Microsoft 365 Fundamentals Exam Dumps MS-900 Braindumps

Which Microsoft 365 products allow managers to create and manage approval flows within the collaboration workspace? (Choose 2)

• ❏ A. Microsoft Teams

• ❏ B. SharePoint

• ❏ C. Power Automate

• ❏ D. Microsoft Excel

In which release phase should a team perform compliance testing before exposing new features to a broader audience?

• ❏ A. General availability

• ❏ B. Private preview

• ❏ C. Targeted release

Do both Cloud PC and Virtual Workspace qualify as Desktop as a Service virtual desktop offerings?

• ❏ A. False

• ❏ B. True

What is the primary purpose of the Microsoft 365 user portal for end users?

• ❏ A. Device and endpoint management

• ❏ B. Centralized access to Microsoft 365 apps and services

• ❏ C. Email and mailbox administration

Which Microsoft 365 subscription is specifically designed for educational institutions such as schools and colleges?

• ❏ A. Microsoft 365 Business Premium

• ❏ B. Microsoft 365 E5

• ❏ C. Microsoft 365 A1

Can Microsoft 365 Data Loss Prevention policies prevent sensitive data from being shared in Microsoft Teams chats, channels, and files?

• ❏ A. Only for files stored in SharePoint

• ❏ B. Yes DLP can apply to Teams chats channels and files

• ❏ C. Only for attachments not message text

Is the Office app being rebranded as the Microsoft 365 app to serve as a single place where users can discover, create, and share content and ideas?

• ❏ A. True

• ❏ B. False

Which Windows update management feature allows you to validate updates on a subset of endpoints before deploying them more broadly?

• ❏ A. Windows Update for Business

• ❏ B. Insider Preview builds

• ❏ C. Deployment rings

• ❏ D. Servicing channels

In a hybrid identity configuration that uses an on premises Active Directory and a cloud identity service where should multi factor authentication be enabled to protect cloud access?

• ❏ A. On premises Active Directory only

• ❏ B. Cloud identity service only

• ❏ C. Both cloud identity service and on premises directory

Which SharePoint Online site types support both team collaboration and the publishing of organizational news? (Choose 2)

• ❏ A. Hub site

• ❏ B. Communication site

• ❏ C. Team site

All Azure questions come from my MS-900 Udemy course and certificationexams.pro

Can a customer identity service enable single sign on for both social accounts and corporate identity providers?

• ❏ A. False

• ❏ B. True

Where does Microsoft Stream store videos and how can those videos be played? (Choose 3)

• ❏ A. Videos can be played inside Microsoft Teams

• ❏ B. Video files are kept in Exchange Online mailboxes

• ❏ C. Stream stores videos in SharePoint Online document libraries

• ❏ D. Stream stores videos in Azure Blob Storage

• ❏ E. Videos can be embedded in and played from Yammer conversations

Which of the following statements most accurately describes Platform as a Service in cloud computing?

• ❏ A. Customers manage operating systems and middleware

• ❏ B. Provider managed development platform

• ❏ C. Cloud provider delivers no development tools

Which Microsoft licensing agreement mandates a minimum three year commitment for Microsoft 365 subscriptions?

• ❏ A. Microsoft Cloud Solution Provider

• ❏ B. Microsoft Enterprise Agreement (EA)

• ❏ C. Microsoft Customer Agreement

Does Secure Score allow an organization to benchmark its score against similar organizations for comparison?

• ❏ A. It only compares to industry averages

• ❏ B. Yes it benchmarks against similar organizations

• ❏ C. No it does not benchmark against other organizations

Which online portal allows employees to access email, calendar, and files using Microsoft 365 apps such as Office on the web, Teams, and Outlook from any internet connected device?

• ❏ A. Office.com

• ❏ B. Microsoft Azure Portal

• ❏ C. Microsoft 365 portal

• ❏ D. Microsoft 365 Admin Center

Which option correctly explains how Microsoft Defender for Cloud Apps leverages the Intelligent Security Graph to produce alerts for Microsoft Defender for Identity?

• ❏ A. Yes for both statements

• ❏ B. No for the first statement and Yes for the second

• ❏ C. No for both statements

Are managed identities available as both system assigned and user assigned?

• ❏ A. False

• ❏ B. True

After a Microsoft 365 Apps for enterprise license has been revoked on a workstation what action can still be performed on that machine?

