5.3. Mixed Practice Questions

1. An admin wants to prevent users from sharing files containing credit card numbers via Teams chat. Where is this policy configured, and what tool is used?

Answer: Microsoft Purview — Data Loss Prevention (DLP) policy, with Teams chat as a monitored location.

2. A user reports they are prompted for MFA even when working on a compliant corporate device at the office. The Conditional Access policy is supposed to exempt trusted locations. What is the most likely cause?

Answer: The corporate office IP range has not been added as a named location in Entra ID, or the named location is not properly referenced in the CA policy's exclusion conditions.

3. Which Microsoft 365 admin role should be assigned to an IT admin who only needs to manage Teams meeting policies and nothing else?

Answer: Teams Administrator (scoped to Teams settings only — least privilege principle).

4. Copilot surfaced a confidential salary spreadsheet to a non-HR user. The file is stored in SharePoint. What is the root cause, and what are two remediation actions?

Answer: Root cause: the user had permissions to access the SharePoint library containing the file (oversharing). Remediation: (1) Remove the user's access to the library or apply restricted site access via SharePoint Advanced Management. (2) Apply a sensitivity label with encryption to the file so only authorized users can open it even if they can technically access the SharePoint location.

5. What is the difference between an app registration and an enterprise app in Microsoft Entra ID?

Answer: An app registration is the definition of an application (client ID, permissions needed, secrets). An enterprise app (service principal) is the in-tenant instance of that app that gets assigned to users and configured for SSO. One app can have one registration but enterprise app instances across multiple tenants.

6. An organization needs to ensure all emails sent by the CFO over the past two years are preserved while an audit is ongoing, without the CFO knowing. Which Purview feature is used, and what happens if the CFO deletes an email after the hold is placed?

Answer: eDiscovery legal hold on the CFO's mailbox. If the CFO deletes an email after the hold is placed, M365 preserves it in the hidden Recoverable Items folder — the CFO sees the deletion as normal, but compliance teams can still find and export the email.

7. A company wants to ensure their M365 configuration aligns with HIPAA requirements. Which tool provides a score and improvement recommendations, and what does a high score guarantee?

Answer: Compliance Manager. A high Compliance Manager score indicates alignment with HIPAA technical controls in M365 — it does not certify legal HIPAA compliance, which also requires organizational policies, physical controls, and business associate agreements.

8. What is the role of the Power Platform admin center in agent administration?

Answer: The Power Platform admin center governs agent runtime, usage analytics, connector configuration, and agent lifecycle for agents built in Copilot Studio. The M365 admin center controls Copilot-side settings (which agents appear in Copilot Chat and who can access them).