Microsoft Ignite Microsoft 365 Enterprise Admin Challenge

• Define identity and access management in Azure Active Directory 
• Simplify access and identity provisioning with Azure Active Directory
• Strengthen authentication (conditional access) with Azure Active Directory
• Secure administrator accounts in Azure Active Directory
• Enable identity protection in Azure Active Directory
• Embrace Zero Trust with Azure Active Directory
• Protect against security threats on Azure
• Create an Azure account
• Create Azure users and groups in Azure Active Directory
• Secure your application by using OpenID Connect and Azure AD
• Secure Azure Active Directory users with Multi-Factor Authentication
• Manage device identity with Azure AD join and Enterprise State Roaming
• Allow users to reset their password with Azure Active Directory self-service password reset 
• Add custom domain name to Azure Active Directory 
• Protect your identities with Azure AD Identity Protection 
• Get started with Microsoft 365 
• Analyze your device and app readiness for Windows 10 
• Analyze your directory and network readiness for Microsoft 365 
• Deliver Microsoft 365 Apps and business apps 
• Migrate user files and settings in Microsoft 365
• Update your security and compliance configuration – Windows 10 and Microsoft 365 Apps 
• Deploy, upgrade, and migrate to Windows 10 
• Learn about Windows and Microsoft 365 Apps servicing in Microsoft 365 
• Train users on the new Windows and Microsoft 365 Apps features 
• Plan to deploy updates for Windows 10 and Microsoft 365 Apps
• Prepare to deploy updates for Windows 10 and Microsoft 365 Apps 
• Deploy updates for Windows 10 and Microsoft 365 Apps
• Introduction to modern management in Microsoft 365 
• Automate Windows deployments by using Windows Autopilot
• Manage devices by using Microsoft Intune
• Manage Windows 10 through co-management by using System Center Configuration Manager 
• Manage applications by using Microsoft Intune
• Deploy Windows Update in Microsoft 365 
• Secure your cloud apps and services with Microsoft Cloud App Security
• Improve your cloud security posture with Azure Security Center
• Introduction to threat protection with Microsoft 365
• Protect against threats with Microsoft Defender for Endpoint
• Remediate risks with Microsoft Defender for Office 365
• Safeguard your environment with Microsoft Defender for Identity
• Respond to data loss prevention alerts using Microsoft 365
• Overview of security management in Microsoft 365 security center 
• Use reporting in the Microsoft 365 security center
• Protect mail with Microsoft Defender for Office 365 
• Secure Windows 10 endpoints
• Configure the network for your virtual machines
• Design an IP addressing schema for your Azure deployment
• Secure and isolate access to Azure resources by using network security groups and service endpoints]
• Host your domain on Azure DNS
• Connect to virtual machines through the Azure portal by using Azure Bastion

1. Azure Active Directory doesn’t natively support mobile devices without third-party solutions.

   -False(Azure AD is integrated with Microsoft Intune, a Microsoft mobile device management solution)

2. Which of the following describes Azure Active Directory?-Microsoft’s evolution of identity and access management for the cloud(-Azure AD provides organizations with Identity as a Service, and helps employees sign in and access resources within external and internal sources.

3. )Which of the following is a reason that the network perimeter is no longer enough?-Adversaries are using phishing attacks.(Adversaries have demonstrated a consistent and ongoing ability to penetrate network perimeters using phishing attacks..

4. )All of these are identity management capabilities of Microsoft 365 except:-Automated investigation and response(Automated investigation and response are not an identity management feature; it’s a tool that automates investigation and remediation of well-known attack threats.

5. )When you plan for identity governance in Azure AD, you should:-Determine which users and groups should have access to which resources at which time.(When planning for identity governance, you should determine how soon a user has access to the resources they need and how their access changes over time.

6. )Before you deploy a Microsoft 365 identity infrastructure, you should first:-Categorize your users.(You should first categorize users so you can secure access with controls that ensure strong assurances of identity and access from safe devices.

7. )Legacy authentication supports enabling multi-factor authentication.-False(Legacy authentication does not support multi-factor authentication.

8. )Which of the following describes how to enforce multi-factor authentication?-Create a Conditional Access policy with “Require multi-factor authentication” enabled.(To enforce MFA, create a Conditional Access policy and select Require multi-factor authentication under Access controls.

9. )Which of the following is a method of passwordless authentication?-Biometric scan(A biometric scan or pin via Windows Hello, phone-as-a-token from the Microsoft Authenticator app, or a FIDO2 security key are all methods of passwordless authentication.

10. )Privileged Access Workstations (PAWs) provide a dedicated operating system for sensitive tasks that's protected from Internet attacks and threat vectors.-True(Privileged Access Workstations (PAWs) provide a dedicated operating system for sensitive tasks that is protected from Internet attacks and threat vectors

11. )Which of the following responses is not a protected resource using Azure AD Privileged Identity Management?-Active Directory Domain Services(Azure AD Privileged Identity Management helps you to manage privileged administrative roles across Azure AD, Azure resources, and other Microsoft Online Services. For Active Directory Domain Services, use Microsoft Identity Manager's Privileged Access Manager capability.

12. )Which of the following responses is not one of the approaches behind Azure AD Privileged Identity Management?-Reduce number of privileged users(Azure AD Privileged Identity Management does not seek to reduce the number of privileged users, but instead ensures that users only have administrative privileges when they are required.

13. )Azure Active Directory Identity Protection policies can require end users to enroll their mobile device with Intune.-False(Azure Active Directory Identity Protection policies don't require end users to enroll their mobile device with Intune.

14. )If a risky user is identified or affected by a sign-in risk policy, how will they be prompted to prove their identity?-By completing Azure multi-factor authentication.(Azure AD Identity Protection sign-in risk policies allow affected users to verify their identity through Azure multi-factor authentication.

15. )Which of the following is an Azure Active Directory Identity Protection API that exposes information about risky users and sign-ins?-riskDetection(riskDetection, riskyUsers, and sign in are the three APIs that expose information about risky users and sign-ins.

16. )The Zero Trust model assumes breach and verifies each request as though it originates from an uncontrolled network.-True(The Zero Trust model assumes breach and verifies each request as though it originates from an uncontrolled network.

17. )Which of the following tools can you implement to support the 1st principle of Zero Trust, Verify explicitly?-Azure multi-factor authentication (MFA)(Azure MFA, Azure AD Hybrid or Azure AD Join, Microsoft Intune, and leveraging passwordless credentials all support the 1st principle of Zero Trust.

18. )Which of the following is a foundational element that should implement Zero Trust controls?-Devices(Zero Trust controls should be implemented across 6 foundational elements: identities, devices, applications, data, infrastructure, and networks.

