MS-100 Dumps Updated Sep 23, 2025 Practice Test and 431 unique questions [Q129-Q152]

MS-100 Dumps Updated Sep 23, 2025 Practice Test and 431 unique questions

2025 Latest 100% Exam Passing Ratio - MS-100 Dumps PDF

Microsoft MS-100: Requirements

This certification exam does not have any compulsory requirements but the candidates must achieve the required passing score to get certified. This means that they should be familiar with the topics of the test and develop competence in these knowledge areas. Microsoft MS-100 is intended for Microsoft 365 Enterprise Administrators. These professionals participate in the evaluation, planning, management, deployment, and migration of Microsoft 365 services. They also carry out different management tasks of Microsoft 365 tenants, which include identities, compliance, security, and supporting technologies.

 

NEW QUESTION # 129
You have a Microsoft 365 Enterprise E5 subscription.
You need to enforce multi-factor authentication on all cloud-based applications for the users in the finance department.
What should you do?

• A. Create a Sign- in risk policy.
• B. Create an app permission policy.
• C. Create a session policy.
• D. Create on activity policy.

Answer: A

Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy

NEW QUESTION # 130
Your network contains an Active Directory forest named contoso.local.
You purchase a Microsoft 365 subscription.
You plan to move to Microsoft and to implement a hybrid deployment solution for the next 12 months.
You need to prepare for the planned move to Microsoft 365.
What is the best action to perform before you implement directory synchronization? More than one answer choice may achieve the goal. Select the BEST answer.

• A. Rename the Active Directory forest.
• B. Create an external forest trust.
• C. Purchase a third-party X.509 certificate.
• D. Purchase a custom domain name.

Answer: D

NEW QUESTION # 131
You have several devices enrolled in Microsoft Intune.
You have a Microsoft Azure Active Directory (Azure AD) tenant that includes the users shown in the following table.

The device type restrictions in Intune are configured as shown in the following table.

You add User3 as a device enrollment manager in Intune.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1:
No. User1 is in Group1. The two device type policies that apply to Group1 are Policy3 and the Default (All Users) policy. However, Policy3 has a higher priority than the default policy so Policy3 is the only effective policy. Policy3 allows the enrolment of Android and iOS devices only, not Windows.
Box 2:
No. User2 is in Group1 and Group2. The device type policies that apply to Group1 and Group2 are Policy2, Policy3 and the Default (All Users) policy. However, Policy2 has a higher priority than Policy 3 and the default policy so Policy2 is the only effective policy. Policy2 allows the enrolment of Windows devices only, not Android.
Box 3:
Yes. User3 is a device enrollment manager. Device restrictions to not apply to a device enrollment manager.
Reference:
https://docs.microsoft.com/en-us/intune/enrollment/enrollment-restrictions-set

NEW QUESTION # 132
Your network contains an Active Directory domain named contoso.com.
You have a Microsoft 365 subscription.
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You implement directory synchronization.
The developers at your company plan to build an app named App1. App1 will connect to the Microsoft Graph API to provide access to several Microsoft Office 365 services.
You need to provide the URI for the authorization endpoint that App1 must use.
What should you provide?

• A. https://login.microsoftonline.com/
• B. https://login.microsoftonline.com/contoso.onmicrosoft.com/
• C. https://myapps.microsoft.com
• D. https://contoso.com/contoso.onmicrosoft.com/app1

Answer: B

NEW QUESTION # 133
You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the Windows 10 devices shown in the following table.

All the devices are managed by using Microsoft Endpoint Manager and are members of a group named Group1.
From the Microsoft Endpoint Manager admin center, you create an app suite named App1 for Microsoft Office 365 apps.
You configure the App1 settings as shown in the exhibit. (Click the Exhibit tab.)

You assign App1 to Group1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Note: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/mem/intune/apps/apps-add-office365

NEW QUESTION # 134
You are developing a single-page application (SPA) that authenticates users by using MSALjs. The SPA must meet the following requirements:
* Only allow access to the users in an organization named contoso.onmicrosoft.com.
* Support single sign-on (SSO) across tabs and user sessions.
How should you complete the code for the SPA? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 135
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
A user named User1 has files on a Windows 10 device as shown in the following table.

