Interview Questions & Answers

1.Tell me about yourself.

"My name is Rehan Alam, and I recently relocated from Mumbai to Kolkata with my family and
joined Capgemini as a B2 Consultant, bringing with me 5.5 years of experience as an Office 365
and Exchange Online admin.

In my previous roles, I was part of the operations team, providing L1 and L2 support to clients
both remotely and on-site. I also deployed fresh Office 365 solutions at client sites and led a
successful migration from G Suite to Office 365 for 120 users. Additionally, I’ve completed two
global Microsoft 365 fundamental certifications and one Nexthink fundamental certification.

2.Tell about your previous work experience or day to day activities in previous company.
• I have over five years of experience working with Office 365 and Exchange Online across
three different companies. In my most recent role as a Cloud Consultant, I was responsible
for providing support to clients who purchased managed services from our company. This
involved end user troubleshooting issues.
• In my past I also deploy Microsoft 365 for client and trained them or their IT support to use
and access Microsoft 365 tools and services.

3.What is connector?
• A connector in Microsoft 365 is a tool that links different apps and services, allowing them
to share information. For example, it can bring updates from apps like Trello or Twitter into
Microsoft Teams, helping users stay informed without switching between tools.

4.What is the port number of IMAP, POP3, SMTP and MAPI?

• IMAP: 143 (or 993 for secure IMAP over SSL/TLS)
• POP3: 110 (or 995 for secure POP3 over SSL/TLS)
• SMTP: 25 (or 587 for secure SMTP over SSL/TLS)
• MAPI: 7830
• HTTP: 80
• HTTPS: 443
 5.How many PowerShell commands you know?

Description Command
Install Azure AD Module Install-Module AzureAD
Install Exchange Online Module Install-Module -Name
ExchangeOnlineManagement
Connect Exchange Online Connect-ExchangeOnline
List All Users Get-MsolUser
Mailbox details for all users Get-Mailbox
Mailbox details for specific user Get-Mailbox [email protected]
List All Groups Get-UnifiedGroup
Get All License Get-MsolAccountSku
Get specific user Get-MsolUser -UserPrincipalName
[email protected]
Delete User Remove-MsolUser -UserPrincipalName
[email protected]

6.What if you delete.OST from system? Is this impact to your outlook profile?
• Temporary Data Loss: The .OST file stores offline copies of your emails, calendar,
and other data. Deleting it means you’ll lose access to this offline data until Outlook
rebuilds the file.
• Rebuilding the OST: When you reopen Outlook, it will automatically create a new
.OST file and sync your data from the server. This can take some time, depending on
the amount of data.
• No Permanent Impact: Your Outlook profile and settings remain intact. You won’t
lose any emails or data stored on the server.

In summary, while deleting the .OST file can temporarily disrupt your access to
offline data, it won’t harm your overall Outlook profile.

7.What is the max size of .OST in your system?

• Outlook 2010 and later: The default maximum size is 50 GB. However, this can be
increased to 100 GB by modifying the registry settings.
• Outlook 2007 and earlier: The maximum size is 20 GB.
8.How many migrations type of On-Prem to o365?
For migrating from an on-premises Exchange server to Exchange Online (Microsoft 365), you
can choose one of the following migration types:
• Remote Migration: Used to migrate from “non-Microsoft platforms to Microsoft
365”.
• Cutover Migration: Best for small organizations (typically fewer than 150
mailboxes). This type moves all mailboxes at once and is suitable for a quick
transition.
• Staged Migration: Suitable for medium-sized organizations (more than 150
mailboxes) that need to migrate mailboxes in batches over time. This allows for a
more controlled migration process.
• Hybrid Migration: Best for large organizations or those wanting to maintain some
mailboxes on-premises while migrating others to Exchange Online. This method
allows for a seamless coexistence between on-premises and cloud environments.

9.How to trace mail using PowerShell?

• Install Exchange Online Module of it not installed = install-module -name
ExchangeOnlineManagement
• Connect Exchange Online = connect-ExchangeOnline
• Mail Trace = Get-MessageTrace -StartDate -EndDate

10.How to block domain or sender?

• Sign in to the Microsoft 365 security center.
• Navigate to Email & collaboration.
• Go to Policies & rules > Threat policies.
• Under Policy > Anti-spam.
• Edit the Default policy or create a new one.
• Under Blocked senders and domains, add the domain or sender.

11.How Autodiscover works?

Autodiscover is a feature that helps email programs, like Outlook, automatically find and set up
their connection to Exchange servers. Here is how it works:

• User Setup: When you start setting up your email, Outlook looks for server settings.
• DNS Lookup: Outlook checks the internet for specific addresses to find the
Autodiscover service.
• Information Retrieval: The Autodiscover service sends back the necessary settings,
like server names and security info.
• Automatic Configuration: Outlook uses this information to configure itself without
needing you to enter details manually.
12.How many level checks in Autodiscover?

Autodiscover in Microsoft Exchange typically has four levels of checks:

• Service Connection Point (SCP): Checks Active Directory.

• DNS Lookup: Looks for DNS records (e.g., autodiscover.yourdomain.com).
• HTTP Redirects: Follows any HTTP redirects to the Autodiscover endpoint.
• Legacy Exchange Backoff: Uses fallback methods for older Exchange versions.

13.What is DKIM, DMARC and SPF record?

1. SPF (Sender Policy Framework)
• What it is: A method to prevent email spoofing.
• How it works: When you send an email, SPF checks if the email is coming from a
trusted source (like your email server). If it is, the email gets delivered; if not, it might
be marked as spam or blocked.

2. DKIM (DomainKeys Identified Mail)

• What it is: An email authentication method.
• How it works: When you send an email, DKIM adds a unique digital signature to it.
When the recipient's email service gets the email, it checks the signature to make
sure it matches the sender's domain. If it matches, the email is trusted; if not, it
might be flagged as spam or suspicious.

3. DMARC (Domain-based Message Authentication, Reporting & Conformance)

• What it is: A policy that combines SPF and DKIM.
• How it works: It tells receiving servers what to do if an email fails SPF or DKIM
checks (e.g., reject, quarantine). It also allows domain owners to receive reports
about email authentication results.

Summary
• SPF: Defines who can send emails for your domain.
• DKIM: Adds a digital signature to verify email integrity.
• DMARC: Provides policies for handling emails that fail SPF or DKIM checks and
allows reporting.

14.Have you heard about Teams voice call feature?

• For this feature Microsoft 365 E5 or Microsoft 365 Business Voice License are
required.
• Users can be assigned a direct phone number within Teams. This can be done
through the Microsoft Teams admin center.
• Users can make calls by entering a phone number directly into the Teams app or
selecting contacts from their directory.
• Calls can be made to other Teams users or to external numbers (landlines and
mobiles).
 • Users receive calls directly in the Teams app, whether from other Teams users or
external numbers.

