Microsoft MS-100 Microsoft 365 Identity and Services Online Training
Microsoft MS-100 Online Training
The questions for MS-100 were last updated at Nov 26,2024.
- Exam Code: MS-100
- Exam Name: Microsoft 365 Identity and Services
- Certification Provider: Microsoft
- Latest update: Nov 26,2024
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to assign User2 the required roles to meet the security requirements.
Solution: From the Office 365 admin center, you assign User2 the Security Reader role.
From the Exchange admin center, you assign User2 the Help Desk role.
Does this meet the goal?
- A . Yes
- B . NO
B
Explanation:
✑ User2 must be able to view reports and schedule the email delivery of security and compliance reports.
The Security Reader role can view reports but not schedule the email delivery of security and compliance reports.
The Help Desk role cannot schedule the email delivery of security and compliance reports.
Reference: https://docs.microsoft.com/en-us/exchange/permissions-exo/permissions-exo
HOTSPOT
You need to meet the technical requirements for the user licenses.
Which two properties should you configure for each user? To answer, select the appropriate properties in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
All new users must be assigned Office 365 licenses automatically.
To enable Microsoft 365 license assignment, the users must have a username. This is also the UPN. The users must also have a Usage Location.
Topic 2, Fabrikam, Inc
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answer and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Overview
Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide.
Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States.
Existing Environment
Active Directory Environment
The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication.
Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts.
All users authenticate to on-premises applications by signing in to their device by using a UPN format of [email protected].
Fabrikam does NOT plan to implement identity federation.
Network Infrastructure
Each office has a high-speed connection to the Internet.
Each office contains two domain controllers. All domain controllers are configured as a DNS server.
The public zone for fabrikam.com is managed by an external DNS server.
All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed.
All shared company documents are stored on a Microsoft SharePoint Server farm.
Requirements
Planned Changes
Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.
Fabrikam plans to implement two pilot projects:
✑ Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.
✑ Project2: After the successful completion of Project1, Microsoft Teams & Skype for Business will be enabled in Microsoft 365 for the sales department users.
Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.
Technical Requirements
Fabrikam identifies the following technical requirements:
✑ All users must be able to exchange email messages successfully during Project1 by using their current email address.
✑ Users must be able to authenticate to cloud services if Active Directory becomes unavailable.
✑ A user named User1 must be able to view all DLP reports from the Microsoft 365 admin center.
✑ Microsoft Office 365 ProPlus applications must be installed from a network share only.
✑ Disruptions to email address must be minimized.
Application Requirements
Fabrikam identifies the following application requirements:
✑ An on-premises web application named App1 must allow users to complete their expense reports online.
✑ The installation of feature updates for Office 365 ProPlus must be minimized.
Security Requirements
Fabrikam identifies the following security requirements:
✑ After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.
✑ The memberships of UserLicenses must be validated monthly. Unused user accounts must be removed from the group automatically.
✑ After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.
✑ The principle of least privilege must be used.
You need to meet the application requirement for App1.
Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . From the Azure Active Directory admin center, configure the application URL settings.
- B . From the Azure Active Directory admin center, add an enterprise application.
- C . On an on-premises server, download and install the Microsoft AAD Application Proxy connector.
- D . On an on-premises server, install the Hybrid Configuration wizard.
- E . From the Microsoft 365 admin center, configure the Software download settings.
A,B,C
Explanation:
✑ An on-premises web application named App1 must allow users to complete their expense reports online.
Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client. Application Proxy includes both the Application Proxy service which runs in the cloud, and the Application Proxy connector which runs on an on-premises server. Azure AD, the Application Proxy service, and the Application Proxy connector work together to securely pass the user sign-on token from Azure AD to the web application.
In this question, we need to add an enterprise application in Azure and configure a Microsoft AAD Application Proxy connector to connect to the on-premises web application (App1).
Reference: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy#how-application-proxy-works
You need to recommend which DNS record must be created before adding a domain name for the project.
You need to recommend which DNS record must be created before you begin the project.
Which DNS record should you recommend?
- A . alias (CNAME)
- B . host information (HINFO)
- C . host (A)
- D . mail exchanger (MX)
C
Explanation:
When you add a custom domain to Office 365, you need to verify that you own the domain.
You can do this by adding either an MX record or a TXT record to the DNS for that domain.
Reference: https://docs.microsoft.com/en-us/office365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider?view=o365-worldwide
Which role should you assign to User1?
