Tag Archives: Microsoft 365

Microsoft, Microsoft 365

Microsoft MD-102 Endpoint Administrator Exam Dumps

MD-102 Endpoint Administrator Exam Dumps

Candidates for this exam have subject matter expertise deploying, configuring, protecting, managing, and monitoring devices and client applications in a Microsoft 365 environment. They manage identity, security, access, policies, updates, and apps for endpoints. They implement solutions for efficient deployment and management of endpoints on various operating systems, platforms, and device types. They implement and manage endpoints at scale by using Microsoft Intune, Windows 365, Windows Autopilot, Microsoft Defender for Endpoint, and Azure Active Directory (Azure AD), part of Microsoft Entra.

Endpoint administrators collaborate with architects, Microsoft 365 administrators, security administrators, and other workload administrators to plan and implement a modern workplace strategy that meets the business needs of an organization.

Candidates for this exam have experience with Azure AD and Microsoft 365 technologies including Intune. They must have strong skills and experience in deploying, configuring, and maintaining Windows client and non-Windows devices.

Important
Passing score: 700. Learn more about exam scores. Beta exams are not scored immediately because we’re gathering data on the quality of the questions and the exam. Learn more about the value and importance of beta exams.

On July 1, 2023, the Microsoft 365 Certified: Modern Desktop Administrator Associate certification will be renamed to Microsoft 365 Certified: Endpoint Administrator Associate. Learn more.

Tip

Review the MD-102 study guide to help you prepare for the exam
Demo the exam experience by visiting our exam sandbox
Part of the requirements for: Microsoft 365 Certified: Modern Desktop Administrator Associate
Related exams: none
Go to Learn Profile

Exam MD-102: Endpoint Administrator (beta)
Languages: English
Retirement date: none
This exam measures your ability to accomplish the following technical tasks: deploy Windows client; manage identity and compliance; manage, maintain, and protect devices; and manage applications.

Skills measured
Review the study guide linked in the preceding “Tip” box for details about the skills measured on this exam.
Deploy Windows client (25–30%)
Manage identity and compliance (15–20%)
Manage, maintain, and protect devices (40–45%)
Manage applications (10–15%)

Objective domain: skills the exam measures
Some exams are localized into other languages, and those are updated approximately eight weeks after the English version is updated. Other available languages are listed in the Schedule Exam section of the Exam Details webpage. If the exam isn’t available in your preferred language, you can request an additional 30 minutes to complete the exam.

Note
The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. Related topics may be covered in the exam.

Note
Most questions cover features that are general availability (GA). The exam may contain questions on Preview features if those features are commonly used.

Skills measured

Audience profile
Candidates for this exam have subject matter expertise deploying, configuring, protecting, managing, and monitoring devices and client applications in a Microsoft 365 environment. They manage identity, security, access, policies, updates, and apps for endpoints. They implement solutions for efficient deployment and management of endpoints on various operating systems, platforms, and device types. They implement and manage endpoints at scale by using Microsoft Intune, Windows 365, Windows Autopilot, Microsoft Defender for Endpoint, and Azure Active Directory (Azure AD), part of Microsoft Entra.

Endpoint administrators collaborate with architects, Microsoft 365 administrators, security administrators, and other workload administrators to plan and implement a modern workplace strategy that meets the business needs of an organization.

Candidates for this exam have experience with Azure AD and Microsoft 365 technologies including Intune. They must have strong skills and experience in deploying, configuring, and maintaining Windows client and non-Windows devices

Examkingdom Microsoft MD-102 Exam pdf,

MCTS Training, MCITP Trainnig

Best Microsoft MD-102 Free downloads , Microsoft MD-102 Dumps at Certkingdom.com

Deploy Windows client (25–30%)
Manage identity and compliance (15–20%)
Manage, maintain, and protect devices (40–45%)
Manage applications (10–15%)

