Microsoft 365 Identity and Services v1.0 (MS-100)

Answer : B

You can use the Office 365 Import Service to bulk-import PST files to Office 365 mailboxes.
When you use the network upload method to import PST files, you upload them to an Azure blob container named ingestiondata. If there are no import jobs in progress on the Import page in the Security & Compliance Center), then all PST files in the ingestiondata container in Azure are deleted 30 days after the most recent import job was created in the Security & Compliance Center.
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/faqimporting-pst-files-to-office-365

Answer : D

Being a cloud service, Office 365 would be classed as an external host to the office computers.
All the offices connect to the Internet and resolve external host names by using the main office connections. This means that all branch office computers perform
DNS lookups and connect to the Internet over the WAN link.
Each branch office will have a direct connection to the Internet so the quickest possible access to Microsoft 365 services would be by using the direct Internet connections. However, the DNS lookups would still go over the WAN links to main office. The solution to provide the quickest possible access to Microsoft 365 services is to configure DNS name resolution so that the computers use public DNS servers for external hosts. That way DNS lookups for Office 365 and the connections to Office 365 will use the direct Internet connections.

Answer : C

The question states that only five of the synchronized users have usernames that use a UPN suffix of onmicrosoft.com. Therefore the other 45 users have the correct UPN suffix. This tells us that the adatum.com domain has already been added to Office 365 as a custom domain.
The forest is named adatum.local and uses adatum.com as a UPN suffix. User accounts in the domain will have adatum.local as their default UPN suffix. To use adatum.com as the UPN suffix, each user account will need to be configured to use adatum.com as the UPN suffix.
Any synchronized user account that has adatum.local as a UPN suffix will be configured to use a UPN suffix of onmicrosoft.com because adatum.local cannot be added to Office 365 as a custom domain.
Therefore, the reason that the five synchronized users have usernames with a UPN suffix of onmicrosoft.com is because their accounts were not configured to use the UPN suffix of contoso.com.
Reference:
https://docs.microsoft.com/en-us/office365/enterprise/prepare-a-non-routable-domain-for-directory-synchronization

Answer :

User1, User2 and User3 have each been assigned a SharePoint license directly. Therefore, they are all licensed for SharePoint Online.
Changing the group memberships will only affect whether or not they are licensed for Exchange Online because the Exchange Online licenses are assigned to
Group1.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-licensing-whatis-azure-portal

Answer : AE

question states that another administrator removed Server1 from the list. To view the health status of Server1, you need to re-register the AD Connect Health
Sync Agent. You can do this manually by running the Register-AzureADConnectHealthSyncAgent cmdlet. Alternatively, you can reinstall the Azure AD
Connect Health agent. The Azure AD Connect Health agent is registered as part of the installation.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install

Answer : AB

The Message center in the Microsoft 365 admin center is where you would go to view a list of the features that were recently updated in the tenant. This is where
Microsoft posts official messages with information including new and changed features, planned maintenance, or other important announcements.
The messages displayed in the Message center can also be viewed by using the Office 365 Admin mobile app.
Reference:
https://docs.microsoft.com/en-us/office365/admin/manage/message-center?view=o365-worldwide https://docs.microsoft.com/en-us/office365/admin/admin-overview/admin-mobile-app?view=o365-worldwide

Answer : B

Depending on what your organization's Office 365 subscription includes, the Dashboard in Security & Compliance includes several widgets, such as Threat
Management Summary, Threat Protection Status, Global Weekly Threat Detections, Malware, etc. The Compliance admin center in Microsoft 365 contains much of the same information but also includes additional entries focusing on alerts, data insights.
The Monitoring and reports section from the Compliance admin center does not display a list of the features that were recently updated in the tenant so this solution does not meet the goal.
To meet the goal, you need to use Message center in the Microsoft 365 admin center.
Reference:
https://docs.microsoft.com/en-us/office365/admin/manage/message-center?view=o365-worldwide

Answer :

Note:
Step 1: Create an XML configuration file with the source path and download path for the installation files.
Step 2: On the deployment server, run the ODT executable in download mode and with a reference to the XML configuration file.
Step 3: Create another XML configuration file with the source path to the installation files.
Step 4: On the client computer, run the ODT executable in configure mode and with a reference to the XML configuration file.
Reference:
https://docs.microsoft.com/en-us/DeployOffice/overview-of-the-office-2016-deployment-tool

Answer : B

Device1 has the Configuration Manager client installed so you can manage Device1 by using Configuration Manager.
To manage Device1 by using Microsoft Intune, the device has to be enrolled in Microsoft Intune. In the Co-management Pilot configuration, you configure a
Configuration Manager Device Collection that determines which devices are auto-enrolled in Microsoft Intune. You need to add Device1 to the Device Collection, not an Active Directory Group. Therefore, this solution does not meet the requirements.
Reference:
https://docs.microsoft.com/en-us/configmgr/comanage/how-to-enable

Answer : A

Device1 has the Configuration Manager client installed so you can manage Device1 by using Configuration Manager.
To manage Device1 by using Microsoft Intune, the device has to be enrolled in Microsoft Intune. In the Co-management Pilot configuration, you configure a
Configuration Manager Device Collection that determines which devices are auto-enrolled in Microsoft Intune. You need to add Device1 to the Device Collection so that it auto-enrols in Microsoft Intune. You will then be able to manage Device1 using Microsoft Intune.
Reference:
https://docs.microsoft.com/en-us/configmgr/comanage/how-to-enable

Answer : B

Device1 has the Configuration Manager client installed so you can manage Device1 by using Configuration Manager.
To manage Device1 by using Microsoft Intune, the device has to be enrolled in Microsoft Intune. In the Co-management Pilot configuration, you configure a
Configuration Manager Device Collection that determines which devices are auto-enrolled in Microsoft Intune. You need to add Device1 to the Device Collection.
You do not need to create a device configuration profile from the Intune admin center. Therefore, this solution does not meet the requirements.
Reference:
https://docs.microsoft.com/en-us/configmgr/comanage/how-to-enable

Answer :

The ג€˜Activity isג€™ setting is configured as ג€˜Detected malware in fileג€™. This setting means the policy is applied to files stored in SharePoint or OneDrive.
The Aggregation settings has a 120 minute window. This means that if there 20 detections in 120 minutes, an email will be generated. Therefore, the maximum number of emails generated in 24 hours is 12.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/alert-policies

Answer :

The text in the Policy Settings section of the exhibit explains what will happen.
If a user sends between 1 and 10 instances of the sensitive info (passport number), then a notification email and will be sent to the user and a policy tip will be displayed. The email will not be blocked though. Therefore, it will be allowed.
If a user sends more than 10 instances of the sensitive info (passport number), the email will be blocked and a high-severity alert generated. However, the user can override the block.
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies

Answer :

Microsoft Intune has an easy way to create and deploy a Windows Information Protection (WIP) policy. You can choose which apps to protect, the level of protection, and how to find enterprise data on the network. The devices can be fully managed by Mobile Device Management (MDM), or managed by Mobile
Application Management (MAM), where Intune manages only the apps on a user's personal device.
The MAM User scope determines which users are affected by WIP. App protection policies are used to configure which applications are affected by WIP.
Reference:
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure

Answer : D

A DLP policy can be configured to allow users to override a policy tip and report a false positive.
You can educate your users about DLP policies and help them remain compliant without blocking their work. For example, if a user tries to share a document containing sensitive information, a DLP policy can both send them an email notification and show them a policy tip in the context of the document library that allows them to override the policy if they have a business justification. The same policy tips also appear in Outlook on the web, Outlook, Excel, PowerPoint, and
Word.
If you find that users are incorrectly marking content as false positive and bypassing the DLP policy, you can configure the policy to not allow user overrides.
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies