The latest updated Microsoft MS-100 exam dumps and free MS-100 exam practice questions and answers! Latest updates from Lead4Pass Microsoft MS-100 Dumps PDF and MS-100 Dumps VCE, Lead4Pass MS-100 exam questions updated and answers corrected!
Get the full Microsoft MS-100 dumps from https://www.leads4pass.com/ms-100.html (VCE&PDF)

Exam MS-100: Microsoft 365 Identity and Services – website: https://docs.microsoft.com/en-us/learn/certifications/exams/ms-100

Latest MS-100 PDF for free

Share the Microsoft MS-100 Dumps PDF for free From Lead4pass MS-100 Dumps part of the distraction collected on Google Drive shared by Lead4pass
https://drive.google.com/file/d/13LVi5CAbTzWlIKyiysNRs0p6oEVsY4Fw/

Latest Lead4pass MS-100 Youtube

Share the latest Microsoft MS-100 exam practice questions and answers for free from Led4Pass Dumps viewed online by Youtube Videos

https://youtube.com/watch?v=XnClOpTzCjA

The latest updated Microsoft MS-100 Exam Practice Questions and Answers Online Practice Test is free to share from Lead4Pass (Q1-Q13)

QUESTION 1
HOTSPOT
Your network contains an Active Directory domain named fabrikam.com. The domain contains the objects shown in the
following table.[2021.1] lead4pass ms-100 practice test q1

You are configuring synchronization between fabrikam.com and a Microsoft Azure Active Directory (Azure AD) tenant.
You configure the Domain/OU Filtering settings in Azure AD Connect as shown in the Domain/OU Filtering exhibit.
(Click the Domain/OU Filtering tab.)

[2021.1] lead4pass ms-100 practice test q1-1

You configure the Filtering settings in Azure AD Connect as shown in the Filtering exhibit. (Click the Filtering tab.)

[2021.1] lead4pass ms-100 practice test q1-2

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

[2021.1] lead4pass ms-100 practice test q1-3

Correct Answer:

[2021.1] lead4pass ms-100 practice test q1-4

Box 1: No
The filtering is configured to synchronize Group2 and OU2 only. The effect of this is that only members of Group2 who
are in OU2 will be synchronized.
User2 is in Group2. However, the User2 account object is in OU1 so User2 will not synchronize to Azure AD.
Box 2: Yes
Group2 is in OU2 so Group2 will synchronize to Azure AD. However, only members of the group who are in OU2 will
synchronize. Members of Group2 who are in OU1 will not synchronize.
Box 3: Yes
User3 is in Group2 and in OU2. Therefore, User3 will synchronize to Azure AD.
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#group-basedfiltering

 

QUESTION 2
Your company has a Microsoft 365 tenant.
You plan to allow users from the engineering department to enroll their mobile device in mobile device management
(MDM).
The device type restrictions are configured as shown in the following table.

[2021.1] lead4pass ms-100 practice test q2

The device limit restrictions are configured as shown in the following table.

[2021.1] lead4pass ms-100 practice test q2-1

What is the effective configuration for the members of the Engineering group? To answer, select the appropriate options
in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:

[2021.1] lead4pass ms-100 practice test q2-2

Correct Answer:

[2021.1] lead4pass ms-100 practice test q2-3

When multiple policies are applied to groups that users are a member of, only the highest priority (lowest number) policy
applies.
In this case, the Engineering users are assigned two device type policies (the default policy and the priority 2 policy).
The priority 2 policy has a higher priority than the default policy so the Engineers’ allowed platform is Android only.
The engineers have two device limit restrictions policies applied to them. The priority1 policy is a higher priority than the
priority2 policy so the priority1 policy device limit (15) applies.
Reference:
https://docs.microsoft.com/en-us/intune/enrollment/enrollment-restrictions-set

 

QUESTION 3
You have a Microsoft 365 subscription.
You add a domain named contoso.com.
When you attempt to verify the domain, you are prompted to send a verification email to [email protected].
You need to change the email address used to verify the domain.
What should you do?
A. From the domain registrar, modify the contact information of the domain
B. Add a TXT record to the DNS zone of the domain
C. Modify the NS records for the domain
D. From the Microsoft 365 admin center, change the global administrator of the Microsoft 365 subscription
Correct Answer: A
The email address that is used to verify that you own the domain is the email address listed with the domain registrar for
the registered contact for the domain.
Reference: https://docs.microsoft.com/en-us/microsoft-365/admin/setup/add-domain?view=o365-worldwide

 

QUESTION 4
Your company has a Microsoft Azure Active Directory (Azure AD) directory tenant named contoso.onmicrosoft.com.
All users have client computers that run Windows 10 Pro and are joined to Azure AD.
The company purchases a Microsoft 365 E3 subscription.
You need to upgrade all the computers to Windows 10 Enterprise. The solution must minimize administrative effort.
You assign licenses from the Microsoft 365 admin center.
What should you do next?
A. Add a custom domain name to the subscription.
B. Deploy Windows 10 Enterprise by using Windows Autopilot.
C. Create a provisioning package and then deploy the package to all the computers.
D. Instruct all the users to log off of their computer, and then to log in again.
Correct Answer: B
With Windows Autopilot the user can set up pre-configure devices without the need to consult their IT administrator.
Reference: https://docs.microsoft.com/en-us/windows/deployment/windows-10-deployment-scenarios
https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot

 

QUESTION 5
Your network contains an Active Directory domain named contoso.com. The domain contains the file servers shown in
the following table.[2021.1] lead4pass ms-100 practice test q5

A file named File1.abc is stored on Server1. A file named File2.abc is stored on Server2. Three apps named App1,
App2, and App3 all open files that have the .abc file extension. You implement Windows Information Protection (WIP) by
using the following configurations:
1.
Exempt apps: App2
2.
Protected apps: App1
3.
Windows Information Protection mode: Block
4.
Network boundary: IPv4 range of 192.168.1.1-192.168.1.255
You need to identify the apps from which you can open File1.abc
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

[2021.1] lead4pass ms-100 practice test q5-1

Box 1: Yes.
App1 is a protected app in the Windows Information Protection policy. File1 is stored on Server1 which is in the Network
Boundary defined in the policy. Therefore, you can open File1 in App1.
Box 2: Yes.
App2 is exempt from the Windows Information Protection policy. The protection mode in the policy is blocked so all apps that
are not included in the policy cannot be used to open the file… except for exempt apps. Therefore, you can open File1 in
App2.
Box 3: No.
The protection mode in the policy is blocked so all apps that are not included in the policy as protected apps or listed as
exempt from the policy cannot be used to open the file. Therefore, you cannot open the File from in App3.
References:
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-wippolicy-using-intune-azure

 

QUESTION 6
You have a Microsoft 365 tenant that contains Microsoft Exchange Online.
You plan to enable calendar sharing with a partner organization named adatum.com. The partner organization also has
a Microsoft 365 tenant.
You need to ensure that the calendar of every user is available to the users in adatum.com immediately.
What should you do?
A. From the Exchange admin center, create a sharing policy.
B. From the Exchange admin center, create a new organization relationship.
C. From the Microsoft 365 admin center, modify the Organization profile settings.
D. From the Microsoft 365 admin center, configure external site sharing.
Correct Answer: B
You need to set up an organizational relationship to share calendar information with an external business partner. Office
365 admins can set up an organization relationship with another Office 365 organization or with an Exchange onpremises organization.
Reference: https://docs.microsoft.com/en-us/exchange/sharing/organization-relationships/create-an-organizationrelationship

 

QUESTION 7
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
Your company plans to deploy several Microsoft Office 365 services.
You need to design an authentication strategy for the planned deployment. The solution must meet the following
requirements:
1.
Users must be able to authenticate during business hours only.
2.
Authentication requests must be processed successfully if a single server fails.
3.
When the password for an on-premises user account expires, the new password must be enforced the next time the
user signs in.
4.
Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must
be signed in automatically.
Solution: You design an authentication strategy that uses federation authentication by using Active Directory Federation
Services (AD FS). The solution contains two AD FS servers and two Web Application Proxies.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
This solution meets the following requirements:
1.
Users must be able to authenticate during business hours only.
2.
Authentication requests must be processed successfully if a single server fails.
3.
When the password for an on-premises user account expires, the new password must be enforced the next time the
user signs in.
The following requirement is not met:
Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must
be signed in automatically.
To meet this requirement, you would need to configure a seamless Single Sign-on (SSO)
Reference:
https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn

 

QUESTION 8
Your network contains an on-premises Active Directory domain named contoso.com that is synced to a Microsoft Azure
Active Directory (Azure AD) tenant.
The on-premises network contains a file server named Server1. Server1 has a share named Share1 that contains
company documents.
Your company purchases a Microsoft 365 subscription.
You plan to migrate data from Share1 to Microsoft 365. Only data that was created or modified during the last three
months will be migrated.
You need to identify all the files in Share1 that were modified or created during the last 90 days.
What should you use?
A. Server Manager
B. Microsoft SharePoint Migration Tool
C. Resource Monitor
D. Usage reports from the Microsoft 365 admin center
Correct Answer: B
You can use the Microsoft SharePoint Migration Tool to migrate files from a file server to SharePoint Online.
The Microsoft SharePoint Migration Tool has a number of filters you can use to define which files will be migrated. One
filter setting is “Migrate files modified after”. This setting will only migrate files modified after the selected date. The first
phase of migration is to perform a scan of the source files to create a manifest of the files that will be migrated. You
can use this manifest to identify all the files in Share1 that were modified or created during the last 90 days.
References:
https://docs.microsoft.com/en-us/sharepointmigration/spmt-settings

 

