General

Enabling co-management alone does not automatically onboard devices to Microsoft Defender for Endpoint. Co-management allows you to manage devices with both Configuration Manager and Intune. For automatic onboarding to Defender for Endpoint, you must configure the appropriate settings in Intune, such as an Endpoint Detection and Response policy.

A Data Loss Prevention policy is the correct choice because it enables you to identify, monitor, and protect sensitive data such as PII within Microsoft Teams and SharePoint. Furthermore, DLP policies can be configured to generate reports on shared documents that contain PII, meeting both requirements.

When configuring a DLP policy to apply to all available locations in Microsoft 365, the only condition available for use in the DLP rules is ‘Sensitive info types’. This ensures consistent application of DLP policies across all locations. Sensitivity labels, content search queries, and keywords are not universally supported across all locations, making them unsuitable for a policy targeting all available locations.

When configuring a DLP policy to apply to all available locations in Microsoft 365, the only condition available for use in the DLP rules is ‘Sensitive info types’. This ensures consistent application of DLP policies across all locations. Sensitivity labels, content search queries, and keywords are not universally supported across all locations, making them unsuitable for a policy targeting all available locations.

The minimum number of retention policies required is 3. One policy is needed for Teams channel messages and Teams Chats and Copilot interactions. A second policy is needed specifically for Teams private channel messages, as it cannot be combined with other Teams locations in the same policy. A third policy can cover Exchange mailboxes, SharePoint, and OneDrive accounts together.

The minimum number of retention policies required is 3. One policy is needed for Teams channel messages and Teams Chats and Copilot interactions. A second policy is needed specifically for Teams private channel messages, as it cannot be combined with other Teams locations in the same policy. A third policy can cover Exchange mailboxes, SharePoint, and OneDrive accounts together.

The most efficient way to identify users licensed for Office 365 through group membership and determine the group name is by using the Licenses blade in the Microsoft Entra admin center. This section provides a dedicated view for managing and understanding group-based license assignments.

You are limited to a total of five onmicrosoft.com domains in your Microsoft 365 environment. This includes the original .onmicrosoft.com domain created when the tenant was established. These can be assigned as email addresses for users. learn.microsoft.com

The city attribute needs to be modified in the on-premise Active Directory as it is synced to Azure AD. Therefore, using Get-ADUser and Set-ADUser from a domain controller is the correct approach. You can use these cmdlets to retrieve and modify user accounts in Active Directory.

Azure AD Privileged Identity Management is the correct choice because it allows you to grant time- limited admin access and requires approval before the role assignment takes place, meeting the specified requirements. PIM lets you manage, control, and monitor access to important resources in your organization by enabling on-demand, ‘just-in-time’ access.

A session policy is the correct choice because it is designed to control user sessions for cloud applications. It allows you to enforce restrictions based on user actions during a session, including blocking specific activities like printing. Because App1 has Conditional Access App Control deployed, you can leverage session policies to monitor and control user activities in real- time. learn.microsoft.com

Azure AD Privileged Identity Management is the correct solution. PIM enables you to grant users just-in-time access to Azure AD roles and manage the duration of the role assignment. This is ideal for granting Exchange Administrator access for a limited time, such as five hours.

Microsoft Purview Privileged Access Management supports managing, controlling, and monitoring access within Microsoft 365, encompassing workloads like Microsoft Teams, Exchange Online, and SharePoint Online. Therefore, the correct answer is that PAM supports all three of these workloads.

Alerts in the Microsoft 365 Defender portal are retained for 6 months. This retention period allows security administrators to investigate and respond to potential threats over a reasonable timeframe. This duration is viewable in the alerts queue within the Microsoft 365 Defender portal.

When exporting a detailed report of compromised users from the Microsoft 365 Defender portal, the longest time range that can be included in a single export is 1 day. Although the Defender portal retains detailed data for 30 days, you can only extract a detailed report for a one-day interval. Summary reports can be exported for longer periods, but detailed analysis is limited to daily increments.

IdFix is designed for discovering and fixing identity objects and their attributes in on-premises Active Directory before migrating to Azure Active Directory. Running idfix.exe and then clicking edit will allow you to modify the attributes that are causing synchronization problems.

Self-service password reset allows users to remediate their own user risk by performing a self- service password reset, in cases where a high-risk sign-in is detected. This allows the users to remediate the issue without administrator intervention.

The User Principal Name is the primary attribute used for user sign-in in Microsoft 365. To allow User1 to sign in using user1@marketing.contoso.com, you must modify the UPN of User1 to match this email address. Alternate email addresses won’t work for sign-in. MFA and password resets are not relevant to this particular sign-in issue.

Applying custom app tags to each app is the best solution because it allows for tracking which apps were audited and displaying this information directly within the cloud app catalog, enabling easy filtering and reporting on audited apps. Custom tags can be used to denote the status of apps, including whether they have been audited, allowing for easy identification and reporting.

Pass-through authentication is the correct choice because it authenticates users directly against the on-premises Active Directory, ensuring that on-premises password complexity policies are enforced. Additionally, PTA supports self-service password reset in Azure AD. Password hash synchronization alone doesn’t enforce on-premises policies unless password writeback is enabled, and Azure AD Identity Protection focuses on security risks, not authentication methods.

The maximum number of days the training will be available to the users after the simulation is 30. This allows sufficient time for users to complete the assigned training and improve their security awareness.

The Microsoft Defender portal is specifically designed for managing security configurations, including baselines for Defender for Endpoint. Intune can be used to manage endpoint security, however, the Microsoft Defender portal is the dedicated interface for assigning Microsoft Defender for Endpoint baselines.

The Exchange admin center is the primary tool for managing Exchange Online, including creating and managing mail-enabled contacts. Alternatively, the Microsoft 365 admin center can also be used.

A notification rule will ensure that you are alerted when Microsoft Defender XDR detects high- severity incidents, allowing for timely response and management of threats.

An anti-malware policy is the correct choice. You can configure anti-malware policies in Defender for Office 365 to quarantine emails based on specific file extensions like .extl. This allows for inspection of potentially malicious attachments. While quarantine policies define what happens to emails already marked for quarantine, the anti-malware policy defines which emails should be quarantined.

A Data Loss Prevention policy is the correct choice because it enables you to identify, monitor, and protect sensitive data such as PII within Microsoft Teams and SharePoint. Furthermore, DLP policies can be configured to generate reports on shared documents that contain PII, meeting both requirements.