Microsoft MS-700 Managing Teams Exam Dumps and Practice Test Questions Set 15 Q 211-225
Visit here for our full Microsoft MS-700 exam dumps and practice test questions.
Question 211:
You are managing a Microsoft Teams environment for a company with 5,000 users. Users report that they cannot find specific colleagues when searching for them in Teams. What is the most likely cause of this issue?
A) The missing users’ mailboxes are not hosted in Exchange Online
B) Global Address List synchronization is disabled
C) The users do not have Teams licenses assigned
D) Azure AD Connect synchronization has failed
Answer: D
Explanation:
Azure AD Connect synchronization failure is the most likely cause when users cannot find specific colleagues in Teams search functionality. Microsoft Teams relies on Azure Active Directory as the authoritative source for user identity information, and Azure AD Connect is the tool that synchronizes on-premises Active Directory user accounts to Azure AD in hybrid environments. When Azure AD Connect synchronization fails or encounters errors, newly created users or recently updated user information in on-premises Active Directory do not appear in Azure AD, which means they won’t be discoverable in Teams search, people picker, or directory lookups. The synchronization failure could be caused by various issues including connectivity problems between the Azure AD Connect server and Azure AD, credential expiration for the synchronization account, configuration errors, or conflicts in user attributes preventing successful synchronization.
Teams directory search functionality pulls user information directly from Azure AD, including display names, email addresses, job titles, department information, and presence status. When Azure AD Connect synchronization is functioning properly, user changes made in on-premises Active Directory are synchronized to Azure AD within approximately 30 minutes during standard delta synchronization cycles, or immediately if manual synchronization is triggered. However, when synchronization is broken, the gap between on-premises directory state and Azure AD state grows, resulting in users missing from Teams searches, outdated user information appearing, and authentication issues for affected accounts. Administrators can identify synchronization problems by checking the Azure AD Connect Health portal, reviewing synchronization error reports in the Azure AD Connect Synchronization Service Manager, and examining the Application event logs on the Azure AD Connect server.
Troubleshooting Azure AD Connect synchronization issues requires systematic investigation starting with verifying the Azure AD Connect service status on the synchronization server, confirming network connectivity to Azure AD endpoints, checking that the Azure AD synchronization account credentials are valid and have not expired, and reviewing the synchronization error reports for specific object-level errors such as duplicate attribute conflicts or missing required attributes. Common resolution steps include restarting the Azure AD Sync service, running a manual delta synchronization cycle to test connectivity, resolving attribute conflicts for affected user objects, and updating expired credentials in the Azure AD Connect configuration wizard. Once synchronization is restored, previously missing users should appear in Teams within the next synchronization cycle.
Organizations should implement monitoring and alerting for Azure AD Connect synchronization health to detect and respond to synchronization failures proactively before users report issues. Azure AD Connect Health provides monitoring capabilities for hybrid identity infrastructure including synchronization errors, replication latency, authentication issues, and overall system health. Email alerts can be configured to notify administrators immediately when synchronization problems occur, enabling rapid response. Additionally, organizations should maintain redundant Azure AD Connect servers in staging mode that can be quickly promoted to active status if the primary synchronization server fails, ensuring continuous directory synchronization and minimizing impact on Teams user experience.
Option A is incorrect because while mailbox location affects some Teams features, users do not need Exchange Online mailboxes to appear in Teams directory searches or be discoverable by colleagues. Teams can function in organizations using on-premises Exchange Server or even without any Exchange environment, though certain features like calendar integration and meeting scheduling require Exchange mailboxes. Users synchronized to Azure AD from on-premises directories will appear in Teams searches regardless of where their mailboxes are hosted, as long as they have been successfully synchronized to Azure AD and have appropriate licenses. The issue described in the question points to users missing entirely from directory searches, which is a synchronization issue rather than a mailbox location issue.
Option B is incorrect because there is no separate «Global Address List synchronization» setting that controls user visibility in Teams directory searches. The Global Address List is an Exchange concept that provides a directory of email recipients within an organization, and while Teams integrates with Exchange for certain features, Teams directory search pulls user information directly from Azure AD rather than from Exchange Global Address Lists. Even if Exchange GAL synchronization were disabled or problematic, users would still appear in Teams searches as long as their accounts exist in Azure AD with appropriate attributes. The question describes users being completely missing from searches, which indicates they are not present in Azure AD, pointing to Azure AD Connect synchronization failure.
Option C is incorrect because Teams license assignment is not required for users to appear in directory searches or be discoverable by colleagues who do have Teams licenses. Unlicensed users who exist in Azure AD will appear in search results, people picker, and org chart views for licensed Teams users, though the unlicensed users themselves cannot use Teams functionality like chat, calling, or meetings. This design allows licensed users to find and potentially communicate with all colleagues in the organization regardless of their license status. If users are completely missing from searches for all other users, the issue is that the user accounts don’t exist in Azure AD due to synchronization failure, not lack of license assignment.
Question 212:
You need to configure a Teams meeting policy that prevents users from recording meetings. Which policy setting should you modify?
A) Set «Allow cloud recording» to Off
B) Set «Allow transcription» to Off
C) Set «Who can record» to Organizers only
D) Disable «Allow meeting chat» option
Answer: A
Explanation:
Setting «Allow cloud recording» to Off in the Teams meeting policy is the correct configuration to prevent users from recording meetings. The cloud recording setting is the primary control for meeting recording capabilities in Microsoft Teams, and when this setting is disabled for a user, they cannot start or stop cloud recordings for any meetings they organize or participate in, regardless of their role in the meeting. This policy setting applies to cloud recordings that are stored in Microsoft Stream (classic) or OneDrive/SharePoint depending on organizational configuration, and it affects both scheduled meetings and ad-hoc meet-now sessions. When cloud recording is disabled through policy, the record button is not available in the meeting controls for affected users, preventing them from initiating recording functionality.
Teams meeting recording policies provide granular control over which users can record meetings, when recordings are allowed, and where recordings are stored. The policy architecture allows administrators to create different policies for different user groups, enabling scenarios where executives or trainers can record meetings while general staff cannot, or where recordings are allowed for specific departments but restricted for others based on compliance or privacy requirements. The policy evaluation in Teams follows a precedence order where user-specific policies override group policies, which override the global default policy, ensuring that administrators can implement both broad organizational defaults and targeted exceptions for specific users or departments.
When cloud recording is disabled for a user, this restriction applies regardless of whether the user is the meeting organizer or a participant, and regardless of the recording permissions configured by meeting organizers through meeting options. Even if a meeting organizer enables recording in the meeting options, users with cloud recording disabled in their meeting policy cannot start recordings. This policy-based control ensures that organizational compliance requirements and privacy policies are enforced consistently across all meetings, preventing unauthorized recording that could violate regulations, employee privacy expectations, or confidential business discussions. Organizations in regulated industries or with strict data governance requirements often disable recording for most users while allowing it only for designated roles.
Meeting recording features in Teams include several related capabilities that administrators should understand when configuring policies. Cloud recordings are automatically transcribed if transcription is enabled (a separate policy setting), and they include participant video, shared content, and audio. Recordings are processed after the meeting ends and made available through links shared in the meeting chat or calendar event. Storage location varies based on organizational settings: recordings may be stored in Microsoft Stream classic for backward compatibility, or in OneDrive and SharePoint for organizations using the modern recording storage model. Administrators managing recording policies should also consider related settings like transcription, automatic recording for compliance scenarios, and recording expiration policies that automatically delete old recordings.
Option B is incorrect because the «Allow transcription» setting controls whether meetings can have live transcription and post-meeting transcripts generated, not whether meetings can be recorded. Transcription and recording are separate features that can be enabled or disabled independently. Disabling transcription prevents the generation of text transcripts from meeting audio but does not affect the ability to create audio/video recordings. In fact, transcription is often enabled alongside recording to provide searchable text content and accessibility features, but some organizations may allow recording while disabling transcription for privacy reasons, or vice versa. To prevent meeting recording specifically, the cloud recording setting must be configured.
Option C is incorrect because «Who can record» is not a standard policy setting in Teams meeting policies; instead, there is only an «Allow cloud recording» on/off toggle. The ability to control who can start recordings (organizers only, organizers and presenters, or all participants) is configured through meeting options by meeting organizers on a per-meeting basis, not through organization-wide policies. While administrators can use meeting policies to enable or disable recording capability entirely, they cannot use policies to restrict recording to specific meeting roles. If the goal is to prevent all users from recording meetings, the cloud recording policy setting must be turned off completely.
Option D is incorrect because disabling meeting chat has no effect on recording capabilities and would create a poor user experience by preventing all text communication during meetings. Meeting chat is a separate feature that allows participants to send text messages, share files, and communicate before, during, and after meetings. The chat functionality is independent of recording capabilities, and organizations that disable recording for compliance or privacy reasons typically want to maintain chat functionality for collaboration. Disabling chat would prevent important meeting communications and resource sharing without addressing the recording concern specified in the question.
Question 213:
You are implementing guest access in Microsoft Teams for external collaboration with partners. Which setting must be enabled in Azure AD before guests can be added to teams?
A) External collaboration settings allowing guest invitations
B) Multi-factor authentication for all users
C) Conditional access policies for external users
D) Azure AD Premium P2 subscription
Answer: A
Explanation:
External collaboration settings in Azure AD that allow guest invitations must be enabled before guests can be added to Microsoft Teams. Azure AD external collaboration settings control whether users in the organization can invite external guests, which types of external users can be invited, and what permissions guests have within the directory. These settings are found in the Azure AD portal under External Identities > External collaboration settings, and they act as the foundational permission layer that governs all guest access across Microsoft 365 services including Teams, SharePoint, and other collaborative applications. If guest invitations are blocked at the Azure AD level, Teams-specific guest access settings become irrelevant because the underlying identity platform prevents guest accounts from being created or invited regardless of application-level configuration.
The Azure AD external collaboration settings include several critical configuration options that administrators must review and configure appropriately for their organization’s security and collaboration requirements. The «Guest invite settings» determine who can invite guests to the organization, with options including all users, only users in specific administrative roles, or no one. The «Collaboration restrictions» allow administrators to specify which external domains can be invited as guests through allow lists or deny lists, enabling scenarios where collaboration is restricted to trusted partner organizations. The «Guest user access restrictions» control what directory information guests can see and access, implementing the principle of least privilege for external users who should only see information relevant to the teams and resources they’ve been invited to access.
Organizations implementing guest access in Teams should carefully plan their Azure AD external collaboration configuration to balance collaboration needs with security requirements. Best practices include restricting who can invite guests to designated departments or roles rather than allowing all users to invite external participants without oversight, implementing domain restrictions to allow guests only from known partner organizations rather than any email domain, configuring guest permissions to limit directory browsing and discovery of internal users and resources, and establishing processes for regular guest access reviews to remove stale guest accounts and maintain current collaboration relationships. These Azure AD-level controls work in conjunction with Teams-specific guest settings to provide comprehensive governance of external collaboration.
Once Azure AD external collaboration settings are properly configured to allow guest invitations, administrators must also enable guest access in the Teams admin center and configure Teams-specific guest capabilities such as whether guests can create, update, or delete channels, whether guests can use chat, calling, and meeting features, and whether guests can access files and applications in teams. This two-tier permission model provides defense in depth where both the identity platform and the application must explicitly allow guest access before external collaboration is possible. If either layer blocks guest access, external users cannot participate in Teams regardless of the other layer’s configuration, ensuring administrators have multiple control points for managing external collaboration security.
Option B is incorrect because while multi-factor authentication is a strongly recommended security control for guest users and can be enforced through conditional access policies, it is not a prerequisite for enabling guest access functionality. Organizations can configure guest access without requiring MFA, though this would represent a security risk as external accounts with simple password authentication are more vulnerable to compromise. Microsoft recommends requiring MFA for guest users through conditional access policies that specifically target guest or external users, but this is a security enhancement rather than a functional requirement for guest access. Teams guest access can technically function without MFA, though it should not be deployed this way in production environments.
Option C is incorrect because conditional access policies for external users are security controls that enhance guest access protection but are not prerequisites for enabling the guest access feature itself. Conditional access policies can enforce requirements like MFA, compliant devices, approved locations, or terms of use acceptance for guest users accessing Teams and other resources, providing additional security layers beyond basic authentication. While these policies are highly recommended for production environments with guest access, especially in regulated industries or security-conscious organizations, they are not required to enable the basic functionality of inviting and adding guests to teams. Guest access can be enabled and function without conditional access policies, though this is not a security best practice.
Option D is incorrect because Azure AD Premium P2 subscription is not required for guest access functionality in Microsoft Teams. Guest access works with all Azure AD license levels including the free tier included with Microsoft 365 subscriptions. While Azure AD Premium P2 provides advanced features like access reviews, privileged identity management, and identity protection that can enhance guest access management and security, these are optional enhancements rather than requirements. Organizations with Basic or Premium P1 Azure AD can successfully implement guest access in Teams, invite external collaborators, and manage guest permissions. The core requirement is properly configuring the external collaboration settings, not having a specific Azure AD subscription tier.
Question 214:
You need to prevent users in a specific department from using third-party storage apps like Dropbox or Box within Microsoft Teams. Which type of policy should you configure?
A) App permission policy restricting third-party apps
B) App setup policy removing the apps from app bar
C) Messaging policy disabling file sharing
D) Meeting policy restricting shared content
Answer: A
Explanation:
App permission policy restricting third-party apps is the correct policy type to prevent users from using specific third-party storage applications like Dropbox or Box within Microsoft Teams. App permission policies control which apps are available to users in Teams, allowing administrators to block specific apps, allow only Microsoft apps, allow all apps, or create custom allow/block lists for granular control over the Teams app ecosystem. When an app is blocked through an app permission policy, users cannot install that app in Teams, cannot access it in any teams or chats where it might have been previously installed, and cannot interact with its features or content. This policy mechanism provides centralized control over application usage and enables organizations to enforce security, compliance, and data governance requirements by restricting access to applications that don’t meet organizational standards.
App permission policies in Teams support both organization-wide app blocking through tenant-level app management settings and user-specific or group-specific restrictions through custom permission policies. The policy architecture allows administrators to create different policies for different user populations, enabling scenarios where most users are restricted from third-party storage apps for data loss prevention reasons, while specific departments or roles that have approved business justifications can use these apps under controlled conditions. The policies apply regardless of how apps are added to Teams—whether users attempt to install them directly, whether they’re added to teams by other users, or whether they’re included in app setup policies—ensuring that blocked apps remain inaccessible to users covered by restrictive permission policies.
When configuring app permission policies to block third-party storage apps, administrators should understand that Teams includes several types of apps with different permission policy controls: Microsoft apps (created and maintained by Microsoft), third-party apps (created by external vendors and available in the Teams app store), and custom apps (developed by or for the organization). The policies can be configured separately for each app type, allowing scenarios where all Microsoft apps are allowed, custom apps developed by the organization are allowed, but third-party apps are either blocked entirely or subject to approval-based allow lists. For blocking specific apps like Dropbox or Box, administrators would create a policy that blocks these specific third-party apps while potentially allowing other apps, then assign this policy to the users or groups who should not access these storage solutions.
Organizations implementing app permission policies for third-party storage apps should coordinate with their information security, compliance, and data governance teams to ensure policies align with broader organizational controls on data storage and sharing. Blocking storage apps in Teams may need to be accompanied by similar restrictions in other Microsoft 365 services, browser-based access controls, and endpoint management policies to prevent users from circumventing restrictions by accessing these services outside Teams. Additionally, organizations should communicate policy changes to affected users, explain the business reasons for restrictions, and provide approved alternatives such as OneDrive for Business and SharePoint for file storage and collaboration needs, ensuring users can continue productive work within approved technology boundaries.
Option B is incorrect because app setup policies control which apps are pinned to the Teams app bar and the order in which they appear, but they do not prevent users from accessing apps that are available to them through app permission policies. App setup policies are designed to improve user experience by pre-installing and prominently displaying apps that users need for their roles, reducing the need for users to search for and install apps manually. However, users can still access apps not included in their app setup policy by browsing the Teams app store and installing apps they want, as long as those apps are allowed by their app permission policy. To actually prevent users from using specific apps, app permission policies must be configured to block those apps.
Option C is incorrect because messaging policies control Teams chat and channel messaging capabilities such as whether users can edit or delete messages, use Giphy and memes, enable read receipts, or use priority notifications, but they do not control access to third-party applications. While messaging policies include settings related to file sharing in messages, these settings control whether users can share files from OneDrive and SharePoint in chats and channels, not whether they can use third-party storage apps within Teams. The messaging policy’s file sharing setting is an on/off toggle for native Teams file sharing, not a mechanism for blocking specific third-party applications.
Option D is incorrect because meeting policies control Teams meeting features and capabilities such as who can present, whether recording is allowed, whether breakout rooms are available, and whether participants can share video or content during meetings, but they do not control access to applications that might be used in teams or chats. While meeting policies include content sharing settings that control screen sharing and providing control to other participants, these settings do not extend to blocking third-party storage applications. To prevent users from accessing specific apps across all Teams contexts including in teams, chats, and meetings, app permission policies are the appropriate control mechanism.
Question 215:
You are configuring Teams for an organization that requires all Teams meetings to include a meeting lobby where participants wait until admitted. Which meeting setting should you configure?
A) Set «Who can bypass the lobby» to Only organizers and co-organizers
B) Enable «Always let callers bypass the lobby» option
C) Set «Who can present» to Only organizers and co-organizers
D) Enable «Automatically admit people» to Everyone
Answer: A
Explanation:
Setting «Who can bypass the lobby» to «Only organizers and co-organizers» is the correct configuration to ensure all Teams meetings include a lobby where participants wait until admitted by organizers. The lobby feature in Teams meetings provides a virtual waiting room where participants are held before joining the meeting, allowing meeting organizers to control who enters the meeting and when, review participant lists before admitting people, and prevent unauthorized participants from joining meetings without permission. When «Who can bypass the lobby» is set to «Only organizers and co-organizers,» all other participants including internal employees, external guests, and anonymous users must wait in the lobby until an organizer or co-organizer explicitly admits them, providing maximum security and control over meeting attendance.
The lobby bypass setting is one of the most important security controls for Teams meetings, and it can be configured both through organization-wide meeting policies that set defaults for all users and through per-meeting options that organizers can adjust for specific meetings. The available options for «Who can bypass the lobby» include Everyone (no lobby), People in my organization and guests, People in my organization (only), Only organizers and co-organizers (most restrictive), and People I invite (for scheduled meetings). Organizations with security requirements for controlled meeting access typically set their meeting policy default to either «People in my organization» or «Only organizers and co-organizers» and allow organizers to make meetings more permissive on a case-by-case basis if needed, rather than setting a permissive default that relies on organizers remembering to restrict access for sensitive meetings.
Implementing lobby requirements through meeting policies or meeting options addresses several security concerns in collaborative environments including preventing Zoombombing or unauthorized meeting access by individuals who obtain meeting links without legitimate business purposes, ensuring that participants who join meetings are identified and their attendance is intentionally approved by meeting hosts, providing organizers with opportunities to brief participants in the lobby before admitting them to meetings with sensitive content, and enabling organizers to remove disruptive participants and prevent them from immediately rejoining. The lobby feature is particularly important for external-facing meetings, webinars, town halls, or any meeting discussing confidential information where attendance should be strictly controlled and monitored.
Best practices for lobby configuration in Teams recommend that organizations establish policies based on meeting types and sensitivity levels rather than using one-size-fits-all approaches. High-security meetings with sensitive business information, executive discussions, or disciplinary matters should require all participants to go through the lobby where organizers verify attendees before admission. Regular business meetings with known participants might use less restrictive settings like «People in my organization and guests» where internal employees and invited external collaborators bypass the lobby but anonymous join is still protected. Training sessions or large broadcasts might use more permissive settings while still maintaining some controls like requiring lobby entry for participants without organization credentials, balancing security with user experience appropriate to meeting context.
Option B is incorrect because enabling «Always let callers bypass the lobby» has the opposite effect of what the question requires, allowing phone participants to skip the lobby and join meetings directly without organizer approval. This setting is designed for convenience in scenarios like dial-in conference bridges where requiring lobby admission for every phone caller would create administrative burden, but it reduces security by allowing anyone with the dial-in number and meeting ID to join without verification. If the requirement is to ensure all meetings include a lobby where participants must wait for admission, this setting should be disabled rather than enabled, and phone callers should be subject to the same lobby controls as other participants.
Option C is incorrect because the «Who can present» setting controls which participants can share content, manage meeting recordings, and perform presenter functions during meetings, but it does not control whether meetings have a lobby or who must wait for admission. The presentation permission options include Everyone, People in my organization and guests, or Only organizers and co-organizers, determining who has elevated privileges during meetings. While restricting presenter permissions is good practice for meeting control and prevents unauthorized content sharing, it is a separate concern from lobby configuration. A meeting can have restrictive presenter permissions but still allow everyone to bypass the lobby and join automatically, or vice versa.
Option D is incorrect because enabling «Automatically admit people» to «Everyone» eliminates the lobby entirely, allowing all participants to join meetings automatically without waiting for organizer approval. This is the opposite of the security requirement specified in the question. When automatically admit is set to Everyone, the lobby is effectively disabled and participants join meetings immediately upon clicking join, which may be appropriate for public webinars or large open meetings but violates requirements for controlled access with mandatory lobby admission. To ensure meetings include a lobby where participants must wait, the automatically admit setting must be configured to something more restrictive than Everyone, and the bypass lobby setting must restrict who can skip the waiting process.
Question 216:
You need to configure a calling policy that prevents users from making international calls from Microsoft Teams. Which policy setting should you modify?
A) Configure call routing with outbound calling restrictions
B) Disable «Make private calls» option in calling policy
C) Set «Allow web PSTN calling» to Off
D) Configure dial plan with number pattern restrictions
Answer: A
Explanation:
Configuring call routing with outbound calling restrictions is the correct approach to prevent users from making international calls from Microsoft Teams when using Microsoft Teams Phone System or Direct Routing for PSTN connectivity. Outbound calling restrictions are implemented through Teams calling policies that can be configured to block international calls, block international calls except to specific countries, allow only domestic calls within the user’s country, or implement custom restrictions based on dialed number patterns. These restrictions are enforced at the Teams service level before calls are connected to the PSTN, preventing unauthorized international calling that could result in unexpected telecommunications costs or policy violations. The calling policy settings work in conjunction with voice routing policies for Direct Routing scenarios, providing comprehensive control over which calls users can place.
For organizations using Microsoft Calling Plan, outbound calling restrictions are configured directly in the Teams calling policy where administrators can select from predefined restriction options including «Allow all,» «Allow all except international roaming,» «Don’t allow international and roaming,» and «Don’t allow international outbound calls.» These policy options provide straightforward controls for common calling restriction scenarios without requiring complex number pattern configuration. The policies apply to all calling methods including dial pad, clicking phone numbers in Teams or other applications, and voice commands to Teams, ensuring consistent enforcement regardless of how users initiate calls. Organizations can create different calling policies for different user groups, allowing international calling for employees who require it for business purposes while restricting other users to domestic calls only.
For organizations using Direct Routing where calls are routed through on-premises or third-party Session Border Controllers (SBCs), outbound calling restrictions are implemented through a combination of Teams calling policies and voice routing policies that include number matching patterns with blocked lists. Voice routing policies specify which PSTN usages and voice routes are available to users, and administrators can create voice routes that explicitly exclude international number patterns or create separate routes for international calls that are not assigned to users who should be restricted. This approach provides granular control where administrators can allow specific international destinations for business needs while blocking other international locations, implement different restriction levels for different user groups, and coordinate Teams calling restrictions with existing telephony infrastructure and number translation rules.
Implementation of international calling restrictions should be coordinated with telecommunications cost management, employee communication policies, and business requirements analysis to ensure restrictions appropriately balance cost control with legitimate business needs. Organizations typically identify which users require international calling capability for business purposes such as sales teams working with international customers, executives managing global operations, or support teams assisting international users, then implement restrictive calling policies as the default for most users while granting international calling to specific roles or departments through custom policies. This approach minimizes unnecessary telecommunications expenses while maintaining business functionality, and it can be supplemented with call analytics and reporting to monitor calling patterns and detect potential policy violations or unauthorized calling through unmanaged devices.
Option B is incorrect because the «Make private calls» setting in Teams calling policies controls whether users can make and receive PSTN calls at all through Teams, not the geographic scope of calls they can make. This setting is an on/off toggle that enables or disables the entire calling functionality for users, affecting their ability to use Teams as a phone system replacement. Disabling private calls would prevent users from making any PSTN calls including domestic calls, which is more restrictive than necessary if the goal is specifically to block international calls while allowing domestic calls. To restrict international calls specifically while maintaining domestic calling capability, outbound calling restrictions must be configured rather than completely disabling calling functionality.
Option C is incorrect because «Allow web PSTN calling» is a setting that controls whether users can make and receive calls through Teams web client (browser-based Teams rather than desktop or mobile apps), not a setting that restricts international calls. This setting is useful in scenarios where organizations want to prevent calling through web browsers for security or quality reasons, preferring that users install Teams desktop or mobile applications for calling functionality. However, this setting does not distinguish between domestic and international calls; if web PSTN calling is disabled, users cannot make any calls through the web client regardless of destination, while if it’s enabled, they can make whatever calls their calling policy and voice routing allow including international calls if not otherwise restricted.
Option D is incorrect because while dial plans can include number pattern normalization and translation rules that affect how dialed numbers are processed, they are designed for number formatting and translation rather than calling restrictions. Dial plans (also called tenant dial plans in Teams) convert user-dialed numbers into E.164 format for routing and calling, handling scenarios like extension dialing, adding area codes for local calls, or applying country codes. Dial plans do not block calls or enforce restrictions; instead, they ensure that numbers are properly formatted for the voice routing system. To actually prevent international calls from being placed, calling policies with outbound restrictions or voice routing policies that exclude international number patterns must be configured rather than relying on dial plan manipulation.
Question 217:
You are implementing Teams Rooms for conference rooms in your organization. Which license is required for a Teams Rooms device?
A) Microsoft Teams Rooms Standard or Teams Rooms Premium license
B) Microsoft 365 E3 or E5 license
C) Microsoft Teams Phone Standard license
D) Microsoft 365 Business Basic license
Answer: A
Explanation:
Microsoft Teams Rooms Standard or Teams Rooms Premium license is the correct and required licensing for Teams Rooms devices deployed in conference rooms. Teams Rooms licenses are specifically designed for room systems and shared meeting space devices, distinct from user-based licenses like Microsoft 365 subscriptions. The Teams Rooms Standard license provides core meeting room functionality including joining Teams meetings, one-touch meeting join from calendared meetings, dual screen support for content sharing and video gallery, HDMI audio/video ingest for cameras and displays, proximity join for nearby Teams users to connect their personal devices to room systems, and content camera for whiteboard sharing. The Teams Rooms Premium license adds advanced features including intelligent audio and video capabilities, advanced device management through Microsoft Teams Rooms Pro Management portal, and extended support options.
Teams Rooms licenses must be assigned to resource accounts (room mailboxes) associated with the meeting room devices rather than to individual user accounts. The licensing model reflects that room systems are shared resources used by multiple people throughout the day rather than personal devices assigned to specific users. Each physical Teams Rooms device requires its own license regardless of how many meetings occur in the room or how many users participate, and the license remains constant whether the room is heavily utilized or occasionally used. Organizations with multiple conference rooms equipped with Teams Rooms systems need to license each room separately, and license costs should be factored into meeting room technology budgets alongside hardware costs for displays, cameras, microphones, and compute devices.
The resource account used for Teams Rooms requires specific configuration beyond just license assignment including a mailbox hosted in Exchange Online or Exchange Server for calendar integration, appropriate permissions configured for room scheduling and calendar processing, authenticated sign-in credentials for the Teams Rooms device to connect to Microsoft 365 services, and potentially Microsoft Teams Phone licensing if the room system needs to make or receive PSTN calls directly. The resource account enables Teams Rooms devices to automatically display upcoming meetings scheduled for that room, provide one-touch join for meetings, show room availability status, and integrate with room booking systems and workplace management platforms for comprehensive meeting space management.
Organizations deploying Teams Rooms should consider the licensing implications for related features and services that enhance room system functionality including Teams Phone licensing if rooms need direct dial-in capability or PSTN calling features, Audio Conferencing licenses if dial-in access for external participants is required for meetings held in that room, and Microsoft Teams Rooms Premium for organizations wanting advanced management capabilities including remote device monitoring, automated alerts for device health issues, and detailed analytics on room utilization and meeting quality. The licensing decision should align with room types and their intended usage, where small huddle rooms might need only Standard licensing while executive boardrooms and training facilities might benefit from Premium licensing and additional features.
Option B is incorrect because Microsoft 365 E3 or E5 licenses are user-based subscriptions designed for individual employees that provide access to Microsoft 365 applications, services, and collaboration tools but do not include the specific capabilities required for Teams Rooms devices. While E3 and E5 licenses enable users to join meetings in Teams Rooms and use the shared devices, the room systems themselves require dedicated Teams Rooms licenses rather than consuming user licenses. Attempting to use a standard user license for a Teams Rooms device would not provide the appropriate meeting room device features and would not be a supported licensing configuration. User licenses and Teams Rooms licenses serve different purposes and are priced differently reflecting their distinct value propositions.
Option C is incorrect because Microsoft Teams Phone Standard license provides PSTN calling capability for individual users through Microsoft Calling Plan or Direct Routing, but it is not the correct license type for Teams Rooms devices. While a Teams Rooms device might need a Teams Phone license in addition to the Teams Rooms license if the room needs direct PSTN calling capability, the Phone license alone is not sufficient to enable core Teams Rooms functionality for meeting participation, calendar integration, and room system features. The Teams Phone license is supplementary to the required Teams Rooms license, not a replacement for it, and many organizations deploy Teams Rooms without Phone licenses when rooms only need to participate in internal and external Teams meetings without direct dial-in or dial-out capability.
Option D is incorrect because Microsoft 365 Business Basic is an entry-level user subscription designed for small and medium businesses that provides web and mobile versions of Microsoft 365 applications and Teams collaboration capabilities for individual users, but it does not include or replace the specialized licensing required for Teams Rooms devices. Business Basic licenses are appropriate for users in small organizations who need basic productivity and collaboration tools, but Teams Rooms devices require dedicated room system licenses regardless of the organization size or the type of Microsoft 365 subscription used by the organization’s employees. The licensing requirement for Teams Rooms is consistent across organization types and sizes, always requiring Teams Rooms Standard or Premium licenses for the devices themselves.
Question 218:
You need to configure Teams to automatically delete messages in channels after 30 days to comply with data retention policies. Which feature should you implement?
A) Retention policy in Microsoft 365 Compliance center
B) Messaging policy in Teams admin center
C) Expiration policy in Teams settings
D) Data loss prevention policy with deletion rules
Answer: A
Explanation:
Retention policy configured in the Microsoft 365 Compliance center is the correct feature for automatically deleting Teams channel messages after 30 days to meet data retention requirements. Retention policies in Microsoft 365 provide organization-wide or location-specific rules that automatically retain content for specified periods and then delete it, ensuring compliance with legal, regulatory, and business requirements for information lifecycle management. For Teams specifically, retention policies can be configured to cover Teams channel messages, Teams chat messages (1:1 and group chats), and Teams private channel messages, with different retention periods configurable for each location. The policies operate at the backend service level, automatically deleting content at the end of retention periods without requiring user action or administrative intervention beyond initial policy configuration.
Teams retention policies support flexible configuration options that enable various compliance scenarios including delete-only policies that remove content after specified periods without preserving it, retain-only policies that preserve content indefinitely or for specified periods without automatic deletion, and retain-then-delete policies that preserve content for required retention periods before automatically deleting it. For the scenario in the question requiring automatic deletion after 30 days, administrators would create a delete-only retention policy or a retain-then-delete policy with a 30-day retention period applied to the Teams channel messages location. The policy can be scoped to all teams and channels in the organization, specific teams selected by name or through dynamic membership groups, or specific users whose channel messages should be subject to the retention policy regardless of which teams they participate in.
When implementing retention policies for Teams, administrators should understand the retention behavior and its implications for user experience and data availability. Retained content is removed from users’ view in Teams when it reaches the end of its retention period, meaning messages older than the policy threshold no longer appear in channel conversations or search results. However, if legal hold, eDiscovery hold, or litigation hold is active on mailboxes or teams, content may be preserved in hidden locations for compliance purposes even after visible deletion, ensuring that organizations can meet legal discovery obligations while maintaining retention policies. The retention policy configuration includes priority settings that determine which policy applies when multiple conflicting policies cover the same content, with the most restrictive policy (longest retention) taking precedence.
Organizations implementing Teams retention policies should coordinate with legal, compliance, records management, and business stakeholders to ensure retention periods align with regulatory requirements, legal obligations, business needs, and organizational records management policies. Common considerations include industry-specific regulations dictating minimum retention periods for certain communications such as financial services requirements for retaining customer communications, legal department requirements for preserving content related to litigation or investigations beyond normal retention periods, business needs for maintaining institutional knowledge and decision history in long-term projects, and storage cost optimization by removing obsolete content while maintaining required records. Many organizations implement multiple retention policies with different retention periods for different types of teams such as longer retention for teams handling regulated business activities and shorter retention for informal collaboration spaces.
