MS-100 Certification Exam Dumps Questions in here [Nov-2025]
Updated MS-100 Exam Practice Test Questions
How could you focus on MS-100 Certification Exam?
Right here is the exam overview for MS-100 Certification Exam
MS-100 Certification Exam: Get our snappy guide in the event that you don't have the opportunity to peruse all the page
The MS-100 certification exam is a computer-based assessment and, in order to ensure successful passage of the exam, we recommend getting hands-on experience with Microsoft Dynamics CRM and Microsoft Office 365. This article will explain what is MS-100 Exam is, how to register, the format of the exam, and ways you can prepare for the exam by practicing with relevant software that is similar to what you will encounter in the real MS-100 certification test. You can use these practices tests of MS-100 Dumps to determine your strengths and weaknesses so that you can focus on what you need to review before taking the MS-100 certification test.
The MS-100 exam is a challenging test that requires extensive knowledge and experience in managing cloud-based technologies. Candidates who pass MS-100 exam will have demonstrated their ability to manage Microsoft 365 identities and services, which is a critical skill for any IT professional working in the cloud computing industry. By earning the Microsoft 365 Certified: Enterprise Administrator Expert certification, candidates will have demonstrated their expertise in managing complex cloud-based environments and will be well-positioned for career advancement within the IT industry.
NEW QUESTION # 20
You need to meet the security requirement for Group1.
What should you do?
- A. Configure all users to sign in by using multi-factor authentication.
- B. Modify the Password reset properties of the Azure AD tenant.
- C. Assign Group1 a management role.
- D. Modify the properties of Group1.
Answer: B
Explanation:
* The members of Group1 must be required to answer a security question before changing their password.
If SSPR (Self Service Password Reset) is enabled, you must select at least one of the following options for the authentication methods. Sometimes you hear these options referred to as "gates." Mobile app notification Mobile app code Email Mobile phone Office phone Security questions You can specify the required authentication methods in the Password reset properties of the Azure AD tenant.
In this case, you should set the required authentication method to be 'Security questions'.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks
NEW QUESTION # 21
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You add an app named App1 to the enterprise applications in contoso.com.
You need to configure self-service for App1.
What should you do first?
- A. Add an owner to App1.
- B. Assign App1 to users and groups.
- C. Configure an SSO method for App1.
- D. Configure the provisioning mode for App1.
Answer: D
Explanation:
Explanation
The provisioning mode (manual or automatic) needs to be configured for an app before you can enable self-service application access.
References:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-self-service-access
NEW QUESTION # 22
Your network contains an on-premises Active Directory domain. The domain contains a server named Server1. Server1 has a share named Share1 that contains the files shown in the following table.
You have a hybrid deployment of Microsoft 365.
You create a Microsoft SharePoint site collection named Col lection1.
You plan to migrate Share1 to a document library in Collection1
You configure the SharePoint Migration Tool as shown in the exhibit. (Click the Exhibit tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:
Explanation:
Explanation:
Box 1: No
File1.txt will not be migrated as it was created before Jan 1 2019
Box 2: Yes
File2.txt will be migrated as it was created after Jan 1 2019 and was modified after Mar 1 2019.
Box 3: Yes
File permissions will be maintained after the migration.
References:
https://docs.microsoft.com/en-us/sharepointmigration/spmt-settings
NEW QUESTION # 23
You need to recommend which DNS record must be created before adding a domain name for the project.
You need to recommend which DNS record must be created before you begin the project.
Which DNS record should you recommend?
- A. mail exchanger (MX)
- B. host information (HINFO)
- C. alias (CNAME)
- D. host (A)
Answer: A
Explanation:
When you add a custom domain to Office 365, you need to verify that you own the domain. You can do this by adding either an MX record or a TXT record to the DNS for that domain.
Reference:
https://docs.microsoft.com/en-us/office365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider?view=o365-worldwide
NEW QUESTION # 24
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network.