• ❏ A. Edit and save a document

• ❏ B. Open and read a document

• ❏ C. Create a document

Which Microsoft 365 feature should be used to automatically apply tags to emails and documents that contain confidential text?

• ❏ A. Data Loss Prevention policy

• ❏ B. Sensitivity label

• ❏ C. Retention label

All Azure questions come from my MS-900 Udemy course and certificationexams.pro

What methods can IT use to deploy Microsoft 365 Apps to company workstations? (Choose 2)

• ❏ A. Group Policy software installation

• ❏ B. Office Deployment Tool

• ❏ C. Microsoft Endpoint Configuration Manager

In the context of cloud services what does scalability mean?

• ❏ A. Cloud Load Balancing

• ❏ B. Automatic scaling of resources with changing workload

• ❏ C. Increasing only storage capacity

Which Microsoft 365 subscription plan includes the full desktop Office applications but does not include audio conferencing?

• ❏ A. Microsoft 365 Business Basic

• ❏ B. Office 365 Enterprise E3

• ❏ C. Office 365 Business Premium

Which Microsoft Entra feature allows external users to sign in with their own identity provider and access your resources without creating accounts in your directory?

• ❏ A. Create external user accounts manually

• ❏ B. Microsoft Entra B2B collaboration

• ❏ C. Multi tenant application registration

• ❏ D. Microsoft Entra External ID for consumers

Are standard channels in Microsoft Teams limited to selected team members?

• ❏ A. False

• ❏ B. True

Which Microsoft service produces assessment reports and compliance documentation to help organizations meet regulatory requirements?

• ❏ A. Microsoft Purview

• ❏ B. Microsoft Compliance Manager

• ❏ C. Azure Policy

Which Microsoft 365 tools can be used to build an automated vendor invoice approval workflow that integrates approval actions and notifications into Microsoft Teams? (Choose 3)

• ❏ A. Power Automate

• ❏ B. Power Virtual Agents

• ❏ C. Microsoft Forms

• ❏ D. Power Apps

Under what circumstances should an organization use multiple Microsoft Entra ID tenants instead of a single tenant?

• ❏ A. Isolate development and production environments

• ❏ B. Run legally separate subsidiaries or operate in countries that require separate tenants

• ❏ C. Manage external partners and customers with Microsoft Entra External Identities

Which Microsoft feature detects user and sign in risk and automatically applies risk based responses for privileged accounts?

• ❏ A. Azure AD Conditional Access

• ❏ B. Azure AD Identity Protection

• ❏ C. Microsoft Defender for Identity

Which two desktop applications are included with Microsoft 365 Business plans but are not bundled with Microsoft 365 Enterprise plans?

• ❏ A. PowerPoint and Excel

• ❏ B. Access and Publisher desktop apps

• ❏ C. OneDrive and Outlook

• ❏ D. SharePoint and Teams

All Azure questions come from my MS-900 Udemy course and certificationexams.pro

Which Azure Active Directory tier allows users who exist only in the cloud to reset their own passwords without IT intervention?

• ❏ A. Azure AD Premium P1

• ❏ B. Microsoft Entra ID P1

• ❏ C. Azure AD Free

Which Azure Active Directory subscription tier includes advanced adaptive multifactor authentication along with Identity Protection?

• ❏ A. Azure AD Free

• ❏ B. Azure AD Premium P2

• ❏ C. Azure AD Premium P1

Which update channel and deployment approach should be used to provide IT testers and training staff with early access to new Microsoft 365 Apps features before a company wide rollout? (Choose 3)

• ❏ A. Use the Office Content Delivery Network

• ❏ B. Configure the Monthly Enterprise Channel for all users

• ❏ C. Enable Current Channel (Preview) for testers

• ❏ D. Run a staged pilot followed by production rollout

Which of the following is not a core attribute of cloud services?

• ❏ A. On-demand self-service

• ❏ B. Local control

• ❏ C. Measured service

Which Microsoft tool provides a visual task board for assigning work, setting deadlines, and tracking task status?

• ❏ A. Microsoft Teams

• ❏ B. Microsoft Planner

• ❏ C. Microsoft Project

Microsoft Teams and Power Automate are correct because they let managers build and manage approval flows inside the collaboration workspace.

Power Automate is the workflow engine that provides a visual flow designer and a built in Approvals connector so managers can create simple or multi stage approval processes and connect those flows to apps and data across Microsoft 365.

Microsoft Teams hosts the Approvals experience and integrates with Power Automate so managers can trigger, review, and act on approval requests directly in channels, chats, and the Approvals app inside the collaboration workspace.

SharePoint is not the primary tool for building approval flows even though it can store items and trigger flows through integration with Power Automate. SharePoint alone does not provide the visual flow designer or the Approvals connector that Power Automate offers.

Microsoft Excel is a spreadsheet application and not designed to build or manage approval flows. Excel can be a data source for flows but it does not provide native approval workflow capabilities inside the collaboration workspace.

The correct answer is Private preview.

Private preview is the release phase where a feature is given to a very small and tightly controlled set of users so the team can validate functionality and perform compliance and regulatory testing before exposing the feature to a broader audience.

This stage lets the team collect targeted feedback and implement fixes or documentation changes needed for compliance without impacting wider customers. It is the appropriate choice when you must confirm that controls meet legal or regulatory requirements before wider distribution.

General availability is the full public release and is not appropriate for pre exposure compliance testing because it already exposes the feature to the general customer base.

Targeted release typically opens features to a broader controlled audience or to an organization for early access but it is less restrictive than a private preview and may not provide the tight access controls needed for thorough compliance validation.

The correct option is True.

Microsoft Cloud PC, often called Windows 365 Cloud PC, is a managed cloud service that delivers a full Windows desktop from Microsofts cloud and it is therefore a Desktop as a Service offering. Virtual workspace is commonly used to describe managed virtual desktop solutions that stream desktop environments from the cloud, and those offerings are also Desktop as a Service solutions.

False is incorrect because both Cloud PC and virtual workspace style products provide hosted, cloud delivered desktops rather than being non Desktop as a Service technologies.

Centralized access to Microsoft 365 apps and services is correct. The Microsoft 365 user portal is designed to give end users a single place to sign in and open the web and cloud apps that are part of their subscription.

The portal provides the app launcher and quick links to Outlook, Word, Excel, OneDrive, Teams and other Microsoft 365 services so users can access their apps and files from one location. It supports single sign on and links to user settings and subscriptions so the focus is on user access rather than administrative control.

Device and endpoint management is incorrect. Device and endpoint management is performed through Microsoft Intune and the Microsoft Endpoint Manager admin center and not through the standard user portal.

Email and mailbox administration is incorrect. Email and mailbox administration happens in the Exchange admin center or the Microsoft 365 admin center and requires administrator roles rather than the regular user portal.

The correct answer is Microsoft 365 A1.

Microsoft 365 A1 is the education plan designed for schools and colleges. It provides web and mobile Office apps together with classroom and collaboration services such as Microsoft Teams for Education and OneDrive for Business and it is often offered at no cost or at a discounted rate to eligible educational institutions which makes it the appropriate choice for students and staff.

The A1 plan is the entry level education offering and it focuses on classroom collaboration and core productivity tools rather than the advanced enterprise security and device management features found in business and enterprise plans. That is why the A1 education plan is the correct answer when the question asks about subscriptions tailored to schools and colleges.

Microsoft 365 Business Premium is targeted at small and medium sized businesses and it includes device management and commercial security features rather than education specific classroom tools. For that reason it is not the correct option.

Microsoft 365 E5 is an enterprise level plan that provides advanced security analytics compliance and voice capabilities for large organizations and enterprises. It is not the education focused entry plan referenced in the question so it is not the correct answer.

Yes DLP can apply to Teams chats channels and files is correct.

Microsoft 365 Data Loss Prevention can inspect and protect sensitive information that appears in Teams messages and in files that are shared through Teams. DLP policies can evaluate message text as well as attachments and files that Teams stores in SharePoint for channels and in OneDrive for chats, and they can take actions such as notify users, show policy tips, block sharing, or apply remediation depending on the policy settings.

Only for files stored in SharePoint is incorrect because Teams content is not limited to files in SharePoint and DLP covers files stored in SharePoint for channel files and OneDrive for chat files, and it also covers the message content itself.

Only for attachments not message text is incorrect because DLP can analyze and act on the actual message text in chats and channel conversations as well as on attachments and files.

The correct option is True.

Microsoft announced that the Office app has been rebranded as the Microsoft 365 app to serve as a single place for users to discover create and share content and ideas. The Microsoft 365 app brings together shortcuts to Word Excel and PowerPoint and adds unified search and content discovery so users can more easily find and work with documents and templates.

False is incorrect because the Office app was officially renamed and the question describes that rebranding accurately. The consumer mobile experience now uses the Microsoft 365 app name rather than keeping the Office app name.

The correct answer is Deployment rings.

Deployment rings are the staged rollout mechanism that lets administrators validate updates on a small subset of endpoints before wider deployment. You define rings such as pilot and broad and then progressively move updates outward which reduces risk and helps catch issues early.

Windows Update for Business is an overall update management capability that provides policies and deferral options but it is not the specific construct used to perform staged validations. It can be used to configure rings but the targeted, phased rollout is implemented with Deployment rings.

Insider Preview builds are pre-release versions of Windows intended for testing and feedback and they are not a rollout control for production updates. They do not provide the staged ring-based validation mechanism that deployment rings offer.

Servicing channels define the cadence and servicing model for updates and they determine which updates a device receives and when. They do not by themselves create a subset of endpoints for progressive validation in the way that Deployment rings do.

Cloud identity service only is the correct option.

Cloud Identity is the centralized identity provider for Google Cloud and Workspace services and it is the place to enforce multi factor authentication for cloud access. Enabling MFA in Cloud Identity ensures that users who access cloud resources are required to complete the second factor whether they authenticate directly to Google services or through a federated connection.

Cloud Identity also supports modern second factors such as security keys and authenticator apps and it provides admin controls and reporting that are specific to cloud access patterns. Those capabilities make it the appropriate enforcement point for protecting cloud resources.

On premises Active Directory only is incorrect because applying MFA solely on the on premises directory will not necessarily protect cloud logins and federated sessions that are handled by the cloud identity provider.

Both cloud identity service and on premises directory is incorrect in the context of this question because the expected best practice for protecting cloud access is to enforce MFA at the cloud identity layer. Adding redundant enforcement on premises can increase complexity and does not replace the need to secure the cloud identity plane.

Communication site and Team site are correct.

Team site is built for group collaboration and it provides document libraries, lists, and Microsoft 365 group integration while also supporting news posts that keep the team informed.

Communication site is intended for broad publishing and it is designed to broadcast organizational news and announcements with page templates and news web parts that reach a wider audience.

Hub site is not correct because hub sites are used to connect and organize multiple sites with shared navigation and aggregated content and they are not a separate site template whose primary purpose is team collaboration or publishing news even though they can surface news from associated sites.

The correct answer is True.

Customer identity services are built to support a variety of authentication methods so they can enable single sign on with both social accounts and corporate identity providers. These services provide built in connectors for social providers such as Google, Facebook, and Apple and they also support federation with enterprise identity systems using standards like SAML and OpenID Connect so a single identity service can handle both types of sign in.

In practice the identity service often acts as an identity broker that manages OAuth, OIDC, and SAML flows for your applications. This simplifies SSO because the application delegates authentication to the identity service and benefits from features like account linking and unified user profiles so users can use either social or corporate credentials to access the same application.

False is incorrect because a customer identity service is specifically intended to enable both social and enterprise authentication and single sign on rather than restrict authentication to only one type of provider.

Videos can be played inside Microsoft Teams, Stream stores videos in SharePoint Online document libraries, and Videos can be embedded in and played from Yammer conversations are correct.

Microsoft Stream on SharePoint integrates with Microsoft Teams so users can play videos directly inside Teams channels and tabs. The embedded player uses the video files that live in SharePoint or OneDrive and permissions are enforced by the SharePoint permission model.

Modern Stream stores uploaded video files in SharePoint Online document libraries and in OneDrive for Business for user uploads. Storing videos as standard files means they inherit SharePoint features such as permissions, search, versioning, and compliance controls which makes SharePoint the definitive storage location for Stream (on SharePoint).

Videos can be embedded in Yammer conversations and played inline because Yammer supports embedding files that are stored in SharePoint or Stream on SharePoint. This lets users preview and play video content inside Yammer threads while the underlying SharePoint storage enforces access.

Video files are kept in Exchange Online mailboxes is incorrect because Exchange mailboxes are for email and attachments and are not the storage location for Stream videos. Stream videos live in SharePoint or OneDrive rather than in user mailboxes.

