ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 1 question 23 discussion

Actual exam question from Microsoft's MS-500
Question #: 23
Topic #: 1
[All MS-500 Questions]

SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab.
But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

Username and password -

Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: &=Q8v@2qGzYz
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:

Lab instance: 11032396 -
You need to ensure that a user named Lee Gu can manage all the settings for Exchange Online. The solution must use the principle of least privilege.
To complete this task, sign in to the Microsoft Office 365 admin center.

Show Suggested Answer Hide Answer
Suggested Answer: See explanation below.
1. In the Exchange Administration Center (EAC), navigate to Permissions > Admin Roles.
2. Select the group: Organization Management and then click on Edit.
3. In the Members section, click on Add.
4. Select the users, USGs, or other role groups you want to add to the role group, click on Add, and then click on OK.
5. Click on Save to save the changes to the role group.
Reference:
https://help.bittitan.com/hc/en-us/articles/115008104507-How-do-I-assign-the-elevated-admin-role-Organization-Management-to-the-account-that-is-performing-a-
Public-Folder-migration-
https://docs.microsoft.com/en-us/exchange/permissions-exo/permissions-exo
by jatinKumar at April 9, 2021, 9:30 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MikeMatt2020
Highly Voted 3 years, 10 months ago
I very much disagree that the answer is to grant the user the Organization Management EXO role. This EXO role does indeed grant the user wide-spread permissions throughout Exchange. However, this role also includes "Security Admin", "Compliance Admin" and "Security Reader". Our goal is to ensure Least Privilege. Obviously we wouldn't want to make our user a Global Admin. This breaks the goal of Least Privilege". I believe the answer is to assign the user the AAD role of "Exchange Administrator". Regarding the Organization Management role: "Members can also delegate role groups and management roles in the organization"
upvoted 6 times
WMG
3 years, 10 months ago
I see your point. But the "Exchange Admin" role in AAD is really the Exchange Service A dmin in Exchange Online. The Exchange Service Admins are part of the Organization Management group and inherits all the permissions. So they are the same thing as giving the user Org Management permissions. So the answer is correct. There are of course advantages of using AAD, e.g access review, PIM etc etc but as the question stands this is the correct answer.
upvoted 4 times
...
...
ZakS
Highly Voted 4 years ago
The Exchange Service Admin (aka Azure AD 'Exchange Administrator' role) is a member of the 'Organization Management' role group in EXO. So, granting someone the Azure AD Exchange Admin role would be the ideal/best practice way to go. The ans given is technically correct but probably not best practice. I'd grant the user the Azure AD Exchange Admin role in the exam for this lab exercise.
upvoted 6 times
nidentify
3 years, 10 months ago
Yes exchange admin is should be the correct answer
upvoted 1 times
...
...
Orion8575
Most Recent 1 year, 11 months ago
Correct answer is to give Exchage Administrator permissions becouse Organization Management has permission across multiple service not just Exchange Online.
upvoted 1 times
...
Avaris
2 years, 6 months ago
i think it should be through 365 admin center not exchange admin
upvoted 1 times
...
baliuxas07
2 years, 9 months ago
Do they do labs in this certification?
upvoted 4 times
...
tatendazw
3 years, 1 month ago
ExchangeServiceAdmins_-xxxx is managed by Organization Management so you can only assign user via Organization Management role
upvoted 1 times
tatendazw
3 years, 1 month ago
and ExchangeServiceAdmins_-xxxx is greyed out in new and old EAC
upvoted 1 times
...
...
Ikeinater
3 years, 1 month ago
The current way to get to this as of (4/14/2022) is 365 admin center>Exchange Admin Center>Roles blade>Admin Roles>Organization Management>Assign tab upper right. Then assign the user that way. Assigning the Exchange admin role from the AAD/365 admin gives more privilege than is needed.
upvoted 4 times
...
oopspruu
3 years, 9 months ago
The given answer will be correct. Even if you assign the person the role of "Exchange Administrator", they will automatically be a member of the Organization Manager role group. You can see the Exchange Admin assigned users in EAC > Admin Roles > ExchangeServiceAdmins, and this ExchangeServiceAdmins role group already a member of the Organization Management role group. So I believe assigning them the Exchange Admin AD role or Organization Management role, both would be correct answers.
upvoted 1 times
...
Nail
3 years, 9 months ago
If you have to switch to the Exchange admin center doesn't that mean that you are LEAVING the "Microsoft 365 Office admin center"? Seems to me you would stay in the M365 admin center and just find the user and give them the Exchange Admin role.
upvoted 2 times
Nail
3 years, 9 months ago
Bah, I take this back. It seems that all of these questions have you start out in the M365 admin center, regardless of which admin center you actually need to go to. I did notice, however, that I can just to M365 admin center > Roles > and there is an Exchange tab right there where you can adjust the membership of Organization Management.
upvoted 6 times
...
...
Alex_ua1
3 years, 11 months ago
The task says -To complete this task, sign in to the Microsoft Office 365 admin center. answer is correct
upvoted 2 times
...
Rstilekar
3 years, 11 months ago
Yes given answer is right
upvoted 1 times
...
jatinKumar
4 years, 1 month ago
will this not be .. ADzure AD Role "Exchange Administrator" as it says manage all settings of exchange online.. please advise
upvoted 4 times
ellik
4 years, 1 month ago
is it AD Role "Exchange Administrator" ?
upvoted 1 times
...
dcasabona
4 years, 1 month ago
I think so too.
upvoted 2 times
...
Robert__Susin
4 years, 1 month ago
No as Exchange Administrator is different from Organization Manager role in EXO, the question states Least Privileges into managing settings in EXO, so the given answer is correct.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel