Free Practice Questions for Microsoft 365 Administrator Exam (MS-102)

The role of a Microsoft 365 Administrator is central to ensuring the seamless operation of an organization’s cloud services environment. Microsoft 365 is a comprehensive suite of productivity, collaboration, and security tools designed to meet the needs of modern businesses. As a Microsoft 365 Administrator, your core responsibilities include managing user identities, ensuring service health, deploying applications, configuring security policies, and managing devices.

This role demands a deep understanding of Microsoft 365 services such as Exchange Online, SharePoint Online, Microsoft Teams, and OneDrive for Business. Additionally, the administrator must be skilled in compliance, governance, threat management, and user experience optimization. The administrator serves as the bridge between end users and the Microsoft 365 ecosystem, ensuring that services are not only running but also configured in line with organizational policies and user needs.

The administrator must also be proficient in working with the Microsoft 365 admin center, PowerShell scripting, and various service-specific administrative portals. This includes a thorough understanding of licensing, domain configuration, policy enforcement, and service customization. The MS-102 exam tests a candidate’s ability to manage all these elements effectively and in a way that contributes to business goals.

Moreover, Microsoft 365 Administrators must continuously stay up to date with service updates, compliance regulations, and security best practices. Microsoft frequently updates its services with new features, and administrators are expected to understand and implement these changes while minimizing disruption to the end-user experience. This ongoing learning requirement makes the role dynamic and critical in a digital transformation context.

In essence, a Microsoft 365 Administrator plays a pivotal role in driving productivity, collaboration, and security within the cloud environment. Whether through configuring services, responding to incidents, or implementing governance policies, this professional ensures that Microsoft 365 delivers its full value to the organization.

Key Components of Microsoft 365 Services

Microsoft 365 is built on a foundation of several core services, each of which plays a vital role in an organization’s productivity and operational efficiency. Understanding these components is essential for any administrator, as the MS-102 exam tests not only conceptual knowledge but also the practical ability to manage and troubleshoot these services.

Exchange Online is the cloud-based email and calendaring solution within Microsoft 365. It allows users to send and receive emails, manage their calendars, and schedule meetings across the organization. As an administrator, one of your key responsibilities is to configure mailboxes, apply mail flow rules, and ensure compliance with email retention policies. You also manage email security features such as anti-phishing, anti-malware, and spam filtering.

SharePoint Online provides a platform for content management, collaboration, and intranet sites. It is widely used for creating document libraries, managing permissions, and enabling workflow automation. The administrator is responsible for site provisioning, managing storage quotas, implementing retention policies, and integrating SharePoint with Microsoft Teams and OneDrive.

Microsoft Teams is the hub for collaboration in Microsoft 365. It brings together chat, meetings, file sharing, and third-party app integration into a single platform. The administrator configures Teams policies, manages teams and channels, ensures compliance with governance standards, and integrates Teams with other services like Exchange and SharePoint.

OneDrive for Business offers cloud storage for individual users. It allows users to store files securely, share content, and collaborate in real time. From an administrative perspective, managing OneDrive includes configuring sharing policies, setting up storage limits, enforcing retention settings, and monitoring usage and compliance.

In addition to these primary services, Microsoft 365 includes components like Yammer, Microsoft Stream, Microsoft Viva, and Planner. Each of these services plays a supporting role in the broader productivity and collaboration landscape. The administrator must be familiar with their integration capabilities, licensing models, and administrative settings.

Together, these components form a cohesive ecosystem that enables organizations to work smarter, faster, and more securely. Mastery of these services is essential for passing the MS-102 exam and for becoming an effective Microsoft 365 Administrator.

Identity and Access Management in Microsoft 365

Identity and access management is one of the foundational aspects of Microsoft 365 administration. Every action in the Microsoft 365 environment, whether it’s sending an email, accessing a file, or attending a Teams meeting, starts with a user identity. Managing these identities securely and efficiently is a critical responsibility of the Microsoft 365 Administrator.

At the heart of Microsoft 365 identity management is Azure Active Directory (Azure AD). Azure AD is Microsoft’s cloud-based identity and access management service that underpins the authentication and authorization of users in Microsoft 365. As an administrator, you will manage user accounts, group memberships, roles, and access permissions using Azure AD.

User account creation can be performed manually through the Microsoft 365 admin center or automated using PowerShell scripts. Organizations often integrate Azure AD with their on-premises Active Directory using Azure AD Connect. This hybrid identity model allows users to access Microsoft 365 services using their existing credentials and ensures a seamless sign-in experience.

Groups play an essential role in access management. Microsoft 365 supports several group types, including Microsoft 365 groups, security groups, and mail-enabled security groups. Microsoft 365 groups are especially important as they provide integrated collaboration features across Outlook, SharePoint, Teams, and other services. Administrators must ensure that the right users are added to the right groups and that group policies align with organizational requirements.

Role-based access control (RBAC) is used to delegate administrative tasks without granting full access to all settings. For instance, a user management administrator can reset passwords and manage users, but cannot configure Exchange Online. This fine-grained control is vital for maintaining security while enabling operational flexibility.

Conditional Access is a powerful feature in Azure AD that allows administrators to enforce policies based on user conditions, such as location, device compliance, and risk level. For example, you might require multi-factor authentication (MFA) for users signing in from outside the corporate network. Understanding how to design and implement Conditional Access policies is a key skill for the MS-102 exam.

Password management is another critical area. Administrators can configure self-service password reset (SSPR), enforce password complexity rules, and implement policies to prevent the use of leaked passwords. These features help enhance security while reducing the helpdesk workload.

Finally, secure identity management is not complete without auditing and monitoring. Azure AD provides logs and reports that allow administrators to track sign-ins, failed login attempts, and suspicious activities. Integrating Azure AD with Microsoft Defender for Identity adds a layer of security through behavioral analytics and threat detection.

In summary, identity and access management is the cornerstone of Microsoft 365 administration. It ensures that the right people have access to the right resources at the right time, without compromising organizational security.

Security and Compliance in Microsoft 365

Security and compliance are integral to Microsoft 365 administration. As organizations increasingly rely on cloud services to store sensitive data and facilitate communication, the need to protect that data and ensure regulatory compliance becomes paramount. The Microsoft 365 Administrator plays a central role in configuring and enforcing security and compliance measures.

Microsoft 365 includes a comprehensive set of security tools that protect against threats such as malware, phishing, data breaches, and unauthorized access. Microsoft Defender for Office 365 offers advanced threat protection capabilities, including Safe Attachments, Safe Links, and anti-phishing policies. These features help prevent malicious content from reaching users and are managed through the Microsoft 365 security portal.

Multi-factor authentication (MFA) is one of the most effective ways to protect user accounts. MFA requires users to provide a second form of authentication, such as a phone notification or app-based verification, in addition to their password. Administrators can configure MFA requirements using Conditional Access or enforce it tenant-wide through security defaults.

Data Loss Prevention (DLP) policies are used to identify and protect sensitive information across Microsoft 365 services. These policies can be configured to monitor content for predefined data types, such as credit card numbers or health records, and to take actions such as blocking sharing or alerting administrators. DLP is essential for organizations handling regulated data or adhering to industry-specific compliance standards.

Information protection features allow administrators to classify and label data based on sensitivity. Sensitivity labels can be used to apply encryption, restrict access, or add visual markings to documents and emails. These labels can be automatically applied based on content, offering consistent protection across services.

Retention policies help organizations manage the lifecycle of data by ensuring that it is retained for a specific period or deleted when no longer needed. These policies can be applied to Exchange mailboxes, SharePoint sites, OneDrive content, and Microsoft Teams chats. Understanding how to design and implement retention policies is crucial for compliance with legal and regulatory requirements.

The Microsoft Purview Compliance Portal consolidates various compliance tools in one place. It includes features such as compliance score, Insider Risk Management, Communication Compliance, and eDiscovery. These tools help organizations identify risks, investigate incidents, and respond to legal requests effectively.

Audit logging and reporting provide visibility into user and administrator activities across Microsoft 365. These logs can be accessed through the compliance portal or exported for analysis. Key audit events include login attempts, file access, mailbox actions, and policy changes.

Microsoft Secure Score is a metric that evaluates your organization’s security posture based on current configurations and provides recommendations for improvement. By following Secure Score recommendations, administrators can gradually enhance security while understanding the trade-offs of each action.

Overall, Microsoft 365 offers a rich ecosystem of security and compliance tools that, when configured correctly, provide robust protection and governance. The administrator’s role is to understand the organization’s needs, configure appropriate policies, and monitor the environment continuously to adapt to evolving threats and regulations.

Device and Endpoint Management in Microsoft 365

Effective device management is crucial for ensuring that organizational data remains secure and that users can work productively from any device. Microsoft 365 provides a comprehensive set of tools to manage endpoints, enforce compliance, and deliver applications — all through Microsoft Intune, the cloud-based device management platform included in Microsoft Endpoint Manager.

Microsoft Intune supports both Mobile Device Management (MDM) and Mobile Application Management (MAM). MDM is typically used to enforce policies on entire devices (corporate-owned or BYOD), while MAM provides granular control over apps, particularly useful in BYOD environments where full device control isn’t desirable.

Administrators can enroll devices into Intune using automatic enrollment, Windows Autopilot, Apple DEP, or manual methods. Once enrolled, devices can receive configuration profiles that enforce settings such as Wi-Fi access, VPN configurations, security baselines, and compliance rules. These policies ensure consistency across the organization and reduce the need for manual setup.

Compliance policies define the conditions that a device must meet to be considered compliant. For instance, a policy might require devices to have a passcode, encryption, or up-to-date antivirus protection. These compliance policies integrate with Conditional Access, allowing administrators to block or allow access to Microsoft 365 services based on device compliance.

App protection policies allow administrators to manage corporate data within apps such as Outlook, Word, and Teams, even on unmanaged devices. For example, administrators can restrict copy/paste, prevent data backup, or wipe app data if a device is lost or the user leaves the organization.

Windows Autopilot is a key feature that simplifies the deployment of new Windows 10/11 devices. It allows administrators to preconfigure devices so that users receive a customized, ready-to-use device right out of the box. This reduces IT effort and speeds up onboarding.

In addition to Intune, Microsoft 365 offers Microsoft Defender for Endpoint, a security platform designed to help enterprises prevent, detect, investigate, and respond to advanced threats. It integrates deeply with Intune to assess device risk levels and take automated remediation actions when needed.

Device inventory and reporting features in Intune enable administrators to monitor device health, installed applications, OS versions, and compliance status. These insights are essential for proactive maintenance and auditing purposes.

Overall, Microsoft 365’s endpoint management capabilities allow administrators to strike a balance between user flexibility and organizational control — a key focus of the MS-102 exam.

Collaboration and Productivity Tools

Microsoft 365 thrives on collaboration. Its suite of tools enables real-time communication, shared document editing, and cross-functional teamwork, regardless of where users are located. The administrator’s role is to configure and support these tools to ensure seamless collaboration while adhering to governance and compliance requirements.

Microsoft Teams

Microsoft Teams is the centerpiece of collaboration in Microsoft 365. It combines persistent chat, video conferencing, file sharing, and integration with third-party applications. Administrators must manage Teams policies, app permissions, guest access, and compliance settings.

Important administrative tasks include:

• Creating and managing teams and channels
  
• Configuring meeting policies (e.g., who can present, record meetings, use background effects)
  
• Managing external access (communication with users in other domains)
  
• Enabling or disabling features such as private channels, file sharing, and apps

Teams leverages other Microsoft 365 services like SharePoint and OneDrive to store and share files. Each team has an associated SharePoint site for shared files and an Outlook group for calendaring.

SharePoint Online

SharePoint Online supports intranets, document management systems, and internal portals. Administrators are responsible for:

• Site creation and lifecycle management
  
• Configuring site permissions
  
• Managing content types, metadata, and search schema
  
• Enabling versioning and check-in/check-out settings

Modern SharePoint sites are mobile-responsive, customizable, and integrated with Power Automate and Power Apps to build business solutions without code.

OneDrive for Business

OneDrive enables users to store personal work files in the cloud and access them from any device. Admin tasks include:

• Managing storage quotas and retention
  
• Controlling external sharing
  
• Monitoring usage reports
  
• Enforcing compliance policies

Administrators can configure Known Folder Move (KFM) to redirect Desktop, Documents, and Pictures folders to OneDrive, ensuring user data is backed up to the cloud.

