MS-102 Microsoft 365 Administrator Expert Practice Exam
The MS-102: Microsoft 365 Administrator Expert Exam is a globally recognized certification designed for IT professionals who want to validate their skills in managing Microsoft 365 environments. This exam measures your ability to deploy, configure, secure, and monitor Microsoft 365 services and enterprise workloads. It’s ideal for administrators responsible for managing identity, security, compliance, and supporting Microsoft 365 core services.
By earning the Microsoft 365 Administrator Expert certification, you demonstrate deep expertise in administering cloud-based solutions, ensuring secure collaboration, managing users and licenses, implementing policies, and maintaining business continuity across Microsoft services like Exchange, Teams, SharePoint, and OneDrive.
On Exam Sage, we offer a comprehensive and up-to-date MS-102 practice exam specifically designed to help you master all exam objectives with confidence. Each question mirrors the real exam format and is crafted to test your understanding of Microsoft 365 technologies in real-world scenarios. Whether you’re preparing for your first attempt or brushing up before recertification, our practice test equips you with the knowledge and experience needed to pass.
What You Will Learn
Through this practice exam, you’ll gain in-depth understanding of:
Microsoft 365 tenant management, including configuration and lifecycle planning
Identity and access management using Azure Active Directory
Security and compliance features like data loss prevention (DLP), insider risk, and Microsoft Purview
Service health monitoring, incident response, and change management
Deployment and management of core services like Exchange Online, SharePoint Online, Teams, and Intune
Governance, reporting, and licensing strategies for enterprise-level organizations
Our exam content is structured to help you think like a Microsoft 365 administrator—not just memorize facts. Every question is followed by a detailed explanation so you can reinforce key concepts, understand why a particular answer is correct, and fill knowledge gaps as you go.
Key Topics Covered
The MS-102 exam practice test on ExamSage.com includes all major areas such as:
Deploying and managing Microsoft 365 tenants and subscriptions
Managing identity and roles using Azure AD and hybrid identity solutions
Implementing and managing security and compliance solutions
Managing and maintaining Microsoft 365 core services
Configuring policies for data retention, classification, and information protection
Monitoring service health and investigating issues
Our question sets are aligned with the latest Microsoft exam guide and frequently updated to reflect real-world changes in Microsoft 365 services. This ensures you are learning the most current technologies and practices.
Why Choose Exam Sage?
At ExamSage.com, our goal is to help you pass your certification exams efficiently and confidently. Our practice exams are created by subject matter experts with real industry experience. You’ll get access to expertly written multiple-choice questions, real exam scenarios, and answer explanations that actually teach you, not confuse you.
Whether you’re looking to validate your skills, advance in your career, or prepare for a job interview in cloud administration, our MS-102 practice exam is your ideal resource. Start preparing today and take one step closer to becoming a Microsoft 365 Certified Administrator Expert.
Sample Questions and Answers
1.
Which Microsoft 365 service provides protection against advanced threats like zero-day malware and phishing?
A) Microsoft Defender for Endpoint
B) Microsoft Intune
C) Microsoft Teams
D) Microsoft Power BI
Answer: A) Microsoft Defender for Endpoint
Explanation: Microsoft Defender for Endpoint is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats, including zero-day malware and phishing attacks.
2.
You need to configure Microsoft 365 so that users can only access corporate data from compliant devices. Which service should you use?
A) Microsoft Defender for Office 365
B) Azure AD Conditional Access
C) Microsoft Teams policies
D) Microsoft Power Automate
Answer: B) Azure AD Conditional Access
Explanation: Azure AD Conditional Access policies allow you to control access to resources based on device compliance, location, user risk, and more.
3.
What is the maximum retention period for Microsoft 365 retention policies?
A) 1 year
B) 5 years
C) 7 years
D) Unlimited
Answer: D) Unlimited
Explanation: Microsoft 365 retention policies can be configured for an unlimited retention period to meet various compliance requirements.
4.
Which tool is used to manage Microsoft 365 tenant-wide roles and licenses?
A) Microsoft Endpoint Manager
B) Microsoft 365 admin center
C) Exchange Admin Center
D) Microsoft PowerShell
Answer: B) Microsoft 365 admin center
Explanation: The Microsoft 365 admin center is the primary web interface used to manage tenant roles, licenses, and users.
5.
You want to ensure that all email sent from your organization uses DKIM to improve email authentication. What should you configure?
