MS-100 : Microsoft 365 Identity and Services : Part 17

MS-100 : Microsoft 365 Identity and Services : Part 17

1. HOTSPOT

   You need to ensure that a user named User1 can create documents by using Office for the web.

   Which two Microsoft Office 365 license options should you turn on for User1? To answer, select the appropriate options in the answer area.

   NOTE: Each correct section is worth one point.

   

   

2. HOTSPOT

   You have a data loss prevention (DLP) policy.

   You need to increase the likelihood that the DLP policy will apply to data that contains medical terms from the International Classification of Diseases (ICD-9-CM). The solution must minimize the number of false positives.

   Which two settings should you modify? To answer, select the appropriate settings in the answer area.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   You can tune your rules by adjusting the instance count and match accuracy to make it harder or easier for content to match the rules. Each sensitive information type used in a rule has both an instance count and match accuracy.

   To make the rule easier to match, decrease the min count and/or increase the max count. You can also set max to any by deleting the numerical value.

   To minimize the number of false positives, we need to increase the minimum match accuracy.
   A sensitive information type is defined and detected by using a combination of different types of evidence. Commonly, a sensitive information type is defined by multiple such combinations, called patterns. A pattern that requires less evidence has a lower match accuracy (or confidence level), while a pattern that requires more evidence has a higher match accuracy (or confidence level). 

3. SIMULATION

   Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.

   When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

   Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

   Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

   Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

   You may now click next to proceed to the lab.

   Lab information

   Use the following login credentials as needed:

   To enter your username, place your cursor in the Sign in box and click on the username below.

   To enter your password, place your cursor in the Enter password box and click on the password below.

   Microsoft 365 Username:
   [email protected]

   Microsoft 365 Password: *yfLo7Ir2&y-

   If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

   The following information is for technical support purposes only:

   Lab Instance: 10811525

   Your organization recently implemented a new data retention policy. The policy requires that all files stored in an employee’s Microsoft OneDrive folders be retained for 60 days after the employee is terminated from the organization.

   The human resources (HR) department of the organization deletes the user accounts of all terminated employees.

   You need to ensure that the organization meets the requirements of the data retention policy.

   • See explanation below.
   Explanation:

   You need to configure the OneDrive retention period for deleted users.

   1. Go to the OneDrive admin center.
   2. Select Storage.
   3. Set the “Days to retain files in OneDrive after a user account is marked for deletion” option to 60.
   4. Click Save to save the changes.

4. You have a Microsoft 365 subscription.

   Your company purchases a new financial application named App1.

   From Cloud Discovery in Microsoft Cloud App Security, you view the Discovered apps page and discover that many applications have a low score because they are missing information about domain registration and consumer popularity.

   You need to prevent the missing information from affecting the score.

   What should you configure from the Cloud Discover settings?

   • App tags
   • Score metrics
   • Organization details
   • Default behavior
   Explanation:

   An app’s score in Cloud Discovery is based on categories such as General, Security, Compliance and Legal. Each category has several parameters. For example, the domain registration and consumer popularity parameters are part of the General category. These parameters are known as Score Metrics.

   You can modify the default weights given to the Cloud Discovery score configuration. By default, all the various parameters evaluated are given an equal weight. If there are certain parameters that are more or less important to your organization, you can adjust the weight of each score metric.

   In this case, we need to lower the weight of the domain registration and consumer popularity score metrics.

5. HOTSPOT

   You plan to deploy two Microsoft Power Platform environments as shown in the following table.

   

   Which environment type should you use for each environment? To answer, select the appropriate options in the answer area.

   NOTE: Each correct selection is worth one point.

   

   

6. DRAG DROP

   You have a pilot app named App1 deployed to a Microsoft Power Platform production environment named Prod1.

   You need to reset the Prod1 environment in preparation for the production deployment of App1.

   Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

   

   

7. You have a Microsoft 365 tenant that contains a Microsoft Power Platform environment.

   You need to ensure that only specific users can create new environments.

   What should you do in the Power Platform admin center?

   • From Data policies, create a new data policy.
   • From Data integration, create a new connection set.
   • From Power Platform settings, modify the Governance settings for the environment.
   • From Environments, modify the behaviour settings for the default environment.

