Microsoft 365 Fundamentals Practice Test (MS-900)

Microsoft Defender for Office 365 is designed to protect cloud-based email and collaboration tools such as Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams from threats like phishing, malware, and zero-day exploits. It provides advanced threat protection by scanning and analyzing messages and documents for malicious content.

Microsoft Defender for Endpoint focuses on securing endpoint devices.

Microsoft Defender for Identity helps detect identity-based threats.

Microsoft Defender for Cloud Apps secures the use of cloud applications but does not specifically target email and collaboration tools.

Microsoft Planner is designed for team-based task management, allowing users to create plans, assign tasks, share files, and communicate with team members. It presents tasks in a visual format using boards and charts, making it easy to track progress.

Microsoft To Do focuses on individual task management.

Microsoft Lists is used for tracking information in customizable lists.

Microsoft Project is an advanced project management tool suitable for complex projects requiring detailed scheduling and resource management.

On-premises deployment is the most suitable model because it involves maintaining all hardware and software internally, without reliance on external providers. This ensures that all data processing and storage remain within the organization, complying with strict regulatory requirements. While a private cloud is dedicated to a single organization, it can still be hosted or managed by third-party providers, which may not meet the requirement of avoiding external involvement. Public and hybrid clouds involve third-party services and are therefore not appropriate in this scenario.

Data Loss Prevention is the feature that allows organizations to create policies to detect and restrict the sharing of sensitive information, such as financial data. It monitors data across services like email, SharePoint Online, and OneDrive for Business, and can automatically block or warn users when attempts are made to share sensitive information improperly. Sensitivity labels classify and protect content by applying labels, but they do not monitor or restrict the sharing of data based on policies. Information Rights Management applies encryption and usage restrictions to content but does not provide automatic detection and restriction of sensitive data sharing. Data Classification helps in identifying and labeling data but does not enforce any restrictions on data sharing.

Microsoft SharePoint is designed for team collaboration and centralized document management, allowing multiple users to access, edit, and comment on shared documents in real-time within the organization.

Microsoft OneDrive provides cloud storage and sharing, it is intended for individual use and personal file storage.

Microsoft Outlook is an email and calendar application.

Microsoft Stream is a video-sharing service.

The most direct way to receive official technical support from Microsoft is to submit a support request through the online administration portal. This method ensures that the issue is formally recorded and routed to Microsoft's technical support team for resolution. While calling Microsoft customer service may provide general assistance, it may not connect the administrator with specialized support for complex technical issues. Using the in-product feedback option is intended for providing feedback to improve services and does not offer immediate support. Asking for help on the Microsoft community forums can be helpful but is not an official channel for Microsoft's technical support team to address specific issues.

Microsoft Planner is designed for team-based task management, offering a visual interface where tasks can be assigned, categorized, and tracked through various stages using boards and cards. It facilitates collaboration by allowing team members to update statuses, add comments, and share files related to tasks. Microsoft Project is more suitable for complex project management needs, providing advanced scheduling, budgeting, and resource allocation features. Microsoft To Do is intended for individual task management without collaborative features. Microsoft Forms is used to create surveys and quizzes, not for task organization or project management.

Implementing password hash synchronization allows the company to synchronize users' credential hashes from their on-premises directory to Microsoft Entra ID (formerly Azure Active Directory). This enables users to sign in to Microsoft 365 services with the same usernames and passwords they use on-premises, without the need for extra servers or complex configurations.

Pass-through authentication also permits the use of existing credentials but requires an on-premises agent, adding to the infrastructure and complexity. Deploying Active Directory Federation Services (AD FS) involves setting up additional servers and is more complex to manage. Creating cloud-only user accounts would require employees to manage separate credentials, which the company wants to avoid.

Microsoft 365 Multi-Geo Capabilities allow organizations to specify where data for each user is stored geographically within a single tenant. This feature helps organizations meet data residency requirements by enabling them to store data in multiple selected regions.

Microsoft 365 Compliance Manager helps assess compliance risks but doesn't control data residency.

Microsoft Information Protection focuses on classifying and protecting sensitive information.

Microsoft Entra ID manages identities and access but doesn't determine data storage locations.

The Zero Trust Model requires all access requests to be authenticated and authorized, regardless of network location, enforcing least-privilege access and assuming that breaches will occur. This aligns with the organization's described approach.

The Perimeter-Based Security Model trusts internal network traffic, which does not meet the requirement to authenticate all requests.

The Trust but Verify Model suggests initial trust with subsequent verification, not constant authentication.

The Defense in Depth model involves multiple layers of security but does not specifically require authenticating every access request regardless of location.

