MS-100: Interview Questions
MS-100 is a Microsoft certification exam that validates the skills and knowledge required for managing Microsoft 365 services. If you’re looking for a job in the field of IT and want to demonstrate your expertise in Microsoft 365 administration, passing the MS-100 exam is a great way to do so.
In this blog, we’ll cover some interview questions that you might encounter during your job search. These questions are designed to test your knowledge of Microsoft 365 services, and your ability to manage and administer them effectively. We’ll cover a range of topics, including user and group management, device management, security and compliance, and more.
By reviewing these questions and preparing your answers, you can feel more confident and prepared for your next job interview. Let’s get started!
Can you explain the difference between Office 365 and Microsoft 365?
The main difference between Office 365 and Microsoft 365 is that Office 365 is a suite of cloud-based productivity applications that includes Word, Excel, PowerPoint, Outlook, and other tools, while Microsoft 365 is a comprehensive productivity suite that includes everything in Office 365, as well as additional security and device management features.
Office 365 is designed to provide users with access to popular productivity applications in the cloud, allowing them to create, edit, and share documents from anywhere with an internet connection. Office 365 also includes cloud-based email, calendaring, and other collaboration tools.
Microsoft 365, on the other hand, is designed for businesses and organizations that need more advanced security and device management capabilities. In addition to all the applications and features included in Office 365, Microsoft 365 includes enhanced security features such as Advanced Threat Protection, device management capabilities through Microsoft Intune, and Windows 10 Enterprise licenses.
Another difference is that Office 365 is a subscription-based service that is priced on a per-user, per-month or per-year basis, while Microsoft 365 is also a subscription-based service but is typically priced at a higher rate due to the additional security and device management features included.
How have you managed user identities and access in a Microsoft 365 environment?
Microsoft 365 environment typically involves tasks such as setting up and maintaining Active Directory and Azure Active Directory, creating and assigning licenses, setting up multi-factor authentication, establishing password policies, and managing role-based access controls. The goal is to provide secure and efficient access to the services and data users need, while also meeting compliance and security requirements.
What are the different types of Microsoft 365 licenses available, and how are they different from one another?
There are several different types of Microsoft 365 licenses available, each with its own set of features and capabilities. Here are the most common ones:
- Microsoft 365 Business Basic: This license includes Exchange Online, SharePoint Online, and Microsoft Teams, as well as access to web versions of Word, Excel, and PowerPoint.
- Microsoft 365 Business Standard: This license includes everything in the Business Basic license, as well as desktop versions of Word, Excel, PowerPoint, and Outlook.
- Microsoft 365 Apps for Business: This license includes desktop versions of Word, Excel, PowerPoint, Outlook, Publisher, and Access.
- Microsoft 365 E3: This license includes all the features of Business Standard, as well as advanced security and compliance features, such as data loss prevention and eDiscovery.
- Microsoft 365 E5: This license includes all the features of E3, as well as advanced analytics and voice capabilities, such as advanced threat protection and audio conferencing.
- Microsoft 365 F1: This license is designed for frontline workers, and includes access to Teams, OneDrive, and SharePoint, as well as mobile versions of Word, Excel, and PowerPoint.
The main differences between these licenses are the features they include and the price. Some licenses, such as E3 and E5, are designed for larger organizations with more advanced security and compliance needs, while others, such as Business Basic and Apps for Business, are more affordable and suitable for smaller businesses or individual users.
Can you describe your experience with configuring and maintaining security for Microsoft 365 services?
Microsoft 365 services, like Exchange Online, SharePoint, and Teams, have various built-in security features to protect data and ensure compliance, such as multi-factor authentication, data encryption, and data loss prevention policies. A professional in this area is responsible for configuring these security features, monitoring for security threats, and implementing any necessary updates or changes to ensure the security and compliance of Microsoft 365 services.
How have you used Microsoft 365 to enforce compliance and data protection?
To enforce compliance and data protection in Microsoft 365, administrators can use various features and tools such as:
- Microsoft Compliance Center to manage data retention, eDiscovery, and retention policies
- Azure Active Directory for user authentication and authorization
- Information Protection (classification, labeling, and protection of sensitive data)
- Data Loss Prevention policies to identify and protect sensitive data
- Conditional Access policies to control access to data based on specific conditions
- Advanced Threat Protection to protect against malicious attacks. These features can help organizations meet various industry and government regulations and standards, such as GDPR, HIPAA, and ISO 27001.
Can you discuss your experience with managing Exchange Online and Exchange hybrid deployments?
Exchange Online is a cloud-based email service provided by Microsoft 365, while Exchange hybrid deployment involves integrating Exchange Online with on-premises Exchange Server. Managing Exchange Online and Exchange hybrid deployments involves:
- Configuring and managing Exchange Online services, such as email, calendar, contacts, and tasks.
- Ensuring Exchange Online is properly integrated with other Microsoft 365 services, such as SharePoint and Teams.
- Implementing security and compliance measures to protect sensitive data and maintain regulatory compliance.
- Managing Exchange Online users and distribution groups, including setting up mailboxes, assigning licenses, and configuring email policies.
- Implementing and managing email flow, including inbound and outbound email routing, spam and malware filtering, and email archiving.
- Monitoring Exchange Online performance, ensuring high availability, and troubleshooting issues as needed.
It is important for administrators to stay current with the latest updates and features in Exchange Online, including security and compliance updates, and be familiar with the different licensing options available to optimize utilization.
How have you used Microsoft 365 to implement collaboration solutions, such as SharePoint and Teams?
Microsoft 365 provides a range of collaboration solutions, including SharePoint and Teams, which can be used to improve communication and collaboration within organizations. SharePoint is a web-based platform that provides document management and collaboration, while Teams is a communication and collaboration platform that integrates with SharePoint. When implementing these solutions, it’s important to understand the specific needs of the organization and determine the most appropriate configuration and customization options. This may involve defining the overall architecture, setting up user accounts and permissions, configuring document libraries and lists, and integrating with other tools and systems as needed.
Can you describe your understanding of Microsoft 365 licensing options and how to optimize license utilization?
Microsoft 365 offers different licensing options that cater to different organizational needs and user requirements. Some of these licensing options include Office 365 Business Premium, Microsoft 365 Business Standard, Microsoft 365 Enterprise E3 and E5, and Microsoft 365 F1. To optimize license utilization, organizations need to understand their requirements for email, file storage, online meetings, and other services, as well as the number of users who will require access to these services. Based on this, organizations can choose the most cost-effective licensing option that provides the services they need. Organizations can also make use of the Microsoft 365 License Advisor tool to get recommendations on the best licensing option for their needs.
Can you explain the process of setting up a new user in Microsoft 365?
Here are the general steps for setting up a new user in Microsoft 365:
- Log in to the Microsoft 365 admin center with an account that has administrator permissions.
- Click on the “Users” tab and select “Active Users” from the dropdown menu.
- Click on the “Add a user” button.
- Enter the user’s first and last name, username, and domain name. You can also choose to generate a temporary password for the user or create a custom one.
- Set the user’s location, language, and contact information.
- Choose a license for the user. This will determine which Microsoft 365 services and applications the user can access.
- Assign the user to a role, such as Global Admin or User Management Admin.
- Review the user’s settings and click “Create” to complete the process.
Once you’ve created the user, you can further configure their settings, such as setting up their email, granting them access to SharePoint and OneDrive, and configuring their security settings, such as Multi-Factor Authentication.
How have you managed updates and upgrades to Microsoft 365 services?
Managing updates and upgrades to Microsoft 365 services can include the following steps:
- Reviewing the release notes and planning for compatibility, impact and resources needed.
- Testing the updates in a non-production environment before applying to the production environment.
- Creating a schedule for update and upgrade deployments, communicating with stakeholders, and preparing for any necessary data backup and recovery.
- Monitoring the update or upgrade process and validating the results to ensure that all services are functioning as expected.
- Documenting the update or upgrade process and any changes made.
- Keeping up with the latest updates and features in Microsoft 365 through training, self-education, and participation in user communities and forums.
Can you walk us through a recent project you worked on that involved Microsoft 365 identity and services?
Microsoft 365 identity and services projects typically involve implementing and managing identity and access solutions, such as setting up single sign-on and multi-factor authentication, configuring user and group management, and implementing conditional access policies. They may also involve implementing and managing services such as Exchange Online for email and calendar, SharePoint for collaboration and document management, and Skype for Business for real-time communication.
How do you stay current with the latest updates and features in Microsoft 365?
I stay current with the latest updates and features in Microsoft 365 by regularly checking Microsoft’s official website and blogs, attending relevant conferences, participating in online communities, and attending training and certification programs. Additionally, I often communicate with colleagues and peers who work in similar areas to share information and best practices.
