MS-500 Exam Questions

You have several Conditional Access policies that block noncompliant devices from connecting to services. You need to identity which devices are blocked by which policies. What should you use?

You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection. Solution: You modify the Azure AD app and attribute filtering settings. Does that meet the goal?

You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection. Solution: You modify the Password Hash Synchronization settings. Does that meet the goal?

You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings: Source Anchor: objectGUID, Password Hash Synchronization: Disabled, Password writeback: Disabled, Directory extension attribute sync: Disabled, Azure AD app and attribute filtering: Disabled, Exchange hybrid deployment: Disabled, User writeback: Disabled. You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection. Solution: You modify the Source Anchor settings. Does that meet the goal?

You have a Microsoft 365 subscription that uses a default domain name of contoso.com. The multi-factor authentication (MFA) service settings are configured as shown in the exhibit. In contoso.com, you create the users shown in the following table. What is the effect of the configuration? To answer, select the appropriate options in the answer area.

You have a hybrid Microsoft 365 environment. All computers run Windows 10 and are managed by using Microsoft Intune. You need to create a Microsoft Azure Active Directory (Azure AD) conditional access policy that will allow only Windows 10 computers marked as compliant to establish a VPN connection to the on-premises network. What should you do first?

You have a Microsoft 365 subscription. From the Microsoft 365 admin center, you create a new user. You plan to assign the Reports reader role to the user. You need to view the permissions of the Reports reader role. Which admin center should you use?