1. Home
  2. Microsoft
  3. MS-101

Microsoft 365 Mobility and Security

Exam Details

  • Exam Code
    :MS-101
  • Exam Name
    :Microsoft 365 Mobility and Security
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :525 Q&As
  • Last Updated
    :Apr 11, 2025

Microsoft Microsoft Certifications MS-101 Questions & Answers

  • Question 301:

    A user receives the following message when attempting to sign in to https://myapps.microsoft.com:

    "Your sign-in was blocked. We've detected something unusual about this sign-in. For example, you might be signing in from a new location, device, or app. Before you can continue, we need to verify your identity. Please contact your admin." Which configuration prevents the users from signing in?

    A. Microsoft Azure Active Directory (Azure AD) Identity Protection policies

    B. Microsoft Azure Active Directory (Azure AD) conditional access policies

    C. Security and Compliance supervision policies

    D. Security and Compliance data loss prevention (DLP) policies

  • Question 302:

    You have a Microsoft 365 tenant.

    You have a line-of-business application named App1 that users access by using the My Apps portal.

    After some recent security breaches, you implement a conditional access policy for App1 that uses Conditional Access App Control.

    You need to be alerted by email if impossible travel is detected for a user of App1. The solution must ensure that alerts are generated for App1 only.

    What should you do?

    A. From Microsoft Cloud App Security, create a Cloud Discovery anomaly detection policy.

    B. From Microsoft Cloud App Security, modify the impossible travel alert policy.

    C. From Microsoft Cloud App Security, create an app discovery policy.

    D. From the Azure Active Directory admin center, modify the conditional access policy.

  • Question 303:

    Your company has a Microsoft 365 E5 subscription.

    Users in the research department work with sensitive data.

    You need to prevent the research department users from accessing potentially unsafe websites by using hyperlinks embedded in email messages and documents. Users in other departments must not be restricted.

    What should you do from the Security and Compliance admin center?

    A. Create a data loss prevention (DLP) policy that has a Content is shared condition.

    B. Modify the default safe links policy.

    C. Create a data loss prevention (DLP) policy that has a Content contains condition.

    D. Create a new safe links policy.

  • Question 304:

    From the Microsoft Azure Active Directory (Azure AD) Identity Protection dashboard, you view the risk events shown in the exhibit. (Click the Exhibit tab.)

    You need to reduce the likelihood that the sign-ins are identified at risky. What should you do?

    A. From the Security and Compliance admin center, create a classification label.

    B. From the Security and Compliance admin center, add the users to the Security Readers role group.

    C. From the Azure Active Directory admin center, configure the trusted IPs for multi-factor authentication.

    D. From the Conditional access blade in the Azure Active Directory admin center, create named locations.

  • Question 305:

    Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

    others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).

    You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).

    You configure pilot co-management.

    You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.

    You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.

    Solution: You add Device1 to a Configuration Manager device collection.

    Does this meet the goal?

    A. Yes

    B. No

  • Question 306:

    Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

    others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You are deploying Microsoft Intune.

    You successfully enroll Windows 10 devices in Intune.

    When you try to enroll an iOS device in Intune, you get an error.

    You need to ensure that you can enroll the iOS device in Intune.

    Solution: You create the Mobility (MDM and MAM) settings.

    Does this meet the goal?

    A. Yes

    B. No

  • Question 307:

    You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.

    You need to provide a user with the ability to sign up for Microsoft Store for Business for contoso.com. The solution must use the principle of least privilege.

    Which role should you assign to the user?

    A. Cloud application administrator

    B. Application administrator

    C. Global administrator

    D. Service administrator

  • Question 308:

    You have computers that run Windows 10 Enterprise and are joined to the domain.

    You plan to delay the installation of new Windows builds so that the IT department can test application compatibility.

    You need to prevent Windows from being updated for the next 30 days.

    Which two Group Policy settings should you configure? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    A. Select when Quality Updates are received

    B. Select when Preview Builds and Feature Updates are received

    C. Turn off auto-restart for updates during active hours

    D. Manage preview builds

    E. Automatic updates detection frequency

  • Question 309:

    You configure a conditional access policy. The locations settings are configured as shown in the Locations exhibit. (Click the Locations tab.)

    The users and groups settings are configured as shown in the Users and Groups exhibit. (Click Users and Groups tab.)

    Members of the Security reader group report that they cannot sign in to Microsoft Active Directory (Azure AD) on their device while they are in the office.

    You need to ensure that the members of the Security reader group can sign in in to Azure AD on their device while they are in the office. The solution must use the principle of least privilege.

    What should you do?

    A. From the conditional access policy, configure the device state.

    B. From the Azure Active Directory admin center, create a custom control.

    C. From the Intune admin center, create a device compliance policy.

    D. From the Azure Active Directory admin center, create a named location.

  • Question 310:

    You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.

    You have a Microsoft 365 subscription.

    You need to ensure that users can manage the configuration settings for all the Windows 10 devices in your organization.

    What should you configure?

    A. the Enrollment restrictions

    B. the mobile device management (MDM) authority

    C. the Exchange on-premises access settings

    D. the Windows enrollment settings

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your MS-101 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.