Deploy Windows client (25–30%)
Prepare for a Windows client deployment
Select a deployment tool based on requirements
Choose between migrate and rebuild
Choose an imaging and/or provisioning strategy
Select a Windows edition based on requirements
Implement subscription-based activation
Plan and implement a Windows client deployment by using Windows Autopilot
Configure device registration for Autopilot
Create, validate, and assign deployment profiles
Set up the Enrollment Status Page (ESP)
Deploy Windows devices by using Autopilot
Troubleshoot an Autopilot deployment
Plan and implement a Windows client deployment by using the Microsoft Deployment Toolkit (MDT)
Plan and implement an MDT deployment infrastructure
Create, manage, and deploy images
Monitor and troubleshoot a deployment
Plan and configure user state migration
Configure remote management
Configure Remote Help in Intune
Configure Remote Desktop on a Windows client
Configure the Windows Admin Center
Configure PowerShell remoting and Windows Remote Management (WinRM)

Manage identity and compliance (15–20%)
Manage identity
Implement user authentication on Windows devices, including Windows Hello for Business, passwordless, and tokens
Manage role-based access control (RBAC) for Intune
Register devices in and join devices to Azure AD
Implement the Intune Connector for Active Directory
Manage the membership of local groups on Windows devices
Implement and manage Local Administrative Passwords Solution (LAPS) for Azure AD
Implement compliance policies for all supported device platforms by using Intune
Specify compliance policies to meet requirements
Implement compliance policies
Implement Conditional Access policies that require a compliance status
Manage notifications for compliance policies
Monitor device compliance
Troubleshoot compliance policies

Manage, maintain, and protect devices (40–45%)
Manage the device lifecycle in Intune
Configure enrollment settings
Configure automatic and bulk enrollment, including Windows, Apple, and Android
Configure policy sets
Restart, retire, or wipe devices
Manage device configuration for all supported device platforms by using Intune
Specify configuration profiles to meet requirements
Implement configuration profiles
Monitor and troubleshoot configuration profiles
Configure and implement Windows kiosk mode
Configure and implement profiles on Android devices, including fully managed, dedicated, corporate owned, and work profile
Plan and implement Microsoft Tunnel for Intune
Monitor devices
Monitor devices by using Intune
Monitor devices by using Azure Monitor
Analyze and respond to issues identified in Endpoint analytics and Adoption Score
Manage device updates for all supported device platforms by using Intune
Plan for device updates
Create and manage update policies by using Intune
Manage Android updates by using configuration profiles
Monitor updates
Troubleshoot updates in Intune
Configure Windows client delivery optimization by using Intune
Create and manage update rings by using Intune
Implement endpoint protection for all supported device platforms
Implement and manage security baselines in Intune
Create and manage configuration policies for Endpoint security including antivirus, encryption, firewall, endpoint detection and response (EDR), and attack surface reduction (ASR)
Onboard devices to Defender for Endpoint
Implement automated response capabilities in Defender for Endpoint
Review and respond to device issues identified in the Microsoft Defender Vulnerability Management dashboard

Manage applications (10–15%)
Deploy and update apps for all supported device platforms
Deploy apps by using Intune
Configure Microsoft 365 Apps deployment by using the Microsoft Office Deployment Tool or Office Customization Tool (OCT)
Manage Microsoft 365 Apps by using the Microsoft 365 Apps admin center
Deploy Microsoft 365 Apps by using Intune
Configure policies for Office apps by using Group Policy or Intune
Deploy apps to platform-specific app stores by using Intune
Plan and implement app protection and app configuration policies
Plan and implement app protection policies for iOS and Android
Manage app protection policies
Implement Conditional Access policies for app protection policies
Plan and implement app configuration policies for managed apps and managed devices
Manage app configuration policies

QUESTION 1
Which user can enroll Device6 in Intune?

A. User4 and User2 only
B. User4 and User 1 only
C. User1, User2, User3, and User4
D. User4. User Land User2 only

Answer: B

QUESTION 2
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE:
Each correct selection is worth one point.
Answer:
Explanation:

QUESTION 3
Which users can purchase and assign App1?

A. User3 only
B. User1 and User3 only
C. User1, User2, User3, and User4
D. User1, User3, and User4 only
E. User3 and User4 only

Answer: B

Microsoft 365

MS-101 Microsoft 365 Mobility and Security Exam updated on November 24, 2021

The content of this exam was updated on November 24, 2021. Please download the skills measured document below to see what changed.

Exam MS-101: Microsoft 365 Mobility and Security
Languages: English, Japanese
Retirement date: none

This exam measures your ability to accomplish the following technical tasks: implement modern device services; implement Microsoft 365 security and threat management; and manage Microsoft 365 governance and compliance.