Microsoft Secure Score provides a numerical representation of your organization's security posture within Microsoft 365. It offers recommendations on how to improve security by suggesting specific actions.

Microsoft Entra ID Protection monitors and responds to identity-based risks.

Microsoft Defender for Office 365 protects against threats in email and collaboration tools.

Microsoft Compliance Manager helps manage compliance requirements.

Microsoft 365 Multi-Geo enables organizations to specify data storage locations for individual users by assigning them to different geographies within a single Microsoft 365 tenant. This allows businesses to comply with data residency requirements by storing data in specific regions.

Microsoft 365 Data Loss Prevention (DLP) helps prevent sensitive information from being shared inappropriately but does not control where data is stored at rest.

Microsoft Purview Compliance Manager provides tools to assess and manage compliance risks but does not directly manage data residency.

Microsoft 365 Data Sovereignty Controls is not a specific, standalone feature in Microsoft 365 for this purpose; data sovereignty is a broader concept addressed by solutions like Microsoft Cloud for Sovereignty, which includes features like Multi-Geo.

Microsoft Purview eDiscovery is designed to help organizations search for, preserve, collect, and export content for legal and compliance needs. It enables legal teams to manage legal matters and investigations effectively by identifying relevant data across Microsoft 365 services.

Insider Risk Management focuses on detecting and mitigating risky user activities within the organization.

Audit provides logs of user and administrative activities for security and compliance monitoring.

Data Loss Prevention helps prevent sensitive information from being shared inappropriately. While these features are important, they do not offer the comprehensive legal data collection and preservation capabilities required for litigation support that eDiscovery provides.

Deployment Rings allow an organization to group devices into different rings or stages, enabling phased deployment of Windows updates. By starting with a small group (often called the pilot ring), IT can validate updates before progressively rolling them out to larger groups. Servicing Channels determine how frequently devices receive feature updates but do not provide a mechanism for staged rollouts within an organization. Staggered Deployment is a general term and not a specific Windows 10 feature. Update Deferrals delay the installation of updates but do not facilitate staged testing and deployment in phases.

Administrators can submit support requests through the Microsoft 365 admin center. The admin center provides a centralized portal for managing services and accessing support.

The Windows Control Panel and Office desktop applications are local tools that do not provide direct access to Microsoft support for cloud services.

The Microsoft Store is for purchasing apps and does not offer support submission for organizational services.

Microsoft Priva provides tools designed to help organizations manage personal data risks by automating data subject request workflows and assessing data handling practices to comply with data protection regulations such as GDPR.

Microsoft Purview offers data governance and compliance solutions but does not specifically automate data subject requests.

Microsoft Entra ID focuses on identity and access management.

Microsoft Defender for Cloud Apps provides security for cloud applications.

Use group-based license assignment in Microsoft Entra ID - Group-based license assignment in Microsoft Entra ID enables administrators to assign licenses to an entire group of users at once. By adding or removing users from the group, licenses are automatically assigned or removed. This approach is scalable, efficient, and easy to manage, which makes it the most suitable choice.

Assign licenses individually to each user - Assigning licenses individually is time-consuming and inefficient, especially for a large number of users. It also makes it more challenging to manage and update license assignments as users join or leave the organization.

Enable users to obtain licenses through self-service - Allowing self-service license acquisition may not provide the control needed for managing licenses effectively. It could lead to inconsistent assignments and possible license compliance issues.

Assign licenses automatically based on device usage - Microsoft 365 licensing is typically user-based rather than device-based. While device-based licensing exists for specific scenarios (like shared computers), it is not the standard or recommended method for assigning licenses to a large number of individual users.

When Microsoft fails to meet the guaranteed service levels as defined in the Service Level Agreement (SLA), they provide service credits that are applied to future billing cycles. This is the standard compensation method rather than refunds, upgrades, or extended support.

The federated identity model allows organizations to keep user authentication on-premises using their existing Active Directory infrastructure. With federation, users authenticate against the on-premises Active Directory, and access to cloud resources is granted based on this authentication. This meets the requirement of continuing to use on-premises authentication while accessing cloud-based services. The synchronized identity model synchronizes user accounts and password hashes to Microsoft Entra ID, but authentication happens in the cloud, not on-premises. Cloud identity involves creating and managing users only in Microsoft Entra ID, without using an on-premises directory. On-premises identity refers to a scenario where all resources are on-premises and does not provide access to cloud-based resources.

The Cloud Solution Provider model enables organizations to purchase Microsoft cloud services through a partner who offers tailored support and additional services. This approach is ideal for organizations seeking a personalized experience with extra value from their provider. Other models like Enterprise Agreement or direct purchase do not involve a partner offering customized support.