- (Exam Topic 5)
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
Multi-factor authentication (MFA) is configured to use 131.107.50/24 for trusted IPs. The tenant contains the named locations shown in the following table.
You create a conditional access policy that has the following configurations: 
Users and groups assignment: All users Cloud apps assignment: App1 Conditions: Include all trusted locations Grant access: require multi-factor authentication
For each of the following statements, select Yes if the statement is true. otherwise, select No.
NOTE: Each correct selection is worth one point.
Solution:
Box 1: Yes
* 131.107.50.10 is in a Trusted Location so the conditional access policy applies. The policy requires MFA so User1 must use MFA.
Box 2: Yes.
* 131.107.50.15 is in a Trusted Location so the conditional access policy applies. The policy requires MFA so User2 must use MFA.
Box 3: No.
* 131.107.5.5 is not in a Trusted Location so the conditional access policy does not apply. Therefore, User2 does not need to use MFA.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 5)
You company has a Microsoft Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
The tenant includes a security group named Admin1. Admin1 will be used to manage administrative accounts. You need to identify which users can perform the following administrative tasks:
Create guest user accounts. Add User3 to Admin1.
Which users should you identify for each task? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Solution:
References:
A User Administrator is the only role listed that can create user accounts included Guest user accounts. A Global Administrator can also create user accounts.
A User Administrator is also the only role listed that can modify the group membership of users. Reference:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 5)
You have a Microsoft 365 E5 subscription that contains a group named Group 1.
Vou need to ensure that all the members of Group1 are notified when Microsoft 365 outages occur. The solution must minimize administrative effort
What should you do?
Correct Answer:
C
- (Exam Topic 5)
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab. Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username: admin@LODSe1211885.onmicrosoft.com Microsoft 365 Password: oL9z0=?Nq@ox
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 11098651
You recently discovered that several users in your organization have permissions on the mailbox of another user in the organization.
You need to ensure that Lee Gu receives a notification when a user is granted permissions on another user’s mailbox.
To answer the question, sign in to the Microsoft 365 portal.
Solution:
Create an activity alert
* 1. Go to https://protection.office.com/managealerts.
* 2. Sign in to Office 365 using your work or school account.
* 3. On the Activity alerts page, click + New.The flyout page to create an activity alert is displayed.
* 4. Complete the following fields to create an activity alert: Name - Type a name for the alert. Alert names must be unique within your organization. Description (Optional) - Describe the alert, such as the activities and users being tracked, and the users that email notifications are sent to. Descriptions provide a quick and easy way to describe the purpose of the alert to other admins. Alert type - Make sure the Custom option is selected. Send this alert when – Click Send this alert when and then configure these two fields:
- Activities - Click the drop-down list to display the activities that you can create an alert for. This is the same activities list that's displayed when you search the Office 365 audit log. You can select one or more specific activities or you can click the activity group name to select all activities in the group. For a description of these activities, see the "Audited activities" section in Search the audit log. When a user performs any of the activities that you've added to the alert, an email notification is sent.
- Users - Click this box and then select one or more users. If the users in this box perform the activities that you added to the Activities box, an alert will be sent. Leave the Users box blank to send an alert when any user in your organization performs the activities specified by the alert. Send this alert to – Click Send this alert, and then click in the Recipients box and type a name to add a users who will receive an email notification when a user (specified in the Users box) performs an activity (specified in the Activities box). Note that you are added to the list of recipients by default. You can remove your name from this list.
* 5. Click Save to create the alert.The new alert is displayed in the list on the Activity alerts page.
The status of the alert is set to On. Note that the recipients who will received an email notification when an alert is sent are also listed.
References:
https://docs.microsoft.com/en-us/microsoft-365/compliance/create-activity-alerts?view=o365-worldwide
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 5)
You have a Microsoft 365 subscription.
You need to provide an administrator named Admin1 with the ability to place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. The solution must use the principle of least privilege.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/permissions-in-the-security-and-compliance-cen
Does this meet the goal?
Correct Answer:
A