8. HOTSPOT

   You have a Microsoft 365 tenant that contains 300 users.

   The users have Domestic and International Calling Plan licenses.

   What is the maximum user phone numbers and toll-free service phone numbers can you acquire? To answer, select the appropriate options in the answer area.

   NOTE: Each correct selection is worth one point.

   

   

9. Case study

   This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

   To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

   At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

   To start the case study
   To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

   Overview

   Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide.

   Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States.

   Existing Environment

   Active Directory Environment
   The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication.

   Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts.

   All users authenticate to on-premises applications by signing in to their device by using a UPN format of [email protected].

   Fabrikam does NOT plan to implement identity federation.

   Network Infrastructure

   Each office has a high-speed connection to the Internet.

   Each office contains two domain controllers. All domain controllers are configured as a DNS server.

   The public zone for fabrikam.com is managed by an external DNS server.

   All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed.

   All shared company documents are stored on a Microsoft SharePoint Server farm.

   Requirements
   Planned Changes
   Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.

   Fabrikam plans to implement two pilot projects:

   – Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.
   – Project2: After the successful completion of Project1, Microsoft Teams & Skype for Business will be enabled in Microsoft 365 for the sales department users.

   Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.

   Technical Requirements
   Fabrikam identifies the following technical requirements:

   – All users must be able to exchange email messages successfully during Project1 by using their current email address.
   – Users must be able to authenticate to cloud services if Active Directory becomes unavailable.
   – A user named User1 must be able to view all DLP reports from the Microsoft 365 admin center.
   – Microsoft 365 Apps for enterprise applications must be installed from a network share only.
   – Disruptions to email access must be minimized.

   Application Requirements
   Fabrikam identifies the following application requirements:

   – An on-premises web application named App1 must allow users to complete their expense reports online. App1 must be available to users from the My Apps portal.
   – The installation of feature updates for Microsoft 365 Apps for enterprise must be minimized.

   Security Requirements
   Fabrikam identifies the following security requirements:

   – After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.
   – The memberships of UserLicenses must be validated monthly. Unused user accounts must be removed from the group automatically.
   – After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.
   – The principle of least privilege must be used.

   1. HOTSPOT

      You need to meet the application requirements for the Microsoft 365 Apps for enterprise applications.

      You create an XML file that contains the following settings.

      

      Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

      NOTE: Each correct selection is worth one point.

      

      

      Explanation:

      Box 1:
      Microsoft 365 Apps for enterprise feature updates will be installed twice a year in March and September.
      The Channel element in the configuration file is set to ‘Targeted’. This means Semi-Annual Targeted.
      To help your organization prepare for a Semi-Annual Channel release, Microsoft provides Semi-Annual Channel (Targeted). The primary purpose of this update channel is to give pilot users and application compatibility testers in your organization a chance to work with the upcoming Semi-Annual Channel release

      Box 2:
      Microsoft 365 Apps for enterprise applications must be installed from a network share only.

      The Allow CDN Fallback value is currently set to true. The purpose of this setting is to enable Office 365 to be downloaded from Microsoft’s Content Delivery Network if the network share is unavailable. The Allow CDN Fallback value should be set to false to meet the technical requirement.

   2. Which migration solution should you recommend for Project1?

      • From Exchange Online PowerShell, run the New-MailboxImportRequest cmdlet.
      • From Exchange Online PowerShell, run the New-MailboxExportRequest cmdlet.
      • From Exchange admin center, start the migration and select Remote move migration.
      • From the Exchange admin center, start the migration and select Cutover migration.
      Explanation:

      Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.
      Fabrikam does NOT plan to implement identity federation.
      All users must be able to exchange email messages successfully during Project1 by using their current email address.

      During Project1, some users will have mailboxes in Microsoft 365 and some users will have mailboxes in Exchange on-premises. To enable users to be able to exchange email messages successfully during Project1 by using their current email address, we’ll need to configure hybrid Exchange.

      To migrate mailboxes in a hybrid Exchange configuration, you use the Exchange admin center to perform Remote move migrations.

      Note:
      There are several versions of this question in the exam. The question has two possible correct answers:
      – From Exchange admin center, start the migration and select Remote move migration.
      – From the Microsoft 365 admin center, start a data migration and click Exchange as the data service.

      Other incorrect answer options you may see on the exam include the following:
      – From the Exchange admin center, start a migration and select Staged migration.
      – From the Microsoft 365 admin center, start a data migration and click Upload PST as the data service.
      – From the Microsoft 365 admin center, start a data migration and click Outlook as the data service.
      – From the Exchange admin center, start a migration and select Cutover migration.

   3. Which migration solution should you recommend for Project1?

      • From the Microsoft 365 admin center, start a data migration and click Exchange as the data service.
      • From the Exchange admin center, start a migration and select Cutover migration.
      • From the Exchange admin center, start a migration and select Staged migration.
      • From the Microsoft 365 admin center, start a data migration and click Upload PST as the data service.
      Explanation:

      Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.
      Fabrikam does NOT plan to implement identity federation.
      All users must be able to exchange email messages successfully during Project1 by using their current email address.

      During Project1, some users will have mailboxes in Microsoft 365 and some users will have mailboxes in Exchange on-premises. To enable users to be able to exchange email messages successfully during Project1 by using their current email address, we’ll need to configure hybrid Exchange.

      A new way to migrate mailboxes in a hybrid Exchange configuration is to use the Microsoft 365 data migration service. The data migration service can migrate Exchange, SharePoint and OneDrive. Therefore, we need to start a data migration and click Exchange as the service to be migrated.

      Note:
      There are several versions of this question in the exam. The question has two possible correct answers:
      – From Exchange admin center, start the migration and select Remote move migration.
      – From the Microsoft 365 admin center, start a data migration and click Exchange as the data service.

      Other incorrect answer options you may see on the exam include the following:
      – From Exchange Online PowerShell, run the New-MailboxImportRequest cmdlet.
      – From Exchange Online PowerShell, run the New-MailboxExportRequest cmdlet
      – From the Microsoft 365 admin center, start a data migration and click Outlook as the data service.
      – From the Exchange admin center, start a migration and select Cutover migration.

10. Case study

    This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

    To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

    At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

    To start the case study
    To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

    Overview

    General Overview

    Litware, Inc. is a consulting company that has a main office in Montreal and a branch office in Seattle.

    Litware collaborates with a third-party company named ADatum Corporation.

    Environment

    On-Premises Environment

    The network of Litware contains an Active Directory domain named litware.com. The domain contains three organizational units (OUs) named LitwareAdmins, Montreal Users, and Seattle Users and the users shown in the following table.

    

    The domain contains 2,000 Windows 10 Pro devices and 100 servers that run Windows Server 2019.

    Cloud environment

    Litware has a pilot Microsoft 365 subscription that includes Microsoft Office 365 Enterprise E3 licenses and Azure Active Directory Premium Plan 2 licenses.

    The subscription contains a verified DNS domain named litware.com.

    Azure AD Connect is installed and has the following configurations:

    – Password hash synchronization is enabled.
    – Synchronization is enabled for the LitwareAdmins OU only.

    Users are assigned the roles shown in the following table.

    

    Self-service password reset (SSPR) is enabled.

    The Azure Active Directory (Azure AD) tenant has Security defaults enabled.

    Requirements

    Planned Changes

    Litware identifies the following issues:

    – Admin1 cannot create conditional access policies.
    – Admin4 receives an error when attempting to use SSPR.
    – Users access new Office 365 service and feature updates before the updates are reviewed by Admin2.

    Technical Requirements

    Litware plans to implement the following changes:

    – Implement Microsoft Intune.
    – Implement Microsoft Teams.
    – Implement Microsoft Defender for Office 365.
    – Ensure that users can install Office 365 apps on their device.
    – Convert all the Windows 10 Pro devices to Windows 10 Enterprise E5.
    – Configure Azure AD Connect to sync the Montreal Users OU and the Seattle Users OU.

    1. HOTSPOT

       You need to configure the Office 365 service status notifications and limit access to the service and feature updates. The solution must meet the technical requirements.

       What should you configure in the Microsoft 365 admin center? To answer, select the appropriate options in the answer area.

       NOTE: Each correct selection is worth one point.