Option B is incorrect because messaging policies in the Teams admin center control messaging features and capabilities such as whether users can edit or delete their own messages, use chat features, send priority notifications, or use emojis and Giphy, but messaging policies do not provide data retention or automatic deletion functionality. Messaging policies are real-time controls over messaging behavior and user experience, while retention policies are compliance controls over information lifecycle management. The ability for users to manually delete messages through messaging policy settings is unrelated to automatic time-based deletion enforced by retention policies. To implement automatic 30-day deletion of channel messages for compliance purposes, retention policies in the Compliance center must be configured.
Option C is incorrect because there is no «Expiration policy» feature in Teams settings for automatically deleting messages after time periods. While Teams includes settings for message deletion permissions, file retention, and various messaging behaviors, automatic time-based content deletion for compliance purposes is exclusively handled through Microsoft 365 retention policies in the Compliance center rather than through Teams-specific settings. The centralized compliance center approach ensures consistent retention policy management across all Microsoft 365 workloads including Teams, Exchange, SharePoint, and OneDrive, enabling coordinated compliance strategies rather than application-specific retention configurations that could create management complexity and compliance gaps.
Option D is incorrect because data loss prevention (DLP) policies are designed to detect sensitive information in content and prevent unauthorized sharing, leaking, or inappropriate use of confidential data, not to automatically delete messages based on age for retention compliance purposes. DLP policies scan content for patterns like credit card numbers, social security numbers, or custom sensitive information types, and they take protective actions like blocking message sending, removing sensitive content, or requiring business justification when sensitive data is detected. While DLP is an important component of information protection strategy, it serves a different purpose than retention policies. DLP prevents sensitive data from leaving organizational control, while retention policies govern information lifecycle by preserving and deleting content according to time-based rules for compliance and governance objectives.
Question 219:
You are troubleshooting poor audio quality in Teams meetings. Users report choppy audio and frequent dropouts. Which tool should you use to analyze real-time media performance?
A) Call Quality Dashboard (CQD) in Teams admin center
B) Network planner in Teams admin center
C) Usage reports in Microsoft 365 admin center
D) Service health dashboard in Microsoft 365 admin center
Answer: A
Explanation:
Call Quality Dashboard (CQD) in the Teams admin center is the correct tool for analyzing real-time media performance and troubleshooting audio quality issues in Teams meetings. CQD provides comprehensive telemetry data about call and meeting quality across the organization, including detailed metrics for audio, video, and screen sharing streams such as jitter, packet loss, round-trip time, network conditions, device performance, and call reliability statistics. The dashboard aggregates data from all Teams calls and meetings in the organization, enabling administrators to identify patterns in quality issues, correlate problems with specific network locations, subnets, or devices, and measure the impact of quality problems across user populations. CQD is specifically designed for media quality analysis and provides the depth of data necessary to diagnose root causes of audio quality problems like the choppy audio and dropouts described in the question.
CQD presents quality data through multiple views and report templates that help administrators analyze quality from different perspectives including overall call quality trends showing organization-wide quality metrics over time to identify whether problems are widespread or isolated, location-based reports that correlate quality issues with specific offices, buildings, or network segments to pinpoint infrastructure problems, device and client reports that identify whether quality issues are associated with specific hardware, drivers, or Teams client versions, and detailed stream analysis that provides granular technical metrics for individual call streams enabling deep-dive troubleshooting of specific quality issues. The dashboard uses quality classification based on industry standards where streams are categorized as «good,» «poor,» or «unclassified» based on metrics like jitter, packet loss percentage, and round-trip latency, providing clear visibility into the percentage of calls meeting quality standards.
When troubleshooting audio quality issues with CQD, administrators should follow systematic analysis approaches starting with identifying whether quality issues affect specific locations, subnets, or network segments which would indicate network infrastructure problems, examining whether issues correlate with specific time periods suggesting capacity or congestion problems, checking whether specific devices, operating systems, or Teams client versions show degraded performance indicating driver or software issues, and analyzing building and floor-level data to identify Wi-Fi problems, insufficient bandwidth, or network configuration issues in specific facilities. CQD provides building data mapping capabilities where administrators can upload building information including subnets, locations, and network details, enabling geographic and network topology visualization of quality problems that facilitates targeted remediation efforts.
Best practices for using CQD in ongoing Teams quality management include establishing baseline quality metrics during initial Teams deployment to understand normal performance levels and identify degradation over time, scheduling regular quality review sessions where IT teams examine CQD data to proactively identify emerging quality issues before they significantly impact users, creating custom reports focused on specific quality metrics or organizational priorities such as executive user experience or critical business locations, and integrating CQD analysis with network monitoring tools and help desk ticketing systems to correlate user-reported issues with objective quality telemetry. Many organizations designate Teams quality champions who regularly review CQD data, investigate quality trends, and coordinate with network and infrastructure teams to resolve underlying issues affecting call quality.
Option B is incorrect because the Network Planner in Teams admin center is a planning and design tool used before deploying Teams to model network requirements, estimate bandwidth consumption, and assess whether existing network infrastructure can support Teams traffic, not a real-time diagnostic tool for troubleshooting existing quality problems. Network Planner helps administrators calculate how many network sites they have, estimate user counts at each site, determine bandwidth requirements for Teams workloads, and generate network readiness reports that identify potential capacity issues. While Network Planner is valuable during pre-deployment planning phases, it does not analyze actual call quality telemetry from production Teams usage and cannot diagnose specific audio quality problems users are experiencing in live environments.
Option C is incorrect because Usage reports in the Microsoft 365 admin center provide activity and adoption metrics such as how many users are active in Teams, how many meetings are held, how many messages are sent, and which features are being used, but they do not include detailed media quality telemetry necessary for diagnosing audio quality issues. Usage reports are business intelligence tools designed to help organizations understand Teams adoption, track user engagement, justify licensing investments, and identify opportunities for training or change management. While usage reports might show whether users are participating in Teams meetings, they do not provide the technical quality metrics like jitter, packet loss, or network performance data needed to troubleshoot choppy audio and dropouts.
Option D is incorrect because the Service Health Dashboard in Microsoft 365 admin center displays the operational status of Microsoft 365 services including whether Teams is experiencing platform-level outages, service degradations, or known issues affecting multiple customers, but it does not provide organization-specific call quality data or diagnostics for network or device-related quality problems. The Service Health Dashboard is useful for determining whether reported problems are due to Microsoft service issues versus local infrastructure or configuration problems, and it provides Microsoft’s incident reports and resolution updates for platform issues. However, the audio quality problems described in the question (choppy audio and dropouts) are typically caused by network conditions, bandwidth limitations, device issues, or Wi-Fi problems rather than Microsoft service outages, making CQD the appropriate diagnostic tool.
Question 220:
You need to configure a channel in Teams so that only specific team members can post messages, while all team members can read messages. Which channel moderation setting should you enable?
A) Turn on channel moderation and specify who can post
B) Make the channel private with restricted membership
C) Configure a messaging policy restricting channel posts
D) Enable «Only owners can post messages» in team settings
Answer: A
Explanation:
Turning on channel moderation and specifying who can post is the correct configuration for creating announcement-style channels where only designated team members can post messages while all team members retain read access. Channel moderation is a feature in Microsoft Teams that allows team owners to control who can start new posts in specific channels, effectively creating one-to-many communication channels ideal for announcements, company news, policy updates, or other scenarios where leadership or designated communicators need to share information without opening channels to unrestricted posting. When channel moderation is enabled, team owners designate which team members are moderators who can start new posts, while non-moderators can still read all messages, reply to existing threads if configured to allow it, and use reactions to acknowledge or respond to posts without creating top-level posts.
Channel moderation provides granular configuration options that balance communication control with collaboration needs including settings for who can start new posts (team owners only, team owners and moderators, or everyone), whether team members can reply to existing messages which allows threaded discussions under moderated posts while preventing new top-level posts, whether moderators and authors receive notifications about new replies ensuring they can monitor discussions, and whether bot and connector messages are allowed which enables automated posts from systems and services while restricting user-initiated posts. These flexible settings enable various moderation scenarios from strict announcement channels where only leaders post and members read without replying, to semi-moderated channels where approved moderators start discussion topics and all members participate in threaded conversations.
Implementing channel moderation requires team owners to configure the specific channel settings rather than organization-wide policies, providing per-channel control that reflects different communication purposes within teams. In a single team, some channels might use moderation for company-wide announcements or policy communications, while other channels remain unmoderated for normal collaborative work and discussion. To enable moderation, team owners navigate to channel settings, turn on channel moderation, select which team members are moderators who can post, and configure whether replies are allowed and other moderation options. The moderation status is visible to team members through visual indicators in the channel showing that moderation is active and identifying who the channel moderators are, setting appropriate expectations for how communication works in that channel.
Best practices for channel moderation in Teams recommend using moderation strategically for channels with specific communication purposes rather than broadly applying moderation across all channels which would inhibit collaboration. Common use cases include all-company announcement channels where executives and communications teams share organizational news without general discussion, policy and procedure channels where HR or compliance teams publish official information, project status channels where project managers provide updates to stakeholder teams, and training and onboarding channels where facilitators share instructional content to learners. In each case, moderation ensures that important information remains focused and authoritative while preventing clutter from off-topic posts or questions better addressed in other channels or through direct support.
Option B is incorrect because making a channel private restricts membership to specific team members who can access the channel at all, rather than allowing all team members to read while restricting posting to specific members. Private channels are separate collaboration spaces within teams where confidential discussions or work can occur with limited membership, and members of private channels have full posting rights within those channels. The privacy setting controls who can access the channel content entirely, not who can post within a channel accessible to the full team. For scenarios where all team members should see content but only specific members should post, standard channels with moderation enabled are the appropriate solution rather than private channels with restricted membership.
Option C is incorrect because messaging policies in Teams admin center control messaging features for users across all teams and channels such as whether users can edit or delete messages, use priority notifications, or send multimedia content, but messaging policies do not provide channel-specific posting restrictions. Messaging policies apply broadly to users’ Teams experience rather than providing granular control over individual channel posting rights. While messaging policies could theoretically disable all channel posting for certain users, this would affect all channels across all teams those users belong to, which is far too broad for the requirement of restricting posting in specific announcement channels while allowing normal participation in other channels.
Option D is incorrect because there is no team-level setting called «Only owners can post messages» that applies to all channels in a team. Team settings include various options for member permissions such as whether members can create, update, or delete channels, whether members can add apps or tabs, and whether @mentions are allowed, but blanket posting restrictions across all channels are not configurable at the team level. Teams is designed for collaboration where team members generally have posting rights in standard channels, and posting restrictions are implemented through channel-specific moderation settings when needed. If the goal is to restrict posting in specific announcement channels while maintaining normal collaboration in other channels, channel moderation must be configured on the specific channels requiring restrictions.
Question 221:
You are implementing Phone System in Teams with Direct Routing. Which component routes calls from Teams to the PSTN?
A) Session Border Controller (SBC) configured with Direct Routing
B) Microsoft Calling Plan gateway
C) Exchange Online mail flow connector
D) Azure AD Application Proxy
Answer: A
Explanation:
Session Border Controller (SBC) configured with Direct Routing is the component that routes calls from Microsoft Teams to the PSTN (Public Switched Telephone Network) in Direct Routing deployments. An SBC is a network element positioned at the boundary between an organization’s network and external networks that controls real-time communication sessions, providing protocol interoperability between Teams’ cloud-based media and signaling protocols and traditional telephony systems and carriers. In Direct Routing architecture, the SBC connects to Microsoft Teams Phone System through secure SIP (Session Initiation Protocol) trunking over the internet or ExpressRoute, receives call requests from Teams when users place PSTN calls, translates and routes those calls to the appropriate telephony carrier or on-premises voice infrastructure, and handles incoming PSTN calls by routing them to Teams users based on phone number assignments and routing configuration.
Direct Routing provides organizations with flexibility to leverage existing telephony investments and carrier relationships while adopting Teams as their unified communications platform. Unlike Microsoft Calling Plan where Microsoft provides PSTN connectivity directly, Direct Routing allows organizations to connect their own PSTN carriers, on-premises voice infrastructure, or third-party telephony services to Teams through certified SBCs. This approach enables scenarios where organizations have favorable carrier contracts they want to maintain, have regulatory requirements for local PSTN connectivity in specific countries where Calling Plan isn’t available, need to integrate Teams with existing PBX systems during migration periods, or require advanced voice features and call routing capabilities provided by enterprise voice platforms that integrate with Teams through SBC interoperability.
Implementing Direct Routing requires careful planning and configuration across multiple components including selecting and deploying certified SBCs that have been tested and validated by Microsoft for Teams Direct Routing compatibility, configuring SBC connectivity to Microsoft 365 including SIP trunk settings, security certificates, and firewall rules for media and signaling traffic, creating voice routing policies in Teams admin center that define how calls are routed based on dialed numbers and user locations, assigning phone numbers to users and configuring dial plans for number normalization, and establishing voice routing rules that match dialed number patterns to PSTN usages and routes that determine which SBC and carrier connections handle specific calls. The configuration must ensure redundancy and failover capabilities to maintain voice service availability even when SBCs or carrier connections experience failures.
Organizations implementing Direct Routing should work with experienced telecommunications and unified communications professionals or partners who understand both traditional telephony concepts and Teams cloud architecture. The complexity of Direct Routing deployments arises from the need to coordinate cloud services, network connectivity, SBC configuration, and carrier integration while ensuring voice quality, reliability, emergency calling compliance, and regulatory requirements are met. Many organizations engage Microsoft partners or telecommunications providers who offer managed SBC services or Direct Routing as a service, where the provider handles SBC deployment, configuration, maintenance, and carrier relationships while the organization focuses on Teams deployment and user experience, simplifying Direct Routing adoption while leveraging expert knowledge in voice infrastructure and telephony.
Option B is incorrect because Microsoft Calling Plan gateway is the Microsoft-provided infrastructure that connects Teams to the PSTN when organizations use Microsoft’s Calling Plan service rather than Direct Routing. Calling Plan is Microsoft’s first-party PSTN connectivity solution where Microsoft acts as the telecommunications carrier, provides phone numbers, and handles all PSTN connectivity through Microsoft-managed infrastructure. When organizations use Calling Plan, they do not deploy or configure SBCs because Microsoft’s cloud infrastructure handles PSTN connectivity end-to-end. Direct Routing and Calling Plan are alternative approaches to PSTN connectivity in Teams, and the question specifically asks about Direct Routing which requires customer or partner-deployed SBCs rather than using Microsoft’s calling gateway.
Option C is incorrect because Exchange Online mail flow connectors are used to configure email routing between Exchange Online and external email systems such as on-premises Exchange servers or third-party email security services, not for voice call routing to the PSTN. Mail flow connectors define how email messages flow in and out of the organization, including TLS encryption requirements, smart host routing, and certificate validation for email traffic. They are completely separate from voice routing architecture and have no role in Teams Phone System or PSTN connectivity. Voice calls in Teams are routed through voice-specific infrastructure including SBCs for Direct Routing or Microsoft voice gateways for Calling Plan, not through email infrastructure or connectors.
Option D is incorrect because Azure AD Application Proxy is a service that provides secure remote access to on-premises web applications for external users through Azure AD authentication, not a component of voice call routing to PSTN. Application Proxy enables scenarios where organizations publish internal web applications to external users without requiring VPNs, providing pre-authentication through Azure AD and conditional access policies before allowing application access. This service is completely unrelated to Teams Phone System, PSTN connectivity, or voice call routing. Teams voice architecture for Direct Routing uses SBCs for PSTN interoperability rather than any application publishing or remote access proxies designed for web application scenarios.
Question 222:
You need to prevent users from downloading files from Teams on unmanaged devices. Which policy type should you configure?
A) Conditional access policy with app control for Teams
B) App protection policy in Endpoint Manager
C) Data loss prevention policy for Teams
D) Teams app permission policy restricting file access
Answer: A
Explanation:
Conditional access policy with app control for Microsoft Teams is the correct configuration to prevent users from downloading files from Teams on unmanaged devices while maintaining access to other Teams functionality. Conditional access policies in Azure AD enable administrators to control access to cloud applications based on conditions such as user identity, device compliance state, location, risk level, and client application, with access controls including requiring multi-factor authentication, requiring device compliance, blocking access, or applying session controls. The session control option «Use app enforced restrictions» or «Use Conditional Access App Control» can be configured to limit Teams functionality on non-compliant or unmanaged devices, specifically restricting the ability to download files to local storage while still allowing users to view files online, participate in chats and meetings, and use Teams for communication without compromising organizational data security.
Conditional access app control for Teams leverages Microsoft Defender for Cloud Apps (formerly Cloud App Security) integration to provide granular session-level controls over Teams functionality based on device trust state. When a user accesses Teams from an unmanaged device that doesn’t meet conditional access compliance requirements, the policy can apply restrictions that prevent downloading files while allowing online access to content, prevent copying content to clipboard to prevent data exfiltration, prevent printing documents that could transfer data outside managed environments, and watermark content with user and session information to track potential data leakage. These controls maintain user productivity by allowing Teams access for communication and collaboration while protecting sensitive organizational data from being transferred to uncontrolled personal devices that may lack encryption, anti-malware protection, or management oversight.
Implementing conditional access policies for Teams file download restrictions requires careful policy design to balance security with user experience and business needs. The typical policy configuration includes defining what constitutes a «managed device» through device compliance policies or hybrid Azure AD join requirements, creating conditional access policies that apply to Microsoft Teams cloud application targeting either all users or specific groups that require protection, configuring policy conditions including device platform, device state, and location requirements, and setting grant controls to require device compliance or session controls to apply app-enforced restrictions when compliance cannot be met. Organizations often implement multiple policies with different restriction levels for different user populations, such as executives and users handling sensitive data receiving stricter controls than general information workers.
Best practices for conditional access policies restricting Teams file downloads include piloting policies with limited user groups before broad deployment to identify usability issues and gather feedback, clearly communicating policy changes to users explaining why restrictions exist and how to access managed devices for full functionality, providing mechanisms for users to enroll personal devices in management or request managed devices when legitimate business needs require file downloads, monitoring conditional access logs and Defender for Cloud Apps activity to ensure policies are enforced as intended and to identify users frequently affected by restrictions who may need policy exceptions or managed devices, and regularly reviewing policies to ensure they remain aligned with organizational security requirements and compliance obligations while supporting evolving business needs and work patterns.
Option B is incorrect because app protection policies in Microsoft Endpoint Manager (Intune) provide data protection for mobile applications on iOS and Android devices through app-level security controls such as PIN requirements, encryption, and restrictions on data transfer between managed and unmanaged apps, but they do not extend to Teams desktop or web clients on Windows and Mac computers. App protection policies are valuable for mobile device scenarios where organizations want to protect corporate data in apps without requiring full device management, but they don’t provide the cross-platform control over Teams file downloads on all device types that conditional access app control delivers. For comprehensive protection across all platforms including desktops, conditional access with app control is the appropriate solution.
Option C is incorrect because data loss prevention (DLP) policies for Teams focus on detecting and preventing sharing of sensitive information based on content inspection such as credit card numbers, social security numbers, or custom sensitive information types, not on controlling downloads based on device management state. DLP policies analyze message content and shared files to identify sensitive data and can block sharing, require business justification, or send notifications when policy violations are detected. However, DLP policies do not distinguish between managed and unmanaged devices when applying restrictions, and they do not specifically control file download capabilities based on device trust. To prevent downloads specifically on unmanaged devices while allowing them on managed devices, conditional access is the appropriate control mechanism.
Option D is incorrect because Teams app permission policies control which third-party apps users can install and use within Teams such as tabs, bots, connectors, and messaging extensions, not file download capabilities or access controls based on device state. App permission policies enable administrators to manage the Teams app ecosystem by allowing or blocking specific apps organization-wide or for specific user groups, but they do not provide data protection controls like restricting file downloads on unmanaged devices. File access and download restrictions based on device management state require conditional access policies with session controls rather than app permission policies which serve a different purpose in Teams governance.
Question 223:
You are configuring live events in Teams for a company town hall meeting with 5,000 attendees. Which role can control the live event by starting and stopping the broadcast?
A) Event producer
B) Event attendee
C) Event presenter
D) Event moderator
Answer: A
Explanation:
Event producer is the role that controls Microsoft Teams live events by starting and stopping the broadcast, managing what content and video feeds are shown to attendees, and handling technical production aspects of the event. The producer role is specifically designed for technical production staff or meeting coordinators who manage the behind-the-scenes aspects of live events, controlling the production through the Teams producer interface where they select which video feeds, screens, and content appear in the live broadcast stream, determine when the event starts and ends, manage presenter transitions, and handle any technical adjustments needed during the event. Producers have full control over the event production without necessarily appearing on camera themselves, allowing separation between technical production roles and content presentation roles similar to professional broadcast or webinar production models.
Live events in Teams use a role-based model with three distinct roles that serve different functions in event production and participation. Producers manage the technical aspects and control the broadcast stream as described above. Presenters are the speakers, panelists, or content experts who appear in the live event, share their video, audio, and screens, and deliver the event content to the audience. Attendees are the viewers who watch the live event broadcast but cannot present content or control production, and they participate through Q&A if enabled by event organizers. This role separation enables professional-quality broadcasts where dedicated production staff handle technical operations while subject matter experts focus on content delivery without worrying about production mechanics, and large audiences can consume content without creating technical complexity from thousands of active participant connections.
When planning Teams live events, organizers assign roles during event scheduling by designating which team members are producers who need production control, which team members or guests are presenters who will deliver content, and whether event registration is required for attendees or if the event is open to anyone with the link. Producers and presenters join the event through Teams using dedicated production interfaces with full control and communication capabilities including a private backstage area where they can communicate and prepare without attendees seeing or hearing them. Attendees join through a streaming endpoint that delivers the broadcast content with minimal bandwidth requirements and simplified viewing interface appropriate for large-scale events. The role assignments and production workflow enable events scaling from small webinars to organization-wide broadcasts with tens of thousands of attendees.
Best practices for Teams live events recommend assigning dedicated producers who focus solely on production rather than combining production and presentation roles which can lead to distractions and production errors, rehearsing events with all producers and presenters to ensure they understand their roles and how to use production controls, preparing backup producers who can take over if primary producers experience technical issues or connectivity problems, using two screens for producers so they can monitor the public broadcast stream on one screen while controlling production on another, and coordinating with presenters through the backstage chat and audio to manage transitions smoothly. Many organizations establish dedicated live events teams with trained producers who support multiple events across the organization, ensuring consistent quality and professional production standards for corporate communications.
Option B is incorrect because event attendees are viewers who watch the live broadcast but have no control over event production, starting, stopping, or content selection. Attendees consume the event through a streaming interface that provides the video feed, optional Q&A participation, and reactions or polls if enabled, but they cannot affect the broadcast content or production flow. The attendee role is designed for large-scale passive viewing where the audience receives the broadcast without the technical overhead or security concerns of allowing thousands of participants to have production controls. Attendees join events to receive information and may interact through Q&A, but they do not have producer privileges to control the broadcast.
Option C is incorrect because event presenters deliver content and appear in the live event but do not have control over starting and stopping the broadcast or selecting which feeds appear in the public stream. Presenters can share their video, audio, and screens, which producers then choose to include in the broadcast, but presenters do not directly control the production or determine when the event starts or ends. This separation ensures that subject matter experts and speakers can focus on content delivery without needing technical production skills, while dedicated producers handle the broadcast controls. In some small events, a single person might serve as both presenter and producer, but these are distinct roles with different capabilities and responsibilities.
Option D is incorrect because «event moderator» is not a defined role in Teams live events role model, which consists of producers, presenters, and attendees. While the term moderator might be used colloquially to describe someone managing Q&A or coordinating presenters, it is not a technical role with specific permissions in Teams live events architecture. Q&A moderation in live events is typically handled by producers or designated presenters who have access to the Q&A panel and can publish questions for presenters to answer, but this is a function performed by users in producer or presenter roles rather than a separate moderator role. Event control including starting and stopping broadcasts remains specifically with the producer role.
Question 224:
You need to enable users to share their screens with audio in Teams meetings. Which client requirement must be met?
A) Teams desktop client on Windows or Mac
B) Teams mobile app on iOS or Android
C) Teams web client in any browser
D) Teams Room system with content camera
Answer: A
Explanation:
Teams desktop client on Windows or Mac is required for users to share their screens with system audio in Teams meetings. System audio sharing allows presenters to broadcast computer audio along with screen content, enabling scenarios such as sharing video clips with sound, demonstrating software that generates audio feedback, presenting music or sound design content, or conducting training on audio applications where participants need to hear the output. This capability requires desktop client features that integrate with operating system audio routing to capture system sound and mix it with the screen sharing stream, functionality that is not available in mobile apps or limited web clients due to technical constraints and platform API limitations in browser and mobile environments.
The screen sharing with audio feature in Teams desktop clients provides several options that give presenters control over what they share and how audio is handled including sharing entire screen with system audio which broadcasts everything visible on the display along with all computer sounds, sharing specific application windows with their audio which limits the shared content to selected applications and their audio outputs reducing accidental sharing of unintended content, including microphone audio simultaneously with system audio so presenters can narrate while computer audio plays, and optimizing audio for music or media which uses higher fidelity audio encoding for scenarios where sound quality is important. These capabilities make the desktop client the preferred platform for content-rich presentations and demonstrations where audio is integral to the shared content.
When users share screens with audio from Teams desktop clients, the audio is processed and transmitted through Teams media optimization that prioritizes audio quality and synchronization with video content to prevent lip sync issues or audio dropouts. The system audio capture mechanism works differently on Windows and Mac due to operating system differences: Windows uses stereo mix or similar audio routing to capture system sounds, while Mac uses Core Audio framework capabilities. Both implementations achieve similar results for meeting participants who receive synchronized audio and video streams regardless of which operating system the presenter uses. Presenters should test system audio sharing before important presentations to ensure their audio devices and applications work correctly with Teams audio capture, as some audio configurations or applications may require adjustments for optimal sharing.
Organizations deploying Teams should ensure users have desktop clients installed and up to date to access the full range of sharing capabilities including system audio, and they should provide guidance and training on how to share effectively including when to use system audio versus presentation mode without audio, how to optimize sharing for specific content types like video or detailed graphics, best practices for preparing content before meetings to minimize transitions and technical issues during live presentations, and troubleshooting steps for common sharing issues like missing audio or poor video quality during screen sharing. Many organizations create tip sheets or quick reference guides for presenters that cover sharing capabilities and best practices specific to common presentation scenarios in their business context.
Option B is incorrect because Teams mobile apps on iOS and Android support screen sharing of the mobile device screen but do not support system audio sharing. Mobile screen sharing is useful for demonstrating mobile apps or sharing content visible on phones or tablets, but due to mobile operating system limitations and API restrictions, mobile clients cannot capture and broadcast system audio along with screen content. Mobile users participating in meetings can share their device screens silently, but if audio accompaniment is needed, that must come from the microphone audio (such as the presenter speaking to explain what’s on screen) rather than from app audio or media playing on the device. For presentations requiring system audio sharing, Windows or Mac desktop clients must be used.
Option C is incorrect because Teams web client has limited screen sharing capabilities compared to desktop clients, and system audio sharing is not supported in web browsers. While Teams web client supports basic screen sharing of browser tabs or entire screens depending on browser capabilities, the web platform lacks the operating system integration necessary to capture and route system audio into the meeting stream. Web client users can share their screens and use microphone audio for narration, but computer audio from applications, media players, or other sources cannot be included in the shared content. Organizations that require full meeting functionality including system audio sharing should deploy Teams desktop clients to their users rather than relying on web browser access.
Option D is incorrect because Teams Rooms systems are designed for meeting room environments and support content sharing from connected HDMI sources or through proximity-based content sharing from users’ personal devices, but they do not provide presenter screen sharing with system audio in the same way personal computers do. Teams Rooms display content connected to their HDMI inputs or shared by meeting participants from their own devices, but the room system itself is not a presenting platform where users log in and share their personal computer screens with audio. For screen and audio sharing in meetings where Teams Rooms are participants, users would share from their personal Teams desktop clients rather than through the room system, and that shared content would then be displayed on room screens for in-room participants.
Question 225:
You are implementing a governance plan for Microsoft Teams. Which feature should you configure to automatically delete teams that have no activity after 90 days?
A) Microsoft 365 Groups expiration policy
B) Teams retention policy for inactive teams
C) Teams lifecycle management workflow
D) Azure AD dynamic groups with expiration rules
Answer: A
Explanation:
Microsoft 365 Groups expiration policy is the correct feature for automatically deleting teams that have no activity after a specified period such as 90 days. Since every Microsoft Team is built on a Microsoft 365 Group, the Groups expiration policy applies to Teams and provides automated lifecycle management that helps organizations maintain a clean tenant by removing unused teams that accumulate over time. The expiration policy works by setting a renewal period (such as 90, 180, or 365 days) after which groups approach expiration, sending automated renewal notifications to group owners before expiration deadlines, requiring owners to actively renew groups that are still needed by clicking a renewal link in email or through Teams interface, and automatically deleting groups and their associated teams if owners do not renew them before the expiration date, effectively archiving inactive teams that no longer serve business purposes.
The Groups expiration policy includes intelligent features that reduce administrative burden and prevent active teams from being unnecessarily deleted including activity-based auto-renewal where groups with recent activity are automatically renewed without requiring owner action, ensuring only truly inactive teams reach expiration, email notifications sent to group owners 30 days, 15 days, and 1 day before expiration providing multiple opportunities for owners to renew needed teams, soft deletion where expired teams are retained in a deleted state for 30 days before permanent deletion allowing recovery if teams are accidentally allowed to expire, and policy scope options that can apply expiration to all groups, selected groups, or no groups, enabling staged rollouts or exceptions for specific teams that should not be subject to expiration. These features balance governance needs for removing unused teams with safeguards against accidental deletion of active resources.
Implementing Groups expiration policy requires planning and communication to ensure successful adoption without disrupting business operations. Organizations should determine appropriate expiration periods based on their team creation patterns and usage culture, with shorter periods (90-180 days) appropriate for organizations with many short-lived project teams and longer periods (365 days) suitable for organizations where teams tend to serve ongoing business functions. Change management is critical, including communicating the policy to team owners explaining why it exists and what actions they need to take, providing clear instructions on how to renew teams before expiration, establishing processes for owners to request policy exceptions for teams that should never expire such as company-wide teams or departmental collaboration spaces, and monitoring expiration reports to identify trends such as specific departments creating many teams that go unused or popular teams that owners forget to renew due to notification issues.
Best practices for Groups expiration policy recommend starting with longer expiration periods and gradually reducing them as the organization matures in Teams governance, exempting critical teams from expiration through policy scope settings or manual exclusions to prevent accidental deletion of important resources, combining expiration policy with team creation governance such as approval workflows or naming conventions to ensure teams are created with clear purposes and ownership accountability, regularly reviewing expired teams before permanent deletion to identify patterns or recovery needs, and using expiration data to inform user training highlighting the importance of team ownership responsibilities and lifecycle management. Many organizations establish governance review boards that periodically assess Teams usage patterns and adjust expiration policies based on organizational needs and maturity in collaborative platform management.
Option B is incorrect because there is no «Teams retention policy for inactive teams» that automatically deletes teams based on inactivity. Retention policies in Microsoft 365 Compliance center control content retention and deletion within teams such as messages and files, but they do not delete team containers themselves based on inactivity. Retention policies operate on content preservation and disposal schedules independent of team activity levels, ensuring content meets compliance requirements regardless of whether teams are actively used. To automatically delete inactive team containers (the groups and associated resources), expiration policy must be used rather than retention policies which serve different governance purposes focused on information lifecycle rather than resource lifecycle.
Option C is incorrect because «Teams lifecycle management workflow» is not a specific built-in feature in Microsoft Teams or Microsoft 365, though organizations may implement custom lifecycle workflows using Power Automate or third-party governance tools. While custom workflows can potentially identify inactive teams and take actions like notifying owners or proposing deletion, the native Microsoft 365 feature for automatically managing team expiration based on inactivity is the Groups expiration policy. Organizations looking for out-of-the-box lifecycle management should configure Groups expiration policy rather than building custom automation, though custom workflows might supplement the native feature for specific organizational requirements not addressed by standard policy capabilities.
Option D is incorrect because Azure AD dynamic groups with expiration rules do not exist as a feature for automatically deleting teams based on inactivity. Azure AD dynamic groups use membership rules based on user attributes to automatically add or remove members from groups, but they do not have expiration or deletion capabilities based on activity. Dynamic groups solve a different problem related to automated membership management rather than lifecycle management of the group containers themselves. For automatically deleting inactive teams and their underlying Microsoft 365 Groups, the Groups expiration policy specifically designed for lifecycle management must be configured rather than relying on dynamic group features which do not include expiration or activity-based deletion functionality.