Microsoft MS-700 Exam Dumps & Practice Test Questions

Question 1:

Your company has recently subscribed to Microsoft 365, and all users have been assigned E3 licenses. As the Systems Administrator, you're tasked with setting up Microsoft Teams to enable secure collaboration with a partner organization. You intend to create guest accounts for the partner users but must ensure they cannot invite other guests. Additionally, only users from the partner company should be permitted to collaborate with your organization in Teams.

Which configuration should you modify to meet these requirements?

A. External sharing settings in the SharePoint Admin Center
B. External collaboration settings in Azure Active Directory
C. Anonymous join settings in Teams Meeting Settings
D. Global Meeting Policy in the Teams Admin Center

Correct answer: B

Explanation:

To securely allow collaboration between your internal users and external users from a partner organization while maintaining strict control over guest privileges, the most appropriate configuration is found in Azure Active Directory’s external collaboration settings.

This setting in Azure AD is specifically designed to manage guest access across Microsoft 365 services, including Microsoft Teams. Here, you can dictate who can invite guests (for example, limiting this to admins only), and most importantly, you can prevent guest users from inviting other guests, which is essential in your case. You can also restrict access by domain, allowing only users from your partner company’s domain to collaborate with your team.

Let’s briefly assess why the other options are not suitable:

• A. The external sharing settings in the SharePoint Admin Center manage sharing for SharePoint and OneDrive documents but have no control over guest account permissions in Teams.

• C. The anonymous meeting settings in Teams control whether users without Teams accounts can join meetings. However, these are related to meeting participation, not guest account management or collaboration settings.

• D. The Global Meeting Policy controls features during Teams meetings (like chat, video, etc.) but not who can be invited as a guest or whether guests can invite others.

Since your core requirement revolves around controlling who can be invited and who can collaborate, Azure AD is the proper place to apply these restrictions. By fine-tuning these settings, you ensure secure and controlled external collaboration that aligns with your organization’s security policies.

Question 2:

You are configuring Teams settings to support a mix of internal and guest users. Company users should be allowed to use their video cameras during Teams meetings. However, guest users should not have camera access during these sessions.

Which configuration change should you make to achieve this?

A. Modify External access settings under Org-wide settings
B. Update Teams settings under Org-wide settings
C. Adjust Guest access settings under Org-wide settings
D. Customize Audio & Video settings in the default Meeting Policy

Correct answer: D

Explanation:

To control camera usage in Microsoft Teams, particularly when differentiating capabilities between company and guest users, the most effective method is to configure Audio & Video settings within the default Meeting Policy in the Teams Admin Center.

Meeting policies in Microsoft Teams give administrators granular control over what users can and cannot do during meetings. By modifying these policies, you can explicitly disable camera access for guest users while continuing to allow internal users to use their cameras. This configuration is essential in scenarios where organizational policies demand tighter control over external participant capabilities for privacy or security reasons.

Let’s explore why the other choices are less appropriate:

• A. External access settings are used to define how your organization communicates with users from other domains (e.g., federated chat with other companies). These settings do not control in-meeting features like camera use.
  
  

• B. Org-wide Teams settings affect broader team-level functionalities, such as team creation or tagging. They don’t provide the necessary granularity for managing video permissions during meetings.

• C. Guest access settings determine whether guests can participate in teams, use chat, or access files. While they’re important for enabling or disabling general access, they don’t cover specific in-meeting capabilities such as camera use.

By contrast, D allows you to define behavior for different user groups during meetings. You can create a custom meeting policy for guest users and disable camera permissions, while keeping them enabled for your staff via a separate policy or the default one. This ensures the correct level of access and maintains compliance with internal policies.

Thus, configuring the Audio & Video settings within the default Meeting Policy is the best solution to limit guest capabilities without affecting internal users.

Question 3:

You're working as a Microsoft 365 Administrator, and your organization utilizes Microsoft Teams for internal collaboration. One of your tasks is to ensure that a specific user cannot permanently erase private chat messages. 

What should you configure to enforce this requirement?

A. Adjust the user's Microsoft 365 license settings in the Microsoft 365 Admin Center
B. Apply a Teams meeting policy
C. Place a litigation hold on the user's mailbox
D. Implement a Sensitivity Label via the Security & Compliance Admin Center

Correct Answer: C

Explanation:

To stop a user from permanently deleting their private chat history in Microsoft Teams, the most effective solution is to apply a litigation hold to the user’s mailbox. In Microsoft 365, private chat messages from Teams are stored in users’ Exchange mailboxes. When a litigation hold is applied, it ensures that all mailbox items, including Teams chat content, are preserved—even if the user attempts to delete them.

A litigation hold prevents both soft and hard deletions. Even if a user deletes a message from their Teams client, the data is retained and discoverable through eDiscovery tools. This feature is especially important for compliance, regulatory investigations, or legal proceedings, as it ensures that no critical communication is lost or tampered with.

Let’s briefly look at why the other options are incorrect:

A. Modifying Microsoft 365 license settings can enable or disable service access, but it doesn’t affect a user’s ability to delete data. This approach doesn’t provide retention or legal hold features.

B. A Teams meeting policy controls features related to meetings—like who can record, present, or join—but it does not affect chat behavior or data retention settings.

D. Sensitivity Labels are designed for content classification and protection—such as applying encryption or access controls. While useful for labeling and controlling how data is used, they do not provide mechanisms to prevent deletion or enforce message retention.

In conclusion, placing the user on a litigation hold ensures that all private Teams chats are preserved, satisfying the requirement to block permanent deletion. Thus, the correct choice is C.

Question 4:

You need to ensure that the Microsoft Teams group used by your organization's Research team clearly displays a "Confidential" label in the Teams interface. What should you do to achieve this?

A. Create and deploy a Sensitivity Label via the Security & Compliance Admin Center
B. Apply a Retention Label from the Security & Compliance Admin Center
C. Set a custom Teams policy through the Microsoft Teams admin center
D. Modify Meeting Settings in the Microsoft Teams admin center

Correct Answer: A

Explanation:

To make sure the Research team in Microsoft Teams is visibly marked as "Confidential," the appropriate action is to create and apply a Sensitivity Label using the Microsoft 365 Compliance Center (formerly part of the Security & Compliance Admin Center). Sensitivity Labels are built to classify and protect information by tagging content—such as documents, emails, and Teams groups—with labels like "Public," "Internal," or "Confidential."

When a Sensitivity Label is configured to be applied to Microsoft Teams, it can control a number of privacy and compliance settings, including team visibility, guest access, and even encryption of chat content. Once applied, the label appears directly within the Teams client, allowing members to immediately see the confidentiality classification. It not only helps reinforce internal policies but also ensures data handling aligns with organizational compliance requirements.

Here’s why the other choices fall short:

B. Retention Labels are used for managing how long content is kept and when it can be deleted. They are ideal for compliance-driven data lifecycle management but are not visible in the Teams client as a classification tag. They don’t provide the “Confidential” visual marker or related protections.

C. Teams policies allow you to manage user permissions, app access, and feature availability within Teams, but they do not provide classification features. You can’t use them to label a team as confidential.

D. Meeting settings only govern behavior during Teams meetings, such as presenter roles or participant permissions. They have no influence on team labeling or classification.

In summary, applying a Sensitivity Label is the only option that meets the requirement of visibly labeling the Research team as “Confidential” within Teams. Therefore, the correct answer is A.

Question 5:

You are a Systems Administrator at an organization with several departments: Sales, Accounts, Research, and Production. All employees are licensed under Microsoft 365 E5, and each department has a dedicated Microsoft Team. Currently, users from any department can freely communicate with users from other departments through Microsoft Teams.

You are tasked with modifying the setup so that only members of the Research department can communicate with each other in Teams and are blocked from interacting with users in other departments. 

What configuration should you implement?

A. Set up a Teams Meeting policy
B. Create Information Barrier policies
C. Apply an App Protection policy
D. Configure Conference Bridges

Correct Answer: B

Explanation:

To enforce communication restrictions between users from different departments in Microsoft Teams, Information Barriers are the appropriate tool. Information Barrier (IB) policies are designed specifically to restrict communications between defined groups within an organization. This is particularly useful in environments where strict separation is necessary, such as between legal and finance teams or, in this case, between the Research team and others.

By configuring an Information Barrier policy that isolates the Research team, you ensure that members of this team can only initiate or receive communications with others in the same team. This includes restrictions on chat, calls, and collaborative actions in Microsoft Teams. Once configured, the system will enforce these rules automatically, maintaining organizational boundaries and supporting compliance with internal policies or regulatory requirements.

Let’s evaluate the other options:

• A (Teams Meeting policy): This controls meeting-related settings, such as who can present or join, but does not block communication between teams.

• C (App Protection policy): Primarily used for securing corporate data on mobile or BYOD devices. It doesn’t manage inter-user communication.

• D (Conference Bridges): These manage dial-in settings for Teams meetings and have no bearing on internal chat or collaboration permissions.

