Microsoft - MS-102: Microsoft 365 Administrator
Sample Questions
Question: 347
Measured Skill: Manage compliance by using Microsoft Purview (15–20%)
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have a Microsoft 365 subscription.
From the Microsoft Purview compliance portal, you create a role group named "US eDiscovery Managers" by copying the "eDiscovery Manager" role group.
You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States.
Solution: From Windows PowerShell, you run the New-ComplianceSecurityFilter cmdlet with the appropriate parameters.
Does this meet the goal?Correct answer: AExplanation:
You can use search permissions filtering to let an eDiscovery manager search only a subset of mailboxes and sites in your organization. You can also use permissions filtering to let that same eDiscovery manager search only for mailbox or site content that meets a specific search criteria.
For example, you might want an eDiscovery manager to search only the mailboxes of users in a specific location or department. You do this by creating a filter that uses a supported recipient filter to limit which mailboxes a specific user or group of users can search. You can also create a filter that specifies what mailbox content a user can search for. This is done by creating a filter that uses a searchable message property. Similarly, you can let an eDiscovery manager search only specific SharePoint sites in your organization. You do this by creating a filter that limits which site can be searched. You can also create a filter that specifies what site content can be searched. This is done by creating a filter that uses a searchable site property.
Search permissions filters are applied when you search for content using Content search, Microsoft Purview eDiscovery (Standard), and Microsoft Purview eDiscovery (Premium) in the Microsoft Purview compliance portal. When a search permissions filter is applied to a specific user, that user can perform the following search-related actions:
- Search for content
- Preview search results
- Export search results
- Purge items returned by a search
You can also use search permissions filtering to create logical boundaries (called compliance boundaries) within an organization that control the user content locations (such as mailboxes, SharePoint sites, and OneDrive accounts) that specific eDiscovery managers can search.
The following four cmdlets in Security & Compliance PowerShell let you configure and manage search permissions filters:
- New-ComplianceSecurityFilter
- Get-ComplianceSecurityFilter
- Set-ComplianceSecurityFilter
- Remove-ComplianceSecurityFilter
The following example allows members of the "US eDiscovery Managers" role group to perform all Content Search actions only on mailboxes in the United States. This filter contains the three-digit numeric country code for the United States from ISO 3166-1.
New-ComplianceSecurityFilter -FilterName USeDiscoveryManagers -Users "US eDiscovery Managers" -Filters "Mailbox_CountryCode -eq '840'" -Action All
Reference: Configure permissions filtering for eDiscovery
Question: 348
Measured Skill: Manage compliance by using Microsoft Purview (15–20%)
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have a Microsoft 365 subscription.
From the Microsoft Purview compliance portal, you create a role group named "US eDiscovery Managers" by copying the "eDiscovery Manager" role group.
You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States.
Solution: From the Microsoft Entra admin center, you create a conditional access policy.
Does this meet the goal?Correct answer: BExplanation:
You can use search permissions filtering to let an eDiscovery manager search only a subset of mailboxes and sites in your organization. You can also use permissions filtering to let that same eDiscovery manager search only for mailbox or site content that meets a specific search criteria.
For example, you might want an eDiscovery manager to search only the mailboxes of users in a specific location or department. You do this by creating a filter that uses a supported recipient filter to limit which mailboxes a specific user or group of users can search. You can also create a filter that specifies what mailbox content a user can search for. This is done by creating a filter that uses a searchable message property. Similarly, you can let an eDiscovery manager search only specific SharePoint sites in your organization. You do this by creating a filter that limits which site can be searched. You can also create a filter that specifies what site content can be searched. This is done by creating a filter that uses a searchable site property.
Search permissions filters are applied when you search for content using Content search, Microsoft Purview eDiscovery (Standard), and Microsoft Purview eDiscovery (Premium) in the Microsoft Purview compliance portal. When a search permissions filter is applied to a specific user, that user can perform the following search-related actions:
- Search for content
- Preview search results
- Export search results
- Purge items returned by a search
You can also use search permissions filtering to create logical boundaries (called compliance boundaries) within an organization that control the user content locations (such as mailboxes, SharePoint sites, and OneDrive accounts) that specific eDiscovery managers can search.
The following four cmdlets in Security & Compliance PowerShell let you configure and manage search permissions filters:
- New-ComplianceSecurityFilter
- Get-ComplianceSecurityFilter
- Set-ComplianceSecurityFilter
- Remove-ComplianceSecurityFilter
The following example allows members of the "US eDiscovery Managers" role group to perform all Content Search actions only on mailboxes in the United States. This filter contains the three-digit numeric country code for the United States from ISO 3166-1.
