Microsoft MS-700 Microsoft 365 Certified: Teams Administrator Associate Exam Dumps and Practice Test Questions Set 1 Q1-20

Visit here for our full Microsoft MS-700 exam dumps and practice test questions.

Question 1:

Which approach gives the most flexible, carrier-independent solution for integrating an existing on-premises telephony infrastructure with Microsoft Teams while retaining full control over routing and regulatory compliance?

A) Configure Teams Direct Routing with an SBC and enable PSTN connectivity for users.
B) Use Microsoft Calling Plans assigned to each user for PSTN access.
C) Deploy Cloud Voicemail only and rely on SIP trunking from on-premises PBX.
D) Enable Operator Connect for PSTN services and assign numbers via the Teams admin center.

Answer: A)

Explanation: 

Configure Teams Direct Routing with an SBC and enable PSTN connectivity for users.
This approach uses Session Border Controllers (SBCs) to connect an organization’s existing telephony trunking (SIP trunks) to Microsoft Phone System. It gives administrators granular control over call routing, number management, codec negotiation, and local regulatory compliance. Because the organization owns and operates the SBC(s), it can implement call recording, media bypass, emergency routing rules, and custom routing policies. Direct Routing supports complex hybrid scenarios, such as selective call routing to legacy PBX systems, multi-site deployments, and integration with third-party telephony features. The carrier independence is preserved because the enterprise can choose any certified SBC and interconnect to one or more SIP trunk providers.

Use Microsoft Calling Plans assigned to each user for PSTN access.
Calling Plans are a Microsoft-managed PSTN service that simplifies procurement and number assignment. While easy to deploy, Calling Plans are region-limited and tied to Microsoft’s carrier partners; they offer less flexibility for custom routing and may not meet all regulatory or contractual requirements. Calling Plans reduce control over the underlying carrier and are not the best fit when an organization needs to maintain existing carrier relationships, specialized routing, or complex on-premises PBX coexistence.

Deploy Cloud Voicemail only and rely on SIP trunking from on-premises PBX.
Cloud Voicemail is a feature providing centralized voicemail storage and transcription, but by itself it does not provide PSTN connectivity to Teams. Relying solely on on-premises SIP trunking without integrating Teams through Direct Routing leaves users unable to place/receive PSTN calls from the Teams client natively. This approach fails to meet the integration requirement and does not provide a carrier-independent Teams-PSTN solution.

Enable Operator Connect for PSTN services and assign numbers via the Teams admin center.
Operator Connect offers an intermediate model: operators connect directly into Microsoft’s network and Microsoft handles much of the provisioning. This simplifies telco procurement and integration but still ties you to specific operator services. While Operator Connect offers greater simplicity than Calling Plans and less operational overhead than Direct Routing, it does not provide the same level of control over SBCs, custom routing, or regulatory configuration as a self-managed Direct Routing deployment.

The question asks for the most flexible, carrier-independent solution that preserves control over routing and regulatory compliance. Direct Routing (A) meets these criteria by allowing organizations to deploy and manage their own SBCs, maintain existing carrier relationships, and implement advanced routing and regulatory controls. Calling Plans and Operator Connect simplify management but reduce carrier independence and control. Cloud voicemail alone is not a PSTN integration method. Therefore, Direct Routing is the best fit for the described requirements.

Question 2:

Which combination best ensures that external guests cannot download sensitive files shared in a private channel while internal users can still collaborate normally?

A) Create a Teams messaging policy that restricts file sharing and apply it to specific users.
B) Configure Conditional Access to block all file downloads from unmanaged devices.
C) Enable sensitivity labels and apply AIP encryption to Teams channels.
D) Disable guest access in the Teams admin center.

Answer: C)

Explanation:

Create a Teams messaging policy that restricts file sharing and apply it to specific users.
Messaging policies control features like chat, GIFs, and file sharing but are relatively coarse-grained. Applying a messaging policy to restrict file sharing can prevent certain users from uploading or sharing files, but it affects collaboration capabilities broadly and is difficult to target specifically at guest users without also impacting internal users. Messaging policies are useful for feature gating but are not the best mechanism to selectively prevent guests from downloading already-shared sensitive content while allowing internal collaboration.

B) Configure Conditional Access to block all file downloads from unmanaged devices.
Conditional Access can enforce device compliance and block or grant access to Microsoft 365 services based on device state, location, and risk. Blocking downloads from unmanaged devices helps reduce data exfiltration risk from noncompliant devices, but it doesn’t specifically target guest accounts or control downloads from managed devices. Conditional Access is a strong layer for device-based controls, but it cannot by itself enforce content protection or granular guest download restrictions within Teams content.

C) Enable sensitivity labels and apply AIP encryption to Teams channels.
Sensitivity labels, in combination with Microsoft Purview (formerly AIP), allow administrators to classify and protect content. Labels can apply encryption, restrict access to specific groups, prevent guest access to content, and control actions like download, print, or copy. Applying sensitivity labels at the Teams site (SharePoint site that backs the channel) or to documents ensures that guests cannot decrypt or download protected files unless explicitly granted rights. This method is the most precise and robust for protecting sensitive files while preserving normal collaboration for permitted internal users.

D) Disable guest access in the Teams admin center.
Disabling guest access is a blunt instrument: it removes guests entirely, which achieves the goal of preventing guests from downloading files but at the cost of removing any guest collaboration. The requirement is to stop guests from downloading sensitive files while still allowing internal collaboration. Fully disabling guest access is overkill and usually impractical.

The best way to prevent external guests from downloading sensitive files while preserving internal collaboration is to apply content protection capabilities—sensitivity labels and AIP encryption (C). Sensitivity labels can restrict download and access at the document or container level and can be scoped to exclude internal users as needed. Messaging policies (A) can complement this by restricting guest sharing behaviors, but they are not sufficient alone. Conditional Access (B) provides device-level controls and is a valuable additional control, but it doesn’t provide the content-level protection asked for. Disabling guest access (D) would work but contradicts the need to allow guest collaboration in other contexts. Therefore, the primary control should be sensitivity labels with AIP, optionally combined with targeted messaging policies and Conditional Access for layered defense.

Question 3:

A) Use Teams Admin Center to create a meeting policy that disables recording for all users.
B) Configure a retention policy in Microsoft Purview to delete all meeting recordings after 1 day.
C) Set up a DLP policy to prevent recordings from being uploaded to SharePoint.
D) Assign a meeting policy that allows recording only for specific security groups.

Which approach lets you restrict who can record meetings while retaining recordings for compliance when recording is allowed?

Answer:D)

Explanation:

A) Use Teams Admin Center to create a meeting policy that disables recording for all users.
This approach is very restrictive and globally disables recording across the tenant. While it meets the goal of preventing unauthorized recordings, it does not allow selective recording for users or groups who need it for compliance, training, or legal reasons. Global disablement is blunt and may hinder legitimate business needs.

B) Configure a retention policy in Microsoft Purview to delete all meeting recordings after 1 day.
A retention policy controls how long content is retained and when it is deleted, which addresses the retention component but not the authorization of who is allowed to record. Deleting recordings after one day might satisfy some privacy needs, but it would also undermine compliance requirements that need longer retention periods. Retention policies should complement recording controls but are not sufficient to control who can initiate recordings.

C) Set up a DLP policy to prevent recordings from being uploaded to SharePoint.
DLP is designed to detect and prevent sharing of sensitive content, but preventing meeting recordings from being stored in SharePoint/OneDrive is impractical since Teams stores recordings there. Blocking uploads would break the recording workflow and is not the intended use of DLP. DLP can restrict sharing of sensitive content within recordings, but it does not authoritatively control recording permissions.

D) Assign a meeting policy that allows recording only for specific security groups.
Meeting policies in Teams can be scoped via policy assignment to users or groups, enabling administrators to permit or prohibit meeting recording on a per-user basis. By assigning a recording-allowed meeting policy to a narrow set of users (for example, compliance officers or a training team), you can control who can start recordings. Combined with Purview retention policies configured to retain recordings for the required compliance period, this approach lets authorized users record and ensure those recordings are retained appropriately. Additionally, auditing and eDiscovery tooling can be used to surface recorded content for review.

The requirement is selective recording control plus retention for compliance. Assigning meeting policies targeted to specific groups (D) directly controls recording permissions while allowing administrators to configure retention separately in Microsoft Purview. Other choices either over-restrict (A), only address retention (B), or misapply DLP (C). Therefore, policy assignment at user/group level combined with retention policies provides the correct, flexible solution.

Question 4:

A) Install the Teams PowerShell module and run Set-CsTeamsMeetingPolicy for the tenant.
B) Use the Microsoft 365 admin center to change Exchange Online mailbox plans.
C) Deploy and configure Teams Rooms devices using Intune and Teams Admin Center.
D) Create a governance policy in SharePoint to manage channel files.

Which action is specifically required to centrally manage and push configuration profiles to physical conference room devices running Microsoft Teams Rooms?

Answer: C)

Explanation: 

A) Install the Teams PowerShell module and run Set-CsTeamsMeetingPolicy for the tenant.
The Teams PowerShell module is essential for many administrative tasks including meeting policies, voice routing, and messaging policies. However, meeting policies apply to users and meetings and are not the mechanism used to centrally manage physical Teams Rooms device configuration profiles such as room display settings, device firmware updates, or device-specific profiles. PowerShell can interact with some device settings, but the standard centralized management for device deployment uses other tools specifically designed for device management.

B) Use the Microsoft 365 admin center to change Exchange Online mailbox plans.
Exchange Online mailbox plans relate to mailboxes and mail licensing; they do not manage Teams Rooms device configurations. While resource mailboxes are used for room calendars and reservation integration, changing mailbox plans is not the method for pushing device configuration or profiles to Teams Rooms hardware.

C) Deploy and configure Teams Rooms devices using Intune and Teams Admin Center.
This is the correct action. Microsoft Intune is the modern device management solution used to enroll and push configuration profiles, firmware updates, and compliance settings to Teams Rooms devices. The Teams Admin Center provides device-specific management and monitoring capabilities for Teams Rooms—allowing admins to assign device configuration profiles, remote reboot, apply updates, and manage device settings. Together, Intune and Teams Admin Center enable centralized provisioning, policy enforcement, and lifecycle management of physical conference room devices.

D) Create a governance policy in SharePoint to manage channel files.
SharePoint governance policies govern content lifecycle, access, and compliance for files stored in channel sites. These policies do not apply to Teams Rooms device configuration. While SharePoint is important for managing data created in Teams, it’s unrelated to device administration.

Reasoning about the correct answer: The question asks for the specific action required to centrally manage and push configuration profiles to Microsoft Teams Rooms hardware. Intune provides the management channel to enroll devices and deliver configuration profiles and updates, while the Teams Admin Center offers device-focused controls and monitoring. Therefore, deploying and configuring Teams Rooms devices via Intune and the Teams Admin Center (C) is the required approach. Other answers address user/policy or content governance areas that do not directly handle device configuration.

Question 5:

A) Create an app permission policy that blocks tenant-wide custom app uploads.
B) Disable sideloading of apps in the Teams desktop client via group policy.
C) Use App Studio to publish apps privately to the tenant.
D) Assign app setup policies to pin only approved apps for all users.

Which combination of actions best enforces that only curated, approved Teams apps are available and discoverable to end users while preventing installation of unapproved third-party apps?

Answer: A) 

Explanation: 

A) Create an app permission policy that blocks tenant-wide custom app uploads.
App permission policies in Teams allow administrators to control which third-party apps are allowed or blocked across the tenant. By creating a restrictive app permission policy that blocks unapproved apps and custom app uploads, admins prevent users from installing or uploading apps that have not been vetted. This is a foundational control for ensuring only curated apps are permitted.

B) Disable sideloading of apps in the Teams desktop client via group policy.
Sideloading is the process by which users can install custom apps not published in the tenant app catalog. Disabling sideloading helps reduce risk but is client-side and can be circumvented if not paired with tenant-level controls. Group Policy can enforce client behavior on domain-joined Windows machines but does not cover non-domain devices or mobile clients. Relying solely on this is incomplete.

C) Use App Studio to publish apps privately to the tenant.
App Studio is a developer tool used to build and test Teams apps; publishing privately is a possible route but is not an enforcement mechanism by itself. It helps create and register apps, but governance requires policies to control which apps users can discover and install.

D) Assign app setup policies to pin only approved apps for all users.
App setup policies control which apps are automatically pinned and visible in the Teams client. By assigning a global app setup policy that pins only approved apps, administrators guide users toward the curated app set and reduce exposure to foreign apps in the client UI. This improves discoverability of approved apps and complements permission policies.

Reasoning about the correct answer: To prevent installation of unapproved third-party apps and ensure discoverability of approved apps, tenant-level app permission policies (A) are essential because they enforce what can be installed across platforms. App setup policies (D) are complementary because they surface the approved apps to users and reduce the likelihood of them searching for alternative apps. Disabling sideloading (B) is helpful but insufficient alone, and App Studio (C) is a developer tool rather than a governance control. Therefore, the combination led by app permission policies with app setup policies provides the best enforcement and user experience.

Question 6:

Which action ensures that emergency calls dialed from the Teams desktop and mobile clients automatically route with correct location information for each user?

A) Assign a Teams Calling Policy that disables call forwarding for all users.
B) Configure Caller ID policies to mask outbound numbers and display the main switchboard.
C) Deploy Dynamic Emergency Calling with location information correctly mapped.
D) Set up Auto Attendant rules to override user-based dialing behavior.

Answer: C)

Explanation: 

Assigning a Teams Calling Policy that disables call forwarding controls whether users can forward their incoming calls to voicemail or other destinations. Preventing forwarding might help compliance teams maintain call visibility, but it does not influence emergency call routing or location-based services. Disabling forwarding does not improve the accuracy of emergency location mapping, because emergency calling in Teams depends on dynamic location mapping, network identifiers, and emergency address configuration rather than forwarding rules.

Configuring Caller ID policies allows administrators to determine what phone number displays when users make outgoing calls. For example, organizations may mask individual DIDs and instead show a main company number. While this is valuable for privacy and branding, Caller ID policies are not involved in supplying location metadata to emergency services. Emergency calls bypass Caller ID masking and routing rules to allow authorities to receive accurate source information, so modifying Caller ID does not satisfy the requirement of accurate emergency location routing.

Deploying Dynamic Emergency Calling involves registering network identifiers—such as Wi-Fi BSSIDs, IP subnets, and network switches—and mapping them to civic addresses. Teams automatically detects these identifiers when a user initiates an emergency call and attaches the correct location information. This system ensures accurate routing to the Public Safety Answering Point (PSAP). Dynamic Emergency Calling is designed to handle users who move between offices, floors, or buildings. When properly configured, it delivers the user’s real-time location to emergency responders, meeting the requirement described.

Setting up Auto Attendant rules creates automated call flows for routing incoming calls to specific menus, users, or departments. Auto Attendants are unrelated to emergency calling behavior, as emergency dialing is handled outside standard call routing logic. Auto Attendants cannot modify the way emergency calls route, nor can they attach location metadata required by public safety services.

The correct choice is the configuration of Dynamic Emergency Calling. This solution is specifically designed to attach accurate user location to emergency calls and ensure proper routing to emergency services.

Question 7:

What is the best method to ensure students can only chat with approved educators while preventing peer-to-peer chats in a Teams for Education environment?

A) Configure Teams policies to restrict chat for students during school hours.
B) Enable supervised chat and assign appropriate educator roles in Teams for Education.
C) Disable private chats globally for the entire tenant.
D) Apply Communication Compliance policies to monitor student chats.

Answer: B)

Explanation: 

Configuring Teams policies to restrict chat for students during school hours gives administrators the ability to limit when chat features are available. While this can reduce misuse during instructional periods, it does not create a controlled or hierarchical structure for who students can chat with. Limiting availability still allows students to chat with one another when it is enabled, which fails the requirement to restrict communication strictly to approved educators.

Enabling supervised chat is a dedicated Teams for Education feature that allows schools to ensure students can communicate only with assigned educators, not with other students. Educators are given specific supervisory roles that grant them oversight and initiate chats on behalf of students. Without a supervising educator present, students cannot start or continue chats with peers. This method aligns directly with the requirement for structured, educator-controlled communication.

Disabling private chats globally would indeed prevent peer-to-peer chats entirely, achieving half of the goal. However, it would also block educator-student private communication, which is crucial for discussing assignments, providing feedback, or offering individualized help. This over-restriction harms the learning environment by removing beneficial communication channels.

Applying Communication Compliance policies is a post-event review mechanism. It helps organizations detect concerning behavior, monitor interactions, or flag policy-violating communication. However, Communication Compliance does not prevent chats from occurring; it only reviews them afterward. This means students could still chat with one another, and only later would violations be flagged—failing the requirement of prevention.

The best solution is supervised chat because it precisely enforces the rule that students may communicate only with authorized educators, while preventing student-to-student interactions.

Question 8:

Which approach provides the strongest protection for highly confidential Teams meetings, ensuring content cannot be easily captured or misused?

A) Configure Teams device settings to require meeting attendees to wait in the lobby.
B) Enable watermarking and disable recording within the meeting policy.
C) Use Advanced Meeting Protection with end-to-end encryption policies.
D) Assign a compliance recording policy to monitor all call sessions.

Answer: B)

Explanation: 

Configuring device or meeting settings to require attendees to wait in the lobby focuses on controlling who can enter the meeting. While this strengthens control of participant access, it does not prevent sensitive content from being captured, recorded, or copied once someone is inside the meeting. Lobby controls help manage entry but not content protection.

Watermarking and disabling recording within the meeting policy is specifically designed to protect sensitive meeting content. Watermarking overlays the viewer’s email address or user information onto the meeting video stream. Because each attendee sees a personalized watermark, it discourages screenshots or screen recordings, as any leak can be traced to a specific user. Disabling recording eliminates one of the easiest capture mechanisms. Combining both gives a strong deterrent against information leakage.

Using Advanced Meeting Protection with end-to-end encryption enhances security by protecting meeting content while in transit, preventing unauthorized interception. However, encryption does not stop attendees themselves from capturing or sharing content. It prevents external interception but not internal leakage. Therefore, while valuable for confidentiality, it does not meet the stated requirement as well as watermarking plus recording restrictions.

Assigning a compliance recording policy ensures meetings and calls are recorded for regulatory oversight. This is a requirement for financial institutions and similar industries but is the opposite of what you want when protecting content from being captured. Compliance recording mandates capture rather than preventing it. Thus, it does not fit the requirement of preventing misuse or unauthorized replication of sensitive meeting content.

Watermarking combined with disabling recording provides the strongest method for limiting the capture and misuse of sensitive meeting content.

Question 9:

Which action most effectively ensures high-quality, real-time audio and video performance for Teams users across a large enterprise network?

A) Configure Teams bandwidth policies using the Teams admin center.
B) Implement Quality of Service (QoS) with DSCP marking on the organization’s network.
C) Require all Teams users to connect through a VPN for consistent routing.
D) Disable video in Teams to reduce bandwidth usage.

Answer: B)

Explanation: 

Configuring Teams bandwidth policies in the admin center can limit or shape certain meeting and media behaviors. However, these policies are client-side and mainly control maximum bandwidth usage rather than guaranteeing quality. For example, you can cap video bitrate, but this does not enforce priority over network congestion. As such, bandwidth policies do not ensure high-quality performance when the network is under load.

Implementing Quality of Service (QoS) with DSCP marking assigns prioritized network categories to real-time media (voice, video, screen sharing). Enterprise networks that honor DSCP markings allow Teams media packets to be prioritized ahead of standard traffic during congestion. This results in fewer dropped packets, reduced latency, and smoother audio/video streams. QoS is the industry-standard solution for ensuring real-time quality on large networks and the only option that directly prioritizes Teams traffic end-to-end.

Requiring all Teams users to connect through a VPN is counterproductive. VPN tunnels typically introduce additional latency, bottlenecks, and bandwidth constraints due to encryption overhead and centralized routing. Teams is designed to use Microsoft’s global edge network directly, and forcing VPN usage often degrades—not improves—performance.

Disabling video in Teams reduces bandwidth but at the cost of functionality. It does not guarantee improved audio performance and negatively affects collaboration. Disabling a major collaboration feature is not an appropriate way to solve network performance problems.

The best solution is to implement QoS with DSCP, ensuring Teams media traffic is properly prioritized throughout the enterprise network.

Question 10:

Which action ensures Teams chat and channel messages are preserved for the exact duration required by compliance regulations?

A) Use Retention Policies to delete all chat messages after 1 day.
B) Configure eDiscovery to search and export messages when needed.
C) Apply Retention Labels to preserve Teams messages for regulatory requirements.
D) Enable archiving in Exchange Online for Teams chats.

Answer: C)

Explanation: 

Using Retention Policies to delete all chat messages after one day is overly aggressive and does not align with most compliance requirements. Regulatory retention often mandates message preservation for years, and deleting messages too quickly risks violating those obligations. Retention Policies can preserve data, but deleting after a day does not match compliance preservation needs.

Configuring eDiscovery allows legal teams to search, place holds, and export Teams data when litigation or investigations arise. However, eDiscovery does not itself preserve messages for a specified period. Without retention configuration in place, data may be deleted before eDiscovery needs it. Therefore, eDiscovery is a discovery tool, not a preservation mechanism.

Applying Retention Labels to preserve Teams messages enables very precise control over how long messages must be retained. Retention labels can be assigned automatically or manually and ensure that data cannot be deleted before the mandated time. This aligns directly with compliance requirements and provides auditability. Retention Labels pair with retention policies to guarantee message preservation and controlled deletion.

Enabling archiving in Exchange Online provides additional storage for emails but does not affect Teams chat or channel messages. Teams messages are stored in different workloads (Exchange for chats and SharePoint for channels), but archiving mailboxes alone does not enforce compliance retention for Teams.

Retention Labels are therefore the correct method to ensure preservation according to regulatory duration requirements.

Question 11: 

You need to configure a solution that ensures Teams meeting recordings created by managers are automatically retained for seven years, while all other user recordings are retained for only one year. What should you implement?

A) Create two separate retention policies with user scoping.
B) Create a single retention policy applied to the entire tenant.
C) Configure a Teams meeting policy to control retention per user group.
D) Use SharePoint library settings to enforce retention on the recordings folder.

Answer: A)

Explanation:

Creating two separate retention policies mapped to specific user groups is the only method that allows different retention durations for different recording owners. Retention policies in Microsoft Purview can target users or SharePoint sites. Meeting recordings are stored in OneDrive or SharePoint depending on whether they were created in a meeting or channel, so scoping by user group ensures that the policy applies specifically to the location where their personal meeting recordings reside. For managers, assigning a policy configured to retain content for seven years aligns with compliance needs, while general users can be assigned a separate policy allowing retention for only one year. Microsoft Purview processes these policies automatically, ensuring correct retention for each group without manual intervention. This provides precise control and is the recommended Microsoft approach for differentiated recording retention across multiple user roles.

Creating a single retention policy for the entire tenant applies the same retention duration to all recordings, which does not meet the requirement. A tenant-wide policy cannot selectively apply different durations, so managers and other users would be treated the same. This approach lacks the flexibility needed to adhere to regulatory differences across teams.

Configuring a Teams meeting policy does not manage retention. Meeting policies control behaviors such as recording permissions, who can start recordings, and meeting features, but they do not determine how long recordings are stored or protected. Retention is governed only by Microsoft Purview, not by Teams policies.

Using SharePoint library settings is insufficient because user meeting recordings stored in OneDrive are not governed by SharePoint settings. Library retention controls can apply to a specific SharePoint site, but they cannot differentiate content for managers versus other users stored across individual user OneDrive accounts.

Therefore, the correct solution is to create two separate retention policies, properly scoped to distinct user groups, ensuring recordings from managers are retained for seven years while others are retained for one year.

Question 12: 

Your organization wants to allow external collaboration with a partner company in Teams while ensuring partner users cannot access internal channels or files unless explicitly invited. What should you configure?

A) Enable Teams federation but disable guest access.
B) Enable guest access and assign restricted access through team membership.
C) Disable federation but enable external sharing in SharePoint.
D) Enable external access and allow anonymous user collaboration.

Answer: B)

Explanation: 

Enabling guest access and assigning restricted access through team membership is the correct approach when the goal is to allow external partner collaboration but ensure they cannot access internal channels or data unless intentionally added. Guest access allows external users to be invited into specific teams or channels, giving admins granular control over what content they can access. If they are not added to a team, they cannot see its channels or its underlying SharePoint files. This aligns perfectly with the requirement for controlled, invitation-based collaboration.

Enabling Teams federation but disabling guest access allows partner users to chat and call internal users but does not let them collaborate within Teams channels or access shared files. Federation is limited to communication—not collaboration—so this configuration fails the requirement where partner users must be allowed to collaborate on content when explicitly invited.

Disabling federation but enabling external sharing in SharePoint allows file-level sharing but does not integrate into Teams collaboration. This approach bypasses channel membership control and introduces separate file-sharing workflows that are harder to manage. It meets neither the need for structured collaboration nor the protection of internal Teams content.

Enabling external access and allowing anonymous user collaboration is overly permissive and does not support secure content sharing. Anonymous users cannot be managed through Teams membership, and they cannot be given selective access to private channels. This approach introduces risk and cannot meet the requirement of controlled access.

Question 13: 

A department is requesting detailed call analytics for troubleshooting voice quality issues for their 150 employees. They want department managers to access analytics for only their team members. What should you configure?

A) Grant manages the Teams Communications Admin role.
B) Enable scoped admin roles for Call Quality Dashboard.
C) Generate monthly CQD reports and email them manually.
D) Assign managers the Global Reader role.

Answer: B)

Explanation:

Enabling scoped admin roles for the Call Quality Dashboard (CQD) is the correct approach when specific managers must access call analytics for only their team members. CQD supports scoped access through Azure AD administrative units, allowing you to limit what data a manager can view based on the users included in that specific unit. Using this method, each manager sees analytics for only their employees rather than the entire tenant. This respects privacy boundaries and aligns with the departmental requirement for targeted troubleshooting.

Granting managers the Teams Communications Admin role gives access to call analytics for the entire tenant. This is excessively broad and does not meet the requirement to limit access to only their department. It also presents security concerns by exposing call data for the whole organization.

Generating monthly CQD reports manually is not scalable for 150 employees and does not allow real-time­ troubleshooting. Manual distribution of reports introduces delays, increases administrative overhead, and fails to provide managers with ongoing access to analytics dashboards required for continuous monitoring.

Assigning managers the Global Reader role gives read-only access across the tenant but still exposes data for all users. It does not provide any scoping mechanism and therefore cannot restrict data visibility to only department employees.

Question 14: 

Your company wants to prevent users from sending messages to everyone in a large Teams channel during incident communication. Only selected leads should be allowed to post updates. What should you implement?

A) Assign a messaging policy that disables channel posting for all users.
B) Configure channel moderation and set the leads as moderators.
C) Create a private channel and move all users into it.
D) Disable chat for the incident response team.

Answer: B)

Explanation: 

Channel moderation is the correct solution because it allows only selected individuals—designated moderators—to post messages while all other channel members are restricted from posting. This provides a controlled communication environment, ideal for incidents where communication must remain clear, authoritative, and centralized. Moderation ensures that channel members can follow updates without being overwhelmed by nonessential messages from other users.

Assigning a messaging policy that disables channel posting for all users would remove posting privileges across all channels for those users, not just within the incident channel. Messaging policies apply across the tenant and cannot be scoped to a single channel, making them too broad and disruptive to normal collaboration outside the incident environment.

Creating a private channel and moving all users into it does not prevent users from posting messages. Private channels simply restrict access but do not provide granular posting controls. All members can still post unless moderation is applied. Moving users also causes disruption and complicates channel organization.

Disabling chat for the incident response team is overly restrictive and would prevent essential one-to-one communication. Chat disabling is a tenant- or user-level policy and cannot be applied selectively within a specific team or channel. It also does not address channel posting behavior.

Question 15: 

You must ensure that Teams Phone users can still make internal extension calls during a WAN outage at a remote site with an on-premises PBX. Which solution should you deploy?

A) Enable Location-Based Routing.
B) Configure Survivable Branch Appliance (SBA).
C) Set up Direct Routing with media bypass disabled.
D) Implement Operator Connect at the remote site.

Answer: B)

Explanation: 

A Survivable Branch Appliance (SBA) is specifically designed to ensure continued internal calling capabilities, including extension-to-extension calls, when a WAN outage occurs. SBAs integrate with Direct Routing and provide local call processing through an SBC and registrar. During WAN outages, clients at the remote site register to the SBA instead of the Microsoft cloud, enabling local PSTN and internal PBX-based calling. Once connectivity is restored, registration automatically switches back to the cloud. This capability meets the requirement for continued internal calling during outages.

Enabling Location-Based Routing controls how PSTN calls are routed based on network location. Although useful for compliance with telecommunications regulations, it does not maintain calling functionality during WAN failures and cannot provide survivability.

Setting up Direct Routing with media bypass disabled still relies on cloud connectivity. During a WAN outage, clients cannot register or signal through the cloud, meaning internal calling does not survive. Media bypass affects media path optimization, not survivability.

Implementing Operator Connect depends entirely on cloud registration and cannot provide survivability during WAN outages. Operator Connect has no local survivability features and is therefore unsuitable for remote sites requiring continuity.

Thus, deploying an SBA is the correct approach to maintain internal extension calling during WAN disruptions.

Question 16: 

Your company wants to prevent sensitive HR documents shared in Teams channels from being downloaded to unmanaged devices. What should you configure?

A) A Conditional Access policy with session controls for SharePoint and Teams.
B) A DLP policy preventing sharing of HR files.
C) A Teams messaging policy that disables file downloads.
D) An Exchange transport rule with attachment restrictions.

Answer: A)

Explanation: 

A Conditional Access policy using session controls is the best approach because it allows you to enforce restrictions specifically on unmanaged devices. By applying session controls through Continuous Access Evaluation or Microsoft Defender for Cloud Apps, you can enable features like “block download” while still permitting in-browser viewing. This protects HR documents while allowing legitimate users to access content from devices that meet compliance standards. Because Teams channels store files in SharePoint, the session control applies uniformly to both Teams and SharePoint experiences.

A DLP policy helps prevent sharing sensitive HR data outside approved channels, but DLP does not block downloads for unmanaged devices. It detects and restricts data loss but cannot enforce device-based restrictions on document access.

A Teams messaging policy does not control file download behavior. Messaging policies configure chat and messaging features, such as who can edit or delete messages, but they do not regulate file access at the SharePoint layer where Teams files reside.

An Exchange transport rule applies only to email and does not impact Teams channel files stored in SharePoint. Therefore, transport rules cannot address the download behavior in Teams.

Thus, implementing Conditional Access with session controls is the correct choice for blocking downloads on unmanaged devices.

Question 17: 

You need to ensure that all Microsoft Teams Rooms devices automatically receive security updates, configuration profiles, and compliance checks. What should you implement?

A) Configure Windows Update for Business on each device manually.
B) Use Intune enrollment with Teams Rooms device profiles.
C) Manage devices exclusively from the Teams Admin Center.
D) Apply group policies from Active Directory to each device.

Answer: B)

Explanation: 

Intune enrollment with Teams Rooms device profiles is the correct solution because Intune provides centralized device management, compliance enforcement, security policy deployment, and configuration delivery. With Intune, you can create configuration profiles specifically tailored for Teams Rooms, ensuring all devices receive the latest security updates, application policies, Wi-Fi configurations, certificates, and compliance checks. Intune also provides monitoring, reporting, and remediation capabilities that ensure Teams Rooms devices remain compliant.