A) SPF records only
B) DKIM signing in Exchange Online
C) DMARC policies only
D) Microsoft Defender policies
Answer: B) DKIM signing in Exchange Online
Explanation: DKIM (DomainKeys Identified Mail) signing is configured in Exchange Online to cryptographically sign outbound emails, helping prevent spoofing.
6.
Which Microsoft 365 service allows you to create and enforce data loss prevention (DLP) policies?
A) Microsoft Teams
B) Microsoft Defender for Identity
C) Microsoft Purview Compliance Portal
D) Microsoft Power BI
Answer: C) Microsoft Purview Compliance Portal
Explanation: The Microsoft Purview Compliance Portal is used to create and manage DLP policies across Microsoft 365 services to protect sensitive information.
7.
What is the PowerShell module required to manage Microsoft Teams?
A) AzureAD
B) MicrosoftTeams
C) MSOnline
D) ExchangeOnlineManagement
Answer: B) MicrosoftTeams
Explanation: The MicrosoftTeams PowerShell module is used to manage Teams-specific settings and policies.
8.
You want to prevent users from sharing files externally in OneDrive and SharePoint. What is the recommended way?
A) Disable sharing in Azure AD
B) Configure sharing policies in the SharePoint admin center
C) Disable user accounts
D) Block guest access in Teams
Answer: B) Configure sharing policies in the SharePoint admin center
Explanation: Sharing policies in the SharePoint admin center control external sharing settings for both SharePoint and OneDrive.
9.
Which Microsoft 365 feature helps you automate responses to phishing attacks?
A) Microsoft Defender for Office 365 Threat Explorer
B) Microsoft Endpoint Manager
C) Azure AD Identity Protection
D) Power Automate
Answer: A) Microsoft Defender for Office 365 Threat Explorer
Explanation: Threat Explorer allows you to investigate and automate responses to email threats like phishing.
10.
Which tool is used for migrating email from an on-premises Exchange environment to Exchange Online?
A) Azure AD Connect
B) Microsoft Endpoint Manager
C) Exchange Online Migration Service
D) Microsoft Teams Admin Center
Answer: C) Exchange Online Migration Service
Explanation: The Exchange Online Migration Service supports various migration methods, including cutover, staged, and hybrid migrations.
11.
You want to enforce multi-factor authentication (MFA) for all users accessing Microsoft 365. Which feature should you configure?
A) Security Defaults
B) Exchange Transport Rules
C) Microsoft Defender for Identity
D) Microsoft Information Protection
Answer: A) Security Defaults
Explanation: Security Defaults in Azure AD provide an easy way to enforce MFA and basic security measures across all users.
12.
Which Microsoft 365 feature allows administrators to monitor the health and performance of Microsoft 365 services?
A) Microsoft Endpoint Manager
B) Microsoft 365 Service health dashboard
C) Microsoft Defender for Endpoint
D) Azure AD Connect
Answer: B) Microsoft 365 Service health dashboard
Explanation: The Service health dashboard provides real-time info about Microsoft 365 services’ status and incidents.
13.
Which protocol does Microsoft 365 use for secure email transport?
A) HTTP
B) SMTP with TLS
C) FTP
D) Telnet
Answer: B) SMTP with TLS
Explanation: SMTP with TLS is used to secure email in transit between mail servers in Microsoft 365.
14.
You need to delegate management of certain Microsoft 365 groups to a user without giving them global admin rights. What role should you assign?
A) Global Reader
B) Groups Administrator
C) Compliance Administrator
D) Security Reader
Answer: B) Groups Administrator
Explanation: The Groups Administrator role allows delegated management of Microsoft 365 groups without full admin privileges.
15.
Which Microsoft 365 compliance tool helps identify sensitive data across the tenant?
A) Azure Sentinel
B) Microsoft Purview Data Classification
C) Microsoft Endpoint Manager
D) Microsoft Power Platform
Answer: B) Microsoft Purview Data Classification
Explanation: Data Classification helps discover, classify, and protect sensitive information within Microsoft 365.
16.
To synchronize on-premises identities to Azure AD, which tool must be installed?
A) Azure AD Connect
B) Microsoft Endpoint Manager
C) Microsoft Teams Admin Center
D) Microsoft Defender for Identity
Answer: A) Azure AD Connect
Explanation: Azure AD Connect synchronizes on-premises Active Directory accounts with Azure Active Directory.
17.
What is the minimum number of global administrators recommended for a Microsoft 365 tenant?
A) 1
B) 2
C) 3
D) 5
Answer: B) 2
Explanation: Having at least two global administrators provides redundancy and ensures management continuity.
18.