Stream stores videos in Azure Blob Storage is not correct for the modern Stream experience. Microsoft Stream classic relied on Azure Media Services and underlying Azure storage and that classic service is being retired. The current Stream on SharePoint stores files in SharePoint and OneDrive rather than exposing Azure Blob Storage as the user visible location.

Provider managed development platform is the correct option because it captures the essence of Platform as a Service where the provider supplies the development runtime and tools and the customer focuses on application code.

PaaS means the cloud provider manages the infrastructure, operating system, middleware and runtime and also provides development frameworks and deployment services so developers do not have to administer those lower layers.

Customers manage operating systems and middleware is incorrect because that describes Infrastructure as a Service where the customer is responsible for the OS and middleware.

Cloud provider delivers no development tools is incorrect because PaaS offerings typically include development tools, runtimes and managed services to simplify building and running applications.

The correct answer is Microsoft Enterprise Agreement (EA).

The Enterprise Agreement is a volume licensing contract that is intended for larger organizations and it typically requires an initial three year commitment for subscription licensing such as Microsoft 365 when acquired under the EA. The agreement includes annual true ups and enterprise pricing that depend on that multi year contract structure.

Microsoft Cloud Solution Provider is incorrect because the CSP program is a partner reseller model that commonly offers monthly or annual billing and it does not impose a mandatory three year minimum commitment for Microsoft 365 subscriptions.

Microsoft Customer Agreement is incorrect because the Microsoft Customer Agreement is a modern purchasing agreement used for cloud services and other purchases and it generally provides more flexible term and billing options rather than enforcing a three year minimum for Microsoft 365.

Yes it benchmarks against similar organizations is the correct answer because Secure Score provides peer comparisons so you can see how your tenant ranks against similar organizations.

Secure Score includes a comparison feature that groups organizations by attributes such as industry and size and then shows how your score compares to that peer group. This lets you compare controls and improvement actions against similar organizations to prioritize your security improvements.

It only compares to industry averages is incorrect because Secure Score does more than show industry averages. It provides peer group benchmarking so you can compare to similar organizations and not just a broad industry average.

No it does not benchmark against other organizations is incorrect because Secure Score does offer benchmarking against other tenants and includes controls to compare your configuration and improvements with peers.

The correct option is Microsoft 365 portal. The Microsoft 365 portal is the web sign in site that lets employees open their email, calendar and files and launch Microsoft 365 apps such as Office on the web, Teams and Outlook from any internet connected device.

The Microsoft 365 portal provides a user facing app launcher, access to Outlook on the web, OneDrive and SharePoint files, and links to Teams and other Microsoft 365 services so users can work from any browser or device.

Office.com mainly provides quick access to Office web apps and a landing page for Office experiences but it is not the named user portal that organizes all Microsoft 365 services for a signed in employee in the same way as the Microsoft 365 portal.

Microsoft Azure Portal is the cloud management console for Azure resources and it is used by cloud engineers to manage virtual machines, networking and other Azure services rather than for employees to access email, calendar or Office on the web.

Microsoft 365 Admin Center is the administrative interface for IT staff to manage users, licenses and tenant settings and it is not the general employee portal for launching email, calendar or Teams.

The correct option is No for the first statement and Yes for the second.

This choice is correct because Microsoft Defender for Cloud Apps does not directly create native alerts inside Microsoft Defender for Identity in the way the first statement implies. Instead Defender for Cloud Apps uses the Intelligent Security Graph to ingest and correlate signals across services and to enrich and surface cross product alerts and incidents that are visible in the broader Microsoft 365 Defender experience.

The Intelligent Security Graph provides shared signals and correlation so that identity detections from Defender for Identity and cloud activity detections from Defender for Cloud Apps can be combined into richer alerts. That means Defender for Cloud Apps contributes signals and context through the graph and through the Microsoft 365 Defender ecosystem rather than simply issuing native Defender for Identity alerts by itself.

Yes for both statements is incorrect because Defender for Cloud Apps does not unilaterally generate native Defender for Identity alerts and therefore both statements cannot be true.

No for both statements is incorrect because the second statement is true in the sense that Defender for Cloud Apps does use the Intelligent Security Graph to share and correlate signals so that identity related detections are enriched and surfaced across products.

The correct answer is True.

True is correct because managed identities for Azure resources are offered in two forms. One form is system assigned which is created with and tied to the lifecycle of a specific Azure resource so it is removed when the resource is deleted. The other form is user assigned which is created as a standalone Azure resource and can be assigned to multiple resources and persist independently of them.

False is incorrect because it states that managed identities are not available as both system assigned and user assigned, and that contradicts the documented types of managed identities supported by Azure.

The correct option is Open and read a document.

When a Microsoft 365 Apps for enterprise license is revoked on a workstation the Office applications typically enter a reduced functionality mode. In that mode the apps allow users to open and read and print documents but they block editing, creating, and saving until a valid license or sign in is restored. That is why Open and read a document remains possible even after the license is removed.

Edit and save a document is incorrect because editing and saving are disabled in reduced functionality mode and the user will be prevented from making or committing changes without a valid license.

Create a document is incorrect because creating new files is also blocked when the software is in reduced functionality or read only mode after the license is revoked.

The correct option is Sensitivity label.

Sensitivity label can be applied automatically to emails and documents based on their content and it supports actions such as encryption, visual markings, and metadata tagging so items containing confidential text are labeled and protected.

Auto labeling rules in the Microsoft 365 compliance center let administrators configure conditions that detect sensitive information and automatically apply a Sensitivity label to matching files and messages.

Data Loss Prevention policy is aimed at detecting and preventing the sharing or leakage of sensitive information and it can block or warn users but it does not primarily tag items with a classification label in the same way labels do.

Retention label controls how long content is kept and when it is deleted or retained and it is not intended to classify content for confidentiality or apply encryption or visual markings.

The correct answers are Office Deployment Tool and Microsoft Endpoint Configuration Manager.

The Office Deployment Tool is a command line utility that downloads and installs Microsoft 365 Apps using Click to Run and it lets you control which apps, languages, and update channels are installed through a configuration XML. It is commonly used for scripted deployments and for preparing images that will be deployed to many workstations.

The Microsoft Endpoint Configuration Manager integrates with the Office Deployment Tool and can deploy, manage, and update Microsoft 365 Apps at enterprise scale. It can create application deployments, handle updates and scheduling, and provide reporting on installation status which makes it well suited for corporate environments.

The Group Policy software installation method relies on MSI based deployment and does not support the Click to Run technology used by Microsoft 365 Apps. This older MSI approach is therefore not suitable for modern Microsoft 365 Apps deployments and it is less likely to be the expected answer on newer exams.

Automatic scaling of resources with changing workload is the correct option.

Automatic scaling of resources with changing workload means that cloud platforms can add or remove compute instances and adjust other resource allocations automatically as demand rises or falls. This capability lets applications maintain performance and control cost because resources match the workload instead of remaining fixed.

Scalability can involve scaling out by adding more instances or scaling up by increasing the size of existing resources, and Automatic scaling of resources with changing workload usually refers to automated mechanisms and policies that carry out those adjustments without manual intervention.

Cloud Load Balancing is a specific service that distributes incoming traffic across multiple backends to improve availability and performance, but it is not the definition of scalability because it does not by itself change the amount of resources available.

Increasing only storage capacity is a narrow action that scales a single resource type and does not capture the broader idea of scalability, which includes adjusting compute and other resources as workload changes.

Office 365 Business Premium is correct because it provides the full desktop Office applications while it does not include audio conferencing by default.

Business Premium is the small business plan that gives users the full desktop versions of Word Excel PowerPoint Outlook and other Office apps for PC and Mac and it focuses on productivity and device management for small organizations. It does not include the Teams audio conferencing feature as part of the base subscription. Note that the Office 365 Business Premium name has been rebranded to Microsoft 365 Business Standard so exam materials may use either name.

Microsoft 365 Business Basic is incorrect because that plan does not include the full desktop Office applications and instead provides web and mobile versions of Office plus cloud services such as Exchange Online and Teams.

Office 365 Enterprise E3 is incorrect for this question because it is an enterprise tier that includes desktop Office apps and has different voice and conferencing options or add ons, so it does not match the specific small business combination of full desktop apps without audio conferencing described here.

The correct answer is Microsoft Entra B2B collaboration.

Microsoft Entra B2B collaboration lets organizations invite external users to access resources while those users authenticate with their own identity provider. It creates a guest user record in your directory but you do not manage their credentials and you can grant access without provisioning full managed accounts for their identities.

Create external user accounts manually is incorrect because that approach requires you to provision and manage separate accounts and credentials in your directory which does not allow external users to authenticate solely with their own identity provider.

Multi tenant application registration is incorrect because registering an application as multi tenant makes the app available to users from other Azure AD tenants but it does not provide the B2B invitation workflow or the external identity collaboration features that let partners access resources without you managing their credentials.

Microsoft Entra External ID for consumers is incorrect because that offering is focused on customer and consumer identity scenarios and it is intended to manage sign in for customers with social or local accounts rather than enabling organizational guest collaboration across directories.

The correct answer is False. Standard channels are accessible to all members of the team rather than being restricted to selected team members.

Standard channels let every team member view and participate in conversations and access files and tabs in that channel. Only private channels limit membership to a subset of the team and require explicit addition of members, so saying that standard channels are restricted is inaccurate.

True is incorrect because it asserts that standard channels are limited to selected team members, and that limitation applies only to private channels which are designed for a smaller set of members.

The correct answer is Microsoft Compliance Manager.

Microsoft Compliance Manager provides a centralized framework to assess regulatory requirements by mapping controls to standards and by tracking implementation status. It generates assessment reports, actionable improvement steps, and supporting documentation that organizations can use to demonstrate compliance to auditors and regulators.

Microsoft Purview is focused on data discovery, classification, and governance across data estates. It helps manage and protect sensitive data but it does not primarily produce the regulation specific assessment reports and documented control evidence that Microsoft Compliance Manager produces.

Azure Policy is used to enforce and evaluate resource configuration and to report the compliance state of Azure resources. It is valuable for governance and automated remediation but it does not create the regulatory assessment reports and compliance documentation that are generated by Microsoft Compliance Manager.

The correct answers are Power Automate, Microsoft Forms, and Power Apps.

Power Automate provides the approval actions and workflow orchestration needed to automate vendor invoice approvals. It can send approval requests, collect responses, and post approval notifications into Microsoft Teams so the whole process is integrated with team collaboration.

Microsoft Forms can capture invoice details from vendors or internal users through a simple submission form. A form submission can trigger a flow in Power Automate so the captured data starts the approval process and notification steps automatically.

Power Apps lets you build a custom invoice submission or review interface that fits your business process. The app can call Power Automate flows to perform approvals and it can surface or send notifications to Teams so users can complete reviews within a tailored experience and the Teams environment.

Power Virtual Agents is designed for building conversational chatbots and not for constructing approval workflows as a primary function. Although a bot could call a flow, it is not the core tool for creating and managing approval processes for invoices and therefore it is not the best choice for this scenario.

The correct option is Run legally separate subsidiaries or operate in countries that require separate tenants.

You should use multiple tenants when legal entity boundaries or local data residency and compliance requirements force a strict separation of identities and data. Separate tenants create independent directories and authentication boundaries so each subsidiary or country instance can have its own administrative control, policies, and contractual compliance. This approach helps meet regulatory obligations and keeps identities and data isolated when necessary.

Isolate development and production environments is not generally a reason to create multiple tenants. Development and production can usually be isolated within a single tenant by using separate subscriptions, resource groups, or by applying environment specific policies and accounts. Creating extra tenants for dev and prod increases complexity for cross environment testing and identity management.

Manage external partners and customers with Microsoft Entra External Identities is also not a reason to use multiple tenants. Microsoft Entra External Identities is designed to allow partners and customers to access your resources while using their own identities and credentials, so you can manage external users within a single tenant. Separate tenants are only needed for external organizations when those organizations require full directory independence for legal or compliance reasons.

The correct option is Azure AD Identity Protection.

Azure AD Identity Protection detects user risk and sign in risk by using signals and machine learning and it can automate risk based responses for privileged accounts such as forcing a password reset requiring additional verification or blocking access. It also integrates with Azure AD Conditional Access so that risk levels can be used to enforce access policies automatically.

Azure AD Conditional Access is primarily the policy enforcement engine that applies controls based on signals and policies and it does not itself perform the primary risk detection and automated remediation tasks that Identity Protection provides. Conditional Access instead consumes risk signals from Azure AD Identity Protection to make access decisions.

Microsoft Defender for Identity focuses on monitoring on premises Active Directory and detecting lateral movement and identity compromise within a network and it does not provide the cloud based user and sign in risk detection with automated remediation for Azure AD privileged accounts that Azure AD Identity Protection offers.

