Microsoft 365 Certified: Administrator Expert Practice Exam: Test Your Knowledge 2025

Your organization is planning to deploy Microsoft 365 and needs to verify domain ownership. You have added the required TXT record to your DNS provider. However, when you attempt to verify the domain in the Microsoft 365 admin center, the verification fails. What is the MOST likely cause of this issue?

You are implementing Conditional Access policies for your organization. Users report that they cannot access Microsoft 365 applications from their personal devices, even though they can sign in successfully from company-managed devices. You need to ensure users can access applications from personal devices but require multi-factor authentication when doing so. What should you configure?

Your organization has experienced a ransomware attack, and several SharePoint Online sites have been compromised. You need to restore the affected sites to their state from 25 days ago. What should you do?

You need to implement a data loss prevention (DLP) policy that prevents users from sharing credit card information in Microsoft Teams chats and channel messages. The policy should allow users to override the block with business justification. What should you configure in Microsoft Purview?

Your organization uses Azure AD Connect to synchronize on-premises Active Directory with Azure AD. You need to ensure that when users change their passwords on-premises, those changes are immediately available for authenticating to Microsoft 365 services without waiting for the next sync cycle. What feature should you enable?

You are configuring Microsoft 365 services for a new tenant. The organization requires that all external email received should be scanned for malware and phishing attempts before being delivered to user mailboxes. Which service provides this functionality by default?

Your organization has multiple Microsoft 365 subscriptions and needs to consolidate billing. Some subscriptions were purchased directly from Microsoft, while others were purchased through a Cloud Solution Provider (CSP). What is the recommended approach to consolidate billing?

You need to implement a solution that allows users to automatically classify and label documents based on their content, such as documents containing Social Security numbers. The classification should happen without user intervention. What should you implement in Microsoft Purview?

Your organization is implementing Microsoft 365 Groups and Teams. The IT security team requires that all new Groups and Teams follow a naming convention with a specific prefix based on department and must include a classification label. What should you configure?

A user reports that they cannot access a specific SharePoint site, receiving an 'Access Denied' error. The user is a member of a security group that has been granted Contribute permissions to the site. What should you check FIRST to troubleshoot this issue?

Your organization needs to investigate a potential security incident where a user's mailbox may have been compromised. You need to search for all emails sent by this user in the last 30 days and review them. What tool should you use?

You are implementing Azure AD Application Proxy to provide secure remote access to an on-premises web application. Users report that they can access the application but are being prompted for credentials multiple times. What should you configure to enable single sign-on?

Your organization has enabled Microsoft Defender for Office 365 Plan 2. You need to configure protection against malicious URLs in email messages and Microsoft Teams. The solution should detonate suspicious URLs in a sandbox environment before users can access them. What feature should you configure?

Your organization requires that all emails containing financial reports must be retained for 7 years for regulatory compliance. However, the default mailbox retention for the organization is 3 years. What should you implement in Microsoft Purview?

You need to delegate the ability to reset passwords and manage user licenses to a help desk team without granting them full Global Administrator privileges. What Azure AD role should you assign?

Your organization is experiencing email delivery issues. External recipients report that emails from your domain are being marked as spam or rejected. You need to implement email authentication to improve deliverability and prevent spoofing. What should you configure? (Choose the MOST complete solution)

A security analyst reports that multiple users' accounts show impossible travel alerts in Microsoft 365 Defender. The alerts indicate sign-ins from geographically distant locations within an impossible time frame. After investigation, you determine these are legitimate sign-ins from VPN exit nodes. What should you do to reduce false positives while maintaining security?

Your organization uses hybrid Azure AD join for Windows devices. You need to ensure that users can use Windows Hello for Business for authentication to both on-premises and cloud resources. What prerequisite must be configured on-premises?

Your organization needs to ensure that users can only access Microsoft 365 services from managed devices that meet your security compliance requirements. Devices must have antivirus enabled, be encrypted, and run a supported OS version. What should you implement?

Your organization is preparing for a compliance audit and needs to demonstrate that all administrator activities in Microsoft 365 have been logged and are available for review. You need to ensure that audit logs are retained for 2 years. What should you configure?