Which Microsoft 365 security feature helps protect accounts from brute force attacks?
A) Azure AD Password Protection
B) Microsoft Defender for Endpoint
C) Microsoft Information Protection
D) Microsoft Teams Policies
Answer: A) Azure AD Password Protection
Explanation: Azure AD Password Protection prevents users from selecting weak or compromised passwords.
19.
You want to create a Microsoft 365 compliance policy that applies only to users in the finance department. What attribute should you use to target users?
A) Department attribute in Azure AD
B) User principal name
C) Job title
D) Email address
Answer: A) Department attribute in Azure AD
Explanation: Using Azure AD attributes like Department allows targeted policies for specific user groups.
20.
Which license type is required for Microsoft 365 E5 Security features?
A) Microsoft 365 E3
B) Microsoft 365 E5
C) Microsoft 365 Business Basic
D) Office 365 F3
Answer: B) Microsoft 365 E5
Explanation: E5 licenses include advanced security and compliance features not available in E3 or lower.
21.
How do you enforce data encryption for emails sent to external users?
A) Enable Microsoft Information Protection encryption policies
B) Disable external sharing
C) Configure Transport Rules for encryption in Exchange Online
D) Block external emails
Answer: C) Configure Transport Rules for encryption in Exchange Online
Explanation: Transport rules can be set to automatically encrypt outbound emails based on conditions like recipient domain.
22.
Which Microsoft 365 service supports automatic device enrollment for mobile devices?
A) Microsoft Defender for Endpoint
B) Microsoft Endpoint Manager (Intune)
C) Azure AD Connect
D) Microsoft Teams
Answer: B) Microsoft Endpoint Manager (Intune)
Explanation: Intune supports automatic enrollment and management of mobile devices for compliance and security.
23.
Which feature allows you to monitor and control third-party app access to Microsoft 365 data?
A) Azure AD App Proxy
B) Azure AD Conditional Access
C) Microsoft Cloud App Security (MCAS)
D) Microsoft Endpoint Manager
Answer: C) Microsoft Cloud App Security (MCAS)
Explanation: MCAS provides visibility and control over cloud app usage, including third-party integrations.
24.
You want to limit Teams meetings to only users within your organization. What setting should you configure?
A) Teams meeting policies to disable external participants
B) Microsoft Defender for Office 365
C) Azure AD Conditional Access
D) Exchange Online Transport Rules
Answer: A) Teams meeting policies to disable external participants
Explanation: Teams meeting policies can restrict meetings so only internal users can join.
25.
Which PowerShell cmdlet is used to assign a license to a Microsoft 365 user?
A) Set-MsolUser
B) Set-MsolUserLicense
C) New-MsolUser
D) Add-MsolGroupMember
Answer: B) Set-MsolUserLicense
Explanation: Set-MsolUserLicense assigns or modifies licenses for users in Microsoft 365 via PowerShell.
26.
Which Microsoft 365 compliance tool can create audit logs and reports on user activities?
A) Microsoft Endpoint Manager
B) Microsoft Purview Audit (formerly Office 365 Audit Log)
C) Microsoft Defender for Identity
D) Azure AD Connect
Answer: B) Microsoft Purview Audit
Explanation: Purview Audit logs track user and admin activities for compliance and investigation.
27.
Which Microsoft 365 feature protects data at rest within Exchange Online mailboxes?
A) BitLocker encryption
B) Microsoft Information Protection (MIP)
C) Data Loss Prevention (DLP)
D) Transport Layer Security (TLS)
Answer: B) Microsoft Information Protection (MIP)
Explanation: MIP classifies and encrypts data stored in Exchange Online to ensure data protection at rest.
28.
Which Microsoft 365 tool allows admins to recover deleted Teams and Channels?
A) Microsoft Endpoint Manager
B) Microsoft Teams Admin Center
C) Microsoft Purview Compliance Portal
D) Azure AD Connect
Answer: B) Microsoft Teams Admin Center
Explanation: The Teams Admin Center provides recovery options for deleted teams and channels within retention periods.
29.
You want to enable self-service password reset for all users. What is the minimum license requirement?
A) Azure AD Free
B) Azure AD Premium P1
C) Microsoft 365 Business Basic
D) Microsoft 365 E3
Answer: B) Azure AD Premium P1
Explanation: Self-service password reset with write-back requires Azure AD Premium P1 licensing.
30.
Which Microsoft 365 feature helps to prevent data leakage via email by detecting sensitive information?
A) Exchange Online Protection (EOP)
B) Data Loss Prevention (DLP)
C) Azure AD Conditional Access
D) Microsoft Teams policies
Answer: B) Data Loss Prevention (DLP)
Explanation: DLP policies scan emails for sensitive information types and enforce protection actions like blocking or encrypting.
31.
Which role allows a user to manage compliance features such as retention policies and data classification?
A) Compliance Administrator
B) Global Reader
C) Security Administrator
D) Exchange Administrator
Answer: A) Compliance Administrator
Explanation: The Compliance Administrator role provides permissions to manage Microsoft Purview compliance features like retention and data classification.
32.
What does Azure AD Connect Health primarily monitor?
A) On-premises AD synchronization health
B) Microsoft Endpoint Manager compliance reports
C) Exchange Online spam filters
D) Teams usage analytics
Answer: A) On-premises AD synchronization health
Explanation: Azure AD Connect Health monitors synchronization between on-premises AD and Azure AD for issues and performance.
33.
How can you enforce encryption for Microsoft Teams chat messages?
A) Enable end-to-end encryption (E2EE) for 1:1 calls and chats
B) Use Microsoft Information Protection policies
C) Use Exchange Transport Rules
D) Configure Azure AD Conditional Access
Answer: A) Enable end-to-end encryption (E2EE) for 1:1 calls and chats
Explanation: E2EE is available in Teams for 1:1 calls and chats, providing additional encryption beyond Microsoft’s standard service encryption.
34.
Which Microsoft 365 component enables automatic device compliance assessment before granting access?
A) Azure AD Conditional Access with Intune compliance policies
B) Exchange Online Protection
C) Microsoft Defender Antivirus
D) Microsoft Power Platform
Answer: A) Azure AD Conditional Access with Intune compliance policies
Explanation: Conditional Access evaluates device compliance (managed by Intune) before allowing access to resources.
35.
What is the function of the Microsoft 365 Secure Score?
A) It measures your organization’s security posture and provides improvement recommendations
B) It scores end-user productivity
C) It ranks Azure AD user logins
D) It analyzes Exchange mail flow
Answer: A) It measures your organization’s security posture and provides improvement recommendations
Explanation: Secure Score helps organizations assess security and suggests actionable improvements.
36.
Which of the following is NOT a valid user identity type supported by Azure AD?
A) Cloud-only user
B) Federated user
C) Guest user
D) External user with on-premises domain
Answer: D) External user with on-premises domain
Explanation: External users are typically invited as guests; on-premises domain users require synchronization or federation.
37.
You want to audit mailbox access by delegated users in Exchange Online. Which feature must be enabled?
A) Mailbox audit logging
B) Azure AD Conditional Access
C) Microsoft Defender for Office 365
D) Microsoft Endpoint Manager
Answer: A) Mailbox audit logging
Explanation: Mailbox audit logging tracks actions performed by delegates or administrators on mailboxes.
38.
Which PowerShell cmdlet is used to enable mailbox audit logging?
A) Set-Mailbox -AuditEnabled $true
B) Enable-MailboxAudit
C) Start-MailboxAudit
D) Set-MailboxAuditLogging
Answer: A) Set-Mailbox -AuditEnabled $true
Explanation: This cmdlet enables audit logging for a specified mailbox.
39.
Which tool helps analyze email delivery issues in Microsoft 365?
A) Message Trace in Security & Compliance Center
B) Microsoft Defender for Endpoint
C) Azure AD Connect
D) Microsoft Endpoint Manager
Answer: A) Message Trace in Security & Compliance Center
Explanation: Message Trace allows admins to track email message delivery and troubleshoot issues.
40.
Which compliance feature allows you to place mailboxes on litigation hold?
A) Retention policies
B) Litigation hold
C) DLP policies
D) Sensitivity labels
Answer: B) Litigation hold
Explanation: Litigation hold preserves mailbox content for legal investigations.
41.
Which of the following authentication protocols is NOT supported by Azure AD?
A) SAML
B) OAuth 2.0
C) Kerberos
D) OpenID Connect
Answer: C) Kerberos
Explanation: Kerberos is used primarily in on-premises AD environments and not supported directly by Azure AD for authentication.
42.
What is the primary benefit of using Microsoft Endpoint Manager in Microsoft 365?
A) Managing devices and applications to enforce security compliance
B) Monitoring email traffic
C) Managing Microsoft Teams licenses
D) Creating retention policies
Answer: A) Managing devices and applications to enforce security compliance
Explanation: Endpoint Manager combines Intune and Configuration Manager to manage devices and enforce policies.
43.
