in Microsoft Purview DLP. The valid modes are 'enforce' (to actively block actions) and 'test' (to simulate policy effects without blocking). Setting the mode to an invalid value like 'advanced' would prevent the policy from enforcing any restrictions, explaining why access is not being blocked.

Exam trap

The trap here is that candidates may confuse policy mode with other settings like confidence level or location assignment, or assume 'advanced' is a valid mode similar to other Microsoft 365 features (e.g., advanced audit), when in fact DLP only supports 'enforce' and 'test' modes.

How to eliminate wrong answers

Option A is wrong because if the policy were not assigned to any locations, it would not apply at all, but users report the policy is configured and expected to work, implying it is assigned; the issue is with enforcement mode. Option C is wrong because setting the confidence level to 'high' makes the policy more restrictive (requiring stronger evidence of a credit card number), which would reduce false positives but not prevent blocking when a match occurs; it would not cause a failure to block. Option D is wrong because if the sensitive information type were incorrect, the policy would not detect credit card numbers at all, but users report the policy is intended to block such content, and the issue is that it is not blocking despite being configured; the type is likely correct.

899
MCQmedium

During a Microsoft 365 planning workshop, host custom applications on virtual machines while managing the operating system. Cloud concept or benefit best matches this requirement?

A.Platform as a Service (PaaS)
B.Infrastructure as a Service (IaaS)
C.Hybrid cloud
D.Software as a Service (SaaS)
AnswerB

IaaS provides virtual machines, storage, and networking while customers manage the operating system and applications.

Why this answer

Infrastructure as a Service (IaaS) provides virtualized computing resources over the internet, including virtual machines where you can host custom applications and have full control over the operating system. This matches the requirement because IaaS gives you the flexibility to manage the OS, install custom software, and configure the environment without worrying about the underlying physical hardware.

Exam trap

The trap here is that candidates often confuse PaaS with IaaS because both involve hosting applications, but PaaS does not allow OS-level management, which is the key differentiator in this question.

How to eliminate wrong answers

Option A is wrong because Platform as a Service (PaaS) abstracts away the operating system and infrastructure management, focusing on deploying and managing applications without OS-level control, which contradicts the requirement to manage the operating system. Option C is wrong because Hybrid cloud is a deployment model that combines public and private clouds, not a service model that provides virtual machines with OS management capabilities. Option D is wrong because Software as a Service (SaaS) delivers fully managed applications accessed via a browser or client, with no access to the underlying OS or virtual machines.

900
MCQeasy

Refer to the exhibit. An ARM template snippet. What is this template deploying?

A.A SQL database.
B.A virtual machine.
C.A web app.
D.A standard Azure Storage account.
AnswerD

Defined by the resource type and kind.

Why this answer

The ARM template snippet defines a resource of type 'Microsoft.Storage/storageAccounts', which is the Azure Resource Manager (ARM) resource provider for Azure Storage. The 'kind' property is set to 'StorageV2', which indicates a general-purpose v2 storage account, and the 'sku' specifies 'Standard_LRS', confirming it is a standard storage account with locally redundant storage. Therefore, the template is deploying a standard Azure Storage account.

Exam trap

The trap here is that candidates may confuse the 'Microsoft.Storage/storageAccounts' resource type with other services like SQL databases or web apps, or they might overlook the 'kind' and 'sku' properties that specifically identify a standard storage account, leading them to select a wrong answer based on superficial reading.

How to eliminate wrong answers

Option A is wrong because a SQL database is deployed using the 'Microsoft.Sql/servers/databases' resource type, not 'Microsoft.Storage/storageAccounts'. Option B is wrong because a virtual machine is deployed using the 'Microsoft.Compute/virtualMachines' resource type, which includes properties like 'hardwareProfile' and 'storageProfile', not storage account properties. Option C is wrong because a web app is deployed using the 'Microsoft.Web/sites' resource type, which defines site configurations and app settings, not storage account properties.

Page 11

Page 12 of 14

Page 13