The Microsoft MS-100 Exam is challenging and thorough preparation is essential for success. This exam study guide is designed to help you prepare for the Microsoft 365 Identity and Services certification exam. It contains a detailed list of the topics covered on the Professional exam, as well as a detailed list of preparation resources. These study guides for the Microsoft 365 Identity and Services will help guide you through the study process for your certification.

MS-100 Microsoft 365 Identity and Services Exam Summary

● Exam Name: Microsoft 365 Identity and Services

● Exam Code: MS-100

● Exam Price: $165 (USD)

● Duration: 150 mins

● Number of Questions: 40-60

● Passing Score: 700 / 1000

● Reference Books:

○ MS-100T01-A: Office 365 Management

○ MS-100T02-A: Microsoft 365 Tenant & Service Management

○ MS-100T03-A: Microsoft 365 Identity Management

● Schedule Exam: Pearson VUE

● Sample Questions: Microsoft 365 Identity and Services Sample Questions

● Recommended Practice: Microsoft MS-100 Certification Practice Exam

Exam Syllabus: MS-100 Microsoft 365 Certified - Enterprise Administrator Expert

1. Design and implement Microsoft 365 services (25-30%)

Manage domains

● add and configure additional domains

● configure user identities for new domain name

● configure workloads for new domain name

● design domain name configuration

● set primary domain name

● verify custom domain

Plan a Microsoft 365 implementation

● plan for Microsoft 365 on-premises Infrastructure

● plan identity and authentication solution

Setup Microsoft 365 tenancy and subscription

● configure subscription and tenant roles and workload settings

● evaluate Microsoft 365 for organization

● plan and create tenant

● upgrade existing subscriptions to Microsoft 365

● monitor license allocations

Manage Microsoft 365 subscription and tenant health

● manage service health alerts

● create & manage service requests

● create internal service health response plan

● monitor service health

● configure and review reports, including BI, OMS, and Microsoft 365 reporting

● schedule and review security and compliance reports

● schedule and review usage metrics

Plan migration of users and data

● identify data to be migrated and method

● identify users and mailboxes to be migrated and method

● plan migration of on-prem users and groups

● import PST Files

2. Manage user identity and roles (35-40%)

Design identity strategy

● evaluate requirements and solution for synchronization

● evaluate requirements and solution for identity management

● evaluate requirements and solution for authentication

Plan identity synchronization by using Azure AD Connect

● design directory synchronization

● implement directory synchronization with directory services, federation services, and Azure endpoints

Manage identity synchronization by using Azure AD Connect

● monitor Azure AD Connect Health

● manage Azure AD Connect synchronization

● configure object filters

● configure password sync

● implement multi-forest AD Connect scenarios

Manage Azure AD identities

● plan Azure AD identities

● implement and manage Azure AD self-service password reset

● manage access reviews

● manage groups

● manage passwords

● manage product licenses

● manage users

● perform bulk user management

Manage user roles

● plan user roles

● allocate roles in workloads

● configure administrative accounts

● configure RBAC within Azure AD

● delegate admin rights

● manage admin roles

● manage role allocations by using Azure AD

● plan security and compliance roles for Microsoft 365

3. Manage access and authentication (20-25%)

Manage authentication

● design authentication method

● configure authentication

● implement authentication method

● manage authentication

● monitor authentication

Implement Multi-Factor Authentication (MFA)

● design an MFA solution

● configure MFA for apps or users

● administer MFA users

● report MFA utilization

Configure application access

● configure application registration in Azure AD

● configure Azure AD application proxy

● publish enterprise apps in Azure AD

Implement access for external users of Microsoft 365 workloads

● create B2B accounts

● create guest accounts

● design solutions for external access

4. Plan Office 365 workloads and applications (10-15%)

Plan for Office 365 workload deployment

● identify hybrid requirements

● plan connectivity and data flow for each workload

● plan for Microsoft 365 workload connectivity

● plan migration strategy for workloads

Plan Office 365 applications deployment

● manage Office 365 software downloads

● plan for Office 365 apps

● plan for Office 365 Pro plus apps updates

● plan for Office 365 Pro plus connectivity

● plan for Office online

● plan Office 365 Pro plus deployment

Microsoft MS-100 Certification Sample Questions and Answers

To make you familiar with Microsoft 365 Identity and Services (MS-100) certification exam structure, we have prepared this sample question set. We suggest you to try our Sample Questions for MCE Microsoft 365 Enterprise Administrator MS-100 Certification to test your understanding of Microsoft MS-100process with the real Microsoft certification exam environment.

MS-100 Microsoft 365 Identity and Services Sample Questions:-

01. You are evaluating the required processes for Project1. You need to recommend which DNS record must be created before you begin the project.