15.What is a difference between teams and channel in Microsoft teams?

• A team is a collection of people working together on a common project or goal.
• A channel is a specific area within a team focused on a particular topic, project, or
activity.
• Type of Team Channel:
▪ Public Channel: Visible to all member Team members,
▪ Private channel: Visible to only selected members of teams who have
access to view to the channel.

16.What is the difference between E1, E3 and E5 License?

17.What is cutover migration?

• Cutover migration is a method to move all mailboxes from an on-premises Exchange server
to Microsoft 365 at once. It’s ideal for small to medium organizations, involves minimal
downtime, and is simple to set up. After migration, DNS records need to be updated to
direct email to the new server.

18.In hybrid scenario what type of migration we choose in exchange online?

• For hybrid mailbox migration, use staged migration to move mailboxes in batches while
maintaining a hybrid environment.

19.What we use to get all users details using PowerShell?

• Get-MsolUser
 20.How hybrid mail flow works?
• Mail Routing: Emails sent to users in the on-premises Exchange server or Exchange Online
are routed based on the recipient’s location.
• DNS Records: Domain Name System (DNS) records direct email traffic. Typically, the MX
(Mail Exchange) record points to the on-premises server, which handles inbound mail.
• Transport Layer: The on-premises server can forward emails to Exchange Online for cloud
users and vice versa.
• Shared Features: Both environments can use features like shared calendars and contacts,
making it easier for users to collaborate.

21.What is centralised mail flow?

• In centralized mail all incoming and outgoing mail handle by centralized mail server.
• The centralized mail server can filter spam and apply security measures to all mail.

22.What if you delete .pst from your profile?

• Data Loss: All emails, contacts, and calendar items in that file will be permanently
lost.
• Access Issues: Outlook may show errors if that file was set as the default data file.
• No Recovery: You can't recover the data unless you have a backup.

Summary: Deleting a .pst file results in permanent loss of its data and potential errors in Outlook.

23.What if you have an access of share mailbox and you can also able to see that shared
mailbox on profile but if you tried to send mail using that shared mailbox that send mail
go to your personal send items folder instead of shared mailbox send item folder?
• Ensure you have the correct permissions. You should have “Send As” or “Send on
Behalf” permissions for the shared mailbox.
• You can manually change the "From" address to the shared mailbox when
composing an email.
• If you're using Outlook, an additional setting in the Windows registry may be
required to save sent items in the shared mailbox. Click here to see that article.

24..OST get corrupted even after repair .OST by using system .OST repair tool issue not
getting fixed, how you resolved this issue?
• Delete and rebuild .OST
• Update Outlook
• Creating new profile
25.How to configure “Multi-Factor Authentication” and why it is important?
❖ Configuring MFA in Office 365
• Sign In: Go to admin.microsoft.com and log in as an admin.
• Active Users: Click on Users, then select Active users.
• MFA Settings: Click on multi-factor authentication at the top.
• Enable MFA: Select users to enable MFA for and click Enable.
• User Setup: Users will set up MFA during their next login (options include
Authenticator app, text message, or phone call).
• Conditional Access (optional): Set policies for MFA based on conditions like
location.
❖ Importance of MFA
• Enhanced Security: Adds a second layer of protection against unauthorized
access.
• Phishing Protection: Mitigates risks even if passwords are compromised.
• User Confidence: Increases trust in your organization’s security measures.

26.A user facing outlook connectivity issue how you resolve this issue?
❖ End user level Troubleshooting:
• Check internet connection,
• Restart Outlook,
• Update outlook,
• Test in safe mode,
• Go to File > Account Settings > Account Settings. Ensure the account settings
(incoming/outgoing servers) are correct.
• Repair outlook from control panel,
• Disable add-in,
• Try to access outlook on web,
• Check firewall and antivirus settings,
• Create new profile,
• Configure the same account on different machine corporate/personal.
• Delete and reinstall outlook,
❖ Admin level troubleshooting:
• Check service help,
• Check user license,
• Check user sign-in status,
• Check user email app settings from O365 admin center > Users > Active Users > Username
> Mail > Email App and make sure MAPI is enabled.
• If still facing the issue raise a ticket to Microsoft.
 27.What EOP and It is feature?

EOP stands for Exchange Online Protection. It is a cloud-based email filtering service provided
by Microsoft as part of Office 365 and Microsoft 365 subscriptions. EOP helps protect
organizations from various email threats, including:

Key Features of EOP:

• Spam Filtering: Identifies and filters out unwanted emails, reducing clutter in users'
inboxes.
• Malware Protection: Scans incoming emails for malicious attachments and links, blocking
them before they reach the user.
• Phishing Protection: Detects and blocks phishing attempts that seek to steal user
credentials or sensitive information.
• Policy Enforcement: Allows administrators to create rules and policies for email flow,
including quarantine settings and content filtering.
• Reporting and Analytics: Provides insights into email traffic, threat detection, and user
activity, helping organizations monitor and improve security.
• Integration with Microsoft 365: Seamlessly works with other Microsoft services, enhancing
overall security and management.

Importance of EOP:

EOP is crucial for safeguarding organizational communication, ensuring compliance, and

protecting sensitive data from cyber threats. By implementing EOP, businesses can significantly
enhance their email security posture.

28.What is conditional access policy? Explain its features and benefits?

Conditional Access is a feature in Azure Active Directory that enforces access policies based on
specific conditions. Here are the key features:

Key Features

• User Targeting: Apply policies to specific users or groups.

• Location-Based Access: Control access based on geographic locations or IP addresses.
• Device Compliance: Ensure only compliant devices can access resources.
• Application Policies: Set rules for specific applications based on their sensitivity.
• Risk-Based Access: Require additional authentication for high-risk sign-ins.
• Session Controls: Manage user sessions with conditions for reauthentication.
• MFA Enforcement: Mandate Multi-Factor Authentication based on specific triggers.
• Reporting: Monitor and analyze access attempts and policy enforcement.

Benefits

• Enhanced Security: Protects sensitive data with strict access controls.

• Flexibility: Customizes access based on user needs.
• Improved User Experience: Minimizes disruptions while maintaining security.
 • Compliance: Helps meet regulatory requirements.

In essence, Conditional Access strengthens security while providing a tailored user experience.

29.What is the purpose of Postmaster?

In Microsoft 365, the postmaster email address (e.g., [email protected]) serves key
purposes:

• Email Delivery Issues: Receives alerts about undeliverable messages and delivery
problems.
• Domain Management: Helps manage email routing and policies for the domain.
• Spam and Abuse Reports: Used by providers to report spam or abuse related to the
domain.
• Compliance: Ensures the organization can be contacted regarding email
communication issues.
• Email Authentication Support: Involved in managing SPF, DKIM, and DMARC settings.

30.Can we customise postmaster mails?

“While you can't change its core functions, you can customize how you manage these
responsibilities within Microsoft 365.”

Customization Options

• Create a Mailbox: Set up a dedicated shared or user mailbox for

[email protected].
• Auto-Reply Messages: Configure automatic replies to provide guidance.
• Email Forwarding: Forward emails to another mailbox (e.g.,
[email protected]).
• Email Rules: Create rules to organize incoming messages.
• Monitor Activity: Regularly check the mailbox for important communications.

31.What is dynamic distribution list?

A dynamic distribution list in Exchange Online is an email group that automatically updates its
members based on user attributes, like department or location. It saves time by ensuring the
right people receive emails without manual updates.

32.What is the difference between dynamic DL and DL in Microsoft 365?

• Dynamic Distribution List (DL): Automatically updates its members based on specific
criteria (e.g., user attributes: Location, Department etc).
• Static Distribution List: Requires manual management; members must be added or
removed by an administrator.

Dynamic DLs adjust automatically, while static DLs do not.

 33.What is guest user and how to add guest user in Microsoft 365?

A guest user in Microsoft 365 is an external user invited to collaborate within your organization.

• How to Add a Guest User:

• Go to Azure Active Directory in the Azure portal.
• Click on Users > New guest user.
• Enter the guest's email and send the invitation.
• The guest accepts the invitation via email.
• Once accepted, they can access shared resources as permitted.

34.What is transport rule in exchange online?

A transport rule in Exchange Online is a policy that allows you to control the flow of email messages
in your organization. These rules can be used to apply specific actions based on various conditions,
such as the sender, recipient, subject, or content of the message.

Example of a Transport Rule:

Block emails with specific keywords:

• Condition: If the email subject contains "Confidential."

• Action: Reject the message and notify the sender.

35.What is Quarantine Center in M365?

The Quarantine Center in Microsoft 365 temporarily holds suspicious emails identified as
spam, phishing, or malware. Administrators can review, release, or delete these messages,
helping to protect users from harmful content.

36.How Quarantine works in M365?

• Scanning Emails: Incoming emails are scanned for spam-by-spam confidential level,
phishing, and malware.
• Flagging Suspicious Emails: Emails identified as harmful are moved to quarantine.
• Notifications: Users and admins are notified about quarantined messages.
• Review and Action: Admins can review, release, or delete quarantined emails.
• Retention: Quarantined emails are held for a set period before deletion.

This process helps protect users from harmful content while allowing for management
oversight.
 37.For how many day’s mails would be available in quarantine center?
• By default, it set to 30 days, but you can extend it to 90 days.

38.What is SCL (Spam Confidential Level) in M365?

SCL (Spam Confidence Level) in Microsoft 365 is a score from 0 to 9 that indicates how likely an
email is to be spam.

• 0-1: Likely not spam

• 2-4: Possibly spam
• 5-6: Likely spam
• 7-9: Definitely spam

Higher scores may lead to emails being filtered into junk or quarantined, helping to improve email
security.

39.What is DLP (Data Loss Prevention)?

DLP stands for Data Loss Prevention. It is a set of tools and strategies in Microsoft 365
designed to protect sensitive information from being shared or leaked outside the
organization. DLP policies can identify, monitor, and control the movement of sensitive
data, such as credit card numbers or personal information, across emails and files.

40.How to trace mails in Microsoft 365?

• Sign in to the Admin Center with an admin account.
• Go to Exchange Admin Center > Mail flow > Message trace.
• Click Start a trace, enter your search criteria (sender, recipient, date), and click Search.
• View the results to check the email's delivery status.

41.Can we trace mail longer than 90 days?

No, you can only trace emails for up to 90 days in Microsoft 365 using Message Trace.
For older emails, you may need to use Azure Audit logs or Exchange Online PowerShell,
which might have longer retention options.

42.What is Azure AD/Entra AD connect tool?

• Entra AD Connect is a tool that helps link your on-premises user accounts with Azure
Active Directory (the cloud version). It allows users to access both local and cloud
resources using the same login details, making it easier to manage and use their
accounts across both systems.

43.What is Single Sign-On (SSO)?

• Single Sign-On (SSO) is an authentication process that allows users to log in once and
access multiple applications without needing to enter their credentials again. It
simplifies the user experience and enhances security by centralizing login
management.
 • An example of Single Sign-On (SSO) in Microsoft is using your Microsoft account to
access services like Outlook, OneDrive, and Microsoft Teams. Once you log in to your
Microsoft account, you can seamlessly switch between these applications without
having to enter your password again.

44.How SSO works?

• Login: You enter your username and password on the SSO portal.
• Token Creation: The system verifies your credentials and creates a token (a secure
identifier).
• Access: This token is used to automatically log you into other connected applications
without re-entering your password.

In short, SSO simplifies your login experience by using one set of credentials for multiple
apps.

45.What is password hash synchronization?

Password Hash Synchronization in Entra AD Connect is a feature that allows users to use
the same password for both their on-premises Active Directory and Azure Active Directory.

46.What is ATP (Advanced Treat Protection) and What license require for ATP?
• ATP (Advanced Threat Protection) is a Microsoft 365 security solution that protects
organizations from cyber threats like phishing and malware. It includes features like
scanning emails for harmful links and attachments, providing real-time protection, and
offering threat intelligence insights to enhance overall security.
• E5 license require for ATP, or you can also purchase ATP add on license with E3.

47.Difference between EOP and ATP?

EOP (Exchange Online Protection)

• Basic Protection: Filters out spam and malware in emails.

• Functionality: Primarily blocks unwanted emails before they reach your inbox.

ATP (Advanced Threat Protection)

• Enhanced Security: Protects against advanced threats like phishing and sophisticated
malware.
• Features: Includes Safe Links, Safe Attachments, and real-time threat detection.

Summary

In short, EOP provides basic email filtering, while ATP offers advanced protection against more
complex threats.
 48.What is audit log and how to turn it on?

An audit log in Microsoft 365 records actions and activities taken by users in the system, helping
administrators track changes and ensure security.

How to Turn It On:

• Sign in to the Microsoft 365 Admin Center with an admin account.

• Go to Security > Compliance Center.
• In the left menu, select Audit.
• Click Start recording user and admin activities.
• Once enabled, the audit log will begin capturing user activities across Microsoft 365
services.

49.Is mobile app authenticator applied to specific user or entire organization?

• The mobile authenticator app can be applied at both the user level (individual accounts)
and the organization level (enforced by admins for all users) in Microsoft 365 or we can also
apply this to specific group of people. This allows for flexible security settings based on
needs.

50.What are the types of cloud?

The three main types of cloud computing are:
• Public Cloud: Services are shared and accessible over the internet (e.g., AWS, Azure).
• Private Cloud: Services are dedicated to a single organization, offering more control and
security.
• Hybrid Cloud: Combines public and private clouds for flexibility and scalability.

51.What are the types of DNS records?

• MX Record: Tells where to send emails for a domain (the mail server).
• CNAME Record: Lets one domain point to another domain (like a nickname for a website).
• TXT Record: Stores text information for various purposes, like verifying domain ownership.
• A Record: Links a domain name to its IP address (like a home address for websites).
• SRV Record: Specifies where to find specific services (like chat or voice) etc.

52.What is the difference between MS Office. O365 and M365?

MS Office

• What it is: Desktop software suite (e.g., Word, Excel).

• Access: One-time purchase, primarily offline.

Office 365 (O365)

• What it is: Subscription service that includes MS Office and cloud features.
• Access: Regular updates, cloud storage, and online collaboration.
Microsoft 365 (M365)

• What it is: Comprehensive solution that includes Office 365 plus additional services like
Windows and security tools.
• Target: Designed for businesses needing productivity and security solutions.

In short, MS Office is standalone software, O365 is a subscription with cloud features, and
M365 includes everything plus extra services.

53.What is the difference between On-premises Active Directory and Azure Active
Directory.

On-Premises AD:

• Where it is: Installed on local servers in your office.

• What it does: Manages users and devices within your company's network.

• How you access it: Works best when you are connected to the office network.

Azure AD:

• Where it is: A cloud service managed by Microsoft.

• What it does: Helps you log into online apps and services, like Office 365, and allows for
features like single sign-on.

• How you access it: Can be accessed from anywhere, making it great for remote work.

Summary

In short, on-prem AD is for local network management, while Azure AD is for managing access
to online services from anywhere.

54.How to push third party application on Azure?

• Sign in to Azure Portal: Use your admin account.
• Navigate to Azure Active Directory: Select "Enterprise applications."
• Add an application: Click on "New application" and choose "Add from the gallery" or "non-
gallery application."
• Configure the App: Enter necessary details and settings for the third-party app, such as
URLs and permissions.
• Assign Users: Select which users or groups can access the app.
• Set Up Single Sign-On (if needed): Configure SSO settings for easier access.

In short, you add the application in the Azure portal, configure it, and assign users.
 55.How many types of Licenses available in Microsoft 365?

Business Enterprise Education Government Non-profitable

Business Basic E1 A1 Special plans for Discount and special plans for
Business Standard E3 A3 government agencies, nonprofitable organization.
Business Premium E5 A5
Apps for Business

56.Which licenses provide you 100GB mailbox and unlimited archive in M365?
• Exchange P2
• E3
• E5

57.What are the 3 module of Azure AD?

The three main modules of Azure Active Directory (Azure AD) are:

• Identity Management: Manages user identities and authentication.

• Access Management: Controls access to applications and resources with features like
single sign-on (SSO) and conditional access.
• Security and Compliance: Provides security features like multi-factor authentication (MFA)
and auditing for compliance.

These modules ensure secure management of user access and identities in the cloud.

58.What is Azure AD?

• Azure Active Directory (Azure AD) is a cloud service that helps organizations manage who
can access their apps and data. It allows users to log in once to use multiple applications
and adds security features like extra login checks. Essentially, it keeps everything secure
and makes it easier for users to get to the tools they need.

59.As a Teams admin, what task you can perform?

• Manage Users: Add, remove, and modify user accounts and permissions.
• Configure Teams and Channels: Create and manage teams, channels, and settings.
• Set Policies: Define policies for messaging, meetings, and app usage.
• Monitor Usage: View reports on user activity and app usage.
• Manage Apps: Control which third-party apps can be used in Teams.
• Handle Security Settings: Implement security measures like conditional access and data
protection.

60.As a SharePoint Online admin, what task you can perform?

• Manage Sites: Create, delete, and configure SharePoint sites and site collections.
• Set Permissions: Control user access to sites, lists, and libraries.
• Configure Settings: Adjust settings for sharing, security, and compliance.
• Monitor Storage: Track storage usage across SharePoint sites.
• Manage Features: Enable or disable features like versioning, content types, and custom
scripts.
• View Reports: Analyze site usage and user activity reports.
• Integrate with Other Services: Connect SharePoint with other Microsoft 365 services like
Teams and OneDrive.

61.As an Exchange Online admin, what task you can perform?

• Manage Mailboxes: Create, delete, and modify mailboxes.
• Set Permissions: Control access to mailboxes.
• Configure Email Settings: Set up forwarding, distribution lists, and rules.
• Monitor Email Flow: Use message trace to track email delivery.
• Implement Security Measures: Configure anti-spam policies and MFA.
• Manage Policies: Apply retention and archiving policies.
• View Reports: Access mailbox usage and email activity reports.
• Configure Connectors: Set up secure email connectors.
• Manage Mobile Device Access: Control mobile access policies.
• Set Up Compliance Features: Implement eDiscovery and legal hold.
• Integrate with Other Services: Work with Teams and SharePoint.
• Perform Bulk Operations: Use PowerShell for bulk management.

62.What are the different types of groups available in Microsoft 365?

• Microsoft 365 Groups: Used for collaboration, allowing members to access shared
resources like a shared mailbox, calendar, files, and Planner.
• Distribution Lists: Email-based groups for sending emails to multiple users without
collaboration features.
• Security Groups: Used to manage permissions and access to resources like files,
SharePoint sites, and applications.
• Mail-enabled Security Groups: Combine features of security groups and distribution lists,
allowing for email communication while managing access.
• Dynamic Distribution Groups: Automatically update membership based on specific
criteria, such as user attributes.
• Microsoft Teams: Each team created in Microsoft Teams is associated with a Microsoft 365
Group for collaboration.

63.How to release mail from Quarantine.

• Sign in to Microsoft 365 Admin Center: Use your admin account.
• Navigate to Security Center: Go to the Microsoft 365 Defender portal.
• Go to Email & Collaboration: Select Quarantine from the left-hand menu.
• Select the Email: Find the email you want to release from the quarantine list.
• Release the Email: Click on the email, then select the Release message option.
• Confirm Action: Follow any prompts to confirm the release.
64.How to remove license from O365 tenant?
• Sign in to Microsoft 365 Admin Center: Use your admin account.
• Navigate to Billing: Click on Billing in the left-hand menu.
• Select Licenses: Click on Your products to view all licenses.
• Find the License: Locate the license you want to remove.
• Remove the License: Click on the license and select Delete or Remove (the exact wording
may vary).
• Confirm Removal: Follow any prompts to confirm the removal of the license from your
tenant.
Once removed, the license will no longer be available for assignment to users in your
tenant.

65.How many roles are available in M365?

• Global Administrator
• Billing Administrator
• User Administrator
• Service Administrator
• Helpdesk Administrator
• Compliance Administrator
• Security Administrator
• Teams Administrator
• SharePoint Administrator
• Exchange Administrator
• Skype for Business Administrator
• Intune Administrator
• Password Administrator
• Reports Reader
• Azure AD Administrator
• Dynamics 365 Administrator
• Device Administrators
• Power BI Administrator
• Exchange Online Protection Administrator
• SharePoint Service Administrator

66.How outlook works?

• Email Protocols: Uses protocols like IMAP, POP3, and SMTP to send and receive emails.
IMAP keeps emails on the server, while POP3 downloads them.
• Exchange Server: When connected to Microsoft Exchange or Exchange Online, Outlook
syncs emails, calendars, contacts, and tasks in real-time. It relies on MAPI (Messaging
Application Programming Interface) for communication.
• Data Storage: Stores user data in PST or OST files. PST files are used for offline access and
archiving, while OST files are created for cached Exchange accounts.
• Authentication: Uses various authentication methods (like OAuth or Basic Auth) to
securely connect to email servers.
• APIs: Integrates with Microsoft Graph API to access and manage user data across Microsoft
365 services.
• Add-ins and Extensions: Supports add-ins that extend functionality, allowing third-party
integrations for enhanced productivity.

67.What is shared mailbox?

• Collaborative: Ideal for teams, departments, or projects.
• No Separate License: Users can access it without needing a separate license.
• Common Email Address: It has a shared email address (like [email protected]) that
anyone with access can use.
• Shared Calendar: It includes a shared calendar for scheduling meetings.

68.How to create rule in exchange online?

• Go to admin.exchange.microosoft.com and sign-in with admin credentials.
• Go to Mail Flow: In the Exchange Admin Center, click on Mail flow in the left-hand menu.
• Create New Rule (Example):
➢ Click on Rules at the top.
➢ Click the + (plus) icon and select Create a new rule.
• Set Up Rule Details:
➢ Name the Rule: Provide a descriptive name for the rule.
➢ Apply this rule if...: Choose the conditions that trigger the rule (e.g., if the sender is a
specific person).
➢ Do the following...: Select the action to take (e.g., redirect, delete, or modify the
message).
• Add Exceptions (if needed): Specify any exceptions to the rule.
• Set Additional Options: Configure settings like rule activation, priority, or mode (e.g., test
or enforce).
• Save the Rule: Click Save to create the rule.

69.What is DNS?

DNS (Domain Name System) is a system that translates human-readable domain names (like
www.example.com) into IP addresses (like 192.0.2.1) that computers use to identify each other
on the network.

• Example:
• When you send an email to someone at [email protected]:
• Finding the Mail Server: DNS looks up the domain "example.com" to find its mail server
using an MX (Mail Exchange) record.
• Delivering the Email: Once the mail server's IP address is found, the email is sent to that
address.
70.How to convert user mailbox into shared mailbox?

To convert a user mailbox into a shared mailbox in Microsoft 365, follow these steps:

• Sign in to Microsoft 365 Admin Center: Use your admin account.

• Navigate to Users: Click on Active users.
• Select the User Mailbox: Find and click on the user mailbox you want to convert.
• Convert to Shared Mailbox:
➢ In the user details pane, select Mail.
➢ Click on Convert to shared mailbox.
• Confirm Conversion: Follow the prompts to confirm the conversion.
• Remove License (if needed): After conversion, you may want to remove the license from
the user account, as shared mailboxes do not require a separate license.

71.How many channel you can create in Team:

• In Microsoft Teams, you can create up to 200 channels per team. However, the total
number of channels across all teams within a single organization can go up to 30,000
channels.

72.How many members can be a part of single Team?

• In Microsoft Teams, a single team can have up to 25,000 members. This allows for large-
scale collaboration and communication among team members. (Public Channel)
• Private Channels: Each private channel can have up to 250 members. Only selected
members of the parent team can access and participate in private channels.

73.What is group-based licensing and how to perform this activity?

Group-based licensing in Microsoft 365 allows administrators to assign licenses to a group of

users automatically, rather than assigning them individually. This simplifies license
management, especially in large organizations.

• How It Works:
➢ Create a Group: You create a security group in Azure Active Directory (Azure AD).
➢ Assign Licenses to the Group: Assign the desired licenses to that group.
➢ Automatic Assignment: All users in that group automatically receive the assigned
licenses.
• Steps to Perform Group-Based Licensing:
➢ Sign in to Azure Portal: Use your admin account to log in.
➢ Navigate to Azure Active Directory: Click on Azure Active Directory in the left
sidebar.
➢ Create a Group: Go to Groups and click on New group. Choose the group type and
add members.
➢ Assign Licenses: Once the group is created, go to Licenses under the group
settings, and assign the necessary licenses.
➢ Save Changes: Confirm and save your settings.
This method makes it easier to manage licenses as you can add or remove users from the group
without having to change each user’s license individually.

74.What licenses require for group-based licensing feature?

Group-based licensing is available with the following Microsoft 365 plans:

• Microsoft 365 Business Premium

• Microsoft 365 E3
• Microsoft 365 E5
• Microsoft 365 A3 (Education)
• Microsoft 365 A5 (Education)

75.In a staged migration, how many user mailboxes can we migrate as a batch per CSV file?
• In a staged migration, you can migrate up to 1,000 user mailboxes in a single batch
using one CSV file.

76.How many users you can create from O365 admin center using .csv.
• From O365 admin center you can create upto 250 users using per .csv file.

77.How many users you can create from Azure admin center using .csv.
• From Azure you can create upto 10000 users per .csv.

78.How to create more then 1000 users in M365 using PowerShell.

• You need to create excel sheet with

79.What are the main components of Microsoft 365?

• Key components include Microsoft Word, Excel, PowerPoint, Outlook, OneDrive,
SharePoint, Microsoft Teams, Exchange Online, and Microsoft Defender for Office 365.

80.What is the difference between SharePoint Online and OneDrive for Business?
• SharePoint Online is a tool that helps people work together by sharing files and
information online. It’s like a virtual office where you can store documents, collaborate
on projects, and keep everything organized, all from anywhere.
• OneDrive for Business is primarily a personal file storage service that allows users to
store and share files privately and collaborate with others.

81.What are the differences between Exchange Online and on-premises Exchange?

Exchange Online is a cloud-based email service, while on-premises Exchange is installed and
managed locally on a company’s servers. Here are the main differences:

• Hosting: Exchange Online is hosted by Microsoft in the cloud; on-premises Exchange is

hosted on your own hardware.
 • Maintenance: Microsoft handles updates and maintenance for Exchange Online; with
on-premises, your IT team does it.
• Accessibility: Exchange Online can be accessed from anywhere with an internet
connection; on-premises typically requires a VPN or being on-site.
• Cost: Exchange Online usually involves subscription fees; on-premises requires upfront
hardware and software costs.

In short, Exchange Online is more convenient and requires less management, while on-
premises gives you more control.

82.How to forward user mail from exchange online.

• Go to https://admin.exchange.microsoft.com and login as an administrator.
• Expand recipient and click on mailboxes.
• Click on selected user and on your right-hand side you can be able to see the option call
email forwarding.

83.Can you recover a data which is permanently deleted from OneDrive?

• If your data is deleted it will go to first stage of recycle bin.
• If the data is deleted from first stage, then it will go to second stage of recycling bin.
• And if the data is deleted from second stage of recycling bin means it permanently get
deleted and you only can ably recover it if you turn on “retention hold” for the user.

84.For how many days your data will be recoverable in OneDrive for business recycle bin.
• First stage of recycle bin for 93 days.
• Second stage of recycle bin for 93 days.

85.What if you added the user into retention hold.

• When you add a user to a retention hold, it means their data is preserved and cannot be
deleted or modified for a specified period of time.

86.For how many days your mail will be recoverable in outlook deleted item folder?
• In Outlook, items in the Deleted Items folder can typically be recovered for 30 days after
they are deleted. After that period, the items may be permanently deleted.
• If you're using Microsoft 365 or Exchange, there may be an additional recovery option called
"Recoverable Items," which allows you to recover deleted items for a period of up to 14
additional days after the initial 30 days, depending on the settings configured by your
organization.

87.Difference between “Content Search and E-Discovery”?

• Content Search is for general searches,
• eDiscovery is for legal and compliance investigations.
 88.What is the difference between Retention Hold and Litigation Hold?

Points Retention Hold Litigation Hold

Purpose The primary goal is to ensure that data is
preserved in accordance with an
organization’s data retention policies and
regulatory requirements.
Scope Applies broadly to various types of data,
including emails, documents, and other
records across different users or
departments.
Specifically designed to preserve data that
may be relevant to ongoing or anticipated
legal actions, investigations, or audits.
More targeted than a retention hold; it
focuses on specific individuals, data types, or
categories of information that are relevant to
a particular legal case.

Typically set for a specific duration, which is
defined by the organization’s policies.
Use Case Used to comply with laws and regulations
that require organizations to keep certain
types of data for a specified period (e.g.,
financial records, employee data).
Helps in managing data lifecycle effectively,
ensuring that data is available when needed
but also systematically deleted when it's no
longer required.
Outcome Data marked for retention cannot be
deleted or modified until the hold is lifted, or
the retention period expires.
Often set in response to a legal notice or
when litigation is reasonably anticipated.
Triggered when an organization becomes
aware of potential litigation, ensuring that any
data related to the matter is preserved.
Often involves preserving communications
(like emails), documents, and other evidence
that may be required during legal
proceedings.
Data under litigation hold cannot be deleted
or altered, regardless of other retention
policies in place.

Protects against unintentional deletion or The hold remains in effect until the legal
loss of important data. matter is resolved or the organization
determines that the hold is no longer
necessary.

89.How SCL (SPAM CONFIDENCE LEVEL) works?

• if you configure the Content Filter agent with an SCL delete threshold of 8, all messages
with an SCL of 8 or higher are silently deleted.
• However, if you configure the Junk Email folder with an SCL threshold of 4, all messages
with an SCL of 5 or higher are moved to the Junk Email folder,
• while messages with an SCL of 4 or lower are delivered to the Inbox.

90.What are the different types of mail flows are available?

• Inbound Mailflow: Receiving and sorting incoming emails.
• Outbound Mailflow: Sending emails to clients and customers.
• Internal Mailflow: Communication within the organization.
• External Mailflow: Emails to and from outside parties.
• Transactional Mailflow: Automated emails triggered by actions (e.g., order confirmations).
• Bulk Mailflow: Sending large volumes of marketing emails.
91.What are the prerequisites required for Tenant-to-Tenant migration?
• Planning: Create a detailed migration plan.
• Admin Access: Global admin access for both tenants “Source and Destination”.
• Licenses: Verify that the destination tenant has sufficient licenses for all users being
migrated.
• Domain Verification: Domains must be verified in the destination tenant.
• Count The Numbers of Users and Groups: Count the number of user and groups available
in source tenant.
• Data Backup: Back up data before migration.
• Security Review: Review security settings and compliance policy of source tenant.
• Migration Tools: Set up necessary migration tools.
• User Mapping: Identify and map user accounts from the source to the target tenant to
ensure smooth transitions.
• Testing: Conduct pilot tests with a small group of users to identify potential issues before
full migration.
• Post-Migration Support: Plan for user training and support after the migration is complete.
• Communication: Inform all stakeholders about the migration timeline and what to expect.

92.What are MX records and its structure?

• MX Record: Tells where to send emails for a domain (the mail server).
• Structure of MX record: domain-com.mail.protection.outlook.com.

93.When you create a team in Microsoft 365 (Teams), what are the following services are
automatically set up?
• Microsoft 365 Group: A shared workspace for collaboration.
• SharePoint Site: For document storage and sharing.
• OneNote Notebook: A shared notebook for team notes.
• Planner: For task management.
• Shared Email Address: A mailbox for team communications.
• Teams Channel: Default channels for discussions.
• File Storage: A dedicated area in SharePoint for files.
• Microsoft Stream: For video content sharing (if applicable).

94.What is the difference between shared mailbox and Microsoft 365 group?
• Shared Mailbox:
• What It Is: A common email inbox that multiple people can access.
• Main Use: For managing emails together (like customer support).
• Email Address: Has its own email address (e.g., [email protected]).
• Access: You need permission to access it.
• Features: Mainly just for email; no extra tools for collaboration.
• Microsoft 365 Group:
• What It Is: A group that brings together tools for teamwork.
• Main Use: For collaborating on projects and sharing resources.
• Email Address: Also has its own email address, but it does more than just email.
• Access: All members can access group resources automatically.
• Features: Includes a shared mailbox, file storage (SharePoint), task management (Planner),
and more.

95.If you have a Microsoft 365 Business Basic license, can you set up Outlook on your
computer?
• Yes, you can configure outlook if you have Microsoft 365 business basic license assigned.

96.When you create Teams in Microsoft 365, an email address has been automatically
created, why it happens?
• Easy Communication: Team members can send and receive emails easily.
• Shared Inbox: Everyone on the team can see and manage emails sent to that address.
• Notifications: It helps send updates and announcements to team members.
• Works with Outlook: You can access team emails in Outlook too.

97.A Teams user unable to chat with external user, what is the main reason?
If a Teams user can't chat with someone from another organization, it might be because:
• External Access Disabled: The organization doesn't allow chatting with outside users.
• Guest Restrictions: Guests may have limited permissions.
• User Policies: Some users may have rules that prevent external chats.
• Network Issues: There could be internet problems.
• Different Teams Versions: The other user might not be using the same version of Teams.

98.What is the default and max size of message attachment limit in exchange online?
• Default limit of message attachment is 35MB,
• The max size of message attachment limit is 150MB.

99.What are the different types of mailboxes available in Microsoft 365 or Exchange
Online?
• User Mailbox: Regular mailboxes assigned to individual users for personal email.
• Shared Mailbox: A common mailbox that multiple users can access to send and receive
emails, often used for team communication (e.g., [email protected]).
• Resource Mailbox: Mailboxes for managing resources like meeting rooms or equipment.
These can be booked by users.
• Room Mailbox: Specifically for scheduling and managing meeting rooms.
• Equipment Mailbox: For reserving shared equipment, such as projectors or vehicles.
• Office 365 Group Mailbox: Part of a Microsoft 365 Group, it includes shared email,
calendar, and files for team collaboration.
 • Archive Mailbox: A secondary mailbox used to store archived emails to help manage space
in the primary mailbox.
• Discovery Mailbox: Used for compliance and eDiscovery purposes to hold data for legal
investigations.

100.What is SMTP relay?

SMTP relay is a service that allows you to send emails from one server to another. Here
is a simple breakdown:
• What It Does: It helps route your outgoing emails through a specific mail server, ensuring
they reach the intended recipients.
• How It Works: When you send an email, it goes to the SMTP relay server, which then
forwards it to the recipient’s email server.
• Why Use It: It’s often used for sending bulk emails or when you want to send emails from an
application (like a website) without using a personal email account.
In short, SMTP relay is like a post office that helps deliver your emails efficiently.

101.What are the different type of connection filer available in Microsoft 365?
• IP Allow List: Trusted IP addresses allowed to send emails.
• IP Block List: IP addresses that are blocked from sending emails.
• Connection Throttling: Limits the number of messages from a single IP address to prevent
spam.
• Dynamic IP Address Filtering: Automatically blocks or allows IP addresses based on their
reputation.

102.What is the maximum duration for restore your deleted SharePoint sites.
• You can restore your deleted site before 93 days. After 93 days the site will get permanently
deleted.

103.What is the maximum duration for restore your deleted SharePoint containers.
• You can restore your deleted container before 93 days. After 93 days the container will get
permanently deleted.

104.What is the maximum duration for restoring deleted groups?

• Within 30 days you can restore your deleted groups.

105.What is the difference between Teams site and Communication site?

• Team Site: Designed for collaboration within a specific group or team. It includes features
like document libraries, task lists, and group discussions, focused on sharing and working
together on content.
• Communication Site: Designed for broadcasting information to a wider audience. It’s used
for sharing news, announcements, and events, with a focus on presentation and visual
appeal rather than collaboration.
So, Team Sites are for teamwork and project collaboration, while Communication Sites are for
sharing information with a broader audience.
106.What is document center in SharePoint Online?
• A Document Center in SharePoint Online is a central place where you can store, manage,
and organize large amounts of documents. It’s designed to help businesses or teams keep
track of many documents, making it easier to find, update, and share them.

107.What is the storge limit of document center?

• The storage limited is 1TB for each tenant plus 10GB per licensed user.

108.In SharePoint library or folder max much document you can store?
• Max you can store 30 million documents each library.

109.What is Enterprise Wiki in SharePoint online?

• An Enterprise Wiki in SharePoint Online is a place where you can create, share, and organize
information in your company. It's like an internal website where employees can add and
update pages with helpful content, like how-to guides, company policies, or important
updates. Everyone can easily find and contribute to the information, making it a central spot
for shared knowledge.

110.What is Publishing Portal in SharePoint online?

• A Publishing Portal in SharePoint Online is a site used to create and share well-designed
content like news, updates, or important information with a large audience. It’s like a
company website where content is carefully managed and published, often after approval,
to make sure everything looks professional and organized.

111.What is Content Center in SharePoint Online?

• A Content Center in SharePoint Online is a place where you can organize and manage
documents in one central spot. It helps make sure that all the files are well-arranged, easy
to find, and follow the same rules across the company. It's like a hub to keep your
documents organized and consistent.

112.What is Syntex Content Center in SharePoint Online?

• The Syntex Content Center in SharePoint Online uses AI to help automatically organize and
manage documents. It can sort documents, find important information (like dates or
names), and save time by doing these tasks automatically, so you don’t have to do it
manually.

113.How to set user can only access SharePoint and OneDrive data based on network
location?
To restrict access to SharePoint and OneDrive data based on network location, follow these
steps:
• In the SharePoint Online Admin Center, go to Access Control.
• Click on Network Location.
• Enable the option Allow access only from specific IP address ranges.
• Add the IP addresses or ranges from which you want to allow access.
This ensures that only users within the specified IP address ranges can access the data.

114.What is Idle session sign-out in SharePoint online admin center?

• Idle session sign-out in SharePoint Online Admin Center is a feature that automatically
signs out users from SharePoint or OneDrive after a period of inactivity. This helps improve
security by ensuring that if someone leaves their device unattended, their session will end
after a certain amount of time, reducing the risk of unauthorized access.

115.What are the minimum and maximum durations for automatic user sign-out due to
inactivity?
• 1 hour is minimum and 24 hours is maximum.

116.What are the minimum and maximum durations for notifying a user before automatic
sign-out due to inactivity?
• Minimum is 1 minute and maximum is 39 minutes.

117.What is the difference between SharePoint Admin, Owner, Member and Visitors?
• Owner: Full control over the site (manage settings, permissions, content).
• Member: Can edit and contribute content but can't manage settings or permissions.
• Visitor: View-only access to the site (cannot edit or contribute).
• Administrator: (Typically for SharePoint admins) Full control over the SharePoint
environment, including all sites.
Owners manage the site, members contribute, and visitors can only view content.

118.What is the difference between authentication and authorization?

• Authentication is like showing your ID to prove who you are. For example, entering your
password to log in.
• Authorization is like asking, "Now that I know who you are, what are you allowed to do?" For
example, whether you can access certain files or perform specific actions on a website.
In short:
• Authentication = "Proving who you are."
• Authorization = "What you're allowed to do once we know who you are."
119. How does on-premises AD compare to Azure AD?
• On-premises Active Directory (AD): This is a directory service that lives on your company's
own servers. It helps manage and secure things like employee logins, computers, and other
devices, but it only works inside your company’s network (your office or local data center).
• Azure Active Directory (Azure AD): This is the same idea, but it's in the cloud. It manages
logins and permissions for cloud-based services like Microsoft 365, apps, and websites,
and works from anywhere with an internet connection.

120.What is RBAC (Role Based Access Control)?

• Role-Based Access Control (RBAC) is a method of managing access to resources within a
system based on a user's role in the organization. Instead of assigning permissions to each
individual user, permissions are assigned to roles (like "Admin," "Manager," "Employee"), and
users are assigned to those roles.
How it works:
• Roles: Defined sets of permissions that determine what actions a user can perform (e.g.,
read, write, delete).
• Users: Assigned to one or more roles based on their job responsibilities.
• Permissions: Access to resources is granted based on the role a user is assigned to, not
individually.
Example:
• Admin Role: Can manage all settings, create users, delete files.
• Manager Role: Can view reports and edit team data.
• Employee Role: Can only view and update their own data.
In short: RBAC simplifies access management by grouping permissions into roles and
assigning users to those roles, so you don’t need to assign permissions to each user
individually.

