Visit here for our full Microsoft MS-102 exam dumps and practice test questions.
Question 161:
Your company wants to ensure that all SharePoint document sets automatically inherit retention labels from their parent library. What should you configure?
A) Default retention label for document library with inheritance settings
B) Document set content type configuration
C) SharePoint information management policy
D) Retention label auto-application based on location
Answer: A
Explanation:
Default retention label for document library with inheritance settings provides automated label application ensuring all documents and document sets within a library receive consistent retention treatment. When you configure a default label for a SharePoint document library, you specify which retention label should automatically apply to all new items added to the library including documents, folders, and document sets. The inheritance ensures document sets and their contents receive appropriate retention without requiring manual label application.
Document sets are specialized content types that group related documents together with shared metadata and workflows. When a default retention label is configured at the library level, document sets created in that library automatically receive the label. The label then governs retention behavior for the entire document set ensuring all contained documents follow the same retention schedule even if the document set is moved to other locations within SharePoint.
Default label configuration in library settings includes options for allowing users to change or remove the applied label or locking the label to prevent modification. For compliance scenarios requiring strict retention, organizations configure locked default labels ensuring users cannot remove or downgrade retention classifications. This provides strong governance ensuring document sets containing important records receive mandatory retention treatment.
The approach simplifies retention management by applying labels at the library level rather than requiring individual label application for each document set. As users create document sets for projects, cases, or other business processes, they automatically receive appropriate retention based on the library’s purpose and content classification. This reduces user burden and ensures consistent compliance across content repositories.
Option B is incorrect because document set content type configuration defines document set structure and metadata but default library labels provide retention inheritance. Option C is incorrect because information management policies are legacy features replaced by retention labels in modern SharePoint. Option D is incorrect because while auto-application based on location can apply labels, default library labels specifically address inheritance to document sets and their contents.
Question 162:
You need to prevent users from using Microsoft Whiteboard to collaborate with external guests. What should you configure?
A) Whiteboard sharing policy restricting external collaboration
B) Azure AD guest access restrictions
C) Conditional Access policy for Whiteboard
D) Microsoft 365 group external sharing settings
Answer: A
Explanation:
Whiteboard sharing policy restricting external collaboration provides direct control over whether users can share whiteboards with people outside the organization. In the Whiteboard admin settings accessible through PowerShell or admin interfaces, you configure organization-wide policies that determine whether whiteboard sharing is permitted with external users. When you disable external sharing, users can only share whiteboards with other users from your organization preventing collaboration with external guests.
The policy applies to all whiteboard sharing attempts across the organization providing consistent enforcement regardless of which device or platform users employ to access Whiteboard. When users attempt to share whiteboards with external email addresses, the sharing operation fails with messages explaining that organizational policy prevents external whiteboard sharing. Existing whiteboards shared with external guests before policy implementation may require cleanup to remove external access.
Whiteboard external sharing restrictions help organizations maintain control over collaborative content ensuring sensitive information discussed or documented in whiteboards remains within organizational boundaries. Whiteboards often contain strategic planning, design discussions, or confidential brainstorming that should not be accessible to external parties. The sharing restriction prevents accidental or intentional disclosure of this content to competitors, unauthorized partners, or other external entities.
Organizations implementing external sharing restrictions should provide alternative collaboration tools for scenarios legitimately requiring external participation such as scheduled Teams meetings where external guests can view whiteboards during sessions without receiving persistent access. This balances security requirements with practical collaboration needs while maintaining policy enforcement.
Option B is incorrect because Azure AD guest access restrictions control directory visibility and guest capabilities broadly but Whiteboard sharing requires specific application policy configuration. Option C is incorrect because Conditional Access policies control application access conditions but do not restrict sharing features within applications. Option D is incorrect because Microsoft 365 group external sharing settings affect group-connected resources but Whiteboard sharing is controlled through Whiteboard-specific policies.
Question 163:
Your organization needs to ensure that all documents stored in OneDrive are encrypted with customer-managed keys. What should you configure?
A) Customer Key for Microsoft 365 with OneDrive coverage
B) Azure Information Protection customer-managed keys
C) OneDrive encryption settings
D) Sensitivity labels with customer-managed encryption
Answer: A
Explanation:
Customer Key for Microsoft 365 with OneDrive coverage provides the capability to control encryption keys used to encrypt data at rest in OneDrive ensuring organizations maintain authority over encryption key management. When you configure Customer Key, you provide your own encryption keys stored in Azure Key Vault that Microsoft uses to encrypt OneDrive content. This additional encryption layer complements Microsoft’s standard encryption providing enhanced control over data protection.
Customer Key implementation requires appropriate Microsoft 365 subscription levels and involves creating Data Encryption Policies that specify which OneDrive accounts or groups of accounts should be encrypted with customer-managed keys. Once deployed, all files stored in covered OneDrive accounts are encrypted using your provided keys ensuring Microsoft cannot access your data without your keys. This addresses compliance requirements in highly regulated industries requiring customer control over encryption keys.
The encryption operates transparently to users who continue accessing OneDrive normally while data at rest receives enhanced protection through customer-managed keys. Organizations maintain keys in their own Azure Key Vault instances retaining full control over key lifecycle including rotation, revocation, and access policies. If necessary, organizations can revoke key access preventing anyone including Microsoft from decrypting data.
Customer Key deployment requires careful planning including key management procedures, disaster recovery planning for key availability, and understanding the operational implications of customer-managed encryption. Organizations must ensure keys remain available for Microsoft 365 to access when users need data or service operations encounter technical issues requiring Microsoft support intervention with proper authorization.
Option B is incorrect because Azure Information Protection uses encryption for document protection but OneDrive at-rest encryption requires Customer Key configuration. Option C is incorrect because OneDrive encryption settings are not directly configurable; customer-managed encryption requires Customer Key implementation. Option D is incorrect because sensitivity labels provide document-level encryption but OneDrive storage encryption requires Customer Key rather than label-based protection.
Question 164:
You need to ensure that administrative actions in Azure AD are logged and cannot be deleted. What should you configure?
A) Azure AD audit log retention with immutable storage
B) Azure AD activity logs export to Azure Monitor
C) Privileged Identity Management audit settings
D) Azure AD administrative unit audit policy
Answer: B
Explanation:
Azure AD activity logs export to Azure Monitor provides comprehensive logging of administrative actions with long-term retention and immutability options ensuring audit trails cannot be deleted or modified. When you configure diagnostic settings in Azure AD to stream audit logs, sign-in logs, and provisioning logs to Azure Monitor Log Analytics workspace, you create durable audit records outside Azure AD where retention policies and access controls prevent unauthorized deletion.
Once logs are exported to Log Analytics workspace, you can configure extended retention periods exceeding the standard Azure AD audit log retention limits. The workspace supports retention periods up to several years and can be configured with immutable storage policies preventing deletion even by administrators. This ensures complete audit trails remain available for compliance investigations, security analysis, and forensic examination regardless of administrative actions within Azure AD itself.
Azure Monitor provides advanced querying capabilities through Kusto Query Language allowing security teams to analyze administrative actions, identify suspicious patterns, correlate activities across services, and generate compliance reports. The centralized logging infrastructure integrates Azure AD administrative actions with logs from other Azure services and applications providing comprehensive visibility into cloud infrastructure management.
Organizations benefit from exporting logs to immutable storage for compliance with regulatory requirements mandating tamper-proof audit trails. Financial services, healthcare, and government organizations often require demonstrating that audit logs cannot be altered or deleted ensuring evidence integrity for compliance audits. The exported logs satisfy these requirements while providing superior analysis capabilities compared to native Azure AD audit interfaces.
Option A is incorrect because Azure AD audit logs have limited native retention and lack built-in immutable storage; exporting to Azure Monitor provides immutability. Option C is incorrect because Privileged Identity Management audit tracks role activations but comprehensive Azure AD administrative action logging requires full audit log export. Option D is incorrect because administrative units are organizational containers rather than audit mechanisms; comprehensive logging requires exporting Azure AD audit logs to Azure Monitor.
Question 165:
Your company wants to automatically classify emails based on sender department and apply appropriate retention labels. What should you configure?
A) Auto-apply retention label policy using sender attributes
B) Mail flow rule with retention label application
C) Exchange Online retention policy with department filtering
D) Sensitivity label auto-labeling for department-based classification
Answer: A
Explanation:
Auto-apply retention label policy using sender attributes provides automated classification of emails based on sender properties like department affiliation ensuring communications receive appropriate retention without manual label application. When you create auto-apply policies in Microsoft Purview, you can configure conditions that evaluate sender Azure AD attributes including department, location, title, or custom attributes. Emails from senders matching specific department criteria automatically receive designated retention labels.
The policy evaluates emails as they arrive in recipient mailboxes applying retention labels based on sender department information retrieved from Azure AD user profiles. For example, emails from finance department members might receive 7-year retention labels matching financial record retention requirements, while emails from general staff receive shorter retention periods. This automated classification ensures department-specific retention policies are enforced consistently across all communications.
Auto-apply policies operate continuously processing both new emails and existing mailbox content based on policy scope configuration. Organizations can create multiple auto-apply policies with different retention periods for different departments ensuring each business unit’s communications receive retention treatment matching their regulatory and business requirements. The automation eliminates manual classification burden and ensures comprehensive compliance.
The policy configuration includes simulation capabilities allowing administrators to preview which emails will receive labels before full policy deployment. This testing phase helps verify that department-based criteria correctly identify intended communications and apply appropriate retention labels. Once deployed, the policy generates reports showing how many emails received labels and tracks policy application progress across mailboxes.
Option B is incorrect because mail flow rules process messages in transit but do not directly apply retention labels based on sender attributes. Option C is incorrect because Exchange retention policies apply broadly rather than using sender department attributes for targeted label application. Option D is incorrect because sensitivity labels focus on information protection and classification rather than retention-specific labeling based on sender departments.
Question 166:
You need to delegate the ability to manage Exchange Online mail flow rules without granting full Exchange administration permissions. Which role should you assign?
A) Hygiene Management
B) Records Management
C) Transport Rules role
D) Exchange Administrator
Answer: A
Explanation:
Hygiene Management role provides specific permissions to manage mail flow rules in Exchange Online along with quarantine management and anti-spam policy configuration without granting comprehensive Exchange administrative capabilities. Users assigned this role can create, modify, and delete mail flow rules that process messages as they flow through Exchange Online. The role enables management of message routing, policy enforcement, and compliance rules without broader permissions to manage mailboxes, recipients, or organizational Exchange settings.
Mail flow rule management includes creating rules with conditions that evaluate message properties like sender, recipient, subject content, or attachment characteristics, and configuring actions such as redirecting messages, adding disclaimers, modifying message properties, or blocking delivery. Hygiene Management role holders can implement organizational email policies ensuring messages are processed according to business and compliance requirements without requiring full Exchange Administrator privileges.
The role separation ensures mail flow management responsibilities do not grant unnecessary access to user mailboxes, recipient management, or Exchange infrastructure configuration. Organizations can delegate rule management to messaging specialists or compliance personnel who need to enforce email policies without elevation to full Exchange administration. This supports principle of least privilege while enabling effective email governance.
Hygiene Management role also includes permissions to manage quarantine allowing release of quarantined messages and configuration of spam filter policies. This combination of mail flow and hygiene management makes the role suitable for email security operations personnel who handle policy enforcement and message filtering without requiring access to other Exchange administrative functions.
Option B is incorrect because Records Management focuses on retention and records lifecycle management rather than mail flow rule administration. Option C is incorrect because while conceptually correct, the specific built-in role that includes mail flow rule permissions is Hygiene Management. Option D is incorrect because Exchange Administrator has comprehensive Exchange permissions far exceeding mail flow rule management requirements.
Question 167:
Your organization needs to prevent users from creating Power BI reports that connect to on-premises data sources. What should you configure?
A) Power BI gateway restrictions with data source blocking
B) Power Platform DLP policy blocking on-premises connectors
C) Conditional Access policy for Power BI
D) Azure AD application permissions for Power BI
Answer: B
Explanation:
Power Platform DLP policy blocking on-premises connectors provides governance controls preventing Power BI reports from accessing on-premises data sources by restricting or blocking connectors used for on-premises connectivity. When you configure DLP policies for Power Platform, you classify connectors into categories and define rules about connector usage. By blocking or restricting on-premises data gateway connectors, you prevent reports from establishing connections to on-premises SQL servers, file shares, or other local data sources.
DLP policies apply to Power BI dataflows, datasets, and reports ensuring users cannot create or refresh content using prohibited on-premises connections. When users attempt to configure data sources using blocked connectors, they receive error messages explaining that organizational policy prevents using those connectors. Existing reports using on-premises connections may fail to refresh until modified to use approved data sources.
Organizations implement on-premises connector restrictions to encourage cloud data migration, reduce dependency on legacy data infrastructure, or prevent security risks associated with on-premises connectivity. The policy can be phased with exceptions for approved users or scenarios while generally restricting on-premises access. This supports gradual migration strategies where legacy on-premises connections are eliminated over time.
Power BI gateway restrictions combined with DLP policies provide comprehensive control over data source access ensuring reports rely on approved cloud data sources with appropriate security controls and monitoring. The policy enforcement applies regardless of which workspace or environment users work in providing consistent governance across the Power BI tenant.
Option A is incorrect because Power BI gateway restrictions control gateway infrastructure but DLP policies provide the comprehensive connector blocking needed to prevent on-premises connections at policy level. Option C is incorrect because Conditional Access policies control access to Power BI service but do not restrict data source connectors used within reports. Option D is incorrect because Azure AD application permissions control application authorization but do not block specific connector usage in Power BI.
Question 168:
You need to ensure that all SharePoint sites created for legal matters have litigation hold automatically applied. What should you configure?
A) Site design with legal hold provisioning script
B) eDiscovery hold policy with adaptive scope for legal sites
C) SharePoint retention policy for legal content
D) Microsoft 365 group creation policy with hold application
Answer: B
Explanation:
eDiscovery hold policy with adaptive scope for legal sites provides automated litigation hold application ensuring all SharePoint sites associated with legal matters are preserved without requiring manual hold placement for each site. When you create eDiscovery cases and configure hold policies with adaptive scopes, you define query-based logic that identifies legal matter sites based on properties like naming conventions, sensitivity labels, or membership in specific groups. The hold policy automatically applies to all matching sites preserving content.
Adaptive scope evaluation occurs continuously updating hold coverage as new legal matter sites are created or existing sites change classification. This ensures comprehensive content preservation matching legal hold requirements without administrative overhead of tracking and updating holds manually. All documents, pages, and list items in legal matter sites are preserved even when users delete content ensuring evidence remains available for litigation.
eDiscovery holds configured through adaptive scopes provide the legal defensibility required for litigation scenarios. The holds prevent permanent deletion of any content and maintain detailed records of all hold placements and modifications. This audit trail demonstrates that organizations took appropriate steps to preserve relevant evidence when legal obligations arose.
Organizations can create multiple hold policies with different scopes for different types of legal matters ensuring each case receives appropriate preservation. The hold policies integrate with eDiscovery search capabilities allowing legal teams to identify relevant content across held sites and export materials for attorney review. The comprehensive approach ensures litigation preparedness and compliance with evidence preservation duties.
Option A is incorrect because site designs provision configurations during site creation but do not provide dynamic hold application based on ongoing site classification. Option C is incorrect because SharePoint retention policies provide lifecycle management but eDiscovery holds offer specific litigation hold capabilities with legal preservation requirements. Option D is incorrect because Microsoft 365 group creation policy does not directly apply eDiscovery holds; holds require eDiscovery case configuration with appropriate scope definitions.
Question 169:
Your company wants to ensure that all Microsoft Planner tasks are automatically archived after plan completion. What should you configure?
A) Power Automate flow with Planner archival actions
B) Microsoft 365 retention policy for Planner
C) Planner plan lifecycle settings
D) Microsoft 365 group archive policy
Answer: A
Explanation:
Power Automate flow with Planner archival actions provides customizable automation to archive completed Planner tasks and plans ensuring historical project data is preserved in accessible formats like SharePoint lists or document libraries. Microsoft Planner itself lacks built-in archival capabilities that automatically move completed plans to long-term storage. Power Automate bridges this gap by providing workflow automation that detects plan completion and executes archival processes.
When you create a Power Automate flow for Planner archival, you configure triggers that detect when plans reach completion status such as all tasks being marked complete or plans being manually flagged for archival. The flow then extracts task details including titles, assignments, due dates, completion status, and comments, formatting this information for storage. The flow creates comprehensive records in SharePoint lists, exports data to Excel files, or generates summary documents preserving project history.
Archival automation ensures completed project information remains accessible for future reference, lessons learned analysis, and compliance purposes without cluttering active Planner workspaces. Organizations benefit from maintaining historical project records that inform future planning and provide evidence of project execution for audits or reviews. The automated approach eliminates manual export processes reducing administrative burden while ensuring consistent archival practices.
Power Automate flows support complex archival logic including conditional archival based on plan properties, notifications to stakeholders when archival occurs, and integration with document management systems where archived project records are categorized and indexed. Organizations can implement retention policies on archived content ensuring long-term preservation matching business requirements.
Option B is incorrect because Microsoft 365 retention policies for Planner preserve content for compliance but do not provide active archival that organizes and formats completed plan data for future reference. Option C is incorrect because Planner plan lifecycle settings do not include built-in archival capabilities requiring Power Automate for automated archival processes. Option D is incorrect because Microsoft 365 group archive policy affects group status but does not specifically archive Planner task data in accessible formats.
Question 170:
You need to prevent users from accessing Microsoft Stream videos from non-corporate networks. What should you configure?
A) Conditional Access policy with location-based restrictions for Stream
B) Stream video access permissions
C) Azure AD network location policies
D) Stream sharing settings
Answer: A
Explanation:
Conditional Access policy with location-based restrictions for Stream provides identity-based access control that evaluates user network location during authentication and blocks Stream access when users connect from outside defined corporate networks. When you create a Conditional Access policy targeting Microsoft Stream as the cloud application, you configure location conditions using named locations representing corporate network IP address ranges. The policy blocks access when users authenticate from locations not matching corporate networks.
Named locations in Azure AD represent trusted network boundaries such as office locations, VPN endpoints, or approved remote access infrastructure. When users attempt to access Stream from IP addresses outside these named locations, the Conditional Access policy evaluates the authentication request and denies access with messages explaining that organizational policy restricts Stream access to corporate networks. Users on corporate networks including remote workers connected through VPN can access Stream normally.
Location-based access control helps organizations protect sensitive video content from unauthorized viewing outside controlled environments. Training videos, executive communications, or confidential presentations stored in Stream receive additional protection ensuring viewing occurs only from networks where security controls and monitoring are in place. The policy prevents users from accessing corporate video content from home networks, public WiFi, or other potentially insecure locations.
Organizations implementing location restrictions should consider legitimate remote access scenarios providing approved VPN or remote access solutions that place users within corporate network boundaries. The policy can include exceptions for specific users who require Stream access regardless of location while maintaining restrictions for general users. Regular review of named location definitions ensures network changes are reflected in access policies.
Option B is incorrect because Stream video access permissions control who can view videos but do not restrict access based on network location requiring Conditional Access for location-based control. Option C is incorrect because Azure AD network location policies are configured through Conditional Access named locations rather than separate policy mechanisms. Option D is incorrect because Stream sharing settings control video sharing capabilities but do not enforce network-based access restrictions.
Question 171:
Your organization needs to ensure that all Power Apps canvas apps undergo accessibility compliance checks before deployment. What should you configure?
A) Power Apps accessibility checker with mandatory validation
B) Power Platform environment deployment gates
C) Azure AD application compliance policy
D) Power Apps solution checker requirements
Answer: A
Explanation:
Power Apps accessibility checker with mandatory validation provides built-in analysis tools that evaluate canvas apps against accessibility standards ensuring applications are usable by people with disabilities. When you develop canvas apps in Power Apps Studio, the accessibility checker analyzes app design identifying issues like missing alternative text for images, insufficient color contrast, missing labels for controls, or navigation problems that affect screen reader compatibility. Making accessibility checks mandatory before deployment ensures all published apps meet organizational accessibility standards.
The accessibility checker evaluates apps against WCAG guidelines and Microsoft accessibility standards highlighting violations with severity ratings and remediation guidance. Developers receive detailed reports showing which controls require fixes, what accessibility issues exist, and how to address problems. Organizations can establish policies requiring developers to resolve all high-severity accessibility issues before apps can be published to production environments.
Accessibility compliance ensures applications are inclusive and usable by all employees including those with visual, auditory, motor, or cognitive disabilities. Organizations with accessibility obligations under laws like ADA, Section 508, or similar regulations benefit from systematic accessibility validation preventing deployment of non-compliant applications. The proactive approach reduces risk of accessibility complaints and ensures applications provide equitable access.
Implementation involves establishing organizational processes where developers run accessibility checker during development, resolve identified issues, and document compliance before submitting apps for deployment approval. Review workflows can require accessibility compliance certification as a gate before production deployment. Regular training on accessibility best practices helps developers create compliant apps from the start reducing remediation effort.
Option B is incorrect because Power Platform environment deployment gates can include approvals but specific accessibility validation requires using Power Apps accessibility checker. Option C is incorrect because Azure AD application compliance policy addresses application authorization rather than canvas app accessibility compliance. Option D is incorrect because Power Apps solution checker focuses on performance and reliability issues rather than comprehensive accessibility compliance validation.
Question 172:
You need to ensure that deleted Microsoft Bookings calendars can be recovered for 60 days. What should you configure?
A) Microsoft 365 group soft-delete retention for Bookings
B) Bookings calendar backup policy
C) Azure AD deleted object retention
D) Bookings recovery settings
Answer: A
Explanation:
Microsoft 365 group soft-delete retention for Bookings provides recovery capabilities for deleted Bookings calendars since each Bookings calendar is associated with a Microsoft 365 group. When users delete Bookings calendars, the underlying groups are soft-deleted and retained for 30 days by default in Azure AD’s deleted groups container. During this retention period, administrators can restore deleted groups which recreates the associated Bookings calendars with all appointments, staff assignments, and configuration settings intact.
The soft-delete mechanism ensures accidental deletion of Bookings calendars does not result in permanent data loss. Business owners who mistakenly delete booking pages can contact administrators who restore the deleted groups through Azure AD admin center or PowerShell commands. Restoration recovers the complete Bookings configuration including service offerings, staff schedules, customer booking history, and business information eliminating the need to recreate calendars from scratch.
Organizations benefit from soft-delete protection during business transitions where Bookings calendars might be temporarily disabled but later needed again. The retention period provides time to recognize deletion errors and initiate recovery before permanent deletion occurs. Administrators should monitor deleted groups regularly identifying Bookings-related groups that may need restoration before retention expires.
While the default retention period is 30 days, organizations requiring 60-day recovery capability should implement additional backup processes or use third-party backup solutions that capture Bookings data at longer intervals. The native soft-delete provides baseline protection suitable for most accidental deletion scenarios within the 30-day window.
Option B is incorrect because Bookings calendar backup policy is not a built-in feature; recovery relies on Microsoft 365 group soft-delete mechanism. Option C is incorrect because Azure AD deleted object retention is the underlying mechanism but understanding that Bookings uses Microsoft 365 groups is essential for recovery. Option D is incorrect because Bookings recovery settings are not separately configurable; recovery depends on group soft-delete retention.
Question 173:
Your company wants to automatically classify documents containing employee performance reviews. What should you implement?
A) Trainable classifier for performance reviews with sensitivity labels
B) Keyword-based document classification
C) SharePoint content type for performance reviews
D) Retention label with manual classification
Answer: A
Explanation:
Trainable classifier for performance reviews with sensitivity labels provides machine learning-based document classification that automatically identifies performance review documents based on content characteristics rather than simple keyword matching. You can create custom trainable classifiers by providing sample performance review documents that train machine learning models to recognize review patterns including document structure, evaluation sections, rating scales, and performance-related terminology. Once trained, the classifier automatically detects performance reviews across Microsoft 365 and applies appropriate sensitivity labels.
Trainable classifiers understand document context and structure enabling accurate identification of performance reviews even when specific wording varies across departments or review cycles. The machine learning approach detects distinctive features like manager comments sections, employee self-assessments, goal achievement ratings, and development plan sections that characterize performance reviews. This contextual understanding provides superior accuracy compared to keyword-based methods that generate false positives when performance-related terms appear in non-review documents.
When you configure auto-labeling policies using the trained classifier, the system continuously analyzes documents across SharePoint, OneDrive, and Exchange automatically applying sensitivity labels to identified performance reviews. The labels can include protection settings like encryption ensuring only authorized personnel access sensitive employee evaluations. Automatic classification ensures consistent handling of performance reviews without depending on managers or HR staff to recognize and classify documents manually.
Organizations benefit from automated performance review classification by ensuring these sensitive HR documents receive appropriate security controls and retention settings. Performance reviews often contain confidential employee information requiring special protection and long-term retention for employment records. Automatic classification guarantees all performance reviews are identified and protected regardless of where they are created or stored.
Option B is incorrect because keyword-based document classification uses simple text matching that misses reviews without specific keywords or generates false positives for documents mentioning performance terms. Option C is incorrect because SharePoint content types organize documents within SharePoint but do not automatically detect and classify performance reviews across Microsoft 365 workloads. Option D is incorrect because retention label with manual classification relies on user action leading to inconsistent application and overlooked performance reviews.
Question 174:
You need to delegate the ability to manage Microsoft 365 message center posts without granting other administrative permissions. Which role should you assign?
A) Message Center Reader
B) Service Support Administrator
C) Global Administrator
D) Reports Reader
Answer: A
Explanation:
Message Center Reader role provides specific permissions to view and manage message center posts that announce new features, service changes, planned maintenance, and important updates affecting the Microsoft 365 tenant. Users assigned this role can access the message center in the Microsoft 365 admin center where they read announcements from Microsoft, mark messages as read, favorite important messages, and share message center posts with other users. The role enables staying informed about Microsoft 365 changes without granting broader administrative capabilities.
Message center communications provide advance notice of upcoming changes allowing organizations to prepare for new features, understand service modifications, and plan user communications about Microsoft 365 updates. Message Center Readers can monitor these announcements and coordinate organizational change management ensuring IT teams and end users are prepared when changes roll out. The role supports dedicated change management personnel who need visibility into Microsoft’s product roadmap without requiring access to configuration settings.
Organizations benefit from delegating message center access to communications specialists or service owners who translate Microsoft announcements into user-friendly communications for organizational audiences. These readers can identify changes requiring user training, technical preparation, or policy updates and coordinate appropriate organizational responses. The role separation ensures change management responsibilities do not require elevation to administrative roles with configuration access.
Message Center Reader permissions include viewing all message center posts, accessing post details and additional information links, and tracking which messages have been reviewed. The role does not include permissions to modify service configurations, manage users, or access other administrative functions. This focused access supports effective change management while maintaining security through appropriate role boundaries.
Option B is incorrect because Service Support Administrator has service health and support request permissions but message center access specifically requires Message Center Reader role. Option C is incorrect because Global Administrator has unlimited permissions far exceeding message center access requirements violating least privilege principles. Option D is incorrect because Reports Reader accesses usage analytics and reports but does not specifically grant message center access which requires dedicated Message Center Reader role.
Question 175:
Your organization needs to prevent users from creating Microsoft Lists with more than 1000 items. What should you configure?
A) SharePoint list throttling limits
B) List creation policy with item limits
C) Microsoft 365 governance policy for Lists
D) Power Automate flow monitoring list item counts
Answer: D
Explanation:
Power Automate flow monitoring list item counts provides automated enforcement of organizational limits on Microsoft Lists by continuously tracking list sizes and taking actions when lists exceed defined thresholds like 1000 items. While Microsoft Lists and SharePoint do not provide built-in settings to prevent list growth beyond specific item counts, Power Automate workflows can monitor lists and enforce organizational policies through automated responses.
You create Power Automate flows that periodically check list item counts for designated lists or all lists in specific sites. When the flow detects lists approaching or exceeding 1000 items, it triggers actions such as sending notifications to list owners warning about size limits, preventing new item creation by modifying list permissions, or automatically archiving older list items to keep current lists within size boundaries. The automation provides flexible policy enforcement matching organizational requirements.
Organizations implement list size limits to maintain performance ensuring lists remain responsive and manageable for users. Large lists with thousands of items can experience performance degradation making views slow to load and operations sluggish. Encouraging users to archive completed items or split large lists into smaller focused lists improves user experience and system performance. The monitoring approach provides visibility into list growth enabling proactive management before performance issues arise.
Implementation involves identifying critical lists requiring monitoring, establishing clear policies about list size limits and archival procedures, and communicating expectations to list owners. The monitoring flow can include graduated responses like warnings at 800 items and enforcement at 1000 items giving list owners opportunity to address size issues before hard limits prevent continued use.
Option A is incorrect because SharePoint list throttling limits control query operations to prevent performance issues but do not prevent lists from containing more than specified item counts. Option B is incorrect because list creation policy with item limits is not a built-in feature requiring Power Automate or custom solutions for enforcement. Option C is incorrect because Microsoft 365 governance policy for Lists is not a specific feature; list size enforcement requires monitoring solutions like Power Automate flows.
Question 176:
You need to ensure that all Microsoft Viva Connections dashboards are accessible only to specific departments. What should you configure?
A) Audience targeting for Viva Connections dashboard cards
B) SharePoint site permissions for Connections
C) Azure AD Conditional Access for Viva
D) Microsoft 365 group membership restrictions
Answer: A
Explanation:
Audience targeting for Viva Connections dashboard cards provides granular visibility control ensuring dashboard content displays only to intended audiences such as specific departments or user groups. When you configure dashboard cards in Viva Connections, you enable audience targeting and specify Azure AD groups representing departments or user segments that should see each card. The system evaluates user group membership when rendering dashboards showing only cards targeted to groups the user belongs to.
Audience targeting creates personalized dashboard experiences where users see relevant content for their roles, locations, or departments. Finance department users see finance-specific cards with links to financial systems and department resources while IT department users see technology-related cards. This relevance improves dashboard effectiveness by presenting users with content appropriate to their job functions without cluttering their view with irrelevant information.
Configuration involves creating Azure AD groups representing departments or user segments then assigning these groups as target audiences when configuring dashboard cards. Each card can target one or multiple groups with users who belong to any targeted group seeing the card. The targeting respects Azure AD group membership ensuring dynamic updates as users join or leave groups without manual dashboard configuration changes.
Organizations benefit from audience-targeted dashboards by delivering departmental communications, tools, and resources through a unified interface while maintaining appropriate content visibility boundaries. Sensitive departmental resources remain visible only to authorized personnel while common resources display to all users. The targeted approach supports large organizations where different business units have distinct communication and tool requirements.
Option B is incorrect because SharePoint site permissions control site access but Viva Connections dashboard targeting requires audience targeting settings on individual cards. Option C is incorrect because Conditional Access controls application access conditions but does not provide content-level targeting within Viva Connections dashboards. Option D is incorrect because Microsoft 365 group membership restrictions control group access but dashboard card visibility requires audience targeting configuration.
Question 177:
Your company wants to ensure that all Microsoft Teams meeting recordings are transcribed automatically and transcripts are searchable. What should you configure?
A) Teams meeting policy with transcription enabled and retention policy for transcripts
B) Stream transcription services
C) Azure Media Services for Teams
D) Teams recording policy with transcript archiving
Answer: A
Explanation:
Teams meeting policy with transcription enabled and retention policy for transcripts provides comprehensive configuration for automatic meeting transcription with long-term transcript searchability. When you configure Teams meeting policies to enable transcription, the system automatically generates text transcripts during meetings that include timestamps and speaker attribution. These transcripts are stored in SharePoint and OneDrive locations associated with meetings making them searchable through Microsoft 365 search and accessible through Teams meeting interfaces.
Transcription enablement in meeting policies allows meeting organizers or participants with appropriate permissions to start transcription during meetings. The transcription service uses advanced speech recognition to convert spoken content into text supporting multiple languages. Once transcription completes, users can view timestamped transcripts in Teams where they can search for specific content, navigate to relevant portions of recordings, and reference meeting discussions without watching entire recordings.
Retention policies targeting Teams locations ensure transcripts are preserved according to organizational compliance requirements. You configure retention policies that apply to SharePoint sites where Teams meeting recordings and transcripts are stored specifying retention periods matching business or regulatory requirements. The retention policy prevents transcript deletion ensuring long-term accessibility for compliance purposes, knowledge management, or reference needs.
Automatic transcription with retained searchable transcripts transforms meeting recordings into valuable knowledge repositories where organizational discussions, decisions, and expertise remain accessible. Employees can search transcripts to find information shared in past meetings without remembering which specific meeting contained relevant content. This searchability improves knowledge discovery and reduces repeated discussions of previously addressed topics.
Option B is incorrect because Stream transcription services were part of classic Stream but modern Teams recording transcription is configured through Teams meeting policies. Option C is incorrect because Azure Media Services provides media processing capabilities but Teams transcription is built-in requiring Teams policy configuration. Option D is incorrect because Teams recording policy controls recording capabilities but transcription requires meeting policy configuration with retention policies ensuring transcript preservation.
Question 178:
You need to prevent users from synchronizing OneDrive files to external storage devices. What should you configure?
A) Device compliance policy with external storage restrictions
B) OneDrive sync restrictions for removable media
C) Data Loss Prevention policy for OneDrive
D) Windows Information Protection policy
Answer: A
Explanation:
Device compliance policy with external storage restrictions provides comprehensive control preventing users from copying OneDrive synchronized files to external storage devices like USB drives, external hard drives, or SD cards. When you configure device compliance policies in Microsoft Intune for Windows devices, you include settings that disable or restrict removable storage access ensuring users cannot transfer files from OneDrive sync folders to external media. The policy enforces these restrictions on compliant managed devices.
Device compliance policies evaluate whether devices meet organizational security requirements including configurations that prevent external storage usage. Windows devices can be configured to block write access to removable storage entirely or allow access only to approved encrypted devices. When combined with Conditional Access policies requiring device compliance for OneDrive access, this approach ensures only devices with proper external storage restrictions can synchronize OneDrive files.
