Visit here for our full Microsoft MS-102 exam dumps and practice test questions.
Question 181:
Your company wants to automatically delete all Microsoft Yammer messages older than 5 years. What should you configure?
A) Yammer retention policy with 5-year deletion
B) Microsoft 365 retention policy for Yammer
C) Yammer network data retention settings
D) Yammer message lifecycle policy
Answer: B
Explanation:
Microsoft 365 retention policy for Yammer provides automated lifecycle management for Yammer messages ensuring messages older than specified periods are automatically deleted. When you create retention policies in Microsoft Purview targeting Yammer community messages and private messages, you configure retention periods and deletion actions that apply to Yammer content. Setting a 5-year retention period with automatic deletion ensures messages older than 5 years are permanently removed from Yammer.
Retention policies for Yammer operate continuously evaluating message ages and deleting content that exceeds retention thresholds. The policy preserves messages during the retention period even if users delete them ensuring compliance with retention requirements. After the retention period expires, messages are permanently deleted reducing storage consumption and ensuring data minimization compliance for organizations subject to privacy regulations.
Organizations implement Yammer retention policies to manage storage costs, comply with data retention regulations, and maintain relevant current content in Yammer networks. Retaining all historical Yammer messages indefinitely can lead to massive storage consumption and make it difficult for users to find relevant current information. Automatic deletion of old messages ensures Yammer remains focused on recent communications and knowledge while preserving important content for appropriate periods.
Configuration involves creating retention policies in Microsoft Purview compliance portal selecting Yammer community messages and Yammer private messages as locations and specifying 5-year retention followed by automatic deletion. The policy applies organization-wide or can be scoped to specific Yammer communities or users based on retention requirements. The deletion process generates logs for audit purposes showing what content was deleted and when.
Option A is incorrect because Yammer retention policy is configured through Microsoft 365 retention policies in Purview compliance portal rather than separate Yammer settings. Option C is incorrect because Yammer network data retention settings provide basic data management but comprehensive retention is configured through Microsoft 365 retention policies. Option D is incorrect because Yammer message lifecycle policy is not a specific feature; retention is managed through Microsoft 365 retention policies targeting Yammer locations.
Question 182:
You need to ensure that all external users accessing SharePoint must accept terms of use before viewing content. What should you configure?
A) Terms of use policy in Azure AD applied to SharePoint external users
B) SharePoint site access requirements
C) Guest access policy with acknowledgment requirements
D) Azure AD B2B invitation terms
Answer: A
Explanation:
Terms of use policy in Azure AD applied to SharePoint external users provides mandatory policy acknowledgment requiring external users to review and accept organizational terms before accessing SharePoint content. When you create terms of use policies in Azure AD, you upload PDF documents containing terms and conditions then configure Conditional Access policies that require external users to accept terms when accessing SharePoint. External users encounter terms of use during their first access to SharePoint and must scroll through and accept before proceeding.
Terms of use policies support various configurations including requiring acceptance on every device, periodic reacceptance to ensure users remain aware of terms, and per-application acceptance. For external SharePoint access, organizations typically configure terms that explain acceptable use expectations, data handling requirements, confidentiality obligations, and restrictions on content downloading or sharing. External users must explicitly accept these terms providing documented acknowledgment of their obligations.
The acceptance process maintains audit records showing which external users accepted terms, when acceptance occurred, and which version of terms was accepted. This audit trail supports compliance requirements and provides evidence that external users were informed of organizational policies before accessing sensitive content. If terms are updated, organizations can require external users to re-accept ensuring awareness of policy changes.
Terms of use policies integrate with Conditional Access providing flexible enforcement where different terms can apply to different external user groups or different applications. High-sensitivity SharePoint sites might require additional terms acceptance beyond general external collaboration terms. The policy enforcement prevents access until terms are accepted ensuring external users cannot bypass policy acknowledgment requirements.
Option B is incorrect because SharePoint site access requirements control permissions but terms of use requiring policy acceptance are configured through Azure AD terms of use feature. Option C is incorrect because guest access policy with acknowledgment requirements is not a specific built-in feature; terms acceptance requires Azure AD terms of use. Option D is incorrect because Azure AD B2B invitation terms appear during invitation acceptance but ongoing terms enforcement for SharePoint access requires terms of use policies.
Question 183:
Your organization needs to prevent users from creating Power Automate flows that send data to personal email addresses. What should you configure?
A) Power Platform DLP policy blocking email connectors to personal domains
B) Mail flow rule blocking Power Automate emails
C) Data Loss Prevention policy for Power Automate
D) Conditional Access policy for Power Automate
Answer: A
Explanation:
Power Platform DLP policy blocking email connectors to personal domains provides governance controls preventing Power Automate flows from sending organizational data to personal email addresses through email connectors. When you configure DLP policies for Power Platform, you classify connectors and define rules about data flow between connector groups. By configuring email connector restrictions that block connections to personal email domains or classify personal email as non-business data, you prevent flows from sending data to personal addresses.
DLP policies for email connectors can include domain restrictions where you specify approved email domains for business communications. Flows attempting to send emails to addresses outside approved domains such as Gmail, Yahoo, or other personal email services are blocked or generate policy violations. Users creating flows with prohibited email destinations receive error messages explaining that organizational policy prevents sending data to personal email addresses.
Organizations implement email destination restrictions to prevent data exfiltration where users might intentionally or accidentally create flows that send sensitive business information to personal email accounts. Personal email lacks organizational security controls, monitoring, and retention making it inappropriate for business communications. The policy ensures automated workflows send data only through approved business communication channels.
Power Platform DLP policies also support connector endpoint filtering where you configure allowed email addresses or domains for email connectors. This granular control enables scenarios where specific external partner email addresses are approved while general personal email domains remain blocked. The policy enforcement applies across all environments ensuring consistent governance regardless of where flows are created.
Option B is incorrect because mail flow rules process Exchange email but do not control Power Automate flow connector usage which requires Power Platform DLP policies. Option C is incorrect because Data Loss Prevention policy for Power Automate is implemented through Power Platform DLP policies which provide the specific governance needed. Option D is incorrect because Conditional Access policy controls authentication to Power Automate but does not restrict connector usage within flows.
Question 184:
You need to delegate the ability to create communication sites without granting permissions to create team sites. What should you configure?
A) SharePoint site creation permissions with site type restrictions
B) Site design assignment for communication sites only
C) SharePoint Administrator role scoped to communication sites
D) Custom permission level for communication site creation
Answer: A
Explanation:
SharePoint site creation permissions with site type restrictions provide granular control over which types of sites users can create enabling organizations to allow communication site creation while restricting team site creation. In SharePoint Online settings, you configure site creation permissions specifying which users or groups can create new sites. Through PowerShell configuration, you can implement more granular controls distinguishing between communication site creation and team site creation permissions.
Communication sites serve different purposes than team sites with communication sites designed for broadcasting information to broad audiences while team sites support collaborative workspaces for defined teams. Organizations might want to allow broad communication site creation supporting departmental communications and project announcements while restricting team site creation to prevent uncontrolled proliferation of collaborative workspaces requiring ongoing management.
Implementation involves configuring SharePoint settings that control site creation permissions and using PowerShell commands that provide site type-specific controls. You can enable communication site creation for specific user groups while team site creation remains restricted to different groups or requires approval workflows. This differentiated approach supports organizational governance strategies where different site types have different creation requirements.
Users with communication site creation permissions can create sites through SharePoint start page or direct navigation to site creation interfaces where they select communication site templates. They receive errors when attempting to create team sites explaining that their permissions do not include team site creation. This clear distinction helps users understand available self-service capabilities while maintaining governance over team site proliferation.
Option B is incorrect because site design assignment provides templates for sites but does not control which site types users can create requiring site creation permission configuration. Option C is incorrect because SharePoint Administrator role provides comprehensive permissions not scoped to specific site types; granular control requires site creation permission configuration. Option D is incorrect because custom permission level addresses permission actions within sites rather than controlling which site types can be created.
Question 185:
Your company wants to ensure that all Microsoft Forms collecting health information comply with HIPAA requirements. What should you configure?
A) Forms data encryption with customer-managed keys and access restrictions
B) Forms HIPAA compliance settings
C) Sensitivity labels for Forms with HIPAA classification
D) Microsoft 365 HIPAA compliance policy for Forms
Answer: A
Explanation:
Forms data encryption with customer-managed keys and access restrictions provides enhanced data protection for Forms collecting health information helping organizations meet HIPAA requirements for protected health information security. While Microsoft Forms itself does not have specific HIPAA compliance mode, you can implement technical and administrative controls that support HIPAA compliance including encrypting Forms response data with customer-managed keys through Customer Key for Microsoft 365 and restricting form access to authorized users only.
HIPAA compliance requires implementing administrative, physical, and technical safeguards to protect electronic protected health information. For Forms collecting health information, organizations must ensure access is limited to authorized healthcare personnel, data is encrypted at rest and in transit, audit logs track access to responses, and responses are retained according to healthcare records retention requirements. Customer Key provides additional encryption control ensuring Microsoft cannot access unencrypted health information without customer authorization.
Organizations using Forms for health information collection should restrict form access requiring authentication, configure forms to record respondent identities enabling audit trails, avoid anonymous form responses for health data, and implement retention policies ensuring responses are preserved according to medical records requirements. Forms should include privacy notices explaining how health information will be used and protected in compliance with HIPAA privacy rules.
Question 186:
Your organization needs to ensure that all Microsoft To Do tasks containing project codes are automatically classified and retained. What should you configure?
A) Data Loss Prevention policy for Microsoft To Do
B) Microsoft 365 retention policy for To Do
C) Sensitivity label auto-labeling for To Do tasks
D) Task management lifecycle policy
Answer: B
Explanation:
Microsoft 365 retention policy for To Do provides automated lifecycle management ensuring tasks are preserved according to organizational compliance requirements. When you create retention policies in Microsoft Purview targeting Microsoft To Do locations, you configure retention periods that apply to all tasks created by users in the organization. The policy ensures tasks containing project codes are retained for specified periods supporting project documentation and compliance needs.
Retention policies for To Do operate continuously preserving task content including titles, descriptions, due dates, and completion status. Even when users delete tasks or mark them complete, the retention policy ensures task data is preserved in secure locations accessible through eDiscovery and content search tools. This preservation supports project audits, compliance investigations, and historical project tracking where task management data provides evidence of project execution.
Organizations implementing To Do retention should configure retention periods matching project lifecycle requirements. For projects requiring seven-year retention, the policy ensures all task data remains accessible for that duration. The retention policy can be combined with custom sensitive information types that detect project code patterns in task descriptions enabling targeted retention for specific project categories.
Configuration involves creating retention policies in Microsoft Purview compliance portal selecting Microsoft To Do as the target location and specifying retention duration. The policy applies organization-wide ensuring all users’ tasks receive consistent retention treatment. Organizations can implement different retention periods for different user groups based on their project types and compliance requirements.
Option A is incorrect because DLP policies focus on preventing data loss rather than implementing retention for lifecycle management. Option C is incorrect because sensitivity labels provide classification and protection but To Do retention requires retention policies rather than label-based approaches. Option D is incorrect because task management lifecycle policy is not a specific built-in feature requiring retention policy implementation.
Question 187:
You need to prevent users from creating Microsoft Whiteboard sessions that include external participants. What should you configure?
A) Whiteboard external sharing policy
B) Azure AD external collaboration settings
C) Teams external access for Whiteboard
D) Whiteboard guest access restrictions
Answer: A
Explanation:
Whiteboard external sharing policy provides direct control over whether users can invite external participants to whiteboard collaboration sessions. In Whiteboard admin settings configurable through PowerShell or admin interfaces, you define organization-wide policies determining whether whiteboard sharing is permitted with users outside the organization. When you disable external sharing, users can only collaborate on whiteboards with other users from your tenant preventing external participant inclusion.
The policy applies to all whiteboard sharing operations across devices and platforms providing consistent enforcement regardless of whether users access Whiteboard through Teams, web browsers, or dedicated Whiteboard applications. When users attempt to share whiteboards with external email addresses or add external participants to existing whiteboards, the sharing operation fails with messages explaining organizational policy restrictions.
Whiteboard external sharing restrictions help organizations maintain control over collaborative content ensuring brainstorming sessions, design discussions, and strategic planning occur only among internal participants. Whiteboards often contain early-stage ideas, competitive strategies, or confidential concepts that should not be shared with external parties. The sharing restriction prevents accidental exposure of sensitive collaborative content to competitors, unauthorized partners, or other external entities.
Organizations should communicate external sharing restrictions clearly to users and provide alternative collaboration methods for scenarios legitimately requiring external participation. Teams meetings allow external guests to view whiteboards during sessions without granting persistent access providing controlled external collaboration while maintaining overall sharing restrictions. This balanced approach supports necessary external engagement while preventing uncontrolled whiteboard sharing.
Option B is incorrect because Azure AD external collaboration settings control broad guest access but Whiteboard sharing requires application-specific policy configuration. Option C is incorrect because Teams external access controls communication with other organizations but does not specifically manage Whiteboard participant restrictions. Option D is incorrect because guest access restrictions are implemented through Whiteboard external sharing policy rather than separate guest access features.
Question 188:
Your company wants to automatically expire all SharePoint site guest access after 90 days. What should you configure?
A) Azure AD access reviews for SharePoint guest users
B) SharePoint guest link expiration settings
C) Guest user lifecycle policy for sites
D) Site collection guest access expiration
Answer: A
Explanation:
Azure AD access reviews for SharePoint guest users provide automated periodic certification of guest access to SharePoint sites ensuring guest permissions are reviewed and expired after specified periods like 90 days. When you create access reviews targeting SharePoint resources, you configure review schedules and automatic expiration settings requiring guest access to be revalidated or automatically removed. The review process evaluates guest permissions across SharePoint sites identifying guests who have not been revalidated within the 90-day period.
Access reviews can be configured with automatic removal settings where guest accounts not receiving approval during reviews are automatically removed from SharePoint sites after the expiration period. This ensures guest access does not persist indefinitely requiring site owners or designated reviewers to periodically certify that guests still need access. Guests who still require access are reapproved during reviews while inactive or unnecessary guest accounts are removed automatically.
Organizations benefit from automated guest access expiration by maintaining clean guest lists ensuring external access reflects current business relationships and collaboration needs. Guest accounts accumulating over time create security risks as former partners or contractors may retain access credentials that could be compromised. Regular expiration and review reduce attack surface by removing unnecessary external access systematically.
