Microsoft MS-700 Managing Teams Exam Dumps and Practice Test Questions Set 9 Q 121-135
Visit here for our full Microsoft MS-700 exam dumps and practice test questions.
Question 121:
You are the Microsoft Teams administrator for your organization. Users report that they cannot find specific messages in team channels even though they remember seeing them recently. You need to ensure that all channel messages are retained and searchable for compliance purposes. What should you configure?
A) Microsoft 365 retention policy for Teams channel messages
B) Data Loss Prevention policy for Teams
C) Teams meeting policy with recording settings
D) Conditional Access policy for Teams
Answer: A
Explanation:
A Microsoft 365 retention policy specifically configured for Teams channel messages provides the comprehensive solution for ensuring all channel messages are retained and remain searchable for compliance purposes. Retention policies are part of Microsoft Purview compliance features that govern how long content is kept before deletion and whether content should be preserved even if users attempt to delete it. For Teams channel messages, retention policies operate at the organizational level, applying to all or specific teams and channels, ensuring messages are preserved in their original locations where they remain searchable through Teams search interfaces, eDiscovery tools, and Content Search in the compliance center.
Retention policies for Teams support several distinct content types that must be configured separately including Teams channel messages (messages posted in standard and private channels), Teams chats (private messages between users including group chats), Teams meeting chat messages (chat messages during meetings), and Teams private channel messages (messages in private channels). Each content type can have different retention settings, allowing organizations to implement granular retention strategies based on compliance requirements. For channel messages specifically, the retention policy ensures messages are indexed and searchable throughout the retention period, prevents permanent deletion before the retention period expires, and optionally deletes messages automatically after the retention period ends.
The configuration process involves accessing the Microsoft Purview compliance portal (compliance.microsoft.com), navigating to Data lifecycle management and then Retention policies, creating a new retention policy, selecting the Teams channel messages location, choosing whether to apply the policy to all teams or specific teams, defining the retention period (days, months, years, or forever), specifying retention actions (retain only, delete only, or retain then delete), and optionally adding adaptive policy scopes for dynamic team membership. The policy takes effect within 24 hours and applies retroactively to existing messages as well as future messages. Organizations can create multiple retention policies with different settings for different teams, with the most restrictive retention settings taking precedence when multiple policies apply to the same content.
B) is incorrect because Data Loss Prevention (DLP) policies for Teams focus on preventing sensitive information from being shared inappropriately rather than ensuring message retention and searchability. DLP policies detect sensitive content like credit card numbers, social security numbers, or confidential data based on sensitive information types and take actions like blocking messages, notifying users, or generating alerts. While DLP helps protect data, it does not ensure message retention or address the searchability requirement described in the scenario.
C) is incorrect because Teams meeting policies with recording settings control whether users can record meetings and where recordings are stored, but do not affect retention or searchability of channel messages. Meeting recordings and channel messages are separate content types with different retention requirements. Meeting policies govern real-time meeting experiences including recording capabilities, transcription, live captions, and meeting reactions, but do not provide retention capabilities for text-based channel communications.
D) is incorrect because Conditional Access policies control access to Teams based on conditions like user location, device compliance, sign-in risk, and application sensitivity, but do not affect message retention or searchability. Conditional Access focuses on identity and access management, determining whether users can access Teams and under what conditions, but provides no functionality for governing content lifecycle or ensuring compliance with retention requirements.
Organizations should develop comprehensive retention strategies covering all Teams content types, document retention requirements based on regulatory obligations and business needs, test retention policies in pilot environments before broad deployment, educate users about retention policies and their implications for content availability, implement eDiscovery holds for legal matters requiring indefinite preservation beyond standard retention, monitor compliance reports to ensure retention policies are functioning correctly, coordinate retention policies with information governance stakeholders including legal and compliance teams, and regularly review retention settings as business requirements and regulations evolve.
Question 122:
Your organization needs to prevent users from using personal Microsoft Teams accounts during meetings hosted on the corporate Teams tenant. Which setting should you configure to block external access from personal accounts?
A) Configure external access settings to block specific domains
B) Configure guest access settings to disable guest invitations
C) Enable the setting to block communication with Teams users using unmanaged accounts
D) Configure meeting policies to disable anonymous meeting join
Answer: C
Explanation:
Enabling the setting to block communication with Teams users using unmanaged accounts (personal Microsoft accounts) provides the specific control needed to prevent personal Teams accounts from participating in meetings or chats hosted on the corporate Teams tenant. This setting, found in the external access configuration section of the Teams admin center, specifically targets personal Microsoft accounts (MSA) and Skype accounts that are not managed by an organization’s Azure Active Directory. When enabled, this setting prevents users with personal accounts from joining meetings, initiating chats, or making calls with users in your organization, effectively creating a boundary between corporate and consumer Teams usage.
The distinction between managed and unmanaged accounts is critical for understanding this setting’s purpose. Managed accounts are organizational accounts hosted in Azure Active Directory (work or school accounts) that are governed by IT administrators, subject to organizational policies, and backed by enterprise security controls. Unmanaged accounts include personal Microsoft accounts (like outlook.com, hotmail.com), Skype accounts, and Teams Free accounts that individuals create for personal use without organizational oversight. Organizations often need to block these unmanaged accounts to maintain security boundaries, ensure all external participants are accountable to their organizations, comply with data governance policies requiring all communication participants to be enterprise-managed, and prevent data leakage through uncontrolled personal accounts.
The configuration is performed in the Teams admin center under Users > External access, where administrators can control several aspects of external communication. The specific setting «People in my organization can communicate with Teams users whose accounts aren’t managed by an organization» can be toggled on or off. When disabled (blocked), users with personal Microsoft accounts cannot join meetings hosted by your organization, cannot initiate or receive chats from your organization’s users, and cannot make or receive calls with your organization’s users. This setting applies organization-wide and affects all users in your tenant. The setting works in conjunction with other external access controls including allowing or blocking specific external domains and enabling communication with Skype for Business users.
A) is incorrect because configuring external access to block specific domains controls communication with other organizations’ Azure AD tenants, not personal Microsoft accounts. Domain blocking is effective for preventing communication with specific companies or educational institutions that have their own Teams tenants, but personal Microsoft accounts do not have organizational domains to block. The domain blocking feature uses domain names like contoso.com to control external organizational access, which is different from controlling unmanaged personal accounts.
B) is incorrect because guest access settings control whether external users can be invited as guests to your organization’s teams and channels, gaining deeper integration and access to team resources. Guest access is fundamentally different from external access or meeting participation by anonymous users. Guests are added to your organization’s Azure AD as B2B users, receive organizational controls and policies, and have persistent access to teams they’re invited to. Disabling guest access would not prevent personal account users from joining meetings or communicating externally through external access features.
D) is incorrect because configuring meeting policies to disable anonymous meeting join prevents users without any Teams account from joining meetings through anonymous access (typically clicking meeting links without signing in), but does not specifically address personal Microsoft account usage. Personal Microsoft account users can join meetings while authenticated with their personal accounts, which is different from anonymous access. Anonymous join is a separate capability that allows complete strangers to participate in meetings without any account authentication, while personal account access involves authenticated users with consumer accounts.
Organizations should carefully consider the implications of blocking unmanaged accounts on business workflows, communicate changes to users who may have established relationships with external personal account users, implement the setting in conjunction with other external access controls for comprehensive security, document exceptions or business justifications for allowing personal account communication if needed, educate users about approved methods for external collaboration, consider using guest access instead for trusted external individuals requiring ongoing collaboration, and monitor external access patterns to identify potential policy violations or needed adjustments.