Configuring Windows Update for Business manually on each device does not scale well. While it ensures Windows patches are applied, it does not manage Teams Rooms configurations, meeting policies, security baselines, or compliance settings. This approach lacks comprehensive management capabilities.

Managing devices exclusively from the Teams Admin Center gives visibility into device health, firmware status, and call quality, but does not provide complete configuration management. The Teams Admin Center cannot enforce compliance or distribute OS-level updates, Wi-Fi settings, or certificates.

Applying group policies via Active Directory is limited to domain-joined environments and does not offer full lifecycle management. Group policies cannot deliver security updates, enforce compliance, or manage modern device attributes required for Teams Rooms. Modern management through Intune is the recommended Microsoft approach.

Thus, using Intune with Teams Rooms profiles is the most complete and scalable solution.

Question 18: 

Your legal team needs the ability to search, hold, and export Teams 1:1 chats of specific users for an ongoing investigation. What should you configure?

A) Teams meeting policies.
B) eDiscovery (Premium) case with user holds.
C) Communication Compliance policies.
D) A retention label that auto-deletes chats after 30 days.

Answer: B)

Explanation: 

An eDiscovery (Premium) case with user holds is the correct solution because it allows legal investigators to search, preserve, and export Teams 1:1 chats. User holds ensure that all relevant content is preserved even if users delete their messages. eDiscovery provides the tools necessary for keyword searching, conversation reconstruction, and exporting the data in a legally defensible format. This aligns precisely with the requirements of an investigation needing access to targeted user chats.

Teams meeting policies do not control access to historical chats nor support searching or exporting them. Meeting policies focus on meeting behavior, not on investigative search or legal holds.

Communication Compliance is a monitoring tool designed to detect inappropriate or policy-violating communication. While useful for HR review or employee monitoring, it does not provide legal hold capabilities nor does it allow comprehensive export of historical chats.

A retention label set to auto-delete chats after 30 days runs contrary to the legal requirement to retain content for investigation. Applying such a label could delete evidence and put the organization at legal risk. Retention labels help preserve or delete content based on compliance rules but are not the right tool for targeted discovery.

Thus, eDiscovery (Premium) with user holds is the appropriate way to preserve, search, and export Teams 1:1 chats.

Question 19:

A remote manufacturing site has poor internet bandwidth. Users complain that video freezes frequently in Teams meetings. Which action will improve call stability without removing core meeting functionality?

A) Disable video entirely in Teams.
B) Enable bandwidth control via meeting policies.
C) Implement QoS tagging across the corporate network.
D) Force all users to join meetings via VPN.

Answer: C)

Explanation: 

Implementing QoS tagging across the corporate network is the most effective method for improving Teams call stability. QoS prioritizes real-time traffic such as audio and video so that it receives bandwidth preference over standard traffic. In bandwidth-constrained environments like remote sites, QoS ensures audio and video packets are processed ahead of less time-sensitive data. This directly reduces jitter, packet loss, and freezing, significantly improving user experience without disabling key meeting functionality.

Disabling video entirely would reduce bandwidth usage but removes an essential collaboration feature. It sacrifices functionality instead of optimizing network performance and negatively impacts user experience.

Enabling bandwidth control via meeting policies allows administrators to limit maximum video bitrate. However, this does not guarantee stability in congested networks. It simply caps usage and does not prioritize traffic when bandwidth is scarce.

Forcing all users onto a VPN generally worsens performance. VPNs reroute traffic, add encryption overhead, and create bottlenecks. This will likely increase latency and packet loss, worsening the meeting experience.

Thus, QoS tagging is the correct choice for improving quality without sacrificing functionality.

Question 20: 

You want to allow users to schedule webinars in Teams but prevent them from enabling public registration. Only internal attendees should be able to register. What should you configure?

A) A meeting policy disabling webinars.
B) A Teams events policy limiting registration to internal users.
C) A sensitivity label that blocks public meetings.
D) A Teams app permission policy that blocks Forms integration.

Answer: B)

Explanation:

A Teams events policy that limits registration to internal users is the correct solution because it allows webinars to be created while restricting registration to authenticated users from within the organization. Events policies can disable public registration links, require organizational sign-in, and control who can view or register for the event. This ensures internal-only access without removing users’ ability to schedule webinars.

Disabling webinars entirely with a meeting policy prevents users from scheduling them at all, contradicting the requirement to allow webinar creation.

A sensitivity label that blocks public meetings applies to meeting content and access classification but does not control webinar registration behavior. Sensitivity labels help enforce data handling policies, not event registration settings.

Blocking Forms integration through an app permission policy is unrelated to webinar registration. Forms can be used for surveys or polls, but it is not responsible for webinar registration capabilities.

Thus, configuring a Teams events policy with internal-only registration is the correct solution.