The access review system generates notifications to reviewers on scheduled intervals prompting them to evaluate guest permissions and make removal or approval decisions. Reviewers see guest identities, when they were added, what resources they can access, and their recent activity patterns. This information supports informed decisions about whether guests should retain access or be removed.
Option B is incorrect because SharePoint guest link expiration applies to sharing links rather than guest account access requiring access reviews for account-level expiration. Option C is incorrect because guest user lifecycle policy is implemented through access reviews rather than separate lifecycle features. Option D is incorrect because site collection guest access expiration is configured through Azure AD access reviews targeting SharePoint resources.
Question 189:
You need to delegate the ability to manage Microsoft Defender for Office 365 policies without granting other security permissions. Which role should you assign?
A) Security Administrator
B) Security Operator
C) Global Administrator
D) Exchange Administrator
Answer: B
Explanation:
Security Operator role provides specific permissions to manage security alerts and responses including Microsoft Defender for Office 365 policies without granting comprehensive security configuration capabilities. Users assigned this role can view and manage security alerts, run investigations, and implement response actions through Defender for Office 365 interfaces. The role enables security operations personnel to handle email threats without elevation to Security Administrator which includes broader security policy configuration permissions.
Security Operators can manage anti-phishing policies, anti-malware policies, safe attachments policies, and safe links policies in Defender for Office 365. They can adjust policy settings, modify policy assignments to user groups, and configure threat protection features responding to emerging threats. The role supports security operations teams who need to adapt protection policies based on threat intelligence without requiring full security administrative access.
The role separation ensures security operations responsibilities are delegated appropriately with Security Operators handling day-to-day threat response while Security Administrators maintain overall security architecture and strategy. Security Operators cannot modify broader security configurations like Conditional Access policies, identity protection settings, or compliance policies ensuring appropriate boundaries between operational security management and strategic security governance.
Security Operators access Defender for Office 365 through Microsoft 365 Defender portal where they view threat analytics, investigate suspicious emails, review quarantined messages, and adjust protection policies. They can respond to security incidents, block malicious senders, and implement emergency policy changes addressing active threats. The role provides sufficient capabilities for effective security operations without unnecessary privileges.
Option A is incorrect because Security Administrator has comprehensive security configuration permissions exceeding Defender policy management requirements. Option C is incorrect because Global Administrator has unlimited permissions far beyond Defender policy management violating least privilege principles. Option D is incorrect because Exchange Administrator manages Exchange infrastructure but does not specifically manage Defender for Office 365 security policies.
Question 190:
Your organization needs to ensure that all Power BI workspaces containing financial data require approval before users can be added. What should you configure?
A) Power BI workspace access governance with approval workflows
B) Azure AD group approval for Power BI
C) Conditional Access policy for Power BI workspaces
D) Power BI admin settings for workspace access
Answer: A
Explanation:
Power BI workspace access governance with approval workflows provides controlled membership management ensuring users cannot be added to financial data workspaces without proper authorization. While Power BI does not include built-in approval workflows for workspace access, organizations implement governance processes using Power Automate flows that intercept workspace access requests and route them to designated approvers who evaluate whether users should receive access to sensitive financial workspaces.
The approval workflow monitors workspace membership changes detecting when workspace administrators attempt to add new users to designated financial workspaces. The workflow captures requested user information and workspace details sending approval requests to financial data stewards or compliance officers who review whether users have legitimate business needs for access. Based on approval decisions, the workflow either completes the user addition or blocks access and notifies requesters of denial reasons.
Organizations implement workspace access approval to maintain strict control over financial data access ensuring only authorized personnel view sensitive financial reports and datasets. Financial workspaces often contain confidential financial performance data, strategic financial planning, or competitive financial information requiring protection from unauthorized access. The approval process ensures all access grants are reviewed and authorized preventing inappropriate access through workspace sharing.
Implementation involves identifying financial workspaces requiring approval governance, creating Power Automate flows that monitor workspace membership through Power BI APIs, and establishing clear approval authority chains. The workflow maintains audit trails showing all access requests, approval decisions, and approver identities supporting compliance with financial data access control requirements.
Option B is incorrect because Azure AD group approval controls group membership but Power BI workspace access requires workspace-specific governance. Option C is incorrect because Conditional Access controls authentication to Power BI but does not implement approval workflows for workspace membership. Option D is incorrect because Power BI admin settings provide general workspace configurations but approval workflows require custom automation implementation.
Question 191:
You need to ensure that all Microsoft Loop components shared externally are watermarked with user email addresses. What should you configure?
A) Sensitivity label with dynamic watermark for Loop content
B) Loop sharing settings with watermark requirements
C) Information Rights Management for Loop
D) Data Loss Prevention policy with watermark action for Loop
Answer: A
Explanation:
Sensitivity label with dynamic watermark for Loop content provides document-level protection applying watermarks containing user information to Loop components when they are classified with appropriate labels. Dynamic content markings use variables that populate with actual user email addresses at the time content is accessed creating unique watermarks identifying who viewed or shared Loop components. When you configure sensitivity labels with watermark settings, the labels apply to Loop content ensuring external sharing includes attribution.
Loop components are collaborative elements created in Microsoft Loop or embedded in Teams, Outlook, or other Microsoft 365 applications. When Loop components contain sensitive information shared externally, watermarks provide accountability showing which user shared the content. The watermark becomes visible on Loop components displaying the user’s email address deterring unauthorized further sharing since recipients can identify the source.
Configuration involves creating sensitivity labels with protection settings including watermark content markings that use dynamic variables for user email addresses. You then configure auto-labeling policies or manual labeling requirements ensuring Loop components are classified before external sharing. The label protection ensures watermarks appear on shared Loop components regardless of which application hosts them.
Organizations implementing Loop watermarking should communicate watermark purposes to users explaining that watermarks provide accountability for external sharing. Users sharing Loop components externally should understand that recipients will see watermarks identifying them as the source. This transparency promotes responsible sharing behaviors and deters casual sharing of sensitive collaborative content.
Option B is incorrect because Loop sharing settings control sharing capabilities but watermarking requires sensitivity label protection rather than sharing configuration. Option C is incorrect because Information Rights Management provides encryption but dynamic watermarking is implemented through sensitivity labels. Option D is incorrect because DLP policies detect and prevent data loss but do not apply watermarks to content.
Question 192:
Your company wants to prevent users from printing documents stored in SharePoint document libraries. What should you configure?
A) SharePoint document library permissions removing print capabilities
B) Sensitivity labels with print restrictions for SharePoint content
C) Information Rights Management template blocking print
D) SharePoint site policy restricting print operations
Answer: B
Explanation:
Sensitivity labels with print restrictions for SharePoint content provide document-level protection preventing users from printing files regardless of where documents are accessed. When you configure sensitivity labels with encryption and usage rights that deny print permissions, the labels enforce print restrictions when users access labeled documents in SharePoint libraries through Office applications or Office Online. The protection travels with documents ensuring print restrictions persist regardless of document location or access method.
Label protection uses encryption technology to enforce usage restrictions. When users open labeled documents from SharePoint libraries, Office applications check label protection settings and disable printing functionality. Users attempting to print see error messages explaining that document classification prevents printing. The restriction applies whether users access documents through browser-based Office Online, desktop Office applications, or mobile Office apps.
Organizations implement print restrictions to prevent sensitive information from being extracted through physical printed copies. Documents containing confidential strategies, proprietary research, or sensitive customer information often require print restrictions ensuring information remains in digital controlled environments. Print restrictions reduce risks of sensitive documents being left on printers, carried outside secure areas, or photocopied for unauthorized distribution.
Configuration involves creating sensitivity labels with protection settings that deny print permissions while allowing view and potentially edit operations. You then publish labels and configure auto-labeling policies that apply labels to sensitive documents in SharePoint libraries or require users to apply labels manually. The comprehensive approach ensures sensitive SharePoint content receives print protection.
Option A is incorrect because SharePoint document library permissions control access and editing but do not provide usage restriction capabilities like print blocking. Option C is incorrect because Information Rights Management templates provide protection but sensitivity labels are the modern recommended approach with better integration. Option D is incorrect because SharePoint site policy is not a feature for restricting print operations requiring sensitivity label protection.
Question 193:
You need to delegate the ability to manage Microsoft Viva Insights without granting other administrative permissions. Which role should you assign?
A) Insights Administrator
B) Reports Reader
C) Global Administrator
D) User Administrator
Answer: A
Explanation:
Insights Administrator role provides specific permissions to manage Microsoft Viva Insights including configuring insights settings, managing privacy settings, and accessing organizational analytics without granting broader administrative capabilities. Users assigned this role can configure Viva Insights features, manage analyst settings, define privacy thresholds, and access aggregated organizational insights data. The role enables insights administration supporting organizational analytics initiatives without requiring full administrative access.
Insights Administrators configure how Viva Insights collects and analyzes data ensuring privacy protections are implemented and insights align with organizational needs. They can adjust minimum group sizes for aggregated insights, configure data sources for analysis, manage insight program deployment, and customize insights experiences for different user populations. The role supports HR analytics teams, organizational development professionals, or business intelligence personnel who need insights administration capabilities.
The role separation ensures insights management does not require elevation to roles with user management, security configuration, or other unrelated administrative privileges. Insights Administrators cannot modify user accounts, access individual user data, or configure organizational security policies maintaining appropriate boundaries between insights administration and broader IT administration.
Insights Administrators access Viva Insights admin interfaces where they configure organizational insights settings, review aggregated analytics, and manage insight programs. They can analyze workplace collaboration patterns, identify opportunities for productivity improvements, and generate reports showing organizational trends. The role provides comprehensive insights management while respecting privacy through aggregated anonymized data analysis.