New-ComplianceSecurityFilter -FilterName USeDiscoveryManagers -Users "US eDiscovery Managers" -Filters "Mailbox_CountryCode -eq '840'" -Action All
Reference: Configure permissions filtering for eDiscovery
Question: 349
Measured Skill: Manage compliance by using Microsoft Purview (15–20%)
Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have a Microsoft 365 subscription.
From the Microsoft Purview compliance portal, you create a role group named "US eDiscovery Managers" by copying the "eDiscovery Manager" role group.
You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States.
Solution: From Microsoft Entra ID Protection, you create a Sign-in risk policy.
Does this meet the goal?Correct answer: BExplanation:
You can use search permissions filtering to let an eDiscovery manager search only a subset of mailboxes and sites in your organization. You can also use permissions filtering to let that same eDiscovery manager search only for mailbox or site content that meets a specific search criteria.
For example, you might want an eDiscovery manager to search only the mailboxes of users in a specific location or department. You do this by creating a filter that uses a supported recipient filter to limit which mailboxes a specific user or group of users can search. You can also create a filter that specifies what mailbox content a user can search for. This is done by creating a filter that uses a searchable message property. Similarly, you can let an eDiscovery manager search only specific SharePoint sites in your organization. You do this by creating a filter that limits which site can be searched. You can also create a filter that specifies what site content can be searched. This is done by creating a filter that uses a searchable site property.
Search permissions filters are applied when you search for content using Content search, Microsoft Purview eDiscovery (Standard), and Microsoft Purview eDiscovery (Premium) in the Microsoft Purview compliance portal. When a search permissions filter is applied to a specific user, that user can perform the following search-related actions:
- Search for content
- Preview search results
- Export search results
- Purge items returned by a search
You can also use search permissions filtering to create logical boundaries (called compliance boundaries) within an organization that control the user content locations (such as mailboxes, SharePoint sites, and OneDrive accounts) that specific eDiscovery managers can search.
The following four cmdlets in Security & Compliance PowerShell let you configure and manage search permissions filters:
- New-ComplianceSecurityFilter
- Get-ComplianceSecurityFilter
- Set-ComplianceSecurityFilter
- Remove-ComplianceSecurityFilter
The following example allows members of the "US eDiscovery Managers" role group to perform all Content Search actions only on mailboxes in the United States. This filter contains the three-digit numeric country code for the United States from ISO 3166-1.
New-ComplianceSecurityFilter -FilterName USeDiscoveryManagers -Users "US eDiscovery Managers" -Filters "Mailbox_CountryCode -eq '840'" -Action All
Reference: Configure permissions filtering for eDiscovery
Question: 350
Measured Skill: Deploy and manage a Microsoft 365 tenant (25–30%)
You have a Microsoft 365 E5 subscription that uses Microsoft Intune. The subscription contains the resources shown in the following table.
User1 is the owner of Device1.
You add Microsoft 365 Apps for Windows 10 and later app types to Intune as shown in the following table.
On Thursday, you review the results of the app deployments.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
(NOTE: Each correct selection is worth one point.)A | Word is installed on Device1: Yes
App3 is displayed in the Company Portal: Yes
Excel is installed on Device1: Yes |
B | Word is installed on Device1: Yes
App3 is displayed in the Company Portal: Yes
Excel is installed on Device1: No |
C | Word is installed on Device1: Yes
App3 is displayed in the Company Portal: No
Excel is installed on Device1: No |
D | Word is installed on Device1: No
App3 is displayed in the Company Portal: Yes
Excel is installed on Device1: No |
E | Word is installed on Device1: No
App3 is displayed in the Company Portal: Yes
Excel is installed on Device1: Yes |
F | Word is installed on Device1: No
App3 is displayed in the Company Portal: No
Excel is installed on Device1: No |
Correct answer: AExplanation:
Word is assigned to Group1 as Required. Group1 does contain User1 and User1 is the owner of Device1. Word will be installed on Device1, when User1 signs in to Device1.
App3 is assigned to Group1 as Available. Group1 contains User1. Available assignments are only valid for User Groups, not device groups. App3 will be displayed in the Company Portal for User1.
Excel is assigned to Group2 as Required. Group2 does contain Device1. Excel will be installed on Device1.
Reference: Assign apps to groups with Microsoft Intune
Question: 351
Measured Skill: Deploy and manage a Microsoft 365 tenant (25–30%)
You have a Microsoft 365 tenant.
You plan to implement device configuration profiles in Microsoft Intune.
Which platform can you manage by using the profiles?
(Choose all that apply.)A | Ubuntu Linux |
B | macOS |
C | Android Enterprise |
D | Windows 8.1 |
Correct answer: B, C, DExplanation:
Device configuration profiles can be created for the following platforms: