NEW QUESTION 1
You have a Microsoft 365 subscription.
You use the Microsoft Office Deployment tool to install Office 365 ProPlus. You create a configuration file that contains the following settings.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation: References:
https://docs.microsoft.com/en-us/deployoffice/configuration-options-for-the-office-2021-deployment-tool

NEW QUESTION 2
Your network contains an Active Directory domain and a Microsoft Azure Active Directory (Azure AD) tenant.
You implement directory synchronization for all 10.000 users in the organization. You automate the creation of 100 new user accounts.
You need to ensure that the new user accounts synchronize to Azure AD as quickly as possible Which command should you run? To answer, select the appropriate options in the answer area. NOTE: Each correct select ion is worth one point.

Answer:

Explanation:

NEW QUESTION 3
You have a Microsoft 36S subscription that contains several Microsoft SharePoint Online sites. You discover that users from your company can invite external users to access files on the SharePoint sites. You need to ensure that the company users can invite only authenticated guest users to the sites. What should you do?

• A. From the Microsoft 365 admin center, configure a partner relationship.
• B. From SharePoint Online Management Shell, run the set-SPOSite cmdlet.
• C. From the Azure Active Directory adman center, configure a conditional access policy.
• D. From the SharePoint admin center, configure the sharing settings.

Answer: D

NEW QUESTION 4
Your company has a Microsoft Azure Active Directory (Azure AD) directory tenant named contoso.onmicrosoft.com.
All users have client computers that run Windows 10 Pro and are joined to Azure AD. The company purchases a Microsoft 365 E3 subscription.
You need to upgrade all the computers to Windows 10 Enterprise. The solution must minimize administrative effort.
You assign licenses from the Microsoft 365 admin center. What should you do next?

• A. Add a custom domain name to the subscription.
• B. Deploy Windows 10 Enterprise by using Windows Autopilot.
• C. Create provisioning package, and then deploy the package to all the computers.
• D. Instruct all the users to log off of their computer, and then to log in again.

Answer: B

NEW QUESTION 5
Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains the users shown in the following table.

You need to identify which users can perform the following administrative tasks:
Reset the password of User4.
Modify the value for the manager attribute of User4.
Which users should you identify for each task? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation: References:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles

NEW QUESTION 6
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a Microsoft Office 365 tenant.
You suspect that several Office 365 features were recently updated.
You need to view a list of the features that were recently updated in the tenant.
Solution: You review the Security & Compliance report in the Microsoft 365 admin center. Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 7
You need to meet the security requirements for User3. The solution must meet the technical requirements. What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation: References:
https://docs.microsoft.com/en-us/office365/SecurityCompliance/eop/feature-permissions-in-eop

NEW QUESTION 8
Note This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to assign User2 the required roles to meet the security requirements.
Solution: From the Office 365 admin center, you assign User2 the Security Administrator role. From the Exchange admin center, you add User2 to the View-Only Management role.
Does this meet the goal?

• A. Yes
• B. NO

Answer: B

Explanation: Topic 3, Fabrikam, Inc
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answer and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Overview
Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide.
Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States.
Existing Environment
Active Directory Environment
The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication.
Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts.
All users authenticate to on-premises applications by signing in to their device by using a UPN format of
username@fabrikam.com.
Fabrikam does NOT plan to implement identity federation.
Network Infrastructure
Each office has a high-speed connection to the Internet.
Each office contains two domain controllers. All domain controllers are configured as a DNS server. The public zone for fabrikam.com is managed by an external DNS server.
All users connect to an on-premises Microsoft Exchange Server 2021 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed.
All shared company documents are stored on a Microsoft SharePoint Server farm.
Requirements Planned Changes
Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.
Fabrikam plans to implement two pilot projects:
Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.
Project2: After the successful completion of Project1, Microsoft Teams & Skype for Business will be enabled in Microsoft 365 for the sales department users.
Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.
Technical Requirements
Fabrikam identifies the following technical requirements:
All users must be able to exchange email messages successfully during Project1 by using their current email address.
Users must be able to authenticate to cloud services if Active Directory becomes unavailable.
A user named User1 must be able to view all DLP reports from the Microsoft 365 admin center.
Microsoft Office 365 ProPlus applications must be installed from a network share only.
Disruptions to email address must be minimized.
Application Requirements
Fabrikam identifies the following application requirements:
An on-premises web application named App1 must allow users to complete their expense reports online.
The installation of feature updates for Office 365 ProPlus must be minimized.
Security Requirements
Fabrikam identifies the following security requirements:
After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.
The memberships of UserLicenses must be validated monthly. Unused user accounts must be removed from the group automatically.
After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.
The principle of least privilege must be used.

NEW QUESTION 9
Your company recently purchased a Microsoft 365 subscription.
You enable Microsoft Azure Multi-Factor Authentication (Ml A) for all 500 users in the Azure Active Directory (Azure AD) tenant.
You need to generate a report that lists all the users who completed the Azure MFA registration process. What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

• A. From Azure Cloud Shell, run the Get-AzureADUser cmdlet.
• B. From Azure Cloud Shell, run the Get-MsolUser cmdlet
• C. From the Azure Active Directory admin center, use the MFA Server blade.
• D. From the Azure Active Directory admin center, use the Risky sign-ins blade.

Answer: B

Explanation: References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-reporting

NEW QUESTION 10
Your Network contains an on-premises Active Directory domain named contoso.local. The domain contains five domain controllers.
Your company purchases Microsoft 365 and creates a Microsoft Anne Active Directory (Azure AD) tenant named .contoso.onmicrosoft.com.
You plan to implement pass- through authentication.
You need to prepare the environment for the planned implementation of pass-through authentication. Which three actions should you perform? Each correct answer presents pan of the solution.
NOTE: Each correct selection is worth one point.

• A. Modify the email address attribute for each user account.
• B. From the Azure portal, add a custom domain name.
• C. From Active Directory Domains and Trusts, add a UPN suffix.
• D. Modify the User logon name for each user account.
• E. From the Azure portal, configure an authentication method.
• F. From a domain controller, install an authentication Agent.

Answer: BCD

NEW QUESTION 11
Your network contains an Active Directory domain named contoso.com. You have a Microsoft 365 subscription.
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. You implement directory synchronization.
The developers at your company plan to build an app named App1. App1 will connect to the Microsoft Graph API to provide access to several Microsoft Office 365 services.
You need to provide the URI for the authorization endpoint that App1 must use. What should you provide?

• A. https://login.microsoftonline.com/
• B. https://contoso.com/contoso.onmicrosoft.com/app1
• C. https://login.microsoftonline.com/contoso.onmicrosoft.com/
• D. https://myapps.microsoft.com

Answer: C

NEW QUESTION 12
Your company has an on-premises Microsoft Exchange Server 2013 organization. The company has 100 users.
The company purchases Microsoft 365 and plans to move its entire.- infrastructure to the cloud.
The company does NOT plan to sync the on-premises Active Directory domain to Microsoft Azure Active Directory (Azure AD).
You need to recommend which type of migration to use to move all email messages, contacts, and calendar items to Exchange Online.
What should you recommend?

• A. cutover migration
• B. IMAP migration
• C. remote move migration
• D. staged migration

Answer: A

Explanation: References:
https://docs.microsoft.com/en-us/exchange/mailbox-migration/cutover-migration-to-office-365

NEW QUESTION 13
Which role should you assign to User1?

• A. Security Administrator
• B. Records Management
• C. Security Reader
• D. Hygiene Management

Answer: C

NEW QUESTION 14
Note: This question it part of a series of questions that present the same scenario. Cacti question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a Microsoft Office 36S tenant.
You suspect that several Office 365 features were recently updated.
You need to view a last of the features that were recently updated in the tenant. Solution: You use Message center in the Microsoft 365 admin center.
Does this meet the goal?

• A. Yes
• B. NO

Answer: A

NEW QUESTION 15
You have a Microsoft 365 Enterprise subscription.
You have a conditional access policy to force multi factor .mthentication when accessing Microsoft SharePoint from a mobile device
You need to view which users authenticated by using multi factor authentication. What should you do?

• A. From the Microsoft 36S admin center, view the Security Compliance reports.
• B. From the Azure Active Directory admin center, view the user sign-ins.
• C. From the Microsoft 365 admin center, view the Usage reports.
• D. From the Azure Active Directory admin center, view the audit logs.

Answer: B

Explanation: References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-reporting

NEW QUESTION 16
Your company has offices in several cities and 100.000 users. The network contains an Active Directory domain contoso.com.
You purchase Microsoft 365 and plan to deploy several Microsoft 365 services.
You are evaluating the implementation of pass-through authentication and seamless SSO. Azure AD Connect will NOT be in staging mode.
You need to identify the redundancy limits for the planned implementation.
What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION 17
Your company has a Microsoft 365 subscription.
You need to identify all the users in the subscription who are licensed for Microsoft Office 365 through a group membership. The solution must include the name of the group used to assign the license.
What should you use?

• A. the Licenses blade in the Azure portal
• B. Reports in the Microsoft 365 admin center
• C. Active users in the Microsoft 365 admin center
• D. Report in Security & Compliance

Answer: A

NEW QUESTION 18
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and adatum.com.
Your company recently purchased a Microsoft 365 subscription. You deploy a federated identity solution to the environment.
You use the following command to configure contoso.com for federation. Convert-MsolDomaintoFederated –DomainName contoso.com
In the Microsoft 365 tenant, an administrator adds and verifies the adatum.com domain name. You need to configure the adatum.com Active Directory domain for federated authentication.
Which two actions should you perform before you run the Azure AD Connect wizard? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. From Windows PowerShell, run the Convert-MsolDomaintoFederated–DomainName contoso.com –SupportMultipleDomain command.
• B. From Windows PowerShell, run the New-MsolFederatedDomain–SupportMultipleDomain -DomainName contoso.com command.
• C. From Windows PowerShell, run the New-MsolFederatedDomain-DomainName adatum.com command.
• D. From Windows PowerShell, run the Update-MSOLFederatedDomain–DomainName contoso.com –SupportMultipleDomain command.
• E. From the federation server, remove the Microsoft Office 365 relying party trust.

Answer: AE