Option B is incorrect because Reports Reader accesses usage reports but does not have comprehensive Viva Insights management and configuration permissions. Option C is incorrect because Global Administrator has unlimited permissions far exceeding insights administration requirements violating least privilege principles. Option D is incorrect because User Administrator manages user accounts but does not have specific Viva Insights configuration and management capabilities.
Question 194:
Your organization needs to ensure that all Microsoft Kaizala groups containing customer information are retained for 10 years. What should you configure?
A) Microsoft 365 retention policy for Kaizala
B) Kaizala group retention settings
C) Azure storage retention for Kaizala data
D) Kaizala compliance policy
Answer: A
Explanation:
Microsoft 365 retention policy for Kaizala provides automated lifecycle management ensuring Kaizala group messages and content are preserved according to organizational compliance requirements. When you create retention policies in Microsoft Purview targeting Kaizala locations, you configure retention periods that apply to messages, attachments, and other content shared in Kaizala groups. Setting a 10-year retention period ensures customer information shared through Kaizala is preserved for the required compliance duration.
Retention policies for Kaizala operate continuously preserving group content even when users delete messages or leave groups. The policy ensures all communications and shared content remain accessible through eDiscovery and content search tools supporting compliance investigations, customer service reviews, and regulatory audits. Messages containing customer information receive long-term preservation matching customer data retention requirements.
Organizations using Kaizala for customer engagement must implement retention policies ensuring customer communications are preserved according to regulatory requirements. Industries like financial services, healthcare, and telecommunications often have specific customer communication retention mandates. The retention policy provides automated compliance with these requirements eliminating reliance on manual data archival processes.
Configuration involves creating retention policies in Microsoft Purview compliance portal selecting Kaizala as the target location and specifying the 10-year retention period. The policy applies organization-wide to all Kaizala groups or can be scoped to specific groups containing customer information. Organizations should clearly communicate retention policies to Kaizala users ensuring they understand that customer communications are subject to long-term preservation.
Option B is incorrect because Kaizala group retention settings are configured through Microsoft 365 retention policies rather than Kaizala-specific settings. Option C is incorrect because Azure storage retention is infrastructure-level and Kaizala content retention requires Microsoft 365 retention policies. Option D is incorrect because Kaizala compliance policy is implemented through Microsoft 365 retention policies in Purview compliance portal.
Question 195:
You need to prevent users from using personal Microsoft accounts to authenticate to Azure AD-connected applications. What should you configure?
A) Azure AD tenant restrictions
B) Conditional Access policy blocking consumer accounts
C) Azure AD authentication methods policy
D) Azure AD external identities settings
Answer: A
Explanation:
Azure AD tenant restrictions provide network-level controls preventing users from authenticating to Azure AD-connected applications using personal Microsoft accounts or accounts from unauthorized organizations. This feature works by configuring network infrastructure to insert HTTP headers into outbound authentication traffic instructing Azure AD to restrict authentication to approved tenant IDs. When users attempt to sign in with personal Microsoft accounts or business accounts from unapproved organizations, Azure AD blocks authentication based on tenant restriction headers.
Implementation requires configuring network proxies or firewalls to add specific headers to HTTPS traffic destined for Microsoft authentication endpoints. These headers specify which Azure AD tenant IDs are permitted for authentication from your corporate network. When users attempt to authenticate to Microsoft applications, Azure AD evaluates tenant restriction headers and permits authentication only for accounts from approved tenants. Personal Microsoft accounts and accounts from unauthorized organizations receive authentication failures.
Tenant restrictions prevent data exfiltration scenarios where users might authenticate to Microsoft services with personal accounts and upload corporate data to personal cloud storage. The restrictions apply regardless of which device users employ making them effective for both corporate and personal devices connected to corporate networks. Users attempting to access SharePoint, OneDrive, Teams, or other Microsoft 365 services with personal accounts are blocked ensuring only organizational accounts access corporate resources.
Organizations implementing tenant restrictions must maintain lists of approved tenant IDs including any partner organizations with legitimate B2B collaboration relationships. The restrictions should be tested thoroughly ensuring legitimate business workflows are not disrupted while unauthorized account usage is effectively blocked.
Option B is incorrect because Conditional Access policies cannot directly distinguish and block personal Microsoft accounts as a distinct account type during authentication. Option C is incorrect because authentication methods policy controls which authentication methods users can register but does not block personal account authentication. Option D is incorrect because external identities settings control guest capabilities but do not prevent personal Microsoft account authentication from corporate networks.
Question 196:
Your company wants to automatically classify all presentations containing quarterly financial results. What should you implement?