    1 out of 3 questions is incorrect. Please correct question 3.
19. How can Tailwind Traders enforce having only certain applications run on its VMs?-Create an application control rule in Azure Security Center.(With Azure Security Center, you can define a list of allowed applications to ensure that only applications you allow can run. Azure Security Center can also detect and block malware from being installed on your VMs.
20. What's the easiest way for Tailwind Traders to combine security data from all of its monitoring tools into a single report that it can take action on?-Collect security data in Azure Sentinel.(Azure Sentinel is Microsoft's cloud-based SIEM. A SIEM aggregates security data from many different sources to provide additional capabilities for threat detection and responding to threats.
21. )Which is the best way for Tailwind Traders to safely store its certificates so that they're accessible to cloud VMs?-Store the certificates in Azure Key Vault.(Azure Key Vault enables you to store your secrets in a single, central location. Key Vault also makes it easier to enroll and renew certificates from public certificate authorities (CAs).
22. )How can Tailwind Traders ensure that certain VM workloads are physically isolated from workloads being run by other Azure customers?-Run the VMs on Azure Dedicated Host.(Azure Dedicated Host provides dedicated physical servers to host your Azure VMs for Windows and Linux.
23. Which of the following statements is true about an Azure subscription?-An Azure subscription is a logical unit of Azure services
24. Your billing is based on your usage of Azure resources and is invoiced ______________-Monthly
25. When you create an Azure resource like a virtual machine, you select the ______________ it belongs to.-Azure subscription
26. Which Azure support plan is best for business-critical workloads?-Azure Professional Direct
27. An Azure subscription is a _______________.-billing entity and security boundary
28. Which of the following best describes the relationship between a subscription and an Azure AD directory?-An Azure AD directory can be associated with multiple subscriptions, but a subscription is always tied to a single directory.
29. True or False, an organization can have more than one Azure AD directory.-True
30. What information does an Action provide in a role definition?-An Action provides the allowed management capabilities for the role.
31. Which of the following sets the scope of a role to be the resource group myResourceGroup?-/subscriptions/{ef67bd4f-d0f2-4845-b6dd-6cba225b4f10}/resourceGroups/myResourceGroup
32. How are NotActions used in a role definition?-NotActions are subtracted from the Actions to define the list of permissible operations.
33. If you delete a user account by mistake, can it be restored?-The user account can be restored, but only when it's deleted within the last 30 days.
34. What kind of account would you create to allow an external organization easy access?-A guest user account for each member of the external team.
35. Which sentence correctly describes OpenID Connect?-OpenID Connect is an authentication standard.
36. You want users of your application to authenticate by using their accounts, which are stored in Microsoft 365. What must you do in Azure AD?-Register the application in Azure AD.
37. In which of the following scenarios would OpenID Connect be the best option?-Securing your sign-in page
38. Which of the following authentication methods is not available for MFA?-Security questions
39. Which of the following authentication methods cannot be disabled?-Password
40. True or False. You must activate multi-factor authentication for all users in the directory you enable it in.-False
41. What operating systems do Azure AD registered devices support?-Windows 10, iOS, Android, and macOS
42. What device security sign-in options does Azure AD join support?-An Azure AD work account with password or Windows Hello, and multifactor authentication
43. When is conditional access applied?-After first-factor authentication
44. What provisioning options are available through Azure AD join?-Self-service by using the Windows out-of-box experience (OOBE), Windows Autopilot, or bulk enrollment
45. What happens when a device isn't in the MDM scope?-The Azure AD join finishes without the enrollment to MDM.
46. What is classified as stale data?-Any data that hasn't been accessed for one year or more
47. Can you name one of the benefits of using Enterprise State Roaming?-Enhanced security
48. When is a user considered registered for SSPR?-When they've registered at least the number of methods that you've required to reset a password.
49. When you enable SSPR for your Azure AD organization...-Users can reset their passwords when they can't sign in.
50. What types of custom domain names are supported? Any registered domains that aren't already being used.
51. Which resources can a custom-domain Azure AD account access? Both internal and external resources.
52. How do you verify domain ownership? The Azure portal provides a TXT or MX record you add through your DNS provider.
53. What is the default domain name before a custom domain is created?-companyname.onmicrosoft.com
54. What should you do if domain name verification fails? Wait at least an hour, then check that the data is correct with your domain registrar.
55. How many Azure AD organizations can use a single domain name? 1(Domain names are unique and can be used by only a single Azure AD organization.
56. How do you protect against identity-based risks by using Azure AD Identity Protection? Configure a policy, investigate by using a report, and remediate.
57. You want to analyze risks that describe authentication requests for sign-ins that probably weren't authorized by users. Which type of risks will you analyze? Sign-in risk (Azure AD Identity Protection scrutinizes each authentication request to judge whether it was authorized by the owner of the identity.
58. Which report would you review to find devices that were identified as part of a detected risk? Risky sign-in report
59. You want to use a risky sign-in report to find information on risky sign-ins for the past 29 days. How can you access this report? You can access and download the report from the Azure portal.
60. According to the deployment wheel, once you have your team in place, what is the first step in the deployment process? Analyze your device and app readiness.
61. In analyzing your directory and network readiness, you prepare your network to move which items? System images, application packages, drivers, and user files

62. The desktop deployment wheel that guides you through how many recommended steps for your shift to Windows 10 and Microsoft 365 Apps? 

    8(Yes. The desktop deployment wheel guides you through 8 recommended steps for your shift to Windows 10 and Microsoft 365 Apps.)
63. Any COM add-ins and VBA macros your organization used on previous versions of Office (back to Office 2010) will continue to work on the latest versions of Office without modification. True
64. In the first step of the readiness process, which tools are used to create an inventory? Readiness Toolkit for Office, Desktop Analytics, or System Center Configuration Manager software and hardware inventory
65. The four steps for device and app readiness are: 1) Take an inventory, 2) Plan your resources, 3) Test updates for compatibility issues, 4) Remediate issues. False
66. If your organization uses Exchange or SharePoint, you’re already using Azure AD. False
67. How much bandwidth does the initial migration of a user's profile in Window consume? More than 20 GB
68. What's one of the primary functions of Azure Active Directory? Controlling access to apps, data, and resources in Microsoft cloud services
69. Microsoft 365 Apps is available in both 32-bit and 64-bit versions - it doesn't matter which version you install. False
70. Microsoft 365 Apps and Office 2019 clients use which installation technology? Click-to-Run
71. Which of the following tools does NOT work with MSI-based packages? Office Deployment Tool
72. Which approach would you use to deliver business apps? Application deployment in Configuration Manager
73. Which of the following considerations impact how you migrate user files and settings? How large is your organization? 
74. Both System Center Configuration Manager and the Microsoft Deployment Toolkit (MDT) use the User State Migration Tool (USMT) as part of their deployment process. True
75. Which of the following statements is NOT true about OneDrive known folder move? OneDrive known folder move allows users to select the folders and locations they want to move to their updated systems.
76. Which of the following security-related problems often interrupts Microsoft 365 deployments? Antivirus app incompatibility
77. You can configure Windows Hello to use the device itself, a PIN, or a unique biometric identifier like a face or fingerprint. True
78. Which of the following is a new security capability in Windows 10? Virtualization-based security
79. What is it called when you reformat a device's hard drive and install a new OS image, without keeping any data, settings, or apps? Bare metal deployment
80. In-place upgrades allow you to upgrade from legacy versions of Windows as well as update existing images. False
81. What is one of the primary functions of Windows Autopilot? Customize and deploy a new system with apps and settings to a business-ready state without needing IT to customize or reimage the device.
82. Which of the following is true of the new Windows and Microsoft 365 Apps update model? A new Features Update is delivered twice per year.
83. Microsoft offers an option, Express Updates, to significantly reduce Windows download size. True
84. For Office applications, Microsoft offers a fully-supported quarterly channel option where updates, available on the first day of every quarter (January, April, July, and October), contain both new features and quality updates. False
85. Which of the following is NOT a reason for end-user communication and training? Assess compatibility of applications and devices with the new versions of Windows and Office
86. Which of the following is NOT one of the three phases of the deployment process? Initial
87. The phased deployment process is recommended for large organizations but isn't necessary for smaller deployments. False
88. How would you classify applications that cause the business to stop functioning if they fail? Critical
89. Which role is typically responsible for assigning user acceptance testers to critical applications? Application Owner
90. What update tool allows you to let Microsoft apply updates for you, while giving the administrator the ability to defer installation? Implement Windows Update for Business
91. What are the phases of the servicing framework? Plan, Prepare, Pilot Deployment, Broad Deployment
92. Which roles should be involved when assigning an Application Owner? End-User Computing, Process Manager.
93. Where can you find Microsoft’s recommended security baselines? Microsoft’s Security Compliance Toolkit.

94. Who is responsible for implementing and testing infrastructure changes? 

    End-user computing
95. Which of the following tasks will you carry out when preparing your infrastructure? Reviewing all approved changes 
96. Who should be responsible for implementing security baseline changes? Security
97. Which of the following would you use to achieve full quality assurance testing? Regression testing
98. Which of the following servicing tools enables you to approve updates before they’re applied to devices? Microsoft Server Update Services
99. Which of the following requirements should you have ready before you start using Desktop Analytics? Active Azure subscription
100. Which of these is a task for broad deployment? Obtain recommendations for improvements.
101. During pilot deployment, who is responsible for implementing baseline updates? End-user computing 
102. How many deployment rings should Woodgrove choose? There's no limit on deployment rings. Woodgrove can choose any number of deployment rings it needs.
103. What should you do to help support communications about the update? Delivery Optimization
104. How can Woodgrove improve the process for the next development cycle? Make a note of issues across workstreams and investigate how they can be resolved or improved.
105. Modern management is similar to which of the following management concepts? How mobile devices are managed by Enterprise Mobility Management (EMM).
106. Which of the following lists the key pillars of modern management? Always up-to-date, Intelligent security, proactive insights
107. Which of the following enables you to create self-contained provisioning packages? Windows Configuration Designer
108. Which of the following enables you to avoid reimaging with cloud-based device management services? Microsoft Autopilot
109. Which of the following describes what Windows Autopilot can be used to do? Reset, repurpose, and recover devices.
110. Windows Autopilot self-deploy mode is for which of the following purposes? Deploying shared devices such as kiosks with little or no user interaction.
111. White glove deployments using Windows Autopilot are for which of the following scenarios? Devices that will be fully set up by the IT department by the Original Equipment Manufacturer (OEM) before the end-user takes ownership.
112. Before deploying a device using Windows Autopilot, which of the following must be done? The device must be registered with the Windows Autopilot deployment service.
113. Which of the following offers a simplified and manageable way to transition from either on-premises Active Directory or ConfigMgr and Active Directory to a modern management approach? Co-management
114. Which of the following options is NOT a valid method for enrolling Windows 10 devices into Microsoft Intune? Add a non-AD joined account
115. What is the configuration when you manage devices with Microsoft System Center Configuration Manager and enroll to a third-party MDM service? Coexistence

116. Which of the following statements best describes how Microsoft 365 workloads must be switched over to co-management if you decide to implement it? 

