You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com that includes a user named User1.
You enable multi-factor authentication for contoso.com and configure the following two fraud alert settings:
* Set Allow users to submit fraud alerts: On
* Automatically block users who report fraud: On
You need to instruct the users in your organization to use the fraud reporting features correctly.
What should you tell the users to do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation

References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#fraud-alert

Comment: *

Name: *

Email: *

Verification: *

You have a Microsoft 365 E5 subscription.
All users are assigned a license to Microsoft 365 Apps for enterprise.
The users report that they do not have the option to install Microsoft 365 apps on their device as shown in the following exhibit.

You need to ensure that the users can install Microsoft 365 apps from the Office 365 portal.
What should you do?

• A.From the Microsoft 365 admin center, modify the user license settings.
• B.From the Microsoft Endpoint Manager admin center, create a Microsoft 365 Apps app and assign the app to the devices.
• C.From the Microsoft Endpoint Manager admin center, create a Microsoft 365 Apps app and assign the app to the users.
• D.From the Microsoft 365 admin center, modify the Services & add-ins settings.

Comment: *

Name: *

Email: *

Verification: *

Your network contains an on-premises Active Directory domain named contoso.com that syncs to Azure Active Directory (Azure AD).
You have users in contoso.com as shown in the following table.

The users have the passwords shown in the following table.

You implement password protection as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE:Each correct selection is worth one point.

Correct Answer:

Explanation

Box 1: No
User1's password contains the banned password 'Contoso'. However, User1 will not be required to change his password at next sign in. When the password expires or when User1 (or an administrator) changes the password, the password will be evaluated and will have to meet the password requirements.
Box 2: Yes
Password evaluation goes through several steps including normalization and Substring matching which is used on the normalized password to check for the user's first and last name as well as the tenant name.
Normalization is the process of converting common letter substitutes into letters. For example, 0 converts to o.
$ converts to s. etc.
The next step is to identify all instances of banned passwords in the user's normalized new password. Then:
* Each banned password that is found in a user's password is given one point.
* Each remaining unique character is given one point.
* A password must be at least five (5) points for it to be accepted.
'C0nt0s0' becomes 'contoso' after normalization. Therefore, C0nt0s0_C0mplex123 contains one instance of the banned password (contoso) so that equals 1 point. After 'contoso', there are 11 unique characters.
Therefore, the score for 'C0nt0s0_C0mplex123' is 12. This is more than the required 5 points so the password is acceptable.
Box 3:
The 'Password protection for Windows Server Active Directory' is in 'Audit' mode. This means that the password protection rules are not applied. Audit mode is for logging policy violations before putting the password protection 'live' by changing the mode to 'enforced'.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad

Comment: *

Name: *

Email: *

Verification: *

You have a Microsoft 365 subscription.
You have the devices shown in the following table.

You need to onboard the devices to Windows Defender Advanced Threat Protection (ATP). The solution must avoid installing software on the devices whenever possible.
Which onboarding method should you use for each operating system? To answer, drag the appropriate methods to the correct operating systems. Each method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Correct Answer:

References:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection

Comment: *

Name: *

Email: *

Verification: *

Your network contains an Active Directory forest named contoso.local.
You have a Microsoft 365 subscription.
You plan to implement a directory synchronization solution that will use password hash synchronization.
From the Microsoft 365 admin center, you verify the contoso.com domain name.
You need to prepare the environment for the planned directory synchronization solution.
What should you do first?

• A.From the public DNS zone of contoso.com, add a new mail exchanger (MX) record.
• B.From Active Directory Domains and Trusts, add contoso.com as a UPN suffix.
• C.From the Microsoft 365 admin center, verify the contoso.local domain name.
• D.From Active Directory Users and Computers, modify the UPN suffix for all users.

Comment: *

Name: *

Email: *

Verification: *