Which Microsoft 365 service is primarily responsible for managing records and retention labels?
A) Microsoft Purview Records Management
B) Microsoft Endpoint Manager
C) Azure AD Connect
D) Exchange Online Protection
Answer: A) Microsoft Purview Records Management
Explanation: Records Management in Purview helps organizations manage records lifecycle and compliance.
44.
You want to allow external users to collaborate in SharePoint Online but restrict file downloads. Which feature should you use?
A) Information Rights Management (IRM)
B) Azure AD Conditional Access
C) Exchange Online Protection
D) Microsoft Defender for Endpoint
Answer: A) Information Rights Management (IRM)
Explanation: IRM restricts actions such as printing or downloading documents, even for external users.
45.
Which of the following Azure AD roles is required to reset passwords for all users in the tenant?
A) Password Administrator
B) User Administrator
C) Global Administrator
D) Security Reader
Answer: A) Password Administrator
Explanation: Password Administrator can reset passwords for non-admin users and some admin users.
46.
In Microsoft 365, what feature allows organizations to tag and classify emails and documents with sensitivity labels?
A) Microsoft Information Protection (MIP)
B) Exchange Online Protection
C) Microsoft Endpoint Manager
D) Azure AD Connect
Answer: A) Microsoft Information Protection (MIP)
Explanation: MIP allows classification and protection of content using sensitivity labels.
47.
Which Microsoft 365 feature enables you to block sign-ins from risky locations or devices?
A) Azure AD Conditional Access with location-based policies
B) Microsoft Endpoint Manager compliance policies
C) Exchange Online Protection
D) Microsoft Defender for Endpoint
Answer: A) Azure AD Conditional Access with location-based policies
Explanation: Conditional Access can restrict access based on sign-in location or device state.
48.
What is the maximum number of Microsoft 365 groups a user can own?
A) 250
B) 100
C) 500
D) Unlimited
Answer: A) 250
Explanation: By default, a user can own up to 250 Microsoft 365 groups.
49.
Which PowerShell module replaces the MSOnline module for managing Azure AD?
A) AzureAD
B) AzureADPreview
C) Microsoft.Graph
D) ExchangeOnlineManagement
Answer: C) Microsoft.Graph
Explanation: Microsoft.Graph PowerShell module is the modern replacement for MSOnline and AzureAD modules.
50.
Which Microsoft 365 compliance feature enables preservation of data across multiple workloads in response to a legal investigation?
A) eDiscovery (Core and Premium)
B) DLP policies
C) Sensitivity labels
D) Microsoft Defender for Office 365
Answer: A) eDiscovery (Core and Premium)
Explanation: eDiscovery tools allow legal holds and content search across multiple Microsoft 365 workloads.
51.
Which Microsoft 365 role should be assigned to manage Exchange Online but not other services?
A) Exchange Administrator
B) Global Administrator
C) Security Administrator
D) SharePoint Administrator
Answer: A) Exchange Administrator
Explanation: Exchange Administrator can manage Exchange Online without broader tenant-wide admin rights.
52.
What is the recommended way to provide guest users access to Microsoft Teams?
A) Invite guest users via Azure AD B2B collaboration
B) Create separate user accounts for guests in Azure AD
C) Use external mail forwarding
D) Use shared mailboxes
Answer: A) Invite guest users via Azure AD B2B collaboration
Explanation: Azure AD B2B allows secure guest access with external identities.
53.
Which Microsoft 365 feature can prevent users from forwarding confidential emails?
A) Sensitivity labels with protection
B) Data Loss Prevention (DLP) policies
C) Azure AD Conditional Access
D) Microsoft Defender for Office 365
Answer: A) Sensitivity labels with protection
Explanation: Sensitivity labels can enforce encryption and restrict actions such as forwarding.
54.
Which Microsoft 365 service provides security analytics and threat intelligence for your tenant?
A) Microsoft Defender for Office 365
B) Microsoft 365 Defender portal
C) Azure AD Identity Protection
D) Exchange Online Protection
Answer: B) Microsoft 365 Defender portal
Explanation: The Defender portal aggregates signals from various Defender products to provide unified threat intelligence.
55.
You need to audit sign-in activities across your Microsoft 365 tenant. Which feature should you use?
A) Azure AD Sign-in Logs
B) Exchange Online Transport Rules
C) Microsoft Endpoint Manager compliance reports
D) Microsoft Teams Admin Center
Answer: A) Azure AD Sign-in Logs
Explanation: Azure AD sign-in logs provide detailed information about user authentication activities.