A) Trainable classifier for financial presentations with sensitivity labels
B) Keyword-based classification for financial content
C) PowerPoint template with financial classification
D) SharePoint content type for financial presentations
Answer: A
Explanation:
Trainable classifier for financial presentations with sensitivity labels provides machine learning-based classification automatically identifying presentations containing quarterly financial results based on content characteristics rather than simple keyword matching. You create custom trainable classifiers by providing sample quarterly financial presentations that train machine learning models to recognize financial presentation patterns including chart types, financial metric layouts, quarterly comparison tables, and financial terminology combinations. Once trained, the classifier automatically detects financial presentations and applies appropriate labels.
Trainable classifiers understand presentation context and structure enabling accurate identification of financial results presentations even when specific terminology varies across quarters or business units. The machine learning approach detects distinctive features like revenue charts, profit margins, year-over-year comparisons, and quarterly performance summaries that characterize financial presentations. This contextual understanding provides superior accuracy compared to keyword-based methods that miss presentations without specific terms or generate false positives.
When you configure auto-labeling policies using trained classifiers, the system continuously analyzes presentations across SharePoint, OneDrive, and Exchange automatically applying sensitivity labels to identified financial presentations. The labels can include protection settings like encryption ensuring only authorized personnel access sensitive quarterly financial results. Automatic classification ensures consistent handling of financial presentations without depending on users to recognize and classify them manually.
Organizations benefit from automated financial presentation classification by ensuring these sensitive documents receive appropriate security controls and retention settings. Quarterly financial results often contain confidential performance data, strategic financial planning, or competitive financial information requiring special protection. Automatic classification guarantees all financial presentations are identified and protected regardless of where they are created or stored.
Option B is incorrect because keyword-based classification uses simple text matching that misses presentations without specific keywords or generates false positives for non-financial presentations mentioning financial terms. Option C is incorrect because PowerPoint templates organize presentation creation but do not automatically detect and classify existing financial presentations. Option D is incorrect because SharePoint content types organize documents within SharePoint but do not automatically detect and classify presentations across Microsoft 365.
Question 197:
You need to ensure that all Microsoft Project files are automatically versioned with major versions retained for 100 revisions. What should you configure?
A) SharePoint document library versioning for Project files
B) Project Online versioning settings
C) Microsoft 365 retention policy for Project
D) Project file management policy
Answer: A
Explanation:
SharePoint document library versioning for Project files provides comprehensive version control ensuring Project files stored in SharePoint receive automatic versioning with configurable major version retention. When Project files are saved to SharePoint document libraries, you configure library versioning settings specifying that major versions should be created and that the last 100 major versions should be retained. This ensures extensive version history for Project files supporting project management needs for historical tracking and recovery.
Document library versioning creates new version entries each time users save changes to Project files stored in the library. Each version captures the complete file state at the time of saving including all tasks, dependencies, resource assignments, and scheduling information. The version history records who made changes, when modifications occurred, and optionally includes check-in comments explaining the changes. By setting the major version limit to 100, Project files maintain extensive historical records.
Project managers benefit from comprehensive versioning by being able to review project plan evolution, compare current plans against earlier baselines, and recover previous planning states if current changes prove problematic. The 100-version retention ensures even complex projects with frequent updates maintain sufficient historical depth. Organizations can adjust version retention based on project complexity and change frequency ensuring appropriate version history without excessive storage consumption.
Configuration involves accessing document library settings where Project files are stored and enabling versioning with major version tracking configured to retain 100 versions. The setting applies specifically to that library allowing different libraries to have different versioning policies based on content requirements. Library administrators can modify versioning settings adjusting retention limits as project management needs evolve.
Option B is incorrect because Project Online versioning settings may provide some versioning but comprehensive file versioning requires SharePoint document library configuration. Option C is incorrect because Microsoft 365 retention policy manages content lifecycle but does not provide file versioning capabilities. Option D is incorrect because project file management policy is not a specific feature requiring SharePoint versioning configuration.
Question 198:
Your organization needs to prevent users from forwarding Teams meeting invitations with confidential classification to external attendees. What should you configure?
A) Sensitivity label with forwarding restriction for meeting invitations
B) Teams meeting policy with external forwarding restrictions
C) Information Rights Management for calendar items
D) Conditional Access policy for Teams meetings
Answer: A
Explanation:
Sensitivity label with forwarding restriction for meeting invitations provides content-based protection preventing users from forwarding confidential meeting invitations to external recipients. When you configure sensitivity labels that detect confidential keywords or classifications in meeting subjects or descriptions through auto-labeling rules, you can apply protection settings that restrict forwarding and external sharing. The label enforcement ensures confidential meeting invitations remain within intended internal audience without unauthorized external distribution.
Label protection uses encryption and usage rights to enforce forwarding restrictions. When users create meeting invitations containing confidential information, auto-labeling policies apply labels with protection that prevents forwarding to external email addresses. Users attempting to add external attendees to protected meetings or forward invitations receive error messages explaining that invitation classification prevents external sharing. The restriction ensures sensitive meeting discussions remain internal only.