Question 123:
You need to configure Microsoft Teams to automatically delete chat messages older than 180 days to comply with data retention policies. However, you want to ensure that messages relevant to ongoing litigation are not deleted. What should you implement?
A) Retention policy with 180-day deletion for Teams chats and eDiscovery hold for litigation-related content
B) Data Loss Prevention policy with automatic deletion rules
C) Teams messaging policy restricting message age
D) Conditional Access policy based on content age
Answer: A
Explanation:
Implementing a retention policy with 180-day deletion for Teams chats combined with eDiscovery holds for litigation-related content provides the complete solution that meets both the data retention requirement and the legal preservation requirement. This approach uses two complementary compliance features: retention policies that automatically enforce organizational retention and deletion requirements across all Teams chat content, and eDiscovery holds (also called litigation holds or in-place holds) that override retention policies for specific content involved in legal matters, ensuring legally relevant content is preserved indefinitely regardless of standard retention policies.
Retention policies for Teams chats operate by defining retention periods and deletion actions that apply to private chat messages between users. When configured with a 180-day retention period followed by deletion, the policy ensures chat messages are automatically deleted 180 days after creation, helping organizations manage data volume, reduce storage costs, comply with privacy regulations like GDPR that may require deletion of personal data after reasonable periods, and minimize exposure during legal discovery by reducing the amount of retained content. The retention policy applies consistently across all users in scope, requires no user action, and operates transparently in the background through Microsoft’s compliance infrastructure.
eDiscovery holds override retention policies by preserving content that would otherwise be deleted, ensuring legal and regulatory preservation requirements supersede standard retention policies. When content is placed on eDiscovery hold (through eDiscovery cases, eDiscovery holds, or Core eDiscovery), the hold takes precedence over any retention policy deletion actions. The held content remains in place and searchable through eDiscovery tools even after the retention policy’s deletion period expires. Holds can be applied broadly to all content for specific users (user-based holds) or narrowly to specific content matching query criteria (query-based holds). For litigation scenarios, administrators create an eDiscovery case, define holds for custodians (users involved in the litigation), and optionally specify query filters to hold only relevant content, ensuring preservation without retaining unnecessary data.
B) is incorrect because Data Loss Prevention policies are designed to prevent sensitive information from being inappropriately shared or leaked, not to manage content lifecycle or retention. DLP policies detect sensitive content and take protective actions like blocking transmission, encrypting content, or notifying administrators, but they do not provide automatic deletion functionality or retention management. DLP serves a completely different compliance purpose focused on information protection rather than data lifecycle management.
C) is incorrect because Teams messaging policies control user messaging experiences and capabilities like editing sent messages, deleting sent messages, using chat, sending urgent messages, and other messaging features, but do not provide retention or automatic deletion functionality. Messaging policies govern what users can do with messages during creation and immediate aftermath, not how long messages are retained in the system. These policies are user experience controls rather than compliance or data lifecycle management tools.
D) is incorrect because Conditional Access policies control user authentication and access to applications based on real-time conditions like user risk, device compliance, location, and application sensitivity, but have no capability to manage content age, retention periods, or deletion. Conditional Access operates at the identity and access layer, determining whether users can access Teams in the first place, rather than managing the lifecycle of content within Teams.
Organizations should establish clear retention schedules aligned with business requirements and regulatory obligations, implement eDiscovery holds proactively when litigation or investigations are reasonably anticipated, document legal hold procedures and custodian identification processes, train compliance and legal teams on hold implementation and monitoring, regularly review active holds to release them when no longer needed, implement defensible deletion processes ensuring retention policies are properly configured and monitored, coordinate between IT, legal, and compliance teams for comprehensive data governance, and maintain audit logs of all retention policy and hold actions for accountability.
Question 124:
Your organization has deployed Microsoft Teams with direct routing to connect to on-premises SIP trunks for PSTN connectivity. Users report that outbound calls to external phone numbers are failing. Where should you verify the configuration FIRST?
A) Teams calling policy assignments for affected users
B) Session Border Controller (SBC) connection status and dial plan configuration
C) Emergency calling policy settings
D) Call queue configuration
Answer: B
Explanation:
Verifying the Session Border Controller (SBC) connection status and dial plan configuration should be the first troubleshooting step when users experience outbound PSTN calling failures with Teams direct routing. Direct routing relies on properly configured and connected SBCs to bridge between Microsoft Teams and on-premises telephony infrastructure or PSTN carriers. The SBC serves as the intermediary device translating signaling protocols, handling media routing, enforcing security policies, and managing the connection between Teams and the PSTN. If the SBC connection is down, misconfigured, or experiencing issues, all PSTN calling functionality will fail, making this the most likely root cause of widespread outbound calling failures.
The SBC connection status can be verified through the Teams admin center under Voice > Direct Routing, where administrators can view all configured SBCs and their current connection states (Active, Warning, Inactive). An inactive SBC indicates complete connectivity failure, while warning states suggest degraded performance or intermittent issues. The dashboard displays SBC health metrics including successful calls, failed calls, concurrent calls, and network effectiveness ratio. When outbound calls fail, administrators should verify the SBC shows as Active with healthy metrics, confirm network connectivity between the SBC and Microsoft Teams infrastructure, validate TLS certificate configuration on the SBC ensuring certificates are valid and trusted, check firewall rules allowing required traffic between SBC and Teams endpoints, and review SBC logs for error messages or failed connection attempts.
Dial plan configuration is equally critical for outbound calling functionality because dial plans translate user-dialed numbers into E.164 format required for call routing. When users dial numbers in local or national formats (like «555-1234» or «1-555-555-1234»), dial plans apply normalization rules to convert these into E.164 international format (like «+15555551234»). If dial plan rules are missing, incorrect, or not assigned to users, their dialed numbers may not be normalized properly, causing routing failures even when SBC connectivity is healthy. Administrators should verify dial plans are properly assigned to affected users, review normalization rules to ensure they match the organization’s dialing patterns and geographic location, test sample phone numbers through the Test Voice Routing feature in Teams admin center, and validate that online voice routing policies correctly route calls to the appropriate SBC based on called number patterns.
A) is incorrect because Teams calling policies control feature availability (like call forwarding, simultaneous ringing, call groups, delegation) rather than basic outbound calling capability. While calling policies can impact the calling experience, they typically would not cause complete failure of outbound calls to external numbers. If calling policies were blocking outbound calls, users would typically receive clear policy-based error messages rather than call failures. Calling policy issues would be investigated after confirming basic infrastructure connectivity is working.
C) is incorrect because emergency calling policies define how emergency calls (911 in US, 112 in Europe) are handled, including emergency addresses, notification recipients, and routing requirements, but do not impact regular outbound calls to non-emergency numbers. Emergency calling policy misconfiguration would specifically affect emergency calls, not the general outbound calling failures described in the scenario. Organizations should verify emergency calling configuration separately to ensure life-safety communications work correctly, but this is not related to normal outbound calling issues.
D) is incorrect because call queue configuration governs how incoming calls are distributed to agents in queue scenarios and has no relationship to outbound calling from individual users to external phone numbers. Call queues are inbound call distribution mechanisms for contact center or reception scenarios where calls coming into the organization need to be routed to available agents. Call queue issues would manifest as problems with incoming call distribution, not outbound calling failures.
Organizations implementing direct routing should establish comprehensive monitoring of SBC health and connectivity, implement redundant SBCs across geographically diverse locations for resilience, thoroughly test dial plans for all supported dialing patterns before deployment, document SBC configurations and network requirements, maintain SBC firmware at supported versions, configure alerts for SBC connectivity issues, regularly review call quality analytics to identify degraded performance before users are impacted, implement backup PSTN connectivity options for business continuity, and maintain relationships with SBC vendors or telephony service providers for support during outages.
Question 125:
You are implementing Microsoft Teams Rooms devices in conference rooms throughout your organization. The devices must automatically join scheduled Teams meetings without requiring users to manually sign in or start the meeting. What should you configure?
A) Resource account with Exchange room mailbox and Teams Rooms license
B) Standard user account with E5 license
C) Guest user account with meeting access
D) Service account with Power Automate premium license
Answer: A
Explanation:
Configuring a resource account with an Exchange room mailbox and Teams Rooms license provides the proper account structure and licensing for Teams Rooms devices to automatically join scheduled meetings. Resource accounts are specialized account types in Microsoft 365 designed for equipment and spaces rather than individual users. When properly configured, these accounts enable Teams Rooms devices to automatically sign in, display room calendar information showing upcoming meetings, provide one-touch join capabilities for scheduled meetings, and maintain persistent sign-in status without requiring meeting organizers or participants to authenticate at the device. This configuration is essential for creating seamless, friction-free meeting experiences in physical meeting spaces.
The resource account setup involves several coordinated steps across Exchange and Teams administration. First, a room mailbox is created in Exchange Online representing the physical conference room, enabling the room to receive meeting invitations, automatically process meeting requests based on configured policies, and maintain a calendar showing room availability and scheduled meetings. The room mailbox should be configured with calendar processing policies including AutomateProcessing set to AutoAccept so meeting invitations are automatically accepted when the room is available, allowing meeting organizers to add the room as a resource without manual approval processes. The room mailbox provides the foundational calendar and email capabilities that Teams Rooms devices use to discover and display scheduled meetings.
After creating the room mailbox, it must be enabled for Teams and licensed appropriately. The account requires a Microsoft Teams Rooms license (previously called Meeting Room license), which is specifically designed for shared devices used in meeting rooms rather than individual users. This licensing type is cost-effective compared to user licenses and provides the specific capabilities needed for room systems including Teams meeting participation, calendar integration, peripheral device support, and management through Teams Rooms monitoring services. The Teams Rooms device is then configured with the resource account credentials, establishing persistent sign-in that survives reboots and provides continuous functionality. The device polls the room mailbox calendar and automatically displays upcoming meetings on the room console, allowing meeting participants to join scheduled Teams meetings with a single touch.
B) is incorrect because standard user accounts with E5 licenses are designed for individual employees rather than shared conference room devices. Using a personal user license for a shared room device wastes licensing costs, does not provide the specialized room device capabilities and management features included in Teams Rooms licenses, and violates Microsoft licensing terms which require appropriate license types for different usage scenarios. Standard user accounts also complicate device management because they may be subject to user-focused policies like multi-factor authentication requiring human interaction that is inappropriate for automated room systems.
C) is incorrect because guest user accounts are designed for external collaborators from outside the organization and cannot be used for Teams Rooms device sign-in. Guest accounts have limited capabilities, do not have Exchange mailboxes in the host organization, cannot receive calendar invitations in the host organization’s calendar system, and lack the persistent sign-in and device enrollment capabilities required for room systems. Guest accounts are fundamentally incompatible with the Teams Rooms device model which requires organizational resource accounts with proper mailbox and licensing configuration.
D) is incorrect because service accounts with Power Automate premium licenses are designed for automation scenarios where flows run under service account context with premium connectors, not for Teams Rooms device operation. Power Automate licensing provides workflow automation capabilities completely unrelated to Teams Rooms functionality. Teams Rooms devices require accounts with proper Exchange room mailbox configuration and Teams Rooms specific licensing, not automation platform licenses.
Organizations deploying Teams Rooms should establish naming conventions for room resource accounts facilitating easy identification, configure room mailbox calendar processing policies to auto-accept meetings during availability, implement appropriate room booking policies including maximum meeting duration and booking horizons, enable Teams Rooms Pro management for enhanced monitoring and management capabilities, configure device settings including proximity join and content camera integration, establish device update policies ensuring rooms receive updates during maintenance windows, implement conditional access policies appropriately accounting for shared device scenarios, monitor room device health through Teams Rooms monitoring dashboards, and document room device configurations for support and troubleshooting.
Question 126:
Your organization needs to prevent users from uploading files larger than 50MB during Teams meetings to conserve bandwidth. Which policy should you configure?
A) Teams update policy with bandwidth restrictions
B) Teams meeting policy with cloud recording restrictions
C) Network roaming policy with bandwidth management
D) This cannot be controlled through Teams policies; implement network-level controls instead
Answer: D
Explanation:
File upload size restrictions during Teams meetings cannot be directly controlled through Teams administrative policies, making network-level controls or SharePoint storage limits the appropriate implementation approach. Microsoft Teams does not provide granular policy settings for restricting file upload sizes specifically during meetings, although there are overall file size limits imposed by the underlying SharePoint and OneDrive infrastructure where Teams files are stored. The maximum file size for uploads in Teams is 250GB per file for SharePoint Online, though practical limits may be lower based on network conditions and timeout settings. Since Teams policies do not offer specific bandwidth management or file size restriction capabilities for meeting scenarios, organizations needing to enforce file size limits must implement alternative approaches.
Network-level controls provide the most effective mechanism for restricting file upload sizes and managing bandwidth consumption during Teams usage. These controls can be implemented through various infrastructure components including web application firewalls that inspect HTTP/HTTPS traffic and block large file transfers, proxy servers with content filtering and size restriction capabilities, network Quality of Service (QoS) policies that prioritize real-time media traffic over file transfers, bandwidth shaping devices that limit upload speeds for specific traffic types, and endpoint management solutions that restrict client-side upload capabilities. For Teams-specific traffic, organizations can identify Teams communication patterns through known IP address ranges and URLs published by Microsoft, applying appropriate traffic shaping and restrictions based on traffic classification.
Alternative approaches include configuring SharePoint site collection storage quotas to limit overall storage consumption which indirectly impacts what users can upload, implementing SharePoint governance through information management policies and retention rules, educating users about appropriate file sharing practices and encouraging use of file links rather than file uploads for large documents, implementing cloud storage gateway solutions that provide policy-based controls over cloud application usage, or deploying third-party Cloud Access Security Broker (CASB) solutions that can inspect and control SaaS application traffic including file operations in Teams and SharePoint. Each approach has tradeoffs in terms of complexity, user impact, and effectiveness that organizations should evaluate based on their specific requirements and existing infrastructure.
A) is incorrect because Teams update policies control when and how Teams desktop clients receive application updates (automatic updates, Microsoft-controlled scheduling, or manual updates) and have nothing to do with bandwidth restrictions, file upload sizes, or meeting controls. Update policies manage the client software update cadence to help IT departments control when users receive new features and versions, not runtime application behavior like file operations or bandwidth consumption.
B) is incorrect because Teams meeting policies with cloud recording restrictions control whether users can record meetings, where recordings are stored, who can start recordings, and whether recordings include transcription, but do not provide any capability to restrict file upload sizes or bandwidth usage. Cloud recording settings are entirely separate from file sharing capabilities during meetings. While both involve data storage and transfer, meeting recordings and file uploads are distinct features with separate policy controls.
C) is incorrect because network roaming policies in Teams context control whether users can access Teams features when roaming on cellular networks versus WiFi, specifically managing which capabilities are available based on network connection type to optimize for limited mobile data scenarios. While network roaming policies do involve some bandwidth awareness by potentially restricting video quality on cellular connections, they do not provide file size restriction capabilities or granular bandwidth management during meetings. These policies affect feature availability based on connection type rather than controlling specific operation parameters like upload sizes.
Organizations concerned about bandwidth consumption during Teams usage should implement comprehensive Quality of Service configurations prioritizing real-time media over file transfers, deploy sufficient network capacity to handle expected Teams usage patterns, implement network monitoring to identify bandwidth consumption patterns and potential issues, educate users about bandwidth-efficient behaviors like turning off video when not necessary and using file links instead of uploading large files, consider using Teams in VDI environments for branch offices with limited bandwidth, and leverage Microsoft’s network assessment tools to validate network readiness for Teams deployments.
Question 127:
You need to configure Microsoft Teams so that external users from a specific partner organization can be added as guests to specific teams, but they should not be able to create new channels or add additional apps to those teams. How should you configure guest permissions?
A) Configure guest access settings in Teams admin center, disabling channel creation and app additions for guests
B) Create a conditional access policy restricting guest user capabilities
C) Configure team-level permission settings through team owners
D) Apply sensitivity labels restricting guest capabilities
Answer: A
Explanation:
Configuring guest access settings in the Teams admin center with channel creation and app additions disabled for guests provides the centralized, organization-wide control needed to restrict guest user capabilities across all teams. Guest access settings in Teams admin center define baseline permissions and capabilities that apply to all guest users regardless of which team they’re added to, creating consistent security boundaries and ensuring guest users cannot perform administrative or structural modifications to teams while still allowing them to collaborate on team content. These settings work in conjunction with team-level permissions to provide layered access control for external collaboration scenarios.
Guest access settings are configured in the Teams admin center under Users > Guest access, providing numerous granular controls over what guest users can do within teams. The relevant settings for this scenario include «Allow guests to create channels» which should be set to Off to prevent guests from creating new channels in any team they join, and «Allow guests to add apps» which should be set to Off to prevent guests from installing or adding applications to teams. Additional guest permission settings control whether guests can edit and delete posted messages, whether guests can use chat functionality, whether guests can make private calls, and whether guests can access meeting features. These organization-wide settings establish maximum permissions for all guests, though team owners can implement more restrictive permissions at the team level.
The guest invitation and access flow involves several stages. First, a team owner or member with appropriate permissions invites an external user to a team by adding their email address. The external user receives an invitation email and must accept the invitation, completing a consent process that adds them as a guest user (B2B user) in the host organization’s Azure Active Directory. Once added as a guest, the user can access the team with permissions defined by the intersection of organization-wide guest settings and team-specific permissions. Guest users appear with a «Guest» label in Teams, helping regular members identify external participants. Administrators can monitor guest access through Azure AD reporting, Teams admin center guest user lists, and audit logs tracking guest activities.
B) is incorrect because Conditional Access policies control authentication requirements and access conditions based on factors like user risk, device compliance, location, and sign-in risk, but do not provide granular control over in-app capabilities like channel creation or app additions. Conditional Access operates at the authentication and session layer, determining whether users can access applications and under what conditions, rather than controlling specific feature permissions within applications. Conditional Access might require guests to use MFA or access Teams only from compliant devices, but cannot disable specific features like channel creation.
C) is incorrect because while team owners can manage certain permissions at the team level, team-level settings cannot override organization-wide guest access restrictions configured in Teams admin center. Team owners can manage team-specific settings like who can create channels within that particular team, but if guest channel creation is disabled organization-wide, team owners cannot enable it for guests in their specific team. Organization-wide guest settings establish maximum permissions that team-level settings can only further restrict, not expand. Additionally, relying solely on team owners to enforce consistent guest restrictions across many teams creates management complexity and increases risk of inconsistent security postures.
D) is incorrect because sensitivity labels provide information protection capabilities like encryption, content marking, and access restrictions based on data classification, but do not control functional permissions like channel creation or app additions. Sensitivity labels can restrict which users can access team content, enforce encryption, add visual markings, and control external sharing, but they operate at the data protection layer rather than feature permission layer. While sensitivity labels are valuable for protecting sensitive team content, they do not provide the capability to control structural team operations or feature availability.
Organizations implementing guest access should carefully plan guest permission models balancing collaboration needs with security requirements, clearly document guest access policies and communicate them to team owners and members, implement regular guest access reviews identifying and removing guests no longer requiring access, enable Azure AD access reviews for automated guest recertification workflows, monitor guest activity through Teams and Azure AD reporting, implement information protection through sensitivity labels in addition to guest permission controls, educate team owners about their responsibilities for managing guest access in their teams, and maintain audit logs of guest invitations and activities for compliance purposes.
Question 128:
Your organization has implemented Microsoft Teams calling with direct routing. You need to configure emergency calling so that when users dial emergency services, the security desk is automatically notified with the caller’s location information. Which policy should you configure?
A) Emergency calling policy with notification configuration
B) Calling policy with call forwarding settings
C) Emergency call routing policy with PSTN gateway assignment
D) Voice routing policy with emergency number patterns
Answer: A
Explanation:
An emergency calling policy with notification configuration provides the specific functionality needed to automatically notify the security desk when users dial emergency services while including caller location information. Emergency calling policies are specialized Teams policies designed specifically for managing emergency calling scenarios, defining how emergency calls are routed, who is notified when emergency calls are placed, how caller location is determined and shared, and what information is displayed to emergency dispatchers. These policies ensure organizations meet their legal and safety obligations for emergency calling while using VoIP systems like Teams, particularly in direct routing deployments where organizations maintain more control over call routing compared to Microsoft Calling Plans.
Emergency calling policies support multiple notification mechanisms that can be configured to alert internal security or safety personnel when emergency calls occur. The notification configuration includes Emergency services notification, which can send notifications to specified SIP addresses or phone numbers when emergency calls are placed, Notification mode settings determining whether notifications are sent as conference bridges allowing security personnel to join the emergency call or as simple notifications, Emergency notification dial-out numbers specifying who receives notifications (like security desk phone numbers or SIP URIs), and Group configuration for organizations requiring notifications to multiple recipients or distribution groups. When an emergency call is placed, Teams simultaneously connects the user to emergency services while notifying configured recipients with information including the caller’s identity, the caller’s emergency location, and a callback number.
Location information is critical for emergency calling effectiveness, particularly in multi-site organizations or remote work scenarios. Emergency calling policies work in conjunction with emergency addresses and locations configured in Teams admin center. Organizations define emergency locations representing physical sites, offices, or facilities with civic addresses recognized by emergency services, configure location information sources including network subnet mappings, WiFi access point associations, and switch/port mappings, and assign emergency locations to users or network sites. When users place emergency calls, Teams determines their location based on network topology information and provides this location to emergency dispatchers and notification recipients. The emergency calling policy ensures this location information is communicated effectively during emergency situations.
B) is incorrect because calling policies control standard calling features like call forwarding, simultaneous ringing, call groups, and delegation, but do not provide emergency calling notification capabilities or location information sharing. While calling policies govern many aspects of the calling experience, emergency calling requires specialized policy controls specifically designed for life-safety scenarios. Attempting to implement emergency notifications through call forwarding would be unreliable, would not include proper location information, and would not meet regulatory requirements for enterprise emergency calling systems.
C) is incorrect because emergency call routing policies control how emergency calls are routed to PSTN gateways and emergency services, not notification of internal security personnel. Emergency call routing policies define which Session Border Controllers (SBCs) handle emergency calls, how emergency numbers are dialed to PSTN, and whether enhanced emergency services are used, but do not provide the notification and location sharing capabilities needed for internal security desk alerting. Both emergency call routing policies and emergency calling policies are often needed together in direct routing deployments, but they serve different purposes.
D) is incorrect because voice routing policies define how regular outbound calls are routed to PSTN through direct routing infrastructure based on called number patterns and available PSTN routes, but do not provide emergency calling notification or location sharing capabilities. Voice routing policies contain PSTN usage records and routing rules that match normal phone numbers to appropriate SBCs, but emergency calling requires specialized handling beyond normal call routing. Organizations configure voice routing policies for general PSTN connectivity and emergency-specific policies for emergency calling scenarios.
Organizations implementing emergency calling should carefully map all physical locations where users may work, configure accurate emergency addresses recognized by local emergency services, implement network-based location detection using network topology data, test emergency calling functionality regularly including notification delivery to security personnel, document emergency calling procedures for end users and support staff, ensure security desk personnel are trained on their roles during emergency situations, configure backup notification methods in case primary contacts are unavailable, comply with all applicable regulations like RAY BAUM’s Act in the United States requiring dispatchable location information, and regularly audit emergency location assignments as users and network configurations change.
Question 129:
You are troubleshooting audio quality issues in Microsoft Teams meetings. Users report choppy audio, dropped calls, and delays during meetings. What tool should you use to diagnose the network-related root causes?
A) Call Quality Dashboard (CQD)
B) Teams admin center user activity reports
C) Azure AD sign-in logs
D) Microsoft 365 network connectivity test
Answer: A
Explanation:
Call Quality Dashboard (CQD) is the comprehensive analytical tool specifically designed for diagnosing network-related audio and video quality issues in Teams meetings and calls. CQD collects telemetry data from all Teams calls and meetings across the organization, aggregating quality metrics, network performance indicators, device information, and connectivity data into queryable reports that help administrators identify patterns, isolate problem sources, and make data-driven decisions to improve call quality. Unlike real-time monitoring tools that focus on individual call troubleshooting, CQD provides organization-wide quality analytics enabling administrators to identify systemic issues affecting multiple users, specific locations, network paths, or device types.
CQD collects extensive telemetry including audio quality metrics such as packet loss, jitter, round-trip time, audio degradation events, and poor call percentages, video quality metrics covering video freeze duration, frame rate issues, and resolution problems, network information including WiFi signal strength, VPN usage, subnet locations, and connection types, device data showing which audio/video devices users employ and their performance characteristics, and endpoint details revealing whether users connect from inside or outside corporate networks. This data is collected from every Teams call and meeting endpoint, aggregated in Microsoft’s backend systems, and made available through CQD’s web-based reporting interface typically within 30 minutes of call completion, providing near-real-time visibility into quality trends.
The CQD interface provides multiple analysis approaches including pre-built summary reports showing overall call quality trends, poor call rates, and common failure reasons, detailed drill-down capabilities allowing administrators to filter by date ranges, organizational units, buildings, subnets, user groups, and numerous other dimensions, custom report building using drag-and-drop query builders to create specialized views for specific troubleshooting scenarios, managed and federated quality comparison showing internal versus external call quality, and building and location-based analysis when organizations upload building and network topology data enabling geographical quality analysis. For the described scenario with choppy audio and dropped calls, administrators would use CQD to identify whether issues affect specific network locations (suggesting network infrastructure problems), occur during specific times (suggesting bandwidth congestion), affect users on specific network paths or subnets, or correlate with specific client versions or device types.
B) is incorrect because Teams admin center user activity reports provide usage statistics like number of meetings attended, messages sent, calls made, and active user counts, but do not provide the detailed quality metrics, network performance data, or diagnostic information needed to troubleshoot audio quality issues. Activity reports answer questions about adoption and usage patterns («are users using Teams?») rather than quality and performance questions («is Teams working well?»). While useful for understanding Teams deployment success, activity reports do not contain the technical telemetry required for diagnosing choppy audio or dropped calls.
C) is incorrect because Azure AD sign-in logs track authentication events, conditional access policy evaluations, and sign-in success or failure, but contain no information about call quality, network performance, or media stream metrics. Sign-in logs help troubleshoot authentication problems preventing users from accessing Teams, but once users successfully authenticate and join meetings, sign-in logs provide no visibility into the quality of their meeting experience. Audio quality issues occur at the application and network layers after successful authentication.
D) is incorrect because Microsoft 365 network connectivity test is a tool for assessing an organization’s network connectivity to Microsoft 365 services including latency measurements, network path analysis, and configuration recommendations, but it provides point-in-time testing rather than historical quality data from actual Teams calls. The connectivity test is valuable during initial Teams deployment planning and network optimization phases, helping organizations validate network readiness and identify potential connectivity issues before they impact users, but it does not collect or analyze real call quality data from actual meetings. For troubleshooting existing quality issues affecting real users, CQD’s actual telemetry data is more relevant than synthetic connectivity tests.
Organizations should regularly review CQD reports to proactively identify quality degradation before user complaints, upload building and network topology data to enable location-based quality analysis, configure quality champions or network administrators with CQD access and training, establish quality baselines and KPIs like acceptable poor call rate percentages, investigate quality trends and spikes using CQD’s drill-down capabilities, coordinate with network teams to remediate identified infrastructure issues, implement network optimization recommendations based on CQD findings, and combine CQD organization-wide data with per-user Call Analytics for comprehensive quality management covering both trending and individual incident investigation.
Question 130:
Your organization needs to implement automatic language translation during Teams meetings so participants speaking different languages can understand each other. Which feature should you enable?
A) Live captions with translation enabled in meeting options
B) Meeting transcription with language detection
C) Real-time translation is not currently available in Teams; use third-party integration
D) Teams Rooms language settings
Answer: C
Explanation:
Real-time automatic language translation during Teams meetings is not currently a native feature available in Microsoft Teams, requiring organizations to use third-party integrations or workarounds if automatic translation capabilities are required. While Teams provides several language-related features including live captions, meeting transcription, and user interface language preferences, these features do not provide real-time translation allowing participants speaking different languages to understand each other automatically during the same meeting. The confusion often arises because Teams has robust accessibility features and supports numerous languages, but language support and real-time translation are distinct capabilities with different technical requirements and availability.
Teams does provide related capabilities that partially address multilingual scenarios. Live captions display real-time speech-to-text transcription of meeting audio in the language being spoken, helping participants with hearing difficulties or those in noisy environments, but captions appear only in the language being spoken without translation to other languages. Meeting transcription creates searchable text records of meeting conversations that can be manually translated after meetings using external translation services. Teams interface supports over 100 languages allowing each user to set their preferred display language for menus, notifications, and interface elements independently. PowerPoint Live presentations support automatic subtitle translation showing translated subtitles on shared PowerPoint slides, providing limited translation capabilities for presentation content though not conversational speech.
Organizations requiring real-time translation capabilities have several potential approaches beyond native Teams features. Third-party meeting translation services can be integrated through Teams apps or meeting extensions providing real-time interpretation, professional human interpreters can join Teams meetings in dedicated audio channels providing simultaneous interpretation for multilingual meetings, external translation platforms can be used in parallel with Teams meetings requiring participants to use separate applications, recorded meetings can be translated post-facto using Azure Cognitive Services or third-party translation APIs, and organizations can implement structured multilingual meeting formats where segments are delivered in different languages sequentially rather than simultaneously. Each approach involves tradeoffs between real-time capability, accuracy, cost, and user experience complexity.
