Free MS-700 Practice Questions with Detailed Explanations

Test your Managing Microsoft Teams readiness with 20 scenario-based questions covering Teams environment, governance and compliance, meetings and Teams Phone, and Call Quality Dashboard troubleshooting.

20 min readUpdated May 2026MS-700 Associate

MS-700 (Managing Microsoft Teams) is Microsoft's Associate-level certification for Teams administrators. The exam uses scenario-based questions that test admin judgment — not memorization. These 20 questions mirror the real exam's format and difficulty, with detailed explanations covering why each option is right or wrong.

What you'll get:

  • 20 scenario-based questions across all 4 MS-700 domains
  • Real exam difficulty — information barriers, auto attendants, call queues, CQD troubleshooting
  • Detailed explanations for every answer

📝 Practice Test Instructions

  • • Each question has ONE best answer
  • • MS-700 scenarios often have two plausible answers that differ on one constraint — read every word
  • • Aim for 25 minutes total (real exam: 65 minutes for 40–60 questions)
  • • Target 80%+ on practice for a comfortable margin on exam day
⚙️

Configure and Manage a Teams Environment

Questions 1–8

1
Information Barriers

Your organization needs to prevent members of the Legal team from communicating with members of the Sales team via Microsoft Teams, while allowing all other inter-department communication.

What should you configure?

  1. A.Conditional Access policies targeting the Legal and Sales teams
  2. B.Information barrier (IB) policies defining Legal and Sales as separate segments with a block policy between them
  3. C.Sensitivity labels applied to the Legal and Sales teams
  4. D.Data loss prevention policies scoped to Teams channels for Legal and Sales

Correct: B. Information barriers prevent communication between specific user groups in Teams. Defining Legal and Sales as IB segments, then creating a block policy between them, prevents those groups from messaging, calling, or meeting each other while leaving all other communications unaffected. Conditional Access controls access, not communication. Sensitivity labels classify and protect content. DLP detects content patterns but does not block group-to-group communication.

2
External vs. Guest Access

A user at Contoso (contoso.com) needs to be able to start a chat with a user at Fabrikam (fabrikam.com). Neither user should become a member of the other organization's Teams.

Which Teams capability enables this?

  1. A.Guest access in Teams
  2. B.External access (federation) between Contoso and Fabrikam
  3. C.Cross-tenant access settings with B2B Direct Connect for shared channels
  4. D.Anonymous meeting join

Correct: B. External access (federation) enables chat, calling, and meeting between users in two separate Teams organizations without either side becoming a member of the other. Guest access invites an external user as a member of a specific team — exactly what the scenario rules out. B2B Direct Connect is for shared channels, not 1:1 chat. Anonymous meeting join is for joining a meeting without authentication.

3
Sensitivity Labels for Teams

You must ensure that any team created with a "Confidential" classification is private, prevents guest access, and blocks access from unmanaged devices. The classification choice must surface in the team creation UI.

What should you configure?

  1. A.A retention policy applied to Teams content
  2. B.A container sensitivity label "Confidential" with privacy enforcement, guest blocking, and unmanaged device restrictions, published to relevant users
  3. C.A DLP policy that detects "Confidential" in team names
  4. D.An information barrier policy between Confidential team members and other users

Correct: B. Container sensitivity labels for Microsoft 365 groups (and Teams) enforce privacy setting, external sharing, guest access, and unmanaged device access at the container level. Publishing the label to users surfaces it in the team creation UI. Retention policies handle content lifecycle, not container settings. DLP detects content patterns. Information barriers block user-to-user communication.

4
Teams Creation Governance

You need to restrict Teams creation to members of an Entra ID group called "TeamsApprovers" while preserving the ability for all other users to be added to existing teams.

Which configuration achieves this?

  1. A.Disable Teams creation entirely in the Teams admin center
  2. B.Set the Entra ID group creation policy to allow only members of the "TeamsApprovers" group to create Microsoft 365 groups
  3. C.Apply a Conditional Access policy blocking Teams creation for users not in TeamsApprovers
  4. D.Use a sensitivity label that requires approval to create a team

Correct: B. Teams creation is gated by Microsoft 365 group creation, which is controlled at the Entra ID directory level via the Group.Unified setting (GroupCreationAllowedGroupId). Restricting group creation to a specific Entra ID security group is the canonical way to govern Teams creation. Disabling Teams creation entirely blocks the scenario's requirement. Conditional Access controls sign-in, not group creation. Sensitivity labels require approval workflows not available out of the box.

5
Teams Roles

A help desk technician needs to troubleshoot dropped calls for users by viewing per-call analytics, but must not be able to modify any Teams settings, policies, or user assignments.

Which Microsoft Entra ID role grants the least privilege required?

  1. A.Teams Administrator
  2. B.Teams Communications Administrator
  3. C.Teams Communications Support Engineer
  4. D.Teams Communications Support Specialist

Correct: C. Teams Communications Support Engineer can view detailed call analytics for any user including full diagnostic data — needed to troubleshoot dropped calls — without permission to modify Teams settings. Teams Communications Support Specialist has more limited per-call analytics (no full diagnostic data). Teams Administrator and Teams Communications Administrator both grant write permissions the technician should not have.

6
Lifecycle: Archive vs. Delete

A project team has finished its work. Leadership wants the team's conversations and files preserved read-only so they can be referenced later, but team members should no longer see the team in their Teams app.

What should you do?

  1. A.Delete the team — files remain in SharePoint and can be referenced later
  2. B.Archive the team — conversations become read-only and members no longer see it in the Teams app, but the team can be restored
  3. C.Apply a retention policy that retains content for 5 years
  4. D.Remove all members from the team to hide it from their Teams app

Correct: B. Archiving a team makes conversations read-only and removes the team from members' active list, while preserving the team for future reference and the ability to restore. Deletion removes the team entirely (files in SharePoint persist but the team itself is gone after the 21-day soft-delete window). Retention policies control content lifecycle, not team visibility. Removing members does not stop them from being re-added and does not make conversations read-only.

7
App Permission Policies

Your security team has decided that third-party apps must not be available in Teams for users in the Finance department, while remaining available to everyone else.

What should you configure?

  1. A.An app permission policy that blocks third-party apps, assigned to Finance users
  2. B.An app setup policy that removes third-party apps from the app rail
  3. C.A Conditional Access policy blocking app access for Finance users
  4. D.A DLP policy detecting third-party app names

Correct: A. App permission policies control which apps users can install and use in Teams — third-party, Microsoft, and custom apps can each be allowed or blocked. Assigning a policy that blocks third-party apps to Finance users meets the requirement. App setup policies control pinning and pre-installation, not permission. Conditional Access controls authentication. DLP does not block apps.

8
Shared Channels

You need to enable collaboration between your Contoso project team and a Fabrikam project team in a single shared channel. Members from both organizations need real-time collaboration with full chat, files, and meetings.

Which feature enables this?

  1. A.Guest access — add Fabrikam users to a private channel
  2. B.External access (federation) — Fabrikam users chat with Contoso users 1:1
  3. C.Shared channels with Microsoft Entra ID B2B Direct Connect cross-tenant access settings configured
  4. D.A single Microsoft 365 group that includes users from both tenants

Correct: C. Shared channels enable cross-tenant collaboration with full chat, files, and meetings — both sides remain in their home tenants. B2B Direct Connect cross-tenant access settings must be configured between Contoso and Fabrikam to enable shared channel membership across tenants. Guest access adds external users as members of a specific team but creates a guest account in your tenant. External access (federation) is for 1:1 chat, not shared workspaces. A cross-tenant Microsoft 365 group is not how Teams works.

📞

Meetings and Teams Phone

Questions 9–14

9
Meeting Policy Scope

You need to allow recording of meetings for the Sales team but block recording for the Legal team.

How should you implement this?

  1. A.Set the global (org-wide) meeting policy to allow recording for all
  2. B.Create a custom meeting policy that disables recording, then assign it to Legal team users via the Teams admin center
  3. C.Use sensitivity labels to block recording on Legal team meetings
  4. D.Configure a Conditional Access policy blocking recording for Legal users

Correct: B. Meeting policies in Teams support per-user (or per-group) assignment. Creating a custom policy with recording disabled and assigning it to Legal users satisfies the differentiated requirement. The global policy applies to all users without group filtering. Sensitivity labels do not control recording capability directly. Conditional Access controls sign-in, not in-meeting features.

10
Auto Attendant Holiday Schedule

Your auto attendant plays "Business hours greeting" Monday–Friday 9 AM–5 PM and "After hours greeting" otherwise. On Thanksgiving (a configured holiday) at 10 AM (within business hours), what greeting does the auto attendant play?

Which greeting plays?

  1. A.Business hours greeting — Thanksgiving is during business hours
  2. B.After hours greeting — Thanksgiving is not a normal workday
  3. C.Holiday greeting — holiday schedules override business hours configurations
  4. D.A custom Thanksgiving greeting must be configured separately

Correct: C. Holiday schedules in Teams auto attendants override business-hours configurations. On a configured holiday, the auto attendant plays the holiday greeting regardless of the time of day. This is a frequent MS-700 trap — candidates assume business hours take precedence, but Microsoft's order of evaluation puts holidays first.

11
Call Queue Agent Selection

Your support call queue must ring all available support agents simultaneously, and the first agent to answer takes the call.

Which call queue routing method achieves this?

  1. A.Attendant routing
  2. B.Serial routing
  3. C.Longest idle
  4. D.Round robin

Correct: A. Attendant routing rings all available agents simultaneously and the first to answer takes the call. Serial routing rings agents in a configured order one at a time. Longest idle rings the agent who has been idle longest. Round robin rotates evenly across agents. The exam tests scenario fit — "ring everyone at once" is attendant routing.

12
Emergency Calling

Your organization uses Direct Routing for Teams Phone. Emergency calls must route through a dedicated SBC to reach the correct PSAP for each office location.

Which policy configures this routing?

  1. A.CsTeamsEmergencyCallingPolicy with NotificationMode set for security desk alerts
  2. B.CsTeamsEmergencyCallRoutingPolicy with emergency dial strings and PSTN usage records pointing to the emergency SBC
  3. C.CsOnlineVoiceRoutingPolicy with emergency routes at the top of the PSTN usage list
  4. D.CsTeamsCallingPolicy with AllowEmergencyCalls set to $true

Correct: B. Emergency Call Routing Policy (CsTeamsEmergencyCallRoutingPolicy) is Direct Routing-specific and contains the emergency dial strings (e.g., 911) mapped to PSTN usage records that route through designated emergency gateways. Emergency Calling Policy handles notification mode (alerting security desks), not gateway routing. Online voice routing policy handles general outbound routing, not emergency-specific routing through dedicated SBCs.

13
Webinars vs. Town Halls

You need to host a 5,000-attendee company-wide presentation with a polished broadcast feel, on-demand replay, and the ability for the audience to ask written questions but not speak.

Which Teams meeting type fits best?

  1. A.A regular Teams meeting
  2. B.A Teams webinar
  3. C.A Teams town hall
  4. D.A live event (legacy)

Correct: C. Teams town halls support large audiences (10,000+), structured broadcast feel, on-demand replay, and Q&A without audience speaking — exactly the requirement. Webinars are smaller (up to 1,000–2,000), focus on registration and engagement, and allow more two-way interaction. Regular meetings are for smaller collaborative sessions. Live events are being deprecated in favor of town halls.

14
Voice Routing Policies

Your Direct Routing deployment must route calls to +44 (UK) numbers through one SBC and calls to +1 (US/Canada) numbers through a different SBC, for cost-optimization reasons.

How is this configured?

  1. A.Two separate Online Voice Routing Policies, each assigned to user groups
  2. B.Two PSTN Usage records, each linked to voice routes with regex patterns matching +44 and +1, both included in a single Online Voice Routing Policy
  3. C.Two emergency call routing policies, one per country
  4. D.A single dial plan with regex normalization

Correct: B. PSTN usage records link voice routes (which specify number patterns and the SBC trunk) into voice routing policies. To route +44 calls through SBC-A and +1 calls through SBC-B, configure two voice routes — one with a +44 number pattern targeting SBC-A, one with +1 targeting SBC-B — and include both PSTN usages in the same voice routing policy assigned to the affected users. Two policies assigned to user groups can work but is overkill when the same users need both routes. Emergency call routing is for emergency calls only. Dial plans normalize numbers but do not select trunks.

📊

Monitor, Report, and Troubleshoot

Questions 15–20

15
Call Quality Dashboard

Users at the Seattle office report frequent call quality issues. You need to identify whether the problem is concentrated at Seattle or affects multiple sites, using CQD.

What must you do first?

  1. A.Enable call recording for all Seattle users
  2. B.Upload building and subnet data to CQD so call records are geo-tagged
  3. C.Increase the QoS markings for Teams traffic
  4. D.File a service-health support ticket with Microsoft

Correct: B. CQD requires building and subnet data uploads to associate call records with physical locations. Without this data, calls show as "Outside" or "Unknown" location and you cannot filter by site. Once uploaded, CQD lets you compare Seattle to other locations and confirm whether the issue is geo-specific. Call recording does not help diagnose network quality. QoS changes are remediation, not diagnosis. Filing a ticket before identifying the scope is premature.

16
Per-Call Analytics

A single user reports that her last call dropped after 30 seconds. You need to view the detailed call record including network metrics.

Where do you find this?

  1. A.Service Health Dashboard in the Microsoft 365 admin center
  2. B.Call Quality Dashboard summary reports
  3. C.Per-call analytics for the user in the Teams admin center
  4. D.Microsoft Sentinel Teams data connector

Correct: C. Per-call analytics in the Teams admin center surfaces detailed call records for individual users — including jitter, packet loss, RTT, codecs, and device information for each call. Service Health Dashboard surfaces tenant-wide service incidents. CQD summary reports aggregate across many calls. Microsoft Sentinel is a SIEM, not a Teams per-call view.

17
Teams Client Cache

A user reports Teams desktop client startup failures and persistent sign-in loops on her Windows machine. You want to clear the client cache as a first step before deeper troubleshooting.

Where is the Teams desktop cache located on Windows?

  1. A.C:\Program Files\Microsoft\Teams
  2. B.%AppData%\Microsoft\Teams (and for the new Teams: %LocalAppData%\Packages\MSTeams_*)
  3. C.C:\Windows\System32\Teams
  4. D.HKEY_CURRENT_USER\Software\Microsoft\Teams

Correct: B. %AppData%\Microsoft\Teams is the classic Teams desktop cache location. The new Teams (Teams 2.x) uses %LocalAppData%\Packages\MSTeams_* as a Windows MSIX-packaged app. Clearing those folders forces Teams to re-download cached configuration and is a common first troubleshooting step. Program Files holds the installation binaries (not cache). System32 is not a user-data location. The Registry path does not contain cache.

18
Service Health

You receive multiple reports of Teams users unable to join meetings. You suspect a service incident, not a tenant-specific configuration.

Where do you confirm an active Microsoft 365 service incident?

  1. A.Service Health in the Microsoft 365 admin center
  2. B.Call Quality Dashboard
  3. C.Azure Monitor metrics for the Teams resource
  4. D.Microsoft Entra ID Audit Logs

Correct: A. Service Health in the Microsoft 365 admin center is the canonical place to confirm Microsoft 365 service incidents, including Teams meeting service degradations. CQD shows call quality data, not service incidents. Azure Monitor metrics do not cover Teams as a service. Audit Logs show user actions, not service health.

19
Alerts

You want to be notified when a Teams admin makes mass policy changes — specifically, more than 50 user policy assignments in a 24-hour period.

How do you implement this?

  1. A.Configure an alert in the Microsoft 365 Defender portal scoped to Teams audit events
  2. B.Use a CQD detailed report
  3. C.Watch the Message Center daily
  4. D.Subscribe to all Teams admin center notifications

Correct: A. Alerts based on Teams audit events (including policy assignment activity) are configured in the Microsoft 365 Defender portal (or the unified compliance portal). Threshold and frequency conditions can trigger notifications when activity exceeds expected baselines. CQD does not surface admin actions. Message Center announces upcoming changes, not real-time activity. Generic Teams admin center notifications do not include custom thresholds.

20
Usage Reports

A leadership review needs a report showing the number of unique users active in Teams over the last 30 days, broken down by activity type (chat, calls, meetings).

Where do you find this report?

  1. A.Service Health Dashboard
  2. B.Microsoft 365 admin center Usage reports — Teams user activity report
  3. C.Teams admin center per-call analytics
  4. D.Microsoft Sentinel Teams data connector

Correct: B. The Microsoft 365 admin center Usage reports area includes a Teams user activity report that shows unique active users over time, broken down by activity type (1:1 calls, meetings, chats, channel messages). The Teams admin center Analytics & Reports section provides similar reporting. Service Health shows incidents, not usage. Per-call analytics shows individual call detail. Microsoft Sentinel is a SIEM for security events.

Want 480 More MS-700 Questions?

Full coverage of all 4 domains — Teams environment, governance, meetings and calling, and troubleshooting. Start with 40 questions free.

Start Free MS-700 Practice →

Related MS-700 Resources