Microsoft - MS-102: Microsoft 365 Administrator
Sample Questions
Question: 471
Measured Skill: Deploy and manage a Microsoft 365 tenant (25–30%)
You have a Microsoft 365 E5 subscription that uses Microsoft Intune.
You need to ensure that during device enrollment in Intune, users are prevented from using their device until all assigned apps and profiles are installed.
What should you configure?| A | A Conditional Access policy |
| B | A Windows Autopilot deployment profile |
| C | An enrollment restriction |
| D | An Enrollment Status Page profile |
Correct answer: DExplanation:
The enrollment status page (ESP) displays the provisioning status to people enrolling Windows devices and signing in for the first time. You can configure the ESP to block device use until all required policies and applications are installed. Device users can look at the ESP to track how far along their device is in the setup process.
Reference: Set up the Enrollment Status Page
Question: 472
Measured Skill: Deploy and manage a Microsoft 365 tenant (25–30%)
You have a Microsoft 365 E5 subscription that contains 200 Android devices enrolled in Microsoft Intune.
You create an Android app protection policy named Policy1 that is targeted to all Microsoft apps and assigned to all users.
Policy1 has the Data protection settings shown in the following exhibit.
(Use the drop-down menus to complete each statement based on the information presented in the graphic. Each correct selection is worth one point.) 
| A | A user can copy files from Microsoft OneDrive to OneDrive only.
A user can copy and paste text from any app to a Microsoft Word document stored in Microsoft OneDrive. |
| B | A user can copy files from Microsoft OneDrive to Microsoft SharePoint Online only.
A user can copy and paste text from any app to a Microsoft Word document stored in Microsoft OneDrive. |
| C | A user can copy files from Microsoft OneDrive to local storage only.
A user can copy and paste text from only managed apps to a Microsoft Word document stored in Microsoft OneDrive. |
| D | A user can copy files from Microsoft OneDrive to Microsoft SharePoint Online only.
A user can copy and paste text from only managed apps to a Microsoft Word document stored in Microsoft OneDrive. |
| E | A user can copy files from Microsoft OneDrive to Microsoft SharePoint Online and OneDrive only.
A user can copy and paste text from only unmanaged apps to a Microsoft Word document stored in Microsoft OneDrive. |
| F | A user can copy files from Microsoft OneDrive to local storage only.
A user can copy and paste text from only unmanaged apps to a Microsoft Word document stored in Microsoft OneDrive. |
Correct answer: DExplanation:
Save copies of org data to a new location is set to Block. When set to Block, you can configure the setting Allow user to save copies to selected services. Allow user to save copies to selected services is set to SharePoint. All other services are blocked.
Restrict cut, copy and paste between other apps specifies when cut, copy, and paste actions can be used with this app. The settings is set to Policy managed apps which allows cut, copy, and paste actions between this app and other policy-managed apps.
Note: Cut and copy character limit for any app specifies the number of characters that can be cut or copied from org data and accounts. This allows sharing of the specified number of characters to any app, including unmanaged apps, when it would be otherwise blocked by the "Restrict cut, copy, and paste with other apps" setting.
Reference: Android App Protection Policy Settings in Microsoft Intune
Question: 473
Measured Skill: Manage security and threats by using Microsoft Defender XDR (30–35%)
You have a Microsoft 365 E5 subscription and an on-premises server named Server1.
You plan to configure automatic log upload for continuous reports in Microsoft Defender for Cloud Apps.
You download a Docker log collector image to Server1.
You need integrate Defender for Cloud Apps with the log collector.
Which three actions should you perform in sequence?
(To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
| A | Sequence: 4, 5, 1 |
| B | Sequence: 2, 1, 4 |
| C | Sequence: 4, 3, 1 |
| D | Sequence: 2, 4, 1 |
Correct answer: DExplanation:
You can configure automatic log upload for continuous reports in Defender for Cloud Apps using a Docker on Windows.
First, we need to add a new log collector from the Cloud apps settings in the Microsoft Defender portal.
Second, we need to define the data sources and link them to the log collector. A single log collector can handle multiple data sources.
After the Log Collector was created and the data source were added, we need to run the docker run command on Server1 as shown in the Create log collector dialog.
Reference: Advanced log collector management
Question: 474
Measured Skill: Manage compliance by using Microsoft Purview (10–15%)
You have the Microsoft Defender XDR report schedules shown in the following exhibit.
You need to ensure that the report schedules generate reports as frequently as possible.
To what should you set the Frequency setting for each schedule?
(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
| A | Schedule1: Daily
Schedule2: Daily |
| B | Schedule1: Daily
Schedule2: Weekly |
| C | Schedule1: Weekly
Schedule2: Daily |
| D | Schedule1: Weekly
Schedule2: Monthly |
| E | Schedule1: Weekly
Schedule2: Weekly |
| F | Schedule1: Monthly
Schedule2: Weekly |
Correct answer: AExplanation:
The Mailflow status report is a smart report that shows information about incoming and outgoing email, spam detections, malware, email identified as "good", and information about email allowed or blocked on the edge. This report is the only report that contains edge protection information. The report shows how much email is blocked before entering the service for examination by Microsoft 365.
The Post-delivery activities report shows information about email messages that removed from user mailboxes after delivery by zero-hour auto purge (ZAP).
To create scheduled reports, you need to be a member of the Organization management role in Exchange Online or the Global Administrator* role in Microsoft Entra ID.
On the Set preferences page, you can configure the following values for the frequency of all report types:
- Weekly (default)
- Daily (this value results in no data being shown in charts)
- Monthly
References:
View email security reports in the Microsoft Defender portal
View Defender for Office 365 reports in the Microsoft Defender portal
Question: 475
Measured Skill: Manage compliance by using Microsoft Purview (10–15%)
You have a Microsoft 365 subscription that contains an Endpoint data loss prevention (Endpoint DLP) policy named Policy1 and the devices shown in the following table.
For Policy1, the Audit or restrict activities on devices settings are configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
(NOTE: Each correct selection is worth one point.)
| A | Users on Device1 can print documents that contain sensitive information: Yes
Users on Device2 can copy documents that contain sensitive information to USB: Yes
Users on Device3 can copy documents that contain sensitive information to network share: Yes |
| B | Users on Device1 can print documents that contain sensitive information: Yes
Users on Device2 can copy documents that contain sensitive information to USB: Yes
Users on Device3 can copy documents that contain sensitive information to network share: No |
| C | Users on Device1 can print documents that contain sensitive information: Yes
Users on Device2 can copy documents that contain sensitive information to USB: No
Users on Device3 can copy documents that contain sensitive information to network share: Yes |
| D | Users on Device1 can print documents that contain sensitive information: No
Users on Device2 can copy documents that contain sensitive information to USB: Yes
Users on Device3 can copy documents that contain sensitive information to network share: No |
| E | Users on Device1 can print documents that contain sensitive information: No
Users on Device2 can copy documents that contain sensitive information to USB: No
Users on Device3 can copy documents that contain sensitive information to network share: Yes |
| F | Users on Device1 can print documents that contain sensitive information: No
Users on Device2 can copy documents that contain sensitive information to USB: No
Users on Device3 can copy documents that contain sensitive information to network share: No |
Correct answer: BExplanation:
Policy1 applies to Device1 and Device3 only. Device2 is not onboarded to Defender for Endpoint.
Print is blocked but users are allowed to override the restriction. Users on Device1 can print documents that contain sensitive information.
Users on Device2 are not restricted by Policy1. Users on Device2 can copy documents that contain sensitive information to USB.
Copy to a network share is blocked. Users can't override the restriction.
Users on Device3 can't copy documents that contain sensitive information to network share.
Reference: Learn about Endpoint data loss prevention