MS-102 Microsoft 365 Administrator Exam Free Practice Exam Questions (2025 Updated)
Prepare effectively for your Microsoft MS-102 Microsoft 365 Administrator Exam certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.
Your company has offices in Seattle and Denver.
You have a Microsoft 365 subscription.
You plan to create a Conditional Access policy named Policy1 that will enforce multifactor authentication (MFA).
You need to ensure that users at the Seattle office are excluded from MFA. Users at the Denver office must always be prompted for MFA.
What should you configure for Policy1?
You have a Microsoft 365 subscription that includes Microsoft Defender XDR.
From the Microsoft Defender portal, you review the Microsoft Secure Score improvement actions shown in the following table.
You plan to update the status of the improvement actions as shown in the following table.
How many points will the Secure Score increase after the update?
You have a Microsoft 365 E5 subscription that contains a user named User1.
User1 exceeds the default daily limit of allowed email messages and is on the Restricted entities list.
You need to remove User1 from the Restricted entities list.
What should you use?
You have a Microsoft 365 E5 subscription that contains the resources shown in the following table.
You create a sensitivity label named Label1.
To which resource can you apply Label1?
You have a Microsoft 365 ES subscription.
From the Microsoft 365 Defender portal, you review your company's Microsoft Secure Score.
You discover a large number of recommended actions.
You need to ensure that the actions can be filtered based on specific department names.
What should you create first?
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Cloud Apps. The subscription contains users that have Windows 11 devices.
You need to use the Cloud Discovery snapshot report to analyze cloud app usage on the devices. What should you do before generating a report?
You have a Microsoft 365 E5 tenant.
You configure sensitivity labels.
Users report that the Sensitivity button is unavailability in Microsoft Word for the web. The sensitivity button is available in Word for Microsoft 365.
You need to ensure that the users can apply the sensitivity labels when they use Word for the web.
What should you do?
You have a Microsoft 365 E5 subscription.
You need to create Conditional Access policies to meet the following requirements:
All users must use multi-factor authentication (MFA) when they sign in from outside the corporate network.
Users must only be able to sign in from outside the corporate network if the sign-in originates from a compliant device.
All users must be blocked from signing in from outside the United States and Canada.
Only users in the R&D department must be blocked from signing in from both Android and iOS devices.
Only users in the finance department must be able to sign in to an Azure AD enterprise application named App1. All other users must be blocked from signing in to App1.
What is the minimum number of Conditional Access policies you should create?
You have a Microsoft 365 subscription.
You need to add additional domains with the onmicrosoft.com suffix to the subscription. The additional domains must be assignable as email addresses for users.
What is the maximum number of onmicrosoft.com domains the subscription can contain?
You have a Microsoft 365 tenant.
You plan to implement device configuration profiles in Microsoft Intune.
Which platform can you manage by using the profiles?
You plan to use Azure Sentinel and Microsoft Cloud App Security. You need to connect Cloud App Security to Azure Sentinel.
What should you do in the Cloud App Security admin center?
You have a Microsoft 365 E5 subscription that.
You need to identify whenever a sensitivity label is applied, changed, or removed within the subscription.
Which feature should you use, and how many days will the data be retained? To answer, select the appropriate options in the answer area.
NOTE Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that contains Windows 11 devices. All the devices are onboarded to Microsoft Defender for Endpoint.
You need to compare the configuration of the devices against industry standard benchmarks. What should you use?
You have a Microsoft 365 E5 tenant.
You plan to deploy a monitoring solution that meets the following requirements:
Captures Microsoft Teams channel messages that contain threatening or violent language.
Alerts a reviewer when a threatening or violent message is identified.
What should you include in the solution?
You have a Microsoft 365 is subscription that includes Microsoft Intune.
You manage all iOS devices by using Intune.
You plan to protect corporate-owned iOS devices by using Microsoft Defender for Endpoint. You configure a connection between Intune and Defender for Endpoint.
You need to onboard the devices to Defender for Endpoint.
What should you do?
You have a Microsoft 365 E5 subscription.
You plan to implement Microsoft 365 compliance policies to meet the following requirements:
Identify documents that are stored in Microsoft Teams and SharePoint Online that contain Personally Identifiable Information (PII).
Report on shared documents that contain PII.
What should you create?
: 246 HOTSPOT
You have a Microsoft 365 tenant.
You need to create a custom Compliance Manager assessment template.
Which application should you use to create the template, and in which file format should the template be saved? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
: 231
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network.
Solution: From the Endpoint Management admin center, you create a device configuration profile.
Does this meet the goal?
You have a Microsoft 365 subscription that uses Microsoft Defender XDR
From Automatic remediation in the Microsoft Defender portal, you set Automation level to Semi - require approval for non-temp folders for the endpoints.
You need to identify the impact of the Automation level setting on the endpoints.
Which two actions will occur based on the remediation settings? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.
You need to be notified when a single user downloads more than 50 files during any 60-second period.
What should you configure?