In conclusion, Information Barriers are the only solution among the options that provide the ability to restrict communication between defined user groups. This makes B the correct answer for meeting the requirement of isolating communication for the Research team.

Question 6:

Your organization uses Microsoft Teams, and you want to be immediately notified whenever a user creates a new Team using the "Create a Team" feature within the Teams application. What configuration should you apply?

A. Modify External Collaboration settings in Azure AD
B. Set up a supervision policy in the Compliance center
C. Create an eDiscovery Case
D. Configure an alert policy in the Compliance center

Correct Answer: D

Explanation:

To get notified when a new Team is created in Microsoft Teams, the most appropriate method is to set up an alert policy in the Microsoft 365 Security & Compliance Center. Alert policies allow administrators to track specific user or administrative activities across Microsoft 365 services and to receive real-time notifications when these events occur.

When configuring an alert policy, you can specify the activity to monitor—such as the creation of a Microsoft Team—and set conditions that trigger the alert. Once the policy is active, it will generate notifications to designated recipients whenever the specified action is detected. This makes it an ideal solution for keeping track of administrative actions like new Team creation.

Let’s review the incorrect options:

• A (External Collaboration settings): These settings control whether guests and external users can collaborate within your Microsoft 365 tenant. They do not provide monitoring or alerting capabilities.

• B (Supervision policy): Used for reviewing employee communications for compliance, such as monitoring chats or emails. It’s focused on content moderation, not administrative activity like team creation.

• C (eDiscovery Case): Designed for legal hold and investigation purposes. While it helps retrieve and analyze existing data, it does not offer proactive alerting functionality for new Teams creation.

Therefore, D is the correct answer. Alert policies provide a proactive and customizable solution to track and notify admins when users perform specific actions—such as creating new Teams—helping you maintain visibility and governance over your Microsoft 365 environment.

Question 7:

Which method should you use on User1’s computer to create debug logs for Microsoft Teams?

A. Use the keyboard shortcut Ctrl+Alt+Shift+1
B. Right-click the Teams icon and choose "Get Logs"
C. Open the Application Log through Windows Event Viewer
D. Generate a Usage report from the Teams admin center

Correct Answer: A

Explanation:

When you encounter problems with Microsoft Teams on a user's machine, generating debug logs can be instrumental in diagnosing the issue. Microsoft Teams has a built-in method that enables users to quickly produce detailed log files, and knowing how to initiate this is key during troubleshooting.

Option A is correct because the keyboard shortcut Ctrl+Alt+Shift+1 is the officially supported way to generate Teams debug logs on a Windows computer. When this combination is pressed, Teams creates a set of diagnostic logs that are automatically saved in the user's local directory. These logs include essential information such as sign-in events, call diagnostics, and error messages that help administrators and support staff troubleshoot specific client-side problems.

Option B suggests right-clicking on the Teams icon and selecting "Get Logs." However, while Teams offers limited options via its system tray icon, it does not include a feature called "Get Logs." Thus, this method will not generate the required diagnostic logs, making B incorrect.

Option C, browsing the Application Log in Windows Event Viewer, can provide system-level information, but it does not offer the specific diagnostic details related to the Teams application. These logs might include crash events or system errors, but they lack the in-depth telemetry that Teams’ own debug logs provide. Therefore, C is not suitable for thorough Teams troubleshooting.

Option D involves running a Usage report from the Teams admin center. This report focuses on organization-wide analytics such as meeting usage, active users, and activity trends. It is useful for tracking adoption and usage patterns but irrelevant when diagnosing client-specific issues like login errors or call failures. As such, D is also incorrect.

In summary, the only direct method for producing Microsoft Teams debug logs on a user’s machine is the key combination Ctrl+Alt+Shift+1, which is specifically designed for this purpose.

Question 8:

To follow the principle of least privilege, which role should be assigned to a manager who only needs to view Microsoft Teams usage reports?

A. Teams Communications Administrator
B. Security Administrator
C. Reports Reader
D. Compliance Manager

Correct Answer: C

Explanation:

When assigning permissions in Microsoft 365, adhering to the principle of least privilege is crucial. This means granting users only the minimum level of access necessary to perform their required tasks—no more, no less. In this scenario, the manager needs to view Microsoft Teams usage reports, and nothing beyond that.

Option C—assigning the Reports Reader role—is the most appropriate choice. This role is specifically designed for users who require read-only access to Microsoft 365 usage analytics and reports. It grants visibility into data such as Teams activity, user engagement, and service usage without the ability to change settings or configure policies. It is a perfect match for someone who only needs to monitor Teams usage metrics.