     Workloads can be switched over on your schedule.
117. Which path to co-management is described by having new Windows 10 devices that join Azure AD and auto-enroll to Intune but you install Configuration Manager to reach co-management? Bootstrap with modern provisioning
118. Which of the following actions is an available remote action from Intune once co-management is enabled in System Center Configuration Manager? Remote device wipes
119. Which of the following Intune MAM configurations allows IT administrators to manage apps on devices not enrolled with Intune MDM? MAM without device enrollment
120. What is the first step in the Intune Application Management lifecycle? Add apps to Intune
121. Which of the following best describes the methods available for protecting data in your Intune deployed apps? Conditional Access and App protection policies
122.  

     Which of the following is an available update channel for Office Pro Plus apps deployed through Intune? 

     Semi-Annual
123. Group Policy Objects (GPO) can be configured to deploy windows update settings to a group of windows 10 computers. After creating a GPO which service can be used to apply those GPO settings to the defined group of Windows 10 computers? Active Directory Domain Services
124. Which of the following Windows update methods is a cloud-based management tool which utilizes central management update to send out operating system updates? Microsoft Intune
125. Which Windows update method is a Microsoft-hosted cloud-based WSUS that is free for Windows 10 Pro and Enterprise systems? Windows Update for Business
126. Which of the following is not a Windows Update for Business feature? Updates deployed by FastTrack
127. How can you get an at-a-glance overview of the kinds of apps are being used within your organization? Use the Cloud Discovery Dashboard
128. The Cloud App Security framework includes which of the following? Discover and control the use of Shadow IT
129. Which of these is a feature of Conditional Access App Control policies? Protect on download
130. How can you ensure that a file is sent into quarantine for review by an administrator? When creating a file policy, select Put in admin quarantine
131. Which anomaly detection policy triggers an alert if the same user credentials originate from two geographically distant locations within a short time? Impossible travel
132. Which feature do you use to let Azure Security Center automatically remediate security issues for you? Use Quick Fix
133. Where can you export data continuously? Log Analytics workspace
134. How can you ensure that Azure Security Center will alert you if an unapproved app runs on one of your machines that don’t normally run that kind of app? Adaptive application controls
135. How can you integrate Azure Sentinel with Azure Security Center? By selecting the Azure Security Center data connector for Azure Sentinel.
136. Threats are the potential weakness that attackers can use to infiltrate your organization. True
137. Which of the following choices describe the benefits of Microsoft 365 Defender? Coordinate defenses to stop attacks from spreading and autoheal impacted assets.
138. Which of the following is not part of the typical attack timeline? Attack discovered before 24 hours
139. The Microsoft Defender for Endpoint agent should be deployed to all Windows 10 devices in your organization. False
140. Which of the following choices describes threat hunting using Microsoft Defender for Endpoint? You can proactively inspect events in your network using a powerful search and query tool.
141. Which of the following is not a component of Microsoft Defender for Endpoint? Cloud device management
142. True or false? Microsoft Defender for Office 365 requires an agent to be deployed to all Windows 10 devices in your organization for the best protection. False
143. What describes Safe Attachments from Microsoft Defender for Office 365? Messages and attachments are routed to a special environment where Microsoft Defender for Office 365 uses a variety of machine learning and analysis techniques to detect malicious intent.
144. Which of the following is not an Attack Simulator scenario? Bitcoin mining
145. Microsoft Defender for Identity requires an on-premises Active Directory environment. True
146. Which of the following describes advanced threats Microsoft Defender for Identity detects along the cyber-attack kill-chain? Reconnaissance
147. Which of the following is not a supported integration for Azure Microsoft Defender for Office 365? Intune
148. Which DLP component is used to classify a document? Sensitivity label
149. In Cloud App Security, which types of Policy is used for DLP? File Policy
150. Which DLP component has the logic to protect content in locations such as SharePoint Online? DLP Policy
151. Which Microsoft 365 security center service is designed to help optimize your organization’s overall security health by providing insights and guidance? Microsoft Secure Score
152. Which of the following security monitoring services are not available in the Microsoft 365 security center? Microsoft Defender for Endpoint
153. What is one example of the intelligent and personalized recommendations the Microsoft 365 security center provides? Role-based access control