QUESTION 9
SIMULATION
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few
minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a
live environment. While most functionality will be available to you as it would be in a live environment, some
functionality
(e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn\\’t matters how you
accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as
much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you
are
able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to
the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign inbox and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: *yfLo7Ir2andyIf the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser
tab.
The following information is for technical support purposes only:
Lab Instance: 10811525
Your organization recently implemented a new data retention policy. The policy requires that all files stored in an
employee\\’s Microsoft OneDrive folders be retained for 60 days after the employee is terminated from the organization.
The human resources (HR) department of the organization deletes the user accounts of all terminated employees.
You need to ensure that the organization meets the requirements of the data retention policy.
A. See below.
Correct Answer: A
You need to configure the OneDrive retention period for deleted users.
1.
Go to the OneDrive admin center.
2.
Select Storage.
3.
Set the “Days to retain files in OneDrive after a user account is marked for deletion” option to 60.
4.
Click Save to save the changes.
References: https://docs.microsoft.com/bs-latn-ba/onedrive/set-retention

 

QUESTION 10
SIMULATION
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few
minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a
live environment. While most functionality will be available to you as it would be in a live environment, some
functionality
(e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn\\’t matters how you
accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as
much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you
are
able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to
the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign inbox and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: *yfLo7Ir2andyIf the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser
tab.
The following information is for technical support purposes only:
Lab Instance: 10811525
Your organization plans to open an office in New York, and then to add 100 users to the office. The city attribute for all
new users will be New York.
You need to ensure that all the new users in the New York office are licensed for Microsoft Office 365 automatically.
A. See below.
Correct Answer: A
You need to create a dynamic group based on the city attribute. You then need to assign a license to the group. User
accounts with the city attribute set to ‘New York’ will automatically be added to the group. Anyone who is added to the
group will automatically be assigned the license that is assigned to the group.
1.
Go to the Azure Active Directory admin center.
2.
Select Azure Active Directory then select Groups.
3.
Click on the New Group link.
4.
Give the group a name such as New York Users.
5.
Select Users as the membership type.
6.
Select ‘Add dynamic query’.
7.
Select ‘City’ in the Property drop-down box.
8.
Select ‘Equals’ in the Operator drop-down box.
9.
Enter ‘New York’ as the Value. You should see the following text in the Expression box: user. city -eq “New York”
10.
Click Save to create the group.
11.
In the Groups list, select the new group to open the properties page for the group.
12.
Select ‘Licenses’.
13.
Select the ‘+ Assignments’ link.
14.
Tick the box to select the license.
15.
Click the Save button to save the changes.
References: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-groups-assign

 

QUESTION 11
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users
shown in the following table.[2021.1] lead4pass ms-100 practice test q11

The domain syncs to an Azure Active Directory (Azure AD) tenant named contoso.com as shown in the exhibit.

[2021.1] lead4pass ms-100 practice test q11-1

User2 fails to authenticate to Azure AD when signing in as [email protected].
You need to ensure that User2 can access the resources in Azure AD.
Solution: From the on-premises Active Directory domain, you assign User2 the Allow log on locally user right. You
instruct User2 to sign in as [email protected].
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
This is not a permissions issue.
The on-premises Active Directory domain is named contoso.com. To enable users to sign on using a different UPN
(different domain), you need to add the domain to Microsoft 365 as a custom domain.

 

QUESTION 12
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users
shown in the following table.[2021.1] lead4pass ms-100 practice test q12

The domain syncs to an Azure Active Directory (Azure AD) tenant named contoso.com as shown in the exhibit.

[2021.1] lead4pass ms-100 practice test q12-1

User2 fails to authenticate to Azure AD when signing in as [email protected].
You need to ensure that User2 can access the resources in Azure AD.
Solution: From the on-premises Active Directory domain, you set the UPN suffix for User2 to @contoso.com. You
instruct User2 to sign in as [email protected].
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
The on-premises Active Directory domain is named contoso.com. You can enable users to sign on using a different
UPN (different domain), by adding the domain to Microsoft 365 as a custom domain. Alternatively, you can configure the
user account to use the existing domain (contoso.com).

 

QUESTION 13
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that contains 10,000 users.
The company has a Microsoft 365 subscription.
You enable Azure Multi-Factor Authentication (MFA) for all the users in contoso.com.
You run the following query.
search “SigninLogs” | where ResultDescription == “User did not pass the MFA challenge.”
The query returns blank results.
You need to ensure that the query returns the expected results.
What should you do?
A. From the Azure Active Directory admin center, configure the diagnostics settings to archive logs to an Azure Storage
account.
B. From the Security and Compliance admin center, turn on auditing.
C. From the Security and Compliance admin center, enable Office 365 Analytics.
D. From the Azure Active Directory admin center, configure the diagnostics settings to send logs to an Azure Log
Analytics workplace.
Correct Answer: D
You can now send audit logs to Azure Log Analytics. This gives you much easier reporting on audit events and the
ability to perform queries such as the one in this question.
References: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-withlog-analytics


Fulldumps shares the latest updated Microsoft MS-100 exam exercise questions, MS-100 dumps pdf, and Youtube video learning for free.
All exam questions and answers come from the Lead4pass exam dumps shared part! Lead4pass updates throughout the year and shares a portion of your exam questions for free to help you understand the exam content and enhance your exam experience!
Get the full Microsoft MS-100 exam dumps questions at https://www.leads4pass.com/ms-100.html (pdf&vce)

ps.
Get free Microsoft MS-100 dumps PDF online: https://drive.google.com/file/d/13LVi5CAbTzWlIKyiysNRs0p6oEVsY4Fw/