100 Practice Questions and Answers for the MS-102: Microsoft 365 Administrator Exam

By /
🧭 MS-102 Microsoft 365 Administrator Practice Exam (100 Q&A)

🔹 Section 1: Microsoft 365 Tenant Management

  1. Which tool monitors Microsoft 365 service health and incidents?
    Microsoft 365 admin center
  2. First step to add a custom domain in Microsoft 365?
    Add domain in Microsoft 365 admin center
  3. Where do you configure sign-in branding?
    Microsoft Entra admin center
  4. License required for Insider Risk Management?
    Microsoft 365 E5
  5. Role that can assign roles but not create new global admins?
    Privileged Role Administrator
  6. Where to view billing and payment info?
    Microsoft 365 admin center → Billing
  7. Role for password resets and license management?
    User Administrator
  8. Can you rename the .onmicrosoft.com domain?
    No, it cannot be renamed
  9. Where to view historical outages?
    Service Health dashboard
  10. What must be done after adding a new domain?
    Verify via TXT record
  11. Tool to sync on-prem AD users?
    Azure AD Connect
  12. Maximum number of custom domains per tenant?
    900
  13. Best way to document tenant settings?
    Export settings from M365 Admin Center
  14. Default admin account in new tenant?
    Global Administrator
  15. Where to configure organization’s contact preferences?
    Organization Profile in Microsoft 365 Admin Center
  16. Prerequisite for assigning licenses to users?
    Verified domain
  17. Fastest way to add 200 users?
    PowerShell Import-Csv + New-MgUser
  18. Where to view license usage?
    License reports in Microsoft 365 Admin Center
  19. Service controlling global branding?
    Entra ID Company Branding
  20. Why might a user fail login after username change?
    Old UPN cached
  21. Role to view message center posts?
    Message Center Reader
  22. Report to find inactive users?
    Usage reports in Microsoft 365 Admin Center
  23. Prevent admins from using personal accounts?
    Block external accounts at tenant level
  24. Who manages billing alerts and payments?
    Billing Administrator
  25. Tenant timezone setting affects:
    Report timestamps

🔹 Section 2: Identity & Access Management

  1. Most phishing-resistant authentication method?
    FIDO2 key
  2. Conditional Access evaluates:
    User, location, and device compliance
  3. Entra-registered devices are:
    Personal (BYOD) MAM-only devices
  4. How to enforce MFA globally?
    Use Security Defaults or Conditional Access
  5. License required for SSPR?
    Azure AD Premium P1 or higher
  6. Repeated MFA prompts — cause?
    “Remember MFA” not configured
  7. Block risky IPs via:
    Named Locations in Conditional Access
  8. Allow access only from managed devices:
    Require compliant device
  9. Conditional Access applies to:
    Cloud apps and sign-in context
  10. Detect leaked credentials:
    Entra ID Protection
  11. RBAC principle used by Entra:
    Least privilege
  12. Helpdesk can reset passwords only:
    Password Administrator
  13. Sign-in frequency controls:
    Reauthentication interval
  14. Device join types in Entra:
    Registered, Joined, Hybrid Joined
  15. Track admin role changes:
    Entra Audit Logs
  16. Purpose of Privileged Identity Management (PIM):
    Just-in-time role activation
  17. Limit persistent sessions:
    Conditional Access session control
  18. Disable basic authentication:
    Conditional Access — block legacy auth
  19. Admin approval before app consent:
    Admin consent workflow
  20. View risky users:
    Entra ID Protection
  21. Conditional Access evaluation order:
    All applicable policies evaluate
  22. Force password reset after compromise:
    Reset password + mark user risk high
  23. Purpose of Temporary Access Pass:
    Passwordless onboarding
  24. Entra roles can be scoped to:
    Administrative Units
  25. Delegate regional management:
    Administrative Units

🔹 Section 3: Security & Compliance

  1. DLP protects:
    Sensitive data in email, SharePoint, and Teams
  2. Encrypt sensitive files:
    Sensitivity labels
  3. Retention labels define:
    How long to keep or delete data
  4. Compliance Manager provides:
    Compliance score and recommendations
  5. Auto-labeling uses:
    Trainable classifiers or sensitivity conditions
  6. Keep Teams chats for 30 days:
    Retention policy for Teams
  7. Data lifecycle management is under:
    Microsoft Purview
  8. Stop external sharing of sensitive info:
    DLP policy with block action
  9. View insider risk alerts:
    Purview → Insider Risk Management
  10. Monitor file activity:
    Audit log search
  11. Default audit log retention (E3):
    90 days
  12. Detect suspicious email forwarding:
    Defender for Office 365
  13. Safe Links protects from:
    Malicious URLs
  14. Safe Attachments scans:
    Emails and Teams attachments
  15. Quarantine suspicious emails:
    Defender for Office 365
  16. Analyze security posture:
    Microsoft Secure Score
  17. Classify data with predefined types:
    Sensitivity labels
  18. Require approval before deletion:
    Retention policy with disposition review
  19. License for Insider Risk:
    Microsoft 365 E5
  20. Prevent data copy/paste:
    Endpoint DLP or Intune App Protection
  21. Encrypt and restrict printing:
    Sensitivity label with encryption
  22. View eDiscovery cases:
    Purview → eDiscovery
  23. Generate compliance alerts for data sharing:
    DLP alerts
  24. Protect unmanaged devices accessing SharePoint:
    Conditional Access app control
  25. Measure compliance progress:
    Compliance Score

🔹 Section 4: Device Management

  1. Intune enrollment types:
    Corporate, BYOD, Shared
  2. Enforce PIN in Outlook for iOS:
    App Protection Policy
  3. Limit devices per user:
    Enrollment restrictions
  4. Co-management requires:
    SCCM client + Entra registration
  5. Allow only corporate Androids:
    Enrollment restrictions
  6. Supported app types:
    Win32, MSI, Store, and LOB
  7. Wipe data but keep enrollment:
    Wipe (Keep enrollment data)
  8. Compliance state used by:
    Conditional Access
  9. Endpoint Security policies configure:
    Antivirus, BitLocker, Firewall, ASR
  10. BitLocker recovery keys stored in:
    Entra ID
  11. Requirement for Autopilot registration:
    Hardware hash
  12. Purpose of Enrollment Status Page (ESP):
    Ensures required apps install before use
  13. Temporary privilege elevation feature:
    Endpoint Privilege Management
  14. Monitor update failures:
    Windows Update for Business reports
  15. Device filters refine:
    Policy assignments by attributes
  16. Restrict Microsoft Store access:
    Device Restrictions policy
  17. Deploy Wi-Fi certificates:
    SCEP or PKCS + Wi-Fi profile
  18. Shared PC Mode is for:
    Multi-user shared environments
  19. Intune compliance reports by:
    Device, User, and Policy
  20. Proactive Remediations use:
    Detection and remediation PowerShell scripts
  21. Measure boot and performance:
    Endpoint Analytics
  22. Encrypt macOS devices:
    FileVault
  23. Manage Apple app licenses:
    Apple VPP token integration
  24. Conditional Access device state comes from:
    Intune compliance signal
  25. Collect logs during Autopilot setup:
    Shift+F10 → run mdmdiagnosticstool
LinkedInCopyPinterestRedditTelegram

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by
Scroll to Top