You have a Microsoft 365 subscription that contains a Microsoft Azure Directory (Azure AD) tenant Contoso.com. The tenant includes a user named user1.
You enable Azure AD Identity protection.
You need to ensure that User1 can review the list in Azure AD identity protection of users flagged for risk. The solution must use the principle of least privilege.
To which role should you add User1?
Answer : A
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username: admin@LODSe503797.onmicrosoft.com
Microsoft 365 Password: x?-ofP?fG70o
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 11325860
You need to ensure that an external user named dev@fabrikam.com can register an application in your Microsoft 365 tenant. The solution must use the principle of least privilege.
To answer, sign in to the Microsoft 365 portal.
Answer : A
You need to create a guest account for the external user and assign the Application Developer role. As the user's domain is an external domain, you will need to 'invite' the user. The external user will need to accept the invitation to create the account.
1. Go to the Azure Active Directory Admin Center.
2. In the left navigation pane, select Users.
3. Click on the '+ New Guest User' link.
4. Ensure that the 'Invite user' option is selected.
5. Enter dev@fabrikam.com in the email address field.
6. In the Roles section, 'user' will be selected by default. Click on 'user' to open a list of roles.
7. Select Application Developer in the list and click the 'Select' button to assign the role.
8. Click the 'Invite' button to send the invitation.
Your company has 20 employees, Each employees has a mailbox hosted in Outlook.com.
The company purchases a Microsoft 365 subcription.
You plan to migrate all the mailboxes to Microsoft 365.
You need to recommend which type of migration to use for the mailboxes.
What should recommend?
Answer : C
To migrate mailboxes from Outlook.com to Office 365, you need to use the IMAP migration method.
After you've added your users to Office 365, you can use Internet Message Access Protocol (IMAP) to migrate email for those users from their IMAP-enabled email servers.
In the Microsoft 365 admin center, go toSetup>Data migrationto start migrating IMAP enabled emails. The email migrations page is pre-configured for migrations from Gmail, Outlook, Hotmail and Yahoo. You can also enter your own IMAP server name and connection parameters to migrate from an email service that is not listed.
You have a DNS zone named contoso.com that contains the following records.
You purchase a Microsoft 365 subscription.
You plan to migrate mailboxes to Microsoft Exchange Online.
You need to configure Sender Policy Framework (SPF) to support Exchange Online.
What should you do?
A user receives the following message when attempting to sign in to https://myapps.microsoft.com:
"Your sign-in was blocked. We've detected something unusual about this sign-in. For example, you might be signing in from a new location, device, or app. Before you can continue, we need to verify your identity. Please contact your admin."
Which configuration prevents the users from signing in?
Answer : C
The user is being blocked due to a 'risky sign-in'. This can be caused by the user logging in from a device that hasn't been used to sign in before or from an unknown location.
Integration with Azure AD Identity Protection allows Conditional Access policies to identify risky sign-in behavior. Policies can then force users to perform password changes or multi-factor authentication to reduce their risk level or be blocked from access until an administrator takes manual action.
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that contains 10,000
users.
The company has a Microsoft 365 subscription.
You enable Azure Multi-Factor Authentication (MFA) for all the users in contoso.com.
You run the following query.
search "SigninLogs" | where ResultDescription == "User did not pass the MFA
challenge."
The query returns blank results.
You need to ensure that the query returns the expected results.
What should you do?
Answer : D
You can now send audit logs to Azure Log Analytics. This gives you much easier reporting on audit events and the ability to perform queries such as the one in this question.
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the objects shown in the following table.
You configure Azure AD Connect to sync contoso.com to Azure Active Directory.
Which objects will sync to Azure AD?