You have Windows 10 devices that are managed by using Microsoft Endpoint Manager. All the devices have Microsoft Office 365 apps installed.
You need to configure the proofing tool settings for the Office 365 apps.
From the Microsoft Endpoint Manager admin center, what should you create?

• A.a device compliance policy
• B.a device configuration profile
• C.an app configuration policy
• D.an app

Comment: *

Name: *

Email: *

Verification: *

Your network contains an on-premises Active Directory domain named contoso.com that is synced to a Microsoft Azure Active Directory (Azure AD) tenant. The on-premises domain contains a server named Server1 that runs Windows Server 2016 and 200 client computers that run Windows 10.
Your company purchases a Microsoft 365 subscription.
On Server1, you create a file share named Share1. You extract the Microsoft Office Deployment Tool (ODT) to Share1.
You need to deploy Office 365 ProPlus, and the French language pack from Share1 to the Windows 10 computers.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Correct Answer:

Explanation

Note:
Step 1: Create an XML configuration file with the source path and download path for the installation files.
Step 2: On the deployment server, run the ODT executable in download mode and with a reference to the XML configuration file.
Step 3: Create another XML configuration file with the source path to the installation files.
Step 4: On the client computer, run the ODT executable in configure mode and with a reference to the XML configuration file.
Reference:
https://docs.microsoft.com/en-us/DeployOffice/overview-of-the-office-2016-deployment-tool

Comment: *

Name: *

Email: *

Verification: *

You need to ensure that all the sales department users can authenticate successfully during Project1 and Project2.
Which authentication strategy should you implement for the pilot projects?

• A.password hash synchronization and seamless SSO
• B.pass-through authentication
• C.password hash synchronization
• D.pass-through authentication and seamless SSO

Correct Answer: A

Section: [none]
Explanation:
* Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft
365.
* Project2: After the successful completion of Project1, Microsoft Teams & Skype for Business will be enabled in Microsoft 365 for the sales department users.
* After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.
* Fabrikam does NOT plan to implement identity federation.
* After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.
You need to enable password hash synchronization to enable the users to continue to authenticate to their mailbox and to SharePoint sites by using their UPN.
You need to enable SSO to enable all users to be signed in to on-premises and cloud-based applications automatically.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn Testlet 4 Case study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Overview
General Overview
Litware, Inc. is a consulting company that has a main office in Montreal and a branch office in Seattle.
Litware collaborates with a third-party company named ADatum Corporation.
Environment
On-Premises Environment
The network of Litware contains an Active Directory domain named litware.com. The domain contains three organizational units (OUs) named LitwareAdmins, Montreal Users, and Seattle Users and the users shown in the following table.

The domain contains 2,000 Windows 10 Pro devices and 100 servers that run Windows Server 2019.
Cloud environment
Litware has a pilot Microsoft 365 subscription that includes Microsoft Office 365 Enterprise E3 licenses and Azure Active Directory Premium Plan 2 licenses.
The subscription contains a verified DNS domain named litware.com.
Azure AD Connect is installed and has the following configurations:
* Password hash synchronization is enabled.
* Synchronization is enabled for the LitwareAdmins OU only.
Users are assigned the roles shown in the following table.

Self-service password reset (SSPR) is enabled.
The Azure Active Directory (Azure AD) tenant has Security defaults enabled.
Requirements
Planned Changes
Litware identifies the following issues:
* Admin1 cannot create conditional access policies.
* Admin4 receives an error when attempting to use SSPR.
* Users access new Office 365 service and feature updates before the updates are reviewed by Admin2.
Technical Requirements
Litware plans to implement the following changes:
* Implement Microsoft Intune.
* Implement Microsoft Teams.
* Implement Microsoft Defender for Office 365.
* Ensure that users can install Office 365 apps on their device.
* Convert all the Windows 10 Pro devices to Windows 10 Enterprise E5.
* Configure Azure AD Connect to sync the Montreal Users OU and the Seattle Users OU.

Comment: *

Name: *

Email: *

Verification: *

Your network contains an Active Directory domain named contoso.com. The domain contains the file servers shown in the following table.

A file named File1.abc is stored on Server1. A file named File2.abc is stored on Server2. Three apps named App1, App2, and App3 all open files that have the .abc file extension.
You implement Windows Information Protection (WIP) by using the following configurations:
* Exempt apps: App2
* Protected apps: App1
* Windows Information Protection mode: Block
* Network boundary: IPv4 range of 192.168.1.1-192.168.1.255
You need to identify the apps from which you can open File1.abc
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation

Box 1: Yes.
App1 is a protect app in the Windows Information Protection policy. File1 is stored on Server1 which is in the Network Boundary defined in the policy. Therefore, you can open File1 in App1.
Box 2: Yes.
App2 is exempt in the Windows Information Protection policy. The protection mode in the policy is block so all apps that are not included in the policy cannot be used to open the file... except for exempt apps.
Therefore, you can open File1 in App2.
Box 3: No.
The protection mode in the policy is block so all apps that are not included in the policy as protected apps or listed as exempt from the policy cannot be used to open the file. Therefore, you cannot open File from in App3.
Reference:
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/crea

Comment: *

Name: *

Email: *

Verification: *

From the Microsoft Azure Active Directory (Azure AD) Identity Protection dashboard, you view the risk events shown in the exhibit. (Click the Exhibit tab.)

You need to reduce the likelihood that the sign-ins are identified as risky.
What should you do?

• A.From the Security & Compliance admin center, add the users to the Security Readers role group.
• B.From the Conditional access blade in the Azure Active Directory admin center, create named locations.
• C.From the Azure Active Directory admin center, configure the trusted IPs for multi-factor authentication.
• D.From the Security & Compliance admin center, create a classification label.

Comment: *

Name: *

Email: *

Verification: *