You have a Microsoft 365 subscription.
Your company purchases a new financial application named App1.
From Cloud Discovery in Microsoft Cloud App Security, you view the Discovered apps page and discover that many applications have a low score because they are missing information about domain registration and consumer popularity.
You need to prevent the missing information from affecting the score.
What should you configure from the Cloud Discover settings?

A. App tags

B. Score metrics

C. Organization details

D. Default behavior

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network.
Solution: From the Azure Active Directory admin center, you create a trusted location and a conditional access policy.
Does this meet the goal?

A. Yes

B. No

HOTSPOT -
You have a Microsoft 365 Enterprise E5 subscription.
You create a password policy as shown in the following exhibit.
 
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a hybrid deployment of Microsoft 365 that contains the objects shown in the following table.
 
Azure AD Connect has the following settings:
✑ Password Hash Sync: Enabled
✑ Password writeback: Enabled
✑ Group writeback: Enabled
You need to add User2 to Group 2.
Solution: You use the Azure Active Directory admin center.
Does this meet the goal?

A. Yes

B. No

You have a Microsoft 365 Enterprise E5 subscription.
You need to enforce multi-factor authentication on all cloud-based applications for the users in the finance department.
What should you do?

A. Create a sign-in risk policy.

B. Create a new app registration.

C. Assign an Enterprise Mobility + Security E5 license to the finance department users.

D. Configure the sign-in status for the user accounts of the finance department users.

You have a Microsoft 365 subscription.
You plan to implement a hybrid configuration that has the following requirements:
•	Minimizes the number of times users are prompted for credentials when they access Microsoft 365 resources
•	Supports the use of Azure AD Identity Protection
You need to configure Azure AD Connect to support the planned changes implementation.
Which two options should you select? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Pass-through authentication

B. Password writeback

C. Enable single sign-on

D. Password Hash Synchronization

E. Directory extension attribute sync

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an on-premises Active Directory forest named contoso.com. The forest contains the following domains:
✑ Contoso.com
✑ East.contoso.com
An Azure AD Connect server is deployed to contoso.com. Azure AD Connect syncs to an Azure Active Directory (Azure AD) tenant.
You deploy a new domain named west.contoso.com to the forest.
You need to ensure that west.contoso.com syncs to the Azure AD tenant.
Solution: You create an Azure DNS zone for west.contoso.com. On the on-premises DNS servers, you create a conditional forwarder for west.contoso.com.
Does this meet the goal?

A. Yes

B. No

You have a Microsoft 365 subscription and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
Contoso.com is configured as shown in the following exhibit.
 
You need to ensure that guest users can be created in the tenant.
Which setting should you modify?

A. Guests can invite.

B. Guest users’ permissions are limited.

C. Members can invite.

D. Admins and users in the guest inviter role can invite.

E. Deny invitations to the specified domains.

Your company has on-premises servers and a Microsoft Azure Active Directory (Azure AD) tenant.
Several months ago, the Azure AD Connect Health agent was installed on all the servers.
You review the health status of all the servers regularly.
Recently, you attempted to view the health status of a server named Server1 and discovered that the server is NOT listed on the Azure Active Directory Connect
Servers list.
You suspect that another administrator removed Server1 from the list.
You need to ensure that you can view the health status of Server1.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. From Windows PowerShell, run the Register-AzureADConnectHealthSyncAgent cmdlet.

B. From Azure Cloud shell, run the Connect-AzureAD cmdlet.

C. From Server1, change the Azure AD Connect Health services Startup type to Automatic (Delayed Start).

D. From Server1, change the Azure AD Connect Health services Startup type to Automatic.

E. From Server1, reinstall the Azure AD Connect Health agent.

Your company has acquired Microsoft 365 for their Active Directory domain, which includes five domain controllers.
Prior to implementing a number of Microsoft 365 services, you are tasked with making use of an authentication solution that allows users to access Microsoft 365 by using their on-premises credentials. The solution should also only make use of the current server infrastructure. Furthermore, must allow for all user passwords to only be stored on-premises, and be highly available.
Solution: You configure the use of pass-through authentication and seamless SSO.
Does the solution meet the goal?

A. Yes

B. No

You have a Microsoft 365 subscription that contains several Microsoft SharePoint Online sites.
You discover that users from your company can invite external users to access files on the SharePoint sites.
You need to ensure that the company users can invite only authenticated guest users to the sites.
What should you do?

A. From the Microsoft 365 admin center, configure a partner relationship.

B. From SharePoint Online Management Shell, run the Set-SPOSite cmdlet.

C. From the Azure Active Directory admin center, configure a conditional access policy.

D. From the SharePoint admin center, configure the sharing settings.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a Microsoft Office 365 tenant.
You suspect that several Office 365 features were recently updated.
You need to view a list of the features that were recently updated in the tenant.
Solution: You use Message center in the Microsoft 365 admin center.
Does this meet the goal?

A. Yes

B. No

Your company has a Microsoft 365 subscription that has multi-factor authentication configured for all users.
Users that connect to Microsoft 365 services report that they are prompted for multi-factor authentication multiple times a day.
You need to reduce the number of times the users are prompted for multi-factor authentication on their company-owned devices. Your solution must ensure that users are still prompted for MFA.
What should you do?

A. Enable the multi-factor authentication trusted IPs setting, and then verify each device as a trusted device.

B. Enable the remember multi-factor authentication setting, and then verify each device as a trusted device.

C. Enable the multi-factor authentication trusted IPs setting, and then join all client computers to Microsoft Azure Active Directory (Azure AD).

D. Enable the remember multi-factor authentication setting, and then join all client computers to Microsoft Azure Active Directory (Azure AD).

Which migration solution should you recommend for Project1?

A. From the Microsoft 365 admin center, start a data migration and click Outlook as the data service.

B. From the Microsoft 365 admin center, start a data migration and click Exchange as the data service.

C. From Exchange Online PowerShell run the New-MailboxImportRequest cmdlet.

D. From Exchange Online PowerShell run the New-MailboxExportRequest cmdlet.

To which Azure AD role should you add User4 to meet the security requirement?

A. Password administrator

B. Global administrator

C. Security administrator

D. Privileged role administrator

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network.
Solution: From the Microsoft 365 admin center, you configure the Organization profile settings.
Does this meet the goal?

A. Yes

B. No

Your company has a Microsoft 365 subscription.
You need to identify all the users in the subscription who are licensed for Office 365 through a group membership. The solution must include the name of the group used to assign the license.
What should you use?

A. Reports in Microsoft Purview compliance portal

B. the Licenses blade in the Azure portal

C. Reports in the Microsoft 365 admin center

D. Active users in the Microsoft 365 admin center

SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information -
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@admin.onmicrosoft.com
Microsoft 365 Password: xxxxxxxxxx
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 111111111 -
Your company has a web application named App1.
The company plans to publish App1 by using a URL of https://app1.contoso.com.
You need to register App1 to your Microsoft Office 365 tenant.

SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information -
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@admin.onmicrosoft.com
Microsoft 365 Password: xxxxxxxxxx
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 111111111 -
Alex Wilber must be able to reset the password of each user in your organization. The solution must prevent Alex Wilber from modifying the password of global administrators.

SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information -
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@admin.onmicrosoft.com
Microsoft 365 Password: xxxxxxxxxx
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 111111111 -
 
You need to prevent all the users in your organization from sending an out of office reply to external users.
To answer, sign in to the Microsoft 365 portal.

SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information -
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@admin.onmicrosoft.com
Microsoft 365 Password: xxxxxxxxxx
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 111111111 -
You need to prevent the users in your organization from establishing voice calls from Microsoft Skype for Business to external Skype users.

SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information -
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@admin.onmicrosoft.com
Microsoft 365 Password: xxxxxxxxxx
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 111111111 -
You plan to create 1,000 users in your Microsoft 365 subscription.
You need to ensure that all the users can use the @contoso.com suffix in their username.
Another administrator will perform the required information to your DNS zone to complete the operation.

You need to configure just in time access to meet the technical requirements.
What should you use?

A. access reviews

B. entitlement management

C. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)

D. Azure Active Directory (Azure AD) Identity Protection

HOTSPOT -
Your network contains an on-premises Active Directory domain named adatum.com that syncs to Azure Active Directory (Azure AD) by using the Azure AD
Connect Express Settings. Password writeback is disabled.
You create a user named User1 and enter Pass in the Password field as shown in the following exhibit.
 
The Azure AD password policy is configured as shown in the following exhibit.
Hot Area:
 

You have a Microsoft 365 subscription that uses Microsoft OneDrive.
You need to prevent users from syncing .exe and .mp3 files from their local device to OneDrive.
What should you do?

A. From the Microsoft 365 admin center, configure directory synchronization.

B. From the SharePoint admin center, configure the Site storage limits settings.

C. From the Microsoft 365 Apps admin center, create a policy.

D. From the SharePoint admin center, configure the Sync settings.

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You add an app named App1 to the enterprise applications in contoso.com.
You need to configure self-service app access for App1.
What should you do first?

A. Assign App1 to users and groups.

B. Add an owner to App1.

C. Configure the provisioning mode for App1.

D. Configure an SSO method for App1.

Your on-premises network contains five file servers. The file servers host shares that contain user data.
You plan to migrate the user data to a Microsoft 365 subscription.
You need to recommend a solution to import the user data into Microsoft OneDrive.
What should you include in the recommendation?

A. Configure the settings of the OneDrive client on your Windows 10 device.

B. Configure the Sync settings in the OneDrive admin center.

C. Run the SharePoint Hybrid Configuration Wizard.

D. Run the SharePoint Migration Tool.

HOTSPOT
-
You have a Microsoft 365 E5 subscription that contains the following group:
•	Name: Group1
•	Members: User1, User2
•	Owner: User3
You create an access review that has the following settings:
•	Review name: Review1
•	Group: Group1
•	Scope: All users
•	Select reviewers: Users review their own access
•	Duration (in days): 14
•	Review recurrence: Monthly
•	Start date: 5/1/2022
•	End: End after number of occurrences
•	Occurrences: 6
•	Auto apply results to resource: Enable
Initial user responses to Review1 are shown in the following table.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
 

HOTSPOT -
You have several devices enrolled in Microsoft Intune.
You have a Microsoft Azure Active Directory (Azure AD) tenant that includes the users shown in the following table.
 
The device type restrictions in Intune are configured as shown in the following table.
 
You add User3 as a device enrollment manager in Intune.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 

HOTSPOT -
You need to create the UserLicenses group. The solution must meet the security requirements.
Which group type and control method should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

DRAG DROP -
You have a Microsoft 365 E5 tenant.
You have a computer named Computer1 that runs Windows 10.
You need to list the properties of a Microsoft SharePoint Online tenant by using the CLI for Microsoft 365 on Computer1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
 

HOTSPOT -
You have a Microsoft 365 tenant that contains the users shown in the following table.
 
Microsoft Exchange Online has the mail flow rules shown in the following table.
 
Rule1 has the following settings:
✑ Apply this rule if: The sender is '
user1@contoso.com
'
✑ Do the following: Redirect the message to '
user2@contoso.com
'
✑ Choose a mode for this rule: Enforce
✑ Stop processing more rules: Disabled
Rule2 has the following settings:
✑ Apply this rule if: The recipient is '
user2@contoso.com
'
✑ Do the following: Append the disclaimer 'Disclaimer1 message'; and fall back to action ignore if the disclaimer can't be inserted
✑ Choose a mode for this rule: Enforce
✑ Stop processing more rules: Enabled
Rule3 has the following settings:
✑ Apply this rule if: The recipient is '
user2@contoso.com
'
✑ Do the following: Append the disclaimer 'Disclaimer2 message'; and fall back to action ignore if the disclaimer can't be inserted
✑ Choose a mode for this rule: Enforce
✑ Stop processing more rules: Disabled
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
 

You have a Microsoft E5 subscription.
You need to ensure that administrators who need to manage Microsoft Exchange Online are assigned the Exchange administrator role for five hours at a time.
What should you implement?

A. a conditional access policy

B. a communication compliance policy

C. Azure AD Identity Protection

D. groups that have dynamic membership

E. Azure AD Privileged Identity Management (PIM)

Your company has a Microsoft 365 E3 subscription.
All devices run Windows 10 Pro and are joined to Microsoft Azure Active Directory (Azure AD).
You need to change the edition of Windows 10 to Enterprise the next time users sign in to their computer. The solution must minimize downtime for the users.
What should you use?

A. Subscription Activation

B. Windows Update

C. Windows Autopilot

D. an in-place upgrade

In Microsoft 365, you configure a data loss prevention (DLP) policy named Policy1. Policy1 detects the sharing of United States (US) bank account numbers in email messages and attachments.
Policy1 is configured as shown in the exhibit.
 
You need to ensure that internal users can email documents that contain US bank account numbers to external users who have an email suffix of contoso.com.
What should you configure?

A. an action

B. a group

C. a condition

D. an exception

HOTSPOT
-
You have an Azure AD tenant named contoso.com that contains an enterprise app named App1 and two users named User1 and User2.
You need to ensure that each user can perform the following action:
•	User1: Create entitlement management access packages to provide external users with access to App1.
•	User2: Create an access review for Appl.
The solution must use the principle of least privilege.
Which role should you assign to each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

DRAG DROP
-
You have a Microsoft 365 subscription.
You need to meet the following requirements:
•	Report a Microsoft 365 service issue.
•	Request help on how to add a new user to an Azure AD tenant.
What should you use in the Microsoft 365 admin center? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between Panes or scroll to view content.
NOTE: Each correct selection is worth one point.
 

You work for a company manages all their identities in the cloud.
After acquiring a new domain name, you are tasked with making sure that the primary email address of all new mailboxes uses the new domain.
Which of the following is the Microsoft Exchange Online PowerShell cmdlet that you should run?

A. Update-EmailAddressPolicy

B. Update-OfflineAddressBook

C. Set-AddressBookPolicy

D. Set-EmailAddressPolicy

You have an on-premises Microsoft SharePoint Server 2016 farm that contains the lists shown in the following table.
 
You plan to migrate to SharePoint Online by using the SharePoint Migration Tool.
Which list can be migrated to SharePoint Online?

A. List1

B. List2

C. List3

D. List4

You need to add the custom domain names to Office 365 to support the planned changes as quickly as possible.
What should you create to verify the domain names successfully?

A. three alias (CNAME) records

B. one text (TXT) record

C. one alias (CNAME) record

D. three text (TXT) records

You have a Microsoft 365 E5 subscription that is linked to an Azure AD tenant named contoso.com.
You purchase a DNS domain named fabrikam.com.
You need to ensure that Microsoft Exchange Online users can receive emails sent to the fabrikam.com domain.
What should you use?

A. the Microsoft 365 Apps admin center

B. the Microsoft 365 admin center

C. the Exchange admin center

D. the Microsoft Defender for Cloud Apps portal

You have an on-premises Microsoft SharePoint Server 2016 environment.
You create a Microsoft 365 tenant.
You need to migrate some of the SharePoint sites to SharePoint Online. The solution must meet the following requirements:
✑ Microsoft OneDrive sites must redirect users to online content.
✑ Users must be able to follow both on-premises and cloud-based sites.
✑ Users must have a single SharePoint profile for both on-premises and on the cloud.
✑ When users search for a document by using keywords, the results must include online and on-premises results.
From the SharePoint Hybrid Configuration Wizard, you select the following features:
✑ Hybrid business to business (B2B) sites
✑ Hybrid OneDrive
✑ Hybrid Search
Which two requirements are met by using the SharePoint Hybrid Configuration Wizard features? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Users must have a single SharePoint profile for both on-premises and on the cloud.