A) is incorrect because while live captions are available in Teams meetings displaying real-time speech-to-text transcription, they do not include translation capabilities. Live captions appear in the same language being spoken by meeting participants. Teams does not have a setting to enable translation within live captions. The live captions feature supports multiple languages in that it can caption speech in various languages, but it does not translate from one language to another. Captions help with accessibility and comprehension in noisy environments but do not bridge language barriers between participants speaking different languages.
B) is incorrect because meeting transcription creates text records of meeting audio for later review and reference, but does not provide real-time translation during meetings. While transcription can detect and transcribe speech in the language being spoken, and those transcriptions could theoretically be translated after the meeting using external tools, this is a post-meeting workflow rather than real-time translation enabling mutual comprehension during the meeting itself. Transcription serves documentation and compliance purposes rather than real-time multilingual communication.
D) is incorrect because Teams Rooms language settings control the display language and regional settings of the Teams Rooms device interface, affecting menus, system messages, and on-screen text in conference rooms, but do not provide any translation capabilities for meeting content or participant speech. Language settings for Teams Rooms are administrative configurations ensuring the room device interface appears in the appropriate language for the room’s location, completely separate from any meeting content translation or real-time interpretation capabilities.
Organizations with significant multilingual collaboration needs should evaluate third-party Teams apps and integrations offering translation services, consider implementing structured multilingual meeting formats with professional interpreters for critical meetings, explore PowerPoint Live subtitle translation for presentation-heavy meetings, educate users about available workarounds like separate translation tools, provide clear expectations about which language capabilities are and aren’t available in Teams, and monitor Microsoft’s roadmap as translation features may be added in future releases. For organizations in regulated industries or with specific translation requirements, professional human interpretation remains the most reliable approach for ensuring accurate cross-language communication in critical business contexts.
Question 131:
You need to configure a Teams meeting policy that prevents anonymous users from starting meetings while still allowing them to join meetings after authenticated users have started them. Which meeting policy setting should you configure?
A) Set «Automatically admit people» to «Everyone in your organization»
B) Disable «Allow anonymous users to join a meeting»
C) Set «Who can bypass the lobby» to «People in my organization»
D) Disable «Anonymous users can start a meeting»
Answer: D
Explanation:
Disabling the «Anonymous users can start a meeting» setting provides the precise control needed to prevent anonymous participants from starting meetings while still allowing them to join after authenticated users have started the meeting. This setting specifically governs whether anonymous users (those joining via meeting link without signing in to any Microsoft account) have the privilege to start meetings when they are the first to arrive, or whether they must wait in the virtual lobby until an authenticated participant joins and starts the meeting. This configuration creates an important security boundary ensuring meetings cannot be started by unauthorized external parties while maintaining openness for guest participation once meetings are properly convened by organizational members.
The anonymous user start meeting capability has significant security implications. When enabled, anonymous users arriving first can start meetings and be alone in the meeting until other participants join, potentially allowing unauthorized access to meeting resources, creating confusion about meeting legitimacy when anonymous users claim to be meeting hosts, enabling meeting bombing or Zoombombing-style attacks where malicious actors start meetings before legitimate participants, and allowing external parties to occupy meeting resources. Disabling this capability ensures all meetings must be started by authenticated users (organizational members, authenticated guests, or federated users from other organizations), providing accountability and preventing unauthorized meeting initiation.
The configuration is implemented through Teams meeting policies in the Teams admin center under Meetings > Meeting policies. Within meeting policy settings, the «Participants & guests» section contains «Anonymous users can start a meeting» which can be set to On or Off. When set to Off, anonymous users joining meetings via link must wait in the lobby until an authenticated participant joins and starts the meeting, at which point anonymous users can be admitted from the lobby based on the «Automatically admit people» and «Who can bypass the lobby» settings. This setting works in conjunction with other lobby and admission controls to create layered security for meetings, ensuring both that meetings are started by authenticated users and that anonymous participants are appropriately controlled once meetings begin.
A) is incorrect because setting «Automatically admit people» to «Everyone in your organization» controls who bypasses the lobby and enters meetings directly without waiting for admission, but does not control who can start meetings. This setting determines the admission experience for different participant types (organization members, guests, federated users, anonymous users) but does not prevent anonymous users from starting meetings if they arrive first. Even with automatic admission restricted, if anonymous users can start meetings, they can still initiate and join meetings before authenticated participants arrive.
B) is incorrect because disabling «Allow anonymous users to join a meeting» completely blocks anonymous participation, preventing anonymous users from joining meetings at all regardless of whether authenticated users have started the meeting. This setting is more restrictive than required for the scenario, which specifies that anonymous users should still be able to join meetings after authenticated users have started them. Completely blocking anonymous join eliminates a common collaboration pattern where external parties without Microsoft accounts participate in Teams meetings via anonymous join links.
C) is incorrect because setting «Who can bypass the lobby» to «People in my organization» controls which participants skip the lobby and enter directly versus which participants wait in the lobby for admission, but does not control who can start meetings. Even if only organizational members bypass the lobby, anonymous users could still start meetings (if that capability is enabled) and then wait to admit others from the lobby, or all participants including anonymous users could wait in the lobby together with no one able to start the meeting if all arrive simultaneously and are subject to lobby requirements.
Organizations implementing anonymous user controls should carefully balance security with collaboration needs, configure admission policies ensuring appropriate gatekeeping for anonymous participants, communicate meeting join procedures to external participants who will join anonymously, educate meeting organizers about their responsibilities for admitting lobby participants, implement monitoring for unauthorized meeting activity, use sensitivity labels or meeting templates for sensitive meetings requiring stricter controls, consider requiring authentication for highly confidential meetings by sharing meeting links only with invited authenticated users, and regularly review meeting policies as security requirements and collaboration patterns evolve.
Question 132:
Your organization has deployed Microsoft Teams with a global user base across multiple time zones. You need to schedule Teams live events that accommodate participants in different regions with automatic time zone adjustment. What should you do to ensure participants see the event time in their local time zone?
A) Create calendar invitations with time zone specifications
B) Use Teams live event scheduling which automatically adjusts for participant time zones
C) Include multiple time zones in the event description
D) Create separate live events for each time zone region
Answer: B
Explanation:
Using Teams live event scheduling through the Teams client or web interface provides automatic time zone adjustment for participants, ensuring each attendee sees the event time displayed in their local time zone without requiring manual calculation or separate events for different regions. When live events are scheduled in Teams, the event time is stored in UTC (Coordinated Universal Time) internally and automatically converted to each participant’s local time zone based on their client device settings or Microsoft 365 profile time zone configuration. This automatic handling eliminates confusion, reduces scheduling errors, ensures consistent global event timing, and provides seamless user experience for international organizations conducting webinars, town halls, or training sessions across geographic boundaries.
The live event scheduling process captures the organizer’s selected date and time along with the organizer’s time zone context, stores this information in a time-zone-aware format in the Microsoft 365 calendar system, and distributes event invitations that render correctly in each recipient’s local time zone. When participants view the live event details in Teams calendar, Outlook calendar, or live event invitation emails, the time automatically displays in their configured time zone with appropriate time zone labels indicating the local rendering. This automatic adjustment applies to event start times, pre-event join times (typically 15 minutes before), and any scheduled event duration, ensuring all participants know exactly when to join in their local time reference.
Best practices for scheduling global live events include clearly specifying the event time zone in event titles or descriptions despite automatic adjustment providing additional confidence for participants, using the Teams calendar or Outlook calendar integration rather than external scheduling tools to ensure proper time zone handling, sending event invitations well in advance allowing participants to verify times and check for potential conflicts, considering global time zone coverage when selecting event times to minimize inconvenient hours for any region (though perfect accommodation across all time zones is often impossible), and potentially offering multiple sessions of the same event at different times to better serve dispersed global audiences. The automatic time zone adjustment in Teams removes technical barriers but doesn’t eliminate the challenge of finding mutually acceptable times across widely dispersed time zones.