Office Apps and Outlook

Microsoft 365 apps like Word, Excel, PowerPoint, and Outlook are available both online and offline. Administrators can manage:

• Deployment using Microsoft 365 Apps for enterprise
  
• App settings using Group Policy or Intune
  
• Licensing and activation methods
  
• Outlook mailbox policies, rules, and client connectivity settings

Office apps are tightly integrated with Microsoft 365 services, enabling real-time co-authoring, commenting, and autosave features. Outlook, meanwhile, supports advanced calendaring, shared mailboxes, resource mailboxes, and automatic rules.

Microsoft Loop and Viva

Newer tools like Microsoft Loop (for collaborative workspaces) and Microsoft Viva (for employee experience) represent the evolving nature of collaboration. While these aren’t heavily emphasized in MS-102 yet, familiarity with their administration settings is beneficial as Microsoft expands its capabilities.

The MS-102 exam expects administrators to understand how to configure, secure, and monitor these tools to enable collaboration without compromising control.

Monitoring and Reporting in Microsoft 365

Monitoring the health of your Microsoft 365 environment is crucial for proactive management and service continuity. Microsoft provides built-in tools to track service status, usage trends, configuration changes, and potential risks.

Microsoft 365 Admin Center

The Microsoft 365 Admin Center is the central hub for managing users, licenses, domains, and services. Key dashboards include:

• Service health: Real-time updates on service incidents and advisories
  
• Message center: Notifications about changes and new features
  
• Reports: Usage trends for Exchange, Teams, OneDrive, and SharePoint

Administrators should regularly check the service health dashboard and subscribe to alerts to ensure a timely response to outages or issues.

Microsoft 365 Usage Reports

Usage analytics helps organizations understand how users are adopting Microsoft 365 services. These reports cover metrics like:

• Email activity (sent/received)
  
• Teams activity (chat, calls, meetings)
  
• SharePoint file interactions
  
• OneDrive file storage and sharing

By analyzing these reports, administrators can identify adoption gaps, training needs, or underutilized licenses.

Audit Logs and Compliance Reports

Audit logs track actions across Microsoft 365, including user sign-ins, file access, mailbox activities, and admin changes. These logs are accessible via:

• Microsoft Purview Compliance Portal
  
• Microsoft Graph API
  
• PowerShell scripting

Administrators should configure Audit (Standard and Premium) logging based on organizational risk and compliance needs. Logs are especially critical during investigations, legal holds, or internal audits.

Alerts and Policies

Microsoft Defender for Office 365 and Microsoft Purview provide automated alerts for security and compliance events. For example:

• Unusual sign-in behavior
  
• Mass file deletions
  
• Email forwarding rules to external domains

Administrators can create custom alert policies and configure escalation workflows for security teams or compliance officers.

Secure Score and Compliance Score

Secure Score provides recommendations to improve the organization’s security posture. It covers:

• Identity protection (MFA, password policies)
  
• Device protection (Intune enrollment, encryption)
  
• App governance

Similarly, the Compliance Score measures adherence to compliance requirements such as GDPR, HIPAA, and ISO standards. Both scores are dynamic and allow administrators to track improvements over time.

Understanding how to use these tools is a core objective of the MS-102 exam and a daily necessity for administrators managing a Microsoft 365 environment at scale.

Licensing and Tenant Configuration

Microsoft 365 offers a range of licensing options tailored to business size, industry, and compliance requirements. Administrators must manage licenses efficiently to control costs, ensure compliance, and enable the right features for the right users.

Licensing Models

Microsoft 365 subscriptions are typically divided into:

• Business plans (Basic, Standard, Premium) for small to mid-sized businesses
  
• Enterprise plans (E1, E3, E5) for large organizations
  
• Education, Government, and Nonprofit variants
  
• Add-ons like Microsoft Defender for Endpoint, Power BI, and Audio Conferencing

Each license includes specific entitlements such as mailbox size, Teams features, SharePoint storage, and security capabilities. For example, Microsoft 365 E5 includes advanced security, compliance, and analytics tools.

Assigning Licenses

Administrators assign licenses:

• Manually via the Microsoft 365 admin portal
  
• Automatically using Azure AD group-based licensing.
  
• Programmatically using PowerShell

Effective license management involves ensuring that users are licensed appropriately, deactivating licenses when users leave, and monitoring license availability.

Tenant Configuration

A Microsoft 365 tenant represents a dedicated instance of Microsoft cloud services linked to a specific domain and organization. Key configuration tasks include:

• Verifying custom domains (e.g., yourcompany.com)
  
• Configuring DNS records for Exchange, SharePoint, and Skype for Business (legacy)
  
• Setting up default organization settings (e.g., data location, user templates)
  
• Managing tenant-wide sharing and external access settings

Understanding how to configure and maintain your Microsoft 365 tenant is foundational to all other tasks.

Exam Preparation Tips for MS-102

Passing the MS-102 exam requires more than theoretical knowledge — it demands real-world understanding of Microsoft 365 administration tasks. Here are some tips to prepare effectively:

1. Understand the Skills Measured

Microsoft publishes an official “Skills Measured” document for the MS-102 exam. This outlines the exact areas you’ll be tested on, including:

• Identity and access management (25–30%)
  
• Security, compliance, and threat management (25–30%)
  
• Microsoft 365 services management (15–20%)
  
• Tenant and service health management (10–15%)

Review this list regularly and ensure you have hands-on experience in each area.

2. Use Microsoft Learn

• “Manage your Microsoft 365 tenant”
  
• “Implement security and compliance in Microsoft 365”
  
• “Manage Microsoft 365 identities and roles”

These interactive modules include labs, quizzes, and real-world examples.

3. Practice with Microsoft 365 Trial Tenants

• Intune device enrollment
  
• DLP policy creation
  
• Conditional Access configuration
  
• SharePoint site provisioning

Hands-on experience is the best way to reinforce theoretical learning.

4. Use Practice Exams

Use practice tests from reliable sources such as MeasureUp, Whizlabs, or ExamTopics. These simulate the format and difficulty of real MS-102 questions. Use them to:

• Identify weak areas
  
• Improve time management
  
• Build confidence

Microsoft 365 Compliance and Data Governance

Compliance in Microsoft 365 ensures that organizations meet regulatory, legal, and organizational standards. The platform offers powerful tools to protect sensitive data, manage records, and maintain privacy across workloads.

Microsoft Purview Compliance Portal

The Microsoft Purview Compliance Portal (formerly Compliance Center) serves as the central interface for managing compliance-related solutions. Within this portal, admins can access:

• Data loss prevention (DLP)
  
• Information protection
  
• Insider risk management
  
• Audit logs
  
• eDiscovery
  
• Communication compliance

Understanding how to navigate and use this portal is a key exam requirement.

Data Loss Prevention (DLP)

DLP policies help prevent the unintentional sharing of sensitive data such as Social Security numbers, credit card numbers, or health records. These policies can be applied to:

• Exchange Online
  
• SharePoint Online
  
• OneDrive for Business
  
• Microsoft Teams chat

DLP policies consist of:

• Conditions (e.g., content contains credit card numbers)
  
• Actions (e.g., block sharing, notify user)
  
• User notifications and incident reports

Admins should also understand how to test policies in simulation mode and view DLP reports in the compliance portal.

Sensitivity Labels and Information Protection

Microsoft Information Protection (MIP) helps classify and protect documents and emails based on their sensitivity. Sensitivity labels allow for actions such as:

• Encrypting content
  
• Applying watermarks or headers
  
• Restricting who can open or forward a file
  
• Requiring user justification for content access

Admins create labels in the compliance portal and publish them via label policies to selected users or groups. Sensitivity labels integrate with Office apps, SharePoint, and OneDrive.

Retention Policies and Labels

Retention ensures that important information is preserved and irrelevant data is disposed of securely. Admins can configure:

• Retention policies that apply across Microsoft 365 (e.g., keep emails for 7 years)
  
• Retention labels that users or systems apply to specific content (e.g., “HR Records – Retain 10 years”)

Retention policies can apply to Exchange mailboxes, SharePoint sites, Teams chats, and OneDrive.

eDiscovery

Microsoft Purview provides powerful eDiscovery tools to support legal or compliance investigations:

• Content Search for finding emails or documents across M365
  
• eDiscovery (Standard) for exporting results
  
• eDiscovery (Premium) for case management, custodians, and legal holds

Admins must understand how to create eDiscovery cases, apply legal holds, review audit logs, and export content.

Audit and Insider Risk Management

Audit logs record user and admin actions across Microsoft 365, helping organizations investigate suspicious behavior or respond to compliance incidents. Insider risk policies allow detection of:

• Data leaks
  
• Intellectual property theft
  
• Sabotage by disgruntled employees

Admins can configure policies, investigate alerts, and take actions such as blocking user access or notifying security teams.

Microsoft 365 Threat Protection and Security

Microsoft 365 includes advanced threat protection capabilities designed to secure identities, endpoints, emails, and data against attacks like phishing, malware, and ransomware.

Microsoft Defender for Office 365

Defender for Office 365 protects Exchange Online, Teams, SharePoint, and OneDrive against threats. Key features include:

• Safe Links: Scans URLs in emails and Office documents
  
• Safe Attachments: Opens email attachments in a sandbox to detect malware
  
• Anti-phishing policies: Uses machine learning to detect spoofing and impersonation
  
• Attack simulation training: Conducts phishing simulations and user training

Admins can configure protection policies, review threat explorer reports, and create action rules for suspicious activity.

Microsoft Defender for Endpoint

This endpoint security solution helps detect and respond to threats across Windows, macOS, Android, and iOS devices. It provides:

• Endpoint detection and response (EDR)
  
• Threat and vulnerability management
  
• Attack surface reduction rules
  
• Integration with Microsoft Intune and Azure AD

Admins must onboard devices, configure threat response automation, and monitor alerts in the Microsoft Defender portal.

Microsoft Entra ID Protection

Formerly part of Azure AD, Microsoft Entra ID Protection helps detect identity-based risks such as:

• Sign-ins from unfamiliar locations
  
• Impossible travel scenarios
  
• Password spray or brute-force attempts

Admins can configure risk policies that enforce actions like MFA or blocking sign-ins when risk is detected.

Conditional Access

Conditional Access (CA) policies control access to Microsoft 365 based on signals such as:

• User or group
  
• Device compliance
  
• Location or risk level
  
• Application being accessed

For example, admins can require MFA if a user signs in from an unmanaged device or a risky IP address.

Conditional Access is central to Zero Trust and a critical topic on the MS-102 exam. You should know how to create, prioritize, exclude, and troubleshoot policies.

Automation and PowerShell in Microsoft 365

PowerShell is essential for automating tasks and managing Microsoft 365 at scale. The MS-102 exam includes scripting and automation tasks across services.

PowerShell Modules for Microsoft 365

There are several PowerShell modules relevant to Microsoft 365 administration:

• Microsoft.Graph — the unified API for most Microsoft 365 services
  
• ExchangeOnlineManagement — for Exchange Online mailboxes, groups, and transport rules
  
• MSOnline (deprecated) — legacy module for identity management
  
• AzureAD and AzureADPreview — for managing users, groups, devices, and directory roles

Admins should understand how to connect, authenticate, and use cmdlets to:

• Create and license users
  
• Reset passwords
  
• Manage distribution groups
  
• Export reports
  
• Configure mailbox settings

Automating with Microsoft Graph and Power Automate

Power Automate (formerly Flow) allows admins to build no-code workflows to automate processes like:

• Auto-approving access requests
  
• Escalating DLP violations
  
• Creating Teams channels on the new SharePoint site creation

While Power Automate isn’t heavily emphasized on MS-102, familiarity with how it complements PowerShell and Graph API is valuable.

Real-World Scenarios for Microsoft 365 Admins

To prepare for MS-102, it’s helpful to think through real-world admin scenarios:

Scenario 1: Onboarding New Users

• Create user accounts in Microsoft 365 or sync them from AD
  
• Assign licenses (e.g., M365 E3)
  
• Add users to groups
  
• Apply Conditional Access policies (e.g., require MFA)

Scenario 2: Offboarding Departing Employees

• Block sign-ins
  
• Convert the mailbox to a shared mailbox.
  
• Revoke sessions and reset the password.d
  
• Transfer OneDrive data to the manager.
  
• Remove licenses

Scenario 3: Securing External Collaboration

• Enable B2B collaboration in Azure AD
  
• Configure SharePoint/OneDrive external sharing policies
  
• Create sensitivity labels with encryption for external recipients.
  
• Use Conditional Access to limit access from unmanaged devices

Scenario 4: Responding to a Data Leak

• Search audit logs for user activity
  
• Use Content Search to find leaked documents.
  
• Apply DLP policies to prevent further leaks.s
  
• Notify compliance officers
  
• Place user content under legal hold (if needed)

Scenario 5: Investigating a Phishing Attack

• View Threat Explorer in Microsoft Defender for Office 365
  
• Trace email headers and delivery
  
• Quarantine or remove malicious messages
  
• Block sender domain in anti-spam policies.
  
• Train users with phishing simulations

These scenarios reflect the practical skills needed to manage a Microsoft 365 tenant — exactly what the MS-102 exam assesses.

Final MS-102 Exam Tips and Recap

Know What to Expect

• Exam length: ~60 questions
  
• Time limit: 120 minutes
  
• Passing score: 700/1000
  
• Format: Multiple choice, drag-and-drop, case studies

Key Areas to Focus On

• Managing identities and access with Microsoft Entra
  
• Configuring security and compliance (Purview, Defender)
  
• Supporting Microsoft 365 workloads (Teams, Exchange, SharePoint, Intune)
  
• Monitoring service health and usage
  
• Using automation tools (PowerShell, Graph)

Microsoft 365 Tenant Configuration and Core Services

Setting up and managing your Microsoft 365 tenant is a foundational task for administrators. The MS-102 exam requires you to understand how to configure, customize, and secure the environment using the Microsoft 365 admin center and related tools.

When setting up a new Microsoft 365 tenant, you must select a tenant name such as contoso.onmicrosoft.com and configure the default domain. You will also need to add and verify any custom domains like contoso.com. A global admin account must be assigned, and it’s important to set your regional settings, such as timezone and language preferences, early in the setup process. The primary tools used for these tasks include the Microsoft 365 admin center and the Microsoft Entra admin center, formerly known as Azure Active Directory.

Each core service has its configuration options. For example, Microsoft 365 Groups requires decisions about naming conventions, expiration policies, and guest access. SharePoint Online includes settings related to external sharing, site storage limits, and retention. Exchange Online requires configuration of mail flow rules, accepted domains, and connectors, while Microsoft Teams needs to be set up with appropriate meeting policies, guest permissions, and external access.

Customizing the Microsoft 365 experience enhances user satisfaction and security. You can set up your organization profile to reflect accurate company information and branding. Azure AD branding allows you to customize sign-in experiences with your logo and colors. You can also create company-wide email signatures and integrate tools like Microsoft Viva for employee engagement and well-being.

User, Group, and License Management

Managing users, groups, and licenses is a critical daily task in a Microsoft 365 environment. There are multiple ways to create users in Microsoft 365. You can add them manually through the admin portal, upload user details in bulk using CSV files, or synchronize with your on-premises Active Directory using Microsoft Entra Connect. For automation, PowerShell and the Microsoft Graph API are powerful options.

Understanding the types of groups available in Microsoft 365 is essential. Microsoft 365 Groups, also called Unified Groups, are used for collaboration and are tightly integrated with Teams, SharePoint, and Planner. Security groups are used to assign permissions to resources, and mail-enabled security groups add email capabilities to traditional security groups. Distribution groups are used solely for email communication within large teams or departments.

Licenses can be assigned manually to individual users or automatically through group-based licensing. Each license consists of service plans, such as Exchange Online or Microsoft Teams. You must also monitor license availability and resolve issues like location mismatches or conflicting service plans. PowerShell commands are often used to automate and troubleshoot license assignments.

Monitoring, Reporting, and Service Health

The Microsoft 365 admin center provides tools to monitor service health, user adoption, and activity trends. The Service Health Dashboard shows the current operational status of services like Exchange, Teams, and SharePoint. It includes incident updates, maintenance notices, and a history of past service disruptions. Admins can receive email alerts or use the Microsoft 365 Admin mobile app for real-time monitoring.

The platform offers several reports to help administrators understand user behavior and service adoption. The Productivity Score provides insights into how people collaborate and whether the technology meets organizational goals. In the Reports section, you’ll find detailed usage metrics for Exchange, SharePoint, OneDrive, and Teams. Microsoft Viva Insights adds deeper analysis of meeting behavior and collaboration trends.

The Message Center plays a key role in helping administrators stay informed. It delivers messages about upcoming feature changes, policy updates, deprecations, and critical tasks that require admin action. Reviewing these messages regularly is important for maintaining a healthy, compliant tenant.