B. OneDrive sites must redirect users to online content.

C. Users must be able to follow both on-premises and cloud-based sites.

D. When users search for a document by using keywords, the results must include online and on-premises results.

HOTSPOT -
You have a Microsoft 365 E5 subscription.
You need to implement identity protection. The solution must meet the following requirements:
* Identify when a user's credentials are compromised and shared on the dark web.
* Provide users that have compromised credentials with the ability to self-remediate.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information -
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@admin.onmicrosoft.com
Microsoft 365 Password: xxxxxxxxxx
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 111111111 -
 
You need to prevent users in your organization from receiving an email notification when they save a document that contains credit card numbers.
To answer the question, sign in to the Microsoft 365 portal.

Your company has a Microsoft Azure Active Directory (Azure AD) tenant with multi-factor authentication enabled.
You have also configured the Allow users to submit fraud alerts, and the Block user when fraud is reported settings to ON.
A tenant user has submitted a fraud alert for his account.
Which of the following is the length of time that the user's account will automatically be blocked for?

A. 24 hours

B. 90 days

C. 1 month

D. 1 week

HOTSPOT
-
You have a Microsoft 365 E5 subscription and an Azure AD tenant named contoso.com.
All users have computers that run Windows 11, are joined to contoso.com, and are protected by using BitLocker Drive Encryption (BitLocker).
You plan to create a user named Admin1 that will perform following tasks:
•	View BitLocker recovery keys.
•	Configure the usage location for the users in contoso.com.
You need to assign roles to Admin1 to meet the requirements. The solution must use the principle of least privilege.
Which two roles should you assign? To answer, select the appropriate roles in the answer area.
NOTE: Each correct selection is worth one point.
 

Your company has an on-premises Microsoft Exchange Server 2013 organization.
The company has 100 users.
The company purchases Microsoft 365 and plans to move its entire infrastructure to the cloud.
The company does NOT plan to sync the on-premises Active Directory domain to Microsoft Azure Active Directory (Azure AD).
You need to recommend which type of migration to use to move all email messages, contacts, and calendar items to Exchange Online.
What should you recommend?

A. cutover migration

B. IMAP migration

C. remote move migration

D. staged migration

Your company has 10,000 users who access all applications from an on-premises data center.
You plan to create a Microsoft 365 subscription and to migrate data to the cloud.
You plan to implement directory synchronization.
User accounts and group accounts must sync to Microsoft Azure Active Directory (Azure AD) successfully.
You discover that several user accounts fail to sync to Azure AD.
You need to resolve the issue as quickly as possible.
What should you do?

A. From Active Directory Administrative Center, search for all the users, and then modify the properties of the user accounts.

B. Run idfix.exe, and then click Complete.

C. From Windows PowerShell, run the Start-AdSyncCycle ג€”PolicyType Delta command.

D. Run idfix.exe, and then click Edit.

Your on-premises network contains the web applications shown in the following table.
 
You purchase Microsoft 365, and then implement directory synchronization.
You plan to publish the web applications.
You need to ensure that all the applications are accessible by using the My Apps portal. The solution must minimize administrative effort.
What should you do first?

A. Deploy one conditional access policy.

B. Deploy one Application Proxy connector.

C. Create four application registrations.

D. Create a site-to-site VPN from Microsoft Azure to the on-premises network.

HOTSPOT -
You have a hybrid deployment of Microsoft 365 that contains the users shown in the following table.
 
You have an on-premises web app named AppA. Group1 has permissions to access AppA.
You configure an Azure Active Directory (Azure AD) Application Proxy.
You add an Application Proxy entry for AppA as shown the exhibit. (Click the Exhibit tab.)
 
You assign the AppA enterprise application in Azure to Group2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area: