A financial services firm is deploying Microsoft 365 E5 and needs to secure access to an on-premises legacy application that uses header-based authentication. The firm wants to leverage Microsoft Entra ID for modern authentication (MFA, Conditional Access) and provide single sign-on (SSO) for users. The on-premises network is connected to Azure via a site-to-site VPN. Which Microsoft Entra service should be deployed to meet these requirements?
A global logistics company uses Microsoft 365 and has offices in regions with strict data residency requirements. They have deployed Microsoft Entra Cloud Sync to synchronize identities from multiple disconnected on-premises Active Directory forests. An administrator needs to prevent the synchronization of users from a specific organizational unit (OU) in their German forest that contains temporary service accounts. How can this be achieved with the least administrative effort using Microsoft Entra Cloud Sync?
A healthcare organization is using Microsoft Defender for Endpoint P2. To minimize the attack surface, they want to prevent unsigned or untrusted processes from running from USB removable drives on all clinical workstations. Which Microsoft Defender for Endpoint feature should be configured to enforce this policy?
True or False: When configuring a Microsoft 365 retention policy for a SharePoint site, applying the policy at the site level prevents individual users from deleting items within a document library if the policy has a retention period.
**Case Study: Weyland-Yutani Corporation** **Company Background:** Weyland-Yutani Corporation is a multinational conglomerate with a significant investment in off-world colony development. They have 50,000 employees globally and a hybrid Active Directory environment. Their on-premises Active Directory (AD) is named `weyland.corp` and they have a verified domain `w-y.com` in their Microsoft 365 E5 tenant. Identity synchronization is managed by Microsoft Entra Connect Sync, with Password Hash Synchronization enabled. **Current Situation:** The corporation's security team has detected suspicious sign-in activity. Analysis of Microsoft Entra sign-in logs shows multiple failed login attempts from anonymous IP addresses targeting high-privilege accounts, followed by a successful sign-in from an unfamiliar location for one of the accounts. The successful sign-in occurred for a user who is a member of the 'Colony Admin' role-assignable security group. This group is used to grant administrative permissions to a critical Azure application. **Security Requirements:** 1. Administrators must only be able to activate their privileged roles when needed, and for a limited duration. 2. Activation of a privileged role must require justification and an optional approval workflow. 3. High-risk sign-ins detected by Microsoft Entra ID Protection must automatically trigger a requirement for multi-factor authentication and force a password reset. 4. Membership in the 'Colony Admin' group must be reviewed quarterly by the group owners. **Problem:** You are a Microsoft 365 administrator tasked with implementing a solution that meets all the security requirements to prevent a similar incident in the future. Which combination of services and configurations provides the most comprehensive solution?
A new Microsoft 365 administrator is reviewing the organization's network connectivity to Microsoft 365 services. In the Microsoft 365 admin center, they navigate to Health > Network connectivity. They observe a low network connectivity score for the Chicago office, with specific issues related to high TCP latency. The administrator needs to identify the recommended network egress point for optimal connectivity from the Chicago office. What should the administrator check in the Network connectivity tool?
A manufacturing company uses Microsoft 365. The legal department requires that all email communications related to a specific project, codenamed 'Project Titan', be preserved for 10 years, regardless of user actions. The project involves members from multiple departments. The solution must ensure that the preserved data is discoverable. What is the most appropriate tool to meet this requirement?
A consultant is reviewing a company's Microsoft Secure Score. They notice a significant number of points can be gained by implementing an improvement action titled 'Enable policy to block legacy authentication'. The company is concerned this will break an essential on-premises line-of-business application that uses SMTP AUTH to send email notifications. What is the recommended approach to implement the improvement action while maintaining application functionality?
During a tenant-to-tenant migration, an administrator needs to invite a large number of users from the source tenant (`source.com`) as guests into the destination tenant (`dest.com`). To streamline the process, the administrator wants to use the bulk invite feature in Microsoft Entra ID. The PowerShell command to initiate this is `New-AzureADMSInvitation`. Which file format is required to upload the user information for the bulk invite? `Invite-User -InvitedUserEmailAddress -InviteRedirectUrl -SendInvitationMessage $true -InvitedUserDisplayName ` Wait, the question is asking about bulk invites, not a single user invite. Let me re-evaluate the question and cmdlet. The PowerShell cmdlet for bulk operations is different. The portal uses a specific file format. The question is about the file format for the portal's bulk invite feature. Let me correct the question context. The administrator is using the Microsoft Entra admin center's bulk user invite feature. What is the required format for the file containing the user data to be uploaded?