1. Topic 1, Contoso, Ltd

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answer and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.

The offices have the users and devices shown in the following table.

Contoso recently purchased a Microsoft 365 E5 subscription.

Existing Environment

The network contains an Active directory forest named contoso.com and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.

You recently configured the forest to sync to the Azure AD tenant.

You add and then verify adatum.com as an additional domain name.

All servers run Windows Server 2016.

All desktop computers and laptops run Windows 10 Enterprise and are joined to contoso.com.

All the mobile devices in the Montreal and Seattle offices run Android. All the mobile devices in the New York office run iOS.

Contoso has the users shown in the following table.

Contoso has the groups shown in the following table.

Microsoft Office 365 licenses are assigned only to Group2.

The network also contains external users from a vendor company who have Microsoft accounts that use a suffix of @outlook.com.

Requirements

Planned Changes

Contoso plans to provide email addresses for all the users in the following domains:

✑ East.adatum.com

✑ Contoso.adatum.com

✑ Humongousinsurance.com

Technical Requirements

Contoso identifies the following technical requirements:

✑ All new users must be assigned Office 365 licenses automatically.

✑ The principle of least privilege must be used whenever possible.

Security Requirements

Contoso identifies the following security requirements:

✑ Vendors must be able to authenticate by using their Microsoft account when accessing Contoso resources.

✑ User2 must be able to view reports and schedule the email delivery of security and compliance reports.

✑ The members of Group1 must be required to answer a security question before changing their password.

✑ User3 must be able to manage Office 365 connectors.

✑ User4 must be able to reset User3 password.

HOTSPOT

You need to meet the security requirements for User3. The solution must meet the technical requirements.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

2. You need to meet the security requirement for the vendors.

What should you do?

3. You need to meet the security requirement for Group1.

What should you do?

4. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You need to assign User2 the required roles to meet the security requirements.

Solution: From the Office 365 admin center, you assign User2 the Security Reader role.

From the Exchange admin center, you assign User2 the Help Desk role.

Does this meet the goal?

5. To which Azure AD role should you add User4 to meet the security requirement?

6. HOTSPOT

You need to meet the technical requirements for the user licenses.

Which two properties should you configure for each user? To answer, select the appropriate properties in the answer area. NOTE: Each correct selection is worth one point.

7. You need to Add the custom domain name* to Office 36S K> support the planned changes as quickly as possible.

What should you create to verify the domain names successfully?

8. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals- Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As m result, these questions will not appear in the review screen.

You need to assign User2 the required roles to meet the security requirement.

Solution: From the Office 36S admin center, you assign User2 the Records Management role. From the Exchange 3dmm center, you assign User2 the Help Desk role.

Does that meet the goal?

9. You need to assign User2 the required roles to meet the security requirements and the technical requirements.

To which two roles should you assign User2? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

10. Note This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You need to assign User2 the required roles to meet the security requirements.

Solution: From the Office 365 admin center, you assign User2 the Security Administrator role. From the Exchange admin center, you add User2 to the View-Only Management role.

Does this meet the goal?

11. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You need to assign User2 the required roles to meet the security requirements.

Solution: From the Office 365 admin center, you assign User2 the Security Reader role.

From the Exchange admin center, you assign User2 the Compliance Management role.

Does this meet the goal?

12. You need to meet the security requirement for the vendors.

What should you do?

13. Topic 2, Fabrikam, Inc

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answer and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Overview

Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide.

Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States.

Existing Environment

Active Directory Environment

The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication.

Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts.

All users authenticate to on-premises applications by signing in to their device by using a UPN format of [email protected].

Fabrikam does NOT plan to implement identity federation.

Network Infrastructure

Each office has a high-speed connection to the Internet.

Each office contains two domain controllers. All domain controllers are configured as a DNS server.

The public zone for fabrikam.com is managed by an external DNS server.

All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed.

All shared company documents are stored on a Microsoft SharePoint Server farm.

Requirements

Planned Changes

Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.

Fabrikam plans to implement two pilot projects:

✑ Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.

✑ Project2: After the successful completion of Project1, Microsoft Teams & Skype for Business will be enabled in Microsoft 365 for the sales department users.

Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.

Technical Requirements

Fabrikam identifies the following technical requirements:

✑ All users must be able to exchange email messages successfully during Project1 by using their current email address.

✑ Users must be able to authenticate to cloud services if Active Directory becomes unavailable.

✑ A user named User1 must be able to view all DLP reports from the Microsoft 365 admin center.

✑ Microsoft Office 365 ProPlus applications must be installed from a network share only.

✑ Disruptions to email address must be minimized.

Application Requirements

Fabrikam identifies the following application requirements:

✑ An on-premises web application named App1 must allow users to complete their expense reports online.

✑ The installation of feature updates for Office 365 ProPlus must be minimized.

Security Requirements

Fabrikam identifies the following security requirements:

✑ After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.

✑ The memberships of UserLicenses must be validated monthly. Unused user accounts must be removed from the group automatically.

✑ After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.

✑ The principle of least privilege must be used.

Which migration solution should you recommend for Project1?

14. You need to meet the application requirement for App1.

Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

15. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company plans to deploy several Microsoft Office 365 services.

You need to design an authentication strategy for the planned deployment.

The solution must meet the following requirements:

* Users must be able to authenticate during business hours only.

* Authentication requests must be processed successfully if a single server fails.

* When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.

* Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.

Solution: You design an authentication strategy that contains a pass-through authentication model. You install an Authentication Agent on three servers and configure seamless SSO.

Does this meet the goal?

16. You need to recommend which DNS record must be created before adding a domain name for the project.

You need to recommend which DNS record must be created before you begin the project.

Which DNS record should you recommend?

17. HOTSPOT

You need to create the UserLicenses group. The solution must meet the security requirements.

Which group type and control method should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

18. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company has a Microsoft Office 365 tenant.

You suspect that several Office 365 features were recently updated.

You need to view a list of the features that were recently updated in the tenant.

Solution: You use Monitoring and reports from the Compliance admin center.

Does this meet the goal?

19. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company plans to deploy several Microsoft Office 365 services.

You need to design an authentication strategy for the planned deployment.

The solution must meet the following requirements:

* Users must be able to authenticate during business hours only.

* Authentication requests must be processed successfully if a single server fails.

* When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.

* Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.

Solution: You design an authentication strategy that uses password hash synchronization and seamless SSO. The solution contains two servers that have an Authentication Agent installed.

Does this meet the goal?

20. You are evaluating the required processes for Project1.

You need to recommend which DNS record must be created before you begin the project.

Which DNS record should you recommend?

21. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest.

You deploy Microsoft 365.

You plan to implement directory synchronization.

You need to recommend a security solution for the synchronized identities.

The solution must meet the following requirements:

* Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.

* User passwords must be 10 characters or more.

Solution: Implement pass-through authentication and modify the password settings from the Default Domain Policy in Active Directory.

Does this meet the goal?

22. HOTSPOT

You create the Microsoft 365 tenant.

You implement Azure AD Connect as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

23. Which migration solution should you recommend for Project1?

24. Which migration solution should you recommend for Project1?

25. You need to ensure that all the sales department users can authenticate successfully during Project1and Project2.

Which authentication strategy should you implement for the pilot projects?

26. HOTSPOT

You need to meet the application requirements for the Office 365 ProPlus applications.

You create an XML files that contains the following settings.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

27. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company plans to deploy several Microsoft Office 365 services.

You need to design an authentication strategy for the planned deployment.

The solution must meet the following requirements:

* Users must be able to authenticate during business hours only.

* Authentication requests must be processed successfully if a single server fails.

* When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.

* Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.

Solution: You design an authentication strategy that contains a pass-through authentication model. The solution contains two servers that have an Authentication Agent installed and password hash synchronization configured.

Does this meet the goal?

28. Which role should you assign to User1?

29. DRAG DROP

You need to prepare the environment for Project1.

You create the Microsoft 365 tenant.

Which three actions should you perform in sequence next? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

30. Topic 3, Misc. Questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest.

You deploy Microsoft 365.

You plan to implement directory synchronization.

You need to recommend a security solution for the synchronized identities.

The solution must meet the following requirements:

✑ Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.

✑ Users passwords must be 10 characters or more.

Solution: Implement pass-through authentication and configure password protection in the Azure AD tenant.

Does this meet the goal?

31. HOTSPOT

Your network contains an on-premises Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD) as shown in the following exhibit.

An on-premises Active Directory user account named Allan Yoo is synchronized to Azure AD. You view Allan’s account from Microsoft 365 and notice that his username is set to [email protected].

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

32. Your company has a main office and 20 branch offices in North America and Europe. Each branch office connects to the main office by using a WAN link. All the offices connect to the Internet and resolve external host names by using the main office connections.

You plan to deploy Microsoft 365 and to implement a direct Internet connection in each office.

You need to recommend a change to the infrastructure to provide the quickest possible access to Microsoft 365 services.

What is the best recommendation to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

33. You have a Microsoft 365 subscription.

All users have their email stored in Microsoft Exchange Online

In the mailbox of a user named User, you need to preserve a copy of all the email messages that contain the word ProjectX.

What should you do first?

34. HOTSPOT

You have a Microsoft 365 subscription.

You create an alert policy as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information in the graphic. NOTE: Each correct selection is worth one point.

35. CORRECT TEXT

Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.

When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

You may now click next to proceed to the lab.

Lab information

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the

password below.

Microsoft 365 Username:

[email protected]

Microsoft 365 Password: 3&YWyjse-6-d

If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 10887751

You plan to create 1,000 users in your Microsoft 365 subscription.

You need to ensure that all the users can use the @contoso.com suffix in their username.

Another administrator will perform the required information to your DNS zone to complete the operation.

36. You have a Microsoft 365 subscription.

Your company deploys an Active Directory Federation Services (AD FS) solution.

You need to configure the environment to audit AD FS user authentication.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

37. CORRECT TEXT

Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.

When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

You may now click next to proceed to the lab.

Lab information

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Microsoft 365 Username:

[email protected]

Microsoft 365 Password: *yfLo7Ir2&y-

If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 10811525

Your organization plans to open an office in New York, and then to add 100 users to the office. The city attribute for all new users will be New York.

You need to ensure that all the new users in the New York office are licensed for Microsoft Office 365 automatically.

38. HOTSPOT

Your network contains an on-premises Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD) as shown in the following two exhibits.

You create a user named User1 in Active Directory as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

39. HOTSPOT

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.

A user named User1 has files on a Windows 10 device as shown in the following table.

In Azure Information Protection, you create a label named Label1 that is configured to apply automatically. Label1 is configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

40. HOTSPOT

You have a new Microsoft 365 subscription.

A user named User1 has a mailbox in Microsoft Exchange Online.

You need to log any changes to the mailbox folder permissions of User1.

Which command should you run? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

41. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company has a Microsoft Office 365 tenant.

You suspect that several Office 365 features were recently updated.

You need to view a list of the features that were recently updated in the tenant.

Solution: You review the Security & Compliance report in the Microsoft 365 admin center.

Does this meet the goal?

42. HOTSPOT

You are confirming an enterprise application named Test App in Microsoft Azur as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

43. You have a DNS zone named contoso.com that contains the following records.

You purchase a Microsoft 365 subscription.

You plan to migrate mailboxes to Microsoft Exchange Online.

You need to configure Sender Policy Framework (SPF) to support Exchange Online.

What should you do?

44. HOTSPOT

You have a Microsoft 365 subscription.

You need to provide an administrator named Admin1 with the ability to place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. The solution must use the principle of least privilege.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

45. CORRECT TEXT

Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.

When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

You may now click next to proceed to the lab.

Lab information

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Microsoft 365 Username:

[email protected]

Microsoft 365 Password: *yfLo7Ir2&y-

If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 10811525

You plan to migrate data from an on-premises email system to your Microsoft 365 tenant.

You need to ensure that Debra Berger can import a PST file.

46. CORRECT TEXT

Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.

When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

You may now click next to proceed to the lab.

Lab information

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the

password below.

Microsoft 365 Username: [email protected]

Microsoft 365 Password: m3t^We$Z7&xy

If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 11440873

You need to prevent all the users in your organization from sending an out of office reply to external users.

To answer, sign in to the Microsoft 365 portal.

47. CORRECT TEXT

Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.

When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

You may now click next to proceed to the lab.

Lab information

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Microsoft 365 Username: [email protected]

Microsoft 365 Password: m3t^We$Z7&xy

If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 11440873

You need to create a policy that allows a user named Lee Gu to use Outlook Web App to review 50 percent of the outbound email messages sent by a user named Joni Sherman.

To answer, sign in to the Microsoft 365 portal.

48. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a hybrid deployment of Microsoft 365 that contains the objects shown in the following table.

Azure AD Connect has the following settings:

✑ Password Hash Sync: Enabled

✑ Password writeback: Enabled

✑ Group writeback: Enabled

You need to add User2 to Group 2.

Solution: You use the Security & Compliance admin center.

Does this meet the goal?

49. HOTSPOT

You have a Microsoft Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

Your company uses Windows Defender Advanced Threat Protection (ATP).

Windows Defender ATP contains the roles shown in the following table.

Windows Defender ATP contains the device groups shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

50. Your network contain*, an on-premises Active Directory forest.

You are evaluating the implementation of Microsoft 365 and the deployment of authentication strategy.

You need to recommend an authentication strategy that meets the following requirements:

• Allows users to sign in by using smart card-based certificates

• Allows users to connect to on premises and Microsoft 365 services by using SSO

Which authentication strategy should you recommend?

51. HOTSPOT

You have a Microsoft 365 subscription.

You use the Microsoft Office Deployment tool to install Office 365 ProPlus.

You create a configuration file that contains the following settings.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.