Skills measured
The content of this exam was updated on November 24, 2021. Please download the exam skills outline below to see what changed.
Implement modern device services (40-45%)
Implement Microsoft 365 security and threat management (20-25%)
Manage Microsoft 365 governance and compliance (35-40%)

Audience Profile
Candidates for this exam are Microsoft 365 Enterprise Administrators who take part in evaluating, planning, migrating, deploying, and managing Microsoft 365 services. They perform Microsoft 365 tenant management tasks for an enterprise, including its identities, security, compliance, and supporting technologies.

Candidates have a working knowledge of Microsoft 365 workloads and should have been an administrator for at least Exchange, SharePoint, Teams, Windows 10 deployment. Candidates also have a working knowledge of networking, server administration, and IT fundamentals such as DNS, Active Directory, and PowerShell.

Skills Measured
NOTE: The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. This list is NOT definitive or exhaustive.
NOTE: Most questions cover features that are General Availability (GA). The exam may contain questions on Preview features if those features are commonly used.

Implement modern device services (40-45%)

Plan device management
 plan device monitoring
 plan Microsoft Endpoint Manager implementation and integration with Azure AD
 plan co-management between Endpoint Configuration Manager and Intune
 plan for configuration profiles

Manage device compliance
 plan for device compliance
 plan for attack surface reduction
 configure security baselines
 configure device compliance policy
 plan and configure conditional access policies

Plan for apps
 create and configure Microsoft Store for Business
 plan app deployment
 plan for mobile application management (MAM)

Plan Windows 10 deployment
 plan for Windows as a Service (WaaS)
 plan for managing Windows quality and feature updates
 plan Windows 10 Enterprise deployment methods
 analyze upgrade readiness for Windows 10 by using services such as Desktop Analytics
 evaluate and deploy additional Windows 10 Enterprise security features

Enroll devices
 plan for device join or device registration to Azure Active Directory (Azure AD)
 plan for manual and automated device enrollment into Intune
 enable device enrollment into Intune

Implement Microsoft 365 security and threat management (20-25%)

Manage security reports and alerts
 evaluate and manage Microsoft Office 365 tenant security by using Secure Score
 manage incident investigation
 review and manage Microsoft 365 security alerts

Plan and implement threat protection with Microsoft 365 Defender
 plan Microsoft Defender for Endpoint
 design Microsoft Defender for Office 365 policies
 implement Microsoft Defender for Identity

Plan Microsoft Cloud App Security
 plan information protection by using Cloud App Security
 plan policies to manage access to cloud apps
 plan for application connectors
 configure Cloud App Security policies
 review and respond to Cloud App Security alerts
 monitor for unauthorized cloud applications

Manage Microsoft 365 governance and compliance (35-40%)

Plan for compliance requirements
 plan compliance solutions
 assess compliance
 plan for and implement privileged access management
 plan for legislative and regional or industry requirements and drive implementation

Manage information governance
 plan data classification
 plan for classification labeling
 plan for restoring deleted content
 implement records management
 design data retention labels and policies in Microsoft 365

Implement Information protection
 plan an information protection solution
 plan and implement sensitivity labels and policies
 monitor label alerts and analytics
 deploy Azure Information Protection unified labels clients
 configure Information Rights Management (IRM) for workloads
 plan for Windows information Protection (WIP) implementation

Plan and implement data loss prevention (DLP)
 plan for DLP
 configure DLP policies
 monitor DLP

Manage search and investigation
 plan and configure auditing
 plan and configure eDiscovery
 implement and manage insider risk management
 design a Content Search solution

QUESTION 1
Note: This question is part of a series of questions that present the same scenario. Each question in
the series contains a unique solution that might meet the stated goals. Some question sets might have
more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You are deploying Microsoft Endpoint Manager.
You successfully enroll Windows 10 devices in Endpoint Manager.
When you try to enroll an iOS device in Endpoint Manager, you get an error.
You need to ensure that you can enroll the iOS device in Endpoint Manager.
Solution: You add your user account as a device enrollment manager.
Does this meet the goal?

A. Yes
B. No

Answer: B

QUESTION 2
Note: This question is part of a series of questions that present the same scenario. Each question in
the series contains a unique solution that might meet the stated goals. Some question sets might have
more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You are deploying Microsoft Endpoint Manager.
You successfully enroll Windows 10 devices in Endpoint Manager.
When you try to enroll an iOS device in Endpoint Manager, you get an error.
You need to ensure that you can enroll the iOS device in Endpoint Manager.
Solution: You configure the Apple MDM Push certificate.
Does this meet the goal?

A. Yes
B. No

Answer: A

QUESTION 3
Note: This question is part of a series of questions that present the same scenario. Each question in
the series contains a unique solution that might meet the stated goals. Some question sets might have
more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You are deploying Microsoft Endpoint Manager.
You successfully enroll Windows 10 devices in Endpoint Manager.
When you try to enroll an iOS device in Endpoint Manager, you get an error.
You need to ensure that you can enroll the iOS device in Endpoint Manager.
Solution: You create an Apple Configurator enrollment profile.
Does this meet the goal?

A. Yes
B. No

Answer: B

QUESTION 4
Note: This question is part of a series of questions that present the same scenario. Each question in
the series contains a unique solution that might meet the stated goals. Some question sets might have
more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure
Active Directory (Azure AD).
You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).
You configure pilot co-management.
You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.
You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.
Solution: You create a device configuration profile from the Device Management admin center.
Does this meet the goal?

A. Yes
B. No

Answer: B

Examkingdom Microsoft MS-101 Exam pdf, Certkingdom Microsoft MS-101 PDF

MCTS Training, MCITP Trainnig

Best Microsoft MS-101 Certification, Microsoft MS-101 Training at certkingdom.com

Microsoft, Microsoft 365

MS-100 Microsoft 365 Identity and Services Exam, August 5, 2021 updated version

This exam was updated on August 5, 2021. Following the current exam guide, we have included a version of the exam guide with Track Changes set to “On,” showing the changes that were made to the exam on that date.

Audience Profile
Candidates for this exam are Microsoft 365 Enterprise Administrators who take part in evaluating, planning, migrating, deploying, and managing Microsoft 365 services. They perform Microsoft 365 tenant management tasks for an enterprise, including its identities, security, compliance, Power Platform, and supporting technologies.

Candidates have a working knowledge of Microsoft 365 workloads and should have been an administrator for at least one
one Microsoft 365 workload (Exchange, SharePoint, Teams), and Windows as a ServiceExchange, SharePoint, Teams, or Windows 10 deployment.
Candidates also have a working knowledge of networking, server administration, and IT fundamentals such as DNS, Active Directory, and PowerShell.

Skills Measured
NOTE: The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. This list is NOT definitive or exhaustive.
NOTE: Most questions cover features that are General Availability (GA). The exam may contain questions on Preview features if those features are commonly used.

Design and Implement Microsoft 365 Services (25-30%)
Plan architecture
 plan integration of Microsoft 365 and on-premises environments
 identify deployment workloads team
 plan an identity and authentication solution
 plan enterprise application modernization

Deploy a Microsoft 365 tenant
 manage domains
 configure organizational settings
 complete the organizational profile
 add a Microsoft partner or work with Microsoft FastTrack
 complete the subscription setup wizard
 plan and create a tenant
 edit an organizational profile
 plan and create subscription(s)
 configure tenant-wide workload settings

Manage Microsoft 365 subscription and tenant health
 manage service health alerts
 create and manage service requests
 create internal service health response plan
 monitor service health
 monitor license allocations
 configure and review reports, including Power BI, Operations Management Suite (OMS),Azure Monitor logs, Log Analytics workspaces, and Microsoft 365 reporting
 schedule and review security and compliance reports
 schedule and review usage metrics

Plan migration of users and data
 identify data to be migrated and migration methods
 identify users and mailboxes to be migrated and migration methods
 plan migration of on-premises users and groups
 import PST files

Manage User Identity and Roles (25-30%)

Design identity strategy
 evaluate requirements and solutions for synchronization
 evaluate requirements and solutions for identity management
 evaluate requirements and solutions for authentication

Plan identity synchronization
 design directory synchronization
 implement directory synchronization with directory services, federation services, and

Azure endpoints by using Azure AD Connect sync
 plan for directory synchronization using Azure AD cloud sync

Manage identity synchronization with Azure Active Directory (Azure AD)
 configure and manage directory synchronization by using Azure AD cloud sync
 configure directory synchronization by using Azure AD Connect
 monitor Azure AD Connect Health
 manage Azure AD Connect synchronization
 configure object filters
 configure password synchronization
 implement multi-forest AD Connect scenarios

Manage Azure AD identities
 plan Azure AD identities
 implement and manage self-service password reset (SSPR)
 manage access reviews
 manage groups
 manage passwords
 manage product licenses
 manage users
 perform bulk user management

Manage roles
 plan user roles
 manage admin roles
 allocate roles for workloads
 manage role allocations by using Azure AD

Manage Access and Authentication (15-20%)

Manage authentication
 design an authentication method
 configure authentication
 implement an authentication method
 manage authentication
 monitor authentication

Plan and implement secure access
 design a conditional access solution
 implement entitlement packages
 implement Azure AD Identity Protection
 manage identity protection
 implement conditional access
 manage conditional access
 implement and secure access for guest and external users

Configure application access
 configure application registration in Azure AD
 configure Azure AD Application Proxy
 publish enterprise apps in Azure AD

Plan Office 365 Workloads and Applications (25-30%)

Plan for Microsoft 365 Apps deployment
 plan for Microsoft connectivity
 manage Microsoft 365 Apps
 plan for Office online
 assess readiness using Microsoft analytics
 plan Microsoft 365 App compatibility
 manage Office 365 software downloads
 plan for Microsoft apps updates
 plan Microsoft telemetry and reporting

Plan for messaging deployments
 plan migration strategy
 plan messaging deployment
 identify hybrid requirements
 plan for connectivity
 plan for mail routing
 plan email domains

Plan for Microsoft SharePoint Online and OneDrive for Business
 plan migration strategy
 plan external share settings
 identify hybrid requirements
 manage access configurations
 manage Microsoft groups
 manage SharePoint tenant and site settings

Plan for Microsoft Teams infrastructure
 plan for communication and call quality and capacity
 plan for Phone System
 plan Microsoft Teams deployment
 plan Microsoft Teams organizational settings
 plan for guest and external access
 plan for Microsoft Teams hybrid connectivity and co-existence

Plan Microsoft Power Platform integration
 implement Microsoft Power Platform Center of Excellence (CoE) starter kit
 plan for Power Platform workload deployments
 plan resource deployment
 plan for connectivity (and data flow)
 manage environments
 manage resources

Actualkey Microsoft MS-100 Exam, Certkingdom Microsoft MS-100 PDF

MCTS Training, MCITP Trainnig

Best Microsoft MS-100 Certification, Microsoft MS-100 Training at certkingdom.com

QUESTION 1
You have a Microsoft 365 subscription.
Your company purchases a new financial application named App1.
From Cloud Discovery in Microsoft Cloud App Security, you view the Discovered apps page and discover that
many applications have a low score because they are missing information about domain registration and consumer popularity.
You need to prevent the missing information from affecting the score.
What should you configure from the Cloud Discover settings?

A. App tags
B. Score metrics
C. Organization details
D. Default behavior

Correct Answer: B

QUESTION 2
You have a Microsoft 365 tenant that contains a Microsoft Power Platform environment.
You need to ensure that only specific users can create new environments.
What should you do in the Power Platform admin center?

A. From Data policies, create a new data policy.
B. From Data integration, create a new connection set.
C. From Power Platform settings, modify the Governance settings for the environment.
D. From Environments, modify the behaviour settings for the default environment.

Correct Answer: C

QUESTION 3
Which migration solution should you recommend for Project1?

A. From Exchange Online PowerShell, run the New-MailboxImportRequest cmdlet.
B. From Exchange Online PowerShell, run the New-MailboxExportRequest cmdlet.
C. From Exchange admin center, start the migration and select Remote move migration.
D. From the Exchange admin center, start the migration and select Cutover migration.

Correct Answer: C

Explanation:
Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.
Fabrikam does NOT plan to implement identity federation.
ll users must be able to exchange email messages successfully during Project1 by using their current email address.
During Project1, some users will have mailboxes in Microsoft 365 and some users will have mailboxes in
Exchange on-premises. To enable users to be able to exchange email messages successfully during Project1
by using their current email address, we’ll need to configure hybrid Exchange.
To migrate mailboxes in a hybrid Exchange configuration, you use the Exchange admin center to perform

Remote move migrations.
Note:
There are several versions of this question in the exam. The question has two possible correct answers:
From Exchange admin center, start the migration and select Remote move migration.
From the Microsoft 365 admin center, start a data migration and click Exchange as the data service.
Other incorrect answer options you may see on the exam include the following:
From the Exchange admin center, start a migration and select Staged migration.
From the Microsoft 365 admin center, start a data migration and click Upload PST as the data service.
From the Microsoft 365 admin center, start a data migration and click Outlook as the data service.
From the Exchange admin center, start a migration and select Cutover migration.

QUESTION 4
You have a Microsoft 365 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.
Corporate policy states that user passwords must not include the word Contoso.
What should you do to implement the corporate policy?

A. From the Azure Active Directory admin center, configure the Password protection settings.
B. From the Microsoft 365 admin center, configure the Password policy settings.
C. From Azure AD Identity Protection, configure a sign-in risk policy.
D. From the Azure Active Directory admin center, create a conditional access policy.

Correct Answer: A

QUESTION 5
Your network contains an on-premises Active Directory forest.
You are evaluating the implementation of Microsoft 365 and the deployment of an authentication strategy.
You need to recommend an authentication strategy that meets the following requirements:
Allows users to sign in by using smart card-based certificates
Allows users to connect to on-premises and Microsoft 365 services by using SSO
Which authentication strategy should you recommend?

A. password hash synchronization and seamless SSO
B. federation with Active Directory Federation Services (AD FS)
C. pass-through authentication and seamless SSO

Correct Answer: B

Microsoft, Microsoft 365

Exam MS-500: Microsoft 365 Security Administration


The content of this exam will be updated on July 26, 2021. Please download the skills measured document below to see what will be changing.

Candidates for this exam implement, manage, and monitor security and compliance solutions for Microsoft 365 and hybrid environments. The Microsoft 365 Security Administrator proactively secures Microsoft 365 enterprise environments, responds to threats, performs investigations, and enforces data governance. The Microsoft 365 Security Administrator collaborates with the Microsoft 365 Enterprise Administrator, business stakeholders, and other workload administrators to plan and implement security strategies and ensures that the solutions comply with the policies and regulations of the organization.

Candidates for this exam are familiar with Microsoft 365 workloads and have strong skills and experience with identity protection, information protection, threat protection, security management, and data governance. This role focuses on the Microsoft 365 environment and includes hybrid environments.

Part of the requirements for: Microsoft 365 Certified: Security Administrator Associate
Related exams: none
Important: See details
Go to Certification Dashboard
Exam MS-500: Microsoft 365 Security Administration
Languages: English, Japanese
Retirement date: none

This exam measures your ability to accomplish the following technical tasks: implement and manage identity and access; implement and manage threat protection; implement and manage information protection; and manage governance and compliance features in Microsoft 365.

Price based on the country in which the exam is proctored.
For non-students interested in technology
Limited time offer for job seekers impacted by COVID-19 and students
Learn about our commitment to support people impacted by COVID-19.
Official practice test for Microsoft 365 Security Administration
All objectives of the exam are covered in depth so you’ll be ready for any question on the exam.

Skills measured
The content of this exam will be updated on July 26, 2021. Please download the exam skills outline below to see what will be changing.
Implement and manage identity and access (30-35%)
Implement and manage threat protection (20-25%)
Implement and manage information protection (15-20%)
Manage governance and compliance features in Microsoft 365 (25-30%)


The exam guide below shows the changes that will be implemented on July 26, 2021.

Audience Profile
Candidates for this exam implement, manage, and monitor security and compliance solutions for Microsoft 365 and hybrid environments. The Microsoft 365 Security Administrator proactively secures M365 enterprise environments, responds to threats, performs investigations, and enforces data governance. The Microsoft 365 Security Administrator collaborates with the Microsoft 365 Enterprise Administrator, business stakeholders, and other workload administrators to plan and implement security strategies and ensures that the solutions comply with the policies and regulations of the organization.

Candidates for this exam are familiar with M365 workloads and have strong skills and experience with identity protection, information protection, threat protection, security management, and data governance. This role focuses on the M365 environment and includes hybrid environments.

Skills Measured
NOTE: The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. This list is not definitive or exhaustive.
NOTE: Most questions cover features that are General Availability (GA). The exam may contain questions on Preview features if those features are commonly used.

Implement and manage identity and access (30-35%)
Secure Microsoft 365 hybrid environments
 plan Azure AD authentication options
 plan Azure AD synchronization options
 monitor and troubleshoot Azure AD Connect events

Secure Identities
 implement Azure AD group membership
 implement password management
 configure and manage identity governance

Implement authentication methods
 plan sign-on security
 implement multi-factor authentication (MFA) by using conditional access policy
 manage and monitor MFA
 plan and implement device authentication methods like Windows Hello
 configure and manage Azure AD user authentication options and self-service password management

Implement conditional access
 plan for compliance and conditional access policies
 configure and manage device compliance for endpoint security
 implement and manage conditional access

Implement role-based access control (RBAC)
 plan for roles
 configure roles
 audit roles

Implement Azure AD Privileged Identity Management (PIM)
 plan for Azure PIM
 assign eligibility and activate admin roles
 manage Azure PIM role requests and assignments
 monitor PIM history and alerts

Implement Azure AD Identity Protection
 implement user risk policy
 implement sign-in risk policy
 configure Identity Protection alerts
 review and respond to risk events

Implement and manage threat protection (20-25%)
Implement an enterprise hybrid threat protection solution
 plan a Microsoft Defender for Identity solution
 install and configure Microsoft Defender for Identity
 monitor and manage Microsoft Defender for Identity

Implement device threat protection
 plan a Microsoft Defender for Endpoint solution
 implement Microsoft Defender for Endpoint
 manage and monitor Microsoft Defender For Endpoint

Implement and manage device and application protection
 plan for device and application protection
 configure and manage Microsoft Defender Application Guard
 configure and manage Microsoft Defender Application Control
 configure and manage exploit protection
 configure Secure Boot
 configure and manage Windows device encryption
 configure and manage non-Windows device encryption
 plan for securing applications data on devices
 implement application protection policies

Implement and manage Microsoft Defender for Office 365
 configure Microsoft Defender for Office 365
 monitor Microsoft Defender for Office 365
 conduct simulated attacks using Attack Simulator

Monitor Microsoft 365 Security with Azure Sentinel
 plan and implement Azure Sentinel
 configure playbooks in Azure Sentinel
 manage and monitor Azure Sentinel
 respond to threats in Azure Sentinel

Implement and manage information protection (15-20%)
Secure data access within Office 365
 implement and manage Customer Lockbox
 configure data access in Office 365 collaboration workloads
 configure B2B sharing for external users

Manage sensitivity labels
 plan a sensitivity label solution
 configure sensitivity labels and policies.
 configure and use label analytics
 use sensitivity labels with Teams, Sharepoint, OneDrive and Office apps

Manage Data Loss Prevention (DLP)
 plan a DLP solution
 create and manage DLP policies
 create and manage sensitive information types
 monitor DLP reports
 manage DLP notifications

Implement and manage Microsoft Cloud App Security
 plan Cloud App Security implementation
 configure Microsoft Cloud App Security
 manage cloud app discovery
 manage entries in the Cloud app catalog
 manage apps in Cloud App Security
 manage Microsoft Cloud App Security
 configure Cloud App Security connectors and Oauth apps
 configure Cloud App Security policies and templates
 review, interpret and respond to Cloud App Security alerts, reports, dashboards and logs.

Manage governance and compliance features in Microsoft 365 (25-30%)
Configure and analyze security reporting
 monitor and manage device security status using Microsoft Endpoint Manager Admin Center.
 manage and monitor security and dashboards using Microsoft 365 Security Center
 plan for custom security reporting with Graph Security API
 use secure score dashboards to review actions and recommendations
 configure alert policies

Manage and analyze audit logs and reports
 plan for auditing and reporting
 perform audit log search
 review and interpret compliance reports and dashboards
 configure audit alert policy

Manage data governance and retention
 plan for data governance and retention
 review and interpret data governance reports and dashboards
 configure retention labels and policies
 define data governance event types
 define and manage communication compliance policies
 configure Information holds
 find and recover deleted Office 365 data
 configure data archiving
 manage inactive mailboxes

Manage search and investigation
 plan for content search and eDiscovery
 delegate permissions to use search and discovery tools
 use search and investigation tools to perform content searches
 export content search results
 manage eDiscovery cases

Manage data privacy regulation compliance
 plan for regulatory compliance in Microsoft 365
 review and interpret GDPR dashboards and reports
 manage Data Subject Requests (DSRs)
 administer Compliance Manager in Microsoft 365 compliance center
 review Compliance Manager reports
 create and perform Compliance Manager assessments and action items

QUESTION 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 subscription.
You have a user named User1. Several users have full access to the mailbox of User1.
Some email messages sent to User1 appear to have been read and deleted before the user viewed them.
When you search the audit log in Microsoft 365 Compliance to identify who signed in to the mailbox of User1, the results are blank.
You need to ensure that you can view future sign-ins to the mailbox of User1.
You run the Set-MailboxFolderPermission –Identity “User1”
-User User1@contoso.com –AccessRights Owner command.
Does that meet the goal?

A. Yes
B. No
Correct Answer: B

QUESTION 2
You have a Microsoft 365 E3 subscription.
You plan to audit all Microsoft Exchange Online user and admin activities.
You need to ensure that all the Exchange audit log records are retained for one year.
What should you do?

A. Modify the retention period of the default audit retention policy.
B. Create a custom audit retention policy.
C. Assign Microsoft 365 Enterprise E5 licenses to all users.
D. Modify the record type of the default audit retention policy.

Correct Answer: C

QUESTION 3
You have a Microsoft 365 subscription.
You have a team named Team1 in Microsoft Teams.
You plan to place all the content in Team1 on hold.
You need to identify which mailbox and which Microsoft SharePoint site collection are associated to Team1.
Which cmdlet should you use?

A. Get-UnifiedGroup
B. Get-MailUser
C. Get-Team
D. Get-TeamChannel

Correct Answer: A

QUESTION 4
You have an Azure Sentinel workspace that has an Azure Active Directory (Azure AD) connector and a Microsoft Office 365 connector.
You need to use a Fusion rule template to detect multistage attacks in which users sign in by using
compromised credentials, and then delete multiple files from Microsoft OneDrive.
Based on the Fusion rule template, you create an active rule that has the default settings.
What should you do next?

A. Add data connectors.
B. Add a workbook.
C. Add a playbook.
D. Create a custom rule template.

Correct Answer: B

QUESTION 5
You have a Microsoft 365 E5 subscription and a hybrid Microsoft Exchange Server organization.
Each member of a group named Executive has an on-premises mailbox. Only the Executive group members
have multi-factor authentication (MFA) enabled. Each member of a group named Research has a mailbox in Exchange Online.
You need to use Microsoft Office 365 Attack simulator to model a spear-phishing attack that targets the Research group members.
The email addresses that you intend to spoof belong to the Executive group members.
What should you do first?

A. From the Azure ATP admin center, configure the primary workspace settings
B. From the Microsoft Azure portal, configure the user risk policy settings in Azure AD Identity Protection
C. Enable MFA for the Research group members
D. Migrate the Executive group members to Exchange Online

Correct Answer: C

QUESTION 6
SIMULATION

You plan to add a file named ConfidentialHR.docx to a Microsoft SharePoint library.
You need to ensure that a user named Megan Bowen is notified when another user accesses ConfidentialHR.xlsx.
To complete this task, sign in to the Microsoft 365 portal.

Correct Answer: See explanation below.

Explanation:
You need to configure an alert policy.
1. Go to the Security & Compliance Admin Center.
2. Navigate to Alerts > Alert Policies.
3. Click on + New alert policy to create a new policy.
4. Give the policy a name and select a severity level. For example: Medium.
5. In the Category section, select Information Governance and click Next.
6. In the Select an activity section, select Any file or folder activity.
7. Click Add a condition and select File name.
8. Type in the filename ConfidentialHR.xlsx and click Next.
9. In the email recipients section, add Megan Bowen and click Next.
10.Click Finish to create the alert policy.

Actualkey Microsoft MS-500 Exam pdf, Certkingdom Microsoft MS-500 PDF

MCTS Training, MCITP Trainnig

Best Microsoft MS-500 Certification, Microsoft MS-500 Training at certkingdom.com