Microsoft 365 Certified: Administrator Expert Practice Exam 2025: Latest Questions

Your organization wants to ensure that only compliant Windows devices can access Microsoft 365 services such as Exchange Online and SharePoint Online. The requirement is to block access from unmanaged or noncompliant devices, while allowing access from compliant devices. Which solution should you implement?

You need to prevent users from accessing the Microsoft 365 admin center unless they are assigned a specific administrative role. Which Microsoft 365 feature should you use to control access to the admin center?

A user reports that legitimate messages are being moved to the Junk Email folder in Exchange Online. You want to allow messages from a specific sender to always be delivered to the Inbox for all recipients in the organization. What should you configure?

You need to ensure that when users create documents labeled as 'Confidential', the documents are automatically encrypted and access is restricted to internal users only. Which Microsoft Purview feature should you use?

Your organization uses Microsoft Entra ID. You need to allow users to reset their passwords without contacting the help desk, but you must require at least two authentication methods for the reset process. What should you configure?

You are investigating an incident in Microsoft 365 Defender where multiple users received a malicious URL via email. You want to see a unified timeline of the attack across email, identities, and endpoints to understand how it progressed. Which Microsoft 365 Defender capability should you use?

You need to ensure only users in the Finance department can create Microsoft 365 Groups, because uncontrolled group creation is causing governance issues. What is the recommended approach?

You must prevent users from sharing files stored in SharePoint Online with external users, but you need to allow external sharing for a single site used for partner collaboration. What should you do?

Your organization requires that high-privilege administrative roles are not permanently assigned and that admins must activate roles only when needed, with approval and MFA. Which solution best meets these requirements?

You need to detect and automatically remediate risky sign-ins and user risk in Microsoft Entra ID. The requirement is to force a password change when user risk is high and require MFA when sign-in risk is medium or above. Which configuration should you implement?

You need to ensure that only users who are members of a specific group can register for Azure AD (Microsoft Entra ID) self-service password reset (SSPR). What should you configure?

A user reports they can’t access Microsoft 365 from a new phone because sign-in is blocked with a message that approval is required. Your organization requires multi-factor authentication using the Microsoft Authenticator app. What is the most likely reason?

You need to ensure Microsoft Teams and SharePoint users see the correct display name for recently renamed users as quickly as possible. Which change is most appropriate?

Your security team wants to automatically open an incident and isolate a device when a high-confidence malware alert is raised in Microsoft Defender for Endpoint. Which capability should you use?

You have a hybrid environment with on-premises Active Directory and Microsoft Entra ID. You need to prevent users from creating new guest invitations unless they are in an approved group, while still allowing those approved users to invite guests to specific teams. What should you implement?

You need to ensure that when a user leaves the company, their OneDrive and mailbox content is preserved for 7 years, but their Teams chat messages are retained only for 1 year. What is the best approach?

Microsoft Defender for Office 365 shows multiple users clicked a URL that later became malicious. You need to identify all affected messages and remove them from mailboxes with minimal manual effort. What should you use?

You need to enforce that privileged role assignments (for example, Global Administrator) are time-bound and require approval before activation. Which solution should you implement?

You must implement a data loss prevention strategy that blocks sharing of documents containing credit card numbers in SharePoint and OneDrive, but allows sharing if a business justification is provided and the event is logged for review. Which configuration best meets the requirement?

You are planning for tenant administration and want to minimize impact if an admin account is compromised. Which is the recommended best practice for day-to-day admin activities?

A global organization uses Microsoft 365 E5. Users report that messages sent to recipients in a partner tenant are intermittently delayed and sometimes end up in the Junk Email folder. You need to identify the cause and gather evidence using the most appropriate Microsoft 365 toolset. What should you use first?

Your organization wants to require phishing-resistant authentication for all administrators, including access to the Azure portal and Microsoft 365 admin center. You must minimize the risk of MFA fatigue and prevent push-based approvals. Which approach should you implement?

A security analyst is investigating a suspected data exfiltration attempt. Several devices are raising alerts related to suspicious PowerShell activity and credential dumping behavior. You need to isolate affected devices immediately and stop the spread while preserving evidence for investigation. Which Microsoft 365 Defender action best meets the requirement?

Your organization has multiple Microsoft 365 workloads (Exchange, SharePoint, OneDrive, Teams). You need to automatically detect and prioritize investigation of advanced attacks by correlating alerts across identities, endpoints, email, and cloud apps into a single view. Which feature should you use?

A regulated company must ensure that when users share Microsoft 365 documents externally, the shared content cannot be downloaded, printed, or copied by the recipient. The company wants this enforced even if the document is forwarded. What is the best solution?