Auto-labeling for calendar items supports condition-based application using attributes like meeting subject keywords, organizer identity, or content patterns. For confidential meetings, you configure policies that detect classification keywords like confidential, internal only, or restricted in meeting subjects automatically applying appropriate labels with forwarding restrictions. The automation ensures consistent protection without relying on users to manually classify meeting invitations.
Organizations implementing meeting invitation restrictions should communicate policies clearly to users explaining when meetings require confidential classification and what restrictions apply. Alternative approaches for external collaboration such as creating separate non-confidential meetings for external participation should be provided. This balanced approach protects sensitive internal discussions while maintaining necessary external engagement capabilities.
Option B is incorrect because Teams meeting policy controls meeting features but forwarding restrictions for classified invitations require sensitivity label protection. Option C is incorrect because Information Rights Management can protect calendar items but sensitivity labels provide modern protection approaches with better integration. Option D is incorrect because Conditional Access controls access conditions but does not enforce content-level forwarding restrictions for meeting invitations.
Question 199:
You need to delegate the ability to manage Azure AD application registrations without granting directory-level administrative permissions. Which role should you assign?
A) Application Administrator
B) Cloud Application Administrator
C) Application Developer
D) Global Administrator
Answer: A
Explanation:
Application Administrator role provides comprehensive permissions to manage all aspects of application registrations in Azure AD including creating applications, configuring application properties, managing certificates and secrets, and assigning application permissions. Users assigned this role can manage enterprise applications and application registrations supporting application integration initiatives without requiring directory-level administrative access. The role enables application management without granting unnecessary privileges over users, groups, or other directory objects.
Application Administrators can register new applications for organizational use, configure application authentication settings, manage application certificates and client secrets, grant application permissions to access Microsoft Graph and other APIs, and manage enterprise application properties. They can configure single sign-on settings, assign users and groups to applications, and manage application proxy settings. The comprehensive application management capabilities support application lifecycle from registration through configuration and deployment.
The role separation ensures application management does not require elevation to roles with user management or security configuration capabilities. Application Administrators focus on integrating applications with Azure AD managing OAuth consent, SAML configurations, and API permissions without accessing user accounts or organizational security policies. This supports principle of least privilege while enabling effective application integration.
Application Administrators access Azure AD portal application registration interfaces where they create and manage applications. They can configure redirect URIs, manage authentication requirements, configure token lifetimes, and implement application security best practices. The role provides sufficient capabilities for comprehensive application lifecycle management without unnecessary directory administrative privileges.
Option B is incorrect because Cloud Application Administrator has similar permissions but with some limitations compared to Application Administrator making Application Administrator more appropriate for comprehensive application management. Option C is incorrect because Application Developer can create application registrations but lacks comprehensive management capabilities for existing applications. Option D is incorrect because Global Administrator has unlimited permissions far exceeding application management requirements violating least privilege principles.
Question 200:
Your company wants to ensure that all Microsoft Sway presentations containing customer testimonials are retained for 15 years. What should you configure?
A) Microsoft 365 retention policy for Sway
B) Sway content retention settings
C) SharePoint retention for Sway storage
D) Sway presentation lifecycle policy
Answer: A
Explanation:
Microsoft 365 retention policy for Sway provides automated lifecycle management ensuring Sway presentations are preserved according to organizational compliance requirements. When you create retention policies in Microsoft Purview targeting Sway locations, you configure retention periods that apply to all Sway presentations created by users in the organization. Setting a 15-year retention period ensures customer testimonial presentations are preserved for the required compliance duration supporting customer relationship documentation and regulatory requirements.
Retention policies for Sway operate continuously preserving presentation content even when users delete Sway presentations or modify content. The policy ensures all presentations and their content including text, images, embedded media, and customer testimonials remain accessible through eDiscovery and content search tools. This preservation supports compliance investigations, customer service reviews, and marketing effectiveness analysis where historical customer testimonials provide valuable evidence.
Organizations using Sway for customer engagement and testimonial presentations must implement retention policies ensuring customer-related content is preserved according to business and regulatory requirements. Customer testimonials often serve as important business records demonstrating product effectiveness, customer satisfaction, and service quality. The retention policy provides automated compliance with preservation requirements eliminating reliance on manual content archival processes.
Configuration involves creating retention policies in Microsoft Purview compliance portal selecting Sway as the target location and specifying the 15-year retention period. The policy applies organization-wide to all Sway presentations or can be scoped to specific users whose Sway presentations contain customer testimonials. Organizations should clearly communicate retention policies to content creators ensuring they understand customer testimonial presentations are subject to long-term preservation.
Option B is incorrect because Sway content retention settings are configured through Microsoft 365 retention policies rather than Sway-specific settings. Option C is incorrect because while Sway content may be stored in SharePoint infrastructure, Sway-specific retention requires targeting Sway locations in retention policies. Option D is incorrect because Sway presentation lifecycle policy is implemented through Microsoft 365 retention policies in Purview compliance portal.