154. What are the four categories of reporting found in the Microsoft 365 security center? Identities, data, devices, apps
155. As a security administrator you are tasked with identifying how many DLP matches happened in your third-party cloud services. What reporting insights category would you leverage to find the information? Data
156. Microsoft Secure Score provides intelligent recommendations surfaced from each of the below except: Office Security Center
157. What are two of the most common phishing attacks made on an organization? Malicious attachments and hyperlinks
158. he Contoso organization has Office 365 Enterprise E5 for all users. The security administrator has defined specific anti-phishing policies for the finance department but hasn't applied those policies elsewhere. Which of the following is true? Microsoft Defender for Office 365 anti-phishing protection is in place for only the finance department.
159. What anti-phishing policy option should be used to ensure an outside attacker can’t impersonate the CEO of your organization? Add users to protect
160. An end user in the finance department has reported unusual behavior that when they launch a PowerPoint file they notice a command prompt gets launched in the background. As a security administrator what can you implement to prevent unknown or malicious behavior like this from occurring? Attack surface reduction rules
161. As the security administrator of Contoso you decide to monitor executable scripts running in mail. The Research & Development department says that it needs you to allow executable scripts to run in its mail. What would be the best solution to keep all of Contoso protected and secured? Create an attack surface reduction rule for all users that blocks executable content from their webmail and email, but create an audit for the R&D department.
162. Which of the following Windows 10 security features focuses on securing organizational identities and passwords? Windows Defender Credential Guard
163. You need to connect Azure resources like Azure virtual machines across geographical regions. Which Azure networking option should you use? Virtual network peering
164. For a point-to-site Azure VPN gateway, what are the key parameters that you must specify when you create it? Gateway type is Vpn, vpn type is RouteBased, and you need to specify a gateway sku.
165. Which peering configuration would you use for your Express route circuit where you need to allow direct connections to Azure compute resources? Azure private peering
166. Which protocol provides dynamic routing for Azure ExpressRoute? Border Gateway Protocol (BGP)
167. What are some of the typical components involved in a network design? A VM, subnet, firewall, and load balancer
168. Which of the following IP address ranges is routable over the internet? 215.11.0.0 to 215.11.255.255
169. Which of the following resources can you assign a public IP address to? A virtual machine
170. What must a virtual machine have to communicate with the other resources in the same virtual network? Network interface
171. An organization has set up virtual machines (VMs) to act as jumpboxes in each of its six virtual networks. Why should the organization consider using Azure Bastion? The organization can simplify the management of its VMs.
172. At what resource level or scope does an Azure Bastion connection apply to? Virtual network or peered virtual networks
173. You decide to deploy Azure Bastion to an existing virtual network by using the Azure CLI. What resources do you need to create? Subnet named AzureBastionSubnet, public IP, and Azure Bastion
174. Several of your peers are having trouble connecting to VMs by using Azure Bastion. What isn't likely to cause the problem? The public IP address of the destination VM
175. You want to add an extra layer of security to Azure Bastion. Where can you start? Apply role-based access control (RBAC) and the least privilege to use and manage Azure Bastion
176. What does Azure DNS allow you to do? Manage and host your registered domain and associated records.
177. What security features does Azure DNS provide? Role-based access control, activity logs, and resource locking
178. What type of DNS record should you create to map one or more IP addresses against a single domain? A or AAAA

#CloudSkillsChallenge

Microsoft Ignite Microsoft 365 Enterprise Admin Challenge link

Learn... and get rewarded

Complete one challenge and earn a free Microsoft Certification exam

There are 7 challenges available to choose from, select one that's right for you. Once you complete that challenge you will earn a free Microsoft Certification exam that can be applied to your choice from a select list of options.

The challenge ends on March 30, 2021 at 4:00 PM UTC (16:00). Make sure all modules in your challenge are complete before time runs out.

If you complete your challenge before it ends, one Microsoft Certification exam will be associated with your Learn profile on April 7, 2021. You will be notified via email when it becomes available.

To see the full list of eligible exams please refer to our official rules page for more details.

Share your achievements and engage with us on social using #CloudSkillsChallenge.

Have questions? Find answers in the challenge FAQs.