A) is incorrect because while creating calendar invitations with time zone specifications is helpful, this approach requires manual management and doesn’t provide the automatic time zone adjustment that Teams live event scheduling inherently provides. If organizers manually create calendar invitations and specify time zones textually (like «3:00 PM EST / 12:00 PM PST / 8:00 PM GMT»), participants must still manually interpret what time this represents in their local time zone, creating cognitive load and increasing risk of confusion or missed events. The automatic time zone handling in Teams eliminates this manual translation requirement.
C) is incorrect because including multiple time zones in event descriptions is a manual workaround that was common before modern calendar systems provided automatic time zone conversion, but it is unnecessary with Teams live events and creates maintenance burden. Listing multiple time zones requires organizers to manually calculate equivalent times across regions, creates cluttered event descriptions, may miss some participants’ time zones if not comprehensive, and still requires participants to identify and use the correct time for their location. Automatic time zone adjustment provided by Teams scheduling eliminates the need for this manual approach.
D) is incorrect because creating separate live events for each time zone region defeats the purpose of live events as scalable broadcast mechanisms and creates significant management overhead. This approach would require delivering the same content multiple times, fragmenting the audience, requiring presenters to present repeatedly or requiring recording and playback rather than true live interaction, complicating attendance tracking and reporting, and increasing organizational costs and resource requirements. Live events are specifically designed to accommodate large global audiences in single sessions, with automatic time zone adjustment enabling global participation without requiring separate regional events unless content localization or timezone-appropriate scheduling genuinely requires it.
Organizations hosting global live events should consider time zone distribution of their audience when scheduling, recognize that automatic time zone adjustment helps display but doesn’t solve the fundamental challenge of global time zone spread, consider offering event recordings for participants who cannot attend live due to time zone inconvenience, use Teams live event features like Q&A and moderated conversation to engage dispersed audiences, test live event scheduling with pilot groups across multiple time zones to verify correct time display before large events, communicate clearly about event timing including time zone abbreviations for additional clarity, and evaluate whether asynchronous content delivery might better serve extremely dispersed global audiences compared to single live broadcast sessions.
Question 133:
You are implementing Microsoft Teams Phone System with Calling Plans. Users report they cannot transfer calls to external phone numbers outside the organization. What is the MOST likely cause?
A) Call transfer is disabled in the Teams calling policy assigned to users
B) External call transfer requires direct routing configuration
C) Calling Plan licensing does not include transfer functionality
D) The organization’s tenant is not configured for PSTN calling
Answer: A
Explanation:
Call transfer disabled in the Teams calling policy is the most likely cause preventing users from transferring calls to external phone numbers. Teams calling policies control numerous calling features including call forwarding, call transfer, simultaneous ringing, voicemail, call groups, and delegation. The specific setting «Allow call forwarding and simultaneous ringing to people in your organization» and «Allow call forwarding and simultaneous ringing to external phone numbers» independently control whether users can transfer or forward calls to internal versus external destinations. If the external phone number setting is disabled while users have PSTN calling capability through Calling Plans, they can make and receive calls to external numbers directly but cannot transfer or forward active calls to those same external numbers, creating the symptom described in the scenario.
Teams calling policies provide granular control over calling features for security, cost management, and compliance purposes. The relevant settings for call transfer include «Call forwarding and simultaneous ringing mode» which can be set to Disabled, Forward only, Simultaneous ring only, or Both (allowing both forwarding and simultaneous ring), «Allow forwarding to user» enabling call forwarding to other users, «Allow forwarding to phone» enabling call forwarding to PSTN numbers, and «Prevent toll bypass and send calls through the PSTN» which affects how calls are routed. When «Allow forwarding to phone» is disabled, users attempting to transfer calls to external PSTN numbers receive error messages or find the transfer option unavailable, even though they can directly dial those same numbers for new outbound calls.
The configuration is managed through Teams admin center under Voice > Calling policies, where administrators can modify the Global (Org-wide default) policy affecting all users without custom policy assignments, or create custom calling policies for specific user groups with different requirements. Best practices include enabling external call transfer for most users while potentially restricting it for specific groups with security or cost concerns, implementing call transfer capabilities consistent with organizational communication needs, educating users about call transfer features and appropriate usage, monitoring PSTN usage reports to identify unusual transfer patterns suggesting policy misconfigurations or abuse, and documenting calling policy rationale and assignments for troubleshooting purposes. Policy changes take effect within a few hours but may require up to 24 hours for complete propagation across all users.
B) is incorrect because external call transfer does not require direct routing configuration when using Microsoft Calling Plans. Calling Plans provide complete PSTN connectivity including inbound calling, outbound calling, and call transfer functionality to external numbers without requiring on-premises infrastructure or Session Border Controllers. Direct routing is an alternative PSTN connectivity method for organizations wanting to use their own PSTN carriers or maintain on-premises telephony integration, but it is not a prerequisite for call transfer functionality with Calling Plans. Organizations using Calling Plans receive fully managed PSTN services from Microsoft including all standard calling features.
C) is incorrect because Calling Plan licensing includes full call transfer functionality as a standard feature. Microsoft Calling Plans (Domestic Calling Plans and International Calling Plans) provide comprehensive PSTN calling capabilities including making and receiving calls, call transfer to both internal and external numbers, call forwarding, voicemail, caller ID, and other standard telephony features. Call transfer is not a premium feature requiring additional licensing beyond the base Calling Plan license. The restriction on call transfer, when it occurs, results from policy configuration rather than licensing limitations.
D) is incorrect because if the organization’s tenant were not properly configured for PSTN calling, users would be unable to make or receive any external calls, not just unable to transfer calls. The scenario states users can place calls to external numbers but cannot transfer calls to those numbers, indicating PSTN connectivity is working but specific call transfer functionality is restricted. Tenant-level PSTN configuration issues would manifest as complete inability to use phone system features rather than selective restriction of transfer capabilities while direct dialing works normally.
Organizations implementing Teams Phone System should establish comprehensive calling policies aligned with user roles and requirements, test calling features including transfer, forwarding, and voicemail before broad deployment, document calling policy assignments and justifications, train users on available calling features and appropriate usage, implement usage monitoring and cost management for PSTN calling, configure emergency calling appropriately for all locations, maintain calling policy documentation for support teams, and regularly review policies as organizational needs evolve to ensure configurations remain appropriate.
Question 134:
Your organization needs to archive all Teams chat and channel message data for regulatory compliance requiring 7-year retention with immutability to prevent deletion or modification. Which Microsoft 365 compliance feature should you implement?
A) Litigation hold on user mailboxes
B) Retention policy with 7-year retention period for Teams locations
C) Retention labels with regulatory record classification
D) Microsoft Purview Data Lifecycle Management with retention lock
Answer: D
Explanation:
Microsoft Purview Data Lifecycle Management with retention lock provides the comprehensive solution for regulatory compliance requiring both long-term retention and immutability preventing deletion or modification of Teams data. Retention lock is a specialized feature that makes retention policies immutable after they are locked, preventing administrators, users, and even Microsoft support from deleting, disabling, or reducing the retention period of locked policies. This immutability ensures that once a retention policy is locked with specific retention settings, the data governed by that policy cannot be deleted before the retention period expires, meeting stringent regulatory requirements like SEC Rule 17a-4(f), FINRA regulations, and similar compliance frameworks requiring write-once-read-many (WORM) storage characteristics for business communications.
Retention lock differs from standard retention policies in critical ways affecting compliance posture. Standard retention policies can be modified or deleted by administrators with appropriate permissions, allowing retention periods to be shortened or policies to be disabled, which may not satisfy regulatory requirements for immutable retention. Locked retention policies become permanent after locking, cannot be deleted or have retention periods reduced, can only be increased in retention duration or have locations added (never removed), and require special procedures even for Microsoft support to assist with locked policy modifications. The lock action is permanent and cannot be reversed, making it crucial that organizations thoroughly test and validate retention policies before applying locks in production environments.
The implementation process for locked retention policies involves careful planning and execution. Administrators first create retention policies through Microsoft Purview compliance portal defining Teams chat and channel message locations, specifying 7-year retention periods, configuring retention actions (retain only, delete only, or retain then delete), and thoroughly testing policies in pilot groups or test tenants to validate behavior before production deployment. Once confident the policy is correct, administrators apply the retention lock through PowerShell using the Set-RetentionCompliancePolicy cmdlet with the -RestrictiveRetention parameter set to $true. After locking, the policy becomes immutable and governs data according to the configured retention rules with no possibility of circumventing retention through administrative action or policy modification.
A) is incorrect because litigation hold on user mailboxes preserves mailbox content including emails and some Teams data stored in mailboxes, but does not comprehensively preserve all Teams channel messages which are primarily stored in SharePoint rather than user mailboxes. While Teams chat messages are stored in user mailboxes and would be preserved by litigation hold, channel messages in teams reside in SharePoint site collections associated with those teams. Litigation hold also applies per-mailbox rather than through centralized policies across Teams locations, creating management complexity. For comprehensive Teams data retention including channel messages, dedicated retention policies for Teams locations are more appropriate than mailbox-level holds.
B) is incorrect because while retention policies with 7-year retention periods can retain Teams data for the required duration, standard retention policies without retention lock do not provide the immutability required by many regulatory frameworks. Standard retention policies can be modified or deleted by administrators, retention periods can be shortened, and policies can be disabled, potentially allowing data to be deleted before the required retention period expires. For organizations with strict regulatory requirements mandating immutable retention (like financial services organizations subject to SEC or FINRA regulations), retention lock provides the additional immutability guarantee that standard retention policies lack.
C) is incorrect because while retention labels with regulatory record classification provide robust information governance capabilities including immutability for individual items labeled as records, applying labels to all Teams chat and channel messages at scale is operationally challenging compared to location-based retention policies. Retention labels are typically applied manually by users, automatically through auto-labeling policies based on content patterns, or through custom development, but they work at the item level rather than comprehensively covering all content in specific locations. For organization-wide Teams retention meeting regulatory requirements, locked retention policies provide more comprehensive and manageable coverage than record-based retention labels.
Organizations implementing locked retention policies should extensively test policies in non-production environments before locking, clearly document retention requirements and policy configurations, understand that locked policies cannot be unlocked or deleted making policy design critical, consider starting with unlocked policies and locking only after validating correct operation over time, coordinate retention policy implementation with legal and compliance teams ensuring requirements are properly translated into policy configurations, educate stakeholders about the permanence of retention locks and implications for data management, maintain documentation of locked policies for auditing purposes, and regularly review compliance posture through audit logs and compliance reports ensuring retention policies operate as intended.
Question 135:
You need to configure Microsoft Teams to automatically route incoming calls to an auto attendant during business hours and to voicemail outside business hours. The auto attendant should provide callers with a menu to reach sales, support, or directory search. What should you create FIRST?
A) Call queue with business hours configuration
B) Auto attendant with call flow and menu options
C) Resource account with Phone System — Virtual User license
D) Holiday schedule defining business and non-business hours
Answer: C
Explanation:
Creating a resource account with Phone System — Virtual User license must be completed first because resource accounts serve as the foundational service accounts required for all auto attendants and call queues in Microsoft Teams Phone System. Resource accounts are specialized account types in Microsoft 365 designed to represent applications and services rather than individual users, providing the identity that auto attendants and call queues use for operation. Each auto attendant or call queue requires an associated resource account, which must be licensed appropriately before the auto attendant or call queue can be created and assigned a phone number for incoming call routing. Without properly configured and licensed resource accounts, subsequent configuration steps for auto attendants cannot proceed, making this the logical first step in the implementation process.
Resource accounts for Teams Phone System applications have specific requirements and characteristics distinct from user accounts. They must be created as resource accounts (not regular user accounts or shared mailboxes) through Microsoft 365 admin center or PowerShell using the New-CsOnlineApplicationInstance cmdlet, require Phone System — Virtual User licenses (previously called Phone System — Virtual User license or Teams Phone Resource Account license depending on licensing program) assigned to enable auto attendant or call queue functionality, can be assigned phone numbers from Calling Plans or direct routing PSTN connectivity, and serve as the identity that appears in call routing and configuration. Each auto attendant or call queue requires its own dedicated resource account, though organizations typically create resource accounts in advance for planned implementations.
The implementation workflow follows a specific sequence. First, administrators create resource accounts through Microsoft 365 admin center under Resources > Rooms & equipment > Resource accounts, or using PowerShell commands for bulk creation. After creating resource accounts, administrators assign Phone System — Virtual User licenses (or Phone System licenses in some licensing scenarios) to each resource account, enabling the accounts to be associated with auto attendants or call queues. Next, administrators optionally assign phone numbers to resource accounts if the auto attendant or call queue will be directly dialable from external PSTN. Finally, administrators create the auto attendant or call queue and associate it with the prepared resource account, configuring call flows, menus, hours of operation, and other settings. This sequence ensures the foundational service account infrastructure exists before attempting to build call routing applications.
A) is incorrect because while call queues might be part of the complete solution if the auto attendant routes calls to support or sales teams, creating a call queue is not the first step in the implementation sequence. Call queues, like auto attendants, require resource accounts to be created and licensed first before the call queue itself can be configured. Additionally, the scenario specifically describes an auto attendant with menu options, which is configured through auto attendant features rather than call queue features. Call queues and auto attendants serve complementary but different purposes in call routing solutions.
B) is incorrect because while the auto attendant with call flow and menu options is the ultimate goal of the configuration, attempting to create the auto attendant first will fail or be incomplete without an available resource account to associate with the auto attendant. The Teams admin center or PowerShell auto attendant creation process requires selecting an existing resource account during setup, making resource account creation a prerequisite. While conceptually the auto attendant configuration defines the desired calling experience, technically the supporting resource account infrastructure must be prepared first.
D) is incorrect because while holiday schedules defining business and non-business hours will be needed for complete auto attendant configuration with time-based call routing, holiday schedules can be created before, during, or after auto attendant setup. Holiday schedules are optional configuration elements that refine auto attendant behavior but are not prerequisites for creating the auto attendant itself. Resource accounts must exist first as mandatory components, after which auto attendants can be created with basic configurations and subsequently enhanced with holiday schedules and business hours definitions. The logical first step focuses on foundational infrastructure rather than refinement configurations.
Organizations implementing auto attendants should plan resource account naming conventions for easy identification and management, create resource accounts in batches for anticipated future auto attendants and call queues, document resource account assignments to specific auto attendants and call queues, assign appropriate phone numbers to resource accounts based on business requirements, implement business hours and holiday schedules reflecting actual organizational availability, design auto attendant menu structures that are intuitive for callers, configure appropriate call forwarding and voicemail options for after-hours scenarios, test complete call flows before deploying to production, and maintain documentation of auto attendant configurations for support and future modifications.