In Azure Information Protection, you create a label named Label1 that is configured to apply automatically.
Label1 is configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

The phrase to match is "im" and it is case sensitive. The phrase must also appear at least twice.
Box 1: No
File1.docx contain the word "import" once only
Box 2: Yes
File2.docx contains two occurrences of the word "import" as well as the word "imported" Box 3: No File3.docx contains "IM" but his is not the correct letter case.
References:
https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-classification

NEW QUESTION # 136
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to assign User2 the required roles to meet the security requirements.
Solution: From the Office 365 admin center, you assign User2 the Security Reader role. From the Exchange admin center, you assign User2 the Compliance Management role.
Does this meet the goal?

• A. NO
• B. Yes

Answer: A

NEW QUESTION # 137
Your network contains an Active Directory domain named contoso.com. The domain contains the file servers shown in the following table.

A file named File1.abc is stored on Server1. A file named File2.abc is stored on Server2. Three apps named App1, App2, and App3 all open files that have the .abc file extension.
You implement Windows Information Protection (WIP) by using the following configurations:
Exempt apps: App2
Protected apps: App1
Windows Information Protection mode: Block
Network boundary: IPv4 range of 192.168.1.1-192.168.1.255
You need to identify the apps from which you can open File1.abc
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure

NEW QUESTION # 138
You have a Microsoft 365 subscription that uses a default named contoso.com.
Three files were created on February 1, 2019, as shown in the following table.

On March 1, 2019, you create two retention labels named Label1 and label2.
The settings for Label1 are configured as shown in the Label1 exhibit. (Click the Label1 tab.) Label 1

The settings for Label2 are configured as shown in the Label1 exhibit. (Click the Label2 tab.) Label 2

You apply the retention labels to Exchange email, SharePoint sites, and OneDrive accounts.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/labels
https://docs.microsoft.com/en-us/office365/securitycompliance/disposition-reviews

NEW QUESTION # 139
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.

The domain syncs to an Azure Active Directory (Azure AD) tenant named contoso.com as shown in the exhibit.

User2 fails to authenticate to Azure AD when signing in as [email protected].
You need to ensure that User2 can access the resources in Azure AD.
Solution: From the Azure Active Directory admin center, you add fabrikam.com as a custom domain. You instruct User2 to sign in as [email protected].
Does this meet the goal?

• A. No
• B. Yes

Answer: B

Explanation:
The on-premises Active Directory domain is named contoso.com. To enable users to sign on using a different UPN (different domain), you need to add the domain to Microsoft 365 as a custom domain.

NEW QUESTION # 140
You have retention policies in Microsoft 365 as shown in the following table.

Policy1 is configured as shown in the Policy1 exhibit. (Click the Policy1 tab.) Policy1

Policy1 is configured as shown in the Policy2 exhibit. (Click the Policy2 tab.) Policy2

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/retention-policies#the-principles-of-retention-or-what-takes-precedence

NEW QUESTION # 141
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest.
You deploy Microsoft 365.
You plan to implement directory synchronization.
You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:
* Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
* User passwords must be 10 characters or more.
Solution: Implement pass-through authentication and modify the password settings from the Default Domain Policy in Active Directory.
Does this meet the goal?

• A. No
• B. Yes

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization

NEW QUESTION # 142
Your company has a Microsoft 365 subscription.
You upload several archive PST files to Microsoft 365 by using the Security & Compliance admin center.
A month later, you attempt to run an import job for the PST files.
You discover that the PST files were deleted from Microsoft 365.
What is the most likely cause of the files being deleted? More than one answer choice may achieve the goal.
Select the BEST answer.

• A. PST files are deleted automatically from Microsoft 365 after 30 days.
• B. The PST files were corrupted and deleted by Microsoft 365 security features.
• C. The size of the PST files exceeded a storage quota and caused the files to be deleted.
• D. Another administrator deleted the PST files.

Answer: A

Explanation:
Section: [none]
Explanation:
You can use the Office 365 Import Service to bulk-import PST files to Office 365 mailboxes.
When you use the network upload method to import PST files, you upload them to an Azure blob container named ingestiondata. If there are no import jobs in progress on the Import page in the Security & Compliance Center), then all PST files in the ingestiondata container in Azure are deleted 30 days after the most recent import job was created in the Security & Compliance Center.
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/faqimporting-pst-files-to-office-365

NEW QUESTION # 143
Your company has a Microsoft 365 subscription.
You plan to move several archived PST files to Microsoft Exchange Online mailboxes.
You need to create an import job for the PST files.
Which three actions should you perform before you create the import job? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. Use Microsoft Azure Storage Explorer to copy the PST files to Azure Storage.
• B. Create a Microsoft Azure Storage account.
• C. Create a PST import mapping file.
• D. From Security & Compliance, retrieve the SAS key.
• E. Run azcopy.exe to copy the PST files to Microsoft Azure Storage