121.How do RBAC and Azure roles differ?

• RBAC is the overall system for controlling access based on roles, and Azure roles are
specific roles used in Azure to control access to cloud resources.

122.What is PHS (Password Hash Synchronizations)?

• Password Hash Synchronization (PHS) is a way to make sure that your on-premises
password (the one you use to log in to your work computer) is the same as the password
you use to log in to cloud services like Microsoft 365.
• Instead of sending your actual password to the cloud, it only sends a secure, scrambled
version of it (called a "hash"). This keeps your password safe while allowing you to use the
same login for both your local and cloud accounts.
123.What is PTA (Pass-Through Authentication)?
• Pass-Through Authentication (PTA) is a way to allow users to log in to cloud services like
Microsoft 365 using the same password they use for their office computer or network.
• When they try to log in, PTA checks their password against your company's local system
(where your passwords are stored) instead of storing the password in the cloud.
• In short: PTA lets you use your office login (the same one for your computer) to access cloud
services, without needing to save your password in the cloud.]

124.How would you connect On-premises application to Azure AD?

• Set up Azure AD Application Proxy: Install and configure Azure AD Application Proxy on
your on-premises server to securely publish the application to Azure AD.
• Configure Single Sign-On (SSO): Set up SSO using Azure AD to allow users to access the
application with their Azure AD credentials, either through SAML or OAuth.
• Define Access Rules: Configure who can access the application by defining access
policies in Azure AD.
• Test Access: Verify users can access the on-premises app through Azure AD
authentication.
In short: Use Azure AD Application Proxy and configure SSO to securely connect your on-
premises application to Azure AD.

125.What are the best ways to access on-premises applications from cloud?
• Use Azure AD Application Proxy, VPN, or a hybrid identity solution for secure access to
on-premises applications from the cloud.

126.What is SAML, OpenID and OAuth?

• SAML (Security Assertion Markup Language): It’s a way for websites to let you log in using
your company or organization's login credentials. For example, when you sign in to an
external website (like a partner’s app), SAML helps pass your login details securely from
your company’s system to that website.
• OpenID Connect: This is a newer version of OpenID that lets you use your existing account
(like Google or Microsoft) to log in to other apps or websites, so you don’t need to
remember multiple passwords. It’s like using your Google login to sign in to a third-party
service.
• OAuth: This is a way for apps to get limited access to your information from other services
(like your contacts or photos) without you giving them your password. For example, when
you use a website to log in with your Facebook account, OAuth lets the website access your
Facebook info without sharing your password.
In short:
• SAML: Lets you log in to third-party apps using your company login.
• OpenID: Lets you log in to other apps using an existing account (like Google).
• OAuth: Lets apps access your data from other services without sharing your password.
127.What is identity protection and how it works?
• Identity Protection is a feature in Azure Active Directory that helps keep your
organization's accounts secure by detecting and responding to suspicious activities or
potential security risks, like unusual login attempts or sign-ins from unfamiliar locations.
How it works:
• Risk Detection: It constantly monitors for risky activities, such as failed login attempts,
sign-ins from strange locations, or using compromised passwords.
• Automated Responses: If a risk is detected, it can automatically take actions like requiring
the user to change their password, block access, or prompt for multi-factor authentication
(MFA) to verify their identity.
• Risk Policies: You can set policies to control how strict the protections should be. For
example, you can require extra verification (MFA) if a user logs in from a new device or
country.
In short: Identity Protection helps protect user accounts by detecting risky behaviour and
automatically taking action to secure access, such as asking for extra verification or blocking
suspicious logins.

128.What is SSPR (Self Service Password Reset)?

• SSPR (Self-Service Password Reset) lets users reset their own passwords if they forget
them, without needing help from IT. They can do it themselves using a few security steps,
like confirming their identity through email or phone.

129.How to setup SSPR?

• Sign in to Azure AD: Go to the Azure portal and sign in with an admin account.
• Enable SSPR: In the Azure AD portal, go to Security > Password Reset and turn on the Self-
Service Password Reset option.
• Configure authentication methods: Choose how users will verify their identity (e.g., email,
phone number, security questions).
• Set up policies: Define who can use SSPR (e.g., all users or specific groups) and any
additional requirements.
• Notify users: Optionally, inform users about the new password reset feature and how to
use it.

130.How to disable SSPR for admin accounts?

• Sign in to Azure AD: Go to the Azure portal and sign in with an admin account.
• Navigate to Password Reset: In the Azure portal, go to Azure Active Directory > Security >
Password Reset.
• Configure SSPR settings: Under Password Reset, click on Access and select Selected under
the "Who can use self-service password reset?" option.
• Exclude admin accounts: In the Exclude users’ section, select the groups or individual
admin accounts you want to exclude from using SSPR.
• Save changes: Click Save to apply the settings.
131.What is retention tags and retention policy.
• Retention Tag: A specific rule for an email, telling you how long to keep it and what to do
with it (e.g., delete, archive).
• Retention Policy: A collection of multiple retention tags that are applied to an entire
mailbox or folder to manage email retention automatically.
In short, a tag is a single rule, while a policy is a group of rules.

132.What are the resource mailbox available in Exchange Online?

• Room Mailbox: Represents a physical meeting room or space (e.g., a conference room,
training room) that can be booked for meetings or events.
• Equipment Mailbox: Represents shared equipment (e.g., projectors, laptops, or other
portable devices) that can be reserved for use during meetings or events.

133.What are the MS office version available in market?

• Microsoft Office 365, Microsoft Office 2024, 2021, 2019, 2016, 2012, 2009 etc.

134.What is the difference between MS Office and Microsoft Office 365?

• MS Office: A one-time purchase of the traditional desktop software suite (e.g., Word, Excel,
PowerPoint) that is installed locally on your device. Updates and upgrades require
purchasing new versions.
• Microsoft Office 365: A subscription-based service that provides access to the Office apps
(Word, Excel, PowerPoint, etc.) along with cloud storage (OneDrive), collaborative tools
(Teams), and regular updates. It also includes the ability to use the apps across multiple
devices.

135.What are the Microsoft Windows Server available market?

• Latest Version: Windows Server 2022.
• Other versions: 2019, 2016, 2012 R2, 2008 R2, with each version introducing new features
and improvements for enterprise environments.

136.What are the Microsoft Exchange Server available in market?

• Latest Version: Exchange Server 2019.
• Earlier Versions: 2016, 2013, 2010, 2007, with each version offering improvements in
security, scalability, and cloud integration.

137.How much time Dynamic DL takes to add user automatically based on his filter and
condition set?
• It typically takes 1-2 hours for the DDG membership to be updated but may take up to 24
hours in some cases.