MS-102 – Enhance Email Protection (Microsoft Defender for Office 365)
1. What does Microsoft Defender for Office 365 add beyond EOP?
Protection against advanced and zero-day attacks
Basic spam filtering only
Mailbox storage management
Defender for Office 365 filters targeted attacks that can bypass EOP.
2. Which feature detonates email attachments in a sandbox?
Safe Attachments
Safe Links
Spoof Intelligence
Safe Attachments opens files in a virtual environment.
3. What does Safe Links protect against?
Malicious URLs at time of click
Malicious attachments only
Outbound spam
Safe Links checks URLs when the user clicks them.
4. Which Defender plan includes Threat Explorer?
Microsoft Defender for Office 365 Plan 2
Plan 1
Exchange Online Protection
Threat Explorer is a Plan 2 investigation feature.
5. What causes users to appear on the Restricted users page?
Exceeding outbound sending limits
Receiving spam
Using shared mailboxes
Outbound spam policies block users who exceed limits.
6. Which list overrides Microsoft filtering verdicts?
Tenant Allow/Block List
Restricted Access list
Transport rules
Tenant Allow/Block List overrides spam and phishing verdicts.
7. What happens when a URL is reported as a false positive?
An allow entry is created automatically
The URL is deleted permanently
Nothing changes
Microsoft creates allow entries after validating submissions.
8. How long does it take for Allow/Block entries to apply?
Within 5 minutes
24 hours
7 days
Allow/Block entries are applied almost immediately.
9. Which feature protects users if a link points to a malicious file?
URL Detonation
ZAP
Anti-spam policy
URL detonation combines Safe Links and Safe Attachments.
10. Which role can manage the Tenant Allow/Block List?
Global or Security Administrator
User Administrator
Reports Reader
Only security-related admin roles can manage it.