MS-900 Flashcards

Question 1

Q

Microsoft Graph

Answer

A

gateway to data for m365

Question 2

Q

M365 is new term,

Answer

A

M365 is new term, since it’s more than just office. (security and online services). O365- came from Microsoft Business and Productivity Suite (BPOS)
M365 = O365 + Windows, and Enterprise Mobility + Security

Question 3

Q

Microsoft Planner

Answer

A

is a light weight PM/Kanban board

For simple projects. Before ms project

Question 4

Q

Microsoft Bookings

Answer

A

SAAS calendar management

Question 5

Q

Microsoft Viva

Answer

A

my.ge.com . Also includes Glint which is a feedback tool and priority setting. And a learning platform.
* Can get insights froM MS Teams and Email

Question 6

Q

Microsoft Yammer

Answer

A

Enterprise social network

Question 7

Q

Microsoft Intune -

Answer

A

cloud based endpoint management (can also deploy office)

Question 8

Q

Configuration Manager

Answer

A

on premise management of desktops; can deploy office suite

Question 9

Q

Co-management

Answer

A

connecting config manager to 365 to use conditional access

Question 10

Q

Tenant attached -

Answer

A

store your devise record in the cloud

Tenant attach makes the Microsoft Intune admin center your console in the cloud. The architecture allows the Configuration Manager site to synchronize data about the device and the user to your Intune tenant.

Question 11

Q

Windows Autopilot

Answer

A

cloud native services that set up devices

Question 12

Q

Desktop as a Service

Answer

A

W365 Virtual Desktop verse Azure Virtual Desktop. W365 includes o365 and is fixed price. Azure more dev focused allowing for multi sessions.

Question 13

Q

Windows as a service

Answer

A

Instead of major Windows releases every few years, it updates semi annually

Question 14

Q

M365 Admin

Answer

A

add users, manager 365, adoption scores and usage, other reporting on endpoints/secuirty etc

Question 15

Q

Microsoft 365 Defender

Answer

A

View information about security trends and track the protection status of your identities, data, devices, apps, and infrastructure in the Security admin center through Microsoft 365 Defender.

Question 16

Q

Entra ID

Answer

A

FORMERLY AAD , AAD –> Azure ID –> ID Connect, Oauth 2, SAML WS fed

Question 17

Q

Tenant (or directory)-

Answer

A

a dedicated instance of Microsoft Entra ID that an organization or app developer receives at the beginning of a relationship with Microsoft.

Question 18

Q

B2b Colab

Answer

A

just login, guest on your aad

Question 19

Q

B2B Direct Connect

Answer

A

a trust with login ability to share

Question 20

Q

Managed Identities

Answer

A

Managed identities are a type of service principal that are automatically managed in Microsoft Entra ID and eliminate the need for developers to manage credentials.

Question 21

Q

Service Principal

Answer

A

Service principals are used by applications or services to access Azure resources but application developers must manage and protect the credentials.

Question 22

Q

Microsoft Entra RBAC

Answer

A

Microsoft Entra roles control access to Microsoft Entra resources such as users, groups, and applications.

Question 23

Q

Azure RBAC

Answer

A

Azure roles control access to Azure resources such as virtual machines or storage using Azure Resource Management.

Question 24

Q

Types of ‘SECURE Login’

Answer

A

Oath provides one time passcodes
Fido2 new standard for USB badges blue tooth ‘hello’ capabialbies
SSPR - self service password reset
Multifator
- Something you know – typically a password or PIN and
- Something you have – such as a trusted device that’s not easily duplicated, like a phone or hardware key or
  Something you are – biometrics like a fingerprint or face scan.

Question 25

Q

PIM

Answer

A

Privilege Identity Management - just in time super user access, audits

Question 26

Q

Identity Protection

Answer

A

is a tool that allows organizations to utilize security signals to identify potential threats.