Solution: From the Azure Active Directory admin center, you create a trusted location and a conditional access policy.
Does this meet the goal?
- A. No
- B. Yes
Answer: B
Explanation:
Conditional Access in SharePoint Online can be configured to use an IP Address white list to allow access.
References:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
https://techcommunity.microsoft.com/t5/Microsoft-SharePoint-Blog/Conditional-Access-in-SharePoint-Onlineand-OneDrive-for/ba-p/46678
NEW QUESTION # 25
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals- Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As m result, these questions will not appear in the review screen.
You need to assign User2 the required roles to meet the security requirement.
Solution: From the Office 36S admin center, you assign User2 the Records Management role. From the Exchange 3dmm center, you assign User2 the Help Desk role.
Does that meet the goal?
- A. NO
- B. Yes
Answer: A
NEW QUESTION # 26
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to deploy several Microsoft Office 365 services.
You need to design an authentication strategy for the planned deployment. The solution must meet the following requirements:
* Users must be able to authenticate during business hours only.
* Authentication requests must be processed successfully if a single server fails.
* When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.
* Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.
Solution: You design an authentication strategy that uses federation authentication by using Active Directory Federation Services (AD FS). The solution contains two AD FS servers and two Web Application Proxies.
Does this meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
Explanation
This solution meets the following requirements:
* Users must be able to authenticate during business hours only.
* Authentication requests must be processed successfully if a single server fails.
* When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.
The following requirement is not met:
* Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.
To meet this requirement, you would need to configure seamless Single Sign-on (SSO) Reference:
https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn
NEW QUESTION # 27
You have a Microsoft 365 subscription that uses a default named contoso.com.
Three files were created on February 1, 2019, as shown in the following table.
On March 1, 2019, you create two retention labels named Label1 and label2.
The settings for Label1 are configured as shown in the Label1 exhibit. (Click the Label1 tab.) Label 1
The settings for Label2 are configured as shown in the Label1 exhibit. (Click the Label2 tab.) Label 2
You apply the retention labels to Exchange email, SharePoint sites, and OneDrive accounts.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: No
Retention overrides deletion.
Box 2: No
Content in a document library will be moved to the first-stage Recycle Bin within 7 days of disposition, and then permanently deleted another 93 days after that. Thus 100 days in total.
Box 3: No
Items in an Exchange mailbox will be permanently deleted within 14 days of disposition.
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/labels
https://docs.microsoft.com/en-us/office365/securitycompliance/disposition-reviews
NEW QUESTION # 28
Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains the users shown in the following table.
You need to identify which users can perform the following administrative tasks:
* Reset the password of User4.
* Modify the value for the manager attribute of User4.
Which users should you identify for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles
NEW QUESTION # 29
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
You configure a multi-factor authentication (MFA) registration policy that has the following settings:
Assignments:
- Include: Group1
- Exclude: Group2
Access controls: Require Azure MFA registration
Enforce Policy: On
You create a conditional access policy that has the following settings:
Name: Policy1
Assignments:
- Include: Group2
- Exclude: Group1
Access controls:
- Grant, Require multi-factor authentication
Enable policy: On
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Graphical user interface, text, application Description automatically generated
Box 1: No
The MFA policy applies to User1 so he will be prompted to register for MFA. He has 14 days to complete the registration. During this 14-day period, he can bypass registration but at the end of the period he will be required to register before he can complete the sign-in process.
The Conditional Access Policy does not apply to User1 so MFA is not required.
Box 2: No
User2's MFA status is Enabled which means he has been enrolled in MFA but has not yet completed the registration.
The Conditional Access Policy does not apply to User2 because Group1 is excluded so MFA is not required.
Box 3: Yes
The Conditional Access Policy does apply to User3 so MFA will be required. He will need to be enrolled for MFA first.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-m
https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authenticatio
NEW QUESTION # 30
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password:3&YWyjse-6-d
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance:10887751
A user named Johanna Lorenz recently left the company. A new employee named Ben Smith will handle the tasks of Johanna Lorenz.