Option A, the Teams Communications Administrator role, offers a much broader set of permissions than necessary. It includes capabilities such as managing meetings, calling policies, and configurations across the Teams environment. Assigning this role would overexpose the manager to administrative functions, violating the principle of least privilege.

Option B, the Security Administrator role, is even broader. It includes permissions to manage security alerts, policies, and Microsoft Defender features. This role is typically reserved for security personnel and has no direct relevance to viewing usage reports, making it highly inappropriate in this context.

Option D, the Compliance Manager role, grants access to sensitive areas like regulatory assessments, data loss prevention policies, and audit logs. While this role can access some reports, it goes well beyond what’s required for viewing Teams usage and opens up additional administrative and sensitive data capabilities.

Therefore, the Reports Reader role is the optimal and most secure choice. It enables the manager to view the necessary reports while ensuring the system’s integrity by not assigning unneeded privileges. Following this best practice helps reduce potential risks associated with over-permissioned users.

Question 9:

You are serving as the Systems Administrator for your organization, which uses Microsoft 365 with E5 licenses assigned to all users. Employees rely on Microsoft Teams for daily collaboration. Recently, users reported that a specific team, which was accessible just yesterday, has been deleted. 

You need to recover this deleted team. Which administrative tool should you use?

A. Microsoft Teams admin center
B. Microsoft Teams client app
C. Azure Active Directory admin center
D. Exchange Online admin center

Correct Answer:  A

Explanation:

When a team is deleted in Microsoft Teams, it enters a soft-deleted state rather than being permanently removed right away. This soft deletion status retains the team for a default retention period of 30 days, during which an administrator can restore it. To carry out this recovery, the administrator must use the appropriate tool.

The correct tool for restoring a deleted team is the Microsoft Teams admin center. This centralized management interface allows Teams administrators to handle all aspects of Teams configuration, including team lifecycle management. When a team is deleted, the admin center enables you to locate it within the "Deleted Teams" section and initiate a restoration, assuming the action is taken within the retention period. This feature makes the admin center the only valid tool for this task.

The Microsoft Teams client app is designed for day-to-day use by end users and does not include administrative functions such as restoring deleted teams. It enables communication and collaboration, but lacks the permissions or capabilities necessary for team recovery.

The Azure Active Directory admin center is focused on identity management, such as controlling user accounts, group memberships, and access policies. Although it plays a role in managing group memberships, it does not handle content or lifecycle actions within Microsoft Teams.

The Exchange Online admin center is tailored toward email and messaging management, such as mailbox configuration and message tracing. It has no control over Microsoft Teams structures or the ability to recover deleted Teams.

In summary, only the Microsoft Teams admin center offers the capability to restore a deleted team, making A the correct answer.

Question 10:

Your company, using Microsoft 365 with E5 licenses, relies on Microsoft Teams for collaboration. One of your Teams was created from an Office 365 group that includes 300 members—among them 50 guest accounts. You need to regularly ensure that only active users and necessary guests remain in the group. Inactive or unneeded members should be removed, and this check must happen every month. 

What should you configure to achieve this?

A. Conditional Access policy
B. Supervision policy
C. Access Review
D. Teams policy

Correct Answer: C

Explanation:

To ensure that an Office 365 group contains only members and guest accounts that actively need access, and to automatically revalidate this membership on a monthly basis, you should configure an Access Review. This feature, part of Microsoft Entra (formerly Azure AD), is specifically designed to help organizations review and control user access to resources, including Microsoft 365 groups and Teams.

Access Reviews can be scheduled to run periodically, allowing administrators or designated reviewers to confirm whether each group member still needs access. If a user is found to be inactive or no longer relevant to the group, the reviewer can easily remove them during the review process. This promotes a least-privilege model and reduces security risks associated with lingering access rights.

In contrast, a Conditional Access policy (Option A) is used to enforce access requirements based on conditions like user location, device compliance, or sign-in risk. It doesn’t address group membership reviews or access removal based on user activity.

A Supervision policy (Option B) focuses on compliance by monitoring communication within Teams or other Microsoft 365 apps. It doesn’t manage or review group membership.

A Teams policy (Option D) is used to configure specific Teams behaviors and features for users—such as who can create private channels or use apps. It’s unrelated to group access reviews or membership cleanup.

Therefore, the Access Review feature (Option C) is the most suitable choice. It directly fulfills the requirement of verifying who still needs access to a group and helps automate the removal of inactive or unnecessary users, ensuring that access remains secure and appropriate. This makes C the correct answer.