Microsoft MS-203 Exam Dumps & Practice Test Questions
You are managing a Microsoft Exchange Server 2019 environment with 200 mailboxes. You want to assign a second email address to each user in a custom format: the first letter of the user's last name, followed by their first name, and ending in @fabrikam.com. To do this, you convert all mailboxes into shared mailboxes and execute the Set-Mailbox cmdlet using the -EmailAddressPolicyEnabled $false parameter.
Does this approach fulfill the requirement?
A. Yes
B. No
Correct Answer: B
Explanation:
This question evaluates whether converting user mailboxes to shared mailboxes and disabling the automatic email address policy with Set-Mailbox is sufficient to assign custom-formatted secondary email addresses.
Let’s first examine what the goal entails:
You want each user to have a second email alias with a specific structure:
First letter of last name + full first name + @fabrikam.com.
Example: If the user's name is John Smith, the address should be sJohn@fabrikam.com.
Let’s analyze the provided solution:
Converting mailboxes to shared mailboxes:
This is not required for the task.
Shared mailboxes are typically used when multiple users need to access the same mailbox (e.g., info@company.com).
Converting user mailboxes into shared ones removes the need for licensing but also removes the ability to sign in directly—which is likely not the intention here.
Therefore, this step is inappropriate and potentially disruptive.
Disabling Email Address Policy with -EmailAddressPolicyEnabled $false:
This does make sense if you intend to manually assign a custom email address that doesn’t match the default email policy.
It stops Exchange from overwriting custom email addresses with those defined by automatic address policies.
However, these actions alone do not accomplish the goal:
They don't add the second email address.
There is no script, logic, or mechanism in the proposed solution that actually constructs and assigns the email in the required format.
To meet the requirement, you'd typically:
Use PowerShell to loop through all mailboxes.
Construct the new email address format using string manipulation (e.g., taking the first character of the surname and combining it with the given name).
Append the new SMTP address to each mailbox using Set-Mailbox -EmailAddresses.
Since the proposed solution lacks these essential steps, it is incomplete and incorrect.
In your Exchange Server 2019 organization, which includes 200 mailboxes, you want to assign each user a second email address using the pattern: first letter of their last name, followed by their first name, and ending in @fabrikam.com. You create an email address policy using the %1s%g@fabrikam.com format.
Will this configuration achieve the desired result?
A. Yes
B. No
Correct Answer: B
Explanation:
This question asks whether it’s possible to create a custom email address format using Exchange email address policies, specifically using %1s%g@fabrikam.com to build addresses like sJohn@fabrikam.com.
To evaluate this, let’s start with what the variables mean in Exchange:
%g = Given name (first name)
%s = Surname (last name)
The %1s in the format implies “first letter of surname.” So combining %1s%g appears to build:
First letter of last name + full first name — exactly what you need.
However, here’s the critical detail:
Exchange email address policies do not support partial string selectors like %1s or %1g.
The only valid format strings according to Microsoft documentation are:
%s (surname)
%g (given name)
%m (alias)
%r (display name)
%i (initials)
%d (domain name)
Therefore, even though %1s%g@fabrikam.com looks correct logically, it is not a supported syntax. Exchange Server will throw an error or ignore the %1s part when processing the email address policy.
The only way to implement this custom format would be through PowerShell scripting, where you:
Retrieve all users and parse their names.
Extract the first letter of the last name.
Concatenate it with the first name.
Use Set-Mailbox or Set-EmailAddress to manually assign the address.
Email address policies are powerful but not flexible enough for this type of substring manipulation.
Hence, this solution does not achieve the goal, and the answer is B.
You’re managing an Exchange Server 2019 environment with 200 user mailboxes. You need to add a secondary email address for each user in the format: first letter of the last name + first name + @fabrikam.com.
Does this approach achieve the intended result?
A. Yes
B. No
Correct Answer: B
The requirement is to add a second, custom-formatted email address to existing mailboxes. Specifically, the format should be:
first letter of the last name + first name + @fabrikam.com
(e.g., John Smith → sjohn@fabrikam.com).
Let’s examine why the proposed solution does not meet the goal.
This is not only irrelevant but could also introduce problems:
Shared mailboxes are used for departmental accounts (e.g., HR@company.com).
They typically do not require licenses but have limitations such as disabled sign-in and reduced capacity for personal use.
You don’t need to convert user mailboxes to shared just to add email addresses.
So this step is unnecessary and unrelated to the objective.
This parameter enables the automatic application of email address policies defined in Exchange. These policies typically generate email addresses based on simple variables like %m (alias), %g.%s (given name + surname), etc.
However:
Exchange address policies cannot generate complex patterns like “first letter of last name + first name”.
Enabling the email address policy will override custom addresses if the policy is reapplied later.
It also does not provide a mechanism to create the custom alias format needed.
In fact, if you want to manually set a custom secondary address, you should:
Set EmailAddressPolicyEnabled to $false (to avoid overwriting).
Use a PowerShell script to iterate through all users, parse their names, and apply:
Leave the mailboxes as user mailboxes (do not convert them).
Disable automatic policy with -EmailAddressPolicyEnabled $false to preserve custom entries.
Write a PowerShell script to:
Extract each user’s first name and last name.
Generate the new address in the required format.
Append the address using Set-Mailbox.
Neither converting to shared mailboxes nor enabling automatic email policies supports the custom email format requirement. Therefore, this method fails to meet the goal.
Your Microsoft 365 users report that they suddenly cannot access email from their mobile devices, despite having no issues the day before.
You need to identify which mobile device access rule is currently applied to the devices.Which PowerShell cmdlet should you use?
A. Get-ActiveSyncDeviceClass
B. Get-ActiveSyncOrganizationSettings
C. Get-MobileDevice
D. Get-MobileDeviceMailboxPolicy
Correct Answer: A
The question is focused on troubleshooting mobile device access issues related to ActiveSync rules in Exchange Online (part of Microsoft 365). The users’ inability to connect implies a device access policy might be blocking or quarantining devices.
Let’s evaluate each cmdlet.
Correct choice
This cmdlet shows all device types that have connected via Exchange ActiveSync and displays the AccessState (Allowed, Blocked, or Quarantined) for each class.
It provides a mapping of device type → access rule status.
This helps you directly determine which rule is being applied to the devices.
Especially useful when many users report a common access problem — likely caused by a policy at the device class level.
Whether device quarantine is enabled by default.
Whether automatic access is granted to unknown devices.
It does not show per-device or per-device-class status, so it can’t pinpoint which rule is affecting access.
This cmdlet shows device connection information per user:
Device ID, last sync time, OS, and status.
While this gives individual device diagnostics, it doesn’t identify policy rules being applied. It may help confirm whether the device was blocked but not why.
Shows policy configurations like password requirements, encryption, and sync settings.
This cmdlet does not reflect device access states or rules. It defines device behavior policies, not access permissions or restrictions.
To determine which rule is applied to a mobile device class — the exact cause of the issue — you must use Get-ActiveSyncDeviceClass.
You want to ensure that users can only access their Exchange Online mailboxes from Android devices using the Microsoft Outlook app. What configuration should you implement to enforce this restriction?
A. Create a Conditional Access policy in Azure AD
B. Configure a Data Loss Prevention (DLP) policy
C. Set an App Protection Policy in Microsoft Endpoint Manager
D. Apply a connection filter policy in Exchange Online Protection
Correct Answer: A
Explanation:
To restrict how users access Microsoft 365 mailboxes—specifically allowing access only through Outlook on Android devices—you need to control both the device platform and the client application used. Microsoft provides a powerful mechanism to do this through Conditional Access policies in Azure Active Directory (Azure AD).
A Conditional Access (CA) policy enables administrators to define specific conditions under which access to resources like Exchange Online is permitted. These conditions can include:
Device type (e.g., Android, iOS, Windows)
Client app (e.g., Outlook, browser, IMAP)
Location
User/group membership
Sign-in risk level
In this scenario, the goal is to:
Allow access from Android devices only through Microsoft Outlook.
Prevent other mail apps like Samsung Mail, Gmail, or IMAP clients from connecting to Exchange Online.
Conditional Access provides a policy framework to do exactly this. By defining the platform condition as Android and the client app condition as "Approved apps" (which includes Outlook), you can block all other email clients.
Let’s evaluate the other choices:
B. DLP Policy
A Data Loss Prevention policy is used to monitor or restrict the sharing of sensitive information, such as credit card numbers or personal data. It does not control device or app-based access, and therefore is irrelevant to the scenario.
C. App Protection Policy
App Protection Policies (APPs) provide controls like encryption, PIN requirements, and blocking screen capture for managed apps such as Outlook. However, APPs do not enforce access restrictions. You’d still need CA policies to block non-Outlook apps.
D. Connection Filter Policy
This applies to inbound email filtering (e.g., blocking emails from specific IPs) and has no effect on mailbox access via mobile apps.Only Azure AD Conditional Access provides the granularity to enforce app-specific access rules across platforms. In this case, it ensures that Android users access mail only via Microsoft Outlook.
In a hybrid Exchange environment using Exchange Online and on-prem Exchange Server 2019, a user named Ben Smith cannot connect to his mailbox from a new computer. Other users connect without issue, and Autodiscover is working correctly for them.
What should you check to resolve Ben’s connection issue?
A. Update the primary SMTP address of Ben Smith’s mailbox
B. Correct the RemoteRoutingAddress for Ben Smith’s mailbox
C. Change Ben’s email address to use the lastname.firstname@contoso.com format
D. Assign an @contoso.onmicrosoft.com alias to Ben Smith’s mailbox
Correct Answer: B
Explanation:
This scenario involves a hybrid Exchange deployment where some users are hosted on Exchange Online, and others may still be on-premises. Autodiscover and mailbox connectivity depend heavily on accurate configurations, especially for cloud-hosted users.
The key symptom here is that:
Other users connect successfully.
Autodiscover is functioning.
The issue is isolated to Ben Smith.
The problem appears on a new computer, suggesting a configuration issue rather than a client-specific bug.
In hybrid scenarios, users whose mailboxes are hosted in Exchange Online must have a valid RemoteRoutingAddress (also referred to as a target address). This address tells the on-prem Exchange server how to correctly route requests to the cloud mailbox.
If this address is incorrect or missing for Ben Smith, then:
Autodiscover might return incorrect data.
The on-prem Exchange server will not know to redirect the connection to Exchange Online.
As a result, Outlook fails to connect.
To fix this, the admin should ensure that the RemoteRoutingAddress for Ben Smith is something like:
This directs traffic to his actual cloud mailbox hosted in Microsoft 365. You can check and fix this using PowerShell:
Let’s review the incorrect options:
A. Modify the primary SMTP address
The primary SMTP address determines the user's main email alias, not how Autodiscover or routing works. This would not resolve the underlying connection issue.
C. Change email syntax
Adjusting the email to a new format doesn’t help. The problem lies in routing, not in naming conventions.
D. Assign an @contoso.onmicrosoft.com address
This address is typically used as a secondary alias but does not directly affect mailbox routing or Autodiscover. It's not the solution to a failed connection scenario.
In hybrid Exchange deployments, the RemoteRoutingAddress ensures proper redirection to cloud mailboxes. Fixing this for Ben Smith resolves the connectivity issue.
You manage a Microsoft Exchange Online tenant that includes 1,000 user mailboxes and 10 mail-enabled users with email addresses in domains such as fabrikam.com and contoso.com.
You plan to convert these mail-enabled users into fully functional mailboxes. What action must you take first?
A. Remove the remote domains fabrikam.com and contoso.com
B. Assign a Microsoft 365 license to each user
C. Add the users to an Office 365 group
D. Change the email forwarding settings for each user
Correct Answer: B
When working with Microsoft Exchange Online, a mail-enabled user is an account that appears in the Global Address List (GAL) but does not have a mailbox in your Microsoft 365 tenant. Instead, email sent to that user is forwarded to an external address. This is commonly used in hybrid or staged deployments, where some users still operate outside of the Microsoft 365 environment.
To convert these mail-enabled users into fully functional Exchange Online mailboxes, the first and most essential step is to assign each user a Microsoft 365 license that includes Exchange Online. Once a valid license is assigned, Exchange Online automatically provisions a mailbox for the user, transforming them into a standard mailbox user.
Here’s why this step must come first:
Without a license, Exchange Online has no authorization to create a mailbox for the user.
Assigning the license triggers the mailbox creation process automatically.
It transforms the user object from a mail-enabled user to a mailbox-enabled user.
Now let’s evaluate why the other options are incorrect or premature:
A. Remove the remote domains fabrikam.com and contoso.com: These domains may still be in use as accepted domains in your tenant. Removing them could break mail flow and is unrelated to converting mail-enabled users. This step is neither required nor helpful in this context.
C. Add the users to an Office 365 group: While Office 365 groups can facilitate collaboration, adding a user to such a group does not provision a mailbox. Office 365 groups are not designed to convert user types or manage licensing.
D. Change the email forwarding settings for each user: Forwarding may have been configured to external addresses when they were initially set up as mail-enabled users. However, changing forwarding settings is not a prerequisite to converting the user into a mailbox user. This might be necessary after mailbox creation, not before.
In conclusion, the first and most critical step in converting mail-enabled users to mailbox users is to assign them Microsoft 365 licenses that include Exchange Online services. Only after this step can you take further actions like managing mailbox settings or removing old forwarding configurations.
During the migration of on-premises Exchange mailboxes to Microsoft 365, which two tasks are most commonly carried out as part of a standard migration process? (Choose two.)
A. Set up hybrid coexistence to enable seamless transition
B. Create a new Microsoft 365 tenant for each individual user
C. Configure TLS encryption for email traffic
D. Use Microsoft migration tools such as the Exchange Migration Wizard
E. Migrate shared mailboxes before user mailboxes to reduce downtime
Correct Answers: A and D
Migrating mailboxes from an on-premises Exchange server to Microsoft 365 (Exchange Online) is a common project for many organizations. A successful migration typically involves a structured and phased approach to minimize downtime, maintain service continuity, and ensure that users retain access to critical data such as email, calendars, and contacts. Among the many tasks that can be performed during such a migration, two are especially critical and commonly undertaken:
A. Setting up hybrid coexistence: This is a foundational step in a hybrid migration scenario, where some mailboxes remain on-premises while others move to the cloud. Configuring hybrid coexistence using the Hybrid Configuration Wizard (HCW) allows for features like free/busy calendar sharing, seamless mail routing, and shared address lists between the on-premises and cloud environments. This makes the transition transparent to users, as they can continue to work as usual without noticing any interruptions. It also enables administrators to move mailboxes in stages, rather than all at once, which is critical for larger organizations.
D. Using Microsoft Exchange Online migration tools: Another core step involves migrating the actual mailbox data using tools such as the Exchange Admin Center (EAC) or PowerShell cmdlets. Microsoft provides different migration methods (Cutover, Staged, IMAP, and Hybrid), each supported by official tools to automate and streamline the migration process. These tools help ensure data integrity and minimize the risk of errors during transfer.
Now, why the other options are incorrect:
B. Creating a Microsoft 365 tenant for each user: This is incorrect and impractical. A single Microsoft 365 tenant is designed to support thousands of users. Creating separate tenants would lead to administrative chaos, licensing complications, and technical challenges in managing cross-tenant data access.
C. Configuring TLS encryption: While TLS is important for securing email traffic, it is not typically considered a core mailbox migration task. It is part of general email security posture and applies regardless of whether a migration is occurring.
E. Migrating shared mailboxes first: Shared mailboxes are usually moved after user mailboxes, especially since they don’t require a license and are not tied to individual user productivity. There's no strategic benefit to migrating them first in most cases.
In summary, the two most common and essential steps during a Microsoft 365 mailbox migration are: setting up hybrid coexistence (A) and using migration tools (D) to transition mailbox data smoothly.
Your company uses Microsoft Exchange Online. A user reports that emails from a business partner are being delivered to the Junk Email folder.
You want to ensure that emails from this sender are always delivered to the Inbox. What should you do?
A. Add the sender’s domain to the spam filter policy's allow list
B. Create a new mail flow rule to bypass spam filtering for the sender’s address
C. Add the sender’s email to the user's Safe Senders list via Outlook
D. Configure an Exchange Transport Rule to deliver the email directly to the Inbox
Correct Answer: A
Explanation:
Microsoft Exchange Online includes built-in anti-spam protection through Exchange Online Protection (EOP). In this scenario, a user is experiencing false positives where legitimate emails are being routed to the Junk Email folder. The goal is to safely and effectively whitelist the sender across the tenant so that their emails bypass spam filtering in the future.
The most appropriate action is to add the sender’s domain to the spam filter policy's allow list (also called the “allowed sender list” or “domain allow list”). This is done within the Microsoft 365 Defender portal under Threat policies > Anti-spam policies. When you configure an allow list at the policy level, Exchange Online will trust emails from that sender or domain, preventing them from being marked as spam.
Let’s review the other options:
B: Creating a mail flow rule (also called a transport rule) to bypass spam filtering is possible, but it's not the best approach for individual or domain-level exclusions. This method is generally used for complex scenarios requiring multiple conditions.
C: Adding the sender to the user’s Safe Senders list only works at the client (Outlook) level and affects only that user. It does not prevent EOP from filtering the message before it reaches the mailbox.
D: Configuring a transport rule to route mail to the Inbox can cause unexpected behavior and should be avoided for simple spam filtering needs.
In conclusion, for managing false positives at the tenant level, Option A is the most secure, scalable, and recommended solution.
You are configuring a hybrid Exchange deployment using Exchange 2019 and Exchange Online. You want to ensure that mail flow between your on-premises environment and Exchange Online is secure.
Which feature should you configure?
A. Hybrid Configuration Wizard
B. Mail Flow Connectors with enforced TLS
C. Exchange Edge Transport server
D. Azure Information Protection
Correct Answer: B
Explanation:
One of the essential requirements of a hybrid Exchange deployment is to secure mail flow between on-premises Exchange and Exchange Online. This ensures compliance, data protection, and end-to-end message encryption.
While the Hybrid Configuration Wizard (HCW) simplifies the process by automatically configuring the required connectors, it is ultimately the Mail Flow Connectors with enforced TLS that enable secure, encrypted communication between the environments. Therefore, Option B is technically the correct answer to the specific requirement of securing mail flow.
These connectors are configured in Exchange Online and on-premises Exchange. They are set to enforce Transport Layer Security (TLS) using certificates, ensuring that mail is encrypted in transit and only accepted from authenticated sources.
Let’s examine the other choices:
A: The Hybrid Configuration Wizard is indeed critical for setting up a hybrid Exchange environment. It automates the configuration of connectors, OAuth, and other settings. However, it’s a broader tool and not a specific mail flow security mechanism, which makes it a less precise answer here.
C: The Edge Transport server is used in perimeter security and advanced routing configurations. However, it is optional and not required for hybrid deployments. Most modern hybrid setups don’t use an Edge Transport server unless complex routing policies are in place.
D: Azure Information Protection is used for classifying, labeling, and protecting content using sensitivity labels. It does not handle mail flow encryption between Exchange environments.
To summarize, while the HCW helps initiate the setup, it is the TLS-enforced Mail Flow Connectors that directly ensure secure and encrypted email delivery in a hybrid deployment. Therefore, Option B is the correct answer.
Top Microsoft Certification Exams
Site Search:
SPECIAL OFFER: GET 10% OFF
Pass your Exam with ExamCollection's PREMIUM files!
SPECIAL OFFER: GET 10% OFF
Use Discount Code:
MIN10OFF
A confirmation link was sent to your e-mail.
Please check your mailbox for a message from support@examcollection.com and follow the directions.
Download Free Demo of VCE Exam Simulator
Experience Avanset VCE Exam Simulator for yourself.
Simply submit your e-mail address below to get started with our interactive software demo of your free trial.