You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains an Azure AD enterprise application named App1.A contractor uses the credentials of user1@outlook.com.You need to ensure that you can provide the contractor with access to App1. The contractor must be able to authenticate as user1@outlook.com.What should you do?
Answer(s): A
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-add-guest-users-portal https://docs.microsoft.com/en-us/powershell/module/azuread/new-azureadmsinvitation?view=azureadps-2.0
You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users.From the Groups blade in the Azure Active Directory admin center, you assign Microsoft 365 Enterprise E5 licenses to the users.You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort.What should you use?
Answer(s): D
The Set-MsolUserLicense cmdlet updates the license assignment for a user. This can include adding a new license, removing a license, updating the license options, or any combination of these actions.Note:There are several versions of this question in the exam. The question has two possible correct answers:1. the Licenses blade in the Azure Active Directory admin center2. the Set-MsolUserLicense cmdletOther incorrect answer options you may see on the exam include the following:- the Identity Governance blade in the Azure Active Directory admin center- the Set-WindowsProductKey cmdlet- the Set-AzureAdGroup cmdlet
https://docs.microsoft.com/en-us/powershell/module/msonline/set-msoluserlicense?view=azureadps-1.0
You have a Microsoft Entra tenant named contoso.com that contains an enterprise application named App1.A contractor uses the credentials of user1@outlook.com.You need to ensure that you can provide the contractor with access to App1. The contractor must be able to authenticate as user1@outlook.com.What should you do?
HOTSPOT (Drag and Drop is not supported) You have an Azure Active Directory (Azure AD) tenant and an Azure web app named App1.You need to provide guest users with self-service sign-up for App1. The solution must meet the following requirements:-Guest users must be able to sign up by using a one-time password.-The users must provide their first name, last name, city, and email address during the sign-up process.What should you configure in the Azure Active Directory admin center for each requirement? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/identity-providers https://docs.microsoft.com/en-us/azure/active-directory/external-identities/self-service-sign-up-overview
You have an Azure Active Directory (Azure AD) Azure AD tenant.You need to bulk create 25 new user accounts by uploading a template file.Which properties are required in the template file?
Answer(s): C
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/users-bulk-add
Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant.Users sign in to computers that run Windows 10 and are joined to the domain.You plan to implement Azure AD Seamless Single Sign-On (Azure AD Seamless SSO).You need to configure the Windows 10 computers to support Azure AD Seamless SSO.What should you do?
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
HOTSPOT (Drag and Drop is not supported) Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains computers that run Windows 11.You have a Microsoft 365 E5 subscription.You plan to enable hybrid join and enroll the computers in Microsoft Intune.You need to recommend the software that should be deployed to the domain, and the actions that should be performed in Intune.What should you include in the recommendation? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.
DRAG DROP (Drag and Drop is not supported) You need to resolve the recent security incident issues.What should you configure for each incident? To answer, drag the appropriate policy types to the correct issues. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point.Select and Place:
Box 1: A user risk policy User-linked detections include:Leaked credentials: This risk detection type indicates that the user's valid credentials have been leaked. When cybercriminals compromise valid passwords of legitimate users, they often share those credentials.User risk policy.Identity Protection can calculate what it believes is normal for a user's behavior and use that to base decisions for their risk. User risk is a calculation of probability that an identity has been compromised. Administrators can make a decision based on this risk score signal to enforce organizational requirements. Administrators can choose to block access, allow access, or allow access but require a password change using Azure AD self-service password reset.Box 2: A sign-in risk policy Suspicious browser: Suspicious browser detection indicates anomalous behavior based on suspicious sign-in activity across multiple tenants from different countries in the same browser.Box 3: A sign-in risk policy A sign-in risks include activity from anonymous IP address: This detection is discovered by Microsoft Defender for Cloud Apps. This detection identifies that users were active from an IP address that has been identified as an anonymous proxy IP address.Note: The following three policies are available in Azure AD Identity Protection to protect users and respond to suspicious activity. You can choose to turn the policy enforcement on or off, select users or groups for the policy to apply to, and decide if you want to block access at sign-in or prompt for additional action.* User risk policyIdentifies and responds to user accounts that may have compromised credentials. Can prompt the user to create a new password.* Sign in risk policyIdentifies and responds to suspicious sign-in attempts. Can prompt the user to provide additional forms of verification using Azure AD Multi-Factor Authentication.* MFA registration policyMakes sure users are registered for Azure AD Multi-Factor Authentication. If a sign-in risk policy prompts for MFA, the user must already be registered for AzureAD Multi-Factor Authentication.
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policies
Share your comments for Microsoft SC-300 exam with other users:
very helpfull
relevant questions