Question 27

Q

Permissions Management

Answer

A

Permissions Management allows multicloud discovery, remediation, and monitoring of privileged access across Azure, AWS, and GCP.

Question 28

Q

What is the difference between Network Security Groups (NSGs) and Azure Firewall?

Answer

A

Now that you’ve learned about both Network Security Groups and Azure Firewall, you may be wondering how they differ, as they both protect Virtual Network resources. The Azure Firewall service complements network security group functionality. Together, they provide better “defense-in-depth” network security. Network security groups provide distributed network layer traffic filtering to limit traffic to resources within virtual networks in each subscription. Azure Firewall is a fully stateful, centralized network firewall as-a-service, which provides network and application-level protection across different subscriptions and virtual networks.

Question 29

Q

Microsoft Purview

Answer

A

Microsoft Purview compliance portal is the portal for organizations to manage their compliance needs using integrated solutions for information protection, data lifecycle management, insider risk management, auditing, and more

Question 30

Q

What is the difference between Compliance Manager and compliance score?

Answer

A

Compliance Manager is an end-to-end solution in the Microsoft Purview compliance portal to enable admins to manage and track compliance activities. Compliance score is a calculation of the overall compliance posture across the organization. The compliance score is available through Compliance Manager.

Question 31

Q

Service Trust Portal (STP)

Answer

A

The Service Trust Portal (STP) is Microsoft’s public site for publishing audit reports and other compliance-related information associated with Microsoft’s cloud services.

Question 32

Q

Priva Privacy Risk Management

Answer

A

Priva Privacy Risk Management, which provides visibility into your organization’s data and policy templates for reducing risks; and

Question 33

Q

Priva Subject Rights Requests

Answer

A

which provides automation and workflow tools for fulfilling data requests.

Question 34

Q

Microsoft’s approach to privacy is built on the following six principles:

Answer

A

Control: Putting you, the customer, in control of your data and your privacy with easy-to-use tools and clear choices. Your data is your business, and you can access, modify, or delete it at any time. Microsoft will not use your data without your agreement, and when we have your agreement, we use your data to provide only the services you have chosen. Your control over your data is reinforced by Microsoft compliance with broadly applicable privacy laws and privacy standards.
- Transparency: Being transparent about data collection and use so that everyone can make informed decisions. We only process your data based on your agreement and in accordance with the strict policies and procedures that we’ve contractually agreed to. When we deploy subcontractors or subprocessors to perform work that requires access to your data, they can perform only the functions that Microsoft has hired them to provide, and they’re bound by the same contractual privacy commitments that Microsoft makes to you. The Microsoft Online Services Subprocessor List identifies authorized, subprocessors, who have been audited against a stringent set of security and privacy requirements in advance. This document is available as one of the data protection resources in the Service Trust Portal.
- Security: Protecting the data that’s entrusted to Microsoft by using strong security and encryption. With state-of-the-art encryption, Microsoft protects your data both at rest and in transit. Our encryption protocols erect barriers against unauthorized access to the data, including two or more independent encryption layers to protect against compromises of any one layer. All Microsoft-managed encryption keys are properly secured and offer the use of technologies such as Azure Key Vault to help you control access to passwords, encryption keys, and other secrets.
- Strong legal protections: Respecting local privacy laws and fighting for legal protection of privacy as a fundamental human right. Microsoft defends your data through clearly defined and well-established response policies and processes, strong contractual commitments, and if necessary, the courts. We believe all government requests for your data should be directed to you. We don’t give any government direct or unfettered access to customer data. We will not disclose data to a government or law enforcement agency, except as you direct or where required by law. Microsoft scrutinizes all government demands to ensure they’re legally valid and appropriate. If Microsoft receives a request for your data, we’ll promptly notify you and provide a copy of the request unless legally prohibited from doing so. Moreover, we’ll direct the requesting party to seek the data directly from you. Our contractual commitments to our enterprise and public sector customers include defending your data, which builds on our existing protections. We’ll challenge every government request for commercial and public sector customer data where we can lawfully do so.
- No content-based targeting: Not using email, chat, files, or other personal content to target advertising. We do not share your data with advertiser-supported services, nor do we mine it for any purposes like marketing research or advertising.

Question 35

Q

Sensitivity labels

Answer

A

Sensitivity labels enable you to apply to content like emails and documents, much like different stamps can be applied to physical documents. Instead, use sensitive information types to identify specific types of information such as credit card numbers. –>Microsoft provides built-in sensitive information types that you can use to identify data such as credit card numbers.

Question 36

Q

Microsoft Purview Communication Compliance

Answer

A

Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance (for example, SEC or FINRA) and business conduct violations such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.

Question 37

Q

eDiscovery (Premium)

Answer

A

The eDiscovery (Premium) solution allows you to collect and copy data into review sets, where you can filter, search, and tag content so you can identify and focus on content that’s most relevant.

Question 38

Q

Audit (Standard)

Answer

A

Audit (Standard) provides with you with the ability to log and search for audited activities and power your forensic, IT, compliance, and legal investigations.

Question 39

Q

Microsoft 365 Business

Answer

A

Microsoft 365 Business is designed for companies with under 300 employees

Question 40

Q

Symmetric

Answer

A

Symmetric is the same key encrypt and decrypt

Question 41

Q

Asymmetric

Answer

A

Asymmetric one can decrypt one to encrypt (a pair). If you send me a message, you encrypt with my public key and only I can decrypt with my private key.

Question 42

Q

Viva Connections

Answer

A

Viva Connections - stay connecting with each other via SharePoint and Yammer

Question 43

Q

Viva Insights

Answer

A

Viva Insights - daily email of how to optimize you and your team

Question 44

Q

Viva Topics

Answer

A

Viva Topics - Knowledge Base/my.ge.com

Question 45

Q

Viva Learning

Answer

A

Viva Learning - my Learning

Question 46

Q

AD Connect

Answer

A

AD Connect –> Allow on prem items to use AAD (aka Entra)

Question 47

Q

Cloud Sync

Answer

A

Cloud Sync –> Sync local AD with AAD (aka Entra)

Question 48

Q

Configuration Manager

Answer

A

Configuration Manager - more focused on prem

Question 49

Q

Co-management

Answer

A

Co-management- use Intune and Config Manager

Question 50

Q

Windows Update for Biz

Answer

A

Windows Update for Biz Is really just Window Update

Question 51

Q

Office Deployment Tool (ODT)

Answer

A

Office Deployment Tool (ODT) - is a command-line tool that you can use to download and deploy Click-to-Run versions of Office, such as Microsoft 365 Apps for enterprise, to your client computers

Question 52

Q

Office Portal

Answer

A

where users can go and download apps

Question 53

Q

CIA

Answer

A

Confidentiality - protecting sensitive data
Integrity - don’t get compromised
Availability-

Question 54

Q

Data Residency

Answer

A

Data Residency - where is the data physically located

Question 55

Q

Data Sovereignty

Answer

A

Data Sovereignty - which countries law is the data subject two

Question 56

Q

Microsoft 365

Answer

A

Microsoft 365 -
Microsoft 365 is available as a subscription-based service and provides Microsoft apps for employees to use online and offline.

Question 57

Q

Zero Trust security principles for Microsoft 365.

Answer

A

Network-based protection relies on such components as internal segmentation and micro-segmentation. Granularity in apps-based protection is typically based on roles. Device-based protection relies on device risk and compliance state. Infrastructure-based protection relies on such components as just-in-time (JIT) and version control.

Question 58

Q

Defender for Identity

Answer

A

Defender for Identity is a solution that uses the Active Directory data as signals to identify suspicious activities.

Question 59

Q

Defender for Office 365

Answer

A

Defender for Office 365 protects against threats in email messages.

Question 60

Q

Defender for Cloud Apps

Answer

A

Defender for Cloud Apps operates as an intermediary between the cloud user and cloud provider, mediating the requests sent to the cloud providers.

Question 61

Q

Defender for Endpoint

Answer

A

Defender for Endpoint is used to protect devices (endpoints), integrating with Microsoft Intune, Defender for Cloud, and other services.

Question 62

Q

Hunting

Answer

A

Hunting is part of the Microsoft 365 Defender portal that allows the security professionals to proactively search for undetected threats across the users’ devices and applications.

Question 63

Q

Incidents and alerts in the Microsoft 365 Defende

Answer

A

Incidents and alerts in the Microsoft 365 Defender portal represent detected potential threats.

Question 64

Q

Secure score in the Microsoft 365 Defender portal

Answer

A

Secure score in the Microsoft 365 Defender portal represents the company’s security posture.

Answer 65

A

Shows your threats and what you could do about them for YOUR environment

Threat analytics in the Microsoft 365 Defender portal provides the interface to identify threat intelligence information analyzed by Microsoft security researchers.

Answer 66

A

Enclaves use cryptography to create a secure lockbox that protects non-persistent data. MEMORY

Encryption at rest protects data stored at persistent storage such as disks and databases. Hashing converts text to an exclusive value with a fixed length. It is used to verify authenticity of files and store passwords. Private key is a component of public key infrastructure (PKI), used together with a public key. It is often used for encryption in transit such as for HTTPS.

Answer 67

A

Federated authentication is a recommended authentication for companies with complex requirements that cannot be met by Microsoft Entra ID. User authentication validation happens on the company’s Active Directory single sign-on (SSO) with smart cards or certificates, which is supported through federated authentication.

Answer 68

A

Password hash synchronization, pass-through authentication, and password less authentication do not support SSO with smart cards or certificates.

Answer 69

A

Password hash synchronization enables users to sign in to on-premises and cloud applications using the same password. This ensures that the user’s authentication takes place in Microsoft Entra ID rather than the company’s on-premises Active Directory.

Answer 70

A

Pass-through authentication enables users to sign in to on-premises and cloud applications using the same password. This authentication type validates the user’s password against the company’s on-premises Active Directory, not Microsoft Entra ID. Passwordless authentication is a more convenient way to authenticate because passwords are completely removed and replaced by something you have, something you are, or something you own.

Answer 71

A

The service to use for email messages

Answer 72

A

protects against compromised identities and malicious actions.

Answer 73

A

protects network endpoints such as compute devices.

Antivirus and more

Answer 74

A

is a cross– software as a service (SaaS) solution that intermediates the cloud user and the cloud provider.

Answer 75

A

Microsoft Priva helps companies achieve their data privacy and GDPR goals. It provides two solutions that help to support this;

Answer 76

A

Priva Privacy Risk Management provides visibility into the company’s data and policy templates to reduce risks and

Answer 77

A

Priva Subject Rights Requests provides workflow tools for fulfilling data requests. S

Answer 78

A

Secure Score is a tool that tracks the company’s security posture. Service Trust Portal does not provide tools that support data privacy and regulations requirements.

Answer 79

A

Below 99.9% grants 25% credit.
Below 99% grants 50% credit.
Below 95% grants 100% credit.

Answer 80

A

FastTrack support service helps customers onboard to Microsoft 365 and supports the company to drive adoption of Microsoft 365 services in the company.

Answer 81

A

Pre-sales is a support service provided to help the company with understanding more about Microsoft 365 services before the purchase is made.

Answer 82

A

Community-based support is a free support service provided by members of the community.

Answer 83

A

Microsoft Unified support is a 24/7 support service provided for your Microsoft 365 service for as-needed technical support.

Answer 84

A

The Health area in the admin center is the place where information about the current health of Microsoft services can be found.

Answer 85

A

The Support (admin center) area can be useful for raising a support ticket with Microsoft if there is no indication of current service health issues.

Answer 86

A

The Settings (admin center) area displays information about the company’s domain setup.

Answer 87

A

The Reports (admin center) area displays adoption score and usage reports. The Support area shows information about service requests created with Microsoft support.

Answer 88

A

From SA USLs are used by customers that currently have Software Assurance (agreement which entitles them to always run the latest software versions) to transition to the cloud.

Answer 89

A

From SA USLs are used by customers that currently have Software Assurance (agreement which entitles them to always run the latest software versions) to transition to the cloud.are used by companies without any contracts for Microsoft services.

Answer 90

A

Add-on USLs are used by companies that already have on-premises based licenses and are looking to add cloud services to the contracts they currently have.

Answer 91

A

Step up USLs are used by customers wanting to change their service to a higher level.

Answer 92

A

Simple project

Planner provides the team lead and team members the ability to manage tasks in a structured manner by creating a plan and buckets, for organizing assigned tasks.

Answer 93

A

Tasks can be displayed in different views such as Charts and Calendar.

Outlook based. Being replaced with todo

Answer 94

A

To Do manages your to do list on a day-to-day basis.

Answer 95

A

OneDrive is a cloud library for file storage and sharing. Bookings provides an easy way to manage the scheduling of appointments. To Do, OneDrive, and Bookings do not support task management.

Answer 96

A

Forms provides the ability to create surveys, quizzes, and polls. To Do, Planner, and Forms do not provide the ability to manage virtual scheduling and appointments.

Answer 97

A

Teams Live Event meets all the requirements as this supports an audience greater than 8,000, the moderation of questions and answers and the deactivation of video and audio calls for all attendees.

Answer 98

A

Teams Private Channel Meeting Teams Private Channel supports a maximum of 250 users and moderation of questions and answers.

Answer 99

A

Team view of what is going on.

Viva connections provides a dashboard to access resources, view personalized tasks, communications, and news updates.

Answer 100

A

Bookings gives the ability to manage appointment scheduling for customers.

Answer 101

A

Reddit QA

Viva Topics provides employees access to knowledge and expertise from various Microsoft 365 resources.

Answer 102

A

The screen sharing capability is supported for up to 1,000 participants of a meeting. While meetings can accommodate up to 20,000 participants, the remaining participants have view-only capabilities.

Answer 103

A

OneDrive is a tool for collaborating on files that allows offline access to files, offers desktop-based versions of the application

Answer 104

A

SharePoint teams sites allow collaboration on documents and sharing with internal and external users. It also offers a desktop-based application but does not offer offline access.

Answer 105

A

Microsoft Teams is a collaboration tool intended for chatting, meetings, and calendar. Although you can store files on Teams sites, and there are desktop-based applications available, the files are not accessible while offline.

Answer 106

A

Yammer is a corporate social network. Content can be shared to internal and external users. It is available as a desktop-based app, but it does not offer offline file access.

Answer 107

A

Standard channels are available to all team members in Teams. Most channels are standard channels. If you need a smaller, specific audience for a particular subject, you can use a private channel. Shared channels are for collaborating with people inside and outside your team or organization.

Answer 108

A

Azure Virtual Desktop provides enhanced capabilities for Surface devices that not only deliver dedicated desktop compute resources to each individual user, but also integrate natively with Surface biometric authentication and support the pen and ink experience. Windows 365 Business and Windows 365 Enterprise do not integrate natively with Surface biometric authentication, and it does not support the pen and ink experience. While Azure Virtual Machine does offer dedicated desktop compute resources to each individual user and it would be potentially possible to implement support for Surface biometric authentication and its pen and ink experience, this would require a significant amount of administrative effort.

Answer 109

A

Semi-Annual Enterprise Channel makes security and quality updates available as soon as they are released. Feature updates are available in July and January in the staggered manner, later than Semi-Annual Enterprise Channel (Preview), which makes them available in March and September.

Answer 110

A

Current Channel makes security, quality, and feature updates available as soon as they are released.

Answer 111

A

Monthly Enterprise Channel makes security and quality updates available as soon as they are released.
Feature updates are staggered and made available once per month, but this is much more frequent than Semi-Annual Enterprise Channel.

Answer 112

A

Semi-Annual Enterprise Channel (Preview) makes security and quality updates available as soon as they are released. Feature updates are available in the staggered manner in March and September, which is earlier than Semi-Annual Enterprise Channel, which makes them available in July and January.

Answer 113

A

Azure Virtual Desktop allows virtualization of apps and desktops, allowing them to be accessible by single or multiple users.

Answer 114

A

Windows 365 is a Cloud PC solution, accessible by a single user.

Answer 115

A

Microsoft 365 is the evolution of Office 365, including the Office apps and Windows licenses.

Answer 116

A

Azure Bastion is a broker service for accessing VMs hosted in Azure.

Answer 117

A

Viva Organizational Insights is available as an app in Teams. Viva Organizational Insights does not include integration with To Do, Planner, or Yammer.

Answer 118

A

Endpoint Manager admin center shows Intune reports about device compliance, health, and trends.

Answer 119

A

The Microsoft Entra ID reports show sign-in activity and audit logs.

Answer 120

A

Get recommendations on how to work better as an IC or a manager.

Viva Insights supports the well-being and productivity of employees. It provides the feature to help employees protect
their time, stay connected with colleagues, give praise, and take breathing breaks.

Answer 121

A

Microsoft Enterprise Agreement (EA) is designed for organizations that want to license software and cloud services for a minimum three-year period. The Enterprise Agreement offers the best value to organizations with 500.
. Additionally, through Software Assurance, your organization can receive 24x7 technical support, planning services, end-user and technical training.

Answer 122

A

Microsoft 365 for home exists to bring the same great productivity benefits into your personal and family life. Microsoft 365 Home comes in two plans, Microsoft 365 Personal and Microsoft 365 Family. Personal is for a single person with multiple devices and family is for up to six people

Answer 123

A

Microsoft 365 Education is available for educational institutions to help empower educators to unlock creativity and promote teamwork while providing a safe experience in a single, affordable solution. Academic licenses can be tailored to fit any institution’s needs, including productivity and security solutions for faculty, staff, and students. Microsoft 365 Education has three subscription plans for faculty and students that include different features: A1, A3, and A5. For more information,

Answer 124

A

Microsoft 365 Government is available for government institutions to help empower US public sector employees to work together in a secure way. Microsoft 365 Government has two subscription plans that include different features: G3, and G5. Your organization can also choose from two Office 365 subscription tiers: Office 365 Government G3 and Office 365 Government G5

Answer 125

A

Microsoft 365 for business is designed for small to medium-sized organizations that have up to 300 employees. It offers the full set of Office 365 productivity tools and includes security and device management features. There are four subscription tiers that include different features: Microsoft 365 Business Basic, Microsoft 365 Business Standard, Microsoft 365 Business Premium, and Microsoft 365 Apps for business.

Answer 126

A

Microsoft 365 Enterprise is designed for enterprise-sized organizations. It provides enterprise-class services to organizations that want a productivity solution that includes robust threat protection, security, compliance, and analytics features. Microsoft 365 Enterprise has three subscription tiers that include different features: Microsoft 365 E3, Microsoft 365 E5, and Microsoft 365 F3. For more information, see Compare Microsoft 365 Enterprise plans. Your organization can also choose from four Office 365 subscription tiers: Microsoft 365 Apps for enterprise, Office 365 E1, Office 365 E3, and Office 365 E5

Answer 127

A

Full USLs are for new customers who haven’t previously purchased Microsoft products and services.

Answer 128

A

Add-on USLs are for on-premises software customers who want to add Microsoft 365 cloud products and services.

