50 Microsoft 365 Certified: Administrator Expert Practice Questions: Question Bank 2025

Your organization wants to ensure that when a user is added to the "HR" Microsoft 365 group, the user automatically receives a specific set of apps (for example, Teams, OneDrive, and a third-party SaaS app) without assigning licenses individually. What should you configure?

A user reports that they can sign in to Microsoft 365 from a corporate device but are blocked when signing in from a personal device. You recently enabled a policy that requires the device to be marked as compliant. Where should you check first to confirm what is blocking the sign-in?

You need to change who receives Microsoft 365 service health and security incident notifications for the tenant. What should you configure?

You want to quickly verify whether a suspicious link was clicked by any user in your tenant and identify impacted users. Which portal should you use?

Your organization is migrating from on-premises Active Directory to Microsoft Entra ID only. You want users to sign in with their on-premises UPN, avoid password synchronization, and meet the requirement that authentication occurs only in the cloud. Which identity model should you implement?

You need to allow a vendor to access a single SharePoint Online site while preventing the vendor from discovering other sites or users in your directory. What is the recommended approach?

You want to stop repeated compromised-password sign-ins. Specifically, you need to block sign-ins that match known leaked credentials and force users to change passwords when risk is detected. What should you implement?

Your SOC wants to reduce alert fatigue in Microsoft 365 Defender by automatically grouping related alerts across endpoints, identities, email, and cloud apps into a single investigation workflow. What feature should you rely on?

You must ensure that content labeled "Highly Confidential" cannot be shared externally from SharePoint Online, but internal sharing and editing must remain allowed. The control must be enforced even if a user changes site sharing settings. What should you configure?

A legal team requires that when an eDiscovery case is opened, holds must preserve Exchange mailboxes and SharePoint/OneDrive content for specific custodians, while allowing users to continue working and modifying content. You also need to ensure preserved versions remain searchable in the case. What is the best solution?

A newly created Microsoft 365 tenant must allow users to reset their own passwords. Security requires at least two verification methods and the ability to restrict registration to specific networks. What should you configure?

You need to ensure all new Microsoft 365 Groups created by users follow a naming convention that includes the department and blocks specific words. What should you configure?

Security operations wants to prioritize incidents where a user is at high risk and the alert involved a suspicious sign-in. Which Microsoft 365 Defender capability best correlates user risk and sign-in activity into a single incident view?

Your organization uses Microsoft 365 E5 and wants to automatically block users from downloading files from SharePoint Online when the session is considered risky (for example, from an unmanaged device) while still allowing browser access. What should you implement?

A company is moving to Microsoft 365 and wants to ensure only approved applications can access Microsoft 365 data via OAuth, while allowing admins to pre-approve specific apps. What is the recommended approach?

You need to prevent accidental deletion of Microsoft Teams messages and SharePoint files for a regulated department. Requirements: preserve content for 7 years and allow users to keep working normally (content can be edited/deleted but must remain discoverable). What should you configure?

A user reports that after you configured a Conditional Access policy requiring a compliant device for SharePoint Online, they can access SharePoint from the browser but are blocked when using the OneDrive sync client. Other users are unaffected. What is the most likely cause?

You want Microsoft 365 Defender to automatically investigate and remediate common threats across endpoints, identities, email, and apps. Which setting enables this capability at the tenant level?

Your organization has multiple Microsoft 365 tenants due to acquisitions. Security leadership requires a single incident queue and consolidated threat hunting across tenants without merging them. What should you implement?

Legal requires that when a case is opened, content matching specific custodians must be preserved immediately across Exchange, SharePoint, OneDrive, and Teams. They also need the ability to export items with metadata and maintain a defensible chain of custody. Which Microsoft Purview solution should you use?

Your organization uses multiple Microsoft 365 admin roles. You need to ensure that no one can permanently activate high-privilege roles (for example, Global Administrator) and that activations require approval and are time-bound. What should you implement?

A security analyst wants to investigate a phishing email that may have been delivered to multiple users. They need to identify all recipients and see delivery actions (delivered, quarantined, blocked) in one place. Which Microsoft 365 Defender capability should they use?

You need to enforce that all guests invited to collaborate in Microsoft 365 must complete terms of use before accessing any resources. What should you configure?

A company wants to automatically block user sign-ins that match known leaked credentials and risky sign-in patterns. The security team wants the risk to be evaluated by Microsoft and enforced through policy. What should you configure?

You are migrating multiple acquired companies into your Microsoft 365 tenant. You need a way to ensure users from each subsidiary can be assigned different branding and sign-in experiences while still using the same tenant. What should you use?

A compliance team needs to retain Teams chat messages for 7 years, but they want users to be able to delete messages from their view while the organization still preserves a copy for legal purposes. What should you configure?

Users report that Safe Links is not rewriting URLs in emails for a specific group of users, even though the organization believes a Safe Links policy is configured. You need to identify the most likely configuration issue. What is the best initial check?

Your organization must prevent users in the Finance department from chatting or sharing files with users in the Trading department in Microsoft Teams and SharePoint, but both departments must still collaborate with HR. What should you implement?

You need to ensure that privileged administrators can access the Microsoft 365 admin portals only from approved locations and only from compliant devices. The requirement must apply to all privileged roles, including users who activate roles via PIM. What should you implement?

A legal hold requires that any content matching specific keywords across Exchange, SharePoint, OneDrive, and Teams be preserved and that in-place deletions by users do not permanently remove the content. The legal team also needs to export results for an external counsel review. Which Microsoft Purview solution should you use?

You need to ensure all Microsoft 365 admin portals require phishing-resistant MFA for administrative access, but you want end users to continue using their current MFA methods for now. Which solution should you implement?

A tenant uses Microsoft Defender for Office 365. Users report that legitimate business emails containing password-protected ZIP attachments are often quarantined. You must reduce false positives while still protecting the organization from malicious attachments. What should you adjust first?

You are implementing a retention requirement: keep all emails for seven years, but allow users to delete messages from their mailbox views at any time. Which Microsoft Purview solution best meets the requirement?

Your organization wants to allow external collaboration in Microsoft Teams but must ensure guests can only be invited from a specific list of partner domains. Which configuration should you use?

You need to quickly identify which devices are noncompliant with your organization’s compliance policies and are being blocked from accessing Microsoft 365 resources. Where should you look first?

A security analyst wants to automatically investigate and remediate alerts generated from Microsoft Defender for Office 365 and Defender for Endpoint without requiring manual approval. Where is this configured?

You want to prevent users from creating Microsoft 365 groups unless they are members of a specific security group. What is the recommended approach?

Your legal team needs to search and export Teams chat messages for a specific custodian and date range. Which Microsoft Purview feature should you use?

You must create a Conditional Access design that reduces the risk of administrators being locked out due to a misconfigured policy while still enforcing strong controls. What should you do?

A finance department requires that when users share files containing credit card numbers, the files must be automatically encrypted and access must be restricted to internal users only. You want the control to follow the file even if it is emailed or moved outside SharePoint. What should you implement?

You need to quickly identify whether a user is synced from on-premises Active Directory or cloud-only in Microsoft Entra ID. Which user attribute in the Microsoft Entra admin center provides this information most directly?

You are preparing to decommission an employee. You must ensure they can no longer sign in to Microsoft 365 immediately while keeping their mailbox and OneDrive data for later review. What should you do first?

A user reports that a message they sent to an external recipient was blocked with a non-delivery report (NDR) that indicates the organization does not allow that type of external email. Where should you look first to confirm whether outbound mail to external recipients is restricted?

Your security team wants to automatically block sign-in for any user account that Microsoft Entra ID Identity Protection flags as high risk. You also need to allow access again once the user completes a secure remediation step. What should you configure?

You enable Microsoft Defender for Office 365 Safe Links. Users report that some URLs in Microsoft Teams chats are not being rewritten and time-of-click checked. Which configuration is most likely missing?

You receive alerts for suspicious inbox forwarding rules being created. You want to automatically investigate and remediate common incidents (for example, remove malicious forwarding rules and disable compromised accounts) with minimal analyst effort. What should you enable and configure?

Your organization must prevent users from creating new anonymous (anyone) sharing links in SharePoint Online and OneDrive, but existing anonymous links should continue working until they naturally expire. Which setting best meets the requirement?

You want to identify and remove sensitive data (such as national ID numbers) shared in Microsoft Teams chat messages. Which Microsoft Purview capability is designed to detect and take action on sensitive info in Teams chats and channel messages?

A multinational organization wants to enforce phishing-resistant authentication for privileged roles while allowing less strict methods for standard users. You must ensure the control is applied automatically as users are assigned or removed from privileged roles. What is the best approach?

You are designing a compliance solution to ensure that when an employee leaves, their OneDrive content is preserved for investigation and cannot be permanently deleted by users. You also need to be able to search the content later even if the user account is removed. Which solution best meets these requirements with the least operational overhead?