Answer: C,D,E

Explanation:
Explanation
The first step is to download and install the Azure AzCopy tool, which is the tool that you run in Step 2 to upload PST files to Office 365. You also copy the SAS URL for your organization. This URL is a combination of the network URL for the Azure Storage location in the Microsoft cloud for your organization and a Shared Access Signature (SAS) key. This key provides you with the necessary permissions to upload PST files to your Azure Storage location.
Now you're ready to use the AzCopy.exe tool to upload PST files to Office 365. This tool uploads and stores them in an Azure Storage location in the Microsoft cloud.
After the PST files have been uploaded to the Azure Storage location for your Office 365 organization, the next step is to create a comma-separated value (CSV) file that specifies which user mailboxes the PST files will be imported to. You'll submit this CSV file when you create a PST Import job.
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/use-network-upload-to-import-pst-files

NEW QUESTION # 144
You have a Microsoft 365 subscription.
You create an alert policy as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 145
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
User1 is the owner of Group1, User2 is the owner of Group2.
You create an access review that contains the following configurations:
* Users to review, Member of a group
* Scope Everyone
* Group: Group1 and Group2
* Review Group owners
For each of the following statements, select Yes if the statement is true. Otherwise select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 146
You have a multitenant app named App1.
You need to ensure that App1 supports token acquisition when a user accesses the app by using a web browser that has a popup blocker extension enabled. How should you complete the Microsoft Authentication Library (MSAL) for JavaScript v2.0 code? To answer, select the appropriate options m the answer are a.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 147
Your company has a Microsoft 365 subscription that contains the following domains:
Contoso.onmicrosoft.com
Contoso.com
You plan to add the following domains to Microsoft 365 and to use them with Exchange Online:
Sub1.contoso.onmicrosoft.com
Sub2.contoso.com
Fabrikam.com
You need to identify the minimum number of DNS records that must be added for Exchange Online to receive inbound email messages for the three domains.
How many DNS records should you add? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 148
Your company has 500 client computers that run Windows 10.
You plan to deploy Microsoft Office 365 ProPlus to all the computers.
You create the following XML file for the planned deployment.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1:
When the installation is complete, all users will be prompted to install several updates.
In the configuration file, the Updates Enabled element is set to True. This means that Office will check for updates after the installation.
The Channel element set to Broad means that all semi-annual channel updates will be installed.
Box 2:
Office 365 ProPlus will be installed only on the computers that run a 64-bit version of Windows 10.
The OfficeClientEdition element defines whether the 32-bit or 64-bit edition of Office 365 ProPlus is downloaded or installed. In the configuration file, it is set to '64'. The 64-bit version will only install on a
64-bit client computer.
Reference:
https://docs.microsoft.com/en-us/deployoffice/configuration-options-for-the-office-2016-deployment-tool

NEW QUESTION # 149
You have a Microsoft 365 subscription.
From the Microsoft 365 portal, users download and install Microsoft Office apps on their devices.
You need to ensure that Office feature updates are installed by using the Semi-Annual Enterprise Channel.
What should you configure from the Services page of the Microsoft 365 admin center?

• A. User owned apps and services
• B. Office on the web
• C. Office installation options
• D. Office Scripts

Answer: C

NEW QUESTION # 150
You have a Microsoft 365 subscription that contains the domains shown in the following exhibit.

Which domain name suffixes can you use when you create users?

• A. only Contoso1919.onmicrosoft.com and Sub2.Contoso1919.onmicrosoft.com
• B. only Contoso1919.onmicrosoft.com, Sub1.Contoso1919.onmicrosoft.com, and Sub2.Contoso1919.onmicrosoft.com
• C. all the domains in the subscription
• D. only Sub1.Contoso1919.onmicrosoft.com

Answer: B

NEW QUESTION # 151
You work at a company named Contoso, Ltd.
Contoso has a Microsoft 365 subscription that is configured to use the DNS domains shown in the following table.

Contoso purchases a company named Fabrikam, Inc.
Contoso plans to add the following domains to the Microsoft 365 subscription:
fabrikam.com
east.fabrikam.com
west.contoso.com
You need to ensure that the devices in the new domains can register by using Autodiscover.
How many domains should you verify, and what is the minimum number of enterpriseregistration DNS records you should add? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enroll

NEW QUESTION # 152
......

Verified MS-100 dumps Q&As - 100% Pass from PDFDumps: https://torrentvce.pdfdumps.com/MS-100-valid-exam.html