Microsoft - MS-102: Microsoft 365 Administrator
Sample Questions
Question: 468
Measured Skill: Manage security and threats by using Microsoft Defender XDR (35–40%)
You have a Microsoft 365 E5 subscription.
You need to use Microsoft Defender XDR to identify the following:
- Information-about known malicious organizations.
- Weekly open-source intelligence (OSINT) highlights.
Which two settings should you use in the Microsoft Defender portal?
(To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point.)
| A | Incidents & alerts |
| B | Advanced Hunting |
| C | Threat analytics |
| D | Intel profiles |
| E | Intel explorer |
| F | Intel projects |
Correct answer: D, EExplanation:
Intel Profiles are a definitive source of Microsoft's shareable knowledge on tracked threat actors, malicious tools, and vulnerabilities, curated and continuously updated by Microsoft Threat Intelligence experts to provide relevant and actionable threat context.
Intel explorer provides weekly OSINT highlights:
Reference: Microsoft Defender Threat Intelligence in Microsoft Defender XDR
Question: 469
Measured Skill: Deploy and manage a Microsoft 365 tenant (10-15%)
You have several devices enrolled in Microsoft Intune.
You have a Microsoft Entra ID tenant that includes the users shown in the following table.
The device limit restrictions in Intune are configured as shown in the following table.
You add User3 as a device enrollment manager in Intune.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
(NOTE: Each correct selection is worth one point.)| A | User1 can enroll a maximum of 10 devices in Intune: Yes
User2 can enroll a maximum of 10 devices in Intune: Yes
User3 can enroll an unlimited number of devices in Intune: Yes |
| B | User1 can enroll a maximum of 10 devices in Intune: Yes
User2 can enroll a maximum of 10 devices in Intune: No
User3 can enroll an unlimited number of devices in Intune: No |
| C | User1 can enroll a maximum of 10 devices in Intune: No
User2 can enroll a maximum of 10 devices in Intune: Yes
User3 can enroll an unlimited number of devices in Intune: No |
| D | User1 can enroll a maximum of 10 devices in Intune: No
User2 can enroll a maximum of 10 devices in Intune: Yes
User3 can enroll an unlimited number of devices in Intune: Yes |
| E | User1 can enroll a maximum of 10 devices in Intune: No
User2 can enroll a maximum of 10 devices in Intune: No
User3 can enroll an unlimited number of devices in Intune: Yes |
| F | User1 can enroll a maximum of 10 devices in Intune: No
User2 can enroll a maximum of 10 devices in Intune: No
User3 can enroll an unlimited number of devices in Intune: No |
Correct answer: BExplanation:
Device enrollment restrictions let you restrict devices from enrolling in Intune based on certain device attributes. There are two types of device enrollment restrictions you can configure in Microsoft Intune:
- Device platform restrictions: Restrict devices based on device platform, version, manufacturer, or ownership type.
- Device limit restrictions: Restrict the number of devices a user can enroll in Intune.
Each restriction type comes with one default policy that you can edit and customize as needed. Intune applies the default policy to all user and userless enrollments until you assign a higher-priority policy.
User1 is a Cloud device administrator and a member of GroupA. The Cloud device administrator role does not affect device enrollment in Intune. Members of GroupA can enroll up to 10 devices.
User2 is an Intune administrator and a member of GroupB. Users with the Intune administrator role have global permissions within Microsoft Intune. However, the Intune administrator role does not affect device enrollment in Intune. As a members of GroupB User2 can enroll up to 15 devices.
User3 has no role assigned and is neither a member of GroupA or GroupB. The default device limit restrictions apply, which allow to enroll up to 5 devices.
References:
Enrollment guide: Microsoft Intune enrollment
What are enrollment restrictions?
Microsoft Entra built-in roles
Question: 470
Measured Skill: Implement and manage Microsoft Entra identity and access (25-30%)
You have a Microsoft Entra ID tenant that contains a user named User1. User1 has the devices shown in the following table.
The Device settings are configured as shown in the following exhibit.
How many of the devices can User1 join to Entra ID?Correct answer: AExplanation:
While all four devices/platforms could be registered with Microsoft Entra ID, only Windows 11 and Windows 10 devices can be joined to Microsoft Entra ID.
References:
Microsoft Entra joined devices
Microsoft Entra registered devices
Question: 471
Measured Skill: Deploy and manage a Microsoft 365 tenant (10-15%)
You have a Microsoft 365 E5 subscription that uses Microsoft Intune.
You need to ensure that during device enrollment in Intune, users are prevented from using their device until all assigned apps and profiles are installed.
What should you configure?| A | A Conditional Access policy |
| B | A Windows Autopilot deployment profile |
| C | An enrollment restriction |
| D | An Enrollment Status Page profile |
Correct answer: DExplanation:
The enrollment status page (ESP) displays the provisioning status to people enrolling Windows devices and signing in for the first time. You can configure the ESP to block device use until all required policies and applications are installed. Device users can look at the ESP to track how far along their device is in the setup process.
Reference: Set up the Enrollment Status Page
Question: 472
Measured Skill: Deploy and manage a Microsoft 365 tenant (10-15%)
You have a Microsoft 365 E5 subscription that contains 200 Android devices enrolled in Microsoft Intune.
You create an Android app protection policy named Policy1 that is targeted to all Microsoft apps and assigned to all users.
Policy1 has the Data protection settings shown in the following exhibit.
(Use the drop-down menus to complete each statement based on the information presented in the graphic. Each correct selection is worth one point.) 
| A | A user can copy files from Microsoft OneDrive to OneDrive only.
A user can copy and paste text from any app to a Microsoft Word document stored in Microsoft OneDrive. |
| B | A user can copy files from Microsoft OneDrive to Microsoft SharePoint Online only.
A user can copy and paste text from any app to a Microsoft Word document stored in Microsoft OneDrive. |
| C | A user can copy files from Microsoft OneDrive to local storage only.
A user can copy and paste text from only managed apps to a Microsoft Word document stored in Microsoft OneDrive. |
| D | A user can copy files from Microsoft OneDrive to Microsoft SharePoint Online only.
A user can copy and paste text from only managed apps to a Microsoft Word document stored in Microsoft OneDrive. |
| E | A user can copy files from Microsoft OneDrive to Microsoft SharePoint Online and OneDrive only.
A user can copy and paste text from only unmanaged apps to a Microsoft Word document stored in Microsoft OneDrive. |
| F | A user can copy files from Microsoft OneDrive to local storage only.
A user can copy and paste text from only unmanaged apps to a Microsoft Word document stored in Microsoft OneDrive. |
Correct answer: DExplanation:
Save copies of org data to a new location is set to Block. When set to Block, you can configure the setting Allow user to save copies to selected services. Allow user to save copies to selected services is set to SharePoint. All other services are blocked.
Restrict cut, copy and paste between other apps specifies when cut, copy, and paste actions can be used with this app. The settings is set to Policy managed apps which allows cut, copy, and paste actions between this app and other policy-managed apps.
Note: Cut and copy character limit for any app specifies the number of characters that can be cut or copied from org data and accounts. This allows sharing of the specified number of characters to any app, including unmanaged apps, when it would be otherwise blocked by the "Restrict cut, copy, and paste with other apps" setting.
Reference: Android App Protection Policy Settings in Microsoft Intune