Microsoft - MS-102: Microsoft 365 Administrator
Sample Questions
Question: 445
Measured Skill: Implement and manage Microsoft Entra identity and access (25-30%)
Your company has offices in Seattle and Denver.
You have a Microsoft 365 subscription.
You plan to create a Conditional Access policy named Policy1 that will enforce multifactor authentication (MFA).
You need to ensure that users at the Seattle office are excluded from MFA. Users at the Denver office must always be prompted for MFA.
What should you configure for Policy1?| A | A named location that has IP ranges location set to the Seattle office |
| B | Authentication strengths |
| C | A named location that has Countries location set to United States |
| D | VPN connectivity from the Seattle office |
Correct answer: AExplanation:
We should create a named location based on the IP address range of the Seattle office and exclude the named location from the Conditional Access policy that requires multifactor authentication (MFA) for all users.
IPv4 and IPv6 address ranges
To define a named location by public IPv4 or IPv6 address ranges, provide:
- A Name for the location.
- One or more public IP ranges.
- Optionally Mark as trusted location.
Named locations defined by IPv4 or IPv6 address ranges have these limitations:
- No more than 195 named locations.
- No more than 2000 IP ranges per named location.
- Only CIDR masks greater than /8 are allowed when defining an IP range.
For devices on a private network, the IP address isn't the client IP of the user’s device on the intranet (like 10.55.99.3), it's the address used by the network to connect to the public internet (like 198.51.100.3).
References:
Conditional Access: Network assignment
Block access by location
Question: 446
Measured Skill: Implement and manage Microsoft Entra identity and access (25-30%)
You have a Microsoft 365 E5 subscription.
You need to create a Conditional Access policy named Policy1 that will enforce the use of phishing-resistant multifactor authentication (MFA) when a user attempts to register or join devices to a Microsoft Entra tenant.
How should you configure Policy1?
(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
| A | Assignments: Conditions
Access controls: Set Session to Use app enforced restrictions. |
| B | Assignments: Conditions
Access controls: Set Grant to Require multifactor authentication. |
| C | Assignments: Networks
Access controls: Set Session to Use app enforced restrictions. |
| D | Assignments: Networks
Access controls: Set Session to Use Conditional Access App Control. |
| E | Assignments: Target resources
Access controls: Set Grant to Require authentication strength. |
| F | Assignments: Target resources
Access controls: Set Grant to Require multifactor authentication. |
Correct answer: EExplanation:
To ensure the Conditional Access policy applies to users who attempt to register or join devices to the Microsoft Entra tenant, we should configure the targeted resources assignments as shown below:
To enforce the use of phishing-resistant multifactor authentication, we should configure the Require authentication strength option from the Grant control as shown below:
References:
Require multifactor authentication for device registration
Require phishing-resistant multifactor authentication for administrators
Question: 447
Measured Skill: Manage security and threats by using Microsoft Defender XDR (35–40%)
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Cloud Apps.
You need to ensure that when a user-based alert is triggered in Defender for Cloud Apps, the user is marked as compromised.
Which two options can you use to automate the response?
(Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.)| A | A Microsoft Power Automate playbook |
| B | A user tag |
| C | A custom detection rule |
| D | A block script |
| E | An automated remediation level |
Correct answer: A, EExplanation:
Defender for Cloud Apps integrates with Microsoft Power Automate to provide custom alert automation and orchestration playbooks. By using the connectors available in Power Automate, you can automate the triggering of playbooks when Defender for Cloud Apps generates alerts. For example, automatically create an issue in ticketing systems using ServiceNow connector or send an approval email to execute a custom governance action when an alert is triggered in Defender for Cloud Apps.
In Microsoft Defender for Cloud Apps, you can configure automated remediation levels for anomaly detection policies, which determine whether remediation actions are taken automatically or require approval. This allows you to balance automation with human oversight to ensure that actions are appropriate and effective.
To automate responses to user-based alerts with an automated remediation level in Microsoft Defender for Cloud Apps, you need to configure Azure Logic Apps or Power Automate to trigger actions when a specific alert is generated. This involves defining a workflow that connects to Microsoft Defender for Cloud Apps and performs the desired remediation actions.
References:
Integrate with Microsoft Power Automate for custom alert automation
Create Defender for Cloud Apps anomaly detection policies
Question: 448
Measured Skill: Manage security and threats by using Microsoft Defender XDR (35–40%)
You have a Microsoft 365 E5 subscription that contains a group named Group1. The subscription uses Microsoft Defender for Cloud Apps.
You configure cloud discovery.
You need to ensure that you can create a custom report that details shadow IT usage by the members of Group1.
What should you do first?| A | Configure user enrichment. |
| B | Disable anonymization. |
| C | Add an app connector. |
| D | Configure user monitoring. |
Correct answer: AExplanation:
To create a custom report on shadow IT usage by members of a specific group (Group1) in Microsoft Defender for Cloud Apps, you need to map discovered traffic to specific users and groups. This is done through user enrichment.
User enrichment allows Defender for Cloud Apps to correlate discovered traffic with user identities and groups from your directory (like Entra ID). This is essential for generating user- or group-specific reports, such as shadow IT usage by Group1.
When you enable user enrichment, the username, received in discovery traffic logs, is matched and replaced by the Microsoft Entra username. Cloud discovery enrichment enables the following features:
- You can investigate Shadow IT usage by Microsoft Entra user. The user will be shown with its UPN.
- You can correlate the Discovered cloud app use with the API collected activities.
- You can then create custom reports based on Microsoft Entra user groups. For example, a Shadow IT report for a specific Marketing department.
References:
Cloud app discovery overview
Enrich cloud discovery data with Microsoft Entra usernames
Question: 449
Measured Skill: Manage security and threats by using Microsoft Defender XDR (35–40%)
You have a Microsoft 365 E5 subscription.
You plan to deploy Microsoft Defender for Cloud Apps and connect Microsoft 365 to Defender for Cloud Apps.
You need to ensure that you can enable all the Microsoft 365 components when you add the app connector.
What should you do first?| A | Configure Conditional Access app control. |
| B | Enable file monitoring for Defender for Cloud Apps. |
| C | Add an API token to Defender for Cloud Apps. |
| D | Configure Cloud Discovery. |
Correct answer: BExplanation:
Connecting Microsoft 365 to Defender for Cloud Apps gives you improved insights into your users' activities, provides threat detection using machine learning based anomaly detections, information protection detections (such as detecting external information sharing), enables automated remediation controls, and detects threats from enabled third-party apps in your organization.
Microsofts recommends to enable all components when connecting Microsoft 365 to Defender for Cloud Apps. The Microsoft 365 files component, requires enabling Defender for Cloud Apps file monitoring (Settings > Cloud Apps > Files > Enable file monitoring).
Reference: Connect Microsoft 365 to Microsoft Defender for Cloud Apps