The correct answer is Access and Publisher desktop apps.

Access and Publisher desktop apps are Windows desktop applications that Microsoft includes with some Microsoft 365 Business plans but that are not bundled by default with many Microsoft 365 Enterprise SKUs. These apps are often provided to meet small business desktop database and publishing needs while enterprise plans concentrate on broader cloud services and advanced security features.

PowerPoint and Excel is incorrect because both PowerPoint and Excel are core Office applications that are included across Business and Enterprise plans and so they are not unique to Business plans.

OneDrive and Outlook is incorrect because OneDrive and Outlook are cloud and productivity services that are available in both Business and Enterprise offerings and therefore do not match the question.

SharePoint and Teams is incorrect because SharePoint and Teams are enterprise collaboration services that are commonly included with Enterprise plans as well as Business plans and so they are not the two apps that are exclusive to Business plans.

The correct answer is Azure AD Free.

Azure AD Free includes self service password reset for cloud only accounts so users can reset their own passwords without IT intervention. The free tier covers cloud only scenarios by using security information and verification methods while more advanced capabilities are not required for basic cloud only password reset.

Azure AD Premium P1 is a paid edition that adds features such as on premises password writeback and advanced identity protections. It is not required for cloud only self service password reset which is why this option is incorrect.

Microsoft Entra ID P1 is the current name for the paid premium tier that was previously labeled Azure AD Premium P1 and it provides the same paid capabilities. Newer exam materials may use the Microsoft Entra name but this tier is also not necessary for cloud only password resets so it is incorrect here.

Azure AD Premium P2 is correct because it provides advanced adaptive multifactor authentication together with Azure AD Identity Protection.

Azure AD Premium P2 includes Identity Protection which performs risk based sign in and user risk detections and it enables adaptive MFA decisions that can challenge or block sign ins based on detected risk. These capabilities allow automated risk remediation and more granular policies that go beyond basic MFA and conditional access.

Azure AD Free is incorrect because the free tier provides basic identity and access management and does not include the advanced adaptive MFA or the Identity Protection risk detection features.

Azure AD Premium P1 is incorrect because P1 offers conditional access and enhanced identity management but it does not include Azure AD Identity Protection or the full set of adaptive, risk based MFA and automated remediation features that are part of Premium P2.

The correct options are Use the Office Content Delivery Network, Enable Current Channel (Preview) for testers, and Run a staged pilot followed by production rollout.

Use the Office Content Delivery Network lets devices download update files from Microsoft’s global CDN which speeds distribution and reduces load on your internal network so testers can receive preview builds quickly and reliably.

Enable Current Channel (Preview) for testers places selected users on the preview update stream so they see new features earlier than the general population and can validate functionality and training materials before a wider release.

Run a staged pilot followed by production rollout gives you a controlled way to test updates in a small group and to identify issues before expanding to the whole organization which reduces risk during the company wide rollout.

Configure the Monthly Enterprise Channel for all users is incorrect because the Monthly Enterprise Channel is designed for broader, more stable deployments and does not provide the early preview access testers and training staff need.

Local control is the correct answer.

Local control is not a core cloud attribute because cloud computing focuses on remotely provided and managed resources rather than customers maintaining direct physical control of infrastructure. The standard definition of cloud characteristics includes service delivery and management features and not local on premises control, so Local control does not fit.

On-demand self-service is incorrect because it is a core cloud attribute that lets customers provision computing capabilities automatically as needed without human provider interaction.

Measured service is incorrect because it is a core cloud attribute that involves monitoring, metering, and billing resource usage so providers and customers can track consumption.

The correct answer is Microsoft Planner.

Microsoft Planner provides a simple visual task board where teams can create tasks, assign work to people, set due dates, and move tasks through status buckets to track progress. It includes charts and labels to show overall status and integrates with other Microsoft 365 apps so teams can collaborate around those tasks.

Microsoft Teams is primarily a chat and collaboration platform that brings together conversations, meetings, and files. It is not itself a dedicated visual task board even though you can add a Planner tab inside a team to display Planner tasks.

Microsoft Project is a more advanced project management tool that focuses on detailed scheduling, resource management, and Gantt charts. It is aimed at complex project planning rather than the lightweight visual task board style that Planner provides.