Organizations implement external storage restrictions to prevent data exfiltration where users might copy sensitive files from OneDrive to USB drives that could be lost, stolen, or used to transfer data to unauthorized systems. The restriction reduces risk of data leakage through physical media while still allowing users to access OneDrive files on their computers. Users can work with files in the OneDrive sync folder but cannot copy them to removable storage.
Implementation requires deploying device compliance policies to managed Windows devices and configuring Conditional Access policies that require device compliance for OneDrive access. Users on non-compliant devices that allow external storage access are blocked from synchronizing OneDrive until their devices meet compliance requirements. The enforcement ensures external storage restrictions apply to all devices accessing OneDrive.
Option B is incorrect because OneDrive sync restrictions focus on which devices can sync rather than preventing copying of synced files to external storage which requires device-level controls. Option C is incorrect because DLP policies detect and prevent data loss through channels like email and sharing but do not prevent local file copying to external storage. Option D is incorrect because Windows Information Protection is deprecated and modern data protection uses device compliance policies and endpoint DLP.
Question 179:
Your organization needs to ensure that all SharePoint hub sites follow consistent navigation structures. What should you configure?
A) Hub site navigation configuration with inherited settings
B) SharePoint site design for hub navigation
C) Managed metadata navigation structure
D) Hub site template deployment
Answer: A
Explanation:
Hub site navigation configuration with inherited settings provides centralized navigation management ensuring all sites associated with hub sites display consistent navigation menus matching organizational structure. When you configure navigation for SharePoint hub sites, you define navigation links that appear in the hub site navigation bar. Associated sites can inherit this navigation providing users with consistent navigation experiences across all sites in the hub family.
Hub site navigation typically includes links to important organizational resources, departmental sites, common tools, and key information repositories. When sites are associated with hub sites, they can adopt the hub navigation alongside their local site navigation creating layered navigation where users see both hub-level links providing organizational context and site-specific links for local content. This navigation inheritance ensures users always have access to important organizational links regardless of which associated site they visit.
Configuration involves defining navigation links at the hub site level specifying link titles, URLs, and whether links should appear for all associated sites. Sites associated with hubs can choose to display hub navigation in their navigation bars providing consistent organizational navigation across entire hub families. The centralized management means navigation updates at hub level automatically propagate to all associated sites eliminating the need to update navigation on individual sites.
Organizations benefit from hub navigation consistency by providing intuitive wayfinding across large site collections. Users navigating between sites within a hub family encounter familiar navigation structures helping them locate resources and understand site relationships. The hub navigation reinforces organizational structure making it clear how sites relate to broader departmental or functional areas.
Option B is incorrect because SharePoint site design provisions configurations during site creation but hub navigation inheritance provides ongoing navigation consistency for associated sites. Option C is incorrect because managed metadata navigation uses term sets for navigation but hub navigation uses configured links that associated sites inherit. Option D is incorrect because hub site template deployment is not a specific feature; hub navigation consistency is achieved through hub navigation configuration.
Question 180:
You need to delegate the ability to review and approve SharePoint site creation requests. Which role should you assign?
A) SharePoint Administrator
B) Site Collection Administrator for designated sites
C) SharePoint site approver through custom workflow
D) Global Administrator
Answer: C
Explanation:
SharePoint site approver through custom workflow provides the mechanism to implement site creation approval processes where designated approvers review and authorize new site requests before sites are provisioned. SharePoint and Microsoft 365 do not include built-in site approver roles so organizations implement approval workflows using Power Automate or SharePoint workflows that route site creation requests to designated approvers who can approve or reject based on business justification and governance policies.
The approval workflow begins when users submit site creation requests through forms or self-service interfaces. The workflow captures request details including site purpose, business justification, intended audience, and responsible site owners. It then routes requests to designated approvers such as department managers, governance teams, or IT administrators who evaluate whether the requested site aligns with organizational policies and represents legitimate business needs.
Approvers review request details and either approve requests triggering automated site provisioning or reject requests with feedback explaining denial reasons. Approved sites are created automatically using site design templates ensuring new sites include required configurations, metadata, and permissions. Rejected requests notify requesters who can resubmit with revised justifications or alternative approaches.
This governance approach prevents uncontrolled site proliferation ensuring only necessary sites are created while maintaining user empowerment through self-service request processes. Organizations balance agility with governance by enabling rapid site creation for approved business needs while preventing shadow IT and abandoned sites that consume resources without delivering value. The workflow maintains audit trails showing all site requests, approval decisions, and approver identities supporting governance oversight.
Option A is incorrect because SharePoint Administrator has site creation permissions but assigning this role for approval defeats least privilege principles; approval workflows provide controlled delegation. Option B is incorrect because Site Collection Administrator manages existing sites but does not specifically approve new site creation requests requiring approval workflow implementation. Option D is incorrect because Global Administrator has unlimited permissions far exceeding site approval requirements and violates least privilege principles.