You
need to create a user named Ben Smith. Ben Smith must be able to sign in to http://myapps.microsoft.com and open Microsoft Word Online.
Answer:
Explanation:
See explanation below.
Explanation
You need to create a user account and assign a license to the account. You then To create the user account and mailbox:
* In the Microsoft 365 admin center, go to User management, and select Add user.
* Enter the name Ben Smith in the First Name and Last Name fields.
* Enter Ben.Smith in the username field and click Next.
* Assign a Microsoft 365 license to the account.
* Click Next.
* Click Next again.
* Click 'Finish adding'.
NEW QUESTION # 31
You have a Microsoft Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
Your company uses Windows Defender Advanced Threat Protection (ATP). Windows Defender ATP contains the roles shown in the following table.
Windows Defender ATP contains the device groups shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1:
Yes. User1 is in Group1 which is assigned to Role1. Device1 is in the device group named ATP1 which Group1 has access to. Role1 gives Group1 (and User1) View Data Permission. This is enough to view Device1 in Windows Security Center.
Box 2:
Yes. User2 is in Group2 which is assigned to Role2. Role2 gives Group2 (and User2) View Data Permission.
This is enough to sign in to Windows Security Center.
Box 3:
Yes. User3 is in Group3 which is assigned the Windows ATP Administrator role. Someone with a Microsoft Defender ATP Global administrator role has unrestricted access to all machines, regardless of their machine group association and the Azure AD user groups assignments.
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/user-roles
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/rbac
NEW QUESTION # 32
Your network contains an on-premises Active Directory domain named Contoso.com.
Your company purchase a Microsoft 365 subscription and establishes a hybrid deployment of Azure Active Directory (Azure AD) by using password hash synchronization.
You need to identify where an administrator can reset the password of each new user.
What should you identify? To answer, select the appropriate option in the area.
NOTE: Each correct selection is worth point.
Answer:
Explanation:
NEW QUESTION # 33
Your company uses Gmail as a corporate email solution.
You purchase a Microsoft 365 subscription and plan to move all email data to Microsoft Exchange Online.
You plan to perform the migration by using the Exchange admin center.
You need to recommend which type of migration to use and which type of data to migrate.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
You'll need to use the IMAP migration method. You can use the setup wizard in the Microsoft 365 admin center for an IMAP migration to migrate mailboxes from Gmail to Microsoft 365.
IMAP migration will only migrate emails, not calendar and contact information. Users can import their own email, contacts, and other mailbox information to Office 365 after the mailboxes have been migrated.
Reference:
https://docs.microsoft.com/en-us/exchange/mailbox-migration/migrating-imap-mailboxes/migrate-g-suite-mailbo
NEW QUESTION # 34
You have a Microsoft 365 subscription that uses a default domain named litwareinc.com. The subscription has a Microsoft SharePoint site collection named Collection1.
From the Azure Active Directory admin center, you configure the External collaboration settings as shown in the External Collaboration Settings exhibit. (Click the External Collaboration Settings tab.)
From the SharePoint admin center, you configure the sharing settings as shown in the SharePoint Sharing exhibit. (Click the SharePoint Sharing tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off
NEW QUESTION # 35
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an on-premises Active Directory forest named contoso.com. The forest contains the following domains:
* Contoso.com
* East.contoso.com
An Azure AD Connect server is deployed to contoso.com. Azure AD Connect syncs to an Azure Active Directory (Azure AD) tenant.
You deploy a new domain named west.contoso.com to the forest.
You need to ensure that west.contoso.com syncs to the Azure AD tenant.
Solution: You create an Azure DNS zone for west.contoso.com. On the on-premises DNS servers, you create a conditional forwarder for west.contoso.com.
Does this meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
Section: [none]
NEW QUESTION # 36
You are confirming an enterprise application named Test App in Microsoft Azur as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION # 37
You have a Microsoft 365 Enterprise subscription.