Which DNS record should you recommend?

a) mail exchanger (MX)

b) alias (CNAME)

c) host (A)

d) host (AAA)

02. You have a Microsoft 365 subscription. You configure a data loss prevention (DLP) policy. You discover that users are incorrectly marking content as false positive and bypassing the DLP policy.

You need to prevent the users from bypassing the DLP policy. What should you configure?

a) actions

b) exceptions

c) incident reports

d) user overrides

03. You have a Microsoft 365 subscription. You suspect that several Microsoft Office 365 applications or services were recently updated. You need to identify which applications or services were recently updated.

What are two possible ways to achieve the goal?

Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

a) From the Microsoft 365 admin center, review the Message center blade.

b) From the Office 365 Admin mobile app, review the messages.

c) From the Microsoft 365 admin center, review the Products blade.

d) From the Microsoft 365 admin center, review the Service health blade.

04. You manage a Microsoft 365 tenant that has Office 365 Professional Plus. You plan to use the Office Deployment Tool (ODT) to configure updates for Office. You create an XML file with the following contents:

<Configuration>

<Add OfficeClientEditione32" OfficeMgmtCOMr"True" >

<Product ID="0365ProPlusRetair>

<Language ID="en-us" />

</Product>

</Add>

<Updates EnabledeTrue"/>

</Configuration>

You need to ensure that users in your organization receive updates as soon as they are available. What should you do?

a) Add an element named Frequency to the Configuration element and set its value to RTM.

b) Set the Channel attribute of the Add element to Monthly.

c) Set the OfficeMgmtCOM attribute of the Add element to False.

d) Set the Channel attribute of the Add element to Broad.

05. Your network is configured as a Windows Active Directory (AD) domain. You are implementing a Microsoft 365 subscription. You create an Azure Active Directory (Azure AD) tenant and run an Azure AD Connect Express Installation.

You need to configure access to an on-premises application for users signing in through Azure AD. What do you need to install on your on-premises network?

a) Azure Application Proxy connector

b) Web Application Proxy (WAP) server

c) Active Directory Federation Services (AD FS) infrastructure

d) Network Policy Server (NPS)

06. You have a Microsoft 365 subscription. A new corporate security policy states that you must automatically send DLP incident reports to the users in the legal department. You need to schedule the email delivery of the reports. The solution must ensure that the reports are sent as frequently as possible.

How frequently can you schedule the delivery of the reports?

a) hourly

b) monthly

c) weekly

d) daily

07. You have a Microsoft 365 subscription. You need to prevent phishing email messages from being delivered to your organization. What should you do?

a) From the Exchange admin center, create an anti-malware policy.

b) From Security & Compliance, create a DLP policy.

c) From Security & Compliance, create a new threat management policy.

d) From the Exchange admin center, create a spam filter policy.

08. You have a Microsoft 365 tenant that contains Microsoft Exchange Online. You plan to enable calendar sharing with a partner organization named adatum.com. The partner organization also has a Microsoft 365 tenant.

You need to ensure that the calendar of every user is available to the users in adatum.com immediately. What should you do?

a) From the Exchange admin center, create a sharing policy.

b) From the Exchange admin center, create a new organization relationship.

c) From the Microsoft 365 admin center, modify the Organization profile settings.

d) From the Microsoft 365 admin center, configure external site sharing.

09. Your company has its main office in Los Angeles and a branch office in Bakersfield. Both offices are part of the same Windows Active Directory (AD) domain and are configured as separate sites. The network includes both company-owned and personal devices.

Your company implements a Microsoft 365 tenant and is rolling out support for cloud-based applications to replace on-premises applications. You configure a hybrid identity with federated authentication. You deploy Intune and enroll company-owned devices. You enable Azure multi-factor authentication (MFA).

As part of your initial rollout, you need to restrict access to SharePoint Online (SPO) to company-managed devices located in the Los Angeles office. Which feature should you use?

a) Intune device configuration profile

b) Azure AD app passwords

c) Intune device compliance policy

d) Azure AD Conditional Access

10. Your network is configured as an Active Directory Domain Services (AD DS) domain. Domain users are in organizational units (OUs) by department.

You run a pilot test with Azure Active Directory (Azure AD) synchronization to include a small subset of users. You create a group named ADDPiIot and add the pilot users to the group. You install Azure AD Connect and configure filtering based on the ADDPilot group and the Operations OU.

You need to disable group filtering and configure filtering based on select OUs. You want to avoid changes to users that are already synchronized. What should you do first?

a) Delete the ADDPilot group.

b) Uninstall Azure AD Connect.

c) Disable the built-in scheduler.

d) Run the Azure AD Connect installer.

Answers:-

Answer 1:- a

Answer 2:- d

Answer 3:- a, b

Answer 4:- b

Answer 5:- a

Answer 6:- c

Answer 7:- c

Answer 8:- b

Answer 9:- d

Answer 10:- c