MS-100 Microsoft 365 Identity and Services Exam, August 5, 2021 updated version

This exam was updated on August 5, 2021. Following the current exam guide, we have included a version of the exam guide with Track Changes set to “On,” showing the changes that were made to the exam on that date.

Audience Profile
Candidates for this exam are Microsoft 365 Enterprise Administrators who take part in evaluating, planning, migrating, deploying, and managing Microsoft 365 services. They perform Microsoft 365 tenant management tasks for an enterprise, including its identities, security, compliance, Power Platform, and supporting technologies.

Candidates have a working knowledge of Microsoft 365 workloads and should have been an administrator for at least one
one Microsoft 365 workload (Exchange, SharePoint, Teams), and Windows as a ServiceExchange, SharePoint, Teams, or Windows 10 deployment.

Candidates also have a working knowledge of networking, server administration, and IT fundamentals such as DNS, Active Directory, and PowerShell.

Skills Measured
NOTE: The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. This list is NOT definitive or exhaustive.
NOTE: Most questions cover features that are General Availability (GA). The exam may contain questions on Preview features if those features are commonly used.

Design and Implement Microsoft 365 Services (25-30%)
Plan architecture

 plan integration of Microsoft 365 and on-premises environments
 identify deployment workloads team
 plan an identity and authentication solution
 plan enterprise application modernization

Deploy a Microsoft 365 tenant
 manage domains
 configure organizational settings
 complete the organizational profile
 add a Microsoft partner or work with Microsoft FastTrack
 complete the subscription setup wizard
 plan and create a tenant
 edit an organizational profile
 plan and create subscription(s)
 configure tenant-wide workload settings

Manage Microsoft 365 subscription and tenant health

 manage service health alerts
 create and manage service requests
 create internal service health response plan
 monitor service health
 monitor license allocations
 configure and review reports, including Power BI, Operations Management Suite (OMS),Azure Monitor logs, Log Analytics workspaces, and Microsoft 365 reporting
 schedule and review security and compliance reports
 schedule and review usage metrics

Plan migration of users and data
 identify data to be migrated and migration methods
 identify users and mailboxes to be migrated and migration methods
 plan migration of on-premises users and groups
 import PST files

Manage User Identity and Roles (25-30%)


Design identity strategy
 evaluate requirements and solutions for synchronization
 evaluate requirements and solutions for identity management
 evaluate requirements and solutions for authentication

Plan identity synchronization

 design directory synchronization
 implement directory synchronization with directory services, federation services, and

Azure endpoints by using Azure AD Connect sync
 plan for directory synchronization using Azure AD cloud sync

Manage identity synchronization with Azure Active Directory (Azure AD)
 configure and manage directory synchronization by using Azure AD cloud sync
 configure directory synchronization by using Azure AD Connect
 monitor Azure AD Connect Health
 manage Azure AD Connect synchronization
 configure object filters
 configure password synchronization
 implement multi-forest AD Connect scenarios

Manage Azure AD identities

 plan Azure AD identities
 implement and manage self-service password reset (SSPR)
 manage access reviews
 manage groups
 manage passwords
 manage product licenses
 manage users
 perform bulk user management

Manage roles
 plan user roles
 manage admin roles
 allocate roles for workloads
 manage role allocations by using Azure AD

Manage Access and Authentication (15-20%)

Manage authentication

 design an authentication method
 configure authentication
 implement an authentication method
 manage authentication
 monitor authentication

Plan and implement secure access

 design a conditional access solution
 implement entitlement packages
 implement Azure AD Identity Protection
 manage identity protection
 implement conditional access
 manage conditional access
 implement and secure access for guest and external users

Configure application access
 configure application registration in Azure AD
 configure Azure AD Application Proxy
 publish enterprise apps in Azure AD

Plan Office 365 Workloads and Applications (25-30%)

Plan for Microsoft 365 Apps deployment
 plan for Microsoft connectivity
 manage Microsoft 365 Apps
 plan for Office online
 assess readiness using Microsoft analytics
 plan Microsoft 365 App compatibility
 manage Office 365 software downloads
 plan for Microsoft apps updates
 plan Microsoft telemetry and reporting

Plan for messaging deployments

 plan migration strategy
 plan messaging deployment
 identify hybrid requirements
 plan for connectivity
 plan for mail routing
 plan email domains

Plan for Microsoft SharePoint Online and OneDrive for Business
 plan migration strategy
 plan external share settings
 identify hybrid requirements
 manage access configurations
 manage Microsoft groups
 manage SharePoint tenant and site settings

Plan for Microsoft Teams infrastructure

 plan for communication and call quality and capacity
 plan for Phone System
 plan Microsoft Teams deployment
 plan Microsoft Teams organizational settings
 plan for guest and external access
 plan for Microsoft Teams hybrid connectivity and co-existence

Plan Microsoft Power Platform integration
 implement Microsoft Power Platform Center of Excellence (CoE) starter kit
 plan for Power Platform workload deployments
 plan resource deployment
 plan for connectivity (and data flow)
 manage environments
 manage resources

Actualkey Microsoft MS-100 Exam, Certkingdom Microsoft MS-100 PDF

MCTS Training, MCITP Trainnig

Best Microsoft MS-100 Certification, Microsoft MS-100 Training at certkingdom.com

QUESTION 1
You have a Microsoft 365 subscription.
Your company purchases a new financial application named App1.
From Cloud Discovery in Microsoft Cloud App Security, you view the Discovered apps page and discover that
many applications have a low score because they are missing information about domain registration and consumer popularity.
You need to prevent the missing information from affecting the score.
What should you configure from the Cloud Discover settings?

A. App tags
B. Score metrics
C. Organization details
D. Default behavior

Correct Answer: B

QUESTION 2
You have a Microsoft 365 tenant that contains a Microsoft Power Platform environment.
You need to ensure that only specific users can create new environments.
What should you do in the Power Platform admin center?

A. From Data policies, create a new data policy.
B. From Data integration, create a new connection set.
C. From Power Platform settings, modify the Governance settings for the environment.
D. From Environments, modify the behaviour settings for the default environment.

Correct Answer: C

QUESTION 3
Which migration solution should you recommend for Project1?

A. From Exchange Online PowerShell, run the New-MailboxImportRequest cmdlet.
B. From Exchange Online PowerShell, run the New-MailboxExportRequest cmdlet.
C. From Exchange admin center, start the migration and select Remote move migration.
D. From the Exchange admin center, start the migration and select Cutover migration.

Correct Answer: C

Explanation:
Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.
Fabrikam does NOT plan to implement identity federation.
ll users must be able to exchange email messages successfully during Project1 by using their current email address.
During Project1, some users will have mailboxes in Microsoft 365 and some users will have mailboxes in
Exchange on-premises. To enable users to be able to exchange email messages successfully during Project1
by using their current email address, we’ll need to configure hybrid Exchange.
To migrate mailboxes in a hybrid Exchange configuration, you use the Exchange admin center to perform

Remote move migrations.
Note:
There are several versions of this question in the exam. The question has two possible correct answers:
From Exchange admin center, start the migration and select Remote move migration.
From the Microsoft 365 admin center, start a data migration and click Exchange as the data service.
Other incorrect answer options you may see on the exam include the following:
From the Exchange admin center, start a migration and select Staged migration.
From the Microsoft 365 admin center, start a data migration and click Upload PST as the data service.
From the Microsoft 365 admin center, start a data migration and click Outlook as the data service.
From the Exchange admin center, start a migration and select Cutover migration.

QUESTION 4
You have a Microsoft 365 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.
Corporate policy states that user passwords must not include the word Contoso.
What should you do to implement the corporate policy?

A. From the Azure Active Directory admin center, configure the Password protection settings.
B. From the Microsoft 365 admin center, configure the Password policy settings.
C. From Azure AD Identity Protection, configure a sign-in risk policy.
D. From the Azure Active Directory admin center, create a conditional access policy.

Correct Answer: A

QUESTION 5
Your network contains an on-premises Active Directory forest.
You are evaluating the implementation of Microsoft 365 and the deployment of an authentication strategy.
You need to recommend an authentication strategy that meets the following requirements:
Allows users to sign in by using smart card-based certificates
Allows users to connect to on-premises and Microsoft 365 services by using SSO
Which authentication strategy should you recommend?

A. password hash synchronization and seamless SSO
B. federation with Active Directory Federation Services (AD FS)
C. pass-through authentication and seamless SSO

Correct Answer: B

MS-100 Microsoft 365 Identity and Services Exam, August 5, 2021 updated version
Scroll to top