You have a conditional access policy to force multi factor .mthentication when accessing Microsoft SharePoint from a mobile device You need to view which users authenticated by using multi factor authentication.
What should you do?
- A. From the Azure Active Directory admin center, view the audit logs.
- B. From the Azure Active Directory admin center, view the user sign-ins.
- C. From the Microsoft 36S admin center, view the Security Compliance reports.
- D. From the Microsoft 365 admin center, view the Usage reports.
Answer: B
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-reporting
NEW QUESTION # 38
Your company has a hybrid deployment of Microsoft 365.
Users authenticate by using pass-through authentication. Several Microsoft Azure AD Connect Authentication Agents are deployed.
You need to verify whether all the Authentication Agents are used for authentication.
What should you do?
- A. From the Azure portal, use the Troubleshoot option on the Pass-through authentication page.
- B. From Performance Monitor, use the Kerberos authentications counter.
- C. From Performance Monitor, use the #PTA authentications counter.
- D. From the Azure portal, use the Diagnostics settings on the Monitor blade.
Answer: A
Explanation:
On the Troubleshoot page, you can view how many agents are configured. If you click on the agents link, you can view the status of each agent. Each agent will have a status of Active or Inactive.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-pass-through-authentication
NEW QUESTION # 39
Your network contains an on-premises Active Directory domain named Contoso.com.
Your company purchase a Microsoft 365 subscription and establishes a hybrid deployment of Azure Active Directory (Azure AD) by using password hash synchronization.
You need to identify where an administrator can reset the password of each new user.
What should you identify? To answer, select the appropriate option in the area.
NOTE: Each correct selection is worth point.
Answer:
Explanation:
NEW QUESTION # 40
Your company has a Microsoft Office 365 subscription that contains the groups shown in the following table.
You have the licenses shown in the following table.
Another administrator removes User1 from Group1 and adds Group2 to Group1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-licensing-whatis-azure-portal
NEW QUESTION # 41
Your company has a Microsoft 365 subscription. All identities are managed in the cloud.
The company purchases a new domain name.
You need to ensure that all new mailboxes use the new domain as their primary email address.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- A. From Microsoft Exchange Online PowerShell, run the
Update-EmailAddressPolicy policy command. - B. From the Exchange admin center, click , and then configure the email address policies.
- C. From the Microsoft 365 admin center, click , and then configure the domains.
- D. From the Azure Active Directory admin center, configure the custom domain names.
- E. From Microsoft Exchange Online PowerShell, run the
Set-EmailAddressPolicy policy command.
Answer: B,E
Explanation:
Explanation
Email address policies define the rules that create email addresses for recipients in your Exchange organization whether this is Exchange on-premise or Exchange online.
You can configure email address policies using the graphical interface of the Exchange Admin Center or by using PowerShell with the Set-EmailAddressPolicy cmdlet.
The Set-EmailAddressPolicy cmdlet is used to modify an email address policy. The Update-EmailAddressPolicy cmdlet is used to apply an email address policy to users.
Reference:
https://docs.microsoft.com/en-us/exchange/email-addresses-and-address-books/email-address-policies/email-add
NEW QUESTION # 42
Your company uses Gmail as a corporate email solution.
You purchase a Microsoft 365 subscription and plan to move all email data to Microsoft Exchange Online.
You plan to perform the migration by using the Exchange admin center.
You need to recommend which type of migration to use and which type of data to migrate.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/exchange/mailbox-migration/migrating-imap-mailboxes/migrate-g-suite-mailboxes
NEW QUESTION # 43
Your company has a hybrid deployment of Microsoft 365.
An on-premises user named User1 is synced to Microsoft Azure Active Directory (Azure AD).
Azure AD Connect is configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom
NEW QUESTION # 44
......
Pass Microsoft 365 MS-100 Exam With 431 Questions: https://evedumps.testkingpass.com/MS-100-testking-dumps.html