1. What is Certificate-based authentication?
Certificate-based authentication (CBA) is the use of a digital certificate to identify a user, machine, or device before granting access to a resource, network, application, or service. In user authentication, it is often deployed in coordination with traditional methods such as usernames and passwords.
2. What do you mean by Conditional access?
Conditional Access policies are if-then statements for granting access to resources. If a user wants to access a resource, then the user must complete an action. This tool is used by Azure Active Directory to bring signals together, to make decisions, and enforce organizational access policies.
3. Name some Common Signals that Conditional Access can use while making Policy Decisions.
Common signals that Conditional Access can use when making a policy access decision include:
- User or group membership
- IP location information
- Device information
- Application information
- Real-time and calculated risk detection
- Microsoft Cloud App Security (MCAS)
4. Explain Multi-factor authentication.
Multi-factor authentication (MFA) is a method of computer access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism. This method typically uses at least two of the following categories:
- Knowledge (something they know)
- Possession (something they have)
- Inherence (something they are)
5. What is Modern authentication?
Modern authentication enables new scenarios for customers to authenticate against Office 365 and for tenant admins to enforce specific authentication requirements across the Office 365 tenancy, such as:
- Multi-factor authentication support for administrative interaction with the tenancy and services, and end-user interaction with applications and their data
- Conditional access
- SAML-based third-party identity provider sign-in
- Smartcard log on personal computers
6. In how many ways can you assign Admin Role?
You can assign users to a role in 2 different ways:
- You can go to the user’s details and Manage roles to assign a role to the user.
- Or you can go to Roles and select the role, and then add multiple users to it.
7. What are Distribution Groups?
Distribution groups are used for sending notifications to a group of people. They can receive external email if enabled by the administrator. Distribution groups are best for situations where you need to broadcast information to a set group of people, such as “People in Building A” or “Everyone at Contoso.”
8. Define Security Groups.
Security groups are used for granting access to Microsoft 365 resources, such as SharePoint. They can make administration easier because you need only administer the group rather than adding users to each resource individually. Security groups can contain users or devices. Creating a security group for devices can be used with mobile device management services, such as Intune.
9. When are Shared Mailboxes used?
Shared mailboxes are used when multiple people need access to the same mailbox, such as company information or support email address, reception desk, or other function that might be shared by multiple people. Shared mailboxes can receive external emails if the administrator has enabled this. They include a calendar that can be used for collaboration.
10. What is General Data Protection Regulation (GDPR)?
The GDPR is an EU regulation that updates and expands the earlier Data Protection Directive (DPD) first enacted in 1995. The GDPR is concerned with the privacy of an individual’s data, be that individual a client, customer, employee, or business partner. The GDPR’s goal is to strengthen personal data protection for EU citizens, whether they reside in the EU or elsewhere. The regulation sets out expectations and advises on how to achieve them. Organizations must have measures in place that satisfy the requirements of the GDPR.
11. Explain Sensitive Personal Data in GDPR.
Sensitive personal data: This is data that adds more details to personal data. Examples include religion, trade union membership, ethnic origin, and so on. Sensitive personal data also includes biometric data and DNA. Under GDPR, sensitive data has more stringent protection rules than personal data.
12. What is Microsoft Secure Score?
Microsoft Secure Score is a measurement of an organization’s security posture, with a higher number indicating more improvement actions taken. Following the Secure Score recommendations can protect your organization from threats. From a centralized dashboard in the Microsoft 365 security center, organizations can monitor and work on the security of their Microsoft 365 identities, apps, and devices.
13. Give some benefits of Microsoft Secure Score.
Secure Score helps organizations:
- Report on the current state of the organization’s security posture.
- Improve their security posture by providing discoverability, visibility, guidance, and control.
- Compare with benchmarks and establish key performance indicators (KPIs).
14. What products are included in Secure Score?
Currently there are recommendations for the following products:
- Microsoft 365 (including Exchange Online)
- Azure Active Directory
- Microsoft Defender for Endpoint
- Microsoft Defender for Identity
- Cloud App Security
- Microsoft Teams
15. What are Service Incidents?
A service incident is an event that affects the delivery of a service. Service incidents may be caused by hardware or software failure in the Microsoft data center, a faulty network connection between the customer and Microsoft, or a major data center challenge such as fire, flood, or regional catastrophe.
16. What are Planned Maintenance events?
Planned maintenance is regular Microsoft-initiated service updates to the infrastructure and software applications. Planned maintenance notifications inform customers about service work that might affect the functionality of a Microsoft service. Customers are notified no later than five days in advance of all planned maintenance through the Message Center on the Microsoft 365 admin center.
17. Define Admin App.
The Admin App for organization administrators gives you the ability to connect with your organization’s Microsoft service status on the go. Microsoft administrators will have the ability to view service health information and maintenance status updates from their mobile devices.
18. What is Power BI?
Power BI is a cloud-based suite of business analytics tools that lets anyone connect to, visualize, and analyze data with greater speed, efficiency, and understanding. It connects users to a broad range of live data through easy-to-use dashboards, provides AI-infused automated insights, embedded and interactive reports, and delivers compelling visualizations that bring data big and small to life.
19. What is Yammer?
Yammer is a best-in-class, secure, and private enterprise social network. Yammer empowers employees to be more productive and successful by enabling them to collaborate easily, make decisions faster, and self-organize into teams to take on any business challenge. It’s a new way of working that naturally drives business alignment and agility, reduces cycle times, engages employees, and improves relationships with both customers and partners.
20. What are the two types of authentication when using the hybrid identity model?
There are two types of authentication when using the hybrid identity model:
- Managed authenticationAzure AD handles the authentication process by using a locally-stored hashed version of the password or sends the credentials to an on-premises software agent to be authenticated by the on-premises AD DS.
- Federated authenticationAzure AD redirects the client computer requesting authentication to another identity provider.
21. How many Types of Managed authentications are there?
There are two types of managed authentication:
- Password hash synchronization (PHS)Azure AD performs the authentication itself.
- Pass-through authentication (PTA)Azure AD has AD DS perform the authentication.
22. What is Password hash synchronization (PHS)?
With PHS, you synchronize your AD DS user accounts with Microsoft 365 and manage your users on-premises. Hashes of user passwords are synchronized from your AD DS to Azure AD so that the users have the same password on-premises and in the cloud. This is the simplest way to enable authentication for AD DS identities in Azure AD.
23. Define Pass-through authentication (PTA).
PTA provides a simple password validation for Azure AD authentication services using a software agent running on one or more on-premises servers to validate the users directly with your AD DS. With PTA, you synchronize AD DS user accounts with Microsoft 365 and manage your users on-premises.
24. What do you mean by Federated authentication?
Federated authentication is primarily for large enterprise organizations with more complex authentication requirements. With federated authentication, users have the same password on-premises and in the cloud and they do not have to sign in again to use Microsoft 365. It also supports additional authentication requirements, such as smartcard-based authentication or a third-party multi-factor authentication and is typically required when organizations have an authentication requirement not natively supported by Azure AD.
25. What is Azure AD Connect Health?
Azure Active Directory (Azure AD) Connect Health provides robust monitoring of your on-premises identity infrastructure. It enables you to maintain a reliable connection to Microsoft 365 and Microsoft Online Services. This reliability is achieved by providing monitoring capabilities for your key identity components. Also, it makes the key data points about these components easily accessible.
26. What is IRM in Exchange hybrid deployments?
Information Rights Management (IRM) helps you to protect against leakage of sensitive information by providing persistent online and offline protection of email messages and attachments. IRM uses Active Directory Rights Management Services (AD RMS), which is a component of Windows Server 2008 and later. AD RMS allows users to create rights-protected content, such as email messages and attachments, and then control how that content is used, and to whom it’s distributed.
27. what is the role of Edge Transport server?
The Edge Transport server role is an optional role that’s typically deployed on a computer located in an Exchange organization’s perimeter network and is designed to minimize the attack surface of the organization. The Edge Transport server role handles all internet-facing mail flow, which provides SMTP relay and smart host services for the internal on-premises Exchange servers in your organization.
28. What are Connectors?
Power Apps and Power Automate use connectors to interact with services. Connectors can be standard, premium, or custom. However, To use premium connectors, users must be licensed with Standalone Power Apps or Power Automate licenses.
29. how do you use per app plans?
There are three steps to follow to use a per app plan:
- Purchase Power Apps per-app plans
- Allocate per-app plans to environments
- Set up apps to use per app plans
- Share the app
30. What are dataflows?
Dataflows are a self-service, cloud-based, data preparation technology. Dataflows enable customers to ingest, transform, and load data into Microsoft Dataverse environments, Power BI workspaces, or your organization’s Azure Data Lake Storage account. Further, dataflows are authored by using Power Query, a unified data connectivity and preparation experience already featured in many Microsoft products, including Excel and Power BI.