- A . Security Administrator
- B . Records Management
- C . Security Reader
- D . Hygiene Management
C
Explanation:
✑ A user named User1 must be able to view all DLP reports from the Microsoft 365 admin center.
Users with the Security Reader role have global read-only access on security-related features, including all information in Microsoft 365 security center, Azure Active Directory, Identity Protection, Privileged Identity Management, as well as the ability to read Azure Active Directory sign-in reports and audit logs, and in Office 365 Security & Compliance Center.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-
assign-admin-roles
Which migration solution should you recommend for Project1?
- A . From the Microsoft 365 admin center, start a data migration and click Exchange as the data service.
- B . From the Exchange admin center, start a migration and select Cutover migration.
- C . From the Exchange admin center, start a migration and select Staged migration.
- D . From the Microsoft 365 admin center, start a data migration and click Upload PST as the data service.
A
Explanation:
Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.
Fabrikam does NOT plan to implement identity federation.
All users must be able to exchange email messages successfully during Project1 by using their current email address.
During Project1, some users will have mailboxes in Microsoft 365 and some users will have mailboxes in Exchange on-premises. To enable users to be able to exchange email messages successfully during Project1 by using their current email address, we’ll need to configure hybrid Exchange.
A new way to migrate mailboxes in a hybrid Exchange configuration is to use the Microsoft 365 data migration service. The data migration service can migrate Exchange, SharePoint and OneDrive. Therefore, we need to start a data migration and click Exchange as the service to be migrated.
Reference:
https://docs.microsoft.com/en-us/fasttrack/O365-data-migration
https://docs.microsoft.com/en-us/exchange/hybrid-deployment/move-mailboxes
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a Microsoft Office 365 tenant.
You suspect that several Office 365 features were recently updated.
You need to view a list of the features that were recently updated in the tenant.
Solution: You use Monitoring and reports from the Compliance admin center.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Depending on what your organization’s Office 365 subscription includes, the Dashboard in Security & Compliance includes several widgets, such as Threat Management Summary, Threat Protection Status, Global Weekly Threat Detections, Malware, etc. The Compliance admin center in Microsoft 365 contains much of the same information but also includes additional entries focusing on alerts, data insights.
The Monitoring and reports section from the Compliance admin center does not display a list of the features that were recently updated in the tenant so this solution does not meet the goal.
To meet the goal, you need to use Message center in the Microsoft 365 admin center.
Reference: https://docs.microsoft.com/en-us/office365/admin/manage/message-center?view=o365-worldwide
You need to ensure that all the sales department users can authenticate successfully during Project1and Project2.
Which authentication strategy should you implement for the pilot projects?
- A . password hash synchronization and seamless SSO
- B . pass-through authentication
- C . password hash synchronization
- D . pass-through authentication and seamless SSO
A
Explanation:
✑ Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.
✑ Project2: After the successful completion of Project1, Microsoft Teams & Skype for Business will be enabled in Microsoft 365 for the sales department users.
✑ After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.
✑ Fabrikam does NOT plan to implement identity federation.
✑ After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.
You need to enable password hash synchronization to enable the users to continue to authenticate to their mailbox and to SharePoint sites by using their UPN.
You need to enable SSO to enable all users to be signed in to on-premises and cloud-based applications automatically.
Reference: https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn
Which migration solution should you recommend for Project1?
- A . From Exchange Online PowerShell, run the New-MaiboxImportRequest cmdlet.
- B . From Exchange Online PowerShell, run the New-MaiboxExportRequest cmdlet.
- C . From the Microsoft 365 admin center, start a data migration and click Upload PSST as the data service.
- D . From the Exchange admin center, start a migration and select Remote move migration
D
Explanation:
During Project1, some users will have mailboxes in Microsoft 365 and some users will have mailboxes in Exchange on-premises. To enable users be able to exchange email messages successfully during Project1 by using their current email address, we’ll need to configure hybrid Exchange.
To migrate mailboxes in a hybrid Exchange configuration, you use Exchange admin center perform Remote move migrations.
Reference: https://docs.microsoft.com/en-us/exchange/hybrid-deployment/move-mailboxes
HOTSPOT
You need to create the UserLicenses group. The solution must meet the security requirements.
Which group type and control method should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.
The memberships of UserLicenses must be validated monthly. Unused user accounts must be removed from the group automatically.
The group needs to be a Security group.
Azure Active Directory (Azure AD) access reviews enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments. User’s access can be reviewed on a regular basis to make sure only the right people have continued access.
Latest MS-100 Dumps Valid Version with 297 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