Troubleshooting and Support Tools

Administrators must be equipped to resolve issues across various Microsoft 365 services. Built-in tools such as the Microsoft 365 Support Assistant guide admins through common troubleshooting steps, while the support request portal allows direct communication with Microsoft engineers. A network connectivity checker is available to diagnose internet routing and latency problems.

Audit logs provide visibility into user activity and administrative changes. The unified audit log, accessible through Microsoft Purview, captures events across Exchange, SharePoint, Teams, and other services. Sign-in logs and risk detections are available in the Microsoft Entra admin center to help investigate login failures or suspicious behavior. Exchange message trace helps track mail flow and diagnose email delivery issues.

Common issues include users being unable to sign in, which may be caused by incorrect credentials, disabled accounts, or Conditional Access policies. If a license cannot be assigned, it may be due to a missing location or a conflict between service plans. Email delivery problems often involve misconfigured SPF, DKIM, or DMARC records. Teams meeting issues can stem from Exchange calendar sync problems or restrictive Teams policies. OneDrive access problems may involve file permissions, DLP rules, or sharing settings.

MS-102 Review and Cram Strategy

The MS-102 exam covers several core domains, including identity management, security, compliance, Microsoft 365 workloads, and monitoring. You should focus most of your study time on identity and workload management, as these account for the largest portions of the exam.

In the final week before the exam, dedicate each day to a specific area. Begin with Microsoft Entra ID and user management, followed by security tools like Microsoft Defender and Conditional Access. Then review compliance solutions like Purview and eDiscovery. Spend a day on managing Exchange, SharePoint, and Teams, and another on automation with PowerShell and Microsoft Graph. On the sixth day, review reporting tools and troubleshooting scenarios. On the final day, take a full practice exam and reinforce weak areas.

To succeed on the exam, you should be able to interpret real-world scenarios and determine the correct Microsoft 365 feature or policy to apply. Know the differences between portal-based management and PowerShell. Familiarize yourself with all admin centers and how they interact. Pay close attention to compliance capabilities, especially audit logging, retention policies, and legal holds. Review the latest features and service announcements in the Message Center, as Microsoft may test awareness of recent changes.

Additional Resources for Success

To reinforce your preparation, use Microsoft Learn’s guided modules for MS-102, which are free and frequently updated. You can also join the Microsoft 365 Developer Program to gain access to a free tenant with E5 licenses for testing. Many instructors offer video courses and walkthroughs of key topics on YouTube. Practice exams from providers like Whizlabs, MeasureUp, and ExamTopics can help you gauge your readiness.

With a strong grasp of Microsoft 365 identity, workload management, compliance, security, and administration, you are well prepared to take and pass the MS-102 exam. By understanding both the theoretical and practical aspects covered in this guide, you are ready to take on the responsibilities of a Microsoft 365 Administrator and achieve your certification.

Final Thoughts 

Earning the Microsoft 365 Certified: Administrator Associate certification by passing the MS-102 exam is a significant achievement that validates your ability to manage, secure, and troubleshoot Microsoft 365 environments. It’s more than just memorizing features—it’s about applying Microsoft 365 tools and services in real-world scenarios.

Success on this exam requires both depth and breadth. You need a strong understanding of identity and access management, know how to configure and monitor services like Exchange Online, SharePoint, and Teams, and be comfortable working with compliance features such as retention policies and audit logs. Being familiar with automation tools like PowerShell and the Microsoft Graph API is also essential for efficiency and advanced tasks.

Here are a few key reminders as you wrap up your preparation:

• Prioritize the high-weight topics like user and group management, security, and service configuration.
  
• Practice hands-on in a real or demo tenant. Experience is often the best teacher.
  
• Use Microsoft Learn and other trusted resources to reinforce your understanding.
  
• Review recent Microsoft 365 updates, as the exam may include new features or changes.
  
• Take practice exams to simulate the test environment and identify weak spots.

Finally, go into the exam with confidence. The MS-102 isn’t just a test of your knowledge—it’s a reflection of your practical skills as a Microsoft 365 administrator. If you’ve studied with intention, practiced real-world scenarios, and kept up to date with Microsoft’s evolving ecosystem, you’re ready.