Answer 129

A

From SA USLs are for on-premises Software Assurance customers that want to transition to the cloud.

Answer 130

A

Step Up USLs are for customers who want to upgrade the level of their service.

Answer 131

A

Secure Score is one of the tools in the Microsoft Defender portal. It shows the company’s current security posture. The higher the Secure Score, the better the company’s security posture. IS for SECURITY POSTURE NOT COMPLIANCE

Answer 132

A

Microsoft Entra ID includes an identity secure score, which is a percentage that functions as an indicator for how aligned you are with Microsoft’s best practice recommendations for security. Each improvement action in identity secure score is tailored to your specific configuration.>

Answer 133

A

FUNCTIONAL ID. A workload identity is an identity you assign to a software workload. This enables the software workload to authenticate to and access other services and resources. This helps secure your workload. In Microsoft Entra, workload identities are applications, service principals, and managed identities.

Answer 134

A

A service principal is essentially, an identity for an application. For an application to delegate its identity and access functions to Microsoft Entra ID,

Answer 135

A

Managed identities are a type of service principal that are automatically managed in Microsoft Entra ID and eliminate the need for developers to manage credentials.

Answer 136

A

Microsoft 365: A Microsoft 365 group, which is also often referred to as a distribution group, is used for grouping users according to collaboration need

Answer 137

A

Security: A security group is the most common type of group and it’s used to manage user and device access to shared resources. For example, you may create a security group for a specific security policy such as Self-service password reset or for use with a conditional access policy to require MFA. Members of a security group can include users (including external users), devices, other groups, and service principals. Creating security groups requires a Microsoft Entra administrator role.

Answer 138

A

Microsoft Entra Cloud Sync-sync from on premise to AAD/Entra

Answer 139

A

B2B direct connect is a new way to collaborate with other Microsoft Entra organizations using Microsoft Teams shared channels. With B2B direct connect, you create two-way trust relationships with other Microsoft Entra organizations to allow users to seamlessly sign in to your shared resources and vice versa. B2B direct connect users aren’t represented in your Microsoft Entra directory (they aren’t added as guests), but they’re visible from within the Teams shared channel and can be monitored in Teams admin center reports. When two organizations mutually enable B2B direct connect, users authenticate in their home organization and receive a token from the resource organization for access.

Answer 140

A

B2B collaboration enables employees of an organization to collaborate with external users by letting them use their preferred identity to sign in to your Microsoft applications or other enterprise applications. B2B collaboration users are represented in your directory, typically as guest users.

Answer 141

A

A Microsoft Entra joined device is a device joined to Microsoft Entra ID through an organizational account, which is then used to sign in to the device. Microsoft Entra joined devices are generally owned by the organization.

Answer 142

A

Conditions define where and when the policy will apply. Multiple conditions can be combined to create fine-grained and specific Conditional Access policies. Some of the conditions include:
Sign-in risk and user risk. Integration with Microsoft Entra ID Protection allows Conditional Access policies to identify suspicious actions related to user accounts in the directory and trigger a policy. Sign-in risk is the probability that a given sign-in, or authentication request, isn’t authorized by the identity owner. User risk is the probability that a given identity or account is compromised.
Devices platform. Device platform, which is characterized by the operating system that runs on a device can be used when enforcing Conditional Access policies.
IP location information. Organizations can define trusted IP address ranges that can be used when making policy decisions. Also, administrators can opt to block or allow traffic from an entire country/region’s IP range.
Client apps. Clients apps, the software the user is employing to access the cloud app, including browsers, mobile apps, desktop clients, can also be used in access policy decision.
Filters for devices. Organizations can enforce policies based on device properties, by using the filters for devices option. As an example, this option may be used to target policies to specific devices like privileged access workstations.

Answer 143

A

Global administrator: users with this role have access to all administrative features in Microsoft Entra. The person who signs up for the Microsoft Entra tenant automatically becomes a global administrator.
User administrator: users with this role can create and manage all aspects of users and groups. This role also includes the ability to manage support tickets and monitor service health.
Billing administrator: users with this role make purchases, manage subscriptions and support tickets, and monitor service health.

Answer 144

A

Microsoft Entra RBAC - Microsoft Entra roles control access to Microsoft Entra resources such as users, groups, and applications.

Answer 145

A

Azure RBAC - Azure roles control access to Azure resources such as virtual machines or storage using Azure Resource Management.

Answer 146

A

Endpoints with Microsoft Defender for Endpoint - Microsoft Defender for Endpoint is a unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response.

Answer 147

A

Assets with Defender Vulnerability Management - Microsoft Defender Vulnerability Management delivers continuous asset visibility, intelligent risk-based assessments, and built-in remediation tools to help your security and IT teams prioritize and address critical vulnerabilities and misconfigurations across your organization.

Answer 148

A

Email and collaboration with Microsoft Defender for Office 365 - Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools.

Answer 149

A

Identities with Microsoft Defender for Identity - Microsoft Defender for Identity uses Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.

Answer 150

A

Applications with Microsoft Defender for Cloud Apps - Microsoft Defender for Cloud Apps is a comprehensive cross-SaaS solution that brings deep visibility, strong data controls, and enhanced threat protection to your cloud apps.

Answer 151

A

Applications with Microsoft Defender for Cloud Apps - Microsoft Defender for Cloud Apps is a comprehensive cross-SaaS solution that brings deep visibility, strong data controls, and enhanced threat protection to your cloud apps.

Answer 152

A

Microsoft Defender Threat Intelligence (Defender TI) can now access threat intelligence from inside the Microsoft Defender portal.
Microsoft Defender TI helps streamline security analyst triage, incident response, threat hunting, and vulnerability management workflows. Defender TI aggregates and enriches critical threat information in an easy-to-use interface.

Answer 153

A

XDR just Azure. There’s a secure score for both Microsoft Defender XDR and Microsoft Defender for Cloud, but they’re subtly different. Secure score in Microsoft Defender for Cloud is a measure of the security posture of your Azure subscriptions. Secure score in the Microsoft Defender portal is a measure of the security posture of the organization across your apps, devices, and identities.

Answer 154

A

The Microsoft Purview compliance portal is the portal for organizations to manage their compliance needs using integrated solutions for information protection, data lifecycle management, insider risk management, auditing, and more.

Answer 155

A

Compliance Manager is an end-to-end solution in the Microsoft Purview compliance portal to enable admins to manage and track compliance activities. Compliance score is a calculation of the overall compliance posture across the organization. The compliance score is available through Compliance Manager.

Answer 156

A

Microsoft Service Trust Portal - portal to see MS certification and white papers . provides a variety of content, tools, and other resources about how Microsoft cloud services protect your data, and how you can manage cloud data security and compliance for your organization.
The Service Trust Portal (STP) is Microsoft’s public site for publishing audit reports and other compliance-related information associated with Microsoft’s cloud services. STP users can download audit reports produced by external auditors and gain insight from Microsoft-authored whitepapers that provide details on how Microsoft cloud services protect your data, and how you can manage cloud data security and compliance for your organization.

Answer 157

A

Office 365 F3 (O365 F3 license plan), also known as the “frontline worker plan,” is a subscription-based productivity platform designed specifically for employees who don’t have a desk or office and need access to a range of collaboration and communication tools including a 2GB Exchange Kiosk Plan mailbox.

Answer 158

A

Protects passwords in memory during login

Answer 159

A

Reduces attack surface by controleld folder access, network filtering, attack surface reduction rules

Answer 160

A

Isolates browser session from local device

Answer 161

A

Control which applications a user can run

Brainscape's Knowledge GenomeTM

MS-900 Flashcards

Brainscape's Knowledge Genome^TM